From patchwork Sat Jan 4 13:41:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54972 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A99B5E7719B for ; Sat, 4 Jan 2025 13:42:06 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.18134.1735998118479720272 for ; Sat, 04 Jan 2025 05:41:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QQWvaz5R; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2161eb95317so188975775ad.1 for ; Sat, 04 Jan 2025 05:41:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998118; x=1736602918; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CgvnUZ/amb2T7PRbrm35U1lWRqd8yJgGROg/skOMpAI=; b=QQWvaz5RUlxvTfYjJGS3wXu6Eix3+jkgzBdjmJ0MalfbgMxXi7YSS2rkXD9XurULHF My/8DlhFHDeToMJp1UmtsiyoL9KV4Y9nN5JYRUwM44Mhy3Y9JRb5s+tUzeFE95wV9wv6 SFDZIO9/+i5SItWHNkH1SvbQwbWiMAEhku+qFveRwVF0zLrUfUsZR523oSOFXhqHGgvH 70R+xwBQ20BhIQff8N4DB6g8bcOMhmzsn3Aeq1AObUjsNZZipu/K+yMckpgohpHUtYwY 7wDOaqdtfIylNqyhCClv9kvF14eFGEi6006Jocut2bAlPQZOOlOqO7zXyHYmFZrh/MpR vLmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998118; x=1736602918; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CgvnUZ/amb2T7PRbrm35U1lWRqd8yJgGROg/skOMpAI=; b=E9jauIS1PrM+kFBjvJtieKcUlzEGqUqaCPBeAnCVU8y16pmVhuNTuxjwUK5N+6rJBx TeSXzSkbrSl3m0ZLkaLLp13mBrMmv+D3190ToZtrIVOXVN5I4PQ/XuKh+hChi8IOBY9C 0Up8LftiiZ/PaXhiy1a0Jv3XGIcWj0TfX7elT4ja/mu3eCDPZxPevc2sxxH9BmzP+gvW YBA5555GtmK5tB3u643hlkBLLPb5zX1a0pjQkl0mn5vHoIvQ2AY3eM7HQJ4I2u0xRxnQ rUWgL5/2FdwklqX9UjjV21dOYFvX7gZE4TcHcCjJF3POLPxtx9//ppeLsz5ONCDVo0m7 KTng== X-Gm-Message-State: AOJu0YyPpVHTFB0tmd0brub4CfBKr58t+16zxxX8+It73p7PzyHoTCro s8AKMbk8DHbfGPh9eXUMZ+mvNLupB6IO34PpGAGCx8Hb25gnQ1wFATXb/+ipq1J94HPQU+CqUKp i X-Gm-Gg: ASbGnct3GSd9rnN4g4qqSeYpK3V4H0PZ6YTcXyhNmDuMLkp4cx0J4jDzYYv8zNOWeNp Bh1ooZL3WvGw9SAR7me8brmWCfB0ZU+X2wXiWiwrITAxLvtybjM8aXPdcCpdp9DGImZLAFxRt8b lV6cB6rxG43uUTg0otZ6zq0NwSjqSMEHtQMPPDJwpcAE/KilMO8rDC3MwsVlwtpTt4pNc9bFA+i glBUerqrUVhl+SgqNeC3eWAlCEjoWgy+DnoAzioqaXa0g== X-Google-Smtp-Source: AGHT+IFNG7KmH+h6nkP202trCbKaWUyda5hpAIMJuLhYc5uELBOmGOqWji7ylzsYJgYaT9B2JSCADw== X-Received: by 2002:a05:6a21:6f87:b0:1db:c20f:2c4d with SMTP id adf61e73a8af0-1e5e044b1c1mr76370771637.2.1735998116839; Sat, 04 Jan 2025 05:41:56 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.41.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:41:56 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/25] gstreamer1.0-plugins-good: fix several CVEs Date: Sat, 4 Jan 2025 05:41:25 -0800 Message-ID: <33c2611c3998f25bf606b5a940c09b70ce04674c.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209370 From: Peter Marko Cherry-pick commits from branch 1.22 per [1]. Also cherry-pick [2] so these apply cleanly. [1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/62de06c7a443a5ac40ab2a4f2589625932bf9632 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...o-sized-boxes-instead-of-stopping-to.patch | 124 +++++ ...ger-overflow-when-allocating-the-sam.patch | 63 +++ ...Fix-debug-output-during-trun-parsing.patch | 72 +++ ...erate-over-all-trun-entries-if-none-.patch | 35 ++ ...zes-of-stsc-stco-stts-before-trying-.patch | 63 +++ ...e-only-an-even-number-of-bytes-is-pr.patch | 44 ++ ...e-enough-data-is-available-before-re.patch | 120 +++++ ...th-checks-and-offsets-in-stsd-entry-.patch | 450 ++++++++++++++++++ ...r-handling-when-parsing-cenc-sample-.patch | 56 +++ ...e-there-are-enough-offsets-to-read-w.patch | 49 ++ ...-handle-errors-returns-from-various-.patch | 97 ++++ ...r-invalid-atom-length-when-extractin.patch | 36 ++ ...size-check-for-parsing-SMI-SEQH-atom.patch | 37 ++ .../gstreamer1.0-plugins-good_1.22.12.bb | 16 +- 14 files changed, 1261 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch new file mode 100644 index 0000000000..d9f1474ba4 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch @@ -0,0 +1,124 @@ +From 62de06c7a443a5ac40ab2a4f2589625932bf9632 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Tue, 24 Sep 2024 09:50:34 +0300 +Subject: [PATCH 01/13] qtdemux: Skip zero-sized boxes instead of stopping to + look at further boxes + +A zero-sized box is not really a problem and can be skipped to look at any +possibly following ones. + +BMD ATEM devices specifically write a zero-sized bmdc box in the sample +description, followed by the avcC box in case of h264. Previously the avcC box +would simply not be read at all and the file would be unplayable. + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/62de06c7a443a5ac40ab2a4f2589625932bf9632] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 54 +++++++++++++++++++++++++++++--------------- + 1 file changed, 36 insertions(+), 18 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index a53d61e649..2f2ca4459b 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -11666,9 +11666,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + else + size = len - 0x8; + +- if (size < 1) +- /* No real data, so break out */ +- break; ++ /* No real data, so skip */ ++ if (size < 1) { ++ len -= 8; ++ avc_data += 8; ++ continue; ++ } + + switch (QT_FOURCC (avc_data + 0x4)) { + case FOURCC_avcC: +@@ -11783,9 +11786,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + else + size = len - 0x8; + +- if (size < 1) +- /* No real data, so break out */ +- break; ++ /* No real data, so skip */ ++ if (size < 1) { ++ len -= 8; ++ hevc_data += 8; ++ continue; ++ } + + switch (QT_FOURCC (hevc_data + 0x4)) { + case FOURCC_hvcC: +@@ -12207,9 +12213,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + else + size = len - 8; + +- if (size < 1) +- /* No real data, so break out */ +- break; ++ /* No real data, so skip */ ++ if (size < 1) { ++ len -= 8; ++ vc1_data += 8; ++ continue; ++ } + + switch (QT_FOURCC (vc1_data + 0x4)) { + case GST_MAKE_FOURCC ('d', 'v', 'c', '1'): +@@ -12249,9 +12258,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + else + size = len - 0x8; + +- if (size < 1) +- /* No real data, so break out */ +- break; ++ /* No real data, so skip */ ++ if (size < 1) { ++ len -= 8; ++ av1_data += 8; ++ continue; ++ } + + switch (QT_FOURCC (av1_data + 0x4)) { + case FOURCC_av1C: +@@ -12359,9 +12371,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + else + size = len - 0x8; + +- if (size < 1) +- /* No real data, so break out */ +- break; ++ /* No real data, so skip */ ++ if (size < 1) { ++ len -= 8; ++ vpcc_data += 8; ++ continue; ++ } + + switch (QT_FOURCC (vpcc_data + 0x4)) { + case FOURCC_vpcC: +@@ -12861,9 +12876,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + else + size = len - 8; + +- if (size < 1) +- /* No real data, so break out */ +- break; ++ /* No real data, so skip */ ++ if (size < 1) { ++ len -= 8; ++ wfex_data += 8; ++ continue; ++ } + + switch (QT_FOURCC (wfex_data + 4)) { + case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'): +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch new file mode 100644 index 0000000000..4eacb4e198 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch @@ -0,0 +1,63 @@ +From 0e58b2f7ad7b310201eada442a6782aaebe8e2bd Mon Sep 17 00:00:00 2001 +From: Antonio Morales +Date: Thu, 26 Sep 2024 18:39:37 +0300 +Subject: [PATCH 02/13] qtdemux: Fix integer overflow when allocating the + samples table for fragmented MP4 + +This can lead to out of bounds writes and NULL pointer dereferences. + +Fixes GHSL-2024-094, GHSL-2024-237, GHSL-2024-241 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839 + +Part-of: + +CVE: CVE-2024-47537 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0e58b2f7ad7b310201eada442a6782aaebe8e2bd] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 2ccc9f3595..54f2dfead3 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -3342,6 +3342,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, + gint i; + guint8 *data; + guint entry_size, dur_offset, size_offset, flags_offset = 0, ct_offset = 0; ++ guint new_n_samples; + QtDemuxSample *sample; + gboolean ismv = FALSE; + gint64 initial_offset; +@@ -3442,14 +3443,13 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, + goto fail; + data = (guint8 *) gst_byte_reader_peek_data_unchecked (trun); + +- if (stream->n_samples + samples_count >= +- QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample)) ++ if (!g_uint_checked_add (&new_n_samples, stream->n_samples, samples_count) || ++ new_n_samples >= QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample)) + goto index_too_big; + + GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %u * %u (%.2f MB)", +- stream->n_samples + samples_count, (guint) sizeof (QtDemuxSample), +- (stream->n_samples + samples_count) * +- sizeof (QtDemuxSample) / (1024.0 * 1024.0)); ++ new_n_samples, (guint) sizeof (QtDemuxSample), ++ (new_n_samples) * sizeof (QtDemuxSample) / (1024.0 * 1024.0)); + + /* create a new array of samples if it's the first sample parsed */ + if (stream->n_samples == 0) { +@@ -3458,7 +3458,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, + /* or try to reallocate it with space enough to insert the new samples */ + } else + stream->samples = g_try_renew (QtDemuxSample, stream->samples, +- stream->n_samples + samples_count); ++ new_n_samples); + if (stream->samples == NULL) + goto out_of_memory; + +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch new file mode 100644 index 0000000000..298ecb0fe6 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch @@ -0,0 +1,72 @@ +From c077ff2585927540f038635f26ca4ba99dc92f10 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 18:40:56 +0300 +Subject: [PATCH 03/13] qtdemux: Fix debug output during trun parsing + +Various integers are unsigned so print them as such. Also print the actual +allocation size if allocation fails, not only parts of it. + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c077ff2585927540f038635f26ca4ba99dc92f10] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 54f2dfead3..4bb24b1b80 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -3348,8 +3348,8 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, + gint64 initial_offset; + gint32 min_ct = 0; + +- GST_LOG_OBJECT (qtdemux, "parsing trun track-id %d; " +- "default dur %d, size %d, flags 0x%x, base offset %" G_GINT64_FORMAT ", " ++ GST_LOG_OBJECT (qtdemux, "parsing trun track-id %u; " ++ "default dur %u, size %u, flags 0x%x, base offset %" G_GINT64_FORMAT ", " + "decode ts %" G_GINT64_FORMAT, stream->track_id, d_sample_duration, + d_sample_size, d_sample_flags, *base_offset, decode_ts); + +@@ -3377,7 +3377,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, + /* note this is really signed */ + if (!gst_byte_reader_get_int32_be (trun, &data_offset)) + goto fail; +- GST_LOG_OBJECT (qtdemux, "trun data offset %d", data_offset); ++ GST_LOG_OBJECT (qtdemux, "trun data offset %u", data_offset); + /* default base offset = first byte of moof */ + if (*base_offset == -1) { + GST_LOG_OBJECT (qtdemux, "base_offset at moof"); +@@ -3399,7 +3399,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, + + GST_LOG_OBJECT (qtdemux, "running offset now %" G_GINT64_FORMAT, + *running_offset); +- GST_LOG_OBJECT (qtdemux, "trun offset %d, flags 0x%x, entries %d", ++ GST_LOG_OBJECT (qtdemux, "trun offset %u, flags 0x%x, entries %u", + data_offset, flags, samples_count); + + if (flags & TR_FIRST_SAMPLE_FLAGS) { +@@ -3608,14 +3608,15 @@ fail: + } + out_of_memory: + { +- GST_WARNING_OBJECT (qtdemux, "failed to allocate %d samples", +- stream->n_samples); ++ GST_WARNING_OBJECT (qtdemux, "failed to allocate %u + %u samples", ++ stream->n_samples, samples_count); + return FALSE; + } + index_too_big: + { +- GST_WARNING_OBJECT (qtdemux, "not allocating index of %d samples, would " +- "be larger than %uMB (broken file?)", stream->n_samples, ++ GST_WARNING_OBJECT (qtdemux, ++ "not allocating index of %u + %u samples, would " ++ "be larger than %uMB (broken file?)", stream->n_samples, samples_count, + QTDEMUX_MAX_SAMPLE_INDEX_SIZE >> 20); + return FALSE; + } +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch new file mode 100644 index 0000000000..bc924391fe --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch @@ -0,0 +1,35 @@ +From 53464dd2cf1a03f838899f7355133766ff211fce Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 18:41:39 +0300 +Subject: [PATCH 04/13] qtdemux: Don't iterate over all trun entries if none of + the flags are set + +Nothing would be printed anyway. + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/53464dd2cf1a03f838899f7355133766ff211fce] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux_dump.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/isomp4/qtdemux_dump.c b/gst/isomp4/qtdemux_dump.c +index 22da35e9e7..297b580ef0 100644 +--- a/gst/isomp4/qtdemux_dump.c ++++ b/gst/isomp4/qtdemux_dump.c +@@ -836,6 +836,11 @@ qtdemux_dump_trun (GstQTDemux * qtdemux, GstByteReader * data, int depth) + GST_LOG ("%*s first-sample-flags: %u", depth, "", first_sample_flags); + } + ++ /* Nothing to print below */ ++ if ((flags & (TR_SAMPLE_DURATION | TR_SAMPLE_SIZE | TR_SAMPLE_FLAGS | ++ TR_COMPOSITION_TIME_OFFSETS)) == 0) ++ return TRUE; ++ + for (i = 0; i < samples_count; i++) { + if (flags & TR_SAMPLE_DURATION) { + if (!gst_byte_reader_get_uint32_be (data, &sample_duration)) +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch new file mode 100644 index 0000000000..25796bd983 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch @@ -0,0 +1,63 @@ +From 1fac18a8fa269343dd43c9a4bca8d89f307fb7a0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 27 Sep 2024 15:50:54 +0300 +Subject: [PATCH 05/13] qtdemux: Check sizes of stsc/stco/stts before trying to + merge entries + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-246 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3854 + +Part-of: + +CVE: CVE-2024-47598 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1fac18a8fa269343dd43c9a4bca8d89f307fb7a0] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 4bb24b1b80..d1aa9ee5a0 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -9476,6 +9476,21 @@ qtdemux_merge_sample_table (GstQTDemux * qtdemux, QtDemuxStream * stream) + return; + } + ++ if (gst_byte_reader_get_remaining (&stream->stts) < 8) { ++ GST_DEBUG_OBJECT (qtdemux, "Too small stts"); ++ return; ++ } ++ ++ if (stream->stco.size < 8) { ++ GST_DEBUG_OBJECT (qtdemux, "Too small stco"); ++ return; ++ } ++ ++ if (stream->n_samples_per_chunk == 0) { ++ GST_DEBUG_OBJECT (qtdemux, "No samples per chunk"); ++ return; ++ } ++ + /* Parse the stts to get the sample duration and number of samples */ + gst_byte_reader_skip_unchecked (&stream->stts, 4); + stts_duration = gst_byte_reader_get_uint32_be_unchecked (&stream->stts); +@@ -9487,6 +9502,13 @@ qtdemux_merge_sample_table (GstQTDemux * qtdemux, QtDemuxStream * stream) + GST_DEBUG_OBJECT (qtdemux, "sample_duration %d, num_chunks %u", stts_duration, + num_chunks); + ++ if (gst_byte_reader_get_remaining (&stream->stsc) < ++ stream->n_samples_per_chunk * 3 * 4 + ++ (stream->n_samples_per_chunk - 1) * 4) { ++ GST_DEBUG_OBJECT (qtdemux, "Too small stsc"); ++ return; ++ } ++ + /* Now parse stsc, convert chunks into single samples and generate a + * new stsc, stts and stsz from this information */ + gst_byte_writer_init (&stsc); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch new file mode 100644 index 0000000000..f2ee62fd01 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch @@ -0,0 +1,44 @@ +From 6cca274bf25a5679330debdd61a59840e50c68ab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 09:20:28 +0300 +Subject: [PATCH 06/13] qtdemux: Make sure only an even number of bytes is + processed when handling CEA608 data + +An odd number of bytes would lead to out of bound reads and writes, and doesn't +make any sense as CEA608 comes in byte pairs. + +Strip off any leftover bytes and assume everything before that is valid. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-195 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841 + +Part-of: + +CVE: CVE-2024-47539 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6cca274bf25a5679330debdd61a59840e50c68ab] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index d1aa9ee5a0..ce1a1b8d59 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -5784,6 +5784,11 @@ convert_to_s334_1a (const guint8 * ccpair, guint8 ccpair_size, guint field, + guint8 *storage; + gsize i; + ++ /* Strip off any leftover odd bytes and assume everything before is valid */ ++ if (ccpair_size % 2 != 0) { ++ ccpair_size -= 1; ++ } ++ + /* We are converting from pairs to triplets */ + *res = ccpair_size / 2 * 3; + storage = g_malloc (*res); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch new file mode 100644 index 0000000000..9b885669a0 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch @@ -0,0 +1,120 @@ +From 64fa1ec0de71db28387a45819681ba760a71e6bc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 14:17:02 +0300 +Subject: [PATCH 07/13] qtdemux: Make sure enough data is available before + reading wave header node + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-236 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3843 + +Part-of: + +CVE: CVE-2024-47543 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/64fa1ec0de71db28387a45819681ba760a71e6bc] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 84 ++++++++++++++++++++++++-------------------- + 1 file changed, 45 insertions(+), 39 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index ce1a1b8d59..ed83227d70 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -13139,47 +13139,53 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + } else { + guint32 datalen = QT_UINT32 (stsd_entry_data + offset + 16); + const guint8 *data = stsd_entry_data + offset + 16; +- GNode *wavenode; +- GNode *waveheadernode; +- +- wavenode = g_node_new ((guint8 *) data); +- if (qtdemux_parse_node (qtdemux, wavenode, data, datalen)) { +- const guint8 *waveheader; +- guint32 headerlen; +- +- waveheadernode = qtdemux_tree_get_child_by_type (wavenode, fourcc); +- if (waveheadernode) { +- waveheader = (const guint8 *) waveheadernode->data; +- headerlen = QT_UINT32 (waveheader); +- +- if (headerlen > 8) { +- gst_riff_strf_auds *header = NULL; +- GstBuffer *headerbuf; +- GstBuffer *extra; +- +- waveheader += 8; +- headerlen -= 8; +- +- headerbuf = gst_buffer_new_and_alloc (headerlen); +- gst_buffer_fill (headerbuf, 0, waveheader, headerlen); +- +- if (gst_riff_parse_strf_auds (GST_ELEMENT_CAST (qtdemux), +- headerbuf, &header, &extra)) { +- gst_caps_unref (entry->caps); +- /* FIXME: Need to do something with the channel reorder map */ +- entry->caps = +- gst_riff_create_audio_caps (header->format, NULL, header, +- extra, NULL, NULL, NULL); +- +- if (extra) +- gst_buffer_unref (extra); +- g_free (header); ++ ++ if (len < datalen || len - datalen < offset + 16) { ++ GST_WARNING_OBJECT (qtdemux, "Not enough data for waveheadernode"); ++ } else { ++ GNode *wavenode; ++ GNode *waveheadernode; ++ ++ wavenode = g_node_new ((guint8 *) data); ++ if (qtdemux_parse_node (qtdemux, wavenode, data, datalen)) { ++ const guint8 *waveheader; ++ guint32 headerlen; ++ ++ waveheadernode = ++ qtdemux_tree_get_child_by_type (wavenode, fourcc); ++ if (waveheadernode) { ++ waveheader = (const guint8 *) waveheadernode->data; ++ headerlen = QT_UINT32 (waveheader); ++ ++ if (headerlen > 8) { ++ gst_riff_strf_auds *header = NULL; ++ GstBuffer *headerbuf; ++ GstBuffer *extra; ++ ++ waveheader += 8; ++ headerlen -= 8; ++ ++ headerbuf = gst_buffer_new_and_alloc (headerlen); ++ gst_buffer_fill (headerbuf, 0, waveheader, headerlen); ++ ++ if (gst_riff_parse_strf_auds (GST_ELEMENT_CAST (qtdemux), ++ headerbuf, &header, &extra)) { ++ gst_caps_unref (entry->caps); ++ /* FIXME: Need to do something with the channel reorder map */ ++ entry->caps = ++ gst_riff_create_audio_caps (header->format, NULL, ++ header, extra, NULL, NULL, NULL); ++ ++ if (extra) ++ gst_buffer_unref (extra); ++ g_free (header); ++ } + } +- } +- } else +- GST_DEBUG ("Didn't find waveheadernode for this codec"); ++ } else ++ GST_DEBUG ("Didn't find waveheadernode for this codec"); ++ } ++ g_node_destroy (wavenode); + } +- g_node_destroy (wavenode); + } + } else if (esds) { + gst_qtdemux_handle_esds (qtdemux, stream, entry, esds, +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch new file mode 100644 index 0000000000..75ca64f432 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch @@ -0,0 +1,450 @@ +From 2fbd654d4702e396b61b3963caddcefd024be4bc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 27 Sep 2024 00:12:57 +0300 +Subject: [PATCH 08/13] qtdemux: Fix length checks and offsets in stsd entry + parsing + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-242 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3845 + +Part-of: + +CVE: CVE-2024-47545 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2fbd654d4702e396b61b3963caddcefd024be4bc] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 218 ++++++++++++++++--------------------------- + 1 file changed, 79 insertions(+), 139 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index ed83227d70..94ce75b2d4 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -11679,43 +11679,35 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + case FOURCC_avc1: + case FOURCC_avc3: + { +- guint len = QT_UINT32 (stsd_entry_data); ++ guint32 len = QT_UINT32 (stsd_entry_data); + len = len <= 0x56 ? 0 : len - 0x56; + const guint8 *avc_data = stsd_entry_data + 0x56; + + /* find avcC */ +- while (len >= 0x8) { +- guint size; ++ while (len >= 8) { ++ guint32 size = QT_UINT32 (avc_data); + +- if (QT_UINT32 (avc_data) <= 0x8) +- size = 0; +- else if (QT_UINT32 (avc_data) <= len) +- size = QT_UINT32 (avc_data) - 0x8; +- else +- size = len - 0x8; ++ if (size < 8 || size > len) ++ break; + +- /* No real data, so skip */ +- if (size < 1) { +- len -= 8; +- avc_data += 8; +- continue; +- } +- +- switch (QT_FOURCC (avc_data + 0x4)) { ++ switch (QT_FOURCC (avc_data + 4)) { + case FOURCC_avcC: + { + /* parse, if found */ + GstBuffer *buf; + ++ if (size < 8 + 1) ++ break; ++ + GST_DEBUG_OBJECT (qtdemux, "found avcC codec_data in stsd"); + + /* First 4 bytes are the length of the atom, the next 4 bytes + * are the fourcc, the next 1 byte is the version, and the + * subsequent bytes are profile_tier_level structure like data. */ + gst_codec_utils_h264_caps_set_level_and_profile (entry->caps, +- avc_data + 8 + 1, size - 1); +- buf = gst_buffer_new_and_alloc (size); +- gst_buffer_fill (buf, 0, avc_data + 0x8, size); ++ avc_data + 8 + 1, size - 8 - 1); ++ buf = gst_buffer_new_and_alloc (size - 8); ++ gst_buffer_fill (buf, 0, avc_data + 8, size - 8); + gst_caps_set_simple (entry->caps, + "codec_data", GST_TYPE_BUFFER, buf, NULL); + gst_buffer_unref (buf); +@@ -11726,6 +11718,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + { + GstBuffer *buf; + ++ if (size < 8 + 40 + 1) ++ break; ++ + GST_DEBUG_OBJECT (qtdemux, "found strf codec_data in stsd"); + + /* First 4 bytes are the length of the atom, the next 4 bytes +@@ -11733,17 +11728,14 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + * next 1 byte is the version, and the + * subsequent bytes are sequence parameter set like data. */ + +- size -= 40; /* we'll be skipping BITMAPINFOHEADER */ +- if (size > 1) { +- gst_codec_utils_h264_caps_set_level_and_profile +- (entry->caps, avc_data + 8 + 40 + 1, size - 1); ++ gst_codec_utils_h264_caps_set_level_and_profile ++ (entry->caps, avc_data + 8 + 40 + 1, size - 8 - 40 - 1); + +- buf = gst_buffer_new_and_alloc (size); +- gst_buffer_fill (buf, 0, avc_data + 8 + 40, size); +- gst_caps_set_simple (entry->caps, +- "codec_data", GST_TYPE_BUFFER, buf, NULL); +- gst_buffer_unref (buf); +- } ++ buf = gst_buffer_new_and_alloc (size - 8 - 40); ++ gst_buffer_fill (buf, 0, avc_data + 8 + 40, size - 8 - 40); ++ gst_caps_set_simple (entry->caps, ++ "codec_data", GST_TYPE_BUFFER, buf, NULL); ++ gst_buffer_unref (buf); + break; + } + case FOURCC_btrt: +@@ -11751,11 +11743,11 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + guint avg_bitrate, max_bitrate; + + /* bufferSizeDB, maxBitrate and avgBitrate - 4 bytes each */ +- if (size < 12) ++ if (size < 8 + 12) + break; + +- max_bitrate = QT_UINT32 (avc_data + 0xc); +- avg_bitrate = QT_UINT32 (avc_data + 0x10); ++ max_bitrate = QT_UINT32 (avc_data + 8 + 4); ++ avg_bitrate = QT_UINT32 (avc_data + 8 + 8); + + if (!max_bitrate && !avg_bitrate) + break; +@@ -11787,8 +11779,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + break; + } + +- len -= size + 8; +- avc_data += size + 8; ++ len -= size; ++ avc_data += size; + } + + break; +@@ -11799,44 +11791,36 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + case FOURCC_dvh1: + case FOURCC_dvhe: + { +- guint len = QT_UINT32 (stsd_entry_data); ++ guint32 len = QT_UINT32 (stsd_entry_data); + len = len <= 0x56 ? 0 : len - 0x56; + const guint8 *hevc_data = stsd_entry_data + 0x56; + + /* find hevc */ +- while (len >= 0x8) { +- guint size; ++ while (len >= 8) { ++ guint32 size = QT_UINT32 (hevc_data); + +- if (QT_UINT32 (hevc_data) <= 0x8) +- size = 0; +- else if (QT_UINT32 (hevc_data) <= len) +- size = QT_UINT32 (hevc_data) - 0x8; +- else +- size = len - 0x8; ++ if (size < 8 || size > len) ++ break; + +- /* No real data, so skip */ +- if (size < 1) { +- len -= 8; +- hevc_data += 8; +- continue; +- } +- +- switch (QT_FOURCC (hevc_data + 0x4)) { ++ switch (QT_FOURCC (hevc_data + 4)) { + case FOURCC_hvcC: + { + /* parse, if found */ + GstBuffer *buf; + ++ if (size < 8 + 1) ++ break; ++ + GST_DEBUG_OBJECT (qtdemux, "found hvcC codec_data in stsd"); + + /* First 4 bytes are the length of the atom, the next 4 bytes + * are the fourcc, the next 1 byte is the version, and the + * subsequent bytes are sequence parameter set like data. */ + gst_codec_utils_h265_caps_set_level_tier_and_profile +- (entry->caps, hevc_data + 8 + 1, size - 1); ++ (entry->caps, hevc_data + 8 + 1, size - 8 - 1); + +- buf = gst_buffer_new_and_alloc (size); +- gst_buffer_fill (buf, 0, hevc_data + 0x8, size); ++ buf = gst_buffer_new_and_alloc (size - 8); ++ gst_buffer_fill (buf, 0, hevc_data + 8, size - 8); + gst_caps_set_simple (entry->caps, + "codec_data", GST_TYPE_BUFFER, buf, NULL); + gst_buffer_unref (buf); +@@ -11845,8 +11829,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + default: + break; + } +- len -= size + 8; +- hevc_data += size + 8; ++ len -= size; ++ hevc_data += size; + } + break; + } +@@ -12226,36 +12210,25 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + } + case FOURCC_vc_1: + { +- guint len = QT_UINT32 (stsd_entry_data); ++ guint32 len = QT_UINT32 (stsd_entry_data); + len = len <= 0x56 ? 0 : len - 0x56; + const guint8 *vc1_data = stsd_entry_data + 0x56; + + /* find dvc1 */ + while (len >= 8) { +- guint size; ++ guint32 size = QT_UINT32 (vc1_data); + +- if (QT_UINT32 (vc1_data) <= 8) +- size = 0; +- else if (QT_UINT32 (vc1_data) <= len) +- size = QT_UINT32 (vc1_data) - 8; +- else +- size = len - 8; ++ if (size < 8 || size > len) ++ break; + +- /* No real data, so skip */ +- if (size < 1) { +- len -= 8; +- vc1_data += 8; +- continue; +- } +- +- switch (QT_FOURCC (vc1_data + 0x4)) { ++ switch (QT_FOURCC (vc1_data + 4)) { + case GST_MAKE_FOURCC ('d', 'v', 'c', '1'): + { + GstBuffer *buf; + + GST_DEBUG_OBJECT (qtdemux, "found dvc1 codec_data in stsd"); +- buf = gst_buffer_new_and_alloc (size); +- gst_buffer_fill (buf, 0, vc1_data + 8, size); ++ buf = gst_buffer_new_and_alloc (size - 8); ++ gst_buffer_fill (buf, 0, vc1_data + 8, size - 8); + gst_caps_set_simple (entry->caps, + "codec_data", GST_TYPE_BUFFER, buf, NULL); + gst_buffer_unref (buf); +@@ -12264,36 +12237,25 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + default: + break; + } +- len -= size + 8; +- vc1_data += size + 8; ++ len -= size; ++ vc1_data += size; + } + break; + } + case FOURCC_av01: + { +- guint len = QT_UINT32 (stsd_entry_data); ++ guint32 len = QT_UINT32 (stsd_entry_data); + len = len <= 0x56 ? 0 : len - 0x56; + const guint8 *av1_data = stsd_entry_data + 0x56; + + /* find av1C */ +- while (len >= 0x8) { +- guint size; ++ while (len >= 8) { ++ guint32 size = QT_UINT32 (av1_data); + +- if (QT_UINT32 (av1_data) <= 0x8) +- size = 0; +- else if (QT_UINT32 (av1_data) <= len) +- size = QT_UINT32 (av1_data) - 0x8; +- else +- size = len - 0x8; ++ if (size < 8 || size > len) ++ break; + +- /* No real data, so skip */ +- if (size < 1) { +- len -= 8; +- av1_data += 8; +- continue; +- } +- +- switch (QT_FOURCC (av1_data + 0x4)) { ++ switch (QT_FOURCC (av1_data + 4)) { + case FOURCC_av1C: + { + /* parse, if found */ +@@ -12303,7 +12265,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + "found av1C codec_data in stsd of size %d", size); + + /* not enough data, just ignore and hope for the best */ +- if (size < 4) ++ if (size < 8 + 4) + break; + + /* Content is: +@@ -12352,9 +12314,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + (gint) (pres_delay_field & 0x0F) + 1, NULL); + } + +- buf = gst_buffer_new_and_alloc (size); ++ buf = gst_buffer_new_and_alloc (size - 8); + GST_BUFFER_FLAG_SET (buf, GST_BUFFER_FLAG_HEADER); +- gst_buffer_fill (buf, 0, av1_data + 8, size); ++ gst_buffer_fill (buf, 0, av1_data + 8, size - 8); + gst_caps_set_simple (entry->caps, + "codec_data", GST_TYPE_BUFFER, buf, NULL); + gst_buffer_unref (buf); +@@ -12372,8 +12334,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + break; + } + +- len -= size + 8; +- av1_data += size + 8; ++ len -= size; ++ av1_data += size; + } + + break; +@@ -12384,29 +12346,18 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + * vp08, vp09, and vp10 fourcc. */ + case FOURCC_vp09: + { +- guint len = QT_UINT32 (stsd_entry_data); ++ guint32 len = QT_UINT32 (stsd_entry_data); + len = len <= 0x56 ? 0 : len - 0x56; + const guint8 *vpcc_data = stsd_entry_data + 0x56; + + /* find vpcC */ +- while (len >= 0x8) { +- guint size; ++ while (len >= 8) { ++ guint32 size = QT_UINT32 (vpcc_data); + +- if (QT_UINT32 (vpcc_data) <= 0x8) +- size = 0; +- else if (QT_UINT32 (vpcc_data) <= len) +- size = QT_UINT32 (vpcc_data) - 0x8; +- else +- size = len - 0x8; ++ if (size < 8 || size > len) ++ break; + +- /* No real data, so skip */ +- if (size < 1) { +- len -= 8; +- vpcc_data += 8; +- continue; +- } +- +- switch (QT_FOURCC (vpcc_data + 0x4)) { ++ switch (QT_FOURCC (vpcc_data + 4)) { + case FOURCC_vpcC: + { + const gchar *profile_str = NULL; +@@ -12422,7 +12373,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + + /* the meaning of "size" is length of the atom body, excluding + * atom length and fourcc fields */ +- if (size < 12) ++ if (size < 8 + 12) + break; + + /* Content is: +@@ -12528,8 +12479,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + break; + } + +- len -= size + 8; +- vpcc_data += size + 8; ++ len -= size; ++ vpcc_data += size; + } + + break; +@@ -12870,7 +12821,7 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + } + case FOURCC_wma_: + { +- guint len = QT_UINT32 (stsd_entry_data); ++ guint32 len = QT_UINT32 (stsd_entry_data); + len = len <= offset ? 0 : len - offset; + const guint8 *wfex_data = stsd_entry_data + offset; + const gchar *codec_name = NULL; +@@ -12895,21 +12846,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + + /* find wfex */ + while (len >= 8) { +- guint size; ++ guint32 size = QT_UINT32 (wfex_data); + +- if (QT_UINT32 (wfex_data) <= 0x8) +- size = 0; +- else if (QT_UINT32 (wfex_data) <= len) +- size = QT_UINT32 (wfex_data) - 8; +- else +- size = len - 8; +- +- /* No real data, so skip */ +- if (size < 1) { +- len -= 8; +- wfex_data += 8; +- continue; +- } ++ if (size < 8 || size > len) ++ break; + + switch (QT_FOURCC (wfex_data + 4)) { + case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'): +@@ -12954,12 +12894,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + "width", G_TYPE_INT, wfex.wBitsPerSample, + "depth", G_TYPE_INT, wfex.wBitsPerSample, NULL); + +- if (size > wfex.cbSize) { ++ if (size > 8 + wfex.cbSize) { + GstBuffer *buf; + +- buf = gst_buffer_new_and_alloc (size - wfex.cbSize); ++ buf = gst_buffer_new_and_alloc (size - 8 - wfex.cbSize); + gst_buffer_fill (buf, 0, wfex_data + 8 + wfex.cbSize, +- size - wfex.cbSize); ++ size - 8 - wfex.cbSize); + gst_caps_set_simple (entry->caps, + "codec_data", GST_TYPE_BUFFER, buf, NULL); + gst_buffer_unref (buf); +@@ -12976,8 +12916,8 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + default: + break; + } +- len -= size + 8; +- wfex_data += size + 8; ++ len -= size; ++ wfex_data += size; + } + break; + } +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch new file mode 100644 index 0000000000..53867a8970 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch @@ -0,0 +1,56 @@ +From da3b4e903ae990193988a873368bdd1865350521 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 27 Sep 2024 09:47:50 +0300 +Subject: [PATCH 09/13] qtdemux: Fix error handling when parsing cenc sample + groups fails + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-238, GHSL-2024-239, GHSL-2024-240 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3846 + +Part-of: + +CVE: CVE-2024-47544 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da3b4e903ae990193988a873368bdd1865350521] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 94ce75b2d4..e7a79be45b 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -11400,12 +11400,15 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + if (stream->subtype != FOURCC_soun) { + GST_ERROR_OBJECT (qtdemux, + "Unexpeced stsd type 'aavd' outside 'soun' track"); ++ goto corrupt_file; + } else { + /* encrypted audio with sound sample description v0 */ + GNode *enc = qtdemux_tree_get_child_by_type (stsd, fourcc); + stream->protected = TRUE; +- if (!qtdemux_parse_protection_aavd (qtdemux, stream, enc, &fourcc)) ++ if (!qtdemux_parse_protection_aavd (qtdemux, stream, enc, &fourcc)) { + GST_ERROR_OBJECT (qtdemux, "Failed to parse protection scheme info"); ++ goto corrupt_file; ++ } + } + } + +@@ -11414,8 +11417,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + * with the same type */ + GNode *enc = qtdemux_tree_get_child_by_type (stsd, fourcc); + stream->protected = TRUE; +- if (!qtdemux_parse_protection_scheme_info (qtdemux, stream, enc, &fourcc)) ++ if (!qtdemux_parse_protection_scheme_info (qtdemux, stream, enc, &fourcc)) { + GST_ERROR_OBJECT (qtdemux, "Failed to parse protection scheme info"); ++ goto corrupt_file; ++ } + } + + if (stream->subtype == FOURCC_vide) { +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch new file mode 100644 index 0000000000..52416b412f --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch @@ -0,0 +1,49 @@ +From 20503e5dd90e21ef170488b2a8b8529ae8a4cab9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 27 Sep 2024 10:38:50 +0300 +Subject: [PATCH 10/13] qtdemux: Make sure there are enough offsets to read + when parsing samples + +While this specific case is also caught when initializing co_chunk, the error +is ignored in various places and calling into the function would lead to out of +bounds reads if the error message doesn't cause the pipeline to be shut down +fast enough. + +To avoid this, no matter what, make sure enough offsets are available when +parsing them. While this is potentially slower, the same is already done in the +non-chunks_are_samples case. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-245 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847 + +Part-of: + +CVE: CVE-2024-47597 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/20503e5dd90e21ef170488b2a8b8529ae8a4cab9] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index e7a79be45b..5277952c5e 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -10066,9 +10066,9 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, guint32 n) + goto done; + } + +- cur->offset = +- qt_atom_parser_get_offset_unchecked (&stream->co_chunk, +- stream->co_size); ++ if (!qt_atom_parser_get_offset (&stream->co_chunk, ++ stream->co_size, &cur->offset)) ++ goto corrupt_file; + + GST_LOG_OBJECT (qtdemux, "Created entry %d with offset " + "%" G_GUINT64_FORMAT, j, cur->offset); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch new file mode 100644 index 0000000000..c57a3d6dac --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch @@ -0,0 +1,97 @@ +From ed254790331a3fba2f68255a8f072552d622aac1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 27 Sep 2024 10:39:30 +0300 +Subject: [PATCH 11/13] qtdemux: Actually handle errors returns from various + functions instead of ignoring them + +Ignoring them might cause the element to continue as if all is fine despite the +internal state being inconsistent. This can lead to all kinds of follow-up +issues, including memory safety issues. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-245 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847 + +Part-of: + +CVE: CVE-2024-47597 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed254790331a3fba2f68255a8f072552d622aac1] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 29 +++++++++++++++++++++++------ + 1 file changed, 23 insertions(+), 6 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 5277952c5e..1de70f184f 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -4853,10 +4853,15 @@ gst_qtdemux_loop_state_header (GstQTDemux * qtdemux) + beach: + if (ret == GST_FLOW_EOS && (qtdemux->got_moov || qtdemux->media_caps)) { + /* digested all data, show what we have */ +- qtdemux_prepare_streams (qtdemux); ++ ret = qtdemux_prepare_streams (qtdemux); ++ if (ret != GST_FLOW_OK) ++ return ret; ++ + QTDEMUX_EXPOSE_LOCK (qtdemux); + ret = qtdemux_expose_streams (qtdemux); + QTDEMUX_EXPOSE_UNLOCK (qtdemux); ++ if (ret != GST_FLOW_OK) ++ return ret; + + qtdemux->state = QTDEMUX_STATE_MOVIE; + GST_DEBUG_OBJECT (qtdemux, "switching state to STATE_MOVIE (%d)", +@@ -7548,13 +7553,21 @@ gst_qtdemux_process_adapter (GstQTDemux * demux, gboolean force) + gst_qtdemux_stream_concat (demux, + demux->old_streams, demux->active_streams); + +- qtdemux_parse_moov (demux, data, demux->neededbytes); ++ if (!qtdemux_parse_moov (demux, data, demux->neededbytes)) { ++ ret = GST_FLOW_ERROR; ++ break; ++ } + qtdemux_node_dump (demux, demux->moov_node); + qtdemux_parse_tree (demux); +- qtdemux_prepare_streams (demux); ++ ret = qtdemux_prepare_streams (demux); ++ if (ret != GST_FLOW_OK) ++ break; ++ + QTDEMUX_EXPOSE_LOCK (demux); +- qtdemux_expose_streams (demux); ++ ret = qtdemux_expose_streams (demux); + QTDEMUX_EXPOSE_UNLOCK (demux); ++ if (ret != GST_FLOW_OK) ++ break; + + demux->got_moov = TRUE; + +@@ -7645,8 +7658,10 @@ gst_qtdemux_process_adapter (GstQTDemux * demux, gboolean force) + /* in MSS we need to expose the pads after the first moof as we won't get a moov */ + if (demux->variant == VARIANT_MSS_FRAGMENTED && !demux->exposed) { + QTDEMUX_EXPOSE_LOCK (demux); +- qtdemux_expose_streams (demux); ++ ret = qtdemux_expose_streams (demux); + QTDEMUX_EXPOSE_UNLOCK (demux); ++ if (ret != GST_FLOW_OK) ++ goto done; + } + + gst_qtdemux_check_send_pending_segment (demux); +@@ -13760,8 +13775,10 @@ qtdemux_prepare_streams (GstQTDemux * qtdemux) + + /* parse the initial sample for use in setting the frame rate cap */ + while (sample_num == 0 && sample_num < stream->n_samples) { +- if (!qtdemux_parse_samples (qtdemux, stream, sample_num)) ++ if (!qtdemux_parse_samples (qtdemux, stream, sample_num)) { ++ ret = GST_FLOW_ERROR; + break; ++ } + ++sample_num; + } + } +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch new file mode 100644 index 0000000000..61f5ce3787 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch @@ -0,0 +1,36 @@ +From 3153fda823cb91b1031dae69738c6c5d526fb6e1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 19:16:19 +0300 +Subject: [PATCH 12/13] qtdemux: Check for invalid atom length when extracting + Closed Caption data + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-243 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849 + +Part-of: + +CVE: CVE-2024-47546 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3153fda823cb91b1031dae69738c6c5d526fb6e1] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 1de70f184f..8850d09321 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -5827,7 +5827,7 @@ extract_cc_from_data (QtDemuxStream * stream, const guint8 * data, gsize size, + goto invalid_cdat; + atom_length = QT_UINT32 (data); + fourcc = QT_FOURCC (data + 4); +- if (G_UNLIKELY (atom_length > size || atom_length == 8)) ++ if (G_UNLIKELY (atom_length > size || atom_length <= 8)) + goto invalid_cdat; + + GST_DEBUG_OBJECT (stream->pad, "here"); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch new file mode 100644 index 0000000000..b46f295c46 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch @@ -0,0 +1,37 @@ +From 3ce1b812a9531611288af286b5dc6631a11e3f4a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 27 Sep 2024 00:31:36 +0300 +Subject: [PATCH 13/13] qtdemux: Add size check for parsing SMI / SEQH atom + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-244 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3853 + +Part-of: + +CVE: CVE-2024-47596 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3ce1b812a9531611288af286b5dc6631a11e3f4a] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 8850d09321..dc70287a8a 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -10629,8 +10629,9 @@ qtdemux_parse_svq3_stsd_data (GstQTDemux * qtdemux, + GST_WARNING_OBJECT (qtdemux, "Unexpected second SEQH SMI atom " + " found, ignoring"); + } else { ++ /* Note: The size does *not* include the fourcc and the size field itself */ + seqh_size = QT_UINT32 (data + 4); +- if (seqh_size > 0) { ++ if (seqh_size > 0 && seqh_size <= size - 8) { + _seqh = gst_buffer_new_and_alloc (seqh_size); + gst_buffer_fill (_seqh, 0, data + 8, seqh_size); + } +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 8099d70791..94c34cf908 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -6,7 +6,21 @@ BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \ file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ - file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" + file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch \ + file://0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch \ + file://0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch \ + file://0003-qtdemux-Fix-debug-output-during-trun-parsing.patch \ + file://0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch \ + file://0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch \ + file://0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch \ + file://0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch \ + file://0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch \ + file://0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch \ + file://0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch \ + file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \ + file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \ + file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \ + " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54970 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2284E77197 for ; Sat, 4 Jan 2025 13:42:06 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.18126.1735998120665853459 for ; Sat, 04 Jan 2025 05:42:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=kn6XR9+n; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-21661be2c2dso167257055ad.1 for ; Sat, 04 Jan 2025 05:42:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998120; x=1736602920; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aABZnD8GNilOked5q3EX5LviUqd3MzghWUspskYE48U=; b=kn6XR9+nYOzG7l6HxmjXihMhoyr35sIsl8eYRruaTWJb0L0ocN/5Ti1utQyOpZ3ZnX Mj97Cw0s+7m62WEHa0QlAkLGHCNRFKrtEDe50BYcaOqcFLP0y7WO4qBZRORqGBUcCvMZ IHDdilnWlGmVMTuHl1TDG2Gz377YyAHpb6cLcs5QxI4bMdW+6E1rRwGQgq20hfAJgZpK MTXa1drokjkLB3KHMdVEyfBN1aNKkS6vZ1azobKBBp3bhq6vJoOdTCThWAL3EI/3fhBa gu/MWnvHNE7JBZJmkokUvluOm01nuTsWOGbQXucByqghP9qYOdx1AiviXvjy618tPkyq dnyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998120; x=1736602920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aABZnD8GNilOked5q3EX5LviUqd3MzghWUspskYE48U=; b=VtdZ2MK2X7EwQOeLxhMzTv9MpiddcDykPhQCXTTNhG7g/MNlnLOV2YX6S1dLIXtmps eBX+rTN7yFF/FI9GO6nSd0U/Rk9VV3ynErCMQrGUGSXVbtUwWrXWXVtRnzHPnqnto+yQ hz8J3aOtcedY9tQKlkZPqKeDnz2CLKS/VZZzTSegl0niJ7KViHMP9PgNRF2LqqKIqVPj F31QDEGvOw3cuh6imaBHwMpgSisRzpPTmGGh90JjVxNmzhQKcED/Sf2dZYXzrGNlcl96 3eQfxKmZSVBCbr/MtmZPjplFBwLlHYNYYiYyfch2k+KQsZZLPsVtbtNKjw+HbgrKxqwu rJJQ== X-Gm-Message-State: AOJu0YyCPVQdkxURmGBbYR8wds0gCjLgewi6+0aGZl6yt5cwKO6XJz7P mGSLp8Sic1BydYYYij4iPkBQFhtkKbF9BxyIt3YrYDWwmpOjlOxCz3TTf/XdqOnVqajRgTFlwGH a X-Gm-Gg: ASbGncubupR41tH0AWS45805sbd3tOzCcWze16WbMti751Q2ISNfXBhAbdkISJOXvbF qZ0EPKk+UMoj0E79VZZDK+0loiO3X8uR37MFLfxDVue8sP4J8dC1B1rjyl5Qxlcc96ZpMvQTyv7 jCez3d9yU4sTMLqmmt0wT7oHfStG1VJfn+H7B2EHCTpkPcI4DQBUCXb3AYaIgHY4lCSfUmeZkfY ylt2/aDblUIqDaI+UV7D+DcKmevnAxWt6m9rovlR4Skwg== X-Google-Smtp-Source: AGHT+IEWA7jal31EID9xXeaMN//WgwnUL4jANMyK2tn3F8cvGs/6+PzJmN/o8Czc1wW2u2fG3ewlfg== X-Received: by 2002:a05:6a20:12d5:b0:1e0:cf9a:87b1 with SMTP id adf61e73a8af0-1e5e04476f0mr74476529637.6.1735998119865; Sat, 04 Jan 2025 05:41:59 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.41.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:41:59 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/25] gstreamer1.0-plugins-base: patch CVE-2024-47538 Date: Sat, 4 Jan 2025 05:41:26 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209371 From: Peter Marko Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...at-most-64-channels-to-NONE-position.patch | 35 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch new file mode 100644 index 0000000000..2c44348a5d --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch @@ -0,0 +1,35 @@ +From 3eee4954d70accf94262299994eb21107a65dea8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 21:35:07 +0300 +Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-115 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869 + +Part-of: + +CVE: CVE-2024-47538 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3eee4954d70accf94262299994eb21107a65dea8] +Signed-off-by: Peter Marko +--- + ext/vorbis/gstvorbisdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/vorbis/gstvorbisdec.c b/ext/vorbis/gstvorbisdec.c +index 6a410ed858..1fc4fa883e 100644 +--- a/ext/vorbis/gstvorbisdec.c ++++ b/ext/vorbis/gstvorbisdec.c +@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (GstVorbisDec * vd) + } + default:{ + GstAudioChannelPosition position[64]; +- gint i, max_pos = MAX (vd->vi.channels, 64); ++ gint i, max_pos = MIN (vd->vi.channels, 64); + + GST_ELEMENT_WARNING (vd, STREAM, DECODE, + (NULL), ("Using NONE channel layout for more than 8 channels")); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 5905c2d5b1..fbdd599eb9 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -10,6 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \ file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ + file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54968 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D463E7719A for ; Sat, 4 Jan 2025 13:42:06 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.18128.1735998122248211624 for ; Sat, 04 Jan 2025 05:42:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=sy8ERdbC; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2166f1e589cso223692345ad.3 for ; Sat, 04 Jan 2025 05:42:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998121; x=1736602921; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GOOzNJK8VL7PT1r0IP+ZkL8AufpoKe2ahx+rthtSWno=; b=sy8ERdbCqU3mJxE6l1o6w7Az9jX2iwlv3DW/H7Kg4EICU6Mh+8qO4ATwcA6dk/fw3n cwwDLEBno+3dEiP2teuLFqSGHq+MRBeg8GvzpxEDjFYc13V4oPQxHjxML5gs0znJ5XPR 7JBthHIXNEpd3/TS3gYyS9jDXz2qGZ+shl5VF8WufecS04eTshxjswp31O4ZtlR7d08v DNhFhkA6xPUsnmpQEHUsQ313ltP6rEmpPem0+bvnkr2tNzy0bEJuIoMs7XVjHJ3MoBNI ITDfyTHxdpAVAYdXtJyMFgvS9BYmTr40zohjPiNGy68b4z59/j6VO9RFqkJI7FzYt4b2 edow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998121; x=1736602921; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GOOzNJK8VL7PT1r0IP+ZkL8AufpoKe2ahx+rthtSWno=; b=GEmGEImHSnyBZVhwk7xV0iOkxuyrumS+UdEFLpthCqRdX/D8KOMcsi7LR9SozEPbSp cj6tw7lI2iqZKY+x03HTIP6yhlxXfLJ4lBAImGWCqBRvXd0/XUWWE4ToZSDZ17AhpN+A UGPMMJrr9BtjqkkHxmSskJBJUFdQtBvt7nQPPz6ZgfDQYq1NfyCY3I5vf05BeoHUTwUZ v8KGadT/WdpJceXQUKjgnnnaox9+NkmaHudNMQRiS075HkqeKAfUYZDmp1Ns6ViCpvhi k9yyq5cjJBF7RQBRK6KTWomnmNtw2pyvRqVd9UKuai7r7SKrlVrcRpt418pr009YnMpM QeCg== X-Gm-Message-State: AOJu0Ywx0K/Lc0l3WwUFIgVWZlQSxlebsT09y8ULTmLKC0Y/MfA9pA5j yW7NbKgcnh8oa3f4EUABiMs1bZnQvH3QndeSQZj655wcchXaLheuKnTBob8UFqadsT45qTczqCc 7 X-Gm-Gg: ASbGnctVAGKM0Y1SWcCjLETBChtDf/GsDQpUEmRpmnRr0C1uIF05CvxqhlvpqBnwrgU cNL+ENhvc4yBfmmrN7fMslOK/HrYuBUyOMsFtUBiHrEATbh5OV23hT0jjcJ/LWM0V0kg4ZeDY/P Yr8muK3QTZ+RMdPRDoDZS2ujcsvXacwApKk7E9wMgLUED0FM4htXI49ENxvZkro84GDOr0VKZJu KYQOQUx4XadzjkLBrD0A28FpqJMT0Jq4GS3rOf+fQaeaw== X-Google-Smtp-Source: AGHT+IFQ8D6PsBP3MCLvnNrt1xyL+ZGC4byO6WT68/wj+0Kqrx942V+BKtB6VzbFmN6pnFhZ/SYZkQ== X-Received: by 2002:a05:6a00:301a:b0:72a:a7a4:9c6d with SMTP id d2e1a72fcca58-72abdeb6fc1mr85068440b3a.24.1735998121401; Sat, 04 Jan 2025 05:42:01 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:01 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/25] gstreamer1.0-plugins-base: patch CVE-2024-47607 Date: Sat, 4 Jan 2025 05:41:27 -0800 Message-ID: <0cdac58a6a7ec25404b8a67508604844d282345a.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209372 From: Peter Marko Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...at-most-64-channels-to-NONE-position.patch | 41 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch new file mode 100644 index 0000000000..7a27af1291 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch @@ -0,0 +1,41 @@ +From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Tue, 1 Oct 2024 13:22:50 +0300 +Subject: [PATCH] opusdec: Set at most 64 channels to NONE position + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-116 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871 + +Part-of: + +CVE: CVE-2024-47607 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59] +Signed-off-by: Peter Marko +--- + ext/opus/gstopusdec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c +index 99289fa7d2..d3f461d9a8 100644 +--- a/ext/opus/gstopusdec.c ++++ b/ext/opus/gstopusdec.c +@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf) + posn = gst_opus_channel_positions[dec->n_channels - 1]; + break; + default:{ +- gint i; ++ guint i, max_pos = MIN (dec->n_channels, 64); + + GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE, + (NULL), ("Using NONE channel layout for more than 8 channels")); + +- for (i = 0; i < dec->n_channels; i++) ++ for (i = 0; i < max_pos; i++) + pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE; + + posn = pos; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index fbdd599eb9..ffae227154 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -11,6 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \ + file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54971 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89E94E77188 for ; Sat, 4 Jan 2025 13:42:06 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web11.18137.1735998123912982030 for ; Sat, 04 Jan 2025 05:42:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=FUZUFKVN; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2165448243fso219202935ad.1 for ; Sat, 04 Jan 2025 05:42:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998123; x=1736602923; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cIttcu90YQ5N+E65IRwEi0DDQHXOh7geN9oLQuSK7Ak=; b=FUZUFKVNB5WCXOk7PbqC/gOp9Ci4xl+ywOkrWtiZwWIspsBr9kN0d3LI1LEes1YgsB ESauxQEt8tMr6mijS4AycX2UJSgXmM9viEBT6pXgVTG3M70w+UaClGx6XiOpf2VtyO64 5xZRyebzhUh/OC+BMlnm2ohewGLxbiXsUw8/J9AJ6P8y94lrtD+eS8RuRK2v6jxhefFc GulWLTAUcVhHU22wuoh4Jq0xFo/OtDmRtZhM0rSmOCppNR2tZknANKIaPpIOFbzXofGg EXn/jJxDBYhm6dKpViTQgMYLUxTk0z5A0fVuHTtVRf+ez7RdbUKoiTIVDfNKbjkc9qPn XX6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998123; x=1736602923; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cIttcu90YQ5N+E65IRwEi0DDQHXOh7geN9oLQuSK7Ak=; b=wNT/q1yE6d2rZSWCwxLTbnLpgxU5D8GGS+zue9za79XE9F93DaiTDsrLN38Y4QhlDa T3MKAjdZE5T4iWU4efP/dvQeoSe9wWdMXs0Xd0tAi0IAmsmfuqjwtRfo8/BVS1dLcU1B AR9rAAGUbevSZpvvLHldJYKm8PgXuk/xKjgVVMjNcI47kz8acQr4y77BOS50PjLI3BtD 5YQROVpw+lWmB06wfDH/G4TYcfzy+2pBIWgIaq4r7L+8Q+iAnSPw/cMgrmKoZQF5Wxl7 nOWaiUrdvOiKbuxaAKfObWmTqy3QTfBlMVgWP6s2O6YQlLTwZJb4g810dNbeBU2fbqM6 Svjw== X-Gm-Message-State: AOJu0YyM6XbofxIRA8g8SlxTSe0XmZv9nw9LhWH3f1MwUguTXLCwaG38 YocOV42cWDBXTeXGMjRKTrZh4vPAwb/+0N8Xv8QetPcqv1UwHiAwbGY7dkhidc+pgjh0CizWNvR B X-Gm-Gg: ASbGncsSfuM+vPKFL/WrwtCYRGH6IXHvLPm3+e0HqHsVCpW0L8sLYFY3ZvAi5otjreH le7fUsNtU6lpkkPiDp8/sFcEeiI/DQY+Puezmo2JMXiGbkJf/NUf+nU3mkDOCB+HsKBOv8zyiuq kOM2okshpZ1EbgAXVpjhVCfuEqWHiksMmKdmUna3QBcOtO2V8veKcxVCvJaZKuxla6foUG1yEit FI9FwCuT9OPXT2YGlIH0znfgBBDLYQf0uLjq/Y2nC7/cQ== X-Google-Smtp-Source: AGHT+IFl4+yXdRNotw2UXUdQrGdOvFw34l9TA6av9m8S1KUGkV14KfiYddjk4EB9R5FEoNhSqvtXXQ== X-Received: by 2002:a05:6a00:410d:b0:729:35b:542e with SMTP id d2e1a72fcca58-72abde943f0mr71601206b3a.16.1735998123078; Sat, 04 Jan 2025 05:42:03 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:02 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/25] gstreamer1.0-plugins-base: patch CVE-2024-47615 Date: Sat, 4 Jan 2025 05:41:28 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209373 From: Peter Marko Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...ck-writes-to-GstOggStream.vorbis_mod.patch | 80 +++++++++ ...w-and-fix-per-format-min_packet_size.patch | 168 ++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 2 + 3 files changed, 250 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch new file mode 100644 index 0000000000..37d0b463cb --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch @@ -0,0 +1,80 @@ +From 006047a23a4e4c146e40e5dab765bc6318a94744 Mon Sep 17 00:00:00 2001 +From: Mathieu Duponchelle +Date: Wed, 2 Oct 2024 15:16:30 +0200 +Subject: [PATCH 1/2] vorbis_parse: check writes to + GstOggStream.vorbis_mode_sizes + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-117 Fixes gstreamer#3875 + +Also perform out-of-bounds check for accesses to op->packet + +Part-of: + +CVE: CVE-2024-47615 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/006047a23a4e4c146e40e5dab765bc6318a94744] +Signed-off-by: Peter Marko +--- + ext/ogg/vorbis_parse.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/ext/ogg/vorbis_parse.c b/ext/ogg/vorbis_parse.c +index 65ef463808..757c7cd82b 100644 +--- a/ext/ogg/vorbis_parse.c ++++ b/ext/ogg/vorbis_parse.c +@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op) + if (offset == 0) { + offset = 8; + current_pos -= 1; ++ ++ /* have we underrun? */ ++ if (current_pos < op->packet) ++ return -1; + } + } + +@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op) + if (offset == 7) + current_pos -= 1; + ++ /* have we underrun? */ ++ if (current_pos < op->packet + 5) ++ return -1; ++ + if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0) + || + current_pos[-4] != 0 +@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op) + /* Give ourselves a chance to recover if we went back too far by using + * the size check. */ + for (ii = 0; ii < 2; ii++) { ++ + if (offset > 4) { ++ /* have we underrun? */ ++ if (current_pos < op->packet) ++ return -1; ++ + size_check = (current_pos[0] >> (offset - 5)) & 0x3F; + } else { ++ /* have we underrun? */ ++ if (current_pos < op->packet + 1) ++ return -1; ++ + /* mask part of byte from current_pos */ + size_check = (current_pos[0] & ((1 << (offset + 1)) - 1)); + /* shift to appropriate position */ +@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op) + + mode_size_ptr = pad->vorbis_mode_sizes; + ++ if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) { ++ return -1; ++ } ++ + for (i = 0; i < size; i++) { + offset = (offset + 1) % 8; + if (offset == 0) +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch new file mode 100644 index 0000000000..b469049a94 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch @@ -0,0 +1,168 @@ +From e633ec642825466b91fc12da6629c307906fa206 Mon Sep 17 00:00:00 2001 +From: Mathieu Duponchelle +Date: Wed, 2 Oct 2024 16:52:51 +0200 +Subject: [PATCH 2/2] oggstream: review and fix per-format min_packet_size + +This addresses all manually detected invalid reads in setup functions. + +Part-of: + +CVE: CVE-2024-47615 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e633ec642825466b91fc12da6629c307906fa206] +Signed-off-by: Peter Marko +--- + ext/ogg/gstoggstream.c | 40 ++++++++++++---------------------------- + 1 file changed, 12 insertions(+), 28 deletions(-) + +diff --git a/ext/ogg/gstoggstream.c b/ext/ogg/gstoggstream.c +index a8883304a5..ab6be238dc 100644 +--- a/ext/ogg/gstoggstream.c ++++ b/ext/ogg/gstoggstream.c +@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, ogg_packet * packet) + { + gint width, height, par_n, par_d, fps_n, fps_d; + +- if (packet->bytes < 26) { +- GST_DEBUG ("Failed to parse VP8 BOS page"); +- return FALSE; +- } +- + width = GST_READ_UINT16_BE (packet->packet + 8); + height = GST_READ_UINT16_BE (packet->packet + 10); + par_n = GST_READ_UINT24_BE (packet->packet + 12); +@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet) + gint64 prestime_n, prestime_d; + gint64 basetime_n, basetime_d; + +- if (packet->bytes < 44) { +- GST_DEBUG ("Not enough data for fishead header"); +- return FALSE; +- } +- + data = packet->packet; + + data += 8; /* header */ +@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet) + pad->prestime = -1; + + /* Ogg Skeleton 3.3+ streams provide additional information in the header */ +- if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3 +- && pad->skeleton_minor > 0) { ++ if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE ++ && pad->skeleton_major == 3 && pad->skeleton_minor > 0) { + gint64 firstsampletime_n, firstsampletime_d; + gint64 lastsampletime_n, lastsampletime_d; + gint64 firstsampletime, lastsampletime; +@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet) + + GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT, + GST_TIME_ARGS (pad->total_time)); +- } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE ++ } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE + && pad->skeleton_major == 4) { + guint64 segment_length, content_offset; + +@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, ogg_packet * packet) + guint8 *data = packet->packet; + const char *category; + +- if (packet->bytes < 64) +- return FALSE; +- + pad->granulerate_n = GST_READ_UINT32_LE (data + 24); + pad->granulerate_d = GST_READ_UINT32_LE (data + 28); + pad->granuleshift = GST_READ_UINT8 (data + 15); +@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, ogg_packet * packet) + { + GstBuffer *buffer; + +- if (packet->bytes < 19) +- return FALSE; +- + pad->granulerate_n = 48000; + pad->granulerate_d = 1; + pad->granuleshift = 0; +@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "\001vorbis", 7, 22, ++ "\001vorbis", 7, 29, + "audio/x-vorbis", + setup_vorbis_mapper, + NULL, +@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "PCM ", 8, 0, ++ "PCM ", 8, 28, + "audio/x-raw", + setup_pcm_mapper, + NULL, +@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "CMML\0\0\0\0", 8, 0, ++ "CMML\0\0\0\0", 8, 29, + "text/x-cmml", + setup_cmml_mapper, + NULL, +@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "Annodex", 7, 0, ++ "Annodex", 7, 44, + "application/x-annodex", + setup_fishead_mapper, + NULL, +@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "CELT ", 8, 0, ++ "CELT ", 8, 60, + "audio/x-celt", + setup_celt_mapper, + NULL, +@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "\200kate\0\0\0", 8, 0, ++ "\200kate\0\0\0", 8, 64, + "text/x-kate", + setup_kate_mapper, + NULL, +@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "OVP80\1\1", 7, 4, ++ "OVP80\1\1", 7, 26, + "video/x-vp8", + setup_vp8_mapper, + setup_vp8_mapper_from_caps, +@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = { + update_stats_vp8 + }, + { +- "OpusHead", 8, 0, ++ "OpusHead", 8, 19, + "audio/x-opus", + setup_opus_mapper, + NULL, +@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "\001text\0\0\0", 9, 9, ++ "\001text\0\0\0", 9, 25, + "application/x-ogm-text", + setup_ogmtext_mapper, + NULL, +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index ffae227154..18837e676d 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -12,6 +12,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \ file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \ + file://0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch \ + file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54973 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A12DDE77188 for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.18130.1735998126887657503 for ; Sat, 04 Jan 2025 05:42:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fM4aUjHl; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2166f1e589cso223692965ad.3 for ; Sat, 04 Jan 2025 05:42:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998126; x=1736602926; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZcVrwhQMqkyw0gRpz3Hr2WFykpARnGeW5m7r7BFUlPo=; b=fM4aUjHlXmuJ6PvzQwBPQRmdTX6qdX1roIlDGaproszDFrgfxcggl19RV2i2tKbetn H7QdQWBC5oQzP+mwndR6LI6K3uQYOoZeNt4+m5qU4bkm+1kN9Xs1XqCEV5xllM+LQKHP 8BYjespB28c24ykXtsHNJpkulho89x6j7vP4Hq3zTO08j0YGR2BalwAEUgaGiTJTdTJe DIip59zwJq3vgp4ACeCF103n1ppR0WxQ+HM5I97n2upAg9g37BCKW/QhOCb4J47hpzkS BP9x7BwR/z6of903+8BRXwJIhWln1LGTCyY9hXUEIL120fn5O7sWh9UZ79OIwTdoW9SW 79CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998126; x=1736602926; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZcVrwhQMqkyw0gRpz3Hr2WFykpARnGeW5m7r7BFUlPo=; b=W1FO0XUavt1mCVVbRrC6e4LHzu0bDDoyG1fNZCQsIx4dgwIDGy/54CrJy9PgVjFHrt vCw0LNjR5kI1vFnKkwX/z1LzH9STs/ZyNltliAyp71/SBsGGFWNz4awes+3fM0T3uf+d NTYiyKmWx/Ri6EVVfp+vvoUSPypsehPPRcmIEkMdoSF6X8Sxih0ifZkzbx980urDiTBX Bx+clgUfUslPykenxf6vmG3g3xOaKtkRhgGg7S6rk/CGWFqKTQB8fJPmVaeQ3tzlgw1h uWKcZU1uAd9zkec8znvMrs5wLFt70TbB+BqQqp27OdYyNZlDmiieNYKj2bFdoUZshbeX ycDA== X-Gm-Message-State: AOJu0YyzsCpfUbnTnkds0X7SeO/c4yK12HeKNNidStZtJlqFU48qi+fm 3MjuHKqi74Tfp8DmplcvcmEeyXNT+DmYjtNYp3dOqQ6xoYWuV+OVQGrSttFSBSnRXVU8jovp0Rs f X-Gm-Gg: ASbGncvu7ivE4Uf2mDgkXRX/1h/V9CtSQglBqDrRmKA45eY+JNVmtPiaOpc1YuA1FYA jJPgbvER/nqvxFZwQUWf0oSaoiCJs2a0LUHu+YBxIzqKUjoLCoPH7LHPXaacu85rGmOXkBokLHa gKQo37+aglhJsm52SEH5syNpIG0TuAgCcwV45EK8kpv+/5fwLac8shFXP9r77Q6HJ+EnV/nJrDb EraCVrTxefc0RPXNLD9nBckYrQuGoXvJ2xWR0+vGtAOSQ== X-Google-Smtp-Source: AGHT+IFvKDRCPrMclDwXx63NY8M3dOQJQ+UCtisv4VDV4w4OoY1QqMPZivuKGWSssRIcfG081f+1ag== X-Received: by 2002:a05:6a00:4098:b0:725:c8ea:b30a with SMTP id d2e1a72fcca58-72abde2ab0emr75754713b3a.14.1735998126007; Sat, 04 Jan 2025 05:42:06 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:05 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/25] gstreamer1.0-plugins-good: patch CVE-2024-47613 Date: Sat, 4 Jan 2025 05:41:29 -0800 Message-ID: <6236088fc43f7d2e8a01bb6e3937969ced8a7f6d.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209374 From: Peter Marko Pick commit from: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...ck-if-initializing-the-video-info-ac.patch | 53 +++++++++++++++++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch new file mode 100644 index 0000000000..502b26f9d5 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch @@ -0,0 +1,53 @@ +From 1d1c9d63be51d85f9b80f0c227d4b3469fee2534 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Wed, 2 Oct 2024 14:44:21 +0300 +Subject: [PATCH] gdkpixbufdec: Check if initializing the video info actually + succeeded + +Otherwise a 0-byte buffer would be allocated, which gives NULL memory when +mapped. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-118 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876 + +Part-of: + +CVE: CVE-2024-47613 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534] +Signed-off-by: Peter Marko +--- + ext/gdk_pixbuf/gstgdkpixbufdec.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/ext/gdk_pixbuf/gstgdkpixbufdec.c b/ext/gdk_pixbuf/gstgdkpixbufdec.c +index 5482998c0d..de5f054964 100644 +--- a/ext/gdk_pixbuf/gstgdkpixbufdec.c ++++ b/ext/gdk_pixbuf/gstgdkpixbufdec.c +@@ -322,7 +322,8 @@ gst_gdk_pixbuf_dec_flush (GstGdkPixbufDec * filter) + + + gst_video_info_init (&info); +- gst_video_info_set_format (&info, fmt, width, height); ++ if (!gst_video_info_set_format (&info, fmt, width, height)) ++ goto format_not_supported; + info.fps_n = filter->in_fps_n; + info.fps_d = filter->in_fps_d; + caps = gst_video_info_to_caps (&info); +@@ -384,6 +385,12 @@ channels_not_supported: + ("%d channels not supported", n_channels)); + return GST_FLOW_ERROR; + } ++format_not_supported: ++ { ++ GST_ELEMENT_ERROR (filter, STREAM, DECODE, (NULL), ++ ("%d channels with %dx%d not supported", n_channels, width, height)); ++ return GST_FLOW_ERROR; ++ } + no_buffer: + { + GST_DEBUG ("Failed to create outbuffer - %s", gst_flow_get_name (ret)); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 94c34cf908..ca26290340 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -20,6 +20,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \ file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \ file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \ + file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54979 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3FB6E7719C for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web10.18132.1735998129141116139 for ; Sat, 04 Jan 2025 05:42:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QvUpu/U9; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-21675fd60feso242124075ad.2 for ; Sat, 04 Jan 2025 05:42:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998128; x=1736602928; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6VUp+llOLu9v+iBBjjCcduj/RyzHytedvLSwZaTaGH4=; b=QvUpu/U9510RFI+Fg4eGlq9dxjaOSvcRIXX+YUVb09/sZE49TQt+Zbx7d60U72nza/ T344x0qUpvO46vdNmZvNIyweojFWHeFXRDs0llcbXjEgf5k4Bvky7G7ifStJpG9od/DG lQZPg+VKVgk/ZVgURP3peMHFmJwBVWJ1dBLr+HfOwNd0/NROgOTFyp6FMy7InvZmNYH9 XTxQ7C3YYFJhrYS1g9H6DRdcbp3jYnbmF2PZOgjs8yvJyyaORmh9VKqURVNio5WbxOIR u/RkPc/Wy4Epy+NfNJLuWrwLRHKQ1iw+Psj9vm7a6AU2imDrgLVwycN+FGvQpUkR+Yd2 0w0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998128; x=1736602928; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6VUp+llOLu9v+iBBjjCcduj/RyzHytedvLSwZaTaGH4=; b=rE8BmDzDXeYMOWZayuxyPuQodwYX+LXra7BPPBkq24aQ8eGZlD9S6CAIw//EHZJH9n Y4XTs692jgr4RKtEvsKQBrqJPPOFaE0lmY1RudKOXoPQ5/4usixT73CmNW8lL7RekxGN GF9HpiDdLwoURYU6pz/ezOlKRhJgdWGXoHHSvXcX7LpUswhFirm6ySW7PD/Tp44dAn4F DuVwlyg0fGh9urJWgTkmNGugFLZlQyeps+6+iCN0iShS+HWM7RnoaAxfb2PsOpL4EgNv ROlE/4pHFTdi9Bxt818IKFSNoFafRq5iqsLxEq0uYGmXAUtRv7lbdnTWLXE2dtKmK+S1 klEw== X-Gm-Message-State: AOJu0YzjmAvDIaznKc03J55+jOUt38oU2pINWapBk5Y5U/foUJg4HyDN SuwNGmM0r1ySBhI08tZdSHlzpWi6q1bBQ7mzzhUm38VDsZilcxfmGdgPBxPZ4SrWVc/mz3c8ZIA T X-Gm-Gg: ASbGncs4GqIt/IJI7Z9lzGXXdrNODehc8vLaX90jNpf4TpI0le/KVnGjHI4JQwbn0fn o2U+9dszUpt6X9v8P6N2E3/vVrCFDu9ITCR+WGUIw7ZCdGSa7wCZA6Xhe+5WO0+28uap+gFwyMq 3jJItz8DIKB3Dx5SO4l2E3lKdzl1d51menpIHU3v+O+heRzr1y+Bvw04J3yYSYXkUbNapaowtu+ e8zy9GvFKch8vE0HwH7TFi8cdvA2PCMqHC+lWJHCySHgg== X-Google-Smtp-Source: AGHT+IHLS8R1+LK0keLAAWJgoxETvcetDnFrBlu9XOt0RAVauHEJGg2X9KM9Jvxhhcg3wnBWrDDCLA== X-Received: by 2002:a05:6a21:6da4:b0:1e1:e2d9:7f0a with SMTP id adf61e73a8af0-1e5e0802525mr88187980637.34.1735998127935; Sat, 04 Jan 2025 05:42:07 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:07 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/25] gstreamer1.0-plugins-good: patch several CVEs Date: Sat, 4 Jan 2025 05:41:30 -0800 Message-ID: <4edd9caa9703e067167c4a185c7338c4e89f795b.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209375 From: Peter Marko Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 Signed-off-by: Peter Marko fixup! gstreamer1.0-plugins-good: patch CVE-2024-47540 and CVE-2024-47601 Signed-off-by: Steve Sakoman --- ...ly-unmap-GstMapInfo-in-WavPack-heade.patch | 60 +++++++++++++++++++ ...x-off-by-one-when-parsing-multi-chan.patch | 35 +++++++++++ ...eck-for-big-enough-WavPack-codec-pri.patch | 43 +++++++++++++ ...n-t-take-data-out-of-an-empty-adapte.patch | 51 ++++++++++++++++ ...ip-over-laces-directly-when-postproc.patch | 52 ++++++++++++++++ ...ip-over-zero-sized-Xiph-stream-heade.patch | 43 +++++++++++++ ...t-a-copy-of-the-codec-data-into-the-.patch | 44 ++++++++++++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 7 +++ 8 files changed, 335 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch new file mode 100644 index 0000000000..354a2e5194 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch @@ -0,0 +1,60 @@ +From 008f0d52408f57f0704d5639b72db2f330b8f003 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 16:32:48 +0300 +Subject: [PATCH 1/7] matroskademux: Only unmap GstMapInfo in WavPack header + extraction error paths if previously mapped + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-197 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3863 + +Part-of: + +CVE: CVE-2024-47597 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/008f0d52408f57f0704d5639b72db2f330b8f003] +Signed-off-by: Peter Marko +--- + gst/matroska/matroska-demux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c +index 9b3cf83adb..35e60b7147 100644 +--- a/gst/matroska/matroska-demux.c ++++ b/gst/matroska/matroska-demux.c +@@ -3885,7 +3885,6 @@ gst_matroska_demux_add_wvpk_header (GstElement * element, + GstMatroskaTrackAudioContext *audiocontext = + (GstMatroskaTrackAudioContext *) stream; + GstBuffer *newbuf = NULL; +- GstMapInfo map, outmap; + guint8 *buf_data, *data; + Wavpack4Header wvh; + +@@ -3902,11 +3901,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element, + + if (audiocontext->channels <= 2) { + guint32 block_samples, tmp; ++ GstMapInfo outmap; + gsize size = gst_buffer_get_size (*buf); + + if (size < 4) { + GST_ERROR_OBJECT (element, "Too small wavpack buffer"); +- gst_buffer_unmap (*buf, &map); + return GST_FLOW_ERROR; + } + +@@ -3944,6 +3943,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element, + *buf = newbuf; + audiocontext->wvpk_block_index += block_samples; + } else { ++ GstMapInfo map, outmap; + guint8 *outdata = NULL; + gsize buf_size, size; + guint32 block_samples, flags, crc; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch new file mode 100644 index 0000000000..39346ca829 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch @@ -0,0 +1,35 @@ +From b7e1b13af70b7c042f29674f5482b502af82d829 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 16:33:39 +0300 +Subject: [PATCH 2/7] matroskademux: Fix off-by-one when parsing multi-channel + WavPack + +Part-of: + +CVE: CVE-2024-47597 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b7e1b13af70b7c042f29674f5482b502af82d829] +Signed-off-by: Peter Marko +--- + gst/matroska/matroska-demux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c +index 35e60b7147..583fbbe6e6 100644 +--- a/gst/matroska/matroska-demux.c ++++ b/gst/matroska/matroska-demux.c +@@ -3970,7 +3970,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element, + data += 4; + size -= 4; + +- while (size > 12) { ++ while (size >= 12) { + flags = GST_READ_UINT32_LE (data); + data += 4; + size -= 4; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch new file mode 100644 index 0000000000..af1e9bf6d7 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch @@ -0,0 +1,43 @@ +From 455393ef0f2bb0a49c5bf32ef208af914c44e806 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 18:25:53 +0300 +Subject: [PATCH 3/7] matroskademux: Check for big enough WavPack codec private + data before accessing it + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-250 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866 + +Part-of: + +CVE: CVE-2024-47597 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/455393ef0f2bb0a49c5bf32ef208af914c44e806] +Signed-off-by: Peter Marko +--- + gst/matroska/matroska-demux.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c +index 583fbbe6e6..91e66fefc3 100644 +--- a/gst/matroska/matroska-demux.c ++++ b/gst/matroska/matroska-demux.c +@@ -3888,6 +3888,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element, + guint8 *buf_data, *data; + Wavpack4Header wvh; + ++ if (!stream->codec_priv || stream->codec_priv_size < 2) { ++ GST_ERROR_OBJECT (element, "No or too small wavpack codec private data"); ++ return GST_FLOW_ERROR; ++ } ++ + wvh.ck_id[0] = 'w'; + wvh.ck_id[1] = 'v'; + wvh.ck_id[2] = 'p'; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch new file mode 100644 index 0000000000..aaae3d7abe --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch @@ -0,0 +1,51 @@ +From be0ac3f40949cb951d5f0761f4a3bd597a94947f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 19:04:51 +0300 +Subject: [PATCH 4/7] matroskademux: Don't take data out of an empty adapter + when processing WavPack frames + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-249 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865 + +Part-of: + +CVE: CVE-2024-47597 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/be0ac3f40949cb951d5f0761f4a3bd597a94947f] +Signed-off-by: Peter Marko +--- + .../gst-plugins-good/gst/matroska/matroska-demux.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c +index 91e66fefc3..98ed51e86a 100644 +--- a/gst/matroska/matroska-demux.c ++++ b/gst/matroska/matroska-demux.c +@@ -4036,11 +4036,16 @@ gst_matroska_demux_add_wvpk_header (GstElement * element, + } + gst_buffer_unmap (*buf, &map); + +- newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter)); ++ size = gst_adapter_available (adapter); ++ if (size > 0) { ++ newbuf = gst_adapter_take_buffer (adapter, size); ++ gst_buffer_copy_into (newbuf, *buf, ++ GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1); ++ } else { ++ newbuf = NULL; ++ } + g_object_unref (adapter); + +- gst_buffer_copy_into (newbuf, *buf, +- GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1); + gst_buffer_unref (*buf); + *buf = newbuf; + +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch new file mode 100644 index 0000000000..7216d7c9d3 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch @@ -0,0 +1,52 @@ +From effbbfd771487cc06c79d5a7e447a849884cc6cf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 19:06:03 +0300 +Subject: [PATCH 5/7] matroskademux: Skip over laces directly when + postprocessing the frame fails + +Otherwise NULL buffers might be handled afterwards. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-249 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865 + +Part-of: + +CVE: CVE-2024-47540 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/effbbfd771487cc06c79d5a7e447a849884cc6cf] +Signed-off-by: Peter Marko +--- + .../gst-plugins-good/gst/matroska/matroska-demux.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c +index 98ed51e86a..e0a4405dce 100644 +--- a/gst/matroska/matroska-demux.c ++++ b/gst/matroska/matroska-demux.c +@@ -4982,6 +4982,18 @@ gst_matroska_demux_parse_blockgroup_or_simpleblock (GstMatroskaDemux * demux, + if (stream->postprocess_frame) { + GST_LOG_OBJECT (demux, "running post process"); + ret = stream->postprocess_frame (GST_ELEMENT (demux), stream, &sub); ++ if (ret != GST_FLOW_OK) { ++ gst_clear_buffer (&sub); ++ goto next_lace; ++ } ++ ++ if (sub == NULL) { ++ GST_WARNING_OBJECT (demux, ++ "Postprocessing buffer with timestamp %" GST_TIME_FORMAT ++ " for stream %d failed", GST_TIME_ARGS (buffer_timestamp), ++ stream_num); ++ goto next_lace; ++ } + } + + /* At this point, we have a sub-buffer pointing at data within a larger +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch new file mode 100644 index 0000000000..cb5ba69af0 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch @@ -0,0 +1,43 @@ +From ed7b46bac3fa14f95422cc4bb4655d041df51454 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 19:19:42 +0300 +Subject: [PATCH 6/7] matroskademux: Skip over zero-sized Xiph stream headers + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-251 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867 + +Part-of: + +CVE: CVE-2024-47540 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed7b46bac3fa14f95422cc4bb4655d041df51454] +Signed-off-by: Peter Marko +--- + gst/matroska/matroska-ids.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/gst/matroska/matroska-ids.c b/gst/matroska/matroska-ids.c +index f11b7c2ce3..ba645f7306 100644 +--- a/gst/matroska/matroska-ids.c ++++ b/gst/matroska/matroska-ids.c +@@ -189,8 +189,10 @@ gst_matroska_parse_xiph_stream_headers (gpointer codec_data, + if (offset + length[i] > codec_data_size) + goto error; + +- hdr = gst_buffer_new_memdup (p + offset, length[i]); +- gst_buffer_list_add (list, hdr); ++ if (length[i] > 0) { ++ hdr = gst_buffer_new_memdup (p + offset, length[i]); ++ gst_buffer_list_add (list, hdr); ++ } + + offset += length[i]; + } +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch new file mode 100644 index 0000000000..371eb9da9b --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch @@ -0,0 +1,44 @@ +From 98e4356be7afa869373f96b4e8ca792c5f9707ee Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Wed, 9 Oct 2024 11:52:52 -0400 +Subject: [PATCH 7/7] matroskademux: Put a copy of the codec data into the + A_MS/ACM caps + +The original codec data buffer is owned by matroskademux and does not +necessarily live as long as the caps. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-280 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3894 + +Part-of: + +CVE: CVE-2024-47540 +CVE: CVE-2024-47601 +CVE: CVE-2024-47602 +CVE: CVE-2024-47603 +CVE: CVE-2024-47834 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/98e4356be7afa869373f96b4e8ca792c5f9707ee] +Signed-off-by: Peter Marko +--- + gst/matroska/matroska-demux.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c +index e0a4405dce..80da306731 100644 +--- a/gst/matroska/matroska-demux.c ++++ b/gst/matroska/matroska-demux.c +@@ -7165,8 +7165,7 @@ gst_matroska_demux_audio_caps (GstMatroskaTrackAudioContext * + + /* 18 is the waveformatex size */ + if (size > 18) { +- codec_data = gst_buffer_new_wrapped_full (GST_MEMORY_FLAG_READONLY, +- data + 18, size - 18, 0, size - 18, NULL, NULL); ++ codec_data = gst_buffer_new_memdup (data + 18, size - 18); + } + + if (riff_audio_fmt) +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index ca26290340..96dd6f7228 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -21,6 +21,13 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \ file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \ file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \ + file://0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch \ + file://0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch \ + file://0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch \ + file://0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch \ + file://0019-matroskademux-Skip-over-laces-directly-when-postproc.patch \ + file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \ + file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54978 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC582E7719D for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.18140.1735998130174985023 for ; Sat, 04 Jan 2025 05:42:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=d5O1Nygd; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-218c8aca5f1so232130095ad.0 for ; Sat, 04 Jan 2025 05:42:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998129; x=1736602929; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mCzqQRDQ05mDaLgqfXnKjZJT3vDa0kEqN2PeYemVwCo=; b=d5O1NygdGAVpK1+ZJ5wXIpaPvdahWOloiAciGeE1Wq31KnjbnS07dHKCL8YTpdh/8R tXsjmtZj0b6LCFut8uSNinBvVNEooivBDI3bePX3eaScL3+1Muz5wucqRT4sZKqYva/b jzrpPXukxnr2zrOtkR+GlBSmECQLU4ec6DoU/FmQsukxkG+sr/a0tjOUdqiduEcT4+wQ V+T/mWWIIqUiTTq0brdC0kbN/ZaWn06vtppUWcejk6h4PptOR7LIwLEIMXgDnegzRew/ hx1Pg+ybfuIJ8UmbsroloS7YTO6/g3w1+GUlVDJDwCGmWNXqE/MrKEGs8h0qPXPQcxVL Um1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998129; x=1736602929; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mCzqQRDQ05mDaLgqfXnKjZJT3vDa0kEqN2PeYemVwCo=; b=M8K99MbYLufmLXwifih4EvsWQCEpSJcC8R7CCuFewwqQ+/XnyxsuAssejsWi2Yh2Sr lVrEdgt1pH56XoX0m0FQrsdSY1TwFpiZfLDkcRNiFFtCT5qqaRSLd+dUskwVSTTWU8fm HQQi1M6vL6hKpNfc0Vilsuctq0OlQVKcGK5wetX4uFPAdCInEGcyRKW08muG2zmCwzgd elbfSB7GcerXQI/EDa27b1T2N+eZ+mmBAOd4YpNygDUcEDN/x1IlHwBC8xzpPM5n7iUK ONVhTFVP1fS1y86D5ZobVhC/oSX/s48xbopXj7Nxyh5OfxPIeBl67xS+7q3AOg/Hm0zW 1Y4g== X-Gm-Message-State: AOJu0YzC1PkrSqrPSaJdyHlftu0f3hLsB89xwl4VeMHmlAn7+zdfdZIt +tZk5eQcfgwEceo+E/PGDocnWCDqQ2KpW8yI17agrd05tbUZb+LPifu9gn2bQJrxrAZ5Mra9FCb / X-Gm-Gg: ASbGncsr2tjXOlQjSDOl/iMuW/TEF3maY2ccTDolG7u6gNUFgnGIQwo7IFQ3vEzhCbl E/qZdWOTg/OiOCqHNNWihhN6Xkiky0rCqm2PUmYCO76eEpbsOBiqe8hvfOuazLnPojOnPau+/wL 5gufGR3nEFasmAMHf1j5amFoiK+lxR6DB9FquK0zbgqqOOqMmU7x7kBLfQTcAfl8+5DQPkThxWg YeCXwAv9d7f6+JMnv3dHOqvgwOrBjsLKw3rExM+jr7g5A== X-Google-Smtp-Source: AGHT+IEDuDPx5E4X+/habxJwwaNvEqKKJAOE4ZcdXE8ufrv4U2LhNLBIGCg7ye7NXIpbI8BnkugnHw== X-Received: by 2002:a05:6a21:33a4:b0:1d9:c78f:4207 with SMTP id adf61e73a8af0-1e5e046529dmr72896619637.11.1735998129414; Sat, 04 Jan 2025 05:42:09 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/25] gstreamer1.0-plugins-base: patch CVE-2024-47541 Date: Sat, 4 Jan 2025 05:41:31 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209376 From: Peter Marko Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...for-closing-brace-after-opening-brac.patch | 38 +++++++ ...se-strstr-on-strings-that-are-potent.patch | 99 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 2 + 3 files changed, 139 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch new file mode 100644 index 0000000000..a20d2b4cca --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch @@ -0,0 +1,38 @@ +From 15bb318416e1bf6b6b557006a37d1da86c3a76a8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 21:40:44 +0300 +Subject: [PATCH 1/2] ssaparse: Search for closing brace after opening brace + +Otherwise removing anything between the braces leads to out of bound writes if +there is a closing brace before the first opening brace. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-228 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870 + +Part-of: + +CVE: CVE-2024-47541 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/15bb318416e1bf6b6b557006a37d1da86c3a76a8] +Signed-off-by: Peter Marko +--- + gst/subparse/gstssaparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c +index 42fbb42b99..37b892e928 100644 +--- a/gst/subparse/gstssaparse.c ++++ b/gst/subparse/gstssaparse.c +@@ -238,7 +238,7 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt) + gboolean removed_any = FALSE; + + while ((t = strchr (txt, '{'))) { +- end = strchr (txt, '}'); ++ end = strchr (t, '}'); + if (end == NULL) { + GST_WARNING_OBJECT (parse, "Missing { for style override code"); + return removed_any; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch new file mode 100644 index 0000000000..e6674c7bfd --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch @@ -0,0 +1,99 @@ +From 403b10eba06679319aa2e35d310236234782102f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 18:36:19 +0300 +Subject: [PATCH 2/2] ssaparse: Don't use strstr() on strings that are + potentially not NULL-terminated + +Part-of: + +CVE: CVE-2024-47541 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/403b10eba06679319aa2e35d310236234782102f] +Signed-off-by: Peter Marko +--- + gst/subparse/gstssaparse.c | 36 +++++++++++++++++++++++++++++++++++- + meson.build | 1 + + 2 files changed, 36 insertions(+), 1 deletion(-) + +diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c +index 37b892e928..c162a542f5 100644 +--- a/gst/subparse/gstssaparse.c ++++ b/gst/subparse/gstssaparse.c +@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad, GstObject * parent, GstEvent * event) + return res; + } + ++#ifndef HAVE_MEMMEM ++// memmem() is a GNU extension so if it's not available we'll need ++// our own implementation here. Thanks C. ++static void * ++my_memmem (const void *haystack, size_t haystacklen, const void *needle, ++ size_t needlelen) ++{ ++ const guint8 *cur, *end; ++ ++ if (needlelen > haystacklen) ++ return NULL; ++ if (needlelen == 0) ++ return (void *) haystack; ++ ++ ++ cur = haystack; ++ end = cur + haystacklen - needlelen; ++ ++ for (; cur <= end; cur++) { ++ if (memcmp (cur, needle, needlelen) == 0) ++ return (void *) cur; ++ } ++ ++ return NULL; ++} ++#else ++#define my_memmem memmem ++#endif ++ + static gboolean + gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps) + { +@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps) + const GValue *val; + GstStructure *s; + const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF }; ++ const guint8 header[] = "[Script Info]"; + const gchar *end; + GstBuffer *priv; + GstMapInfo map; +@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps) + left -= 3; + } + +- if (!strstr (ptr, "[Script Info]")) ++ if (!my_memmem (ptr, left, header, sizeof (header) - 1)) + goto invalid_init; + + if (!g_utf8_validate (ptr, left, &end)) { +@@ -231,6 +261,10 @@ invalid_init: + } + } + ++#ifdef my_memmem ++#undef my_memmem ++#endif ++ + static gboolean + gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt) + { +diff --git a/meson.build b/meson.build +index d1033bef4a..65d0944114 100644 +--- a/meson.build ++++ b/meson.build +@@ -199,6 +199,7 @@ check_functions = [ + ['HAVE_LRINTF', 'lrintf', '#include'], + ['HAVE_MMAP', 'mmap', '#include'], + ['HAVE_LOG2', 'log2', '#include'], ++ ['HAVE_MEMMEM', 'memmem', '#include'], + ] + + libm = cc.find_library('m', required : false) +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 18837e676d..e65de0036d 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -14,6 +14,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \ file://0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch \ file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \ + file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \ + file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54975 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC52FE7719A for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.18133.1735998131711585704 for ; Sat, 04 Jan 2025 05:42:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=IoJAPMmw; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-216401de828so171988205ad.3 for ; Sat, 04 Jan 2025 05:42:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998131; x=1736602931; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hyJ+WBKYB2zKtPCGuVOGqIfKMy/NS5NZ6tqbH32KM+E=; b=IoJAPMmws2Vamzltul0Gnm2vGP3gRiTVmwJoKxtaFYCfBQs1+9loGyuySCNZuHEICW 8+0T6IcZ4nDEHRqaOtNZW5jpShqxIphoGhVpcmOVto10vxIaVfmcu/aEk2nE746pwk6Q vIr9gKOTjlo3T+2JaRelpMw2UZE4HhYbKi7DpZMgpb1FqYWTWhBPjmad0+F2/NNzfBwK O/vLqwwy9AfB2so60JKt82CE66Dhx4QjEwhtU1Y5hDIrD7SLnyfXvJ1pVtIfPWnL3XIV tWlxYytjOjsi91imnPoIkdT88Lqx618VCHgEVkDDDPcg3Ft4p/+K/okRX3bIQ1YdcG8J 8YlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998131; x=1736602931; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hyJ+WBKYB2zKtPCGuVOGqIfKMy/NS5NZ6tqbH32KM+E=; b=gwvW8bQWnHwLRbttirbsqisPVIYX4qoGTHZxJE6XjmNbN6M2VH+r1NVC/XrTX8AcP2 gPlQbGHxEvBLTIsuOdbK16iiUDvjylDm+A+2YgNHX4ll4DkdCqhGab2iwkoyjA2R/e9z Y457I3rwzZnj955fyFBPjkBEfRxvOXrP7FbTUcC8BqAhXfcwPDP1YC6GEMiNZ/o+W8K4 5kuFDXosEMoJq9MiqXcYeLUS0ZcyE1AW85KkzLIP2FpI4krl9X4DIzHr8rySreJV04Kx mPnuZBG+jmeZeZBEI5xo4z2SuobFmVbi4qJTBQscUsvbj/H6dXxJ+UbGKxNQKyyQw0Tb ntQA== X-Gm-Message-State: AOJu0YyAHZpA/gxwKEULo+82f8cpYJSZTBk1NPWFof+6eUbYOCwEtKGm dyRW9prQFmqIkbA1p6CMuf61mn7RWn2NbhEK3Oz3sYFEJu8ZEj9AKc9Va+fu5WkTVADGXz8uvlO 6 X-Gm-Gg: ASbGncvrP4mHcXfPPSgrQbv37LkneTNxeep5Dgn+qnFJ/nrbY6gRM73aGYSy3rKocOA qRITWje+8zaVJogwcBIr9jBNedaD+sbKaRohUXPucHguxVnVOxoKuMPTgkeokYm16zsWSlcAJKv PLHvqYggO70ehzu1qFLUpsjpSsx15Ke87tLi7Wiux4FUFOkrGOxbMNH7u+ZQBe94FPXJsxZ1XLX sOhiQW4aKnHtwhrht5Qby2fsotYzPPfiGxLaI7883ZjHA== X-Google-Smtp-Source: AGHT+IE9evnnaITpc+1RqBMBhZrzCzGQ3BuYDOrs9Xnwhjp31LRNK1tSnjQYTvK1ErzU/0fS28LjxA== X-Received: by 2002:a05:6a21:3116:b0:1e1:abd6:ca66 with SMTP id adf61e73a8af0-1e5e049f46dmr77715830637.24.1735998130944; Sat, 04 Jan 2025 05:42:10 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:10 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/25] gstreamer1.0-plugins-base: patch CVE-2024-47542 Date: Sat, 4 Jan 2025 05:41:32 -0800 Message-ID: <8a0c3c92ec3bf150c0697d25c70ad149b2d82f0e.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209377 From: Peter Marko Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...parsing-extended-header-if-not-enoug.patch | 64 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 65 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch new file mode 100644 index 0000000000..4b514ff875 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch @@ -0,0 +1,64 @@ +From 537161868f36048571f400648ac7909f26c73d53 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 13:43:06 +0300 +Subject: [PATCH] id3v2: Don't try parsing extended header if not enough data + is available + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-235 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842 + +Part-of: + +CVE: CVE-2024-47542 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53] +Signed-off-by: Peter Marko +--- + gst-libs/gst/tag/id3v2.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/gst-libs/gst/tag/id3v2.c b/gst-libs/gst/tag/id3v2.c +index 7db2cb7e12..70f975d133 100644 +--- a/gst-libs/gst/tag/id3v2.c ++++ b/gst-libs/gst/tag/id3v2.c +@@ -29,7 +29,7 @@ + + #define HANDLE_INVALID_SYNCSAFE + +-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size); ++static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work); + + #ifndef GST_DISABLE_GST_DEBUG + +@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer * buffer) + GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size); + } + +- id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size); ++ id3v2_frames_to_tag_list (&work); + + g_free (uu_data); + +@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (ID3TagsWorking * work, + } + + static gboolean +-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size) ++id3v2_frames_to_tag_list (ID3TagsWorking * work) + { + guint frame_hdr_size; + + /* Extended header if present */ + if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) { ++ if (work->hdr.frame_data_size < 4) { ++ GST_DEBUG ("Tag has no extended header data. Broken tag"); ++ return FALSE; ++ } ++ + work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4); + + /* In id3v2.4.x the header size is the size of the *whole* +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index e65de0036d..793b8afc3d 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -16,6 +16,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0007-oggstream-review-and-fix-per-format-min_packet_size.patch \ file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \ file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \ + file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54977 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEA8FE7719B for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.18134.1735998133689883836 for ; Sat, 04 Jan 2025 05:42:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=zdjhOYeE; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2162c0f6a39so191322505ad.0 for ; Sat, 04 Jan 2025 05:42:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998133; x=1736602933; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=q57dOzT6trGAtAwnBD7KczK74PmFPS2iK04foy1n42g=; b=zdjhOYeEeTB6/p8VO5fWqh7xGqzwMAd0jYcl5Pgg6EXS6mbQITd3YHfGUVAXgdNyyZ DcVVHvkqnAphqyF18eqob9552AvVEnlg9zy07dFSS0KD4N3B/fzCGoUkBd+fnonx5zlS JgvLCFhRtH4tUtTn4ZrOR7k46p34kcvRFE8zHN6fgYCePc71N7/v1E+oNeEESdYaYxYD 0V5RiT4rKJZvg5tYHca3HtyrNwt1fAcEqp9rvslqflnbXa+mTlfmzy1v9Itl1g79wEKI yZCWfQSX/iK49YugKflGx0anNTam3VRrw5r2AEGpRU/zyGVhjtWSm/hJUMy5pAJeFojW a62A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998133; x=1736602933; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q57dOzT6trGAtAwnBD7KczK74PmFPS2iK04foy1n42g=; b=K0ln89AxtiensI0a68HxFsVHOuMZoLEqTl+lHcfjLKK/K44i73zqAdNpS+cHolwdfD b1M1Frbhqa1oHzXJNl6FRKONkDe5niugqJvG7MqCbwLR/0rvF+4Oid84WPlM2tk6F6vH xGwyO13aduPM1se1WTxo5SbOiwHkY8E2cxUCpnhzdXWMpFNZH1Vdp2kJ0leo5/aiqNQ+ Xh8afrfzkanG67ajwALYB4Z1QPazAAvnBunR6IZKuUuuyhrHvi/0uaDty4q9WJ2El0SQ KTVfx1NRUKxBSHu1Cgo4QyHMuZYLvC9ErwLa3j9uROf+dAqbwNE/hkCc9BouNQQyE86p JumA== X-Gm-Message-State: AOJu0YzYsHT2FRv692CdUEGLoTPuYHbvd7DOEY9IBH4vWT0a36atgkgb LuuPgvNloFN94I2SEfsX1KOooZOij4X6Zx9qKTLzVRAgsul2v/AFBx3ZpFH1AzVk8YNAhBmeIPm s X-Gm-Gg: ASbGnctEihLbXfx64+rnZRfFdqQbue5Q+LFkRMWy2EKvXnRhFuZw9MWA9WOM3jEQPgC LtxBKc/5JAj7jaOu0G0ON5ujDEAku4PIDtgU740+GvWgWuEx7nyzx7TAbGdsnWpjs3JSZ3Tjqyn FLE8e47zZTN6x5r9/X6GD4RBqoII3IxNSbKIxuCE/q+l5YuBYSLe0o7bzvWbO900xpLnXLwP+e/ g/YaC1HFFHp4jSlHleALu2FvOqitKrNZKYykppaMuAbLw== X-Google-Smtp-Source: AGHT+IEZqMxLAeVFihzaZ7QZkdiPSnQzXBi/rZoS/+jX8YMUuRZb7UbsfZfxMJ1oGWH3uc316dm+fQ== X-Received: by 2002:a05:6a20:3d89:b0:1e1:ad7:3282 with SMTP id adf61e73a8af0-1e5e1e26e2emr78276581637.7.1735998132852; Sat, 04 Jan 2025 05:42:12 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/25] gstreamer1.0-plugins-good: patch CVE-2024-47599 Date: Sat, 4 Jan 2025 05:41:33 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209378 From: Peter Marko Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...ly-error-out-on-negotiation-failures.patch | 99 +++++++++++++++++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 1 + 2 files changed, 100 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch new file mode 100644 index 0000000000..037afdc4ee --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch @@ -0,0 +1,99 @@ +From 3cdf206f4fc5a9860bfe1437ed3d01e7d23c6c3e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 16:22:19 +0300 +Subject: [PATCH] jpegdec: Directly error out on negotiation failures + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-247 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3862 + +Part-of: + +CVE: CVE-2024-47599 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3cdf206f4fc5a9860bfe1437ed3d01e7d23c6c3e] +Signed-off-by: Peter Marko +--- + .../gst-plugins-good/ext/jpeg/gstjpegdec.c | 22 ++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c +index 51bc2d14bf..7523419835 100644 +--- a/ext/jpeg/gstjpegdec.c ++++ b/ext/jpeg/gstjpegdec.c +@@ -1068,13 +1068,14 @@ gst_jpeg_turbo_parse_ext_fmt_convert (GstJpegDec * dec, gint * clrspc) + } + #endif + +-static void ++static gboolean + gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc, + gboolean interlaced) + { + GstVideoCodecState *outstate; + GstVideoInfo *info; + GstVideoFormat format; ++ gboolean res; + + #ifdef JCS_EXTENSIONS + if (dec->format_convert) { +@@ -1104,7 +1105,7 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc, + height == GST_VIDEO_INFO_HEIGHT (info) && + format == GST_VIDEO_INFO_FORMAT (info)) { + gst_video_codec_state_unref (outstate); +- return; ++ return TRUE; + } + gst_video_codec_state_unref (outstate); + } +@@ -1118,6 +1119,8 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc, + outstate = + gst_video_decoder_set_output_state (GST_VIDEO_DECODER (dec), format, + width, height, dec->input_state); ++ if (!outstate) ++ return FALSE; + + switch (clrspc) { + case JCS_RGB: +@@ -1142,10 +1145,12 @@ gst_jpeg_dec_negotiate (GstJpegDec * dec, gint width, gint height, gint clrspc, + + gst_video_codec_state_unref (outstate); + +- gst_video_decoder_negotiate (GST_VIDEO_DECODER (dec)); ++ res = gst_video_decoder_negotiate (GST_VIDEO_DECODER (dec)); + + GST_DEBUG_OBJECT (dec, "max_v_samp_factor=%d", dec->cinfo.max_v_samp_factor); + GST_DEBUG_OBJECT (dec, "max_h_samp_factor=%d", dec->cinfo.max_h_samp_factor); ++ ++ return res; + } + + static GstFlowReturn +@@ -1425,8 +1430,9 @@ gst_jpeg_dec_handle_frame (GstVideoDecoder * bdec, GstVideoCodecFrame * frame) + num_fields = 1; + } + +- gst_jpeg_dec_negotiate (dec, width, output_height, +- dec->cinfo.jpeg_color_space, num_fields == 2); ++ if (!gst_jpeg_dec_negotiate (dec, width, output_height, ++ dec->cinfo.jpeg_color_space, num_fields == 2)) ++ goto negotiation_failed; + + state = gst_video_decoder_get_output_state (bdec); + ret = gst_video_decoder_allocate_output_frame (bdec, frame); +@@ -1558,6 +1564,12 @@ map_failed: + ret = GST_FLOW_ERROR; + goto exit; + } ++negotiation_failed: ++ { ++ GST_ELEMENT_ERROR (dec, CORE, NEGOTIATION, (NULL), ("failed to negotiate")); ++ ret = GST_FLOW_NOT_NEGOTIATED; ++ goto exit; ++ } + decode_error: + { + gchar err_msg[JMSG_LENGTH_MAX]; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 96dd6f7228..85c9a20a2d 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -28,6 +28,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0019-matroskademux-Skip-over-laces-directly-when-postproc.patch \ file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \ file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \ + file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54976 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9A8DE77199 for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.18145.1735998134873496532 for ; Sat, 04 Jan 2025 05:42:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Nx5kTd8V; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-21683192bf9so182446045ad.3 for ; Sat, 04 Jan 2025 05:42:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998134; x=1736602934; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9FOORDKyi4cwzRlGlVua3gOKYPJChadPByC5Z0qqGOs=; b=Nx5kTd8VsEm+3xAljj0/6BeUhoLW6IlaIh4x5DlLTHoHsJI7DrU+ufDngLJwNWvzFh oGLC73uiD/zJhN9Q9YDrAB4Hlgr4WYaLLYsKN/ZA3i3aSpRE26UKVxJDNRdqT8EQYTsh i/IvbwOjXsGKbqa0laBxdhbJ5Yhw0lfjAClqhbZTkMPsXMdGN8ZvMwV3HtB1XM5qVcuZ dFeG0FEcKY563wJappNH7p2gtR2A6Jl25o6AJc/hNL0ldsC4od2bwiV1X6vXzSIP9pp2 eOmwK+KYLJCSedIp5skrff57AiFPt0tnq0C56stwuOcuVz00QFUxTdPIvgM8c24Hci9C vfNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998134; x=1736602934; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9FOORDKyi4cwzRlGlVua3gOKYPJChadPByC5Z0qqGOs=; b=ADk6HoLoilmbYhp3RVDrGWKa+Di5ocvLXbhMnIsX2WdFEoEw9NYmLuEpVh12cERCQf 1nIVJddx31v4KJJyiZUFXOpUe92RhoFcZEZEZ1ckUFlTkT7g/2vC6pFwWRVBDRa4mtxK 86o25zLfX9l7XRMtTDufIna/LNwTZX3iPdDF8WDdbZE6dkvZHSP4vFKg8a+fMO2643OM JhHHwf04HTAPgixCbRSl7rYujwrm3p++VY4gpVeTgNLSnanop/R1CHqUs4Xj5XPvzmY+ DdoAE6RncVgyQjqmFtYlxvSJvz1/fGA79EAOI8kpchKUMQ/uKZGDMyPJ+t6R2jvhvMSK 2Y2g== X-Gm-Message-State: AOJu0Ywo6QRcoo118kYuN8+9ami8NSbPrceOUrFXl9YDNT6HHN83UE5E 1p+W33mujXPpKHlrBVqojNUL2ovhOtXQK9DrOqZ+SBHNt8eSQ9gnCW/wTvMjoqPWH9b8j0Gayw7 e X-Gm-Gg: ASbGncv8X/jCnmRQSTTfvIbOv9egkjnNuXr7bwhXdNT/2fvQZpX8DzTb8tJeTR9zBBq 6lV9a+Db1a0+FAxZzjf18Z+Vy4zkAN9um8CxbdiGeZKgl3ba4EoaRhRLCRB5EvT1MqlSFTcCPST aAX4HUcTBCl0bsjroHpQJykzz4MtrC2sddh8mhQXItZtqtAfxJNSooIsVjVgzjC6/g4AcJp1gi5 iORd8my0trusoNUbCX0uzVsbLezaVJRtfRQu8nCySo5KA== X-Google-Smtp-Source: AGHT+IGGMKMWGMokXhtJDZIkDrllnlzCk1KqzxWp5EMV0YGdQz2saY3vfgvGsaTbH+aQdCDCLitmSw== X-Received: by 2002:a05:6a20:7f8b:b0:1d9:4837:ada2 with SMTP id adf61e73a8af0-1e5e0801d62mr95758071637.35.1735998134107; Sat, 04 Jan 2025 05:42:14 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/25] gstreamer1.0-plugins-base: patch CVE-2024-47600 Date: Sat, 4 Jan 2025 05:41:34 -0800 Message-ID: <13e66d4e616e66d278cd96bb04da4cc7e599626b.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209379 From: Peter Marko Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...-print-channel-layout-for-more-than-.patch | 38 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch new file mode 100644 index 0000000000..6762f256e0 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch @@ -0,0 +1,38 @@ +From aa07d94c10d71fac389dbbb264a59c1f6117eead Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 18:19:30 +0300 +Subject: [PATCH] discoverer: Don't print channel layout for more than 64 + channels + +64+ channels are always unpositioned / unknown layout. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-248 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864 + +Part-of: + +CVE: CVE-2024-47600 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa07d94c10d71fac389dbbb264a59c1f6117eead] +Signed-off-by: Peter Marko +--- + tools/gst-discoverer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/gst-discoverer.c b/tools/gst-discoverer.c +index e3f048bed5..4a2a1b4bc4 100644 +--- a/tools/gst-discoverer.c ++++ b/tools/gst-discoverer.c +@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioInfo * ainfo) + + channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo); + +- if (channel_mask != 0) { ++ if (channel_mask != 0 && channels <= 64) { + gst_audio_channel_positions_from_mask (channels, channel_mask, position); + + for (i = 0; i < channels; i++) { +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 793b8afc3d..982389d657 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -17,6 +17,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch \ file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \ file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \ + file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54974 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A130CE77197 for ; Sat, 4 Jan 2025 13:42:16 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.18147.1735998136316793328 for ; Sat, 04 Jan 2025 05:42:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=c1IoQFoL; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-21628b3fe7dso178420695ad.3 for ; Sat, 04 Jan 2025 05:42:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998135; x=1736602935; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=C7G1DfcRIwDJTp9S1ZAkRAE7UHRPUnJe+MbAt2wPNn4=; b=c1IoQFoLZmRI7WPbUGlyK740Hu6DdpptLlZ5MNZPrNULEixsLEU9XuiusPZjrBcyGC U3rdcE0qAze5DeVNdjktNoZ6l63JtqbSHd1ojjCLKdC3P55XkUhnSPJ6y48158lPAwaI hE7h4w8W9uM1fBoLDqZ9d43qASGlYvB8f309x2lXIVvOV0M6eKHEZ3sRhRciMmVbSG41 Qc6jzmqxv4QASwYii1127o9pyHX5O3Pyj30hQu6l+Wg44/rQVUWN/7h1VsJrqvZHgKJ8 xUB3lerzz2sSo3WxQmxVPmf6LJWRBsj90mDFWgXLI6O2AHZWE06idILGvVRQ41yWyBFs HIKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998135; x=1736602935; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C7G1DfcRIwDJTp9S1ZAkRAE7UHRPUnJe+MbAt2wPNn4=; b=LeMqwG9D2BBYA6GuYWH6fmy352oqEEw2Osb4fmmaQcMp6zw2y3z0MLufcE73wb1l/3 m/rer/fgAPGbqX6uCXH/4cwFDvP4Cs+MB4bMJ9tq4Z+guEPcRb+HTYzyLFmSPVIHLGmy 9bEX9y7o1cnvKHq06OTALKHvrmoH6qbTnOO9mTwjq0Y7O1fpp1jNWRkEnrxbqQVlE4w8 7kAC+/Xpvvrf0PtFXmkDXNQ1r8j60qLOp9mKCIsskLl1Z6RcObyc0RN9VVycts3trK1N efEXfagkQNxd8mVNvOrKImYnR3xMLJ6i4stSgAF27hBsq3Q3Uw112z6tihfNB7COJWdg W1PQ== X-Gm-Message-State: AOJu0Yxv/sst54ZF/c+ixIG9Ipw4fKeqMdVb0FcmgOREPMqmxAYWHdgD Z1AkyNvUmGnaMuWaFU/LB9khCrTsrL3wQHTH5W/+v5Fv1iNAMquixCcp/ojWcQS7H543CCK/IcU T X-Gm-Gg: ASbGncsFY1eQERH0ABcjYeCjTsxu8pCra873RxMknXwbOwcXX1ohv/LV5SqWS7e3HyR ktQQSAXX+D2rTK2d3ZBTWmYX/rFPdx5cc1FtuAs23YOSfzKVrA0L6eVF3TA4pWNTP1ciJholoi3 YTvhQDqNgB31tOBYEauJyhxRRbw+Tpfgy2mXKCC/pYMMPX44/3PmZoFUA+ts3esXl7zC1WzITUM JlAbd/MkImJOaWCXVy6tShOJOTAXsyKxucZaoTLb9n7vA== X-Google-Smtp-Source: AGHT+IEUEkdUE4jgIsCAYqRrUwNWYWq7AnN8RjlgtPNhN4EFToPL/nO44Zq8ieUEa4KWx4mTQe76jg== X-Received: by 2002:a05:6a21:2d07:b0:1e2:5cf:c8d6 with SMTP id adf61e73a8af0-1e5e080ba76mr71399896637.36.1735998135560; Sat, 04 Jan 2025 05:42:15 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/25] gstreamer1.0-plugins-good: patch CVE-2024-47606 Date: Sat, 4 Jan 2025 05:41:35 -0800 Message-ID: <30f2b1c6b10e064ce0f0f1910d2740e6ccc86251.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209380 From: Peter Marko Pick commit related to plugins-good from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...teger-overflow-when-parsing-Theora-e.patch | 44 +++++++++++++++++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch new file mode 100644 index 0000000000..37f133a493 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch @@ -0,0 +1,44 @@ +From f8e398c46fc074f266edb3f20479c0ca31b52448 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 22:16:06 +0300 +Subject: [PATCH] qtdemux: Avoid integer overflow when parsing Theora extension + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-166 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851 + +Part-of: + +CVE: CVE-2024-47606 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f8e398c46fc074f266edb3f20479c0ca31b52448] +Signed-off-by: Peter Marko +--- + gst/isomp4/qtdemux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 5e3cb1b9e6..c2d8b5e0f1 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -8279,7 +8279,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream, + end -= 8; + + while (buf < end) { +- gint size; ++ guint32 size; + guint32 type; + + size = QT_UINT32 (buf); +@@ -8287,7 +8287,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream, + + GST_LOG_OBJECT (qtdemux, "%p %p", buf, end); + +- if (buf + size > end || size <= 0) ++ if (end - buf < size || size < 8) + break; + + buf += 8; +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 85c9a20a2d..7f8cd7c96c 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -29,6 +29,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch \ file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \ file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \ + file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54983 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3BCDE77197 for ; Sat, 4 Jan 2025 13:42:26 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web11.18148.1735998138519641677 for ; Sat, 04 Jan 2025 05:42:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=maFxyUuo; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2164b662090so161380695ad.1 for ; Sat, 04 Jan 2025 05:42:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998138; x=1736602938; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gVxL26EVjtQktWCnLGkVfhyE6V5J0les96s7t06y/Qc=; b=maFxyUuoc2jUYJDAm3WkE4DnnVW3YUQHYODm9lQAMMLf6m5PTXYKlugapTikTeXBl9 hh4XRBanTnZ/FWooyaQMMlONbON/aRFv4eF3aRjFEa5n6unJNS0iY/7VCi42vrWVMUBz clXWoW7KKSbBRYdBHb344hzTtW2irwvghRloBb1sLUldvF2qV65O5JPvyWH+5nKGYNXC 5nsCNAkN6IqqnB7h4XpyvCjnRm1HfJm8SRamkxBdLl1l873QBaFR9l8D8NWkqR7JO57x loqP21L21gLlbt8p/81GiL5Fuxs5Y/bzDZjd/ZOl3e2+BKXkqycLdmnMeqcLPTlpfQoF FsJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998138; x=1736602938; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gVxL26EVjtQktWCnLGkVfhyE6V5J0les96s7t06y/Qc=; b=w87Z9wMQOecDyKIEowfUMjrc5BTHf2kXcH2al1LIgW7NQv+6AJKVQz2MD+tBuzNznJ +QPWmMyu15/5MvfS0VHBFR9dTHF3JrqwK0hr/uLe9xLrS12SQr5X25vuxt3+gEEbBisr +d9xjFwpDjjEPBKutf9LDPpA2YJVFWkITdsDOdFZov+dhIY0IXsIPMedM2VKZ/aPgH9O NKDmermOcN8zuQIR090TMuWt5WusYEL8KJIbGLPZUZoIfVFh6os/9d+5meW8H4dlzQQE +It23y1MgstlfXV9n9+Q0eV7NEhvSHN7kzsfuhDX6kF4vks5NvWCwqySjdS/LiPR/9OE Lj7Q== X-Gm-Message-State: AOJu0Yzgx8KZEOTwDnZUn+WTvGJLHE5Wh5wnBjXhfsU9Nk7/K3PKaxX5 LJRCBSxMISdnRC1wBXglfIqpkUIA8nyCvUyaB/y5IKT/eFGc0T22jdarypzUHPG8tnLygwVXhvG R X-Gm-Gg: ASbGncuvDM/1qfiTPOhaS6SdnhMq089ALGyi91hTD/7ffZ5QulGA2dXHRmCao4PN2zv v9L4ZXNZ2xxcpva4JdnywInzRS/mL4YZPYfRs+xvFjqit6NH9V24Dt+Vr8rTzrdOpt7L1BVzxvX Ts1rOq6SCRhPilIRJ1Ct4FM+Y4IRRRlyrWtdL3TohpHAxP7Q9dz4KbBika1sPoeBb4v+1HQ+KHy f1vh/SveGs876LGuI5qqT8jp014SFseJfDfbV8FmGbsRQ== X-Google-Smtp-Source: AGHT+IE6q/aavuJ/umPQthaiUKG1izdAW69bGhI2Lm3qpqM6vWIGPcBiTylocNI35T8rldq1FYUflg== X-Received: by 2002:a05:6300:7113:b0:1e6:5323:58cb with SMTP id adf61e73a8af0-1e653235b18mr22669148637.23.1735998137793; Sat, 04 Jan 2025 05:42:17 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:17 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/25] gstreamer1.0-plugins-good: patch CVE-2024-47606 Date: Sat, 4 Jan 2025 05:41:36 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209381 From: Peter Marko Pick commit related to gstreamer from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...integer-overflow-when-allocating-sys.patch | 56 +++++++++++++++++++ .../gstreamer/gstreamer1.0_1.22.12.bb | 1 + 2 files changed, 57 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch new file mode 100644 index 0000000000..5d8575711a --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch @@ -0,0 +1,56 @@ +From f1cdc6f24340f6cce4cc7020628002f5c70dd6c7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 26 Sep 2024 22:07:22 +0300 +Subject: [PATCH] allocator: Avoid integer overflow when allocating sysmem + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-166 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851 + +Part-of: + +CVE: CVE-2024-47606 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f1cdc6f24340f6cce4cc7020628002f5c70dd6c7] +Signed-off-by: Peter Marko +--- + gst/gstallocator.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/gst/gstallocator.c b/gst/gstallocator.c +index 996f5dc946..198cfe9523 100644 +--- a/gst/gstallocator.c ++++ b/gst/gstallocator.c +@@ -430,8 +430,20 @@ _sysmem_new_block (GstMemoryFlags flags, + /* ensure configured alignment */ + align |= gst_memory_alignment; + /* allocate more to compensate for alignment */ ++ if (align > G_MAXSIZE || maxsize > G_MAXSIZE - align) { ++ GST_CAT_WARNING (GST_CAT_MEMORY, ++ "Allocating %" G_GSIZE_FORMAT " bytes with alignment %" G_GSIZE_FORMAT ++ "x overflows", maxsize, align); ++ return NULL; ++ } + maxsize += align; + /* alloc header and data in one block */ ++ if (maxsize > G_MAXSIZE - sizeof (GstMemorySystem)) { ++ GST_CAT_WARNING (GST_CAT_MEMORY, ++ "Allocating %" G_GSIZE_FORMAT " bytes with alignment %" G_GSIZE_FORMAT ++ "x overflows", maxsize, align); ++ return NULL; ++ } + slice_size = sizeof (GstMemorySystem) + maxsize; + + mem = g_slice_alloc (slice_size); +@@ -481,6 +493,8 @@ _sysmem_copy (GstMemorySystem * mem, gssize offset, gsize size) + size = mem->mem.size > offset ? mem->mem.size - offset : 0; + + copy = _sysmem_new_block (0, size, mem->mem.align, 0, size); ++ if (!copy) ++ return NULL; + GST_CAT_DEBUG (GST_CAT_PERFORMANCE, + "memcpy %" G_GSIZE_FORMAT " memory %p -> %p", size, mem, copy); + memcpy (copy->data, mem->data + mem->mem.offset + offset, size); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb index 8486e258d5..e5a820e1ad 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb @@ -21,6 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0002-tests-add-support-for-install-the-tests.patch \ file://0003-tests-use-a-dictionaries-for-environment.patch \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \ + file://0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch \ " SRC_URI[sha256sum] = "ac352f3d02caa67f3b169daa9aa78b04dea0fc08a727de73cb28d89bd54c6f61" From patchwork Sat Jan 4 13:41:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54984 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0755E7719B for ; Sat, 4 Jan 2025 13:42:26 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web10.18136.1735998139876108481 for ; Sat, 04 Jan 2025 05:42:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cU/M6EDG; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-2165cb60719so186520965ad.0 for ; Sat, 04 Jan 2025 05:42:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998139; x=1736602939; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OggxUGiX/QoLvgGAZxn3ngkW0zTbTptp6vHo06wUxFM=; b=cU/M6EDGCd6LM7AQ9OwQXDv6iQKBN0TVfB5Xq9FdZ1lJWy05lETYwAVqOc+9gbNaRE +Cpg5i0d/Etfj+WgnmbTj/OCpqT7FOgmg8G7aMKcfuNzdVwUMSdEGTHF20ZW/0/Wl68Y LFFGebuZT07ZVOnPXlev9JKgFwj/7peYsfl9KTcjBihCtrjq8TjrkOcQv5LFuqxghyWo zN4NDjFDpAww4ZVWSi7pYHo+psYCBzI0vH+UAc5lzd+InfQW0rvUTgrDwUhRDVmhL5G6 KIwvCaWRDG3PhtJwFXLyQFjciKusoklzsUlqkh865If6zzWqOl4qcDccLOB8Qhspwcio O4Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998139; x=1736602939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OggxUGiX/QoLvgGAZxn3ngkW0zTbTptp6vHo06wUxFM=; b=LmjBWO3juGLf03rSMuFMuKvjPcv0qadb0uQoUxxiJRhM9miI8vdEKdmSiLuGiEcjvP 3IuOf9ggvoiSOVrVC3bzll7UDlqlOhp08T0QIn2LdMq3it4FER4ooOsSHuN5Hz77VBW0 4W3Ah6wLnToyy4oESVg5SH6SmjYKZfhiK8L1nALLAPLw/XBq7oYFVW572kcZu+NdfzSL DmMYoMoDHKgmybxDFErLtktCbTt/rKl5FfQYoyrS1urSqUqv5AcblHo5YVs1RmILi+uP MXLM+wkbrgbtJRMal4CRPk+Yj8CqNYlNdpSYbcGJrmNrSZ1eNGjpN0eXlg7khsE66QIc u5Ig== X-Gm-Message-State: AOJu0Yw4Pfu4e26px3KNrf9tCJ9RJNtvtQR/ECfc1l6c4Vbnuui/4WAV mNfTro5FmHVrdWaqRTYKAtuooJOabo4elKEHx+8lB7zrrtEA7ymZB38VkLjvaLv00qPdE252qA9 x X-Gm-Gg: ASbGnct3UwWxoJRYELctUiuypxut1uTYVxCH1acDq+56kgJwkWw82/RpGbsivUjwf/X 8tf0biGJlgWW1Mx4zcD7e6Jj0/PK9ancNIac2H3lZwD+o4icpmLnA6kBcwkrCvt2cyHR/9S1P4G ibHwHU72i6OIzMx8nciA/bSMWOwlHhiX82LnuucUqWdcPn//zG36qUasTu0eAwsolFo9oM848h4 UDdS7nVJ9Bf1gF+ybidEuHus/+Ruyg38vNgae++xfBkGA== X-Google-Smtp-Source: AGHT+IEOj90fYoOUICmvQJ5UG0p8LvSLm+ZP6h/uMZYm+PevS5IlVy+YXnf1X99LvrHEReqPwSLJvg== X-Received: by 2002:a05:6a00:4096:b0:729:c7b:9385 with SMTP id d2e1a72fcca58-72abdd7bdecmr77444729b3a.6.1735998139081; Sat, 04 Jan 2025 05:42:19 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/25] gstreamer1.0-plugins-good: patch CVE-2024-47774 Date: Sat, 4 Jan 2025 05:41:37 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209382 From: Peter Marko Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...size-checks-and-avoid-overflows-when.patch | 46 +++++++++++++++++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch new file mode 100644 index 0000000000..33af003535 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch @@ -0,0 +1,46 @@ +From 0870e87c7c02e28e22a09a7de0c5b1e5bed68c14 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 14:04:03 +0300 +Subject: [PATCH] avisubtitle: Fix size checks and avoid overflows when + checking sizes + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-262 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890 + +Part-of: + +CVE: CVE-2024-47774 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0870e87c7c02e28e22a09a7de0c5b1e5bed68c14] +Signed-off-by: Peter Marko +--- + gst/avi/gstavisubtitle.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/gst/avi/gstavisubtitle.c b/gst/avi/gstavisubtitle.c +index efc5f04051..c816934da6 100644 +--- a/gst/avi/gstavisubtitle.c ++++ b/gst/avi/gstavisubtitle.c +@@ -196,7 +196,7 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf) + /* read 'name' of subtitle */ + name_length = GST_READ_UINT32_LE (map.data + 5 + 2); + GST_LOG_OBJECT (sub, "length of name: %u", name_length); +- if (map.size <= 17 + name_length) ++ if (G_MAXUINT32 - 17 < name_length || map.size < 17 + name_length) + goto wrong_name_length; + + name_utf8 = +@@ -216,7 +216,8 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf) + file_length = GST_READ_UINT32_LE (map.data + 13 + name_length); + GST_LOG_OBJECT (sub, "length srt/ssa file: %u", file_length); + +- if (map.size < (17 + name_length + file_length)) ++ if (G_MAXUINT32 - 17 - name_length < file_length ++ || map.size < 17 + name_length + file_length) + goto wrong_total_length; + + /* store this, so we can send it again after a seek; note that we shouldn't +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 7f8cd7c96c..247fda7f9c 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -30,6 +30,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch \ file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \ file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \ + file://0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54985 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3C13E7719C for ; Sat, 4 Jan 2025 13:42:26 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.18149.1735998141624685044 for ; Sat, 04 Jan 2025 05:42:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rqvC8D09; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-21675fd60feso242126235ad.2 for ; Sat, 04 Jan 2025 05:42:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998141; x=1736602941; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=17yQN8rIeIJyI1GecKSk2gSSxhmES2GWHJ+WCgDAvxI=; b=rqvC8D09hS2n69vLv1s9CCh6QNoamkWPXa8WHsOagwpgUoqaNB5uV8Mwu5oDLivLK6 OL101gf25+3znpfjYcLCa3gGHTOaS0GH9IyTjUAgTY9t1GMFkcPvOlyde4M+DkgBVq8B Ck/cCzQKD6Jb0vc65/NII9XdX6ixJpGnmbb4It6ixQlBxxqEt2SiKHNpEzYsPTg4EfK+ LDoezpqu3Bqn6HLVxomYs4Gkfrc34xWCK1F3zhBwuZaLEbVMWkzAiIcP1X7xOo7HzE6M TgYdszLV/iPOab49XAl/+35HjW3puMmuiiVbPh+Kz4t4jp5bb8PcioiNlFPuLGlkMY4l tAaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998141; x=1736602941; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=17yQN8rIeIJyI1GecKSk2gSSxhmES2GWHJ+WCgDAvxI=; b=R73VgZvLp+ycsNZRO8NAQEJXlqz4xnMSRM0bHgF7h7Q6YgJKlsgn6DKOwJYYYdSnz0 CwBA7P09VD69NtNkz5XVkS2m9ZfcwQ2hRwlgoOEyQaZ4VfmQ52kBD6LAsTCnMTXFTn20 YzT95E4peUbP8jGBy8aJzuNrU6KUJ7t5MdQI0poD8+XTxBpLR8xLdQCB46R1HygsGhww EMhHwR99IIoajUVohakSWJHs2N4lO4hLHMbO9twZVUjPDyUtSS3EMP/YmK4fh2HxD+Ze 1UKlaHqepKAr6sBtLrYJ17cJ1wCDPJgJJtPPMKWcn7dwSPl+yY2mf7fJ+Vtv31F38knL CEnw== X-Gm-Message-State: AOJu0YwXDwi7TymAABg8D31BQr8ZsR1ub9Zucu5R0TzYYuG4sbmKrYVA jb3SdZ1iWqD8oahuTr3sajFDtaHv5hGRI2PXHD/jP1GSzRs3XrphM2meBbMVveiMH1lxTxkcQvz l X-Gm-Gg: ASbGnct8sLAtGlqRARrqIdq+h3m/Kq7isyac+8Efma6HHhSbxdx1QZE27nLUtT5r6R8 8INGk55PxgqdMKSz2DgYwKja9t8eH1HGT9DJ+1YFz+KxPGRXBH62Y73ld1v7LGJwi5IWHrK/hZP pdz5Tk3vP0fjVakUnXOS3biqCeeQmkzF3H57GhLlq6T3IyW+K6SZCYp+RWq29fLOHA8fkviYYWO 7ORhUxjZrQTHpLyPhcB0dELurL8bR7cCA33VqpV3MH5Aw== X-Google-Smtp-Source: AGHT+IEZDUa0Aks6fghQ4yBxarAZLUga55HPZR4Pd+YngA9Pn226oZurut8r4Fkkgn4R6BJNcRpkXA== X-Received: by 2002:a05:6a00:b51:b0:726:f7c9:7b28 with SMTP id d2e1a72fcca58-72abdd7c2aemr77951229b3a.8.1735998140539; Sat, 04 Jan 2025 05:42:20 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:20 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/25] gstreamer1.0-plugins-good: patch several CVEs Date: Sat, 4 Jan 2025 05:41:38 -0800 Message-ID: <4763e9911e82c886a02727bf654872280138d83e.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209383 From: Peter Marko Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...or-short-reads-when-parsing-headers-.patch | 174 ++++++++++++++++++ ...re-enough-data-for-the-tag-list-tag-.patch | 41 +++++ ...7-wavparse-Fix-parsing-of-acid-chunk.patch | 65 +++++++ ...hat-at-least-4-bytes-are-available-b.patch | 37 ++++ ...hat-at-least-32-bytes-are-available-.patch | 40 ++++ ...ix-clipping-of-size-to-the-file-size.patch | 47 +++++ ...Check-size-before-reading-ds64-chunk.patch | 41 +++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 7 + 8 files changed, 452 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch new file mode 100644 index 0000000000..4b53830e12 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch @@ -0,0 +1,174 @@ +From 13b48016b3ef1e822c393c2871b0a561ce19ecb3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:00:57 +0300 +Subject: [PATCH 1/7] wavparse: Check for short reads when parsing headers in + pull mode + +And also return the actual flow return to the caller instead of always returning +GST_FLOW_ERROR. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-258, GHSL-2024-260 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888 + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/13b48016b3ef1e822c393c2871b0a561ce19ecb3] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 63 ++++++++++++++++++++++++++++---------- + 1 file changed, 46 insertions(+), 17 deletions(-) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index d074f273c5..97d5591fae 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -1096,6 +1096,24 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf) + return TRUE; + } + ++static GstFlowReturn ++gst_wavparse_pull_range_exact (GstWavParse * wav, guint64 offset, guint size, ++ GstBuffer ** buffer) ++{ ++ GstFlowReturn res; ++ ++ res = gst_pad_pull_range (wav->sinkpad, offset, size, buffer); ++ if (res != GST_FLOW_OK) ++ return res; ++ ++ if (gst_buffer_get_size (*buffer) < size) { ++ gst_clear_buffer (buffer); ++ return GST_FLOW_EOS; ++ } ++ ++ return res; ++} ++ + static GstFlowReturn + gst_wavparse_stream_headers (GstWavParse * wav) + { +@@ -1291,9 +1309,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + + buf = NULL; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset, 8, ++ gst_wavparse_pull_range_exact (wav, wav->offset, 8, + &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + gst_buffer_map (buf, &map, GST_MAP_READ); + tag = GST_READ_UINT32_LE (map.data); + size = GST_READ_UINT32_LE (map.data + 4); +@@ -1396,9 +1414,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + gst_buffer_unref (buf); + buf = NULL; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset + 8, ++ gst_wavparse_pull_range_exact (wav, wav->offset + 8, + data_size, &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + gst_buffer_extract (buf, 0, &wav->fact, 4); + wav->fact = GUINT32_FROM_LE (wav->fact); + gst_buffer_unref (buf); +@@ -1443,9 +1461,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + gst_buffer_unref (buf); + buf = NULL; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset + 8, +- size, &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ gst_wavparse_pull_range_exact (wav, wav->offset + 8, size, ++ &buf)) != GST_FLOW_OK) ++ goto header_pull_error; + gst_buffer_map (buf, &map, GST_MAP_READ); + acid = (const gst_riff_acid *) map.data; + tempo = acid->tempo; +@@ -1483,9 +1501,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + gst_buffer_unref (buf); + buf = NULL; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset, 12, ++ gst_wavparse_pull_range_exact (wav, wav->offset, 12, + &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + gst_buffer_extract (buf, 8, <ag, 4); + ltag = GUINT32_FROM_LE (ltag); + } +@@ -1512,9 +1530,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + buf = NULL; + if (data_size > 0) { + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset, ++ gst_wavparse_pull_range_exact (wav, wav->offset, + data_size, &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + } + } + if (data_size > 0) { +@@ -1552,9 +1570,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + buf = NULL; + wav->offset += 12; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset, ++ gst_wavparse_pull_range_exact (wav, wav->offset, + data_size, &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + gst_buffer_map (buf, &map, GST_MAP_READ); + gst_wavparse_adtl_chunk (wav, (const guint8 *) map.data, + data_size); +@@ -1598,9 +1616,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + gst_buffer_unref (buf); + buf = NULL; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset, ++ gst_wavparse_pull_range_exact (wav, wav->offset, + data_size, &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + gst_buffer_map (buf, &map, GST_MAP_READ); + if (!gst_wavparse_cue_chunk (wav, (const guint8 *) map.data, + data_size)) { +@@ -1642,9 +1660,9 @@ gst_wavparse_stream_headers (GstWavParse * wav) + gst_buffer_unref (buf); + buf = NULL; + if ((res = +- gst_pad_pull_range (wav->sinkpad, wav->offset, ++ gst_wavparse_pull_range_exact (wav, wav->offset, + data_size, &buf)) != GST_FLOW_OK) +- goto header_read_error; ++ goto header_pull_error; + gst_buffer_map (buf, &map, GST_MAP_READ); + if (!gst_wavparse_smpl_chunk (wav, (const guint8 *) map.data, + data_size)) { +@@ -1796,6 +1814,17 @@ header_read_error: + ("Couldn't read in header %d (%s)", res, gst_flow_get_name (res))); + goto fail; + } ++header_pull_error: ++ { ++ if (res == GST_FLOW_EOS) { ++ GST_WARNING_OBJECT (wav, "Couldn't pull header %d (%s)", res, ++ gst_flow_get_name (res)); ++ } else { ++ GST_ELEMENT_ERROR (wav, STREAM, DEMUX, (NULL), ++ ("Couldn't pull header %d (%s)", res, gst_flow_get_name (res))); ++ } ++ goto exit; ++ } + } + + /* +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch new file mode 100644 index 0000000000..111c86e894 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch @@ -0,0 +1,41 @@ +From 4c198f4891cfabde868944d55ff98925e7beb757 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:09:43 +0300 +Subject: [PATCH 2/7] wavparse: Make sure enough data for the tag list tag is + available before parsing + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-258 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886 + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c198f4891cfabde868944d55ff98925e7beb757] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index 97d5591fae..21cb48c07e 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -1488,6 +1488,10 @@ gst_wavparse_stream_headers (GstWavParse * wav) + case GST_RIFF_TAG_LIST:{ + guint32 ltag; + ++ /* Need at least the ltag */ ++ if (size < 4) ++ goto exit; ++ + if (wav->streaming) { + const guint8 *data = NULL; + +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch new file mode 100644 index 0000000000..39d0cccc9a --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch @@ -0,0 +1,65 @@ +From 296e17b4ea81e5c228bb853f6037b654fdca7d47 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:15:27 +0300 +Subject: [PATCH 3/7] wavparse: Fix parsing of acid chunk + +Simply casting the bytes to a struct can lead to crashes because of unaligned +reads, and is also missing the endianness swapping that is necessary on big +endian architectures. + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/296e17b4ea81e5c228bb853f6037b654fdca7d47] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index 21cb48c07e..6a0c44638e 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -1433,8 +1433,7 @@ gst_wavparse_stream_headers (GstWavParse * wav) + break; + } + case GST_RIFF_TAG_acid:{ +- const gst_riff_acid *acid = NULL; +- const guint data_size = sizeof (gst_riff_acid); ++ const guint data_size = 24; + gfloat tempo; + + GST_INFO_OBJECT (wav, "Have acid chunk"); +@@ -1448,13 +1447,13 @@ gst_wavparse_stream_headers (GstWavParse * wav) + break; + } + if (wav->streaming) { ++ const guint8 *data; + if (!gst_wavparse_peek_chunk (wav, &tag, &size)) { + goto exit; + } + gst_adapter_flush (wav->adapter, 8); +- acid = (const gst_riff_acid *) gst_adapter_map (wav->adapter, +- data_size); +- tempo = acid->tempo; ++ data = gst_adapter_map (wav->adapter, data_size); ++ tempo = GST_READ_FLOAT_LE (data + 20); + gst_adapter_unmap (wav->adapter); + } else { + GstMapInfo map; +@@ -1465,8 +1464,7 @@ gst_wavparse_stream_headers (GstWavParse * wav) + &buf)) != GST_FLOW_OK) + goto header_pull_error; + gst_buffer_map (buf, &map, GST_MAP_READ); +- acid = (const gst_riff_acid *) map.data; +- tempo = acid->tempo; ++ tempo = GST_READ_FLOAT_LE (map.data + 20); + gst_buffer_unmap (buf, &map); + } + /* send data as tags */ +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch new file mode 100644 index 0000000000..7dbda5abdd --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch @@ -0,0 +1,37 @@ +From c72025cabdfcb2fe30d24eda7bb9d1d01a1b6555 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:21:44 +0300 +Subject: [PATCH 4/7] wavparse: Check that at least 4 bytes are available + before parsing cue chunks + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c72025cabdfcb2fe30d24eda7bb9d1d01a1b6555] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index 6a0c44638e..5655ee3825 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -789,6 +789,11 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size) + return TRUE; + } + ++ if (size < 4) { ++ GST_WARNING_OBJECT (wav, "broken file %d", size); ++ return FALSE; ++ } ++ + ncues = GST_READ_UINT32_LE (data); + + if (size < 4 + ncues * 24) { +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch new file mode 100644 index 0000000000..bb5b6ff034 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch @@ -0,0 +1,40 @@ +From 93d79c22a82604adc5512557c1238f72f41188c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:22:02 +0300 +Subject: [PATCH 5/7] wavparse: Check that at least 32 bytes are available + before parsing smpl chunks + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-259 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887 + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/93d79c22a82604adc5512557c1238f72f41188c4] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index 5655ee3825..8a04805ed4 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -893,6 +893,9 @@ gst_wavparse_smpl_chunk (GstWavParse * wav, const guint8 * data, guint32 size) + { + guint32 note_number; + ++ if (size < 32) ++ return FALSE; ++ + /* + manufacturer_id = GST_READ_UINT32_LE (data); + product_id = GST_READ_UINT32_LE (data + 4); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch new file mode 100644 index 0000000000..d12ab9b4e1 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch @@ -0,0 +1,47 @@ +From 526d0eef0d850c8f2fa1bf0aef15a836797f1a67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:27:27 +0300 +Subject: [PATCH 6/7] wavparse: Fix clipping of size to the file size + +The size does not include the 8 bytes tag and length, so an additional 8 bytes +must be removed here. 8 bytes are always available at this point because +otherwise the parsing of the tag and length right above would've failed. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-260 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888 + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/526d0eef0d850c8f2fa1bf0aef15a836797f1a67] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index 8a04805ed4..998cbb276d 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -1337,10 +1337,11 @@ gst_wavparse_stream_headers (GstWavParse * wav) + } + + /* Clip to upstream size if known */ +- if (upstream_size > 0 && size + wav->offset > upstream_size) { ++ if (upstream_size > 0 && size + 8 + wav->offset > upstream_size) { + GST_WARNING_OBJECT (wav, "Clipping chunk size to file size"); + g_assert (upstream_size >= wav->offset); +- size = upstream_size - wav->offset; ++ g_assert (upstream_size - wav->offset >= 8); ++ size = upstream_size - wav->offset - 8; + } + + /* wav is a st00pid format, we don't know for sure where data starts. +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch new file mode 100644 index 0000000000..b27132b16d --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch @@ -0,0 +1,41 @@ +From 4f381d15014471b026020d0990a5f5a9f420a22b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Fri, 4 Oct 2024 13:51:00 +0300 +Subject: [PATCH 7/7] wavparse: Check size before reading ds64 chunk + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-261 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889 + +Part-of: + +CVE: CVE-2024-47775 +CVE: CVE-2024-47776 +CVE: CVE-2024-47777 +CVE: CVE-2024-47778 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4f381d15014471b026020d0990a5f5a9f420a22b] +Signed-off-by: Peter Marko +--- + gst/wavparse/gstwavparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c +index 998cbb276d..958868de6d 100644 +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -1087,6 +1087,11 @@ parse_ds64 (GstWavParse * wav, GstBuffer * buf) + guint32 sampleCountLow, sampleCountHigh; + + gst_buffer_map (buf, &map, GST_MAP_READ); ++ if (map.size < 6 * 4) { ++ GST_WARNING_OBJECT (wav, "Too small ds64 chunk (%" G_GSIZE_FORMAT ")", ++ map.size); ++ return FALSE; ++ } + dataSizeLow = GST_READ_UINT32_LE (map.data + 2 * 4); + dataSizeHigh = GST_READ_UINT32_LE (map.data + 3 * 4); + sampleCountLow = GST_READ_UINT32_LE (map.data + 4 * 4); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 247fda7f9c..608c3030ba 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -31,6 +31,13 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0022-jpegdec-Directly-error-out-on-negotiation-failures.patch \ file://0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch \ file://0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch \ + file://0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch \ + file://0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch \ + file://0027-wavparse-Fix-parsing-of-acid-chunk.patch \ + file://0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch \ + file://0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch \ + file://0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch \ + file://0031-wavparse-Check-size-before-reading-ds64-chunk.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Sat Jan 4 13:41:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54982 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3B56E77199 for ; Sat, 4 Jan 2025 13:42:26 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.18137.1735998143172453642 for ; Sat, 04 Jan 2025 05:42:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rYD4huEL; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-216401de828so171988885ad.3 for ; Sat, 04 Jan 2025 05:42:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998142; x=1736602942; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MJRPO82HNUfKmXNYR8vMJHvMGaPrdgIbYNvoqH2zbZY=; b=rYD4huELrHeKN/b9do9PtQAVVp/OkLGSp6sQdHOOCqwM0crAZ9wfFo+mo+XXN9KOQ9 jtapoi4nLlVP0ZT/PpKw4WhNkq6mLixabrBoiZ2zNRYVl1SodYibtq/+AluWkzxg0vwJ 977yxvqBYqyfdfRx7N7l3rF82B8YsP9Nt1CBtq4wUqQ97rRmFWn/osJM2qOYuLOx5IHn BwNfO8M6CGZ+N/TZe6Ivls0TfmpAl5WcvsTtDaqh4k1qOc4rrCqEkvolKyek7uTrfNZ1 bQdys2oW2WsOTK0IMwGp8Q8YOTToivf7V44irfiN5/Y5MJt23B+/X3bGFnbV3y6CqmPh 4hDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998142; x=1736602942; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MJRPO82HNUfKmXNYR8vMJHvMGaPrdgIbYNvoqH2zbZY=; b=nu+UXNQ6BiNeGNp64e7R41XMi6ZwNtaEveevKTT0Au3IKxUngwjQ00aTn8TMfC/f/3 b9AXB/pS4NjLDsdTGlsErsWysDx1Y9B92FM5We4EJ2oCQKJIcR4iW2qrlVl9UxBJCVVn mJkL07TK0l+T1cMG9NmfqtIaqUroj0PrCMkFcMAHCcbsNGBgcI22UR4yyAjQ1A7gpwl3 EilvSeL1hpf1HiJo3dj6wBLvwreQuerEWrDvm6bhpkxtNaEphGXKl6lhKlUOTiEoV4fU p64sqp8ZPqDtfrln1SVu9/s8GqoeP2PYYrN2rCvEMHCJ9DSr7eCMbJrkFRA5JiUbwGkN tKJQ== X-Gm-Message-State: AOJu0YwS6eOKFLK0GdqkP0LrnBRTIyQIWljTGcGQmdXN+D/apoZ+nexP DwRgagJtGeBeCFYhvG21u5eoybRk/4RRFcS5OZ5bXoaNuzhPdNKNvMKZNeqoIu+hLO7pxMnYSot C X-Gm-Gg: ASbGncsmUpE6z2MsOPnjQm3Cp04WtD2deXj5HnPzJTaSG/Y6XN6VUtkKPLy1AjiQ9qK DfvCmZw91nTw0oOnLxZd3S2J2ocMP45j8+rpGZHwyycuSLkX5XZIzFLsX5h81jRJCEDuEYrNQRg WUNywKsJmq2iONDKPQa7LEbjYcTdbv/uV3fOcqBluDyxQFHncuq53nN+KAW0o3laOnCoRhPJtSm UQ+GUU72YevBuOaJK14Cvk8JSITlPtzwToEBt2TtsyxHg== X-Google-Smtp-Source: AGHT+IFpPQc9LL0DwLeULAKEoZUkkYddJ98U/ttnAsdnbcsOCIvdW4i0evz9hta1orfNTfAA/LEMlw== X-Received: by 2002:a05:6a21:2d05:b0:1e1:b883:3c56 with SMTP id adf61e73a8af0-1e5e049f2c6mr80052893637.23.1735998142380; Sat, 04 Jan 2025 05:42:22 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:22 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/25] gstreamer1.0-plugins-base: patch CVE-2024-47835 Date: Sat, 4 Jan 2025 05:41:39 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209384 From: Peter Marko Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...or-NULL-return-of-strchr-when-parsin.patch | 39 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch new file mode 100644 index 0000000000..b778e7053b --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch @@ -0,0 +1,39 @@ +From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Wed, 9 Oct 2024 11:23:47 -0400 +Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC + subtitles + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-263 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892 + +Part-of: + +CVE: CVE-2024-47835 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c40f73b7002967e824ef34a5435282f4a0ea363] +Signed-off-by: Peter Marko +--- + gst/subparse/gstsubparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c +index 8d925524a6..7d286ed318 100644 +--- a/gst/subparse/gstsubparse.c ++++ b/gst/subparse/gstsubparse.c +@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gchar * line) + return NULL; + + start = strchr (line, ']'); ++ // sscanf() does not check for the trailing ] but only up to the last ++ // placeholder, so there might be no ] at the end. ++ if (!start) ++ return NULL; ++ + if (start - line == 9) + milli = 10; + else +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 982389d657..05cb956815 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -18,6 +18,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \ file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \ file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \ + file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Sat Jan 4 13:41:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54980 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9E66E7719A for ; Sat, 4 Jan 2025 13:42:26 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.18138.1735998144529714704 for ; Sat, 04 Jan 2025 05:42:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iGvi/gQL; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-21619108a6bso170872085ad.3 for ; Sat, 04 Jan 2025 05:42:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998144; x=1736602944; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Et22wq0conCYKjEtj1MdWbQX3kkOU50wn6i88q7b/A4=; b=iGvi/gQLWuj54YF8jSX+RqRtBtCtAAu6EHqY7gL3jM9NOBNJzZRy6cV2NJTXqtnESt 9aaK59ULkcHegToqtes8b7TnRuv5FGBMYKkmTgX7wcSgkGH1ONV9wOmG1dXUZM8Qhv9/ RsPgt4UKRcfbPIHuDiCdzDmgrB4KIGKQJfVGfwJTD56+ZcdQS11zg8TkfNsoxjpQdYEQ wi6cswarn5Dc6jH67+wJ3vkYC9J5NBzqZWl3x2vHLs9JKzPBGslBVm3qIq9UrirSzjRx blJmdA7Fs4lgnhqeosgZ09V1ZnNs+1A10kDf9WRuk8YmPgoplNLDf2m/OALXJekQi5xr TNiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998144; x=1736602944; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Et22wq0conCYKjEtj1MdWbQX3kkOU50wn6i88q7b/A4=; b=ckQsB5A3wkabRANsjSnnsoqykjwEOX/MoniVBdnflXbqt9fYzDYbZyZTPowwbMG2a1 GrxmW1qsRXKQ8g/bhMRGa2rxX2zMf1aDduzV/nbATcyJqSeyabyddoiWsO3KUGjvR4Gp 2P20pO5uGBOMbLBpW3wzbaPyou3D1kW4tOjgUSbGWw3oFKoFpUGlVNEfht7l1hHTfJ7Q 5AX1Wzs0qT66ZH5vwhupNZdYPRGJk42uynbWf7aRKa2mfiuhj1HSRICgTbWi+zJHVFNk bywRxP1txySHOQhTJrUmIq3BjqgVMYgaEiwW4EqtuTXOTLrCTwChLl8g4HQLXyQa0UgZ fMCw== X-Gm-Message-State: AOJu0YyPLqQiyp3cAOTZk0TraZ1eZl+dNYdv1zw66k6y2PFRi+D29h/X M9N4+42vdCsJBjcpy9jLKdGO9RqZw65l/QW8TWvkBj6rRXSBZ5vR29cqhzuUENcd/L6xYPEHrst c X-Gm-Gg: ASbGncuyCX5Tf5CKmReo/LfuluVNjECtDPAFLoSucjD9DMu+r/Be/Ra1PB6AIfp/w5K CPbZaXufqeQg+jUUOKBRJq3Vcjm41nbpMPGhdpoNXo16B57FSd5cBc33988pSjH6Bul6wHgiJOl 19yeJthd926UWyiwwHaSPVK3/KzGL58Rf+XMwHTp3b2GU7KiVIq2nZ3xLOG8CsPej4EYRoZj2Ol HjQ9qG+CHDrkDOraeCgMReWyzkeZ0ZzCXdZOWxb299h4w== X-Google-Smtp-Source: AGHT+IH8/vfSyAbe0vkv7DULUEkiVNiiSB3becKxLN6B+nTmrHUMuAozU0qbgiMtxlYQ8bUAcunC6Q== X-Received: by 2002:a05:6a00:4ac5:b0:725:b12e:604c with SMTP id d2e1a72fcca58-72abdd3c467mr71734663b3a.4.1735998143887; Sat, 04 Jan 2025 05:42:23 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 16/25] gstreamer1.0: ignore CVEs fixed in plugins recipes Date: Sat, 4 Jan 2025 05:41:40 -0800 Message-ID: <5c582778954a05f102e292a0516b73b010d289a0.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209385 From: Peter Marko These were fixed in previous commits. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../gstreamer/gstreamer1.0_1.22.12.bb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb index e5a820e1ad..3f28459e2d 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb @@ -74,4 +74,17 @@ CVE_PRODUCT = "gstreamer" CVE_STATUS[CVE-2024-0444] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9" +CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BASE" +CVE_STATUS_PLUGINS_BASE = "CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835" +CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-base" + +CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_GOOD" +CVE_STATUS_PLUGINS_GOOD = " \ + CVE-2024-47537 CVE-2024-47539 CVE-2024-47540 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 \ + CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601 \ + CVE-2024-47602 CVE-2024-47603 CVE-2024-47613 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 \ + CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 \ +" +CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-good" + PTEST_BUILD_HOST_FILES = "" From patchwork Sat Jan 4 13:41:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54981 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3945E77188 for ; Sat, 4 Jan 2025 13:42:26 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.18140.1735998146175690930 for ; Sat, 04 Jan 2025 05:42:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=c14kz3Jr; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2163b0c09afso181326945ad.0 for ; Sat, 04 Jan 2025 05:42:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998145; x=1736602945; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1BuJdH/cwQZej5bRG+xuiDONKJmkjheFt4PkYScPpNs=; b=c14kz3Jr7yXu4PSJhi3k/NyEOv3NEnv1mxWTkBwUhWW54WaluX0mYaLSuHQduRMLsG y+6wHwBqu+KrVovyRuPCUfYmgKJwgNCFxKOH+NydUPhARpaXtXSk3FgGttFQ66tFIBXb +E71SqOH32dVfVoz9Y8OOh+AqBk7A1ValCnMBIwg6JYPc1cG7GcQdj7yL0CjlduU6oiu ssOsMH7+tUE4xdttqLcGVy6WV5kR+lu6DELPv5dBw/1v4rEFN437CO+rcwBK0PLxhh6f ZIzy3WwgJnsGLgoXWHJ5eUq6NpGFzhNOyKR8+fGo7NbSE7bESIJ6ebjyY30oLGBKSie0 JnVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998145; x=1736602945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1BuJdH/cwQZej5bRG+xuiDONKJmkjheFt4PkYScPpNs=; b=crjBtviZ17Ot+z452lTI40/EhtnFYoshXUnKOHSKC9figVLoqxf6EAIcPBm4yfvoQq HmPGQ8ZYkSMkqsJ9Nv0UVksQrJguHCZPEy0DKZMNDVOYlWVd/hGNaCSda5SU64VfuR0h UGuFPQVEbtko5OoM/eDMHa7NTqgOib86GcEgFIFwAKfY9KreKuJ1BVJSUz+ltqO2TIuD tQeHLQjAO+VZeVBePwaJKXSnVifKTU7eXGKzMJv9qTJRLTQFMQvlrZ7SyHBmtkdWLC0w f7QgXcjy7JbVvRY6vVm3boYcvh2Gi/5euB0onvACCN53cjgq/jVX1YVnOBUpzWNpGWxE ztqw== X-Gm-Message-State: AOJu0YwRGHdgByzw32MUWJTf5+ZJ+T+KM/6jEZumS3n4q+l+bv6E8yLh tnShyFlB5XNB5tQrQT+DsBNX/BieEbEX0VAQWmr2mrrG0SUIXPDaSdeTNn2aivzGlkpNyuCbhTV 5 X-Gm-Gg: ASbGnctzemmsb5JQaeHDZsJjXn/uljRir299CCAv+3VOCXYx6SRlPmKj/KOSGtCny4O H2GN4Aw3szvnqJvYZJSA1sX6vSinxdmKEdBUeDGgVf2KVT0WQfw+cETcCfvnxaO9SaiVWfH2sMu OaWB0OhkvYM7zjK7HnMKy1a7ztUpuXYhJKSlKA/XYKEyvsygjxXV+GKLPAUDMXsydSP1J1lzJ1U VekW++E9f2y4wuQv5krOaCfScHhPBuyJVN/F+bcezpOVQ== X-Google-Smtp-Source: AGHT+IEvYlrjqlZRGeW9NywVAAYzXbA4/aZDoQFe8UjX+O5ZuRyEZxl3mahaqRAfQ+fU0nyJzIr8Lg== X-Received: by 2002:a05:6a21:9994:b0:1db:ef68:e505 with SMTP id adf61e73a8af0-1e5e05a9ef2mr88973689637.20.1735998145390; Sat, 04 Jan 2025 05:42:25 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 17/25] libarchive: Fix CVE-2024-20696 Date: Sat, 4 Jan 2025 05:41:41 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209386 From: aszh07 Add Patch file to fix CVE-2024-20696 CVE: CVE-2024-20696 Signed-off-by: Nitin Wankhade Signed-off-by: Nikhil R Signed-off-by: Steve Sakoman --- .../libarchive/CVE-2024-20696.patch | 115 ++++++++++++++++++ .../libarchive/libarchive_3.7.4.bb | 3 +- 2 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch new file mode 100644 index 0000000000..e55d58d37b --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch @@ -0,0 +1,115 @@ +From eac15e252010c1189a5c0f461364dbe2cd2a68b1 Mon Sep 17 00:00:00 2001 +From: "Dustin L. Howett" +Date: Thu, 9 May 2024 18:59:17 -0500 +Subject: [PATCH] rar4 reader: protect copy_from_lzss_window_to_unp() (#2172) + +copy_from_lzss_window_to_unp unnecessarily took an `int` parameter where +both of its callers were holding a `size_t`. + +A lzss opcode chain could be constructed that resulted in a negative +copy length, which when passed into memcpy would result in a very, very +large positive number. + +Switching copy_from_lzss_window_to_unp to take a `size_t` allows it to +properly bounds-check length. + +In addition, this patch also ensures that `length` is not itself larger +than the destination buffer. + +CVE: CVE-2024-20696 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/eac15e252010c1189a5c0f461364dbe2cd2a68b1] + +Signed-off-by: Nitin Wankhade +--- + +--- a/libarchive/archive_read_support_format_rar.c 2024-04-26 14:52:59.000000000 +0530 ++++ b/libarchive/archive_read_support_format_rar.c 2024-12-12 07:35:33.287412704 +0530 +@@ -432,7 +432,7 @@ static int make_table_recurse(struct arc + struct huffman_table_entry *, int, int); + static int expand(struct archive_read *, int64_t *); + static int copy_from_lzss_window_to_unp(struct archive_read *, const void **, +- int64_t, int); ++ int64_t, size_t); + static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *); + static int parse_filter(struct archive_read *, const uint8_t *, uint16_t, + uint8_t); +@@ -2060,7 +2060,7 @@ read_data_compressed(struct archive_read + bs = rar->unp_buffer_size - rar->unp_offset; + else + bs = (size_t)rar->bytes_uncopied; +- ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); ++ ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs); + if (ret != ARCHIVE_OK) + return (ret); + rar->offset += bs; +@@ -2213,7 +2213,7 @@ read_data_compressed(struct archive_read + bs = rar->unp_buffer_size - rar->unp_offset; + else + bs = (size_t)rar->bytes_uncopied; +- ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); ++ ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs); + if (ret != ARCHIVE_OK) + return (ret); + rar->offset += bs; +@@ -3094,11 +3094,16 @@ copy_from_lzss_window(struct archive_rea + + static int + copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, +- int64_t startpos, int length) ++ int64_t startpos, size_t length) + { + int windowoffs, firstpart; + struct rar *rar = (struct rar *)(a->format->data); + ++ if (length > rar->unp_buffer_size) ++ { ++ goto fatal; ++ } ++ + if (!rar->unp_buffer) + { + if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL) +@@ -3110,17 +3115,17 @@ copy_from_lzss_window_to_unp(struct arch + } + + windowoffs = lzss_offset_for_position(&rar->lzss, startpos); +- if(windowoffs + length <= lzss_size(&rar->lzss)) { ++ if(windowoffs + length <= (size_t)lzss_size(&rar->lzss)) { + memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], + length); +- } else if (length <= lzss_size(&rar->lzss)) { ++ } else if (length <= (size_t)lzss_size(&rar->lzss)) { + firstpart = lzss_size(&rar->lzss) - windowoffs; + if (firstpart < 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Bad RAR file data"); + return (ARCHIVE_FATAL); + } +- if (firstpart < length) { ++ if ((size_t)firstpart < length) { + memcpy(&rar->unp_buffer[rar->unp_offset], + &rar->lzss.window[windowoffs], firstpart); + memcpy(&rar->unp_buffer[rar->unp_offset + firstpart], +@@ -3130,9 +3135,7 @@ copy_from_lzss_window_to_unp(struct arch + &rar->lzss.window[windowoffs], length); + } + } else { +- archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, +- "Bad RAR file data"); +- return (ARCHIVE_FATAL); ++ goto fatal; + } + rar->unp_offset += length; + if (rar->unp_offset >= rar->unp_buffer_size) +@@ -3140,6 +3143,11 @@ copy_from_lzss_window_to_unp(struct arch + else + *buffer = NULL; + return (ARCHIVE_OK); ++ ++fatal: ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Bad RAR file data"); ++ return (ARCHIVE_FATAL); + } + + static const void * diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb index 6e406611f9..80b2e49eac 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb @@ -33,7 +33,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" SRC_URI += "file://configurehack.patch \ file://CVE-2024-48957.patch \ file://CVE-2024-48958.patch \ - " + file://CVE-2024-20696.patch \ + " UPSTREAM_CHECK_URI = "http://libarchive.org/" SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8" From patchwork Sat Jan 4 13:41:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54987 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1E18C3DA4A for ; Sat, 4 Jan 2025 13:42:36 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web11.18154.1735998148022941464 for ; Sat, 04 Jan 2025 05:42:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QFz1ERxK; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-216401de828so171989185ad.3 for ; Sat, 04 Jan 2025 05:42:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998147; x=1736602947; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vFlbvLUE7U2vTwH/4g+UevcDUA92daEt7cAYo7s+Qx0=; b=QFz1ERxK+0qFV+ok1wHAdkPymTGe9+q8LNxWUItsi5TLVRHLIUKrDTBmjFMB/fsPTr 0bRGVcuE5IlO5t2umzMvDqpLJsQxdTcAeHLae++yQ5vu2T9DlFHY5BRSPnnV2CWKCNAF i7SnVTEnU836kRwlhXVMYDHxH86iE40ircri4O41RbTn3fhMF9bLOP6xq6Z+IaP73A5w iBA2ugo5BXLd5L0F2yhHE580HimjJjdPDPzfQ7y+adCT90XGVxdPIPXmzbN1CSFWEA7s OR1ayb9c2HTWfa/8PMBueVZTPQ3gomSPqkGsIygQnnRGM2VsHJ2XnFQ9W6QA9Bfg9rem kqUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998147; x=1736602947; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vFlbvLUE7U2vTwH/4g+UevcDUA92daEt7cAYo7s+Qx0=; b=Ap65SdsoJ7BffCsTLzetrmND5KFq4GXeogX83tXK2dVGLxWWCqphtNq/QoGokMe0wM Vhz2eItA9Wc2EWwlaJne3NGjFGkaK6fbgwg4I7wTEIfKZWhhHZdzdAY/7TxOZvLbvgyM bq9bLeKzBmdkw17UFM9pmfu9BJQkAvwSy5KEBmDB/j5tQeq6bU1ybrvpTlF1uy5/BXLB Ua8q7oXcAYnjD1c4NBJ6Vat7VkqzG+N74QCQJfCyDXsxl6UmwoAFUNy9oSd0oW/i2vDh yrGNnj6x49Ph+s7EVprb1TZwC079MF/I/QWnmyMeOwXpf1vYcC14vEAMBJUjAgf4dSV7 sJ6Q== X-Gm-Message-State: AOJu0Yx2rA/Ky8D14eOHd9jwps/qEWyBZ7YmFbBMQTMJlF/E8LePHiPm oo7YfKGg9R9s/Z4JIisZGsEc1d2sm1H6qsQl9iQZ0K99Z3fyQDo6qxo9g/lrn9ljEIR0cV5wsU3 V X-Gm-Gg: ASbGnct/SKowdrbBu5B0N6WoWlnamXBpeCfC8A+Rjtj3PN4NxmNlCgsRbKZRAK4fEUN vS/WCsQPFAUMVlnZd80Gno++VBCgT33ZT8rQv0WRuw0jH024dXFredKYRfKoS4gqoVOGupLQPLB Ij/997wfJJhHA1SzSIwP9G8xkNMoBgfLUHKJRBXBFLLabF9jUPOuKOAWMiBRE7Ao4J2GKbqyNVp HjO6wVYR65MC0sjJRo08puPqhuvjcDIR0agF/GvtBbRQA== X-Google-Smtp-Source: AGHT+IGZ5IJxC26gOpw1c7id5PBI62uTKJmk88z3Gr7rpMElAgQgKyhcb2wigItI6jyATlx72RsofQ== X-Received: by 2002:a05:6a00:ac3:b0:726:f7c9:7b1e with SMTP id d2e1a72fcca58-72abddcadd6mr73135739b3a.13.1735998146845; Sat, 04 Jan 2025 05:42:26 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:26 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 18/25] python3: upgrade 3.12.6 -> 3.12.7 Date: Sat, 4 Jan 2025 05:41:42 -0800 Message-ID: <197048667f69ed559baf54831eb7b1606320f3e8.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209387 From: Guðni Már Gilbert Changelog: https://docs.python.org/release/3.12.7/whatsnew/changelog.html#python-3-12-7 Signed-off-by: Guðni Már Gilbert Signed-off-by: Steve Sakoman --- ...void-shebang-overflow-on-python-config.py.patch | 6 +++--- ...handle-stdin-I-O-errors-same-way-as-maste.patch | 3 +-- ...ig.py-use-prefix-value-from-build-configu.patch | 3 +-- ...e-use-qemu-wrapper-when-gathering-profile.patch | 6 +++--- ...ng-tests-due-to-load-variability-on-YP-AB.patch | 8 ++++---- ...ate-test_sysconfig-for-posix_user-purelib.patch | 7 +++---- ...arfile-treat-overflow-in-UID-GID-as-failu.patch | 9 +++------ ...-cc_basename-to-replace-CC-for-checking-c.patch | 14 +++++++------- ...tdout_fileno-test-due-to-load-variability.patch | 6 +++--- ...config.py-use-platlibdir-also-for-purelib.patch | 3 +-- ...est_active_children-skip-problematic-test.patch | 9 +++------ ...t_ctypes.test_find-skip-without-tools-sdk.patch | 5 ++--- .../0001-test_deadlock-skip-problematic-test.patch | 9 +++------ ..._locale.py-correct-the-test-output-format.patch | 7 +++---- ...1-test_readline-skip-limited-history-test.patch | 14 +++++++------- .../0001-test_shutdown-skip-problematic-test.patch | 11 ++++------- ...st_storlines-skip-due-to-load-variability.patch | 5 ++--- ...c-setup.py-do-not-add-a-curses-include-pa.patch | 6 +++--- meta/recipes-devtools/python/python3/cgi_py.patch | 3 +-- .../python/python3/crosspythonpath.patch | 5 ++--- .../python/python3/deterministic_imports.patch | 5 ++--- .../recipes-devtools/python/python3/makerace.patch | 6 +++--- .../{python3_3.12.6.bb => python3_3.12.7.bb} | 2 +- 23 files changed, 65 insertions(+), 87 deletions(-) rename meta/recipes-devtools/python/{python3_3.12.6.bb => python3_3.12.7.bb} (99%) diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch index 0d807db39f..4110774193 100644 --- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch +++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch @@ -1,4 +1,4 @@ -From 365399f17d35719d828ddd49182dcb401fb7791c Mon Sep 17 00:00:00 2001 +From 733b46f11d311290e37fcb30f08c47660b888d22 Mon Sep 17 00:00:00 2001 From: Paulo Neves Date: Tue, 7 Jun 2022 16:16:41 +0200 Subject: [PATCH] Avoid shebang overflow on python-config.py @@ -16,10 +16,10 @@ Upstream-Status: Denied [distribution] 1 file changed, 2 insertions(+) diff --git a/Makefile.pre.in b/Makefile.pre.in -index 77bf09a..6353c57 100644 +index b1c5413..e88f301 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -2339,6 +2339,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh +@@ -2349,6 +2349,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh @ # Substitution happens here, as the completely-expanded BINDIR @ # is not available in configure sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py diff --git a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch index 026150f0e2..0ae6283840 100644 --- a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch +++ b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch @@ -1,4 +1,4 @@ -From f8a664cf1fc73e381d57d6927207286059744837 Mon Sep 17 00:00:00 2001 +From c6ba19a4cfdb0a5b137b91ef761f654b70776a47 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Thu, 16 Sep 2021 16:35:37 +0200 Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O @@ -24,7 +24,6 @@ So let's treat both channels the same. Upstream-Status: Submitted [https://github.com/python/cpython/pull/28388] Signed-off-by: Alexander Kanavin - --- Lib/pty.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch index 680254fab9..981531139a 100644 --- a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch +++ b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch @@ -1,4 +1,4 @@ -From 71c194077bb907bfe423d3f3275f33a6c8ca0e74 Mon Sep 17 00:00:00 2001 +From d325a4e1fde5bd817c88f37d5e7b6e93a3bad077 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 17 Nov 2023 14:26:32 +0100 Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration @@ -9,7 +9,6 @@ native python. Upstream-Status: Inappropriate [oe-core cross builds] Signed-off-by: Alexander Kanavin - --- Lib/sysconfig.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch index ee33128fa1..881986d322 100644 --- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch +++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch @@ -1,4 +1,4 @@ -From 38278339832a57dbf5fa3ef21accaa03e2c814d7 Mon Sep 17 00:00:00 2001 +From a727a950023b9384955c912f4975d36a8d7913b4 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 30 Jan 2019 12:41:04 +0100 Subject: [PATCH] Makefile.pre: use qemu wrapper when gathering profile data @@ -10,10 +10,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index dd5e69f..381feb0 100644 +index 0e64ccc..23e20e9 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -658,8 +658,7 @@ profile-run-stamp: +@@ -660,8 +660,7 @@ profile-run-stamp: # enabled. $(MAKE) profile-gen-stamp # Next, run the profile task to generate the profile information. diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch index 197daa71a5..22c42e37ab 100644 --- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch +++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch @@ -1,4 +1,4 @@ -From 3471e3478e0760c42e04f8046cee2367ab5706d2 Mon Sep 17 00:00:00 2001 +From 6b0088a3d222b7fe5304f6bc0d6b15d3c41e68f3 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu Date: Thu, 1 Apr 2021 13:08:37 -0700 Subject: [PATCH] Skip failing tests due to load variability on YP AB @@ -23,7 +23,7 @@ Signed-off-by: Trevor Gamblin 2 files changed, 5 insertions(+) diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py -index e42c7ab..dff5227 100644 +index aac74ea..3470bc5 100644 --- a/Lib/test/_test_multiprocessing.py +++ b/Lib/test/_test_multiprocessing.py @@ -682,6 +682,7 @@ class _TestProcess(BaseTestCase): @@ -34,7 +34,7 @@ index e42c7ab..dff5227 100644 def test_many_processes(self): if self.TYPE == 'threads': self.skipTest('test not appropriate for {}'.format(self.TYPE)) -@@ -2066,6 +2067,7 @@ class _TestBarrier(BaseTestCase): +@@ -2083,6 +2084,7 @@ class _TestBarrier(BaseTestCase): except threading.BrokenBarrierError: results.append(True) @@ -42,7 +42,7 @@ index e42c7ab..dff5227 100644 def test_timeout(self): """ Test wait(timeout) -@@ -5024,6 +5026,7 @@ class TestWait(unittest.TestCase): +@@ -5080,6 +5082,7 @@ class TestWait(unittest.TestCase): time.sleep(period) @support.requires_resource('walltime') diff --git a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch index b6c6ac5a28..9a2634ac9b 100644 --- a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch +++ b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch @@ -1,4 +1,4 @@ -From 37d058e841ba3bd89b5746cc5381afb014b11581 Mon Sep 17 00:00:00 2001 +From f0b18f1b3b3d5b40d65e08a184f4e3463745b891 Mon Sep 17 00:00:00 2001 From: Wentao Zhang Date: Mon, 20 Mar 2023 13:39:52 +0800 Subject: [PATCH] Update test_sysconfig for posix_user purelib @@ -17,16 +17,15 @@ Update test_sysconfig.test_user_similar() for the posix_user scheme: Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Wentao Zhang - --- Lib/test/test_sysconfig.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py -index b6dbf3d..5672590 100644 +index 1137c20..f5c8980 100644 --- a/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py -@@ -372,7 +372,7 @@ class TestSysConfig(unittest.TestCase): +@@ -381,7 +381,7 @@ class TestSysConfig(unittest.TestCase): expected = os.path.normpath(global_path.replace(base, user, 1)) # bpo-44860: platlib of posix_user doesn't use sys.platlibdir, # whereas posix_prefix does. diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch index 88b84c6024..b4de257d1e 100644 --- a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch +++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch @@ -1,4 +1,4 @@ -From 999d4e74d34afa233ad8ad0c70b989d77a21957f Mon Sep 17 00:00:00 2001 +From 73960393a559d0de5edf07b022d182cac54df9dc Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 23 Aug 2023 20:00:07 +0200 Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to @@ -13,10 +13,10 @@ Signed-off-by: Khem Raj create mode 100644 Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index 3bbbcaa..473167d 100755 +index 0a0f31e..4dfb67d 100755 --- a/Lib/tarfile.py +++ b/Lib/tarfile.py -@@ -2557,7 +2557,8 @@ class TarFile(object): +@@ -2590,7 +2590,8 @@ class TarFile(object): os.lchown(targetpath, u, g) else: os.chown(targetpath, u, g) @@ -35,6 +35,3 @@ index 0000000..ffca413 +:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on +an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to +set the ID. --- -2.45.0 - diff --git a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch index bbeabe4389..7997811228 100644 --- a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch +++ b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch @@ -1,4 +1,4 @@ -From ababc7b1db8c406910766e11cdd04cbef7a706c9 Mon Sep 17 00:00:00 2001 +From f834492007487e9e87b3d3f1f3c5cc440e6ec5e2 Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Mon, 22 Oct 2018 15:19:51 +0800 Subject: [PATCH] python3: use cc_basename to replace CC for checking compiler @@ -26,7 +26,7 @@ Signed-off-by: Changqing Li 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac -index 384718d..5a1d58b 100644 +index d0d5405..093f8b5 100644 --- a/configure.ac +++ b/configure.ac @@ -137,6 +137,7 @@ AC_CONFIG_HEADERS([pyconfig.h]) @@ -73,7 +73,7 @@ index 384718d..5a1d58b 100644 *clang*) # Any changes made here should be reflected in the GCC+Darwin case below PGO_PROF_GEN_FLAG="-fprofile-instr-generate" -@@ -2147,7 +2148,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS]) +@@ -2155,7 +2156,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS]) # compiler and platform. BASECFLAGS tweaks need to be made even if the # user set OPT. @@ -82,7 +82,7 @@ index 384718d..5a1d58b 100644 *clang*) cc_is_clang=1 ;; -@@ -2419,7 +2420,7 @@ yes) +@@ -2427,7 +2428,7 @@ yes) # ICC doesn't recognize the option, but only emits a warning ## XXX does it emit an unused result warning and can it be disabled? @@ -91,7 +91,7 @@ index 384718d..5a1d58b 100644 [*icc*], [ac_cv_disable_unused_result_warning=no] [PY_CHECK_CC_WARNING([disable], [unused-result])]) AS_VAR_IF([ac_cv_disable_unused_result_warning], [yes], -@@ -2665,7 +2666,7 @@ yes) +@@ -2673,7 +2674,7 @@ yes) ;; esac @@ -100,7 +100,7 @@ index 384718d..5a1d58b 100644 *mpicc*) CFLAGS_NODIST="$CFLAGS_NODIST" ;; -@@ -3482,7 +3483,7 @@ then +@@ -3508,7 +3509,7 @@ then then LINKFORSHARED="-Wl,--export-dynamic" fi;; @@ -109,7 +109,7 @@ index 384718d..5a1d58b 100644 *gcc*) if $CC -Xlinker --help 2>&1 | grep export-dynamic >/dev/null then -@@ -6803,7 +6804,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then +@@ -6831,7 +6832,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then # Some versions of gcc miscompile inline asm: # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46491 # http://gcc.gnu.org/ml/gcc/2010-11/msg00366.html diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch index 2d7bca6a77..94f7744c09 100644 --- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch +++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch @@ -1,4 +1,4 @@ -From 217cea231462e7703e8c9ea39c0a6833f799a420 Mon Sep 17 00:00:00 2001 +From 642205e1f728873b16debc24c2938339d31be6a9 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Fri, 15 Sep 2023 08:48:33 -0400 Subject: [PATCH] skip no_stdout_fileno test due to load variability @@ -16,10 +16,10 @@ Signed-off-by: Trevor Gamblin 1 file changed, 1 insertion(+) diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py -index 4d03c46..b329b7a 100644 +index c71c568..e41ab5e 100644 --- a/Lib/test/test_builtin.py +++ b/Lib/test/test_builtin.py -@@ -2326,6 +2326,7 @@ class PtyTests(unittest.TestCase): +@@ -2352,6 +2352,7 @@ class PtyTests(unittest.TestCase): # Check stdin/stdout error handler is used when invoking PyOS_Readline() self.check_input_tty("prompté", b"quux\xe9", "ascii") diff --git a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch index fc52fdac26..3e8e9648c6 100644 --- a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch +++ b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch @@ -1,4 +1,4 @@ -From a5d429a0e1a4809c1ded7be7e45dcabeb82c53d8 Mon Sep 17 00:00:00 2001 +From fac0f14fd34386e47bab71c0043ea55b507ae39c Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Sun, 12 Sep 2021 21:44:36 +0200 Subject: [PATCH] sysconfig.py: use platlibdir also for purelib @@ -8,7 +8,6 @@ is not correct. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin - --- Lib/sysconfig.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch index 6ebbaf10e0..a27024c42f 100644 --- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch @@ -1,4 +1,4 @@ -From bf3eb28bba24509a3e1cd40f1f0e26db833779a2 Mon Sep 17 00:00:00 2001 +From 7f75355e27ee7f25391523294e4c6653edf554f8 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Thu, 13 Jun 2024 10:54:31 -0400 Subject: [PATCH] test_active_children: skip problematic test @@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin 1 file changed, 1 insertion(+) diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py -index 3955123455..a1861fa3a0 100644 +index 3470bc5..0e42ac1 100644 --- a/Lib/test/_test_multiprocessing.py +++ b/Lib/test/_test_multiprocessing.py -@@ -579,6 +579,7 @@ def test_cpu_count(self): +@@ -579,6 +579,7 @@ class _TestProcess(BaseTestCase): self.assertTrue(type(cpus) is int) self.assertTrue(cpus >= 1) @@ -25,6 +25,3 @@ index 3955123455..a1861fa3a0 100644 def test_active_children(self): self.assertEqual(type(self.active_children()), list) --- -2.45.2 - diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch index b4fe946cba..6bf514fca8 100644 --- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch +++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch @@ -1,4 +1,4 @@ -From b64c131a576a4b4f821514e711ab91b1394fb4ff Mon Sep 17 00:00:00 2001 +From 174ef9a40c9f4373fd90b00425fd94a89f96dbf9 Mon Sep 17 00:00:00 2001 From: Tim Orling Date: Fri, 18 Jun 2021 11:56:50 -0700 Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk @@ -10,13 +10,12 @@ easiest way to dynamically check for that is looking for Upstream-Status: Inappropriate [oe-specific] Signed-off-by: Tim Orling - --- Lib/test/test_ctypes/test_find.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Lib/test/test_ctypes/test_find.py b/Lib/test/test_ctypes/test_find.py -index 1ff9d01..59def26 100644 +index a41e949..eb5fe19 100644 --- a/Lib/test/test_ctypes/test_find.py +++ b/Lib/test/test_ctypes/test_find.py @@ -113,10 +113,12 @@ class FindLibraryLinux(unittest.TestCase): diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch index f0a7cfd39b..d8ca7f9b79 100644 --- a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch @@ -1,4 +1,4 @@ -From d7e3f26e7094fbe20e2271d75f18ac3b23a67f58 Mon Sep 17 00:00:00 2001 +From 621ba76ef956708cdaf4fd5bc0e25aa59d427c5b Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Wed, 12 Jun 2024 10:29:03 -0400 Subject: [PATCH] test_deadlock: skip problematic test @@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin 1 file changed, 1 insertion(+) diff --git a/Lib/test/test_concurrent_futures/test_deadlock.py b/Lib/test/test_concurrent_futures/test_deadlock.py -index 1db4cd0099..fd07895a17 100644 +index e8cd8f6..021906b 100644 --- a/Lib/test/test_concurrent_futures/test_deadlock.py +++ b/Lib/test/test_concurrent_futures/test_deadlock.py -@@ -90,6 +90,7 @@ def __reduce__(self): +@@ -90,6 +90,7 @@ class ErrorAtUnpickle(object): return _raise_error_ignore_stderr, (UnpicklingError, ) @@ -25,6 +25,3 @@ index 1db4cd0099..fd07895a17 100644 class ExecutorDeadlockTest: TIMEOUT = support.LONG_TIMEOUT --- -2.45.2 - diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch index 410a9fc7f1..d0f4dc14bc 100644 --- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch +++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch @@ -1,4 +1,4 @@ -From ef5728f0af14da5c9f80b0f038fe5bf6d44cb0e9 Mon Sep 17 00:00:00 2001 +From d74e5f24b574fa4d571a64e647c916a7ebe26b3e Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Mon, 5 Aug 2019 15:57:39 +0800 Subject: [PATCH] test_locale.py: correct the test output format @@ -26,16 +26,15 @@ Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132] Rebased for 3.9.4, still not accepted upstream Signed-off-by: Alejandro Hernandez Signed-off-by: Mingli Yu - --- Lib/test/test_locale.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py -index b0d7998..cb12153 100644 +index cde80a4..e8ffd71 100644 --- a/Lib/test/test_locale.py +++ b/Lib/test/test_locale.py -@@ -557,7 +557,7 @@ class TestMiscellaneous(unittest.TestCase): +@@ -561,7 +561,7 @@ class TestMiscellaneous(unittest.TestCase): self.skipTest('test needs Turkish locale') loc = locale.getlocale(locale.LC_CTYPE) if verbose: diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch index e8d297c721..f4efd1ecff 100644 --- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch @@ -1,4 +1,4 @@ -From d9d916d5ea946c945323679d1709de1b87029b96 Mon Sep 17 00:00:00 2001 +From bc5c70dc2a2fcfe51481de0ad800baa849592222 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Tue, 13 Aug 2024 11:07:05 -0400 Subject: [PATCH] test_readline: skip limited history test @@ -16,11 +16,11 @@ Signed-off-by: Trevor Gamblin Lib/test/test_readline.py | 2 ++ 1 file changed, 2 insertions(+) -Index: Python-3.12.6/Lib/test/test_readline.py -=================================================================== ---- Python-3.12.6.orig/Lib/test/test_readline.py -+++ Python-3.12.6/Lib/test/test_readline.py -@@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest. +diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py +index fab124a..291dd48 100644 +--- a/Lib/test/test_readline.py ++++ b/Lib/test/test_readline.py +@@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest.TestCase): self.assertEqual(readline.get_history_item(1), "entrée 1") self.assertEqual(readline.get_history_item(2), "entrée 22") @@ -28,7 +28,7 @@ Index: Python-3.12.6/Lib/test/test_readline.py def test_write_read_limited_history(self): previous_length = readline.get_history_length() self.addCleanup(readline.set_history_length, previous_length) -@@ -371,6 +372,7 @@ readline.write_history_file(history_file +@@ -371,6 +372,7 @@ readline.write_history_file(history_file) self.assertIn(b"done", output) diff --git a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch index 1d4cda18b1..e8d70cdc1b 100644 --- a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch @@ -1,4 +1,4 @@ -From 9d4cdbde100798ba9fa1cf3f82dbaf18fd10a543 Mon Sep 17 00:00:00 2001 +From b637ac8f58d17bc8888b2027a572c87531a4539d Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Wed, 8 May 2024 11:58:09 -0400 Subject: [PATCH] test_shutdown: skip problematic test @@ -14,7 +14,7 @@ Signed-off-by: Trevor Gamblin 1 file changed, 3 insertions(+) diff --git a/Lib/test/test_concurrent_futures/test_shutdown.py b/Lib/test/test_concurrent_futures/test_shutdown.py -index 7a4065afd4..6b878a48bf 100644 +index 7a4065a..6b878a4 100644 --- a/Lib/test/test_concurrent_futures/test_shutdown.py +++ b/Lib/test/test_concurrent_futures/test_shutdown.py @@ -20,6 +20,7 @@ def sleep_and_print(t, msg): @@ -25,7 +25,7 @@ index 7a4065afd4..6b878a48bf 100644 class ExecutorShutdownTest: def test_run_after_shutdown(self): self.executor.shutdown() -@@ -156,6 +157,7 @@ def timeout(_signum, _frame): +@@ -156,6 +157,7 @@ class ExecutorShutdownTest: signal.signal(signal.SIGALRM, old_handler) @@ -33,7 +33,7 @@ index 7a4065afd4..6b878a48bf 100644 class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase): def test_threads_terminate(self): def acquire_lock(lock): -@@ -252,6 +254,7 @@ def test_cancel_futures_wait_false(self): +@@ -252,6 +254,7 @@ class ThreadPoolShutdownTest(ThreadPoolMixin, ExecutorShutdownTest, BaseTestCase self.assertIn(out.strip(), [b"apple", b""]) @@ -41,6 +41,3 @@ index 7a4065afd4..6b878a48bf 100644 class ProcessPoolShutdownTest(ExecutorShutdownTest): def test_processes_terminate(self): def acquire_lock(lock): --- -2.45.0 - diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch index 0d0eb08459..a4c9abd8b9 100644 --- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch +++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch @@ -1,4 +1,4 @@ -From dc69a1afdb3ba619705ff71e14f19ed3142e422f Mon Sep 17 00:00:00 2001 +From 1a1e5c30021a200b2dc853690dbf1edfba9ca262 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Fri, 6 Oct 2023 10:59:44 -0400 Subject: [PATCH] test_storlines: skip due to load variability @@ -11,13 +11,12 @@ Upstream-Status: Inappropriate [OE-Specific] [YOCTO #14933] Signed-off-by: Trevor Gamblin - --- Lib/test/test_ftplib.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py -index 2f191ea..dc29346 100644 +index 4c4a449..b8c79a4 100644 --- a/Lib/test/test_ftplib.py +++ b/Lib/test/test_ftplib.py @@ -626,6 +626,7 @@ class TestFTPClass(TestCase): diff --git a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch index 0661249bfd..5c5603c956 100644 --- a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch +++ b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch @@ -1,4 +1,4 @@ -From d0205c60d08f51d84bd8ddc07a57e8c71710fdad Mon Sep 17 00:00:00 2001 +From 8543ad744a2839acf1f4eec967acd645fd89d1a7 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 17 Nov 2023 14:16:40 +0100 Subject: [PATCH] configure.ac: do not add a curses include path from the host @@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac -index c49cd4f..affdedf 100644 +index cdc54e5..d163c73 100644 --- a/configure.ac +++ b/configure.ac -@@ -6508,12 +6508,6 @@ AS_VAR_IF([have_panel], [no], [ +@@ -6536,12 +6536,6 @@ AS_VAR_IF([have_panel], [no], [ AC_MSG_RESULT([$have_panel (CFLAGS: $PANEL_CFLAGS, LIBS: $PANEL_LIBS)]) ]) diff --git a/meta/recipes-devtools/python/python3/cgi_py.patch b/meta/recipes-devtools/python/python3/cgi_py.patch index 8262c88e73..b1f2b71c2a 100644 --- a/meta/recipes-devtools/python/python3/cgi_py.patch +++ b/meta/recipes-devtools/python/python3/cgi_py.patch @@ -1,4 +1,4 @@ -From a56778372fe8dc7c42f5ffd911d89498c22dd064 Mon Sep 17 00:00:00 2001 +From 8e6dc9fe684b27988b5aca3f760f02343aa95951 Mon Sep 17 00:00:00 2001 From: Mark Hatle Date: Wed, 21 Sep 2011 20:55:33 -0500 Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment @@ -6,7 +6,6 @@ Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment Upstream-Status: Inappropriate [distribution] Signed-off-by: Mark Hatle - --- Lib/cgi.py | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/meta/recipes-devtools/python/python3/crosspythonpath.patch b/meta/recipes-devtools/python/python3/crosspythonpath.patch index 2c4aef0511..91ef3fe674 100644 --- a/meta/recipes-devtools/python/python3/crosspythonpath.patch +++ b/meta/recipes-devtools/python/python3/crosspythonpath.patch @@ -1,4 +1,4 @@ -From 5b66463c10fec1440e977d5a21a0167862d6d79c Mon Sep 17 00:00:00 2001 +From 1bc93167c48876d77ce424415e87573a062b8f2a Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda Date: Tue, 18 Nov 2014 03:35:33 -0500 Subject: [PATCH] configure.ac: add CROSSPYTHONPATH into PYTHONPATH for @@ -14,13 +14,12 @@ Upstream-Status: Inappropriate [OE-Core integration specific] Credits-to: Mark Hatle Credits-to: Jackie Huang Signed-off-by: Ricardo Ribalda - --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index cb9e198..d81c19a 100644 +index 093f8b5..cdc54e5 100644 --- a/configure.ac +++ b/configure.ac @@ -165,7 +165,7 @@ AC_ARG_WITH([build-python], diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch index 2de6ae2e98..9ae4af36ec 100644 --- a/meta/recipes-devtools/python/python3/deterministic_imports.patch +++ b/meta/recipes-devtools/python/python3/deterministic_imports.patch @@ -1,4 +1,4 @@ -From 039d5e652796b55f1132afa568c7432b6ed89afd Mon Sep 17 00:00:00 2001 +From 38e732371ac234c3f0e6310d6dbc7ddc7f458535 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 27 May 2022 17:05:44 +0100 Subject: [PATCH] python3: Ensure stale empty python module directories don't @@ -13,13 +13,12 @@ As a result, patch this to a behaviour which works for us. Upstream-Status: Submitted [https://github.com/python/cpython/issues/120492; need to first talk to upstream to see if they'll take one or both fixes] Signed-off-by: Richard Purdie - --- Lib/importlib/metadata/__init__.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Lib/importlib/metadata/__init__.py b/Lib/importlib/metadata/__init__.py -index 82e0ce1..969cac4 100644 +index e6ca178..ac5a75b 100644 --- a/Lib/importlib/metadata/__init__.py +++ b/Lib/importlib/metadata/__init__.py @@ -710,7 +710,14 @@ class Lookup: diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch index c1b20703e6..e9494b555d 100644 --- a/meta/recipes-devtools/python/python3/makerace.patch +++ b/meta/recipes-devtools/python/python3/makerace.patch @@ -1,4 +1,4 @@ -From 9f827c29adbe656af3c8fc963fdd8f47aec0c442 Mon Sep 17 00:00:00 2001 +From 08c7867a02d26aac41764b915dc925343305e7af Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 13 Jul 2021 23:19:29 +0100 Subject: [PATCH] python3: Fix make race @@ -17,10 +17,10 @@ Signed-off-by: Richard Purdie 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index 381feb0..77bf09a 100644 +index 23e20e9..b1c5413 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -2250,7 +2250,7 @@ COMPILEALL_OPTS=-j0 +@@ -2260,7 +2260,7 @@ COMPILEALL_OPTS=-j0 TEST_MODULES=@TEST_MODULES@ .PHONY: libinstall diff --git a/meta/recipes-devtools/python/python3_3.12.6.bb b/meta/recipes-devtools/python/python3_3.12.7.bb similarity index 99% rename from meta/recipes-devtools/python/python3_3.12.6.bb rename to meta/recipes-devtools/python/python3_3.12.7.bb index 63a3134b36..e2fdc18112 100644 --- a/meta/recipes-devtools/python/python3_3.12.6.bb +++ b/meta/recipes-devtools/python/python3_3.12.7.bb @@ -40,7 +40,7 @@ SRC_URI:append:class-native = " \ file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ " -SRC_URI[sha256sum] = "1999658298cf2fb837dffed8ff3c033ef0c98ef20cf73c5d5f66bed5ab89697c" +SRC_URI[sha256sum] = "24887b92e2afd4a2ac602419ad4b596372f67ac9b077190f459aba390faf5550" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Sat Jan 4 13:41:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54990 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F111DE7719B for ; Sat, 4 Jan 2025 13:42:36 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.18156.1735998149891006967 for ; Sat, 04 Jan 2025 05:42:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=MBL6bs9+; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-21644aca3a0so111015125ad.3 for ; Sat, 04 Jan 2025 05:42:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998149; x=1736602949; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=V1hmniDOhHcfWjgSzPOke07gDCnjchtBJrnA8AIBqfA=; b=MBL6bs9+H02Je3cJiftKOq9odAclxjYLaQea0OJXt3Gga8fP7M4DPl3V6D0JoIiIvs nsBmp8Vsu3K+sC4F58uHJyDTae0uwq1ghmkah2u6wMUIIUB9Q+9JkQqmBkezLWktWcxA yaD6CYl+kPvCM0VcAf0Jim5CvJjKFlEzJAB+bj5X5yGTCpYIw41jaIsQl7KGoIFScIzz ESGN20rR25rdFPR8wyh2okeH8NtckxzEKhHar1xH8H4G/BXkQdwdnHXYT0H7eJYwYfoG 9hTvx1KytL84LE8QEYE6gKuwdR5WWTQAroC3/qVPhKlh94cZaIxx6UbFFMmbFXjBJ48i 5DVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998149; x=1736602949; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V1hmniDOhHcfWjgSzPOke07gDCnjchtBJrnA8AIBqfA=; b=a7qLWLqwnGSLiCBhpO3RJ1010uscBVxoZGCkrHQaMZYg7ZElSTz1NnG0v2GS52JLxM zUjPO5/10Och4JrIoviuG5fX632VmA0uT/D9aRpKUmkjhoaXxEFNGBBSXlF3NGxab/1K /R2sQHCYcb5+UME+16eOhf6C6AkdvcGno5g/PzQSvB0e4w13HJfCBr90SmVJPe46/X+b PehX+WLBhEjjdD1m9zBp7nssf7Kt5KaL1nd/mAVN72N3zzQmYBcAdfkt+IkLgdwWvocQ GNO5MKBBsCnmcMxqxRTSVxGWL0My7Zl2i2UN72xinbSqfXH3dz0aet1OwDJ5EFr0J6kx gPiQ== X-Gm-Message-State: AOJu0YxPJbL7Xgym0oNmSdqxmpJDb3C87LzquKWBh06BzSAYd8dVukyt FGj+uSuLbeo9O6lSEZOIOIwf0GjV5UhTrnxRKgDej42qG+yToDc0LvkXtlAh4aLaFs09FsuKZE/ I X-Gm-Gg: ASbGncuEXbF3NtjaPzY3vmetDkSckV5kWG5QKlIEM7PjhYCQ4xZ6+T4Xh2skpKLKcgd p5Y0Kr3US4irloIGBn8Acele75lFIsTyixP2Ewz+bPQV3lE5CUcFEbfT2pitYCBnx4j8WFSnQ78 QZXDsVtrZqAvFtwEw590cJshSoEP25ruqyi8PHakKspkzIWOOqMo6Z9DCu2AM8OIAxQF5OWp407 0dFTlex2NPqvmB0WfKhn2xi7atQpxDdpmVha2a5Nw6WpQ== X-Google-Smtp-Source: AGHT+IEfTqDFVIvI52/fkZP0548nJa9L/34xb3HF3JLPjhOlHFlcqLzNRuoDG5r54pUC3aR31pN4CA== X-Received: by 2002:a05:6a20:4308:b0:1e0:c8d9:3382 with SMTP id adf61e73a8af0-1e5e0847084mr83615736637.45.1735998148938; Sat, 04 Jan 2025 05:42:28 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:28 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 19/25] python3: upgrade 3.12.7 -> 3.12.8 Date: Sat, 4 Jan 2025 05:41:43 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209388 From: Guðni Már Gilbert Changelog: https://docs.python.org/release/3.12.8/whatsnew/changelog.html#python-3-12-8 Signed-off-by: Guðni Már Gilbert Signed-off-by: Steve Sakoman --- ...shebang-overflow-on-python-config.py.patch | 6 +++--- ...e-stdin-I-O-errors-same-way-as-maste.patch | 2 +- ...-use-prefix-value-from-build-configu.patch | 4 ++-- ...-qemu-wrapper-when-gathering-profile.patch | 4 ++-- ...sts-due-to-load-variability-on-YP-AB.patch | 16 +++++++-------- ...est_sysconfig-for-posix_user-purelib.patch | 6 +++--- ...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +- ...asename-to-replace-CC-for-checking-c.patch | 20 +++++++++---------- ..._fileno-test-due-to-load-variability.patch | 2 +- ...g.py-use-platlibdir-also-for-purelib.patch | 4 ++-- ...ctive_children-skip-problematic-test.patch | 6 +++--- ...pes.test_find-skip-without-tools-sdk.patch | 2 +- ...-test_deadlock-skip-problematic-test.patch | 2 +- ...le.py-correct-the-test-output-format.patch | 2 +- ...t_readline-skip-limited-history-test.patch | 2 +- ...-test_shutdown-skip-problematic-test.patch | 2 +- ...orlines-skip-due-to-load-variability.patch | 2 +- ...up.py-do-not-add-a-curses-include-pa.patch | 6 +++--- .../python/python3/cgi_py.patch | 2 +- .../python/python3/crosspythonpath.patch | 4 ++-- .../python3/deterministic_imports.patch | 2 +- .../python/python3/makerace.patch | 6 +++--- .../{python3_3.12.7.bb => python3_3.12.8.bb} | 2 +- 23 files changed, 53 insertions(+), 53 deletions(-) rename meta/recipes-devtools/python/{python3_3.12.7.bb => python3_3.12.8.bb} (99%) diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch index 4110774193..3311a90bda 100644 --- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch +++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch @@ -1,4 +1,4 @@ -From 733b46f11d311290e37fcb30f08c47660b888d22 Mon Sep 17 00:00:00 2001 +From e8bd4f8ee56cbb12a61c1dcabf35a1835a863132 Mon Sep 17 00:00:00 2001 From: Paulo Neves Date: Tue, 7 Jun 2022 16:16:41 +0200 Subject: [PATCH] Avoid shebang overflow on python-config.py @@ -16,10 +16,10 @@ Upstream-Status: Denied [distribution] 1 file changed, 2 insertions(+) diff --git a/Makefile.pre.in b/Makefile.pre.in -index b1c5413..e88f301 100644 +index 2d235d2..1ac2263 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -2349,6 +2349,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh +@@ -2354,6 +2354,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh @ # Substitution happens here, as the completely-expanded BINDIR @ # is not available in configure sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py diff --git a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch index 0ae6283840..5ca09c6f3c 100644 --- a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch +++ b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch @@ -1,4 +1,4 @@ -From c6ba19a4cfdb0a5b137b91ef761f654b70776a47 Mon Sep 17 00:00:00 2001 +From bbfb7fdf01f0502c7bf3d418f3a912ea76c93f24 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Thu, 16 Sep 2021 16:35:37 +0200 Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O diff --git a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch index 981531139a..1b9f3565d3 100644 --- a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch +++ b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch @@ -1,4 +1,4 @@ -From d325a4e1fde5bd817c88f37d5e7b6e93a3bad077 Mon Sep 17 00:00:00 2001 +From c739bf214b9dd6060db216b79077806fccb582ae Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 17 Nov 2023 14:26:32 +0100 Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration @@ -14,7 +14,7 @@ Signed-off-by: Alexander Kanavin 1 file changed, 5 insertions(+) diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py -index 79c0510..91ebcb6 100644 +index 6258b68..d59ec6e 100644 --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -668,6 +668,11 @@ def _init_config_vars(): diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch index 881986d322..b78f619958 100644 --- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch +++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch @@ -1,4 +1,4 @@ -From a727a950023b9384955c912f4975d36a8d7913b4 Mon Sep 17 00:00:00 2001 +From b9081b2e21983f2a828bc40a47ab278ef69f4dfe Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 30 Jan 2019 12:41:04 +0100 Subject: [PATCH] Makefile.pre: use qemu wrapper when gathering profile data @@ -10,7 +10,7 @@ Signed-off-by: Alexander Kanavin 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index 0e64ccc..23e20e9 100644 +index 083f4c7..dce36a5 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -660,8 +660,7 @@ profile-run-stamp: diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch index 22c42e37ab..6779dd515a 100644 --- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch +++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch @@ -1,4 +1,4 @@ -From 6b0088a3d222b7fe5304f6bc0d6b15d3c41e68f3 Mon Sep 17 00:00:00 2001 +From b4014e3d1d9e38b25f2840e65e2acd757f3e5d41 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu Date: Thu, 1 Apr 2021 13:08:37 -0700 Subject: [PATCH] Skip failing tests due to load variability on YP AB @@ -23,10 +23,10 @@ Signed-off-by: Trevor Gamblin 2 files changed, 5 insertions(+) diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py -index aac74ea..3470bc5 100644 +index 3b4415b..1f94dec 100644 --- a/Lib/test/_test_multiprocessing.py +++ b/Lib/test/_test_multiprocessing.py -@@ -682,6 +682,7 @@ class _TestProcess(BaseTestCase): +@@ -688,6 +688,7 @@ class _TestProcess(BaseTestCase): close_queue(q) @support.requires_resource('walltime') @@ -34,7 +34,7 @@ index aac74ea..3470bc5 100644 def test_many_processes(self): if self.TYPE == 'threads': self.skipTest('test not appropriate for {}'.format(self.TYPE)) -@@ -2083,6 +2084,7 @@ class _TestBarrier(BaseTestCase): +@@ -2211,6 +2212,7 @@ class _TestBarrier(BaseTestCase): except threading.BrokenBarrierError: results.append(True) @@ -42,7 +42,7 @@ index aac74ea..3470bc5 100644 def test_timeout(self): """ Test wait(timeout) -@@ -5080,6 +5082,7 @@ class TestWait(unittest.TestCase): +@@ -5208,6 +5210,7 @@ class TestWait(unittest.TestCase): time.sleep(period) @support.requires_resource('walltime') @@ -51,10 +51,10 @@ index aac74ea..3470bc5 100644 from multiprocessing.connection import wait diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py -index 02cc3f4..51a4548 100644 +index 9463add..4e0f39d 100644 --- a/Lib/test/test_time.py +++ b/Lib/test/test_time.py -@@ -492,6 +492,7 @@ class TimeTestCase(unittest.TestCase): +@@ -527,6 +527,7 @@ class TimeTestCase(unittest.TestCase): @unittest.skipIf( support.is_wasi, "process_time not available on WASI" ) @@ -62,7 +62,7 @@ index 02cc3f4..51a4548 100644 def test_process_time(self): # process_time() should not include time spend during a sleep start = time.process_time() -@@ -505,6 +506,7 @@ class TimeTestCase(unittest.TestCase): +@@ -540,6 +541,7 @@ class TimeTestCase(unittest.TestCase): self.assertTrue(info.monotonic) self.assertFalse(info.adjustable) diff --git a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch index 9a2634ac9b..08142617c0 100644 --- a/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch +++ b/meta/recipes-devtools/python/python3/0001-Update-test_sysconfig-for-posix_user-purelib.patch @@ -1,4 +1,4 @@ -From f0b18f1b3b3d5b40d65e08a184f4e3463745b891 Mon Sep 17 00:00:00 2001 +From 5224cc0ac21f4c2574c24e0fee38b145ca15175b Mon Sep 17 00:00:00 2001 From: Wentao Zhang Date: Mon, 20 Mar 2023 13:39:52 +0800 Subject: [PATCH] Update test_sysconfig for posix_user purelib @@ -22,10 +22,10 @@ Signed-off-by: Wentao Zhang 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py -index 1137c20..f5c8980 100644 +index 3468d0c..9ff174c 100644 --- a/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py -@@ -381,7 +381,7 @@ class TestSysConfig(unittest.TestCase): +@@ -390,7 +390,7 @@ class TestSysConfig(unittest.TestCase): expected = os.path.normpath(global_path.replace(base, user, 1)) # bpo-44860: platlib of posix_user doesn't use sys.platlibdir, # whereas posix_prefix does. diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch index b4de257d1e..5c74443e62 100644 --- a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch +++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch @@ -1,4 +1,4 @@ -From 73960393a559d0de5edf07b022d182cac54df9dc Mon Sep 17 00:00:00 2001 +From 6e3868c8c330f997bc242a8d51d742baac449ecc Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 23 Aug 2023 20:00:07 +0200 Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to diff --git a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch index 7997811228..c9ef409018 100644 --- a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch +++ b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch @@ -1,4 +1,4 @@ -From f834492007487e9e87b3d3f1f3c5cc440e6ec5e2 Mon Sep 17 00:00:00 2001 +From 82576cdb9d6d9736ba122592974b0e7727216a3f Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Mon, 22 Oct 2018 15:19:51 +0800 Subject: [PATCH] python3: use cc_basename to replace CC for checking compiler @@ -26,7 +26,7 @@ Signed-off-by: Changqing Li 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac -index d0d5405..093f8b5 100644 +index 9270b5f..955daad 100644 --- a/configure.ac +++ b/configure.ac @@ -137,6 +137,7 @@ AC_CONFIG_HEADERS([pyconfig.h]) @@ -46,7 +46,7 @@ index d0d5405..093f8b5 100644 gcc) AC_PATH_TOOL([CXX], [g++], [g++], [notfound]) ;; cc) AC_PATH_TOOL([CXX], [c++], [c++], [notfound]) ;; clang|*/clang) AC_PATH_TOOL([CXX], [clang++], [clang++], [notfound]) ;; -@@ -1328,7 +1329,7 @@ rmdir CaseSensitiveTestDir +@@ -1331,7 +1332,7 @@ rmdir CaseSensitiveTestDir case $ac_sys_system in hp*|HP*) @@ -55,7 +55,7 @@ index d0d5405..093f8b5 100644 cc|*/cc) CC="$CC -Ae";; esac;; esac -@@ -1854,7 +1855,7 @@ esac +@@ -1857,7 +1858,7 @@ esac ], [AC_MSG_RESULT([no])]) if test "$Py_LTO" = 'true' ; then @@ -64,7 +64,7 @@ index d0d5405..093f8b5 100644 *clang*) LDFLAGS_NOLTO="-fno-lto" dnl Clang linker requires -flto in order to link objects with LTO information. -@@ -1983,7 +1984,7 @@ then +@@ -1986,7 +1987,7 @@ then fi fi LLVM_PROF_ERR=no @@ -73,7 +73,7 @@ index d0d5405..093f8b5 100644 *clang*) # Any changes made here should be reflected in the GCC+Darwin case below PGO_PROF_GEN_FLAG="-fprofile-instr-generate" -@@ -2155,7 +2156,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS]) +@@ -2158,7 +2159,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS]) # compiler and platform. BASECFLAGS tweaks need to be made even if the # user set OPT. @@ -82,7 +82,7 @@ index d0d5405..093f8b5 100644 *clang*) cc_is_clang=1 ;; -@@ -2427,7 +2428,7 @@ yes) +@@ -2430,7 +2431,7 @@ yes) # ICC doesn't recognize the option, but only emits a warning ## XXX does it emit an unused result warning and can it be disabled? @@ -91,7 +91,7 @@ index d0d5405..093f8b5 100644 [*icc*], [ac_cv_disable_unused_result_warning=no] [PY_CHECK_CC_WARNING([disable], [unused-result])]) AS_VAR_IF([ac_cv_disable_unused_result_warning], [yes], -@@ -2673,7 +2674,7 @@ yes) +@@ -2676,7 +2677,7 @@ yes) ;; esac @@ -100,7 +100,7 @@ index d0d5405..093f8b5 100644 *mpicc*) CFLAGS_NODIST="$CFLAGS_NODIST" ;; -@@ -3508,7 +3509,7 @@ then +@@ -3511,7 +3512,7 @@ then then LINKFORSHARED="-Wl,--export-dynamic" fi;; @@ -109,7 +109,7 @@ index d0d5405..093f8b5 100644 *gcc*) if $CC -Xlinker --help 2>&1 | grep export-dynamic >/dev/null then -@@ -6831,7 +6832,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then +@@ -6832,7 +6833,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then # Some versions of gcc miscompile inline asm: # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46491 # http://gcc.gnu.org/ml/gcc/2010-11/msg00366.html diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch index 94f7744c09..e105f36eca 100644 --- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch +++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch @@ -1,4 +1,4 @@ -From 642205e1f728873b16debc24c2938339d31be6a9 Mon Sep 17 00:00:00 2001 +From 5944f707fc04fb65caec3f0e1ce3a42169426c47 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Fri, 15 Sep 2023 08:48:33 -0400 Subject: [PATCH] skip no_stdout_fileno test due to load variability diff --git a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch index 3e8e9648c6..c7ac43cc85 100644 --- a/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch +++ b/meta/recipes-devtools/python/python3/0001-sysconfig.py-use-platlibdir-also-for-purelib.patch @@ -1,4 +1,4 @@ -From fac0f14fd34386e47bab71c0043ea55b507ae39c Mon Sep 17 00:00:00 2001 +From 3aeeddb1325679d5c0471ad86806e92e72187138 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Sun, 12 Sep 2021 21:44:36 +0200 Subject: [PATCH] sysconfig.py: use platlibdir also for purelib @@ -13,7 +13,7 @@ Signed-off-by: Alexander Kanavin 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py -index 122d441..79c0510 100644 +index 517b13a..6258b68 100644 --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -28,7 +28,7 @@ _INSTALL_SCHEMES = { diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch index a27024c42f..164c8b5180 100644 --- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch @@ -1,4 +1,4 @@ -From 7f75355e27ee7f25391523294e4c6653edf554f8 Mon Sep 17 00:00:00 2001 +From a83311a1030b816f422dbb4457fc38c1289c224d Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Thu, 13 Jun 2024 10:54:31 -0400 Subject: [PATCH] test_active_children: skip problematic test @@ -14,10 +14,10 @@ Signed-off-by: Trevor Gamblin 1 file changed, 1 insertion(+) diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py -index 3470bc5..0e42ac1 100644 +index 1f94dec..3632219 100644 --- a/Lib/test/_test_multiprocessing.py +++ b/Lib/test/_test_multiprocessing.py -@@ -579,6 +579,7 @@ class _TestProcess(BaseTestCase): +@@ -585,6 +585,7 @@ class _TestProcess(BaseTestCase): self.assertTrue(type(cpus) is int) self.assertTrue(cpus >= 1) diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch index 6bf514fca8..307e4bf306 100644 --- a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch +++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch @@ -1,4 +1,4 @@ -From 174ef9a40c9f4373fd90b00425fd94a89f96dbf9 Mon Sep 17 00:00:00 2001 +From fbbf04dbeae217b985073263499174960e5fd142 Mon Sep 17 00:00:00 2001 From: Tim Orling Date: Fri, 18 Jun 2021 11:56:50 -0700 Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch index d8ca7f9b79..e07f7392f6 100644 --- a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch @@ -1,4 +1,4 @@ -From 621ba76ef956708cdaf4fd5bc0e25aa59d427c5b Mon Sep 17 00:00:00 2001 +From 9d658dd20f02edcf878b245d638c474c808ab8d1 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Wed, 12 Jun 2024 10:29:03 -0400 Subject: [PATCH] test_deadlock: skip problematic test diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch index d0f4dc14bc..535c48c769 100644 --- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch +++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch @@ -1,4 +1,4 @@ -From d74e5f24b574fa4d571a64e647c916a7ebe26b3e Mon Sep 17 00:00:00 2001 +From fcd5b7d30d3245ce92ea45dfbab3c7b7da690c20 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Mon, 5 Aug 2019 15:57:39 +0800 Subject: [PATCH] test_locale.py: correct the test output format diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch index f4efd1ecff..3568d92bda 100644 --- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch @@ -1,4 +1,4 @@ -From bc5c70dc2a2fcfe51481de0ad800baa849592222 Mon Sep 17 00:00:00 2001 +From 34fd0bc8afc67a11eea5d73f9e0edf045c5ce541 Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Tue, 13 Aug 2024 11:07:05 -0400 Subject: [PATCH] test_readline: skip limited history test diff --git a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch index e8d70cdc1b..61fe5e9ba1 100644 --- a/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch +++ b/meta/recipes-devtools/python/python3/0001-test_shutdown-skip-problematic-test.patch @@ -1,4 +1,4 @@ -From b637ac8f58d17bc8888b2027a572c87531a4539d Mon Sep 17 00:00:00 2001 +From d09a034acba8922158d38fd16be970b5a454428a Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Wed, 8 May 2024 11:58:09 -0400 Subject: [PATCH] test_shutdown: skip problematic test diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch index a4c9abd8b9..22aabbb2ed 100644 --- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch +++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch @@ -1,4 +1,4 @@ -From 1a1e5c30021a200b2dc853690dbf1edfba9ca262 Mon Sep 17 00:00:00 2001 +From 6715560de4d622c2d72ee7b587c916ac647c54bb Mon Sep 17 00:00:00 2001 From: Trevor Gamblin Date: Fri, 6 Oct 2023 10:59:44 -0400 Subject: [PATCH] test_storlines: skip due to load variability diff --git a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch index 5c5603c956..f5e500b146 100644 --- a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch +++ b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch @@ -1,4 +1,4 @@ -From 8543ad744a2839acf1f4eec967acd645fd89d1a7 Mon Sep 17 00:00:00 2001 +From 011b21dc9b090c0b97eaecbd80a9e0c1cd39b12d Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 17 Nov 2023 14:16:40 +0100 Subject: [PATCH] configure.ac: do not add a curses include path from the host @@ -15,10 +15,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac -index cdc54e5..d163c73 100644 +index 6e465a4..13c4835 100644 --- a/configure.ac +++ b/configure.ac -@@ -6536,12 +6536,6 @@ AS_VAR_IF([have_panel], [no], [ +@@ -6537,12 +6537,6 @@ AS_VAR_IF([have_panel], [no], [ AC_MSG_RESULT([$have_panel (CFLAGS: $PANEL_CFLAGS, LIBS: $PANEL_LIBS)]) ]) diff --git a/meta/recipes-devtools/python/python3/cgi_py.patch b/meta/recipes-devtools/python/python3/cgi_py.patch index b1f2b71c2a..880a463760 100644 --- a/meta/recipes-devtools/python/python3/cgi_py.patch +++ b/meta/recipes-devtools/python/python3/cgi_py.patch @@ -1,4 +1,4 @@ -From 8e6dc9fe684b27988b5aca3f760f02343aa95951 Mon Sep 17 00:00:00 2001 +From 6ebd9de3505be0965cfc37e2e4d0d882d75f0ec2 Mon Sep 17 00:00:00 2001 From: Mark Hatle Date: Wed, 21 Sep 2011 20:55:33 -0500 Subject: [PATCH] Lib/cgi.py: Update the script as mentioned in the comment diff --git a/meta/recipes-devtools/python/python3/crosspythonpath.patch b/meta/recipes-devtools/python/python3/crosspythonpath.patch index 91ef3fe674..24268fb91a 100644 --- a/meta/recipes-devtools/python/python3/crosspythonpath.patch +++ b/meta/recipes-devtools/python/python3/crosspythonpath.patch @@ -1,4 +1,4 @@ -From 1bc93167c48876d77ce424415e87573a062b8f2a Mon Sep 17 00:00:00 2001 +From 0bcdb84db7801507b155a40db2228ba516edeb73 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda Date: Tue, 18 Nov 2014 03:35:33 -0500 Subject: [PATCH] configure.ac: add CROSSPYTHONPATH into PYTHONPATH for @@ -19,7 +19,7 @@ Signed-off-by: Ricardo Ribalda 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 093f8b5..cdc54e5 100644 +index 955daad..6e465a4 100644 --- a/configure.ac +++ b/configure.ac @@ -165,7 +165,7 @@ AC_ARG_WITH([build-python], diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch index 9ae4af36ec..9bfdf5cd47 100644 --- a/meta/recipes-devtools/python/python3/deterministic_imports.patch +++ b/meta/recipes-devtools/python/python3/deterministic_imports.patch @@ -1,4 +1,4 @@ -From 38e732371ac234c3f0e6310d6dbc7ddc7f458535 Mon Sep 17 00:00:00 2001 +From 1d6f0f5f8a1279fc9bc06266caa3f3b6f234c4cb Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 27 May 2022 17:05:44 +0100 Subject: [PATCH] python3: Ensure stale empty python module directories don't diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch index e9494b555d..f420404f34 100644 --- a/meta/recipes-devtools/python/python3/makerace.patch +++ b/meta/recipes-devtools/python/python3/makerace.patch @@ -1,4 +1,4 @@ -From 08c7867a02d26aac41764b915dc925343305e7af Mon Sep 17 00:00:00 2001 +From be22dd9b091af8f971f924fdbce5b439d9b2e850 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 13 Jul 2021 23:19:29 +0100 Subject: [PATCH] python3: Fix make race @@ -17,10 +17,10 @@ Signed-off-by: Richard Purdie 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index 23e20e9..b1c5413 100644 +index dce36a5..2d235d2 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -2260,7 +2260,7 @@ COMPILEALL_OPTS=-j0 +@@ -2265,7 +2265,7 @@ COMPILEALL_OPTS=-j0 TEST_MODULES=@TEST_MODULES@ .PHONY: libinstall diff --git a/meta/recipes-devtools/python/python3_3.12.7.bb b/meta/recipes-devtools/python/python3_3.12.8.bb similarity index 99% rename from meta/recipes-devtools/python/python3_3.12.7.bb rename to meta/recipes-devtools/python/python3_3.12.8.bb index e2fdc18112..94e0f24f89 100644 --- a/meta/recipes-devtools/python/python3_3.12.7.bb +++ b/meta/recipes-devtools/python/python3_3.12.8.bb @@ -40,7 +40,7 @@ SRC_URI:append:class-native = " \ file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ " -SRC_URI[sha256sum] = "24887b92e2afd4a2ac602419ad4b596372f67ac9b077190f459aba390faf5550" +SRC_URI[sha256sum] = "c909157bb25ec114e5869124cc2a9c4a4d4c1e957ca4ff553f1edc692101154e" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Sat Jan 4 13:41:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54988 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB496E77199 for ; Sat, 4 Jan 2025 13:42:36 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.18157.1735998151052182604 for ; Sat, 04 Jan 2025 05:42:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=k4JyQENm; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-21644aca3a0so111015335ad.3 for ; Sat, 04 Jan 2025 05:42:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998150; x=1736602950; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UeW3q6z9Me54z5DCYkJTIoYsCYifEWS/9XZVGGZB0Hs=; b=k4JyQENmFbb2MeQqJP/NDj6l8qTOI38mciz3vaaspxyRt+ZQvsTeN48ESfZaUuPu25 MPvb/hJ2tz1n2xIydSoE9URvZD6xvBZtCOczeXxzw7zzI++V5QH/EkXyAIV5orCMR5d6 I25tAg9LYBkKaXoVr9sqUnQNEOxIQWInBdsCMVqeCA740BhHmJNHEErOkWrQeuRYpRMp 3VEbhcFyyxsDp6rfOcn6Ehg7DZWF8A4TJ3jOw2w1w3Imj96vjP0WF8Gt7LyqdeTxqi+u AXzI8bA++I5FPWX2uiobH0JPTI4Xn9T4vKkWl5AXLtw1gozk5YseF4QbVc0MiL/oRqwm 8GOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998150; x=1736602950; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UeW3q6z9Me54z5DCYkJTIoYsCYifEWS/9XZVGGZB0Hs=; b=T1aKa032CpLrEYy6y7+h17a+qehwWr872a6Q/AUD4XsBEz2sR2oTnPoxXhrZhPOXrk UrJBUQp7s2vV3qfVvhSs+DxiOxRHQ2zfxhhT4aKW1QNtWNCKQeW14FLp44rrziOQpgLo IV7EPb0fdgsQL3OwOckU9yarM0YzwbVNvc8wnwunhDa95kXmeGZ0CJX+XlzG6gnVRYqo FtlKlHGLbxtVrF5ff3H/9J4WqGHItMUtSGki2srJmH2FdYJ5JUUcdP0rcEWIVcPlOjCW q2GY8Y0DDFLm9VGI0GeC6Vpm5yGzoFnT8vXcDt8u4LoM/rsxamjGtJ18ZSE4CShMLV1U u8AQ== X-Gm-Message-State: AOJu0YxVi/zEFAA4dztUWokZZUQK229ZoqrRklI0v2ci0qwUm1sRmBzB X66fEvwmBGQp34fX/0lOFDV7hgTgX6YkxM5IdCSqmYR63jKNftL9/r7la2rZORg7wpyoNtdwamF 9 X-Gm-Gg: ASbGncsGNSNFDQIxvEg+QRxnUbC6KkX5cBWgbena1+tvxIBYiSuEiyJ41MMKM5rD+SE QoaMFLVwAPEQ4TFneag0j36u5MsnaCqk9DMOysLQhv0uPJ+YQY2KyPyOu9n5Ck4Em8E5/zsnJuI 8By4VCEM649KCVTtfvoK2CumsUkR0RFHM0hrChcYNIkYU13ol8/ezCl7Tl5X+vTa57Xz2/hPZcW BJJqY+wOgDbk/kJMtazM09qq1MhKNCgX+MxZS+3FAp4AA== X-Google-Smtp-Source: AGHT+IG1EimmxMTbgwu3S+JckbUSpu8FdXWCLVetVdmpqXA0onPmUTQNQZWGbJr2jUefr69uY2CoTQ== X-Received: by 2002:a05:6a00:3406:b0:725:eacf:cfdb with SMTP id d2e1a72fcca58-72abdeeed6emr80100510b3a.24.1735998150388; Sat, 04 Jan 2025 05:42:30 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 20/25] libxml2: Upgrade 2.12.8 -> 2.12.9 Date: Sat, 4 Jan 2025 05:41:44 -0800 Message-ID: <774b10921b1e46d99338bb8c047d7f094d5ce7bd.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209389 From: Divya Chellam Changes between 2.12.8 -> 2.12.9 ================================ https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.9 Security * [CVE-2024-40896] Fix XXE protection in downstream code Improvements * Undeprecate xmlKeepBlanksDefault. Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../libxml/{libxml2_2.12.8.bb => libxml2_2.12.9.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-core/libxml/{libxml2_2.12.8.bb => libxml2_2.12.9.bb} (97%) diff --git a/meta/recipes-core/libxml/libxml2_2.12.8.bb b/meta/recipes-core/libxml/libxml2_2.12.9.bb similarity index 97% rename from meta/recipes-core/libxml/libxml2_2.12.8.bb rename to meta/recipes-core/libxml/libxml2_2.12.9.bb index fb103f0273..7777c9f181 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.8.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.9.bb @@ -20,7 +20,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://install-tests.patch \ " -SRC_URI[archive.sha256sum] = "43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93" +SRC_URI[archive.sha256sum] = "59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" # Disputed as a security issue, but fixed in d39f780 From patchwork Sat Jan 4 13:41:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54989 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DAF82E77188 for ; Sat, 4 Jan 2025 13:42:36 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.18161.1735998154242969177 for ; Sat, 04 Jan 2025 05:42:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=qZ+ZJAiA; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2164b662090so161382275ad.1 for ; Sat, 04 Jan 2025 05:42:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998153; x=1736602953; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tbhvUlBhbFTdsDsuSa2Ukqk9jfkdb2UJulaPWkZOEyw=; b=qZ+ZJAiAtr8rj4ePEmHjBNZgf7s9q5pl3YfbqTzr8cl+076FTveeADqSZPWK5H0rbW exltJh9PeofTyBPL6G8oCf0zc0MyNGj5Vz/8l+WtyH6GF32Hn9ElgHO4e5GSE1sTM8pF wctL1lHS6oKlvv4ESzeve+plxYgF+jdHRXL28mfy7T+Dhi7dOZLWAgw+p1KbniW1eU+7 aM+68V5A4kJqZ9OIP0Zjhsz5hTiINRnbPYlnzc7L43J/96ok7NJZ64U8qAqmdD1yH7HN U46FYg4MrYVJ0qmHNqFazneE9GaR4LW31hoNaPXllko72IqPDM6Vxvx5vRHcNntGcZYX m7Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998153; x=1736602953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tbhvUlBhbFTdsDsuSa2Ukqk9jfkdb2UJulaPWkZOEyw=; b=ND9KRPgTGHKlN00sdzEgdo0njBz/c7dHXsahWDg82/xgx92ocxR4qoxfttWnqJVrAY cXav4rfuyXwaYuwsSEZR9ltO82CdCXHlT8NTxOFKYtR6+9e+PmhcJHu3X5nglfiMwarG V1pZnXzt9q3HGaxgLqq+dajUUrNSWeRzX41LhvSNDlKohnVoaf2UW76xuf807wYXoRn+ zAIxQdgydsnhBKxZSkkzmGwHBgZ2UP6i7WsiemfGdvib4WlzHUWAGTtMvCbmQzCuvs16 VdaG87VxdjwD3g1GRYThUfxKqacfsrgVp7OIJ5eJYNWliVmgISyTDHMPLEyKodCB+K9u uAsA== X-Gm-Message-State: AOJu0Yz2nYv8vqmqx6p+baAJVqjecReurWulNwLPotzHGjC0gWK6ZPSS M68LMgUzYrwrcPdw3cDnmy9LW5uxMD/4Nmkvo6zaMN3iko2cUQVBd0abWczrrtYKVfVSK9yWk9n e X-Gm-Gg: ASbGnctxhEGktgu25ZRKgX3G3qYdvf0WwNlKSLzR4bjTJMtyg4ObU7NUxG9trAAjg58 unMsOcYXU5BxMYBrVAwbm2HTCREVKmFLtQR0UR0HUKoDLA7Wdn+u4UJMlFinl6E8H6rc2+JYJpM abQm2KXg6K0syzGZM7iHME/DJLN1J49lUqwyyMsjXEI4KqiTkWVeUYZ5qrHzPnE/WEeW5cteusY KN8a6kqg/Gh2kKVBdHUrge4sbw8sP9xejQr/TS6x693Og== X-Google-Smtp-Source: AGHT+IFTJZW/1fsiLX7fWhSs2sKvr3hNA2bnGkpreh9KV7ngnYVnWrQFIwY38GFTivZAIYhi/vNTJA== X-Received: by 2002:a05:6a00:cd6:b0:729:a31:892d with SMTP id d2e1a72fcca58-72abdd9603cmr90537288b3a.8.1735998151955; Sat, 04 Jan 2025 05:42:31 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:31 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 21/25] python3-requests: upgrade 2.32.0 -> 2.32.3 Date: Sat, 4 Jan 2025 05:41:45 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209391 From: Soumya Sambu Changelog: https://requests.readthedocs.io/en/latest/community/updates/#release-history 2.32.3 (2024-05-29) * Bugfixes - Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716) * Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724) 2.32.2 (2024-05-21) * Deprecations - To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. * A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) 2.32.1 (2024-05-20) * Bugfixes - Add missing test certs to the sdist distributed on PyPI. https://github.com/psf/requests/compare/v2.32.0...v2.32.3 Also transition to using python_setuptools_build_meta. Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- ...{python3-requests_2.32.0.bb => python3-requests_2.32.3.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/python/{python3-requests_2.32.0.bb => python3-requests_2.32.3.bb} (78%) diff --git a/meta/recipes-devtools/python/python3-requests_2.32.0.bb b/meta/recipes-devtools/python/python3-requests_2.32.3.bb similarity index 78% rename from meta/recipes-devtools/python/python3-requests_2.32.0.bb rename to meta/recipes-devtools/python/python3-requests_2.32.3.bb index b4df4c5dc7..4f0638b50c 100644 --- a/meta/recipes-devtools/python/python3-requests_2.32.0.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.3.bb @@ -3,9 +3,9 @@ HOMEPAGE = "https://requests.readthedocs.io" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" -SRC_URI[sha256sum] = "fa5490319474c82ef1d2c9bc459d3652e3ae4ef4c4ebdd18a21145a47ca4b6b8" +SRC_URI[sha256sum] = "55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760" -inherit pypi setuptools3 +inherit pypi python_setuptools_build_meta RDEPENDS:${PN} += " \ python3-certifi \ From patchwork Sat Jan 4 13:41:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54986 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1D8FE77197 for ; Sat, 4 Jan 2025 13:42:36 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.18160.1735998154184391337 for ; Sat, 04 Jan 2025 05:42:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bBllbdqu; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-21661be2c2dso167259335ad.1 for ; Sat, 04 Jan 2025 05:42:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998153; x=1736602953; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mbfxAd9A1pedgBQ36tCezXSQWXWydTkQYStUVB6HXWo=; b=bBllbdqu570bQYVPRXdhY0/QijivpcS8wqpTyUrg94BL79IND3hidsQeMNZyNwf+ux LggtP3myIUkIEBujxjoZbtxuWLUDauyk8/THB+4uohWLzbL+SWC0MmyGWgVxasg6qiXk ElJ+YVm5CuHhyxyutnm+t9G+AWU24NldzDsXqHKp+Ond74xG5h1SfvvHcqrnIsAZaEAK 4Kc+rWC07wcLAqpTfIWuN2O5FVdN6Iq9MPxVcMcP6wpwwgKov6jgpAiD2KkYhnEZqVDZ icBPKQXaWcEQLQ36n2mdRE5ZyWCccxG8HLY+D3TVi1JGeBiIa3jTvgxJ+0TxvnnVvjHT porw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998153; x=1736602953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mbfxAd9A1pedgBQ36tCezXSQWXWydTkQYStUVB6HXWo=; b=J38eKAt7lEuLYY9qE5iYYH5YtmeZS6RvgMZuTkaKdLxw7z5EjiIFTwNpAWITvxeCk4 ooUgSMOC/ax9LQHFJm4BAhg3RLf/CxiyMj24Y/swnCY8Mi/Uen0DYYzcIjGpxZ+1kFwN 2QrbKKk8B79TriGDwETalCMHSVCB0eJ/q6JkP4tulfNTii4jGcED4Lbvu4OXfm4OOt6l aK/r2Pe+ZlIZl9XfOAyqww4qqIiUorVJhyb9kEEudC8GNB6YJ3pZ43jfsT70WNv0BPeS cQiCRpB48RI4kZX7xRe97Jv9kpvucOkaUnR8OKNtg0Lo5CUu+oCQcNRakFjdOZ2CwjRj zAmA== X-Gm-Message-State: AOJu0YwwGv0Mf13oZcJPEVI5pbjmJJu8cCvhWuWqlfLKVxz2XxtYPTOJ 6NWmk7r3bz0OzFLjAbhkD9HnF91hOsLmlryjtmzXPH4b4gZgWa532MVHzBCzNZ6j8u5U2ZSrVTz K X-Gm-Gg: ASbGncsfGyQS+x1eI6vipB1OSOvitawu25lyGZuyHxkmK15p0FEbdU53QJf74BNRq/A i6jDonMrBCM7SSVoPrlAzIWAgqcYir5kQOcSfsIS8HH5mSQGcnMOYRqFRxfsZO52tJhU3CFM0Oq 8USsM9+ArNi1fod3ewDn7MyjtVtI9i/TlWHHGvCo+Auh7CfsKTnpsRzxZUJ5ltoqYCzrchUbp3j Es99+U99dfXDGJgXn9UAIIsY7dAMcr6/oSucjp6nEvr1A== X-Google-Smtp-Source: AGHT+IFuaN/hGPCZLWep1upFpZJVmIv/kykjSh3IxkB+OXlZOVtto8PnXCHl6FJh+ii0E6UMF7T8JQ== X-Received: by 2002:a05:6a21:328a:b0:1db:e464:7b69 with SMTP id adf61e73a8af0-1e5e048ae02mr88700623637.20.1735998153409; Sat, 04 Jan 2025 05:42:33 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 22/25] populate_sdk_ext: write_local_conf add shutil import Date: Sat, 4 Jan 2025 05:41:46 -0800 Message-ID: <759fb4bb4f5d5cf7f124f64b9314a34e41f58d23.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209390 From: Mark Hatle Add shutil import to resolve error: Exception: NameError: name 'shutil' is not defined, Did you forget to import 'shutil' Signed-off-by: Mark Hatle Signed-off-by: Richard Purdie (cherry picked from commit b64263a43b4d82f1ebba13815bccb8a8cd3127f9) Signed-off-by: Mark Hatle Signed-off-by: Steve Sakoman --- meta/classes-recipe/populate_sdk_ext.bbclass | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass index e76ef60720..662cc493ce 100644 --- a/meta/classes-recipe/populate_sdk_ext.bbclass +++ b/meta/classes-recipe/populate_sdk_ext.bbclass @@ -290,6 +290,8 @@ def copy_uninative(d, baseoutpath): return uninative_checksum def write_local_conf(d, baseoutpath, derivative, core_meta_subdir, uninative_checksum): + import shutil + #check if custome templateconf path is set use_custom_templateconf = d.getVar('SDK_CUSTOM_TEMPLATECONF') From patchwork Sat Jan 4 13:41:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54992 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F11DCE77188 for ; Sat, 4 Jan 2025 13:42:46 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.18142.1735998155896884101 for ; Sat, 04 Jan 2025 05:42:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=1ie8rZHx; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2166360285dso184809545ad.1 for ; Sat, 04 Jan 2025 05:42:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998155; x=1736602955; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DtUI/FNKC+l5hSUwhEu6Bv+GHTyBQzxNwManfOfRMPU=; b=1ie8rZHxKZabQjoJUyHsfHm5ZzfJSDsKKPl9QNJvfOvVaobbHlnEFh4qSmx93u+9Fx iMjrDB4FBSWc5YSft5fDyJ1hoEliPNFo5X08D7EkPxAgBbNy+dZ5A1CG7IW0y9e3aUoG TUXRdqPtz1qnCd2D7GExH81petbJzUF5kPwmc9uCbW9fRlEwhHTS5zF8jRk0DAzOML+C kTTNYNa7L/6i0HvoBMMgE+CnAvRMAL5GpD+rQPIjFu2S5+XSs8lL48nCqQq3y1Xl075Q 6BlKTLbSMD9lMdCgI2XhEsfLjSe9xsLxIYczj2WOGjOh01JIE8Q3LaywpBXrX+hqDKX9 F+1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998155; x=1736602955; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DtUI/FNKC+l5hSUwhEu6Bv+GHTyBQzxNwManfOfRMPU=; b=jBmX0VV6ECY7P5sGBw98yXANL4Njm1lDK7PW/rwH84JmjYfKhLHWhGZfUWUbIozY41 a9ENm8sSYkad7SlpFSFJF3ZUTTX0kwPH/yLsXZwqdFpDD693bLegoR1IbOmKkMnLfvV3 R3EiNWDGmb+EjFIdfnObIeP25I87xw6K9xYSBfJAigCkYve42/Y/9ya+yo7KCmzepXcr BlIZQzNPipRY2o2dbfRvEvRfJvI81ocDX/2fsk+G4w0NIbvRHj7uvOVxjDnW6mbnR+wB GFY4Ed8HnXosCpuB8+9nG89X3Y7ottZTurqjvgdRPfZuAfZAwZtwavwYPs1HeEIu5U3V jYww== X-Gm-Message-State: AOJu0Yx7xBeO9jtnRJ5fhyc5ZuJE8Eis7WvMECyxDlrYiINqlRVtnBbj P7IiYhVmRuT7iMOgcQUYEurGASO20nkWVvkn7TRuAT/NBS+R5x/3UKSRCnHww1hIGA8XHbQi6Fu Q X-Gm-Gg: ASbGncu9FmgYX+QczoX+LsK7MK7/HVS/Y5THCfyejj95lzJp9gJPT+LW+vo05T7hD+1 qzVVxRMy0sa4l/udCuzpzLnxquqKQdY3pYIbPHcG9OZ2sSsLHVBkeHPKzTLsmdwjMHIlmuFHLe3 lux0AZx2JpIhFE4NNtXnmdoN2gbbqz37hpc3Bx6yUZg+WEu2AlI2/UAZ6xUi9B6/GjA9n2V3eOj Un82tE6mYcYhjvBKXU46KiOPRIYEjzAgsggaK0UXchVNg== X-Google-Smtp-Source: AGHT+IHjzT4TrHtbHj18QE+hX7wIAWYFh1TACX0FM1AP9vJLQ4iFLlBkbUHP4vhsEpJ2dnE3urRr7Q== X-Received: by 2002:a05:6a21:3991:b0:1db:ed8a:a607 with SMTP id adf61e73a8af0-1e5e047b457mr85365721637.11.1735998155107; Sat, 04 Jan 2025 05:42:35 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:34 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 23/25] lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66 Date: Sat, 4 Jan 2025 05:41:47 -0800 Message-ID: <598b2f27d74e08eb6089eadad68f80b2f1ef71de.1735997984.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209392 From: Xiangyu Chen The following commit has been backported into the 6.6.y branch. See upstream commit: commit 5fe6ec8f6ab549b6422e41551abb51802bd48bc7 Author: Peter Zijlstra Date: Mon Nov 6 13:41:43 2023 +0100 sched: Remove vruntime from trace_sched_stat_runtime() That caused building the lttng-modules report compile error: tracepoint-event-impl.h:133:6: error: conflicting types for 'trace_sched_stat_runtime'; The fix is still pending on lttng review board, backport it to oe-core to de-block the build issue. Signed-off-by: Xiangyu Chen Signed-off-by: Steve Sakoman --- ...stat_runtime-changed-in-Linux-6.6.66.patch | 51 +++++++++++++++++++ .../lttng/lttng-modules_2.13.12.bb | 1 + 2 files changed, 52 insertions(+) create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch new file mode 100644 index 0000000000..3c7731ae8f --- /dev/null +++ b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch @@ -0,0 +1,51 @@ +From a04234d63999f91405574928c80ded870dca157a Mon Sep 17 00:00:00 2001 +From: Kienan Stewart +Date: Sun, 22 Dec 2024 17:39:35 +0800 +Subject: [PATCH] Fix: sched_stat_runtime changed in Linux 6.6.66 + +The following commit has been backported into the 6.6.y branch. + +See upstream commit: + + commit 5fe6ec8f6ab549b6422e41551abb51802bd48bc7 + Author: Peter Zijlstra + Date: Mon Nov 6 13:41:43 2023 +0100 + + sched: Remove vruntime from trace_sched_stat_runtime() + + Tracing the runtime delta makes sense, observer can sum over time. + Tracing the absolute vruntime makes less sense, inconsistent: + absolute-vs-delta, but also vruntime delta can be computed from + runtime delta. + + Removing the vruntime thing also makes the two tracepoint sites + identical, allowing to unify the code in a later patch. + +Change-Id: I74acf0b8340c371e8411116e07e5c97b10f9c756 +Signed-off-by: Kienan Stewart + +Upstream-Status: Pending [https://review.lttng.org/c/lttng-modules/+/13813] + +[Xiangyu: BP to fix compile error on linux 6.6.66, Minor conflict resolution] +Signed-off-by: Xiangyu Chen +--- + include/instrumentation/events/sched.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/instrumentation/events/sched.h b/include/instrumentation/events/sched.h +index 24cf37c8..637a1e3a 100644 +--- a/include/instrumentation/events/sched.h ++++ b/include/instrumentation/events/sched.h +@@ -646,7 +646,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(sched_stat_template, sched_stat_blocked, + TP_ARGS(tsk, delay)) + #endif + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,8,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(6,8,0) || \ ++ LTTNG_KERNEL_RANGE(6,6,66, 6,7,0)) + /* + * Tracepoint for accounting runtime (time the task is executing + * on a CPU). +-- +2.43.0 + diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb index 95d5e2d615..34aff1ba8d 100644 --- a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb +++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb @@ -14,6 +14,7 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-Fix-ASoC-add-component-to-set_bias_level-events-in-l.patch \ file://0003-Fix-mm_compaction_migratepages-changed-in-linux-6.9-.patch \ file://0004-Fix-dev_base_lock-removed-in-linux-6.9-rc1.patch \ + file://0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch \ " # Use :append here so that the patch is applied also when using devupstream From patchwork Sat Jan 4 13:41:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54991 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F121CE77197 for ; Sat, 4 Jan 2025 13:42:46 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.18162.1735998157098235519 for ; Sat, 04 Jan 2025 05:42:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=WB5YZJNO; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2166651f752so214008975ad.3 for ; Sat, 04 Jan 2025 05:42:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998156; x=1736602956; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=76uiH2OKhGcY85hZFqyv6Theky7vTmmWjEqbCpBfcSw=; b=WB5YZJNOzETU4GFTSt3vePycWSlfVYPf5shk2GVoelQXxWPAHL41liMYf7/iZOMO7Z TgYlfNMyxy9J+taYnu09/OiIV02jOlFcF6wmVazMZyxDO2XTMHFIf1visBmBUbMl2Slm IU6VwlAYpixnlLiQQa+8yx0DpxvY9gD2Vyooaw0INvug8pArJObgoUmCmjMz1gcaX/PR vqmjImujNlScTSCjLgjKnT4luQ+eQdz+2jO8J733xgx2N5EPMHyojT9XFdV5Mx/96CAj sdiYWN7Cm2ubB/cpRB6VBkvzfn5Gox4neIOt0hIonsEOG8thkEGIl3CP7SZgCcgk9HuJ NTBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998156; x=1736602956; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=76uiH2OKhGcY85hZFqyv6Theky7vTmmWjEqbCpBfcSw=; b=dq4dcZ2DZtjGACFqcMuS2ozUEU18BuEchIJ/biOhf7TCYVRZOnxZbQIMzn9DQTpUzV eWFoPgfVmytcC49vg0ALmhgNS63tTalitfEb6JM2s367t9dUo5J8xmyxZMwC7zIoZHZO U6J+mEiOALep59s1+uf6xhiECVZeTG6Kq+m/KPB5uqxCCvlxDy1gfyVdlf8ChLqUVTSN dT3LEi8FqEr95Ul/C8OjMDE3NVBR32IbL+gbafoXzGDQZqSJuBGFU0sZf8wsivmFS69f uYOmw/DWxtR8Cji0eUE3BeQcPq9oZcsKrE/iLScsHhJDjgS9+xhP2Urfot4TvdQP7nDG O8SA== X-Gm-Message-State: AOJu0YwEQJlyi3xms6tceDMCa8OAMYSXuASElr/f5trbrVpR983kUTTB JOIGBdnKbe1Ly8s+pxwrbbTR7gzijGI6tJr37SF66F/9NJLnPtLcAs0OKaFEEJNP0/pQbeT+huH E X-Gm-Gg: ASbGncvGsnHVr6sJhzhoUqg3Ffeq5NLXttoj2ZKo1ZBVe4ETBdedx+FpZTnEBTVicIN W7FM/39d4Df0/XQPow699h35YrQDQIY/20lTDMy5GqouGzlRAuWbrZ4hTUDfLOzz+mn63FY3b2U M99Bpiq7JdPY7VgZk3H5Vk4rZ5Jzd4m3if34e96ChPCKFp+NlNfz0JeF1bNJcysNWej3VpPUdIj ltTNb6aHrsEMf+nq1hQQ1/vtdmc8370hQJcKtna4fv/YA== X-Google-Smtp-Source: AGHT+IFHQmvKjOA4YWVkatYzsyqtEseSo8QmiT/RjaWTr7miqqDkM0YwxUjC06qfJGNKdysndKWfAg== X-Received: by 2002:a05:6a00:3cc1:b0:726:41e:b32e with SMTP id d2e1a72fcca58-72abdd3ced1mr66915385b3a.4.1735998156442; Sat, 04 Jan 2025 05:42:36 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:36 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 24/25] ovmf-native: remove .pyc files from install Date: Sat, 4 Jan 2025 05:41:48 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209393 From: Mikko Rapeli They break builds which share sstate files on different machines and paths: ERROR: ovmf-edk2-stable202408-r0 do_prepare_recipe_sysroot: Error executing a python function in exec_func_python() autogenerated: The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: 0001: *** 0002:extend_recipe_sysroot(d) 0003: File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 624, function: extend_recipe_sysroot 0620: 0621: # Handle deferred binfiles 0622: for l in binfiles: 0623: (targetdir, dest) = binfiles[l] *** 0624: staging_copyfile(l, targetdir, dest, postinsts, seendirs) 0625: 0626: bb.note("Installed into sysroot: %s" % str(msg_adding)) 0627: bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists)) 0628: File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 165, function: staging_copyfile 0161: os.symlink(linkto, dest) 0162: #bb.warn(c) 0163: else: 0164: try: *** 0165: os.link(c, dest) 0166: except OSError as err: 0167: if err.errno == errno.EXDEV: 0168: bb.utils.copyfile(c, dest) 0169: else: Exception: FileExistsError: [Errno 17] File exists: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/sysroots-components/x86_64/ovmf-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc' -> '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/work/core2-64-poky-linux/ovmf/edk2-stable202408/recipe-sysroot-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc' Signed-off-by: Mikko Rapeli Signed-off-by: Richard Purdie (cherry picked from commit facd9e17fa53e2fb3a828b3f179cfb659be75d37) Signed-off-by: Steve Sakoman --- meta/recipes-core/ovmf/ovmf_git.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index ada6ee72db..319f03a8d2 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -225,6 +225,7 @@ do_compile:class-target() { do_install:class-native() { install -d ${D}/${bindir}/edk2_basetools + find ${S}/BaseTools -name \*.pyc -exec rm -rf \{\} \; cp -r ${S}/BaseTools ${D}/${bindir}/${EDK_TOOLS_DIR} } From patchwork Sat Jan 4 13:41:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 54993 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00AF2E7719A for ; Sat, 4 Jan 2025 13:42:47 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.18164.1735998158636088229 for ; Sat, 04 Jan 2025 05:42:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LamW73cq; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2156e078563so159542365ad.2 for ; Sat, 04 Jan 2025 05:42:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1735998158; x=1736602958; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Bp8iRgI8eQPINX7UPZ28RdcuW0EN8JjJ/c2crJQbHHI=; b=LamW73cqj8dpEskUrmzV355su6FaFgYq7j5av7YUfTau/FttWha0yrzYFndEQElG/2 Q+KIFvQfJDzmpIMFtS/fSlWNIDX5rgGMtaGO2Px0p5laU6AwiL0h2sP3hXLqVLwUEX1B +tc975lEXmMH3aQAqvQYu/d8SnqW7nCejWoEJ7bSH+35aEywIvfCuYf8aDj9Vdjw4owk EF/PzM/HViDd3UyYMuL9OCFxJtqxi7LXqup0Sbse2f9ikUUQvmUf0Tb/fSJUwxsDBXOM SjBsSpWCMxSjdP3SfROrrhOrXgzj2QP4dDzHxoeMkTjwrOT+wLMnGNAG+WpbJ9slAqc5 lOKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735998158; x=1736602958; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bp8iRgI8eQPINX7UPZ28RdcuW0EN8JjJ/c2crJQbHHI=; b=BfRWO0AZeAlyRfSU6Aq5y0oy5MIiHko5t0VdF720BgM02wj7UEGbZs2C1lE8r1qPzp dB8CslJF7rX4mBBUvmqSA39Ep8FL4iAwBLBfCwK8Qg0DxE1LX+hl9k5OHJuLh2SEei7p vBOoRRPck26h7QHUsz062vyHVpHBj04XVi+V5Y4GggwHTmJDTEiFRdEf8GV+YPaHaOsw M049G4ACsvcDT6lCYa7REw/uGcGa0zX1QxDSCYBTdmklze6lefvL/vDLJctS4SWY4U2z y4gtNmBG8yiUh8O90UOB6BtlBe2CjLTvOFg66ATXRcHRMX5alWDMuy98rzi3C/SLF4fJ JiZg== X-Gm-Message-State: AOJu0YykRfe6c514GdHJ0B0dAjHtC43Vv347Qtv3p/2M++3BKWRoqvXw FkvmZxrO8UMu36ReGDfVaFZxtymy9ytBWlvkQBlgNpcMbwprfjrfFB8Y5g+b6lBUo4ivAObmUt+ / X-Gm-Gg: ASbGnctGG4q7hKndXpTE3M9bbsSK5+Fh/OT6iRQA0+QeLntpsPu2Zu3WvMnB8ZcvzV5 gHmZzEuzyjfeNoSHoflNrIwyuTewVoF0DFIwF/yQJNq6NS33iMwYkL8XKsHob43gZSUl8ImBW/m /DL4vfVuRAM0ZbsOy3nXQZcvQEkG/w0XfAcxF7J3SSQ/o6BKER6zr+0R7HhJdfx/YbcpWJOZuZ4 o3sTEcBtW8TlVtpgxRzrv4dbfc0qtOwWNSh9PKt7J7hrw== X-Google-Smtp-Source: AGHT+IFBSPRoYVwFRFtHsuo5pjAA+SbNd/imibauDlmuUx3oAxpgk0VQ0fOWWa9rXPBpMYqKYPNOtg== X-Received: by 2002:a05:6a00:4ace:b0:728:eb32:356c with SMTP id d2e1a72fcca58-72abde01b08mr62954635b3a.11.1735998157880; Sat, 04 Jan 2025 05:42:37 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8faf93sm27966257b3a.153.2025.01.04.05.42.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 05:42:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 25/25] sanity.bbclass: skip check_userns for non-local uid Date: Sat, 4 Jan 2025 05:41:49 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 04 Jan 2025 13:42:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209394 From: Changqing Li Bitbake preserve network for non-local uid, refer [1], so check_userns is not needed for non-local uid [1] https://git.openembedded.org/bitbake/commit/?id=4eafae7904bae6e5c6bc50356e8a9077f2e207fa Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 808d0cece22bcbee15236717e158da247cbedaf1) Signed-off-by: Steve Sakoman --- meta/classes-global/sanity.bbclass | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass index 72dab0fea2..a0b2508e11 100644 --- a/meta/classes-global/sanity.bbclass +++ b/meta/classes-global/sanity.bbclass @@ -484,6 +484,8 @@ def check_userns(): # succeeds (at which point the uid is nobody) but writing to the uid_map # fails (so the uid isn't reset back to the user's uid). We can detect this. parentuid = os.getuid() + if not bb.utils.is_local_uid(parentuid): + return None pid = os.fork() if not pid: try: