From patchwork Thu Jul 24 21:35:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67431 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 493E4C83F26 for ; Thu, 24 Jul 2025 21:35:50 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.5113.1753392942515706679 for ; Thu, 24 Jul 2025 14:35:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TJsRr/kj; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-7490acf57b9so1075057b3a.2 for ; Thu, 24 Jul 2025 14:35:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392942; x=1753997742; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jBuXIFvxg9nHrdiUgj/KZLU23sMXCEWoE2967Dib7Ug=; b=TJsRr/kjVzVqEIW7nSQwHXH1lV8Voh7yWm5FL+jGoBMoRdxIsphnhxIIU86Avpuf+t tmnli2OrPP87Vu6Vi5wGolCqJT4MmPXWngaWMgVXEa/3YuT74mzNali3QW8J8eYuhGDN KxiVMzpkMtwunaPlT8n96wqxSitVTLPlZgr4XpM0q5BqW+v17ioKSFhg+AoyP9a5cph8 i9fn70Ail/E/GXEPGUxbPR7DiHBC23KhCUEyvkF3Inxya/LTl9kkbUCkVzmgyHiae/WY 6WSZMBZ3GeDrY9/ZQnNJrxRJvCqMTvnDIo/N0RqwSWzXtj/1FPwxpGw9NK8AZglEMXHZ w3cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392942; x=1753997742; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jBuXIFvxg9nHrdiUgj/KZLU23sMXCEWoE2967Dib7Ug=; b=f+1K+WwD+J8INbvqu8IrqfMGv571IxMezK4MzFDKi4vC2lb5ON70JcoaCDpwTN7NKj pUKjKt2jt1YrbgdB4xnrn1RHb3NhAWZ68zB89eXcy+G9eQcQZa8Ov2gNfNFL3ayT6EdR oI/RMy6Qjz3ErsZh6HFBsn2COv/+aYiZg/JK10syBTB3VxgKr5SDQWyqm4dPuGC/11Sw H79nRgo8tlfaHAgv7eviPSfNBFfaW9QQJpH7UTZGMa8tC9rYbts2EJMDAvHY1mZLMR2m XE8qjNjNR3PtsvHXX7PtTs1iEWiVORFt24aMGlHovTRyj+FqWr15p2yjrm/8ZgyPYfx/ wuKA== X-Gm-Message-State: AOJu0YzySnWBHHSZpTPg4EsTVce4OjUJUYo/eRgMXbZpWqQNwozY8Kga yK57wF+G6KhuijRYxq5AkuGsuVZQLC3sYNIbWKcMmXjhgqDRrk5175LQIM/KcmJZpS5KA6EhWok Hqnld X-Gm-Gg: ASbGncvu7ekwP4pqEDIEVpBQ8sf/9SR8zbKF4J1BRrHrB0SdyDgK6l8FGsRmUEI4OOm VZymQkg96+KRRQG2a2GvV2JEOqJrstNSYBpaNE8grdXDqErligFdgG/J0EY2pr6yUGS9u2nQB8F E9QXlbOI3VGsBFVmF+TjcFRklTA4Vtz4EvYFP+BPJESn7RhG7FPD5gA4Iym4tLK6m2tin2VtuLF s5e8uOBczZd6pfBa+4OESLZjr4Xa4P6hyyVM1Yd+1dVe7Rfb/CEhVfn92CaDBHosgLU9bFJMC9Q BLhAHk40/eiU2jcePH9YkJXY6s/DIOTe9QnpgaetWp7Kh9v3yHV6kAublk2r5hHC50BlMfChbVe gQ+5t/Nj7a81F X-Google-Smtp-Source: AGHT+IFrwgjt8meu3Ufcv9TXd1BQ1xcmI9WL8Ot9a7kwD0UuGx+YlF9fpY8PM2+L+vvaJa2/WTuTQA== X-Received: by 2002:a05:6a00:ba8e:b0:748:6a1f:6d3b with SMTP id d2e1a72fcca58-760353d2cd3mr12155397b3a.19.1753392941724; Thu, 24 Jul 2025 14:35:41 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:41 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/16] libxml2: fix CVE-2025-49795 Date: Thu, 24 Jul 2025 14:35:17 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220874 From: Roland Kovacs A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Signed-off-by: Roland Kovacs Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2025-49795.patch | 92 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 + 2 files changed, 93 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch new file mode 100644 index 0000000000..2e21a99b45 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch @@ -0,0 +1,92 @@ +From 19e0a3ed092085a4d6689397d4f08cf5d86267af Mon Sep 17 00:00:00 2001 +From: Michael Mann +Date: Sat, 21 Jun 2025 12:11:30 -0400 +Subject: [PATCH] Schematron: Fix null pointer dereference leading to DoS + +(CVE-2025-49795) + +Fixes #932 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667] +CVE: CVE-2025-49795 + +(cherry picked from commit c24909ba2601848825b49a60f988222da3019667) +Signed-off-by: Roland Kovacs +--- + result/schematron/zvon16_0 | 6 ++++++ + result/schematron/zvon16_0.err | 5 +++++ + schematron.c | 5 +++++ + test/schematron/zvon16.sct | 7 +++++++ + test/schematron/zvon16_0.xml | 5 +++++ + 5 files changed, 28 insertions(+) + create mode 100644 result/schematron/zvon16_0 + create mode 100644 result/schematron/zvon16_0.err + create mode 100644 test/schematron/zvon16.sct + create mode 100644 test/schematron/zvon16_0.xml + +diff --git a/result/schematron/zvon16_0 b/result/schematron/zvon16_0 +new file mode 100644 +index 00000000..768cf6f5 +--- /dev/null ++++ b/result/schematron/zvon16_0 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ Test Author ++ ++ +diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err +new file mode 100644 +index 00000000..a4fab4c8 +--- /dev/null ++++ b/result/schematron/zvon16_0.err +@@ -0,0 +1,5 @@ ++Pattern: TestPattern ++xmlXPathCompOpEval: function falae not found ++XPath error : Unregistered function ++/library/book line 2: Book ++./test/schematron/zvon16_0.xml fails to validate +diff --git a/schematron.c b/schematron.c +index a8259201..86c63e64 100644 +--- a/schematron.c ++++ b/schematron.c +@@ -1481,6 +1481,11 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt, + select = xmlGetNoNsProp(child, BAD_CAST "select"); + comp = xmlXPathCtxtCompile(ctxt->xctxt, select); + eval = xmlXPathCompiledEval(comp, ctxt->xctxt); ++ if (eval == NULL) { ++ xmlXPathFreeCompExpr(comp); ++ xmlFree(select); ++ return ret; ++ } + + switch (eval->type) { + case XPATH_NODESET: { +diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct +new file mode 100644 +index 00000000..f03848aa +--- /dev/null ++++ b/test/schematron/zvon16.sct +@@ -0,0 +1,7 @@ ++ ++ ++ ++ Book test ++ ++ ++ +diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml +new file mode 100644 +index 00000000..551e2d65 +--- /dev/null ++++ b/test/schematron/zvon16_0.xml +@@ -0,0 +1,5 @@ ++ ++ ++ Test Author ++ ++ +-- +2.34.1 + diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 488ace62e5..c289de6f73 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb @@ -22,6 +22,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://CVE-2025-32415.patch \ file://CVE-2025-6021.patch \ file://CVE-2025-49794-CVE-2025-49796.patch \ + file://CVE-2025-49795.patch \ " SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995" From patchwork Thu Jul 24 21:35:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67435 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56A21C87FC5 for ; Thu, 24 Jul 2025 21:35:50 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.5115.1753392944121161647 for ; Thu, 24 Jul 2025 14:35:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=H3uYmP8U; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-747e41d5469so1672294b3a.3 for ; Thu, 24 Jul 2025 14:35:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392943; x=1753997743; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JEdhDyCEzwkYtCrlPMFujykdyfexG7Fc6uPHi2MwqIo=; b=H3uYmP8Uc7rRAxQmDbxhkBXCY4aWB6BpRJtFnVHDzYO+HNID/hb1CisKfIiXhKKN43 6L4pd0UaqKHE3HkPvw7tmtBO0a21ORaB/liAE0KYLXMcK7yvANHT6jMRoOk9wxYK19Mv XtWf8tHQLLT7CVJS4SJgqthUZOyKYrgjMet9wBQqLOPj9TOARF/L1zx/MR8v4AqUaDl4 7P5zT1WZ+mk2VUCcZ1ioNImeB4K7WgRwH3M03ObYK3ldxj7oXz9E6EUdCF5szI7SjrRV wmv9wsQJ3+TozF/E4R2E8RfnTiRr5d/hERPy8owpGJuxwU8dO08Fp2dzAL9aFuWs8eBS gWug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392943; x=1753997743; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JEdhDyCEzwkYtCrlPMFujykdyfexG7Fc6uPHi2MwqIo=; b=nLd3lx5Q4BEaw5X4Za/UDgH1Y4XAfHK13eNuXsmM0LWIE5x0QhweN1yomLsZEIUQpZ 1oWfluriyGpD3OBrOAikBc4bU0fvSQT097AhONPLV9tbY7lDU3GXUNbyqZTPehn5rQgE 1jOyXMIyJrH4I8gUEl6wEdXsHPHcn1MVrcRCicLBgFeC7xvqGaTbqEDXyWZktiqfXl+o DyGtXCKnqtRw/eDbgPEFqCHjSWMmovdz897P5pYYVEM7rygIJ8P7WT1yovIBMxGRq4vO 2VhwrPXWA9wAlNdtqkD7CHQ+R5QTyscCaSDhAyQoi3yUfNKn/41bugr8Q/u9u9aYG8jL OTgQ== X-Gm-Message-State: AOJu0YxIU6sKmVc/RLJ0FTAAXUnWmPL2SNH2C33QID0JtIcJhNGN0AHH 1voMY/Zy+bgbfyVoxWVjv87aoA/AoAFnjSVAG7NLA24i3gmGnpDHyFS5/Q8Tz5ElKafRcjkbuc3 FLTBb X-Gm-Gg: ASbGncsbotdL/PSSbgkSTWN1LdN3hAXBZZE3A33q2O3bXLzXmEXHLf/yc1pVZ+bwhYd jutUWlxEnPDA6gAPCZW9kMqFtNNIDv4S0aUOC1Wb5ty64p1ko/voMbhBLdn9WqV9AbWymqpK7Wb IaeHNWmpNhCTGaAQXmCNc9mRPUk/Qr1mNdoRlnoCXw15B/W5gjAXdwlbt9C/3qKqantrbJ7S8mA gZzKr0cffllXa7sOTdI/L22VcSAuz8LTXzOaqN/Prk1Jhco9rNFHLsWFM3XbY2XqsTo0mqwxusu ScN2lqj+jJSDBrs3yPz+Eb+sGdvZwlVJtFgdwTVFZ9hD6Krm5o9431edp6ssY8c33xblqrj4aXc 736ltXZoEmPN9WC4yHJBsCZE= X-Google-Smtp-Source: AGHT+IEzj1inbqficOeIMtnEqZ+orM0+3rNC58rOiVTbufJMS87L1tLTQRQMPKkcadPPy/Fnooocng== X-Received: by 2002:a05:6a20:258e:b0:215:efe1:a680 with SMTP id adf61e73a8af0-23d4903fdd5mr11536662637.16.1753392943334; Thu, 24 Jul 2025 14:35:43 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:42 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/16] binutils: Fix CVE-2025-7546 Date: Thu, 24 Jul 2025 14:35:18 -0700 Message-ID: <3a54f11b9462905e103e13161a77ef681f14dc92.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220875 From: Yash Shinde Report corrupted group section instead of trying to recover. CVE: CVE-2025-7546 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b] PR 33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0023-CVE-2025-7546.patch | 58 +++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 9471e6accd..a3ad655dbe 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -53,5 +53,6 @@ SRC_URI = "\ file://CVE-2025-1179.patch \ file://0022-CVE-2025-5245.patch \ file://0022-CVE-2025-5244.patch \ + file://0023-CVE-2025-7546.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch new file mode 100644 index 0000000000..23c38091a2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch @@ -0,0 +1,58 @@ +From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:52:00 +0800 +Subject: [PATCH] elf: Report corrupted group section + +Report corrupted group section instead of trying to recover. + + PR binutils/33050 + * elf.c (bfd_elf_set_group_contents): Report corrupted group + section. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b] +CVE: CVE-2025-7546 + +Signed-off-by: H.J. Lu +Signed-off-by: Yash Shinde +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index 14ce15c7254..ee894eb05f2 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) + break; + } + +- /* We should always get here with loc == sec->contents + 4, but it is +- possible to craft bogus SHT_GROUP sections that will cause segfaults +- in objcopy without checking loc here and in the loop above. */ +- if (loc == sec->contents) +- BFD_ASSERT (0); +- else ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ ++ loc -= 4; ++ if (loc != sec->contents) + { +- loc -= 4; +- if (loc != sec->contents) +- { +- BFD_ASSERT (0); +- memset (sec->contents + 4, 0, loc - sec->contents); +- loc = sec->contents; +- } ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = true; ++ return; + } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); +-- +2.43.5 + From patchwork Thu Jul 24 21:35:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67433 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56A62C87FCE for ; Thu, 24 Jul 2025 21:35:50 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.5116.1753392945756581694 for ; Thu, 24 Jul 2025 14:35:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OhChhZwi; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-7490cb9a892so1058411b3a.0 for ; Thu, 24 Jul 2025 14:35:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392945; x=1753997745; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZeKfLn/Ai9KqNq9TKY4D1m/M1h95WFGX1eKLuy/Fb5I=; b=OhChhZwi78gk2PR3E0UN5p1Muc8yCZKW0TODF3JO1tRAfGBU1b9Noh0zl2D4G/u1aw biFGlM1zzKRKfjuIQSXoO6GvtqcuRnzvgsyMnLRoQY6Ge/eIHyXyq4mWRn3Ij5bzJn1n zqXf09um+/2P94hbx7uDC5RFxMN+vHuAlsuaRVy3A3pJ0oGy9D9neLwK2x1fXG7sUDTW wnRFsZRMNrk47xABMkxRMvPpvm/fsNhwWYkeTF0FP/i4AGd7/AjKvsITGBa5uyTDo6Ar OR1FxByk7wGM3wxQldz/AeyFDrAYwnE9DAYuPUYM9/xLeKy2M76WBbMDyZhsjVpaaMDv NLAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392945; x=1753997745; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZeKfLn/Ai9KqNq9TKY4D1m/M1h95WFGX1eKLuy/Fb5I=; b=XRNpon56PkuulANwrOLVlVHpAQp5FAgtIpsD0P3iaEPCgiNQwzsXkcg6Knj/W+xagz tnFH1FJDB6Y72hxR79TLFIxyl7XsXlj1/UNGf894vBnpSPu5VrIS8C0FgV+ukzWuE/m8 svg4HLOir07qk1+APvwq2lxxmWI+LT8QWr+iPQXBKzsYVF+mxK6dJIikX/ptrz9+T8dj Fdh1n8F+JS4l0w5LuWlw+2+gberbmLourrgQmqFrTC/fyQUYTCYe/2snKEm6L3I5KWbv nifwRrEDtTj3lOzankFiMNT5+S6QZj2kaHxUBc+Zskkh6Ck9ZTIomo1kCceu06i+kJRB Hc4Q== X-Gm-Message-State: AOJu0YwiH4CAxwxpSvyWGaMHB9rTvI4UNn35CQcXFIA3yPS1v4PD/ZXP J0uDvwOcPngwFgk2HdKyOaJjhhkCfFMQ2XqGMIY3zYWhxFDNXwKL4s/7OPp0QgxX00s0VOXJe+h Rw28A X-Gm-Gg: ASbGncsWnq+h6RYWdqsERZQ418Kwsj4tJcdLyg4n0Ju2Bl0bIAnNa6dMeVd8yzMocd3 w/n8ABM30F5nYH/Fe2j+6istwIxKrEaDXiLHIb58TtW2ZoBsD+0Vmppjo2pOhGKrpBJzbQk3+nN w8OYPSKYkUMbiadTmyulAz3GVvZWdhvhcZWFCGjOmPmgpICK4T5VrtfH+X7tSrpVvPIF6hQxqFP 00ymM7R7kz3dPDA6Ks9v4ulGWBta910ut2mG0KQE8Efv/cMNz74bkMDzV20osu3ZjwUV6tJi8oV HIwW0D3fYOncynEurerjbNADTdg/pE/UmkHImeg4cmZOjHFjuupTCYydTioJ8sLuMAFBX9trzgu rz5o6TM9gmFoL X-Google-Smtp-Source: AGHT+IFH+pp7MetT8aAHO4hciMG3tpDlQFKrRL20NDRFenKIy5+W5rW2hlASCTOzB5DE+YVivAB2mQ== X-Received: by 2002:a05:6a00:188e:b0:758:b81:603a with SMTP id d2e1a72fcca58-76034c002d2mr11688956b3a.2.1753392944868; Thu, 24 Jul 2025 14:35:44 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:44 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/16] binutils: Fix CVE-2025-7545 Date: Thu, 24 Jul 2025 14:35:19 -0700 Message-ID: <5c0c7058484fd8b1a82c2c810f7bccf016ea482b.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220876 From: Deepesh Varatharajan objcopy: Don't extend the output section size Since the output section contents are copied from the input, don't extend the output section size beyond the input section size. Backport a patch from upstream to fix CVE-2025-7545 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 4 ++ .../binutils/0023-CVE-2025-7545.patch | 39 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index a3ad655dbe..9aa3096b4f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -53,6 +53,10 @@ SRC_URI = "\ file://CVE-2025-1179.patch \ file://0022-CVE-2025-5245.patch \ file://0022-CVE-2025-5244.patch \ +<<<<<<< HEAD file://0023-CVE-2025-7546.patch \ +======= + file://0023-CVE-2025-7545.patch \ +>>>>>>> binutils: Fix CVE-2025-7545 " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch new file mode 100644 index 0000000000..de132f74fc --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch @@ -0,0 +1,39 @@ +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:36:56 +0800 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] +CVE: CVE-2025-7545 + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: Deepesh Varatharajan + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index a85d2620..18cd1bfd 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4547,6 +4547,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4566,6 +4567,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; From patchwork Thu Jul 24 21:35:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67436 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 643EDC87FD1 for ; Thu, 24 Jul 2025 21:35:50 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.5245.1753392947357112036 for ; Thu, 24 Jul 2025 14:35:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PaahxMOT; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-74801bc6dc5so1454782b3a.1 for ; Thu, 24 Jul 2025 14:35:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392946; x=1753997746; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Oa5zTJaZA4m77/2sa2tWWx4PrS+t+PDhKVg4thpOUO0=; b=PaahxMOTguFRG60tSlGJJHg78NuCpDHTxwQtQpCDRPrTy3Xe+cIr5DshKwO6E56SsB w4WujDs8tfvq3EWPYvwx+BJNqx07eEcq3Jc8/UmyLcENhENtkAk3Jxf/5lnOCKaN0qgC 8+/kt0/w+fdlu+dXsHELn3c/NjQxwk1Sc06B7X3K+fwhyT+P6lwkTT3JcrANdNFC/okU nV/wBq1vGzLrpZBSokoby6n0FtFp39iGV75RN1iqy8kxtHZMegrAWUO/WBRB7aOrpwWN utl3rJjd7Lo2lAipRhw8g9RSlFuaZ0phgzx2O5dBq95VB8Bm0vZccf1hUSNkkBwrFO+f 5F1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392946; x=1753997746; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Oa5zTJaZA4m77/2sa2tWWx4PrS+t+PDhKVg4thpOUO0=; b=N8oArCYNGkkJr4GhByRxgFj549yXT0DhB/Q08u693PtBO1+m2p1PwQ4fV05gM2nb+v kW6+PLLKre/kWSjnKQyKbmpmOjOhrI31glpEXhy/9RPXKPvSAK2JEHQ28PuxOhjFkbDL baYynNQQgDCAilMUdMfo+xReo7FNbKgNjowvO4ktWNX+RO/PMiFmnNSwE1MdryfGgcwx D4HsUcrDtRjl4XyZtL+fRsC20WIre3ozdK73XKEjNS/MW3+ENWJ0Fl4qRy0JJN6BCqao cHSEg/6X9XyGcZvRHoDLNSEaihHjZPXHzrgzhAIJHHxm35H25VMd755K/HcFJEN0U0vs K+rQ== X-Gm-Message-State: AOJu0Ywe1t0MTUfNjVrx//dE3T3jbDEzl3gHhq9cdME1WOf39WcdQW0H Dj8PKK+MhetYwIQHIGOnSBViWJVLRVOq06Z44+2tbbP3QQU7yY7xwdf9Ed2/5Qv2MNkW8bIxeK0 nasuI X-Gm-Gg: ASbGncu8y6LE9Et+Vyx2E8PemIhrgiDHzc4gyKjSynn4cCTWeJxUYG1yP3U47IX7GzU HowwqNdoLfiG50g54Ynxw9fLa8jwac7OxlnAhutV2LUGm0QleVMEwRdWpfNWpkS/yu/Kn9QDQ/t XLpV5zCwCoAfEHJDW6/fT/bFQ68upZWddrDHRMoJBvoPr4IR4KUGdFbOoyQX7Umk7coRtr4z3bM RVI9gA1uJTNoK8Q1ElRSMFiybGUs7pKAT5fchuO/o7s4k6hGzM2lXGysk90pgtZQAAsdnvqxD1d wWDQjiAVrQoH9NP4c/MOjd3dEb07fyr10jRofWTcssJaQT8YqO/46SZm6yvqmtjMAHtWkRmouaY fDG+D0ZsAsz1+ X-Google-Smtp-Source: AGHT+IFGM6rYONSt7eEMO2gu3TKFC0uPbg+N+hcYxJKAasHYCRfTk1d61BAYgEOCxIvNvwEpyIRIBg== X-Received: by 2002:aa7:9ec2:0:b0:736:b400:b58f with SMTP id d2e1a72fcca58-761eb23c508mr3684122b3a.0.1753392946384; Thu, 24 Jul 2025 14:35:46 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/16] sqlite3: fix CVE-2025-6965 Date: Thu, 24 Jul 2025 14:35:20 -0700 Message-ID: <43ac67fcc22e59dbc7eff2a00ae8421b952af654.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220877 From: Roland Kovacs There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. Signed-off-by: Roland Kovacs Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 3 - .../sqlite/sqlite3/CVE-2025-6965.patch | 112 ++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.45.3.bb | 1 + 3 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 9aa3096b4f..fb34ea9763 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -53,10 +53,7 @@ SRC_URI = "\ file://CVE-2025-1179.patch \ file://0022-CVE-2025-5245.patch \ file://0022-CVE-2025-5244.patch \ -<<<<<<< HEAD file://0023-CVE-2025-7546.patch \ -======= file://0023-CVE-2025-7545.patch \ ->>>>>>> binutils: Fix CVE-2025-7545 " S = "${WORKDIR}/git" diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch new file mode 100644 index 0000000000..233d8697ec --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch @@ -0,0 +1,112 @@ +From a91c0d55011d06858726d4783fd16ed8ec71e793 Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Fri, 27 Jun 2025 19:02:21 +0000 +Subject: [PATCH] Raise an error right away if the number of aggregate terms in + a query exceeds the maximum number of columns. + +FossilOrigin-Name: 5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 + +CVE: CVE-2025-6965 +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/c52e9d97d485a3eb168e3f8f3674a7bc4b419703] +Signed-off-by: Roland Kovacs +--- + sqlite3.c | 30 ++++++++++++++++++++++++++---- + 1 file changed, 26 insertions(+), 4 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 1ee8de4a85..5c7c126076 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -15000,6 +15000,14 @@ typedef INT16_TYPE LogEst; + #define LARGEST_UINT64 (0xffffffff|(((u64)0xffffffff)<<32)) + #define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64) + ++/* ++** Macro SMXV(n) return the maximum value that can be held in variable n, ++** assuming n is a signed integer type. UMXV(n) is similar for unsigned ++** integer types. ++*/ ++#define SMXV(n) ((((i64)1)<<(sizeof(n)*8-1))-1) ++#define UMXV(n) ((((i64)1)<<(sizeof(n)*8))-1) ++ + /* + ** Round up a number to the next larger multiple of 8. This is used + ** to force 8-byte alignment on 64-bit architectures. +@@ -18785,7 +18793,7 @@ struct AggInfo { + ** from source tables rather than from accumulators */ + u8 useSortingIdx; /* In direct mode, reference the sorting index rather + ** than the source table */ +- u16 nSortingColumn; /* Number of columns in the sorting index */ ++ u32 nSortingColumn; /* Number of columns in the sorting index */ + int sortingIdx; /* Cursor number of the sorting index */ + int sortingIdxPTab; /* Cursor number of pseudo-table */ + int iFirstReg; /* First register in range for aCol[] and aFunc[] */ +@@ -18794,8 +18802,8 @@ struct AggInfo { + Table *pTab; /* Source table */ + Expr *pCExpr; /* The original expression */ + int iTable; /* Cursor number of the source table */ +- i16 iColumn; /* Column number within the source table */ +- i16 iSorterColumn; /* Column number in the sorting index */ ++ int iColumn; /* Column number within the source table */ ++ int iSorterColumn; /* Column number in the sorting index */ + } *aCol; + int nColumn; /* Number of used entries in aCol[] */ + int nAccumulator; /* Number of columns that show through to the output. +@@ -115162,7 +115170,9 @@ static void findOrCreateAggInfoColumn( + ){ + struct AggInfo_col *pCol; + int k; ++ int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN]; + ++ assert( mxTerm <= SMXV(i16) ); + assert( pAggInfo->iFirstReg==0 ); + pCol = pAggInfo->aCol; + for(k=0; knColumn; k++, pCol++){ +@@ -115180,6 +115190,10 @@ static void findOrCreateAggInfoColumn( + assert( pParse->db->mallocFailed ); + return; + } ++ if( k>mxTerm ){ ++ sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm); ++ k = mxTerm; ++ } + pCol = &pAggInfo->aCol[k]; + assert( ExprUseYTab(pExpr) ); + pCol->pTab = pExpr->y.pTab; +@@ -115213,6 +115227,7 @@ fix_up_expr: + if( pExpr->op==TK_COLUMN ){ + pExpr->op = TK_AGG_COLUMN; + } ++ assert( k <= SMXV(pExpr->iAgg) ); + pExpr->iAgg = (i16)k; + } + +@@ -115297,13 +115312,19 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + ** function that is already in the pAggInfo structure + */ + struct AggInfo_func *pItem = pAggInfo->aFunc; ++ int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN]; ++ assert( mxTerm <= SMXV(i16) ); + for(i=0; inFunc; i++, pItem++){ + if( NEVER(pItem->pFExpr==pExpr) ) break; + if( sqlite3ExprCompare(0, pItem->pFExpr, pExpr, -1)==0 ){ + break; + } + } +- if( i>=pAggInfo->nFunc ){ ++ if( i>mxTerm ){ ++ sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm); ++ i = mxTerm; ++ assert( inFunc ); ++ }else if( i>=pAggInfo->nFunc ){ + /* pExpr is original. Make a new entry in pAggInfo->aFunc[] + */ + u8 enc = ENC(pParse->db); +@@ -115357,6 +115378,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + */ + assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) ); + ExprSetVVAProperty(pExpr, EP_NoReduce); ++ assert( i <= SMXV(pExpr->iAgg) ); + pExpr->iAgg = (i16)i; + pExpr->pAggInfo = pAggInfo; + return WRC_Prune; diff --git a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb index d39cb3805b..60a8f1449b 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2025-3277.patch \ file://CVE-2025-29088.patch \ + file://CVE-2025-6965.patch \ " SRC_URI[sha256sum] = "b2809ca53124c19c60f42bf627736eae011afdcc205bb48270a5ee9a38191531" From patchwork Thu Jul 24 21:35:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67434 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 643B0C87FCF for ; Thu, 24 Jul 2025 21:35:50 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.5118.1753392948763947394 for ; Thu, 24 Jul 2025 14:35:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=MzdckH0M; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-7425bd5a83aso1627920b3a.0 for ; Thu, 24 Jul 2025 14:35:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392948; x=1753997748; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YaVCZw7rVH9WBQNClAI9WhIhDm7oaqb72sS5HDzbtkU=; b=MzdckH0MwrGLmmrCBY+0kjCY3G7Dn0Qr9wM31OReKSEhA1Zc93tRnGNV9s+I8piLjS 6wL8mevKnRs7Gg3GLZ1bACqWHw9e9JpFP69rWFmZ4Q5BNL6sJc09EpDHD0hsSZnN7U2r 7YXnTZ1iQUsMC6tNubESQChdbRN06cIum7t73Go3WlnOr843Y0mIkAv/ZiaJyUdDYa+W mLGsj6vQhiPIIGU73e5vfcdTN/sjPKIbP8p7eQI70UMIz2V07H0mZ5+Jq+Xfklr2zW7Y mxXuh1osDcZvepQax7zObQz270fXot5JZhMN8mheTi4F+oAHvq0PDeTpMJ/3R1fh0O4h /vmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392948; x=1753997748; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YaVCZw7rVH9WBQNClAI9WhIhDm7oaqb72sS5HDzbtkU=; b=nFo75WKLIzW+BSQuJH5fcM19Wmhk2FvRBd9fjE/JOnguq151JNt1FOQLv6yAg0jW4b ZVHtMfACNVjVR1nNhO69aAew3a3tdQGl1QJ1E8752+bH3DDz0NDFV2rtyaR1y4yE0GFx TavS3vE4adNnvo/197Oq1QDUjKmLIeM4cq3TlVOAYmuO2QoezQvRklPV1bsgiyzkgc7I iqLjIdXjMdSNsYyy25z+43BsWh6BJgQFjS7Gp8W3MWqjeRI10ghgbYXiWDpDXkag3+Ow Z0FTap4E8dqpGZPGlNaOUF90R4kxSvWbCWlKCnvUQQ5kY5JYsaTMlguc8p6F8ipNh/Ad JYhg== X-Gm-Message-State: AOJu0YzxFeaJoZF1f+isj3TOjTpTPF2zSdK398v8cE+37+Y9lQsH3Fj7 igVgcgSYTtZWcBCTpV58pfbP6o+jdp9gFlwLuG+grHy8IpioOzzsE2fOQYbwAjY4Zk7BJ7YsOEM hsw/G X-Gm-Gg: ASbGncuS0a56rY/XtoRnnxC1de6JeSh5s4b8FhjAn8WUTacbmKU3Jp7TAdwV8hmfkQM 3ewWENyF8U3mwMJu7AyBuMK7DEkdl0IwIpl+aXemipawpMUV36RUZp+nnZeR4Pe4EOav3yra2pb +ebuWKLdeKBvmhM90oNCIeGVuTsIgQAWaIvIv0fdxFW6d4ClffnIA6cM/g0b9YcM/sgMcLSrucX Pnp9smXf9G99jpTDdkvG3Lz+QQJhEs+2Vftpqp2Py/7bktee/e5lK41nyfqGWi7geqeKazQa0bp wPCEywj0Wo9dZpjgrgmaBdSsE5mNSCIm/bHyvxo1Xg7bcHGjp0U1MEyhWhy+n6ErEVEHaUxfabQ 5oJLyYSmgnwmfy/By2AzEfS4= X-Google-Smtp-Source: AGHT+IFMX/UDF1+seOia1EIfWMR/YuuCwLDZVJRoB1i5ma7XiyS2QC+BlhDt1iy1KfcdVh3IQagCyg== X-Received: by 2002:a05:6a21:3285:b0:216:1476:f71 with SMTP id adf61e73a8af0-23d491698c9mr13907996637.39.1753392947894; Thu, 24 Jul 2025 14:35:47 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/16] orc: set CVE_PRODUCT Date: Thu, 24 Jul 2025 14:35:21 -0700 Message-ID: <3977b007727e7029dabff0394f12dc4190e29aaa.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220878 From: Peter Marko There are new CVEs reported for this recipe which are not for this componene, but for a component with same name from apache. sqlite> select vendor, product, id, count(*) from products where product like 'orc' group by vendor, product, id; apache|orc|CVE-2018-8015|1 apache|orc|CVE-2025-47436|4 gstreamer|orc|CVE-2024-40897|1 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/orc/orc_0.4.40.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/orc/orc_0.4.40.bb b/meta/recipes-devtools/orc/orc_0.4.40.bb index e437831cd7..ee96ca0a4c 100644 --- a/meta/recipes-devtools/orc/orc_0.4.40.bb +++ b/meta/recipes-devtools/orc/orc_0.4.40.bb @@ -9,6 +9,9 @@ SRC_URI[sha256sum] = "3fc2bee78dfb7c41fd9605061fc69138db7df007eae2f669a1f56e8bac inherit meson pkgconfig gtk-doc +# distinguish from apache:orc +CVE_PRODUCT = "gstreamer:orc" + GTKDOC_MESON_OPTION = "gtk_doc" GTKDOC_MESON_ENABLE_FLAG = "enabled" GTKDOC_MESON_DISABLE_FLAG = "disabled" From patchwork Thu Jul 24 21:35:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67438 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 626CDC87FCA for ; Thu, 24 Jul 2025 21:36:00 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.5119.1753392950668713142 for ; Thu, 24 Jul 2025 14:35:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nn9G5KCf; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-7600271f3e9so1347044b3a.0 for ; Thu, 24 Jul 2025 14:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392950; x=1753997750; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0SExyELtirSLHPZawYAEgVSr0buqvalPQSqNJfMTY24=; b=nn9G5KCfMIJVs4wZ7uiswyqpIkMmlHUC3qQDsGHuxqI22eVYSYxaA/kMIAO2e3Apco ODfdfAvAYlKH9tmNLx6I7gCRwd3gIwjVk+97Wl0FqVNswiHcsuJTf4DfOhvqf5vnKib3 BY11Y9ZlEI0Oirxjui/qn2AXIIa59FxumpwuEetYD8HDLp4ppDrEK6EFXDqI/bDt8001 ExySqnC7mLJzeC2Q1R8XO4SBNmehfrWs/CRAGSxC9j9oCGjLigSmeNFWDHefCmaxxryG p28ujNbkUood51YhYFv367TJ0Aj7b3FYKViurlUP1VbEPrQ4uwIPOmDTwxC8UzX87evf o9kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392950; x=1753997750; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0SExyELtirSLHPZawYAEgVSr0buqvalPQSqNJfMTY24=; b=uHc1RjJX3Zk/Nh2sEmsp5oWlmGN0XrxfAna86TYGy2sHqJ+cw/Jc5aLgtYEZAzCfJZ 4qN2W0ZPdOT3mlO93AOFikkm3goNIttuIEltw2p4BFN/aT6KDvTmrXYyotO31/7etFub y7FARgGGkfiHQ3mx/WL/cRRj14UAosdZY5z0VL5yZmp2aAIfN8GDszbVhL3ZMIlJgzha u4iEuoyMaw+n0GQHC8vh+jMQtZHq4jeL7zSObNsYDRuR1r6GoiaxOI1CfjHECRA4Rusc 6Rc4lkqcyUaY18JhD5EfSHCnonHik6KN7Q3L+AvKyJasvkRoJbljcsiv6Mxvg2/WvJtd BzvQ== X-Gm-Message-State: AOJu0YzOzNLn66hXQRP5IbnFmxPHygUSXe/lBISb8AynqBvzl/xXCy1J 6a12GEw2BxGToCaW7iopA1EaVGBG1rvwCg0+ierTDWkhwVhdKJW1d0DuMBMS+21rXc0pkyoJJem QlWWp X-Gm-Gg: ASbGncvD19W/TQtARoNwwUqWqzvZqRnjM8pWJGLnhPIBhzYiY0iQIZ79tStP3omW8/d yQ+/uLLuc8V4WzPvI1b/xaf+4Lvoa1/43y379GgTYyw+SI/ye5h0AJbdEY1lVgWQGGJ2oSW7QyQ PLFyuNezvBogSQsUzFjU8YL0mvAjzbENdfmSf3MYuXI6+//iHPqMglaE6n8qkr58ZC/HdjsS7f/ jZcd9xUCOwsRaqpcMA2OZsN1cZzMqbiru9tQEjq1v+CsslfcNgYtKhN9eWbhLzsc5RMsUeXRoKG LtJ3ULg1VVD+Bfkl2+kKYClijkSPdU6JO3jNQpaaFmrt+yBMyQXf1utBHHaSXwKbJ1f3d+Iv7vs pGXWfXfdBKvi29+TexO5TGJY= X-Google-Smtp-Source: AGHT+IFggd4yIpSo+wnb30sGkhtEIcP8Mht4IXENET4xpbaYfvfp+YhK4+3puNFlSFm3TP3b+DLTfQ== X-Received: by 2002:a05:6a00:2489:b0:746:1d29:5892 with SMTP id d2e1a72fcca58-761eee32e43mr4897573b3a.4.1753392949709; Thu, 24 Jul 2025 14:35:49 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:49 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/16] openssl: CVE-2024-41996 Date: Thu, 24 Jul 2025 14:35:22 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220879 From: Archana Polampalli From: Peter Marko As discussed in [1], this commit fixes CVE-2024-41996. Although openssl project does not consider this a vulnerability, it got CVE number assigned so it deserves attention. [1] https://github.com/openssl/openssl/pull/25088 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2024-41996.patch | 44 +++++++++++++++++++ .../openssl/openssl_3.2.4.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch new file mode 100644 index 0000000000..dc18e0bef1 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch @@ -0,0 +1,44 @@ +From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 5 Aug 2024 17:54:14 +0200 +Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known + safe-prime groups +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The partial validation is fully sufficient to check the key validity. + +Thanks to Szilárd Pfeiffer for reporting the issue. + +Reviewed-by: Neil Horman +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/25088) + +CVE: CVE-2024-41996 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e70e34d857d4003199bcb5d3b52ca8102ccc1b98] +Signed-off-by: Peter Marko +--- + providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c +index 82c3093b12..ebdce76710 100644 +--- a/providers/implementations/keymgmt/dh_kmgmt.c ++++ b/providers/implementations/keymgmt/dh_kmgmt.c +@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype) + if (pub_key == NULL) + return 0; + +- /* The partial test is only valid for named group's with q = (p - 1) / 2 */ +- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK +- && ossl_dh_is_named_safe_prime_group(dh)) ++ /* ++ * The partial test is only valid for named group's with q = (p - 1) / 2 ++ * but for that case it is also fully sufficient to check the key validity. ++ */ ++ if (ossl_dh_is_named_safe_prime_group(dh)) + return ossl_dh_check_pub_key_partial(dh, pub_key, &res); + + return DH_check_pub_key_ex(dh, pub_key); diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb index c4ad80e734..d6bf32d989 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb @@ -12,6 +12,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://CVE-2024-41996.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Thu Jul 24 21:35:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67440 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 712B6C83F26 for ; Thu, 24 Jul 2025 21:36:00 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.5120.1753392953559452010 for ; Thu, 24 Jul 2025 14:35:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=U/IN6yDn; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-75ab31c426dso1285934b3a.3 for ; Thu, 24 Jul 2025 14:35:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392953; x=1753997753; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZgBkUfMLvm31afbkioodXPjmmJcvaL1EnndIfpbKyOo=; b=U/IN6yDnhSXTebvxCBD/Ozg+/yvy6aemkcW/2G3uQhUtNyNOyi7A78cff3Cl+uCjtA AjPa24qQWaPaxQuszn8/Z+xs5mEb12R+aszPX4o2dYriy/Tdhh1cnokgEM9rc/x28UH5 01ZlfzfOXmzfc3Y2Tv+8P/D3x7oBwRs1BFBIREN1+e+f+2csGYAp5vDgjkrWyAzF2+J/ +TScdb1gVupFgBUt20wcw4YAkBb9tYx295pdE5WXf1iWHPPdp42+HHSNIznAggxIxlYL 8CT9B/oVKJhU2OuWbpKE0/NCybzHu4+NNaXkGi4AOMsT6zI67jIeSSKLFYVXvF02QMbf lqtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392953; x=1753997753; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZgBkUfMLvm31afbkioodXPjmmJcvaL1EnndIfpbKyOo=; b=bz3LZbOmFv6J37E39zCFNaI28v5xWjBpkAU0C6P8TjV1hwbmGfmVsYFdOXMyqcIGzu N02y++QXlpPyIayaLkySVuY8zBjh7H6bIxTAMpHl1EVzdGl+QHV4MVcFjfa3ZDU6eNar I9H7MAUKUlVuTCRq//gxapQwpjp9FaOHaF6DywIMM3b3aSVIhEy7uoG2CGrzKFppOLaG R2BM6tO35Pfy7VmhMQKkSy1xOT8Ya9ku6HwcECcHenAsMN+Z9OPQ0h9cES1u4AGgcGzy LE8Xrn83FR7Vl60gsDf6oRWJmU5g6+7q4DrWwfgipYrPKZ6luc98ZQZDrbyJYU9MAbKG ANoA== X-Gm-Message-State: AOJu0YxBIqltUpCkAWBDdiCFLc8aK/fbxnocd8GC0pigEUoPNe+ooZzY ZVe7hr6x0wwcLmWZrIk9gn4dd14OzS5HEbNGIVVnf0Ivx2jopVWbvXATm7/3UyiyBlXdxJ+7ZHo zwoya X-Gm-Gg: ASbGncvN7EcP9+8d13QKcR4ih0n4citt1uOiqbTYFmgqBgV1yDAZm2BRv/SoiwGbeU6 S/XFQo6L8zSQBzvoY13vOUCoOhIPAYDELWOHc9ymf2KGTg3nM/5cBuPOl0QxDtoT0uHEqtia65m vnBCQhhNVgV2SVMFC4Fu4LU2fLAq+OlWaU2gyLIOqyddCT13Q/fEALvZluGhJ8yMqOygsALkEsd Juq6GkXKYRsVEhzNtUB6z4lW4Xq2YXsN8i0hUKehtnzJrq+kwvC5asmhS4ikFcpBTfkyTbfMAkD C5jeymkTZ9mP/0Ai2nsM3je0QR5sfYL3a9Fsk37f6z3PtYcYjZa/OIV+WU/DxhueVXWPvq2AWDH K7hm6D4PmH7+redOiP+wvjxE= X-Google-Smtp-Source: AGHT+IGK1tWClPUMHZf5Fk/tGW8LQcyKxjvfQu95soWqFXesQ8V3lAQGIARle6pWBejr0vIRDkOHKg== X-Received: by 2002:a05:6a00:4fcd:b0:736:5664:53f3 with SMTP id d2e1a72fcca58-760351dd48emr10102483b3a.15.1753392951833; Thu, 24 Jul 2025 14:35:51 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:51 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/16] openssl: patch CVE-2025-27587 Date: Thu, 24 Jul 2025 14:35:23 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220880 From: Peter Marko Pick commits for Minerva fix between 3.2.4 and 3.2.5 release. Update to 3.2.5 is blocked due to problem with python ptest errors, so use patch instead of upgrade for now. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2025-27587-1.patch | 1918 +++++++++++++++++ .../openssl/openssl/CVE-2025-27587-2.patch | 129 ++ .../openssl/openssl_3.2.4.bb | 2 + 3 files changed, 2049 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch new file mode 100644 index 0000000000..eb3fc52dca --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch @@ -0,0 +1,1918 @@ +From 14ac0f0e4e1f36793d09b41ffd5e482575289ab2 Mon Sep 17 00:00:00 2001 +From: Danny Tsen +Date: Tue, 11 Feb 2025 13:48:01 -0500 +Subject: [PATCH] Fix Minerva timing side-channel signal for P-384 curve on PPC + +1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6() + for Montgomery multiplication. +2. ecp_nistp384-ppc64.pl: + - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with + minumum perl wrapper. + - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce. + - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly. +3. ecp_nistp384.c: + - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce. + +Signed-off-by: Danny Tsen + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/26709) + +(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5) + +CVE: CVE-2025-27587 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/14ac0f0e4e1f36793d09b41ffd5e482575289ab2] +Signed-off-by: Peter Marko +--- + crypto/bn/bn_ppc.c | 3 + + crypto/ec/asm/ecp_nistp384-ppc64.pl | 1724 +++++++++++++++++++++++---- + crypto/ec/ecp_nistp384.c | 28 +- + 3 files changed, 1504 insertions(+), 251 deletions(-) + +diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c +index 1e9421bee2..29293bad55 100644 +--- a/crypto/bn/bn_ppc.c ++++ b/crypto/bn/bn_ppc.c +@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + */ + + #if defined(_ARCH_PPC64) && !defined(__ILP32__) ++ /* Minerva side-channel fix danny */ ++# if defined(USE_FIXED_N6) + if (num == 6) { + if (OPENSSL_ppccap_P & PPC_MADD300) + return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); + else + return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); + } ++# endif + #endif + + return bn_mul_mont_int(rp, ap, bp, np, n0, num); +diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl +index 28f4168e52..b663bddfc6 100755 +--- a/crypto/ec/asm/ecp_nistp384-ppc64.pl ++++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl +@@ -7,13 +7,15 @@ + # https://www.openssl.org/source/license.html + # + # ==================================================================== +-# Written by Rohan McLure for the OpenSSL +-# project. ++# Written by Danny Tsen # for the OpenSSL project. ++# ++# Copyright 2025- IBM Corp. + # ==================================================================== + # +-# p384 lower-level primitives for PPC64 using vector instructions. ++# p384 lower-level primitives for PPC64. + # + ++ + use strict; + use warnings; + +@@ -21,7 +23,7 @@ my $flavour = shift; + my $output = ""; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + if (!$output) { +- $output = "-"; ++ $output = "-"; + } + + my ($xlate, $dir); +@@ -35,271 +37,1495 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; + + my $code = ""; + +-my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12"); +- +-my $vzero = "v32"; +- +-sub startproc($) +-{ +- my ($name) = @_; +- +- $code.=<<___; +- .globl ${name} +- .align 5 +-${name}: +- +-___ +-} +- +-sub endproc($) +-{ +- my ($name) = @_; +- +- $code.=<<___; +- blr +- .size ${name},.-${name} +- +-___ +-} +- +-sub load_vrs($$) +-{ +- my ($pointer, $reg_list) = @_; +- +- for (my $i = 0; $i <= 6; $i++) { +- my $offset = $i * 8; +- $code.=<<___; +- lxsd $reg_list->[$i],$offset($pointer) +-___ +- } +- +- $code.=<<___; +- +-___ +-} +- +-sub store_vrs($$) +-{ +- my ($pointer, $reg_list) = @_; +- +- for (my $i = 0; $i <= 12; $i++) { +- my $offset = $i * 16; +- $code.=<<___; +- stxv $reg_list->[$i],$offset($pointer) +-___ +- } +- +- $code.=<<___; +- +-___ +-} +- + $code.=<<___; +-.machine "any" ++.machine "any" + .text + +-___ ++.globl p384_felem_mul ++.type p384_felem_mul,\@function ++.align 4 ++p384_felem_mul: + +-{ +- # mul/square common +- my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43"); +- my ($zero, $one) = ("r8", "r9"); +- my $out = "v51"; ++ stdu 1, -176(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) + +- { +- # +- # p384_felem_mul +- # ++ bl _p384_felem_mul_core + +- my ($in1p, $in2p) = ("r4", "r5"); +- my @in1 = map("v$_",(44..50)); +- my @in2 = map("v$_",(35..41)); ++ mtlr 0 ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ addi 1, 1, 176 ++ blr ++.size p384_felem_mul,.-p384_felem_mul + +- startproc("p384_felem_mul"); ++.globl p384_felem_square ++.type p384_felem_square,\@function ++.align 4 ++p384_felem_square: + +- $code.=<<___; +- vspltisw $vzero,0 ++ stdu 1, -176(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) + +-___ ++ bl _p384_felem_square_core + +- load_vrs($in1p, \@in1); +- load_vrs($in2p, \@in2); +- +- $code.=<<___; +- vmsumudm $out,$in1[0],$in2[0],$vzero +- stxv $out,0($outp) +- +- xxpermdi $t1,$in1[0],$in1[1],0b00 +- xxpermdi $t2,$in2[1],$in2[0],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,16($outp) +- +- xxpermdi $t2,$in2[2],$in2[1],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in1[2],$in2[0],$out +- stxv $out,32($outp) +- +- xxpermdi $t2,$in2[1],$in2[0],0b00 +- xxpermdi $t3,$in1[2],$in1[3],0b00 +- xxpermdi $t4,$in2[3],$in2[2],0b00 +- vmsumudm $out,$t1,$t4,$vzero +- vmsumudm $out,$t3,$t2,$out +- stxv $out,48($outp) +- +- xxpermdi $t2,$in2[4],$in2[3],0b00 +- xxpermdi $t4,$in2[2],$in2[1],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- vmsumudm $out,$in1[4],$in2[0],$out +- stxv $out,64($outp) +- +- xxpermdi $t2,$in2[5],$in2[4],0b00 +- xxpermdi $t4,$in2[3],$in2[2],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- xxpermdi $t4,$in2[1],$in2[0],0b00 +- xxpermdi $t1,$in1[4],$in1[5],0b00 +- vmsumudm $out,$t1,$t4,$out +- stxv $out,80($outp) +- +- xxpermdi $t1,$in1[0],$in1[1],0b00 +- xxpermdi $t2,$in2[6],$in2[5],0b00 +- xxpermdi $t4,$in2[4],$in2[3],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- xxpermdi $t2,$in2[2],$in2[1],0b00 +- xxpermdi $t1,$in1[4],$in1[5],0b00 +- vmsumudm $out,$t1,$t2,$out +- vmsumudm $out,$in1[6],$in2[0],$out +- stxv $out,96($outp) +- +- xxpermdi $t1,$in1[1],$in1[2],0b00 +- xxpermdi $t2,$in2[6],$in2[5],0b00 +- xxpermdi $t3,$in1[3],$in1[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- xxpermdi $t3,$in2[2],$in2[1],0b00 +- xxpermdi $t1,$in1[5],$in1[6],0b00 +- vmsumudm $out,$t1,$t3,$out +- stxv $out,112($outp) +- +- xxpermdi $t1,$in1[2],$in1[3],0b00 +- xxpermdi $t3,$in1[4],$in1[5],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- vmsumudm $out,$in1[6],$in2[2],$out +- stxv $out,128($outp) +- +- xxpermdi $t1,$in1[3],$in1[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- xxpermdi $t1,$in1[5],$in1[6],0b00 +- vmsumudm $out,$t1,$t4,$out +- stxv $out,144($outp) +- +- vmsumudm $out,$t3,$t2,$vzero +- vmsumudm $out,$in1[6],$in2[4],$out +- stxv $out,160($outp) +- +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,176($outp) +- +- vmsumudm $out,$in1[6],$in2[6],$vzero +- stxv $out,192($outp) +-___ ++ mtlr 0 ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ addi 1, 1, 176 ++ blr ++.size p384_felem_square,.-p384_felem_square + +- endproc("p384_felem_mul"); +- } ++# ++# Felem mul core function - ++# r3, r4 and r5 need to pre-loaded. ++# ++.type _p384_felem_mul_core,\@function ++.align 4 ++_p384_felem_mul_core: + +- { +- # +- # p384_felem_square +- # ++ ld 6,0(4) ++ ld 14,0(5) ++ ld 7,8(4) ++ ld 15,8(5) ++ ld 8,16(4) ++ ld 16,16(5) ++ ld 9,24(4) ++ ld 17,24(5) ++ ld 10,32(4) ++ ld 18,32(5) ++ ld 11,40(4) ++ ld 19,40(5) ++ ld 12,48(4) ++ ld 20,48(5) + +- my ($inp) = ("r4"); +- my @in = map("v$_",(44..50)); +- my @inx2 = map("v$_",(35..41)); ++ # out0 ++ mulld 21, 14, 6 ++ mulhdu 22, 14, 6 ++ std 21, 0(3) ++ std 22, 8(3) + +- startproc("p384_felem_square"); ++ vxor 0, 0, 0 + +- $code.=<<___; +- vspltisw $vzero,0 ++ # out1 ++ mtvsrdd 32+13, 14, 6 ++ mtvsrdd 32+14, 7, 15 ++ vmsumudm 1, 13, 14, 0 + +-___ ++ # out2 ++ mtvsrdd 32+15, 15, 6 ++ mtvsrdd 32+16, 7, 16 ++ mtvsrdd 32+17, 0, 8 ++ mtvsrdd 32+18, 0, 14 ++ vmsumudm 19, 15, 16, 0 ++ vmsumudm 2, 17, 18, 19 + +- load_vrs($inp, \@in); ++ # out3 ++ mtvsrdd 32+13, 16, 6 ++ mtvsrdd 32+14, 7, 17 ++ mtvsrdd 32+15, 14, 8 ++ mtvsrdd 32+16, 9, 15 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 3, 15, 16, 19 + +- $code.=<<___; +- li $zero,0 +- li $one,1 +- mtvsrdd $t1,$one,$zero +-___ ++ # out4 ++ mtvsrdd 32+13, 17, 6 ++ mtvsrdd 32+14, 7, 18 ++ mtvsrdd 32+15, 15, 8 ++ mtvsrdd 32+16, 9, 16 ++ mtvsrdd 32+17, 0, 10 ++ mtvsrdd 32+18, 0, 14 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 4, 15, 16, 19 ++ vmsumudm 4, 17, 18, 4 + +- for (my $i = 0; $i <= 6; $i++) { +- $code.=<<___; +- vsld $inx2[$i],$in[$i],$t1 +-___ +- } +- +- $code.=<<___; +- vmsumudm $out,$in[0],$in[0],$vzero +- stxv $out,0($outp) +- +- vmsumudm $out,$in[0],$inx2[1],$vzero +- stxv $out,16($outp) +- +- vmsumudm $out,$in[0],$inx2[2],$vzero +- vmsumudm $out,$in[1],$in[1],$out +- stxv $out,32($outp) +- +- xxpermdi $t1,$in[0],$in[1],0b00 +- xxpermdi $t2,$inx2[3],$inx2[2],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,48($outp) +- +- xxpermdi $t4,$inx2[4],$inx2[3],0b00 +- vmsumudm $out,$t1,$t4,$vzero +- vmsumudm $out,$in[2],$in[2],$out +- stxv $out,64($outp) +- +- xxpermdi $t2,$inx2[5],$inx2[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in[2],$inx2[3],$out +- stxv $out,80($outp) +- +- xxpermdi $t2,$inx2[6],$inx2[5],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in[2],$inx2[4],$out +- vmsumudm $out,$in[3],$in[3],$out +- stxv $out,96($outp) +- +- xxpermdi $t3,$in[1],$in[2],0b00 +- vmsumudm $out,$t3,$t2,$vzero +- vmsumudm $out,$in[3],$inx2[4],$out +- stxv $out,112($outp) +- +- xxpermdi $t1,$in[2],$in[3],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in[4],$in[4],$out +- stxv $out,128($outp) +- +- xxpermdi $t1,$in[3],$in[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,144($outp) +- +- vmsumudm $out,$in[4],$inx2[6],$vzero +- vmsumudm $out,$in[5],$in[5],$out +- stxv $out,160($outp) +- +- vmsumudm $out,$in[5],$inx2[6],$vzero +- stxv $out,176($outp) +- +- vmsumudm $out,$in[6],$in[6],$vzero +- stxv $out,192($outp) +-___ ++ # out5 ++ mtvsrdd 32+13, 18, 6 ++ mtvsrdd 32+14, 7, 19 ++ mtvsrdd 32+15, 16, 8 ++ mtvsrdd 32+16, 9, 17 ++ mtvsrdd 32+17, 14, 10 ++ mtvsrdd 32+18, 11, 15 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 5, 15, 16, 19 ++ vmsumudm 5, 17, 18, 5 ++ ++ stxv 32+1, 16(3) ++ stxv 32+2, 32(3) ++ stxv 32+3, 48(3) ++ stxv 32+4, 64(3) ++ stxv 32+5, 80(3) ++ ++ # out6 ++ mtvsrdd 32+13, 19, 6 ++ mtvsrdd 32+14, 7, 20 ++ mtvsrdd 32+15, 17, 8 ++ mtvsrdd 32+16, 9, 18 ++ mtvsrdd 32+17, 15, 10 ++ mtvsrdd 32+18, 11, 16 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 6, 15, 16, 19 ++ mtvsrdd 32+13, 0, 12 ++ mtvsrdd 32+14, 0, 14 ++ vmsumudm 19, 17, 18, 6 ++ vmsumudm 6, 13, 14, 19 ++ ++ # out7 ++ mtvsrdd 32+13, 19, 7 ++ mtvsrdd 32+14, 8, 20 ++ mtvsrdd 32+15, 17, 9 ++ mtvsrdd 32+16, 10, 18 ++ mtvsrdd 32+17, 15, 11 ++ mtvsrdd 32+18, 12, 16 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 7, 15, 16, 19 ++ vmsumudm 7, 17, 18, 7 ++ ++ # out8 ++ mtvsrdd 32+13, 19, 8 ++ mtvsrdd 32+14, 9, 20 ++ mtvsrdd 32+15, 17, 10 ++ mtvsrdd 32+16, 11, 18 ++ mtvsrdd 32+17, 0, 12 ++ mtvsrdd 32+18, 0, 16 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 8, 15, 16, 19 ++ vmsumudm 8, 17, 18, 8 ++ ++ # out9 ++ mtvsrdd 32+13, 19, 9 ++ mtvsrdd 32+14, 10, 20 ++ mtvsrdd 32+15, 17, 11 ++ mtvsrdd 32+16, 12, 18 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 9, 15, 16, 19 ++ ++ # out10 ++ mtvsrdd 32+13, 19, 10 ++ mtvsrdd 32+14, 11, 20 ++ mtvsrdd 32+15, 0, 12 ++ mtvsrdd 32+16, 0, 18 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 10, 15, 16, 19 ++ ++ # out11 ++ mtvsrdd 32+17, 19, 11 ++ mtvsrdd 32+18, 12, 20 ++ vmsumudm 11, 17, 18, 0 ++ ++ stxv 32+6, 96(3) ++ stxv 32+7, 112(3) ++ stxv 32+8, 128(3) ++ stxv 32+9, 144(3) ++ stxv 32+10, 160(3) ++ stxv 32+11, 176(3) ++ ++ # out12 ++ mulld 21, 20, 12 ++ mulhdu 22, 20, 12 # out12 ++ ++ std 21, 192(3) ++ std 22, 200(3) ++ ++ blr ++.size _p384_felem_mul_core,.-_p384_felem_mul_core ++ ++# ++# Felem square core function - ++# r3 and r4 need to pre-loaded. ++# ++.type _p384_felem_square_core,\@function ++.align 4 ++_p384_felem_square_core: ++ ++ ld 6, 0(4) ++ ld 7, 8(4) ++ ld 8, 16(4) ++ ld 9, 24(4) ++ ld 10, 32(4) ++ ld 11, 40(4) ++ ld 12, 48(4) ++ ++ vxor 0, 0, 0 ++ ++ # out0 ++ mulld 14, 6, 6 ++ mulhdu 15, 6, 6 ++ std 14, 0(3) ++ std 15, 8(3) ++ ++ # out1 ++ add 14, 6, 6 ++ mtvsrdd 32+13, 0, 14 ++ mtvsrdd 32+14, 0, 7 ++ vmsumudm 1, 13, 14, 0 ++ ++ # out2 ++ mtvsrdd 32+15, 7, 14 ++ mtvsrdd 32+16, 7, 8 ++ vmsumudm 2, 15, 16, 0 ++ ++ # out3 ++ add 15, 7, 7 ++ mtvsrdd 32+13, 8, 14 ++ mtvsrdd 32+14, 15, 9 ++ vmsumudm 3, 13, 14, 0 ++ ++ # out4 ++ mtvsrdd 32+13, 9, 14 ++ mtvsrdd 32+14, 15, 10 ++ mtvsrdd 32+15, 0, 8 ++ vmsumudm 4, 13, 14, 0 ++ vmsumudm 4, 15, 15, 4 ++ ++ # out5 ++ mtvsrdd 32+13, 10, 14 ++ mtvsrdd 32+14, 15, 11 ++ add 16, 8, 8 ++ mtvsrdd 32+15, 0, 16 ++ mtvsrdd 32+16, 0, 9 ++ vmsumudm 5, 13, 14, 0 ++ vmsumudm 5, 15, 16, 5 ++ ++ stxv 32+1, 16(3) ++ stxv 32+2, 32(3) ++ stxv 32+3, 48(3) ++ stxv 32+4, 64(3) ++ ++ # out6 ++ mtvsrdd 32+13, 11, 14 ++ mtvsrdd 32+14, 15, 12 ++ mtvsrdd 32+15, 9, 16 ++ mtvsrdd 32+16, 9, 10 ++ stxv 32+5, 80(3) ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 6, 15, 16, 19 ++ ++ # out7 ++ add 17, 9, 9 ++ mtvsrdd 32+13, 11, 15 ++ mtvsrdd 32+14, 16, 12 ++ mtvsrdd 32+15, 0, 17 ++ mtvsrdd 32+16, 0, 10 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 7, 15, 16, 19 ++ ++ # out8 ++ mtvsrdd 32+13, 11, 16 ++ mtvsrdd 32+14, 17, 12 ++ mtvsrdd 32+15, 0, 10 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 8, 15, 15, 19 ++ ++ # out9 ++ add 14, 10, 10 ++ mtvsrdd 32+13, 11, 17 ++ mtvsrdd 32+14, 14, 12 ++ vmsumudm 9, 13, 14, 0 ++ ++ # out10 ++ mtvsrdd 32+13, 11, 14 ++ mtvsrdd 32+14, 11, 12 ++ vmsumudm 10, 13, 14, 0 ++ ++ stxv 32+6, 96(3) ++ stxv 32+7, 112(3) ++ ++ # out11 ++ #add 14, 11, 11 ++ #mtvsrdd 32+13, 0, 14 ++ #mtvsrdd 32+14, 0, 12 ++ #vmsumudm 11, 13, 14, 0 ++ ++ mulld 6, 12, 11 ++ mulhdu 7, 12, 11 ++ addc 8, 6, 6 ++ adde 9, 7, 7 ++ ++ stxv 32+8, 128(3) ++ stxv 32+9, 144(3) ++ stxv 32+10, 160(3) ++ #stxv 32+11, 176(3) ++ ++ # out12 ++ mulld 14, 12, 12 ++ mulhdu 15, 12, 12 ++ ++ std 8, 176(3) ++ std 9, 184(3) ++ std 14, 192(3) ++ std 15, 200(3) ++ ++ blr ++.size _p384_felem_square_core,.-_p384_felem_square_core ++ ++# ++# widefelem (128 bits) * 8 ++# ++.macro F128_X_8 _off1 _off2 ++ ld 9,\\_off1(3) ++ ld 8,\\_off2(3) ++ srdi 10,9,61 ++ rldimi 10,8,3,0 ++ sldi 9,9,3 ++ std 9,\\_off1(3) ++ std 10,\\_off2(3) ++.endm ++ ++.globl p384_felem128_mul_by_8 ++.type p384_felem128_mul_by_8, \@function ++.align 4 ++p384_felem128_mul_by_8: ++ ++ F128_X_8 0, 8 ++ ++ F128_X_8 16, 24 ++ ++ F128_X_8 32, 40 ++ ++ F128_X_8 48, 56 ++ ++ F128_X_8 64, 72 ++ ++ F128_X_8 80, 88 ++ ++ F128_X_8 96, 104 ++ ++ F128_X_8 112, 120 ++ ++ F128_X_8 128, 136 ++ ++ F128_X_8 144, 152 ++ ++ F128_X_8 160, 168 ++ ++ F128_X_8 176, 184 ++ ++ F128_X_8 192, 200 ++ ++ blr ++.size p384_felem128_mul_by_8,.-p384_felem128_mul_by_8 ++ ++# ++# widefelem (128 bits) * 2 ++# ++.macro F128_X_2 _off1 _off2 ++ ld 9,\\_off1(3) ++ ld 8,\\_off2(3) ++ srdi 10,9,63 ++ rldimi 10,8,1,0 ++ sldi 9,9,1 ++ std 9,\\_off1(3) ++ std 10,\\_off2(3) ++.endm ++ ++.globl p384_felem128_mul_by_2 ++.type p384_felem128_mul_by_2, \@function ++.align 4 ++p384_felem128_mul_by_2: ++ ++ F128_X_2 0, 8 ++ ++ F128_X_2 16, 24 ++ ++ F128_X_2 32, 40 ++ ++ F128_X_2 48, 56 ++ ++ F128_X_2 64, 72 ++ ++ F128_X_2 80, 88 ++ ++ F128_X_2 96, 104 ++ ++ F128_X_2 112, 120 ++ ++ F128_X_2 128, 136 ++ ++ F128_X_2 144, 152 ++ ++ F128_X_2 160, 168 ++ ++ F128_X_2 176, 184 ++ ++ F128_X_2 192, 200 ++ ++ blr ++.size p384_felem128_mul_by_2,.-p384_felem128_mul_by_2 ++ ++.globl p384_felem_diff128 ++.type p384_felem_diff128, \@function ++.align 4 ++p384_felem_diff128: ++ ++ addis 5, 2, .LConst_two127\@toc\@ha ++ addi 5, 5, .LConst_two127\@toc\@l ++ ++ ld 10, 0(3) ++ ld 8, 8(3) ++ li 9, 0 ++ addc 10, 10, 9 ++ li 7, -1 ++ rldicr 7, 7, 0, 0 # two127 ++ adde 8, 8, 7 ++ ld 11, 0(4) ++ ld 12, 8(4) ++ subfc 11, 11, 10 ++ subfe 12, 12, 8 ++ std 11, 0(3) # out0 ++ std 12, 8(3) ++ ++ # two127m71 = (r10, r9) ++ ld 8, 16(3) ++ ld 7, 24(3) ++ ld 10, 24(5) # two127m71 ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 16(4) ++ ld 12, 24(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 16(3) # out1 ++ std 12, 24(3) ++ ++ ld 8, 32(3) ++ ld 7, 40(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 32(4) ++ ld 12, 40(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 32(3) # out2 ++ std 12, 40(3) ++ ++ ld 8, 48(3) ++ ld 7, 56(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 48(4) ++ ld 12, 56(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 48(3) # out3 ++ std 12, 56(3) ++ ++ ld 8, 64(3) ++ ld 7, 72(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 64(4) ++ ld 12, 72(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 64(3) # out4 ++ std 12, 72(3) ++ ++ ld 8, 80(3) ++ ld 7, 88(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 80(4) ++ ld 12, 88(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 80(3) # out5 ++ std 12, 88(3) ++ ++ ld 8, 96(3) ++ ld 7, 104(3) ++ ld 6, 40(5) # two127p111m79m71 ++ addc 8, 8, 9 ++ adde 7, 7, 6 ++ ld 11, 96(4) ++ ld 12, 104(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 96(3) # out6 ++ std 12, 104(3) ++ ++ ld 8, 112(3) ++ ld 7, 120(3) ++ ld 6, 56(5) # two127m119m71 ++ addc 8, 8, 9 ++ adde 7, 7, 6 ++ ld 11, 112(4) ++ ld 12, 120(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 112(3) # out7 ++ std 12, 120(3) ++ ++ ld 8, 128(3) ++ ld 7, 136(3) ++ ld 6, 72(5) # two127m95m71 ++ addc 8, 8, 9 ++ adde 7, 7, 6 ++ ld 11, 128(4) ++ ld 12, 136(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 128(3) # out8 ++ std 12, 136(3) ++ ++ ld 8, 144(3) ++ ld 7, 152(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 144(4) ++ ld 12, 152(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 144(3) # out9 ++ std 12, 152(3) ++ ++ ld 8, 160(3) ++ ld 7, 168(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 160(4) ++ ld 12, 168(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 160(3) # out10 ++ std 12, 168(3) ++ ++ ld 8, 176(3) ++ ld 7, 184(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 176(4) ++ ld 12, 184(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 176(3) # out11 ++ std 12, 184(3) ++ ++ ld 8, 192(3) ++ ld 7, 200(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 192(4) ++ ld 12, 200(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 192(3) # out12 ++ std 12, 200(3) ++ ++ blr ++.size p384_felem_diff128,.-p384_felem_diff128 ++ ++.data ++.align 4 ++.LConst_two127: ++#two127 ++.long 0x00000000, 0x00000000, 0x00000000, 0x80000000 ++#two127m71 ++.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff ++#two127p111m79m71 ++.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff ++#two127m119m71 ++.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff ++#two127m95m71 ++.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff ++ ++.text ++ ++.globl p384_felem_diff_128_64 ++.type p384_felem_diff_128_64, \@function ++.align 4 ++p384_felem_diff_128_64: ++ addis 5, 2, .LConst_128_two64\@toc\@ha ++ addi 5, 5, .LConst_128_two64\@toc\@l ++ ++ ld 9, 0(3) ++ ld 10, 8(3) ++ ld 8, 48(5) # two64p48m16 ++ li 7, 0 ++ addc 9, 9, 8 ++ li 6, 1 ++ adde 10, 10, 6 ++ ld 11, 0(4) ++ subfc 8, 11, 9 ++ subfe 12, 7, 10 ++ std 8, 0(3) # out0 ++ std 12, 8(3) ++ ++ ld 9, 16(3) ++ ld 10, 24(3) ++ ld 8, 0(5) # two64m56m8 ++ addc 9, 9, 8 ++ addze 10, 10 ++ ld 11, 8(4) ++ subfc 11, 11, 9 ++ subfe 12, 7, 10 ++ std 11, 16(3) # out1 ++ std 12, 24(3) ++ ++ ld 9, 32(3) ++ ld 10, 40(3) ++ ld 8, 16(5) # two64m32m8 ++ addc 9, 9, 8 ++ addze 10, 10 ++ ld 11, 16(4) ++ subfc 11, 11, 9 ++ subfe 12, 7, 10 ++ std 11, 32(3) # out2 ++ std 12, 40(3) ++ ++ ld 10, 48(3) ++ ld 8, 56(3) ++ #ld 9, 32(5) # two64m8 ++ li 9, -256 # two64m8 ++ addc 10, 10, 9 ++ addze 8, 8 ++ ld 11, 24(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 8 ++ std 11, 48(3) # out3 ++ std 12, 56(3) ++ ++ ld 10, 64(3) ++ ld 8, 72(3) ++ addc 10, 10, 9 ++ addze 8, 8 ++ ld 11, 32(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 8 ++ std 11, 64(3) # out4 ++ std 12, 72(3) ++ ++ ld 10, 80(3) ++ ld 8, 88(3) ++ addc 10, 10, 9 ++ addze 8, 8 ++ ld 11, 40(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 8 ++ std 11, 80(3) # out5 ++ std 12, 88(3) ++ ++ ld 10, 96(3) ++ ld 8, 104(3) ++ addc 10, 10, 9 ++ addze 9, 8 ++ ld 11, 48(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 9 ++ std 11, 96(3) # out6 ++ std 12, 104(3) ++ ++ blr ++.size p384_felem_diff_128_64,.-p384_felem_diff_128_64 ++ ++.data ++.align 4 ++.LConst_128_two64: ++#two64m56m8 ++.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000 ++#two64m32m8 ++.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000 ++#two64m8 ++.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000 ++#two64p48m16 ++.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000 ++ ++.LConst_two60: ++#two60m52m4 ++.long 0xfffffff0, 0x0fefffff, 0x0, 0x0 ++#two60p44m12 ++.long 0xfffff000, 0x10000fff, 0x0, 0x0 ++#two60m28m4 ++.long 0xeffffff0, 0x0fffffff, 0x0, 0x0 ++#two60m4 ++.long 0xfffffff0, 0x0fffffff, 0x0, 0x0 ++ ++.text ++# ++# static void felem_diff64(felem out, const felem in) ++# ++.globl p384_felem_diff64 ++.type p384_felem_diff64, \@function ++.align 4 ++p384_felem_diff64: ++ addis 5, 2, .LConst_two60\@toc\@ha ++ addi 5, 5, .LConst_two60\@toc\@l ++ ++ ld 9, 0(3) ++ ld 8, 16(5) # two60p44m12 ++ li 7, 0 ++ add 9, 9, 8 ++ ld 11, 0(4) ++ subf 8, 11, 9 ++ std 8, 0(3) # out0 ++ ++ ld 9, 8(3) ++ ld 8, 0(5) # two60m52m4 ++ add 9, 9, 8 ++ ld 11, 8(4) ++ subf 11, 11, 9 ++ std 11, 8(3) # out1 ++ ++ ld 9, 16(3) ++ ld 8, 32(5) # two60m28m4 ++ add 9, 9, 8 ++ ld 11, 16(4) ++ subf 11, 11, 9 ++ std 11, 16(3) # out2 ++ ++ ld 10, 24(3) ++ ld 9, 48(5) # two60m4 ++ add 10, 10, 9 ++ ld 12, 24(4) ++ subf 12, 12, 10 ++ std 12, 24(3) # out3 ++ ++ ld 10, 32(3) ++ add 10, 10, 9 ++ ld 11, 32(4) ++ subf 11, 11, 10 ++ std 11, 32(3) # out4 ++ ++ ld 10, 40(3) ++ add 10, 10, 9 ++ ld 12, 40(4) ++ subf 12, 12, 10 ++ std 12, 40(3) # out5 + +- endproc("p384_felem_square"); +- } +-} ++ ld 10, 48(3) ++ add 10, 10, 9 ++ ld 11, 48(4) ++ subf 11, 11, 10 ++ std 11, 48(3) # out6 ++ ++ blr ++.size p384_felem_diff64,.-p384_felem_diff64 ++ ++.text ++# ++# Shift 128 bits right ++# ++.macro SHR o_h o_l in_h in_l nbits ++ srdi \\o_l, \\in_l, \\nbits # shift lower right ++ rldimi \\o_l, \\in_h, 64-\\nbits, 0 # insert <64-nbits> from hi ++ srdi \\o_h, \\in_h, \\nbits # shift higher right ++.endm ++ ++# ++# static void felem_reduce(felem out, const widefelem in) ++# ++.global p384_felem_reduce ++.type p384_felem_reduce,\@function ++.align 4 ++p384_felem_reduce: ++ ++ stdu 1, -208(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) ++ std 23, 128(1) ++ std 24, 136(1) ++ std 25, 144(1) ++ std 26, 152(1) ++ std 27, 160(1) ++ std 28, 168(1) ++ std 29, 176(1) ++ std 30, 184(1) ++ std 31, 192(1) ++ ++ bl _p384_felem_reduce_core ++ ++ mtlr 0 ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ ld 23, 128(1) ++ ld 24, 136(1) ++ ld 25, 144(1) ++ ld 26, 152(1) ++ ld 27, 160(1) ++ ld 28, 168(1) ++ ld 29, 176(1) ++ ld 30, 184(1) ++ ld 31, 192(1) ++ addi 1, 1, 208 ++ blr ++.size p384_felem_reduce,.-p384_felem_reduce ++ ++# ++# Felem reduction core function - ++# r3 and r4 need to pre-loaded. ++# ++.type _p384_felem_reduce_core,\@function ++.align 4 ++_p384_felem_reduce_core: ++ addis 12, 2, .LConst\@toc\@ha ++ addi 12, 12, .LConst\@toc\@l ++ ++ # load constat p ++ ld 11, 8(12) # hi - two124m68 ++ ++ # acc[6] = in[6] + two124m68; ++ ld 26, 96(4) # in[6].l ++ ld 27, 96+8(4) # in[6].h ++ add 27, 27, 11 ++ ++ # acc[5] = in[5] + two124m68; ++ ld 24, 80(4) # in[5].l ++ ld 25, 80+8(4) # in[5].h ++ add 25, 25, 11 ++ ++ # acc[4] = in[4] + two124m68; ++ ld 22, 64(4) # in[4].l ++ ld 23, 64+8(4) # in[4].h ++ add 23, 23, 11 ++ ++ # acc[3] = in[3] + two124m68; ++ ld 20, 48(4) # in[3].l ++ ld 21, 48+8(4) # in[3].h ++ add 21, 21, 11 ++ ++ ld 11, 48+8(12) # hi - two124m92m68 ++ ++ # acc[2] = in[2] + two124m92m68; ++ ld 18, 32(4) # in[2].l ++ ld 19, 32+8(4) # in[2].h ++ add 19, 19, 11 ++ ++ ld 11, 16+8(12) # high - two124m116m68 ++ ++ # acc[1] = in[1] + two124m116m68; ++ ld 16, 16(4) # in[1].l ++ ld 17, 16+8(4) # in[1].h ++ add 17, 17, 11 ++ ++ ld 11, 32+8(12) # high - two124p108m76 ++ ++ # acc[0] = in[0] + two124p108m76; ++ ld 14, 0(4) # in[0].l ++ ld 15, 0+8(4) # in[0].h ++ add 15, 15, 11 ++ ++ # compute mask ++ li 7, -1 ++ ++ # Eliminate in[12] ++ ++ # acc[8] += in[12] >> 32; ++ ld 5, 192(4) # in[12].l ++ ld 6, 192+8(4) # in[12].h ++ SHR 9, 10, 6, 5, 32 ++ ld 30, 128(4) # in[8].l ++ ld 31, 136(4) # in[8].h ++ addc 30, 30, 10 ++ adde 31, 31, 9 ++ ++ # acc[7] += (in[12] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ ld 28, 112(4) # in[7].l ++ ld 29, 120(4) # in[7].h ++ addc 28, 28, 11 ++ addze 29, 29 ++ ++ # acc[7] += in[12] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 28, 28, 10 ++ adde 29, 29, 9 ++ ++ # acc[6] += (in[12] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 26, 26, 11 ++ addze 27, 27 ++ ++ # acc[6] -= in[12] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 26, 10, 26 ++ subfe 27, 9, 27 ++ ++ # acc[5] -= (in[12] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 24, 11, 24 ++ subfe 25, 9, 25 ++ ++ # acc[6] += in[12] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] += (in[12] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 24, 24, 11 ++ addze 25, 25 ++ ++ # Eliminate in[11] ++ ++ # acc[7] += in[11] >> 32; ++ ld 5, 176(4) # in[11].l ++ ld 6, 176+8(4) # in[11].h ++ SHR 9, 10, 6, 5, 32 ++ addc 28, 28, 10 ++ adde 29, 29, 9 ++ ++ # acc[6] += (in[11] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 26, 26, 11 ++ addze 27, 27 ++ ++ # acc[6] += in[11] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] += (in[11] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 24, 24, 11 ++ addze 25, 25 ++ ++ # acc[5] -= in[11] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 24, 10, 24 ++ subfe 25, 9, 25 ++ ++ # acc[4] -= (in[11] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 22, 11, 22 ++ subfe 23, 9, 23 ++ ++ # acc[5] += in[11] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] += (in[11] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 22, 22, 11 ++ addze 23, 23 ++ ++ # Eliminate in[10] ++ ++ # acc[6] += in[10] >> 32; ++ ld 5, 160(4) # in[10].l ++ ld 6, 160+8(4) # in[10].h ++ SHR 9, 10, 6, 5, 32 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] += (in[10] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 24, 24, 11 ++ addze 25, 25 ++ ++ # acc[5] += in[10] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] += (in[10] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 22, 22, 11 ++ addze 23, 23 ++ ++ # acc[4] -= in[10] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 22, 10, 22 ++ subfe 23, 9, 23 ++ ++ # acc[3] -= (in[10] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 20, 11, 20 ++ subfe 21, 9, 21 ++ ++ # acc[4] += in[10] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] += (in[10] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 20, 20, 11 ++ addze 21, 21 ++ ++ # Eliminate in[9] ++ ++ # acc[5] += in[9] >> 32; ++ ld 5, 144(4) # in[9].l ++ ld 6, 144+8(4) # in[9].h ++ SHR 9, 10, 6, 5, 32 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] += (in[9] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 22, 22, 11 ++ addze 23, 23 ++ ++ # acc[4] += in[9] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] += (in[9] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 20, 20, 11 ++ addze 21, 21 ++ ++ # acc[3] -= in[9] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 20, 10, 20 ++ subfe 21, 9, 21 ++ ++ # acc[2] -= (in[9] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 18, 11, 18 ++ subfe 19, 9, 19 ++ ++ # acc[3] += in[9] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (in[9] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 18, 18, 11 ++ addze 19, 19 ++ ++ # Eliminate acc[8] ++ ++ # acc[4] += acc[8] >> 32; ++ mr 5, 30 # acc[8].l ++ mr 6, 31 # acc[8].h ++ SHR 9, 10, 6, 5, 32 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] += (acc[8] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 20, 20, 11 ++ addze 21, 21 ++ ++ # acc[3] += acc[8] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (acc[8] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 18, 18, 11 ++ addze 19, 19 ++ ++ # acc[2] -= acc[8] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 18, 10, 18 ++ subfe 19, 9, 19 ++ ++ # acc[1] -= (acc[8] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 16, 11, 16 ++ subfe 17, 9, 17 ++ ++ #acc[2] += acc[8] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] += (acc[8] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 16, 16, 11 ++ addze 17, 17 ++ ++ # Eliminate acc[7] ++ ++ # acc[3] += acc[7] >> 32; ++ mr 5, 28 # acc[7].l ++ mr 6, 29 # acc[7].h ++ SHR 9, 10, 6, 5, 32 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (acc[7] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 18, 18, 11 ++ addze 19, 19 ++ ++ # acc[2] += acc[7] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] += (acc[7] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 16, 16, 11 ++ addze 17, 17 ++ ++ # acc[1] -= acc[7] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 16, 10, 16 ++ subfe 17, 9, 17 ++ ++ # acc[0] -= (acc[7] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 14, 11, 14 ++ subfe 15, 9, 15 ++ ++ # acc[1] += acc[7] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 16, 16, 10 ++ adde 17, 17, 9 ++ ++ # acc[0] += (acc[7] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 14, 14, 11 ++ addze 15, 15 ++ ++ # ++ # Carry 4 -> 5 -> 6 ++ # ++ # acc[5] += acc[4] >> 56; ++ # acc[4] &= 0x00ffffffffffffff; ++ SHR 9, 10, 23, 22, 56 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ srdi 11, 7, 8 # 0x00ffffffffffffff ++ and 22, 22, 11 ++ li 23, 0 ++ ++ # acc[6] += acc[5] >> 56; ++ # acc[5] &= 0x00ffffffffffffff; ++ SHR 9, 10, 25, 24, 56 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ and 24, 24, 11 ++ li 25, 0 ++ ++ # [3]: Eliminate high bits of acc[6] */ ++ # temp = acc[6] >> 48; ++ # acc[6] &= 0x0000ffffffffffff; ++ SHR 31, 30, 27, 26, 48 # temp = acc[6] >> 48 ++ srdi 11, 7, 16 # 0x0000ffffffffffff ++ and 26, 26, 11 ++ li 27, 0 ++ ++ # temp < 2^80 ++ # acc[3] += temp >> 40; ++ SHR 9, 10, 31, 30, 40 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (temp & 0xffffffffff) << 16; ++ srdi 11, 7, 24 # 0xffffffffff ++ and 10, 30, 11 ++ sldi 10, 10, 16 ++ addc 18, 18, 10 ++ addze 19, 19 ++ ++ # acc[2] += temp >> 16; ++ SHR 9, 10, 31, 30, 16 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] += (temp & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 10, 30, 11 ++ sldi 10, 10, 40 ++ addc 16, 16, 10 ++ addze 17, 17 ++ ++ # acc[1] -= temp >> 24; ++ SHR 9, 10, 31, 30, 24 ++ subfc 16, 10, 16 ++ subfe 17, 9, 17 ++ ++ # acc[0] -= (temp & 0xffffff) << 32; ++ srdi 11, 7, 40 # 0xffffff ++ and 10, 30, 11 ++ sldi 10, 10, 32 ++ li 9, 0 ++ subfc 14, 10, 14 ++ subfe 15, 9, 15 ++ ++ # acc[0] += temp; ++ addc 14, 14, 30 ++ adde 15, 15, 31 ++ ++ # Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6 ++ # ++ # acc[1] += acc[0] >> 56; /* acc[1] < acc_old[1] + 2^72 */ ++ SHR 9, 10, 15, 14, 56 ++ addc 16, 16, 10 ++ adde 17, 17, 9 ++ ++ # acc[0] &= 0x00ffffffffffffff; ++ srdi 11, 7, 8 # 0x00ffffffffffffff ++ and 14, 14, 11 ++ li 15, 0 ++ ++ # acc[2] += acc[1] >> 56; /* acc[2] < acc_old[2] + 2^72 + 2^16 */ ++ SHR 9, 10, 17, 16, 56 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] &= 0x00ffffffffffffff; ++ and 16, 16, 11 ++ li 17, 0 ++ ++ # acc[3] += acc[2] >> 56; /* acc[3] < acc_old[3] + 2^72 + 2^16 */ ++ SHR 9, 10, 19, 18, 56 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] &= 0x00ffffffffffffff; ++ and 18, 18, 11 ++ li 19, 0 ++ ++ # acc[4] += acc[3] >> 56; ++ SHR 9, 10, 21, 20, 56 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] &= 0x00ffffffffffffff; ++ and 20, 20, 11 ++ li 21, 0 ++ ++ # acc[5] += acc[4] >> 56; ++ SHR 9, 10, 23, 22, 56 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] &= 0x00ffffffffffffff; ++ and 22, 22, 11 ++ ++ # acc[6] += acc[5] >> 56; ++ SHR 9, 10, 25, 24, 56 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] &= 0x00ffffffffffffff; ++ and 24, 24, 11 ++ ++ std 14, 0(3) ++ std 16, 8(3) ++ std 18, 16(3) ++ std 20, 24(3) ++ std 22, 32(3) ++ std 24, 40(3) ++ std 26, 48(3) ++ blr ++.size _p384_felem_reduce_core,.-_p384_felem_reduce_core ++ ++.data ++.align 4 ++.LConst: ++# two124m68: ++.long 0x0, 0x0, 0xfffffff0, 0xfffffff ++# two124m116m68: ++.long 0x0, 0x0, 0xfffffff0, 0xfefffff ++#two124p108m76: ++.long 0x0, 0x0, 0xfffff000, 0x10000fff ++#two124m92m68: ++.long 0x0, 0x0, 0xeffffff0, 0xfffffff ++ ++.text ++ ++# ++# void p384_felem_square_reduce(felem out, const felem in) ++# ++.global p384_felem_square_reduce ++.type p384_felem_square_reduce,\@function ++.align 4 ++p384_felem_square_reduce: ++ stdu 1, -512(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) ++ std 23, 128(1) ++ std 24, 136(1) ++ std 25, 144(1) ++ std 26, 152(1) ++ std 27, 160(1) ++ std 28, 168(1) ++ std 29, 176(1) ++ std 30, 184(1) ++ std 31, 192(1) ++ ++ std 3, 496(1) ++ addi 3, 1, 208 ++ bl _p384_felem_square_core ++ ++ mr 4, 3 ++ ld 3, 496(1) ++ bl _p384_felem_reduce_core ++ ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ ld 23, 128(1) ++ ld 24, 136(1) ++ ld 25, 144(1) ++ ld 26, 152(1) ++ ld 27, 160(1) ++ ld 28, 168(1) ++ ld 29, 176(1) ++ ld 30, 184(1) ++ ld 31, 192(1) ++ addi 1, 1, 512 ++ mtlr 0 ++ blr ++.size p384_felem_square_reduce,.-p384_felem_square_reduce ++ ++# ++# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2) ++# ++.global p384_felem_mul_reduce ++.type p384_felem_mul_reduce,\@function ++.align 5 ++p384_felem_mul_reduce: ++ stdu 1, -512(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) ++ std 23, 128(1) ++ std 24, 136(1) ++ std 25, 144(1) ++ std 26, 152(1) ++ std 27, 160(1) ++ std 28, 168(1) ++ std 29, 176(1) ++ std 30, 184(1) ++ std 31, 192(1) ++ ++ std 3, 496(1) ++ addi 3, 1, 208 ++ bl _p384_felem_mul_core ++ ++ mr 4, 3 ++ ld 3, 496(1) ++ bl _p384_felem_reduce_core ++ ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ ld 23, 128(1) ++ ld 24, 136(1) ++ ld 25, 144(1) ++ ld 26, 152(1) ++ ld 27, 160(1) ++ ld 28, 168(1) ++ ld 29, 176(1) ++ ld 30, 184(1) ++ ld 31, 192(1) ++ addi 1, 1, 512 ++ mtlr 0 ++ blr ++.size p384_felem_mul_reduce,.-p384_felem_mul_reduce ++___ + + $code =~ s/\`([^\`]*)\`/eval $1/gem; + print $code; +diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c +index 3fd7a40020..e0b5786bc1 100644 +--- a/crypto/ec/ecp_nistp384.c ++++ b/crypto/ec/ecp_nistp384.c +@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in) + out[6] = two60m4 - in[6]; + } + ++#if defined(ECP_NISTP384_ASM) ++void p384_felem_diff64(felem out, const felem in); ++void p384_felem_diff128(widefelem out, const widefelem in); ++void p384_felem_diff_128_64(widefelem out, const felem in); ++ ++# define felem_diff64 p384_felem_diff64 ++# define felem_diff128 p384_felem_diff128 ++# define felem_diff_128_64 p384_felem_diff_128_64 ++ ++#else + /*- + * felem_diff64 subtracts |in| from |out| + * On entry: +@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in) + for (i = 0; i < 2*NLIMBS-1; i++) + out[i] -= in[i]; + } ++#endif /* ECP_NISTP384_ASM */ + + static void felem_square_ref(widefelem out, const felem in) + { +@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2) + * [3]: Y = 2^48 (acc[6] >> 48) + * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d) + */ +-static void felem_reduce(felem out, const widefelem in) ++static void felem_reduce_ref(felem out, const widefelem in) + { + /* + * In order to prevent underflow, we add a multiple of p before subtracting. +@@ -682,8 +693,11 @@ static void (*felem_square_p)(widefelem out, const felem in) = + static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) = + felem_mul_wrapper; + ++static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref; ++ + void p384_felem_square(widefelem out, const felem in); + void p384_felem_mul(widefelem out, const felem in1, const felem in2); ++void p384_felem_reduce(felem out, const widefelem in); + + # if defined(_ARCH_PPC64) + # include "crypto/ppc_arch.h" +@@ -695,6 +709,7 @@ static void felem_select(void) + if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) { + felem_square_p = p384_felem_square; + felem_mul_p = p384_felem_mul; ++ felem_reduce_p = p384_felem_reduce; + + return; + } +@@ -703,6 +718,7 @@ static void felem_select(void) + /* Default */ + felem_square_p = felem_square_ref; + felem_mul_p = felem_mul_ref; ++ felem_reduce_p = p384_felem_reduce; + } + + static void felem_square_wrapper(widefelem out, const felem in) +@@ -719,10 +735,17 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2) + + # define felem_square felem_square_p + # define felem_mul felem_mul_p ++# define felem_reduce felem_reduce_p ++ ++void p384_felem_square_reduce(felem out, const felem in); ++void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); ++ ++# define felem_square_reduce p384_felem_square_reduce ++# define felem_mul_reduce p384_felem_mul_reduce + #else + # define felem_square felem_square_ref + # define felem_mul felem_mul_ref +-#endif ++# define felem_reduce felem_reduce_ref + + static ossl_inline void felem_square_reduce(felem out, const felem in) + { +@@ -739,6 +762,7 @@ static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem + felem_mul(tmp, in1, in2); + felem_reduce(out, tmp); + } ++#endif + + /*- + * felem_inv calculates |out| = |in|^{-1} diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch new file mode 100644 index 0000000000..0659a9d6d9 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch @@ -0,0 +1,129 @@ +From 6b1646e472c9e8c08bb14066ba2a7c3eed45f84a Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" +Date: Thu, 17 Apr 2025 08:51:53 -0500 +Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets + +The change adding an asm implementation of p384_felem_reduce incorrectly +uses the accelerated version on both targets that support the intrinsics +*and* targets that don't, instead of falling back to the generics on older +targets. This results in crashes when trying to use P-384 on < Power9. + +Signed-off-by: Anna Wilcox +Closes: #27350 +Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC") + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/27429) + +(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425) + +CVE: CVE-2025-27587 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/6b1646e472c9e8c08bb14066ba2a7c3eed45f84a] +Signed-off-by: Peter Marko +--- + crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++---------------- + 1 file changed, 33 insertions(+), 21 deletions(-) + +diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c +index e0b5786bc1..439b4d03a3 100644 +--- a/crypto/ec/ecp_nistp384.c ++++ b/crypto/ec/ecp_nistp384.c +@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in) + out[i] = acc[i]; + } + ++static ossl_inline void felem_square_reduce_ref(felem out, const felem in) ++{ ++ widefelem tmp; ++ ++ felem_square_ref(tmp, in); ++ felem_reduce_ref(out, tmp); ++} ++ ++static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2) ++{ ++ widefelem tmp; ++ ++ felem_mul_ref(tmp, in1, in2); ++ felem_reduce_ref(out, tmp); ++} ++ + #if defined(ECP_NISTP384_ASM) + static void felem_square_wrapper(widefelem out, const felem in); + static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2); +@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) = + + static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref; + ++static void (*felem_square_reduce_p)(felem out, const felem in) = ++ felem_square_reduce_ref; ++static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) = ++ felem_mul_reduce_ref; ++ + void p384_felem_square(widefelem out, const felem in); + void p384_felem_mul(widefelem out, const felem in1, const felem in2); + void p384_felem_reduce(felem out, const widefelem in); + ++void p384_felem_square_reduce(felem out, const felem in); ++void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); ++ + # if defined(_ARCH_PPC64) + # include "crypto/ppc_arch.h" + # endif +@@ -710,6 +734,8 @@ static void felem_select(void) + felem_square_p = p384_felem_square; + felem_mul_p = p384_felem_mul; + felem_reduce_p = p384_felem_reduce; ++ felem_square_reduce_p = p384_felem_square_reduce; ++ felem_mul_reduce_p = p384_felem_mul_reduce; + + return; + } +@@ -718,7 +744,9 @@ static void felem_select(void) + /* Default */ + felem_square_p = felem_square_ref; + felem_mul_p = felem_mul_ref; +- felem_reduce_p = p384_felem_reduce; ++ felem_reduce_p = felem_reduce_ref; ++ felem_square_reduce_p = felem_square_reduce_ref; ++ felem_mul_reduce_p = felem_mul_reduce_ref; + } + + static void felem_square_wrapper(widefelem out, const felem in) +@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2) + # define felem_mul felem_mul_p + # define felem_reduce felem_reduce_p + +-void p384_felem_square_reduce(felem out, const felem in); +-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); +- +-# define felem_square_reduce p384_felem_square_reduce +-# define felem_mul_reduce p384_felem_mul_reduce ++# define felem_square_reduce felem_square_reduce_p ++# define felem_mul_reduce felem_mul_reduce_p + #else + # define felem_square felem_square_ref + # define felem_mul felem_mul_ref + # define felem_reduce felem_reduce_ref + +-static ossl_inline void felem_square_reduce(felem out, const felem in) +-{ +- widefelem tmp; +- +- felem_square(tmp, in); +- felem_reduce(out, tmp); +-} +- +-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2) +-{ +- widefelem tmp; +- +- felem_mul(tmp, in1, in2); +- felem_reduce(out, tmp); +-} ++# define felem_square_reduce felem_square_reduce_ref ++# define felem_mul_reduce felem_mul_reduce_ref + #endif + + /*- diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb index d6bf32d989..fd98b32007 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb @@ -13,6 +13,8 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ file://CVE-2024-41996.patch \ + file://CVE-2025-27587-1.patch \ + file://CVE-2025-27587-2.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Thu Jul 24 21:35:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67441 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8027DC87FCF for ; Thu, 24 Jul 2025 21:36:00 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.5121.1753392955563179422 for ; Thu, 24 Jul 2025 14:35:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=y5ltMhx7; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-7490cb9a892so1058470b3a.0 for ; Thu, 24 Jul 2025 14:35:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392955; x=1753997755; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8uvhGgatvOgtMrxkyQiQXCRmczM19uOVMJV3aO82G6g=; b=y5ltMhx7KD9LwPXbiHCfFIaP29gSd9ygoCqr4bXJCkVJ9EgOiF6UncNhWpuGjxU4Cv xk35swJ6OpNw4yO6scd1ywCMgfRnEb/hfolSlgtIAMdVEmpnRO4IiyekTJ8VwjXMICVs X0AJXCqonkNjFC0A2771bNy+1wW6jU+YDFSuOIPiYxLe7JuC+vnvaGRqddUafJBAaR1a k6T9k1206xQpEMYlBrimAUvtG67X+pxD8TMzAp+ZPxMCYnsx5TzP2dFiF4aqLpxDv8b5 IayfNrOkozG7PS6Dd8O+KuwUHKe69gbk5vQgfinj5+NyMYSjnXe6vCoOkZ7OmnJeVLaa AxxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392955; x=1753997755; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8uvhGgatvOgtMrxkyQiQXCRmczM19uOVMJV3aO82G6g=; b=vbZsoKAL96GRnLTBN/SF4wSc0LqS2L/3UdFVFMhr5zvWqxVj2gfrVi5B3xSFr2Ycbe vOkJimqpkYky4yVBBD6B7sZgxCxniLhf45hjiSoDR7SnZ6i1w6f+BDxrQB4YsJpuuNrs Mg0sNT1bW3xuZanfjLPNq8kohZAAQstJoPcfULydjXbAvHb4Yg+IbslEjt0N8dVrMlqA gTEZH0CrCf6a6o35vnGA+l47VC6UHR+6ypB4G/TXsgNi7OauXE9GyPJxJl8EoHYZOyLW bJ+PJTa8vXeEvFV07rU5fi2Eoi8LS+4GgVWCNIEhSaTpI0HKg47PsZBRHahuxfWB2Nv/ LJaw== X-Gm-Message-State: AOJu0YwUaUN0OOakQfM1aoFZH0AdHJ9ZJEE2D/ar8IZ6ECfHER4bQZ9n MEwk8901s3usHyfJjSmSSnp/t2wX+nt2wzpDwbEEN2/vKT+BRsUZYz0UYU7yVtwv9nIlt9HEnfM 9wEe9 X-Gm-Gg: ASbGncu0enRQcqIQZW9coPgZL/r7pqOUi3ODpDkOHl9YSv21WF8GXnZp+TbYhCvHrjQ ySeHa9MhW39oQU0VL7Qw2U57ZtXz/Hnli4LXJ9k9DRJAIdHcI/dKcjBHaP1d/wg6wwei6YnmG2N UzarDidrPDeFoLZnLnqCPxOJfXMMlnW3v6Z/S83nvjNlHfsFYlhjVshZJKsK8K1kjbR+1jr+V6I ErobJgtV9Omb7BToLo8zErDafSHoc2qn6HYMETh0zbFqlaKX6QZ4QTr5FxWiL/BdZ1SY31ZknL/ pCmTNoJTKAEkn/VW9+wPxHuaH/kvWqB2s971JxVInWcXQk1YardnCQEpj6SzYMAJ5NsNHcfO4iu ZDNoVgYyJr/f9 X-Google-Smtp-Source: AGHT+IE/ggoCEMO2KawnB3HirJ2Wm5bHkM4apjRo4/a9GRIcXm3axYkXuEFhjSBZ8PmpGtb7I/i4wQ== X-Received: by 2002:a05:6a00:1481:b0:748:f80c:b398 with SMTP id d2e1a72fcca58-760353f4514mr11266928b3a.15.1753392954186; Thu, 24 Jul 2025 14:35:54 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:53 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/16] libpam: fix CVE-2025-6020 Date: Thu, 24 Jul 2025 14:35:24 -0700 Message-ID: <6ac795a9e40fd12a16f2f4fde23079e26b2b1250.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220881 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e && https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1 && https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libpam/0001-pam-inline-pam-asprintf.patch | 101 ++ .../libpam/0002-pam-namespace-rebase.patch | 750 +++++++++++ .../pam/libpam/CVE-2025-6020-01.patch | 1128 +++++++++++++++++ .../pam/libpam/CVE-2025-6020-02.patch | 187 +++ .../pam/libpam/CVE-2025-6020-03.patch | 35 + meta/recipes-extended/pam/libpam_1.5.3.bb | 5 + 6 files changed, 2206 insertions(+) create mode 100644 meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch create mode 100644 meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch diff --git a/meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch b/meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch new file mode 100644 index 0000000000..9d1a0223df --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch @@ -0,0 +1,101 @@ +From 10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Tue, 18 Feb 2025 08:00:00 +0000 +Subject: [PATCH] pam_inline: introduce pam_asprintf(), pam_snprintf(), and + pam_sprintf() + +pam_asprintf() is essentially asprintf() with the following semantic +difference: it returns the string itself instead of its length. + +pam_snprintf() is essentially snprintf() with the following semantic +difference: it returns -1 in case of truncation. + +pam_sprintf() is essentially snprintf() but with a check that the buffer +is an array, and with an automatically calculated buffer size. + +Use of these helpers would make error checking simpler. + +(cherry picked from commit 10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc) +Signed-off-by: Dmitry V. Levin + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc] +Signed-off-by: Hitendra Prajapati +--- + libpam/include/pam_cc_compat.h | 6 ++++++ + libpam/include/pam_inline.h | 36 ++++++++++++++++++++++++++++++++++ + 2 files changed, 42 insertions(+) + +diff --git a/libpam/include/pam_cc_compat.h b/libpam/include/pam_cc_compat.h +index 0a6e32d..af05428 100644 +--- a/libpam/include/pam_cc_compat.h ++++ b/libpam/include/pam_cc_compat.h +@@ -21,6 +21,12 @@ + # define PAM_ATTRIBUTE_ALIGNED(arg) /* empty */ + #endif + ++#if PAM_GNUC_PREREQ(3, 0) ++# define PAM_ATTRIBUTE_MALLOC __attribute__((__malloc__)) ++#else ++# define PAM_ATTRIBUTE_MALLOC /* empty */ ++#endif ++ + #if PAM_GNUC_PREREQ(4, 6) + # define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic push"); \ +diff --git a/libpam/include/pam_inline.h b/libpam/include/pam_inline.h +index 7721c0b..ec0497c 100644 +--- a/libpam/include/pam_inline.h ++++ b/libpam/include/pam_inline.h +@@ -9,6 +9,8 @@ + #define PAM_INLINE_H + + #include "pam_cc_compat.h" ++#include ++#include + #include + #include + #include +@@ -126,6 +128,40 @@ pam_drop_response(struct pam_response *reply, int replies) + } + + ++static inline char * PAM_FORMAT((printf, 1, 2)) PAM_NONNULL((1)) PAM_ATTRIBUTE_MALLOC ++pam_asprintf(const char *fmt, ...) ++{ ++ int rc; ++ char *res; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ rc = vasprintf(&res, fmt, ap); ++ va_end(ap); ++ ++ return rc < 0 ? NULL : res; ++} ++ ++static inline int PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) ++pam_snprintf(char *str, size_t size, const char *fmt, ...) ++{ ++ int rc; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ rc = vsnprintf(str, size, fmt, ap); ++ va_end(ap); ++ ++ if (rc < 0 || (unsigned int) rc >= size) ++ return -1; ++ return rc; ++} ++ ++#define pam_sprintf(str_, fmt_, ...) \ ++ pam_snprintf((str_), sizeof(str_) + PAM_MUST_BE_ARRAY(str_), (fmt_), \ ++ ##__VA_ARGS__) ++ ++ + static inline int + pam_read_passwords(int fd, int npass, char **passwords) + { +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch b/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch new file mode 100644 index 0000000000..ff5a8a4946 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch @@ -0,0 +1,750 @@ +From df1dab1a1a7900650ad4be157fea1a002048cc49 Mon Sep 17 00:00:00 2001 +From: Olivier Bal-Petre +Date: Tue, 4 Mar 2025 14:37:02 +0100 +Subject: [PATCH ] pam-namespace-rebase + +Refresh the pam-namespace. + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/a8b4dce7b53d73de372e150028c970ee0a2a2e97] +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/pam_namespace.c | 444 +++++++++++++------------- + modules/pam_namespace/pam_namespace.h | 7 +- + 2 files changed, 224 insertions(+), 227 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index b026861..166bfce 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -41,7 +41,7 @@ + #include "pam_namespace.h" + #include "argv_parse.h" + +-/* --- evaluting all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ ++/* --- evaluating all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ + static const char *base_name(const char *path) + { + const char *base = strrchr(path, '/'); +@@ -55,6 +55,155 @@ compare_filename(const void *a, const void *b) + base_name(* (char * const *) b)); + } + ++static void close_fds_pre_exec(struct instance_data *idata) ++{ ++ if (pam_modutil_sanitize_helper_fds(idata->pamh, PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_IGNORE_FD, PAM_MODUTIL_IGNORE_FD) < 0) { ++ _exit(1); ++ } ++} ++ ++static void ++strip_trailing_slashes(char *str) ++{ ++ char *p = str + strlen(str); ++ ++ while (--p > str && *p == '/') ++ *p = '\0'; ++} ++ ++static int protect_mount(int dfd, const char *path, struct instance_data *idata) ++{ ++ struct protect_dir_s *dir = idata->protect_dirs; ++ char tmpbuf[64]; ++ ++ while (dir != NULL) { ++ if (strcmp(path, dir->dir) == 0) { ++ return 0; ++ } ++ dir = dir->next; ++ } ++ ++ if (pam_sprintf(tmpbuf, "/proc/self/fd/%d", dfd) < 0) ++ return -1; ++ ++ dir = calloc(1, sizeof(*dir)); ++ ++ if (dir == NULL) { ++ return -1; ++ } ++ ++ dir->dir = strdup(path); ++ ++ if (dir->dir == NULL) { ++ free(dir); ++ return -1; ++ } ++ ++ if (idata->flags & PAMNS_DEBUG) { ++ pam_syslog(idata->pamh, LOG_INFO, ++ "Protect mount of %s over itself", path); ++ } ++ ++ if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { ++ int save_errno = errno; ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Protect mount of %s failed: %m", tmpbuf); ++ free(dir->dir); ++ free(dir); ++ errno = save_errno; ++ return -1; ++ } ++ ++ dir->next = idata->protect_dirs; ++ idata->protect_dirs = dir; ++ ++ return 0; ++} ++ ++static int protect_dir(const char *path, mode_t mode, int do_mkdir, ++ struct instance_data *idata) ++{ ++ char *p = strdup(path); ++ char *d; ++ char *dir = p; ++ int dfd = AT_FDCWD; ++ int dfd_next; ++ int save_errno; ++ int flags = O_RDONLY | O_DIRECTORY; ++ int rv = -1; ++ struct stat st; ++ ++ if (p == NULL) { ++ return -1; ++ } ++ ++ if (*dir == '/') { ++ dfd = open("/", flags); ++ if (dfd == -1) { ++ goto error; ++ } ++ dir++; /* assume / is safe */ ++ } ++ ++ while ((d=strchr(dir, '/')) != NULL) { ++ *d = '\0'; ++ dfd_next = openat(dfd, dir, flags); ++ if (dfd_next == -1) { ++ goto error; ++ } ++ ++ if (dfd != AT_FDCWD) ++ close(dfd); ++ dfd = dfd_next; ++ ++ if (fstat(dfd, &st) != 0) { ++ goto error; ++ } ++ ++ if (flags & O_NOFOLLOW) { ++ /* we are inside user-owned dir - protect */ ++ if (protect_mount(dfd, p, idata) == -1) ++ goto error; ++ } else if (st.st_uid != 0 || st.st_gid != 0 || ++ (st.st_mode & S_IWOTH)) { ++ /* do not follow symlinks on subdirectories */ ++ flags |= O_NOFOLLOW; ++ } ++ ++ *d = '/'; ++ dir = d + 1; ++ } ++ ++ rv = openat(dfd, dir, flags); ++ ++ if (rv == -1) { ++ if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { ++ goto error; ++ } ++ rv = openat(dfd, dir, flags); ++ } ++ ++ if (flags & O_NOFOLLOW) { ++ /* we are inside user-owned dir - protect */ ++ if (protect_mount(rv, p, idata) == -1) { ++ save_errno = errno; ++ close(rv); ++ rv = -1; ++ errno = save_errno; ++ } ++ } ++ ++error: ++ save_errno = errno; ++ free(p); ++ if (dfd != AT_FDCWD && dfd >= 0) ++ close(dfd); ++ errno = save_errno; ++ ++ return rv; ++} ++ + /* Evaluating a list of files which have to be parsed in the right order: + * + * - If etc/security/namespace.d/@filename@.conf exists, then +@@ -129,6 +278,7 @@ static char **read_namespace_dir(struct instance_data *idata) + return file_list; + } + ++ + /* + * Adds an entry for a polyinstantiated directory to the linked list of + * polyinstantiated directories. It is called from process_line() while +@@ -198,7 +348,7 @@ static void cleanup_protect_data(pam_handle_t *pamh UNUSED , void *data, int err + unprotect_dirs(data); + } + +-static char *expand_variables(const char *orig, const char *var_names[], const char *var_values[]) ++static char *expand_variables(const char *orig, const char *const var_names[], const char *var_values[]) + { + const char *src = orig; + char *dst; +@@ -209,7 +359,7 @@ static char *expand_variables(const char *orig, const char *var_names[], const c + if (*src == '$') { + int i; + for (i = 0; var_names[i]; i++) { +- int namelen = strlen(var_names[i]); ++ size_t namelen = strlen(var_names[i]); + if (strncmp(var_names[i], src+1, namelen) == 0) { + dstlen += strlen(var_values[i]) - 1; /* $ */ + src += namelen; +@@ -227,7 +377,7 @@ static char *expand_variables(const char *orig, const char *var_names[], const c + if (c == '$') { + int i; + for (i = 0; var_names[i]; i++) { +- int namelen = strlen(var_names[i]); ++ size_t namelen = strlen(var_names[i]); + if (strncmp(var_names[i], src+1, namelen) == 0) { + dst = stpcpy(dst, var_values[i]); + --dst; +@@ -311,8 +461,7 @@ static int parse_iscript_params(char *params, struct polydir_s *poly) + + if (*params != '\0') { + if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */ +- if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1) +- return -1; ++ poly->init_script = pam_asprintf("%s%s", NAMESPACE_D_DIR, params); + } else { + poly->init_script = strdup(params); + } +@@ -394,9 +543,9 @@ static int parse_method(char *method, struct polydir_s *poly, + { + enum polymethod pm; + char *sptr = NULL; +- static const char *method_names[] = { "user", "context", "level", "tmpdir", ++ static const char *const method_names[] = { "user", "context", "level", "tmpdir", + "tmpfs", NULL }; +- static const char *flag_names[] = { "create", "noinit", "iscript", ++ static const char *const flag_names[] = { "create", "noinit", "iscript", + "shared", "mntopts", NULL }; + static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT, + POLYDIR_ISCRIPT, POLYDIR_SHARED, POLYDIR_MNTOPTS }; +@@ -421,7 +570,7 @@ static int parse_method(char *method, struct polydir_s *poly, + + while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) { + for (i = 0; flag_names[i]; i++) { +- int namelen = strlen(flag_names[i]); ++ size_t namelen = strlen(flag_names[i]); + + if (strncmp(flag, flag_names[i], namelen) == 0) { + poly->flags |= flag_values[i]; +@@ -467,27 +616,27 @@ static int parse_method(char *method, struct polydir_s *poly, + * of the namespace configuration file. It skips over comments and incomplete + * or malformed lines. It processes a valid line with information on + * polyinstantiating a directory by populating appropriate fields of a +- * polyinstatiated directory structure and then calling add_polydir_entry to ++ * polyinstantiated directory structure and then calling add_polydir_entry to + * add that entry to the linked list of polyinstantiated directories. + */ + static int process_line(char *line, const char *home, const char *rhome, + struct instance_data *idata) + { + char *dir = NULL, *instance_prefix = NULL, *rdir = NULL; ++ const char *config_dir, *config_instance_prefix; + char *method, *uids; + char *tptr; + struct polydir_s *poly; + int retval = 0; + char **config_options = NULL; +- static const char *var_names[] = {"HOME", "USER", NULL}; ++ static const char *const var_names[] = {"HOME", "USER", NULL}; + const char *var_values[] = {home, idata->user}; + const char *rvar_values[] = {rhome, idata->ruser}; +- int len; + + /* + * skip the leading white space + */ +- while (*line && isspace(*line)) ++ while (*line && isspace((unsigned char)*line)) + line++; + + /* +@@ -523,22 +672,19 @@ static int process_line(char *line, const char *home, const char *rhome, + goto erralloc; + } + +- dir = config_options[0]; +- if (dir == NULL) { ++ config_dir = config_options[0]; ++ if (config_dir == NULL) { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing polydir"); + goto skipping; + } +- instance_prefix = config_options[1]; +- if (instance_prefix == NULL) { ++ config_instance_prefix = config_options[1]; ++ if (config_instance_prefix == NULL) { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing instance_prefix"); +- instance_prefix = NULL; + goto skipping; + } + method = config_options[2]; + if (method == NULL) { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing method"); +- instance_prefix = NULL; +- dir = NULL; + goto skipping; + } + +@@ -553,19 +699,16 @@ static int process_line(char *line, const char *home, const char *rhome, + /* + * Expand $HOME and $USER in poly dir and instance dir prefix + */ +- if ((rdir=expand_variables(dir, var_names, rvar_values)) == NULL) { +- instance_prefix = NULL; +- dir = NULL; ++ if ((rdir = expand_variables(config_dir, var_names, rvar_values)) == NULL) { + goto erralloc; + } + +- if ((dir=expand_variables(dir, var_names, var_values)) == NULL) { +- instance_prefix = NULL; ++ if ((dir = expand_variables(config_dir, var_names, var_values)) == NULL) { + goto erralloc; + } + +- if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values)) +- == NULL) { ++ if ((instance_prefix = expand_variables(config_instance_prefix, ++ var_names, var_values)) == NULL) { + goto erralloc; + } + +@@ -575,15 +718,8 @@ static int process_line(char *line, const char *home, const char *rhome, + pam_syslog(idata->pamh, LOG_DEBUG, "Expanded instance prefix: '%s'", instance_prefix); + } + +- len = strlen(dir); +- if (len > 0 && dir[len-1] == '/') { +- dir[len-1] = '\0'; +- } +- +- len = strlen(rdir); +- if (len > 0 && rdir[len-1] == '/') { +- rdir[len-1] = '\0'; +- } ++ strip_trailing_slashes(dir); ++ strip_trailing_slashes(rdir); + + if (dir[0] == '\0' || rdir[0] == '\0') { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); +@@ -594,26 +730,19 @@ static int process_line(char *line, const char *home, const char *rhome, + * Populate polyinstantiated directory structure with appropriate + * pathnames and the method with which to polyinstantiate. + */ +- if (strlen(dir) >= sizeof(poly->dir) +- || strlen(rdir) >= sizeof(poly->rdir) +- || strlen(instance_prefix) >= sizeof(poly->instance_prefix)) { +- pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); +- goto skipping; +- } +- strcpy(poly->dir, dir); +- strcpy(poly->rdir, rdir); +- strcpy(poly->instance_prefix, instance_prefix); +- + if (parse_method(method, poly, idata) != 0) { + goto skipping; + } + +- if (poly->method == TMPDIR) { +- if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { +- pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); +- goto skipping; +- } +- strcat(poly->instance_prefix, "XXXXXX"); ++#define COPY_STR(dst, src, apd) \ ++ pam_sprintf((dst), "%s%s", (src), (apd)) ++ ++ if (COPY_STR(poly->dir, dir, "") < 0 ++ || COPY_STR(poly->rdir, rdir, "") < 0 ++ || COPY_STR(poly->instance_prefix, instance_prefix, ++ poly->method == TMPDIR ? "XXXXXX" : "") < 0) { ++ pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); ++ goto skipping; + } + + /* +@@ -637,7 +766,7 @@ static int process_line(char *line, const char *home, const char *rhome, + if (uids) { + uid_t *uidptr; + const char *ustr, *sstr; +- int count, i; ++ size_t count, i; + + if (*uids == '~') { + poly->flags |= POLYDIR_EXCLUSIVE; +@@ -646,8 +775,13 @@ static int process_line(char *line, const char *home, const char *rhome, + for (count = 0, ustr = sstr = uids; sstr; ustr = sstr + 1, count++) + sstr = strchr(ustr, ','); + ++ if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) { ++ pam_syslog(idata->pamh, LOG_ERR, "Too many uids encountered in configuration"); ++ goto skipping; ++ } ++ + poly->num_uids = count; +- poly->uid = (uid_t *) malloc(count * sizeof (uid_t)); ++ poly->uid = malloc(count * sizeof (uid_t)); + uidptr = poly->uid; + if (uidptr == NULL) { + goto erralloc; +@@ -996,6 +1130,7 @@ static int form_context(const struct polydir_s *polyptr, + return rc; + } + /* Should never get here */ ++ freecon(scon); + return PAM_SUCCESS; + } + #endif +@@ -1057,10 +1192,8 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + + switch (pm) { + case USER: +- if (asprintf(i_name, "%s", idata->user) < 0) { +- *i_name = NULL; ++ if ((*i_name = strdup(idata->user)) == NULL) + goto fail; +- } + break; + + #ifdef WITH_SELINUX +@@ -1070,17 +1203,12 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context"); + goto fail; + } +- if (polyptr->flags & POLYDIR_SHARED) { +- if (asprintf(i_name, "%s", rawcon) < 0) { +- *i_name = NULL; +- goto fail; +- } +- } else { +- if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) { +- *i_name = NULL; +- goto fail; +- } +- } ++ if (polyptr->flags & POLYDIR_SHARED) ++ *i_name = strdup(rawcon); ++ else ++ *i_name = pam_asprintf("%s_%s", rawcon, idata->user); ++ if (*i_name == NULL) ++ goto fail; + break; + + #endif /* WITH_SELINUX */ +@@ -1110,11 +1238,12 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + *i_name = hash; + hash = NULL; + } else { +- char *newname; +- if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), +- *i_name, hash) < 0) { ++ char *newname = ++ pam_asprintf("%.*s_%s", ++ NAMESPACE_MAX_DIR_LEN - 1 - (int)strlen(hash), ++ *i_name, hash); ++ if (newname == NULL) + goto fail; +- } + free(*i_name); + *i_name = newname; + } +@@ -1139,137 +1268,6 @@ fail: + return rc; + } + +-static int protect_mount(int dfd, const char *path, struct instance_data *idata) +-{ +- struct protect_dir_s *dir = idata->protect_dirs; +- char tmpbuf[64]; +- +- while (dir != NULL) { +- if (strcmp(path, dir->dir) == 0) { +- return 0; +- } +- dir = dir->next; +- } +- +- dir = calloc(1, sizeof(*dir)); +- +- if (dir == NULL) { +- return -1; +- } +- +- dir->dir = strdup(path); +- +- if (dir->dir == NULL) { +- free(dir); +- return -1; +- } +- +- snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); +- +- if (idata->flags & PAMNS_DEBUG) { +- pam_syslog(idata->pamh, LOG_INFO, +- "Protect mount of %s over itself", path); +- } +- +- if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { +- int save_errno = errno; +- pam_syslog(idata->pamh, LOG_ERR, +- "Protect mount of %s failed: %m", tmpbuf); +- free(dir->dir); +- free(dir); +- errno = save_errno; +- return -1; +- } +- +- dir->next = idata->protect_dirs; +- idata->protect_dirs = dir; +- +- return 0; +-} +- +-static int protect_dir(const char *path, mode_t mode, int do_mkdir, +- struct instance_data *idata) +-{ +- char *p = strdup(path); +- char *d; +- char *dir = p; +- int dfd = AT_FDCWD; +- int dfd_next; +- int save_errno; +- int flags = O_RDONLY | O_DIRECTORY; +- int rv = -1; +- struct stat st; +- +- if (p == NULL) { +- goto error; +- } +- +- if (*dir == '/') { +- dfd = open("/", flags); +- if (dfd == -1) { +- goto error; +- } +- dir++; /* assume / is safe */ +- } +- +- while ((d=strchr(dir, '/')) != NULL) { +- *d = '\0'; +- dfd_next = openat(dfd, dir, flags); +- if (dfd_next == -1) { +- goto error; +- } +- +- if (dfd != AT_FDCWD) +- close(dfd); +- dfd = dfd_next; +- +- if (fstat(dfd, &st) != 0) { +- goto error; +- } +- +- if (flags & O_NOFOLLOW) { +- /* we are inside user-owned dir - protect */ +- if (protect_mount(dfd, p, idata) == -1) +- goto error; +- } else if (st.st_uid != 0 || st.st_gid != 0 || +- (st.st_mode & S_IWOTH)) { +- /* do not follow symlinks on subdirectories */ +- flags |= O_NOFOLLOW; +- } +- +- *d = '/'; +- dir = d + 1; +- } +- +- rv = openat(dfd, dir, flags); +- +- if (rv == -1) { +- if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { +- goto error; +- } +- rv = openat(dfd, dir, flags); +- } +- +- if (flags & O_NOFOLLOW) { +- /* we are inside user-owned dir - protect */ +- if (protect_mount(rv, p, idata) == -1) { +- save_errno = errno; +- close(rv); +- rv = -1; +- errno = save_errno; +- } +- } +- +-error: +- save_errno = errno; +- free(p); +- if (dfd != AT_FDCWD && dfd >= 0) +- close(dfd); +- errno = save_errno; +- +- return rv; +-} +- + static int check_inst_parent(char *ipath, struct instance_data *idata) + { + struct stat instpbuf; +@@ -1281,13 +1279,12 @@ static int check_inst_parent(char *ipath, struct instance_data *idata) + * admin explicitly instructs to ignore the instance parent + * mode by the "ignore_instance_parent_mode" argument). + */ +- inst_parent = (char *) malloc(strlen(ipath)+1); ++ inst_parent = strdup(ipath); + if (!inst_parent) { + pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string"); + return PAM_SESSION_ERR; + } + +- strcpy(inst_parent, ipath); + trailing_slash = strrchr(inst_parent, '/'); + if (trailing_slash) + *trailing_slash = '\0'; +@@ -1371,9 +1368,10 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + if (setuid(geteuid()) < 0) { + /* ignore failures, they don't matter */ + } ++ close_fds_pre_exec(idata); + +- if (execle(init_script, init_script, +- polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) ++ execle(init_script, init_script, ++ polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp); + _exit(1); + } else if (pid > 0) { + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && +@@ -1424,7 +1422,9 @@ static int create_polydir(struct polydir_s *polyptr, + + #ifdef WITH_SELINUX + if (idata->flags & PAMNS_SELINUX_ENABLED) { +- getfscreatecon_raw(&oldcon_raw); ++ if (getfscreatecon_raw(&oldcon_raw) != 0) ++ pam_syslog(idata->pamh, LOG_NOTICE, ++ "Error retrieving fs create context: %m"); + + label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); + if (!label_handle) { +@@ -1453,6 +1453,9 @@ static int create_polydir(struct polydir_s *polyptr, + if (rc == -1) { + pam_syslog(idata->pamh, LOG_ERR, + "Error creating directory %s: %m", dir); ++#ifdef WITH_SELINUX ++ freecon(oldcon_raw); ++#endif + return PAM_SESSION_ERR; + } + +@@ -1640,16 +1643,14 @@ static int ns_setup(struct polydir_s *polyptr, + + retval = protect_dir(polyptr->dir, 0, 0, idata); + +- if (retval < 0 && errno != ENOENT) { +- pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", +- polyptr->dir); +- return PAM_SESSION_ERR; +- } +- + if (retval < 0) { +- if ((polyptr->flags & POLYDIR_CREATE) && +- create_polydir(polyptr, idata) != PAM_SUCCESS) +- return PAM_SESSION_ERR; ++ if (errno != ENOENT || !(polyptr->flags & POLYDIR_CREATE)) { ++ pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", ++ polyptr->dir); ++ return PAM_SESSION_ERR; ++ } ++ if (create_polydir(polyptr, idata) != PAM_SUCCESS) ++ return PAM_SESSION_ERR; + } else { + close(retval); + } +@@ -1698,7 +1699,7 @@ static int ns_setup(struct polydir_s *polyptr, + #endif + } + +- if (asprintf(&inst_dir, "%s%s", polyptr->instance_prefix, instname) < 0) ++ if ((inst_dir = pam_asprintf("%s%s", polyptr->instance_prefix, instname)) == NULL) + goto error_out; + + if (idata->flags & PAMNS_DEBUG) +@@ -1810,8 +1811,9 @@ static int cleanup_tmpdirs(struct instance_data *idata) + _exit(1); + } + #endif +- if (execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp) < 0) +- _exit(1); ++ close_fds_pre_exec(idata); ++ execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp); ++ _exit(1); + } else if (pid > 0) { + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && + (errno == EINTR)); +@@ -1826,7 +1828,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) + } + } else if (pid < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Cannot fork to run namespace init script, %m"); ++ "Cannot fork to cleanup temporary directory, %m"); + rc = PAM_SESSION_ERR; + goto out; + } +diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h +index a991b4c..180e042 100644 +--- a/modules/pam_namespace/pam_namespace.h ++++ b/modules/pam_namespace/pam_namespace.h +@@ -44,21 +44,16 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include + #include + #include +-#include + #include + #include +-#include + #include + #include + #include +-#include + #include "security/pam_modules.h" + #include "security/pam_modutil.h" + #include "security/pam_ext.h" +@@ -114,7 +109,7 @@ + #define PAMNS_MOUNT_PRIVATE 0x00080000 /* Make the polydir mounts private */ + + /* polydir flags */ +-#define POLYDIR_EXCLUSIVE 0x00000001 /* polyinstatiate exclusively for override uids */ ++#define POLYDIR_EXCLUSIVE 0x00000001 /* polyinstantiate exclusively for override uids */ + #define POLYDIR_CREATE 0x00000002 /* create the polydir */ + #define POLYDIR_NOINIT 0x00000004 /* no init script */ + #define POLYDIR_SHARED 0x00000008 /* share context/level instances among users */ +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch b/meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch new file mode 100644 index 0000000000..ff0331aa38 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch @@ -0,0 +1,1128 @@ +From 475bd60c552b98c7eddb3270b0b4196847c0072e Mon Sep 17 00:00:00 2001 +From: Olivier Bal-Petre +Date: Tue, 4 Mar 2025 14:37:02 +0100 +Subject: [PATCH] pam_namespace: fix potential privilege escalation + +Existing protection provided by protect_dir() and protect_mount() were +bind mounting on themselves all directories part of the to-be-secured +paths. However, this works *only* against attacks executed by processes +in the same mount namespace as the one the mountpoint was created in. +Therefore, a user with an out-of-mount-namespace access, or multiple +users colluding, could exploit multiple race conditions, and, for +instance, elevate their privileges to root. + +This commit keeps the existing protection as a defense in depth +measure, and to keep the existing behavior of the module. However, +it converts all the needed function calls to operate on file +descriptors instead of absolute paths to protect against race +conditions globally. + +Signed-off-by: Olivier Bal-Petre +Signed-off-by: Dmitry V. Levin + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e] +CVE: CVE-2025-6020 +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/pam_namespace.c | 637 ++++++++++++++++++-------- + modules/pam_namespace/pam_namespace.h | 10 + + 2 files changed, 457 insertions(+), 190 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 166bfce..9d993d4 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -41,6 +41,8 @@ + #include "pam_namespace.h" + #include "argv_parse.h" + ++#define MAGIC_LNK_FD_SIZE 64 ++ + /* --- evaluating all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ + static const char *base_name(const char *path) + { +@@ -75,7 +77,7 @@ strip_trailing_slashes(char *str) + static int protect_mount(int dfd, const char *path, struct instance_data *idata) + { + struct protect_dir_s *dir = idata->protect_dirs; +- char tmpbuf[64]; ++ char tmpbuf[MAGIC_LNK_FD_SIZE]; + + while (dir != NULL) { + if (strcmp(path, dir->dir) == 0) { +@@ -121,56 +123,107 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata) + return 0; + } + +-static int protect_dir(const char *path, mode_t mode, int do_mkdir, ++/* ++ * Returns a fd to the given absolute path, acquired securely. This means: ++ * - iterating on each segment of the path, ++ * - not following user symlinks, ++ * - using race-free operations. ++ * ++ * Takes a bit mask to specify the operation mode: ++ * - SECURE_OPENDIR_PROTECT: call protect_mount() on each unsafe segment of path ++ * - SECURE_OPENDIR_MKDIR: create last segment of path if does not exist ++ * - SECURE_OPENDIR_FULL_FD: open the directory with O_RDONLY instead of O_PATH, ++ * allowing more operations to be done with the returned fd ++ * ++ * Be aware that using SECURE_OPENDIR_PROTECT: ++ * - will modify some external state (global structure...) and should not be ++ * called in cleanup code paths. See wrapper secure_opendir_stateless() ++ * - need a non-NULL idata to call protect_mount() ++ */ ++static int secure_opendir(const char *path, int opm, mode_t mode, + struct instance_data *idata) + { +- char *p = strdup(path); ++ char *p; + char *d; +- char *dir = p; +- int dfd = AT_FDCWD; ++ char *dir; ++ int dfd = -1; + int dfd_next; + int save_errno; +- int flags = O_RDONLY | O_DIRECTORY; ++ int flags = O_DIRECTORY | O_CLOEXEC; + int rv = -1; + struct stat st; + +- if (p == NULL) { ++ if (opm & SECURE_OPENDIR_FULL_FD) ++ flags |= O_RDONLY; ++ else ++ flags |= O_PATH; ++ ++ /* Check for args consistency */ ++ if ((opm & SECURE_OPENDIR_PROTECT) && idata == NULL) + return -1; +- } + +- if (*dir == '/') { +- dfd = open("/", flags); +- if (dfd == -1) { +- goto error; +- } +- dir++; /* assume / is safe */ ++ /* Accept only absolute paths */ ++ if (*path != '/') ++ return -1; ++ ++ dir = p = strdup(path); ++ if (p == NULL) ++ return -1; ++ ++ /* Assume '/' is safe */ ++ dfd = open("/", flags); ++ if (dfd == -1) ++ goto error; ++ ++ /* Needed to not loop too far and call openat() on NULL */ ++ strip_trailing_slashes(p); ++ ++ dir++; ++ ++ /* In case path is '/' */ ++ if (*dir == '\0') { ++ free(p); ++ return dfd; + } + + while ((d=strchr(dir, '/')) != NULL) { + *d = '\0'; ++ + dfd_next = openat(dfd, dir, flags); +- if (dfd_next == -1) { ++ if (dfd_next == -1) + goto error; +- } +- +- if (dfd != AT_FDCWD) +- close(dfd); +- dfd = dfd_next; + +- if (fstat(dfd, &st) != 0) { ++ if (fstat(dfd_next, &st) != 0) { ++ close(dfd_next); + goto error; + } + +- if (flags & O_NOFOLLOW) { ++ if ((flags & O_NOFOLLOW) && (opm & SECURE_OPENDIR_PROTECT)) { + /* we are inside user-owned dir - protect */ +- if (protect_mount(dfd, p, idata) == -1) ++ if (protect_mount(dfd_next, p, idata) == -1) { ++ close(dfd_next); ++ goto error; ++ } ++ /* ++ * Reopen the directory to obtain a new descriptor ++ * after protect_mount(), this is necessary in cases ++ * when another directory is going to be mounted over ++ * the given path. ++ */ ++ close(dfd_next); ++ dfd_next = openat(dfd, dir, flags); ++ if (dfd_next == -1) + goto error; +- } else if (st.st_uid != 0 || st.st_gid != 0 || +- (st.st_mode & S_IWOTH)) { ++ } else if (st.st_uid != 0 ++ || (st.st_gid != 0 && (st.st_mode & S_IWGRP)) ++ || (st.st_mode & S_IWOTH)) { + /* do not follow symlinks on subdirectories */ + flags |= O_NOFOLLOW; + } + ++ close(dfd); ++ dfd = dfd_next; ++ + *d = '/'; + dir = d + 1; + } +@@ -178,13 +231,14 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, + rv = openat(dfd, dir, flags); + + if (rv == -1) { +- if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { ++ if ((opm & SECURE_OPENDIR_MKDIR) && mkdirat(dfd, dir, mode) == 0) ++ rv = openat(dfd, dir, flags); ++ ++ if (rv == -1) + goto error; +- } +- rv = openat(dfd, dir, flags); + } + +- if (flags & O_NOFOLLOW) { ++ if ((flags & O_NOFOLLOW) && (opm & SECURE_OPENDIR_PROTECT)) { + /* we are inside user-owned dir - protect */ + if (protect_mount(rv, p, idata) == -1) { + save_errno = errno; +@@ -192,18 +246,95 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, + rv = -1; + errno = save_errno; + } ++ /* ++ * Reopen the directory to obtain a new descriptor after ++ * protect_mount(), this is necessary in cases when another ++ * directory is going to be mounted over the given path. ++ */ ++ close(rv); ++ rv = openat(dfd, dir, flags); + } + + error: + save_errno = errno; + free(p); +- if (dfd != AT_FDCWD && dfd >= 0) ++ if (dfd >= 0) + close(dfd); + errno = save_errno; + + return rv; + } + ++/* ++ * Returns a fd to the given path, acquired securely. ++ * It can be called in all situations, including in cleanup code paths, as ++ * it does not modify external state (no access to global structures...). ++ */ ++static int secure_opendir_stateless(const char *path) ++{ ++ return secure_opendir(path, 0, 0, NULL); ++} ++ ++/* ++ * Umount securely the given path, even if the directories along ++ * the path are under user control. It should protect against ++ * symlinks attacks and race conditions. ++ */ ++static int secure_umount(const char *path) ++{ ++ int save_errno; ++ int rv = -1; ++ int dfd = -1; ++ char s_path[MAGIC_LNK_FD_SIZE]; ++ ++ dfd = secure_opendir_stateless(path); ++ if (dfd == -1) ++ return rv; ++ ++ if (pam_sprintf(s_path, "/proc/self/fd/%d", dfd) < 0) ++ goto error; ++ ++ /* ++ * We still have a fd open to path itself, ++ * so we need to do a lazy umount. ++ */ ++ rv = umount2(s_path, MNT_DETACH); ++ ++error: ++ save_errno = errno; ++ close(dfd); ++ errno = save_errno; ++ return rv; ++} ++ ++/* ++ * Rmdir the given path securely, protecting against symlinks attacks ++ * and race conditions. ++ * This function is currently called only in cleanup code paths where ++ * any errors returned are not handled, so do not handle them either. ++ * Basically, try to rmdir the path on a best-effort basis. ++ */ ++static void secure_try_rmdir(const char *path) ++{ ++ int dfd; ++ char *buf; ++ char *parent; ++ ++ buf = strdup(path); ++ if (buf == NULL) ++ return; ++ ++ parent = dirname(buf); ++ ++ dfd = secure_opendir_stateless(parent); ++ if (dfd >= 0) { ++ unlinkat(dfd, base_name(path), AT_REMOVEDIR); ++ close(dfd); ++ } ++ ++ free(buf); ++} ++ + /* Evaluating a list of files which have to be parsed in the right order: + * + * - If etc/security/namespace.d/@filename@.conf exists, then +@@ -330,7 +461,7 @@ static void unprotect_dirs(struct protect_dir_s *dir) + struct protect_dir_s *next; + + while (dir != NULL) { +- umount(dir->dir); ++ secure_umount(dir->dir); + free(dir->dir); + next = dir->next; + free(dir); +@@ -734,13 +865,9 @@ static int process_line(char *line, const char *home, const char *rhome, + goto skipping; + } + +-#define COPY_STR(dst, src, apd) \ +- pam_sprintf((dst), "%s%s", (src), (apd)) +- +- if (COPY_STR(poly->dir, dir, "") < 0 +- || COPY_STR(poly->rdir, rdir, "") < 0 +- || COPY_STR(poly->instance_prefix, instance_prefix, +- poly->method == TMPDIR ? "XXXXXX" : "") < 0) { ++ if (pam_sprintf(poly->dir, "%s", dir) < 0 ++ || pam_sprintf(poly->rdir, "%s", rdir) < 0 ++ || pam_sprintf(poly->instance_prefix, "%s", instance_prefix) < 0) { + pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); + goto skipping; + } +@@ -1023,6 +1150,23 @@ static char *md5hash(const char *instname, struct instance_data *idata) + } + + #ifdef WITH_SELINUX ++static char *secure_getfilecon(pam_handle_t *pamh, const char *dir) ++{ ++ char *ctx = NULL; ++ int dfd = secure_opendir(dir, SECURE_OPENDIR_FULL_FD, 0, NULL); ++ if (dfd < 0) { ++ pam_syslog(pamh, LOG_ERR, "Error getting fd to %s: %m", dir); ++ return NULL; ++ } ++ if (fgetfilecon(dfd, &ctx) < 0) ++ ctx = NULL; ++ if (ctx == NULL) ++ pam_syslog(pamh, LOG_ERR, ++ "Error getting poly dir context for %s: %m", dir); ++ close(dfd); ++ return ctx; ++} ++ + static int form_context(const struct polydir_s *polyptr, + char **i_context, char **origcon, + struct instance_data *idata) +@@ -1034,12 +1178,9 @@ static int form_context(const struct polydir_s *polyptr, + /* + * Get the security context of the directory to polyinstantiate. + */ +- rc = getfilecon(polyptr->dir, origcon); +- if (rc < 0 || *origcon == NULL) { +- pam_syslog(idata->pamh, LOG_ERR, +- "Error getting poly dir context, %m"); ++ *origcon = secure_getfilecon(idata->pamh, polyptr->dir); ++ if (*origcon == NULL) + return PAM_SESSION_ERR; +- } + + if (polyptr->method == USER) return PAM_SUCCESS; + +@@ -1136,29 +1277,52 @@ static int form_context(const struct polydir_s *polyptr, + #endif + + /* +- * poly_name returns the name of the polyinstantiated instance directory ++ * From the instance differentiation string, set in the polyptr structure: ++ * - the absolute path to the instance dir, ++ * - the absolute path to the previous dir (parent), ++ * - the instance name (may be different than the instance differentiation string) ++ */ ++static int set_polydir_paths(struct polydir_s *polyptr, const char *inst_differentiation) ++{ ++ char *tmp; ++ ++ if (pam_sprintf(polyptr->instance_absolute, "%s%s", ++ polyptr->instance_prefix, inst_differentiation) < 0) ++ return -1; ++ ++ polyptr->instname = strrchr(polyptr->instance_absolute, '/') + 1; ++ ++ if (pam_sprintf(polyptr->instance_parent, "%s", polyptr->instance_absolute) < 0) ++ return -1; ++ ++ tmp = strrchr(polyptr->instance_parent, '/') + 1; ++ *tmp = '\0'; ++ ++ return 0; ++} ++ ++/* ++ * Set the name of the polyinstantiated instance directory + * based on the method used for polyinstantiation (user, context or level) + * In addition, the function also returns the security contexts of the + * original directory to polyinstantiate and the polyinstantiated instance + * directory. + */ + #ifdef WITH_SELINUX +-static int poly_name(const struct polydir_s *polyptr, char **i_name, +- char **i_context, char **origcon, +- struct instance_data *idata) ++static int poly_name(struct polydir_s *polyptr, char **i_context, ++ char **origcon, struct instance_data *idata) + #else +-static int poly_name(const struct polydir_s *polyptr, char **i_name, +- struct instance_data *idata) ++static int poly_name(struct polydir_s *polyptr, struct instance_data *idata) + #endif + { + int rc; ++ char *inst_differentiation = NULL; + char *hash = NULL; + enum polymethod pm; + #ifdef WITH_SELINUX + char *rawcon = NULL; + #endif + +- *i_name = NULL; + #ifdef WITH_SELINUX + *i_context = NULL; + *origcon = NULL; +@@ -1192,7 +1356,7 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + + switch (pm) { + case USER: +- if ((*i_name = strdup(idata->user)) == NULL) ++ if ((inst_differentiation = strdup(idata->user)) == NULL) + goto fail; + break; + +@@ -1204,20 +1368,24 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + goto fail; + } + if (polyptr->flags & POLYDIR_SHARED) +- *i_name = strdup(rawcon); ++ inst_differentiation = strdup(rawcon); + else +- *i_name = pam_asprintf("%s_%s", rawcon, idata->user); +- if (*i_name == NULL) ++ inst_differentiation = pam_asprintf("%s_%s", rawcon, idata->user); ++ if (inst_differentiation == NULL) + goto fail; + break; + + #endif /* WITH_SELINUX */ + + case TMPDIR: ++ if ((inst_differentiation = strdup("XXXXXX")) == NULL) ++ goto fail; ++ goto success; ++ + case TMPFS: +- if ((*i_name=strdup("")) == NULL) ++ if ((inst_differentiation=strdup("")) == NULL) + goto fail; +- return PAM_SUCCESS; ++ goto success; + + default: + if (idata->flags & PAMNS_DEBUG) +@@ -1226,32 +1394,37 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + } + + if (idata->flags & PAMNS_DEBUG) +- pam_syslog(idata->pamh, LOG_DEBUG, "poly_name %s", *i_name); ++ pam_syslog(idata->pamh, LOG_DEBUG, "poly_name %s", inst_differentiation); + +- if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) { +- hash = md5hash(*i_name, idata); ++ if ((idata->flags & PAMNS_GEN_HASH) || strlen(inst_differentiation) > NAMESPACE_MAX_DIR_LEN) { ++ hash = md5hash(inst_differentiation, idata); + if (hash == NULL) { + goto fail; + } + if (idata->flags & PAMNS_GEN_HASH) { +- free(*i_name); +- *i_name = hash; ++ free(inst_differentiation); ++ inst_differentiation = hash; + hash = NULL; + } else { + char *newname = + pam_asprintf("%.*s_%s", + NAMESPACE_MAX_DIR_LEN - 1 - (int)strlen(hash), +- *i_name, hash); ++ inst_differentiation, hash); + if (newname == NULL) + goto fail; +- free(*i_name); +- *i_name = newname; ++ free(inst_differentiation); ++ inst_differentiation = newname; + } + } +- rc = PAM_SUCCESS; + ++success: ++ if (set_polydir_paths(polyptr, inst_differentiation) == -1) ++ goto fail; ++ ++ rc = PAM_SUCCESS; + fail: + free(hash); ++ free(inst_differentiation); + #ifdef WITH_SELINUX + freecon(rawcon); + #endif +@@ -1262,55 +1435,35 @@ fail: + freecon(*origcon); + *origcon = NULL; + #endif +- free(*i_name); +- *i_name = NULL; + } + return rc; + } + +-static int check_inst_parent(char *ipath, struct instance_data *idata) ++static int check_inst_parent(int dfd, struct instance_data *idata) + { + struct stat instpbuf; +- char *inst_parent, *trailing_slash; +- int dfd; ++ + /* +- * stat the instance parent path to make sure it exists +- * and is a directory. Check that its mode is 000 (unless the +- * admin explicitly instructs to ignore the instance parent +- * mode by the "ignore_instance_parent_mode" argument). ++ * Stat the instance parent directory to make sure it's writable by ++ * root only (unless the admin explicitly instructs to ignore the ++ * instance parent mode by the "ignore_instance_parent_mode" argument). + */ +- inst_parent = strdup(ipath); +- if (!inst_parent) { +- pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string"); +- return PAM_SESSION_ERR; +- } + +- trailing_slash = strrchr(inst_parent, '/'); +- if (trailing_slash) +- *trailing_slash = '\0'; +- +- dfd = protect_dir(inst_parent, 0, 1, idata); ++ if (idata->flags & PAMNS_IGN_INST_PARENT_MODE) ++ return PAM_SUCCESS; + +- if (dfd == -1 || fstat(dfd, &instpbuf) < 0) { ++ if (fstat(dfd, &instpbuf) < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Error creating or accessing instance parent %s, %m", inst_parent); +- if (dfd != -1) +- close(dfd); +- free(inst_parent); ++ "Error accessing instance parent, %m"); + return PAM_SESSION_ERR; + } + +- if ((idata->flags & PAMNS_IGN_INST_PARENT_MODE) == 0) { +- if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000 or owner not root", +- inst_parent); +- close(dfd); +- free(inst_parent); +- return PAM_SESSION_ERR; +- } ++ if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Mode of inst parent not 000 or owner not root"); ++ return PAM_SESSION_ERR; + } +- close(dfd); +- free(inst_parent); ++ + return PAM_SUCCESS; + } + +@@ -1449,14 +1602,16 @@ static int create_polydir(struct polydir_s *polyptr, + } + #endif + +- rc = protect_dir(dir, mode, 1, idata); ++ rc = secure_opendir(dir, ++ SECURE_OPENDIR_PROTECT | SECURE_OPENDIR_MKDIR | SECURE_OPENDIR_FULL_FD, ++ mode, idata); + if (rc == -1) { + pam_syslog(idata->pamh, LOG_ERR, + "Error creating directory %s: %m", dir); + #ifdef WITH_SELINUX + freecon(oldcon_raw); + #endif +- return PAM_SESSION_ERR; ++ return -1; + } + + #ifdef WITH_SELINUX +@@ -1477,9 +1632,9 @@ static int create_polydir(struct polydir_s *polyptr, + pam_syslog(idata->pamh, LOG_ERR, + "Error changing mode of directory %s: %m", dir); + close(rc); +- umount(dir); /* undo the eventual protection bind mount */ +- rmdir(dir); +- return PAM_SESSION_ERR; ++ secure_umount(dir); /* undo the eventual protection bind mount */ ++ secure_try_rmdir(dir); ++ return -1; + } + } + +@@ -1497,41 +1652,37 @@ static int create_polydir(struct polydir_s *polyptr, + pam_syslog(idata->pamh, LOG_ERR, + "Unable to change owner on directory %s: %m", dir); + close(rc); +- umount(dir); /* undo the eventual protection bind mount */ +- rmdir(dir); +- return PAM_SESSION_ERR; ++ secure_umount(dir); /* undo the eventual protection bind mount */ ++ secure_try_rmdir(dir); ++ return -1; + } + +- close(rc); +- + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, + "Polydir owner %u group %u", uid, gid); + +- return PAM_SUCCESS; ++ return rc; + } + + /* +- * Create polyinstantiated instance directory (ipath). ++ * Create polyinstantiated instance directory. ++ * To protect against races, changes are done on a fd to the parent of the ++ * instance directory (dfd_iparent) and a relative path (polyptr->instname). ++ * The absolute path (polyptr->instance_absolute) is only updated when creating ++ * a tmpdir and used for logging purposes. + */ + #ifdef WITH_SELINUX +-static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, +- const char *icontext, const char *ocontext, +- struct instance_data *idata) ++static int create_instance(struct polydir_s *polyptr, int dfd_iparent, ++ struct stat *statbuf, const char *icontext, const char *ocontext, ++ struct instance_data *idata) + #else +-static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, +- struct instance_data *idata) ++static int create_instance(struct polydir_s *polyptr, int dfd_iparent, ++ struct stat *statbuf, struct instance_data *idata) + #endif + { + struct stat newstatbuf; + int fd; + +- /* +- * Check to make sure instance parent is valid. +- */ +- if (check_inst_parent(ipath, idata)) +- return PAM_SESSION_ERR; +- + /* + * Create instance directory and set its security context to the context + * returned by the security policy. Set its mode and ownership +@@ -1540,29 +1691,39 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + */ + + if (polyptr->method == TMPDIR) { +- if (mkdtemp(polyptr->instance_prefix) == NULL) { +- pam_syslog(idata->pamh, LOG_ERR, "Error creating temporary instance %s, %m", +- polyptr->instance_prefix); +- polyptr->method = NONE; /* do not clean up! */ +- return PAM_SESSION_ERR; +- } +- /* copy the actual directory name to ipath */ +- strcpy(ipath, polyptr->instance_prefix); +- } else if (mkdir(ipath, S_IRUSR) < 0) { ++ char s_path[PATH_MAX]; ++ /* ++ * Create the template for mkdtemp() as a magic link based on ++ * our existing fd to avoid symlink attacks and races. ++ */ ++ if (pam_sprintf(s_path, "/proc/self/fd/%d/%s", dfd_iparent, polyptr->instname) < 0 ++ || mkdtemp(s_path) == NULL) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Error creating temporary instance dir %s, %m", ++ polyptr->instance_absolute); ++ polyptr->method = NONE; /* do not clean up! */ ++ return PAM_SESSION_ERR; ++ } ++ ++ /* Copy the actual directory name to polyptr->instname */ ++ strcpy(polyptr->instname, base_name(s_path)); ++ } else if (mkdirat(dfd_iparent, polyptr->instname, S_IRUSR) < 0) { + if (errno == EEXIST) + return PAM_IGNORE; + else { + pam_syslog(idata->pamh, LOG_ERR, "Error creating %s, %m", +- ipath); ++ polyptr->instance_absolute); + return PAM_SESSION_ERR; + } + } + +- /* Open a descriptor to it to prevent races */ +- fd = open(ipath, O_DIRECTORY | O_RDONLY); ++ /* Open a descriptor to prevent races, based on our existing fd. */ ++ fd = openat(dfd_iparent, polyptr->instname, ++ O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); + if (fd < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error opening %s, %m", ipath); +- rmdir(ipath); ++ pam_syslog(idata->pamh, LOG_ERR, "Error opening %s, %m", ++ polyptr->instance_absolute); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + #ifdef WITH_SELINUX +@@ -1572,17 +1733,19 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + if (icontext) { + if (fsetfilecon(fd, icontext) < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Error setting context of %s to %s", ipath, icontext); ++ "Error setting context of %s to %s", ++ polyptr->instance_absolute, icontext); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + } else { + if (fsetfilecon(fd, ocontext) < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Error setting context of %s to %s", ipath, ocontext); ++ "Error setting context of %s to %s", ++ polyptr->instance_absolute, ocontext); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + } +@@ -1590,9 +1753,9 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + #endif + if (fstat(fd, &newstatbuf) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", +- ipath); ++ polyptr->instance_absolute); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + if (newstatbuf.st_uid != statbuf->st_uid || +@@ -1600,17 +1763,17 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + if (fchown(fd, statbuf->st_uid, statbuf->st_gid) < 0) { + pam_syslog(idata->pamh, LOG_ERR, + "Error changing owner for %s, %m", +- ipath); ++ polyptr->instance_absolute); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + } + if (fchmod(fd, statbuf->st_mode & 07777) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Error changing mode for %s, %m", +- ipath); ++ polyptr->instance_absolute); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + close(fd); +@@ -1629,9 +1792,12 @@ static int ns_setup(struct polydir_s *polyptr, + struct instance_data *idata) + { + int retval; ++ int dfd_iparent = -1; ++ int dfd_ipath = -1; ++ int dfd_pptrdir = -1; + int newdir = 1; +- char *inst_dir = NULL; +- char *instname = NULL; ++ char s_ipath[MAGIC_LNK_FD_SIZE]; ++ char s_pptrdir[MAGIC_LNK_FD_SIZE]; + struct stat statbuf; + #ifdef WITH_SELINUX + char *instcontext = NULL, *origcontext = NULL; +@@ -1641,37 +1807,48 @@ static int ns_setup(struct polydir_s *polyptr, + pam_syslog(idata->pamh, LOG_DEBUG, + "Set namespace for directory %s", polyptr->dir); + +- retval = protect_dir(polyptr->dir, 0, 0, idata); ++ dfd_pptrdir = secure_opendir(polyptr->dir, SECURE_OPENDIR_PROTECT, 0, idata); + +- if (retval < 0) { ++ if (dfd_pptrdir < 0) { + if (errno != ENOENT || !(polyptr->flags & POLYDIR_CREATE)) { + pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", + polyptr->dir); + return PAM_SESSION_ERR; + } +- if (create_polydir(polyptr, idata) != PAM_SUCCESS) ++ dfd_pptrdir = create_polydir(polyptr, idata); ++ if (dfd_pptrdir < 0) + return PAM_SESSION_ERR; +- } else { +- close(retval); + } + + if (polyptr->method == TMPFS) { +- if (mount("tmpfs", polyptr->dir, "tmpfs", polyptr->mount_flags, polyptr->mount_opts) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", +- polyptr->dir); +- return PAM_SESSION_ERR; +- } ++ /* ++ * There is no function mount() that operate on a fd, so instead, we ++ * get the magic link corresponding to the fd and give it to mount(). ++ * This protects against potential races exploitable by an unpriv user. ++ */ ++ if (pam_sprintf(s_pptrdir, "/proc/self/fd/%d", dfd_pptrdir) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error pam_sprintf s_pptrdir"); ++ goto error_out; ++ } + +- if (polyptr->flags & POLYDIR_NOINIT) +- return PAM_SUCCESS; ++ if (mount("tmpfs", s_pptrdir, "tmpfs", polyptr->mount_flags, polyptr->mount_opts) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", ++ polyptr->dir); ++ goto error_out; ++ } ++ ++ if (polyptr->flags & POLYDIR_NOINIT) { ++ retval = PAM_SUCCESS; ++ goto cleanup; ++ } + +- return inst_init(polyptr, "tmpfs", idata, 1); ++ retval = inst_init(polyptr, "tmpfs", idata, 1); ++ goto cleanup; + } + +- if (stat(polyptr->dir, &statbuf) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", +- polyptr->dir); +- return PAM_SESSION_ERR; ++ if (fstat(dfd_pptrdir, &statbuf) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", polyptr->dir); ++ goto error_out; + } + + /* +@@ -1680,15 +1857,16 @@ static int ns_setup(struct polydir_s *polyptr, + * security policy. + */ + #ifdef WITH_SELINUX +- retval = poly_name(polyptr, &instname, &instcontext, +- &origcontext, idata); ++ retval = poly_name(polyptr, &instcontext, &origcontext, idata); + #else +- retval = poly_name(polyptr, &instname, idata); ++ retval = poly_name(polyptr, idata); + #endif + + if (retval != PAM_SUCCESS) { +- if (retval != PAM_IGNORE) ++ if (retval != PAM_IGNORE) { + pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); ++ goto error_out; ++ } + goto cleanup; + } else { + #ifdef WITH_SELINUX +@@ -1699,22 +1877,33 @@ static int ns_setup(struct polydir_s *polyptr, + #endif + } + +- if ((inst_dir = pam_asprintf("%s%s", polyptr->instance_prefix, instname)) == NULL) +- goto error_out; +- +- if (idata->flags & PAMNS_DEBUG) +- pam_syslog(idata->pamh, LOG_DEBUG, "instance_dir %s", +- inst_dir); ++ /* ++ * Gets a fd in a secure manner (we may be operating on a path under ++ * user control), and check it's compliant. ++ * Then, we should *always* operate on *this* fd and a relative path ++ * to be protected against race conditions. ++ */ ++ dfd_iparent = secure_opendir(polyptr->instance_parent, ++ SECURE_OPENDIR_PROTECT | SECURE_OPENDIR_MKDIR, 0, idata); ++ if (dfd_iparent == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "polyptr->instance_parent %s access error", ++ polyptr->instance_parent); ++ goto error_out; ++ } ++ if (check_inst_parent(dfd_iparent, idata)) { ++ goto error_out; ++ } + + /* + * Create instance directory with appropriate security + * contexts, owner, group and mode bits. + */ + #ifdef WITH_SELINUX +- retval = create_instance(polyptr, inst_dir, &statbuf, instcontext, +- origcontext, idata); ++ retval = create_instance(polyptr, dfd_iparent, &statbuf, instcontext, ++ origcontext, idata); + #else +- retval = create_instance(polyptr, inst_dir, &statbuf, idata); ++ retval = create_instance(polyptr, dfd_iparent, &statbuf, idata); + #endif + + if (retval == PAM_IGNORE) { +@@ -1726,19 +1915,48 @@ static int ns_setup(struct polydir_s *polyptr, + goto error_out; + } + ++ /* ++ * Instead of getting a new secure fd, we reuse the fd opened on directory ++ * polyptr->instance_parent to ensure we are working on the same dir as ++ * previously, and thus ensure that previous checks (e.g. check_inst_parent()) ++ * are still relevant. ++ */ ++ dfd_ipath = openat(dfd_iparent, polyptr->instname, ++ O_PATH | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); ++ if (dfd_ipath == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error openat on %s, %m", ++ polyptr->instname); ++ goto error_out; ++ } ++ ++ if (pam_sprintf(s_ipath, "/proc/self/fd/%d", dfd_ipath) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error pam_sprintf s_ipath"); ++ goto error_out; ++ } ++ ++ if (pam_sprintf(s_pptrdir, "/proc/self/fd/%d", dfd_pptrdir) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error pam_sprintf s_pptrdir"); ++ goto error_out; ++ } ++ + /* + * Bind mount instance directory on top of the polyinstantiated + * directory to provide an instance of polyinstantiated directory + * based on polyinstantiated method. ++ * ++ * Operates on magic links created from two fd obtained securely ++ * to protect against race conditions and symlink attacks. Indeed, ++ * the source and destination can be in a user controled path. + */ +- if (mount(inst_dir, polyptr->dir, NULL, MS_BIND, NULL) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error mounting %s on %s, %m", +- inst_dir, polyptr->dir); ++ if(mount(s_ipath, s_pptrdir, NULL, MS_BIND, NULL) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Error mounting %s on %s (%s on %s), %m", ++ s_ipath, s_pptrdir, polyptr->instance_absolute, polyptr->dir); + goto error_out; + } + + if (!(polyptr->flags & POLYDIR_NOINIT)) +- retval = inst_init(polyptr, inst_dir, idata, newdir); ++ retval = inst_init(polyptr, polyptr->instance_absolute, idata, newdir); + + goto cleanup; + +@@ -1750,8 +1968,12 @@ error_out: + retval = PAM_SESSION_ERR; + + cleanup: +- free(inst_dir); +- free(instname); ++ if (dfd_iparent != -1) ++ close(dfd_iparent); ++ if (dfd_ipath != -1) ++ close(dfd_ipath); ++ if (dfd_pptrdir != -1) ++ close(dfd_pptrdir); + #ifdef WITH_SELINUX + freecon(instcontext); + freecon(origcontext); +@@ -1790,6 +2012,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) + { + struct polydir_s *pptr; + pid_t rc, pid; ++ int dfd = -1; + struct sigaction newsa, oldsa; + int status; + +@@ -1801,7 +2024,17 @@ static int cleanup_tmpdirs(struct instance_data *idata) + } + + for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { +- if (pptr->method == TMPDIR && access(pptr->instance_prefix, F_OK) == 0) { ++ if (pptr->method == TMPDIR) { ++ ++ dfd = secure_opendir_stateless(pptr->instance_parent); ++ if (dfd == -1) ++ continue; ++ ++ if (faccessat(dfd, pptr->instname, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { ++ close(dfd); ++ continue; ++ } ++ + pid = fork(); + if (pid == 0) { + static char *envp[] = { NULL }; +@@ -1811,10 +2044,21 @@ static int cleanup_tmpdirs(struct instance_data *idata) + _exit(1); + } + #endif ++ if (fchdir(dfd) == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, "Failed fchdir to %s: %m", ++ pptr->instance_absolute); ++ _exit(1); ++ } ++ + close_fds_pre_exec(idata); +- execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp); ++ ++ execle("/bin/rm", "/bin/rm", "-rf", pptr->instname, NULL, envp); + _exit(1); + } else if (pid > 0) { ++ ++ if (dfd != -1) ++ close(dfd); ++ + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && + (errno == EINTR)); + if (rc == (pid_t)-1) { +@@ -1827,6 +2071,10 @@ static int cleanup_tmpdirs(struct instance_data *idata) + "Error removing %s", pptr->instance_prefix); + } + } else if (pid < 0) { ++ ++ if (dfd != -1) ++ close(dfd); ++ + pam_syslog(idata->pamh, LOG_ERR, + "Cannot fork to cleanup temporary directory, %m"); + rc = PAM_SESSION_ERR; +@@ -1850,6 +2098,7 @@ out: + static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) + { + int retval = 0, need_poly = 0, changing_dir = 0; ++ int dfd = -1; + char *cptr, *fptr, poly_parent[PATH_MAX]; + struct polydir_s *pptr; + +@@ -1965,13 +2214,21 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) + strcpy(poly_parent, "/"); + else if (cptr) + *cptr = '\0'; +- if (chdir(poly_parent) < 0) { ++ ++ dfd = secure_opendir_stateless(poly_parent); ++ if (dfd == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Failed opening %s to fchdir: %m", poly_parent); ++ } ++ else if (fchdir(dfd) == -1) { + pam_syslog(idata->pamh, LOG_ERR, +- "Can't chdir to %s, %m", poly_parent); ++ "Failed fchdir to %s: %m", poly_parent); + } ++ if (dfd != -1) ++ close(dfd); + } + +- if (umount(pptr->rdir) < 0) { ++ if (secure_umount(pptr->rdir) < 0) { + int saved_errno = errno; + pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", + pptr->rdir); +@@ -2041,7 +2298,7 @@ static int orig_namespace(struct instance_data *idata) + "Unmounting instance dir for user %d & dir %s", + idata->uid, pptr->dir); + +- if (umount(pptr->dir) < 0) { ++ if (secure_umount(pptr->dir) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", + pptr->dir); + return PAM_SESSION_ERR; +diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h +index 180e042..721d39a 100644 +--- a/modules/pam_namespace/pam_namespace.h ++++ b/modules/pam_namespace/pam_namespace.h +@@ -121,6 +121,13 @@ + #define NAMESPACE_POLYDIR_DATA "pam_namespace:polydir_data" + #define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data" + ++/* ++ * Operation mode for function secure_opendir() ++ */ ++#define SECURE_OPENDIR_PROTECT 0x00000001 ++#define SECURE_OPENDIR_MKDIR 0x00000002 ++#define SECURE_OPENDIR_FULL_FD 0x00000004 ++ + /* + * Polyinstantiation method options, based on user, security context + * or both +@@ -158,6 +165,9 @@ struct polydir_s { + char dir[PATH_MAX]; /* directory to polyinstantiate */ + char rdir[PATH_MAX]; /* directory to unmount (based on RUSER) */ + char instance_prefix[PATH_MAX]; /* prefix for instance dir path name */ ++ char instance_absolute[PATH_MAX]; /* absolute path to the instance dir (instance_parent + instname) */ ++ char instance_parent[PATH_MAX]; /* parent dir of the instance dir */ ++ char *instname; /* last segment of the path to the instance dir */ + enum polymethod method; /* method used to polyinstantiate */ + unsigned int num_uids; /* number of override uids */ + uid_t *uid; /* list of override uids */ +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch b/meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch new file mode 100644 index 0000000000..18c2a82fb4 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch @@ -0,0 +1,187 @@ +From 592d84e1265d04c3104acee815a503856db503a1 Mon Sep 17 00:00:00 2001 +From: Olivier Bal-Petre +Date: Tue, 4 Mar 2025 14:37:02 +0100 +Subject: [PATCH] pam_namespace: add flags to indicate path safety + +Add two flags in the script to indicate if the paths to the polydir +and the instance directories are safe (root owned and writable by +root only). + +Signed-off-by: Olivier Bal-Petre +Signed-off-by: Dmitry V. Levin + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1] +CVE: CVE-2025-6020 +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/namespace.init | 56 ++++++++++++------- + modules/pam_namespace/pam_namespace.c | 79 ++++++++++++++++++++++++++- + 2 files changed, 115 insertions(+), 20 deletions(-) + +diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init +index d9053a1..8782178 100755 +--- a/modules/pam_namespace/namespace.init ++++ b/modules/pam_namespace/namespace.init +@@ -1,25 +1,43 @@ + #!/bin/sh +-# It receives polydir path as $1, the instance path as $2, +-# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, +-# and user name in $4. ++# It receives as arguments: ++# - $1 polydir path (see WARNING below) ++# - $2 instance path (see WARNING below) ++# - $3 flag whether the instance dir was newly created (0 - no, 1 - yes) ++# - $4 user name ++# - $5 flag whether the polydir path ($1) is safe (0 - unsafe, 1 -safe) ++# - $6 flag whether the instance path ($2) is safe (0 - unsafe, 1 - safe) ++# ++# WARNING: This script is invoked with full root privileges. Accessing ++# the polydir ($1) and the instance ($2) directories in this context may be ++# extremely dangerous as those can be under user control. The flags $5 and $6 ++# are provided to let you know if all the segments part of the path (except the ++# last one) are owned by root and are writable by root only. If the path does ++# not meet these criteria, you expose yourself to possible symlink attacks when ++# accessing these path. ++# However, even if the path components are safe, the content of the ++# directories may still be owned/writable by a user, so care must be taken! + # + # The following section will copy the contents of /etc/skel if this is a + # newly created home directory. +-if [ "$3" = 1 ]; then +- # This line will fix the labeling on all newly created directories +- [ -x /sbin/restorecon ] && /sbin/restorecon "$1" +- user="$4" +- passwd=$(getent passwd "$user") +- homedir=$(echo "$passwd" | cut -f6 -d":") +- if [ "$1" = "$homedir" ]; then +- gid=$(echo "$passwd" | cut -f4 -d":") +- cp -rT /etc/skel "$homedir" +- chown -R "$user":"$gid" "$homedir" +- mask=$(awk '/^UMASK/{gsub("#.*$", "", $2); print $2; exit}' /etc/login.defs) +- mode=$(printf "%o" $((0777 & ~mask))) +- chmod ${mode:-700} "$homedir" +- [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" +- fi +-fi + ++# Executes only if the polydir path is safe ++if [ "$5" = 1 ]; then ++ ++ if [ "$3" = 1 ]; then ++ # This line will fix the labeling on all newly created directories ++ [ -x /sbin/restorecon ] && /sbin/restorecon "$1" ++ user="$4" ++ passwd=$(getent passwd "$user") ++ homedir=$(echo "$passwd" | cut -f6 -d":") ++ if [ "$1" = "$homedir" ]; then ++ gid=$(echo "$passwd" | cut -f4 -d":") ++ cp -rT /etc/skel "$homedir" ++ chown -R "$user":"$gid" "$homedir" ++ mask=$(sed -E -n 's/^UMASK[[:space:]]+([^#[:space:]]+).*/\1/p' /etc/login.defs) ++ mode=$(printf "%o" $((0777 & ~mask))) ++ chmod ${mode:-700} "$homedir" ++ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" ++ fi ++ fi ++fi + exit 0 +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 9d993d4..4c8153b 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -1467,6 +1467,79 @@ static int check_inst_parent(int dfd, struct instance_data *idata) + return PAM_SUCCESS; + } + ++/* ++ * Check for a given absolute path that all segments except the last one are: ++ * 1. a directory owned by root and not writable by group or others ++ * 2. a symlink owned by root and referencing a directory respecting 1. ++ * Returns 0 if safe, -1 is unsafe. ++ * If the path is not accessible (does not exist, hidden under a mount...), ++ * returns -1 (unsafe). ++ */ ++static int check_safe_path(const char *path, struct instance_data *idata) ++{ ++ char *p = strdup(path); ++ char *d; ++ char *dir = p; ++ struct stat st; ++ ++ if (p == NULL) ++ return -1; ++ ++ /* Check path is absolute */ ++ if (p[0] != '/') ++ goto error; ++ ++ strip_trailing_slashes(p); ++ ++ /* Last segment of the path may be owned by the user */ ++ if ((d = strrchr(dir, '/')) != NULL) ++ *d = '\0'; ++ ++ while ((d=strrchr(dir, '/')) != NULL) { ++ ++ /* Do not follow symlinks */ ++ if (lstat(dir, &st) != 0) ++ goto error; ++ ++ if (S_ISLNK(st.st_mode)) { ++ if (st.st_uid != 0) { ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Path deemed unsafe: Symlink %s should be owned by root", dir); ++ goto error; ++ } ++ ++ /* Follow symlinks */ ++ if (stat(dir, &st) != 0) ++ goto error; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Path deemed unsafe: %s is expected to be a directory", dir); ++ goto error; ++ } ++ ++ if (st.st_uid != 0 || ++ ((st.st_mode & (S_IWGRP|S_IWOTH)) && !(st.st_mode & S_ISVTX))) { ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Path deemed unsafe: %s should be owned by root, and not be writable by group or others", dir); ++ goto error; ++ } ++ ++ *d = '\0'; ++ } ++ ++ free(p); ++ return 0; ++ ++error: ++ free(p); ++ return -1; ++} ++ + /* + * Check to see if there is a namespace initialization script in + * the /etc/security directory. If such a script exists +@@ -1524,7 +1597,11 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + close_fds_pre_exec(idata); + + execle(init_script, init_script, +- polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp); ++ polyptr->dir, ipath, ++ newdir ? "1":"0", idata->user, ++ (check_safe_path(polyptr->dir, idata) == -1) ? "0":"1", ++ (check_safe_path(ipath, idata) == -1) ? "0":"1", ++ NULL, envp); + _exit(1); + } else if (pid > 0) { + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch b/meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch new file mode 100644 index 0000000000..238bef47ec --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch @@ -0,0 +1,35 @@ +From 976c20079358d133514568fc7fd95c02df8b5773 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Tue, 27 May 2025 08:00:00 +0000 +Subject: [PATCH] pam_namespace: secure_opendir: do not look at the group + ownership + +When the directory is not group-writable, the group ownership does +not matter, and when it is group-writable, there should not be any +exceptions for the root group as there is no guarantee that the root +group does not include non-root users. + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773] +CVE: CVE-2025-6020 +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/pam_namespace.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 4c8153b..791dd07 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -215,8 +215,7 @@ static int secure_opendir(const char *path, int opm, mode_t mode, + if (dfd_next == -1) + goto error; + } else if (st.st_uid != 0 +- || (st.st_gid != 0 && (st.st_mode & S_IWGRP)) +- || (st.st_mode & S_IWOTH)) { ++ || (st.st_mode & (S_IWGRP|S_IWOTH))) { + /* do not follow symlinks on subdirectories */ + flags |= O_NOFOLLOW; + } +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb index 714cdb6552..815085cc82 100644 --- a/meta/recipes-extended/pam/libpam_1.5.3.bb +++ b/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -29,6 +29,11 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://CVE-2024-22365.patch \ file://CVE-2024-10041-1.patch \ file://CVE-2024-10041-2.patch \ + file://0001-pam-inline-pam-asprintf.patch \ + file://0002-pam-namespace-rebase.patch \ + file://CVE-2025-6020-01.patch \ + file://CVE-2025-6020-02.patch \ + file://CVE-2025-6020-03.patch \ " SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" From patchwork Thu Jul 24 21:35:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67439 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EF54C87FCC for ; Thu, 24 Jul 2025 21:36:00 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.5122.1753392957401175888 for ; Thu, 24 Jul 2025 14:35:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=VbOoSqHN; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-748fe69a7baso1350563b3a.3 for ; Thu, 24 Jul 2025 14:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392956; x=1753997756; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Dydt2fcc7HxFJdrBqrikSIq9mVuFmwi2cOm79sNhPuY=; b=VbOoSqHN7ug8FydCleGcnMXXgf83S2+/ljQcOPMDJ6LEkU+x1eJ72coJHGQ5zsm0wm 1rygRaX7EmjyvFVyEgFn/ru/hKdmiof/4w/eRH7PkwQqQBEWCrh3InGAXnimSu99ido/ jqZHK81UeORej8vITr7P6kmVlGUtKpePQdxThIq9Kx1ddc6g12+AcTtijvkK6MIR36pO E1yI62aiVJEPTWL/KH9EQZBqYVYhhIOWS+84eMFlX1I+9aoVYaQvVwTsnaqSpQRbZgTf jLhf1ajXWQ0+dELSpkh1NkLb5lSjhmjeQIn5cJ4c2Nd04MLH8k7tnFSiXEOsFdrpPyt4 hgZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392956; x=1753997756; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dydt2fcc7HxFJdrBqrikSIq9mVuFmwi2cOm79sNhPuY=; b=TrA7wWl5LjWdWkQiiRWD5lcktx6AI10/ig+so5n/7yDhcSA79zys7VoWSph91VjAQE f2pQRD0fM7XoxJMO1OUj6jin7qCrtcPOLchgv3/7wWldxyoMbK3XKrih/8ljtUndLTON OEVyc7nJyWbRy9BRTWR0wZV+AIS2dRgigN0nC5JEAzLTyG9ak2aKurXzmUOQ9Do53sm5 mHxc+MUpqHA2nKXPh6inm0G5xcYBhufFpsRMSys4sL3duT2o8mScz2wpLUAG7K4MuLrd mPL1g9zit3Z/BY/sCqV466BFQskPQMJAUq0SIQ/2oIhWjJmhtBsiKOEItEuyNqBxl2GG ji8g== X-Gm-Message-State: AOJu0YyRfBdrHA0YHIWOsfK1i2XFCHL5QK7uIjAP1sTzQQ5Z0EA4xQ6f q8r9844j93wlbvDMB7t0qMxghzIf9O8MIZYm4k7MGLg6v/hYGRQCxCqNiDnNoCFtY+2XJfi1W48 BD20a X-Gm-Gg: ASbGncusuf8zNzRLjS7TclZ4wQRcZAagJKji/PsfOGOjtlJvh+PaPhE7YOmrUwF/0W1 q0+QTusM1r2MGjTNF7Js2VGcaveE5ktw803ZT15n0m0yZhpo/98wqz0kNWiKMI5RzOjdJTCbOfs Zsl9Mpxlj3GCuggULIFWsIuNGc0KUl9cHQr45cuprznQ7kzG5b4bWsstl+saIACVQdx4Vpw2n76 d7jRvaNhe3exm7tCP6pRt5VKxkReaguvaJTqIUw5y436PzU/cgNvU2L8+G2zLNTWXHVUHdfLh/W ujds5JsWSKZ0PV20K/zVvdNWQOm7H9ML5nRQqBCRVqW1e+NUSA85Zc7A50q2P2YPHwJR2YXoz3U mQgGlto6gFKDb X-Google-Smtp-Source: AGHT+IER+R2Ok0uNR6LNd2puvmU9CO3oiAy3XoaH5L5svNXGJlDyZiNWxmfJE31MuFGRol8B4/xI8Q== X-Received: by 2002:a05:6a20:cd91:b0:21f:5598:4c2c with SMTP id adf61e73a8af0-23d49032907mr14669488637.13.1753392956531; Thu, 24 Jul 2025 14:35:56 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/16] glibc: stable 2.39 branch updates Date: Thu, 24 Jul 2025 14:35:25 -0700 Message-ID: <779e3dccae95a6427317cbd7bc754f4d545efda6.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220882 From: Deepesh Varatharajan $ git log --oneline 06a70769fd0b2e1f2a3085ad50ab620282bd77b3..cff1042cceec3502269947e96cf7023451af22f3 cff1042cce Fix error reporting (false negatives) in SGID tests 1924d341c0 support: Pick group in support_capture_subprogram_self_sgid if UID == 0 Testing Results: Before After Diff PASS 5074 5082 +8 XPASS 4 4 0 FAIL 121 116 -5 XFAIL 16 16 0 UNSUPPORTED 157 154 -3 cff1042cce Fix error reporting (false negatives) in SGID tests Improved SGID test handling by unifying error reporting and using secure temporary directories. Replaced non-standard exit codes and fixed premature exits to avoid masking failures. These changes reduced false negatives, increasing overall test pass rates UNSUPPORTED tests changes -UNSUPPORTED: stdlib/tst-secure-getenv -UNSUPPORTED: elf/tst-env-setuid-static -UNSUPPORTED: elf/tst-env-setuid-tunables FAILed tests changes -FAIL: malloc/tst-aligned-alloc-random-thread-cross-malloc-check -FAIL: malloc/tst-aligned-alloc-random-thread-malloc-check -FAIL: malloc/tst-dynarray -FAIL: malloc/tst-dynarray-mem -FAIL: resolv/tst-resolv-aliases PASSed tests changes +PASS: stdlib/tst-secure-getenv +PASS: elf/tst-env-setuid-static +PASS: elf/tst-env-setuid-tunables +PASS: malloc/tst-aligned-alloc-random-thread-cross-malloc-check +PASS: malloc/tst-aligned-alloc-random-thread-malloc-check +PASS: malloc/tst-dynarray +PASS: malloc/tst-dynarray-mem +PASS: resolv/tst-resolv-aliases Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 0130613936..6ee9fc7a0b 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.39/master" PV = "2.39+git" -SRCREV_glibc ?= "06a70769fd0b2e1f2a3085ad50ab620282bd77b3" +SRCREV_glibc ?= "cff1042cceec3502269947e96cf7023451af22f3" SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" From patchwork Thu Jul 24 21:35:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67437 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62693C87FC5 for ; Thu, 24 Jul 2025 21:36:00 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web11.5251.1753392959766488864 for ; Thu, 24 Jul 2025 14:35:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=mg78Fd3C; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-75ab31c426dso1285975b3a.3 for ; Thu, 24 Jul 2025 14:35:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392959; x=1753997759; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0Hvo5vsVjKoOjscMm2OibQrM1vdRdkv7ItWY8D/ctRU=; b=mg78Fd3CScGJXT32lcZJnKwsH6EKZoLjH00HIqS7sqgorx2eEzFXvLXqFNloeXsri+ Ers0G4Ih14ufE8ma7N//G2znc8JSv6VvAPrK+tWpD20qH3i/wMxmgXrpo5Stk73FplTl uZvTKHb3ElR+wfpW7EHlwcM2ZyOQKdn2I8Vwsl+G+H5lTVijHJFoiTkVUKGhT+C0xIjR rTAAWAHltkN4VZHX7cK22yx1MwMxnGZs/8IRnpmncfqx6JwwtS81YpT6mfCxWrR8s9a+ lCP6XFGA4x3zH05MSJc2IbQWxABpW3UryBnG3clsQMxvCn7cmsjVE9Qj1YUMwn/R5JH1 6LKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392959; x=1753997759; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0Hvo5vsVjKoOjscMm2OibQrM1vdRdkv7ItWY8D/ctRU=; b=qY1JnvZt19QHTESIs8ImH0iYB7BxEGLX71dc1NeTxY9LkNr6iaETcOYxCF0rqzCsCX YTdX87p345290Pxt7xGkb/Et4PhN4/vnvtXrKdrvWeeLz/S1WLUHE7L+XQko6VTWF0CQ ar+unxzQwkrWpZxa1CBxpjcI79W+iv0UDd5Mys9GiCpekgi56fsMUdqDslTIgW0kjFbY 9+afZpL12vOgt3UIUplzBX+fZk2exiE3FTbSOT+dTyBDa3PNN/g3UPICafT+Kg1Cll7v C+QKEU/QT/aN/SHsPTpvswhMnXLWFnn15z3IcI+UeCqc7WqxETeiRyf7Pslzjc9ezh77 Yxmw== X-Gm-Message-State: AOJu0YwsaX1W1/pdOTPnfs1nSrlyAAQu3mxIT8xcQ4RaZM8Mw7/tSjlk +gL1ei6wQU+TpFF9ocYjep5LA4JjwxibWgqekGd7dMkWgzM9BDmJexX27HjnQTSlN+yeJuZ+UNu 83hd3 X-Gm-Gg: ASbGncsLxWjykjym/foHZPXucNWFnDaXO/kVO0gdEk2liHGh6AtYMjeKvqF4XosnacD Gh/TZX8yu7CeGuYAflONlsfUJarxrPHLOMqOo6JvxYY+2rO69YxQNNBnrjpfafhVvcMYeGTUWXY oX1TUFHNWu3uafp++Xw37Gg/M8kjGZyuM1cU20wvTYacLzby2ouo8BFmaABW+u8JYcJ7qKxnvlp H28zHZVLyVmDjLunFuLF6Wgu1QIkbIrgcgFK8WRJ5rSCGrE10A1coZ8amWnuwiOGBDE5c9rEM/Q pNExbCKBCwxbe5gJuz8uqpMtTICMVF9ajOu1Zb07WCeLljVyeCe78VRhWfsq1+C8y6qOD69PIfb HHszx9CqpMsDQ X-Google-Smtp-Source: AGHT+IFczEaC0IcEAzLfyOGBE0wu/8MsQQU8nmnmExuEr/jNKmzsQC59woHzFhtOM0dL7TaFKrzZsg== X-Received: by 2002:a05:6a00:a1c:b0:748:eedb:902a with SMTP id d2e1a72fcca58-760353f328fmr11142252b3a.17.1753392958865; Thu, 24 Jul 2025 14:35:58 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:35:58 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/16] xserver-xorg: upgrade 21.1.6 -> 21.1.18 Date: Thu, 24 Jul 2025 14:35:26 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220883 From: Vijay Anusuri xorg-server 21.1.17 This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html * CVE-2025-49175 * CVE-2025-49176 * CVE-2025-49177 * CVE-2025-49178 * CVE-2025-49179 * CVE-2025-49180 Additionally, this release includes a fix for CVE-2022-49737 which was issued after the fix was merged back in 2022 and several other various fixes. Ref: https://lists.x.org/archives/xorg-announce/2025-June/003609.html xorg-server 21.1.18 This release contains an additional fix for CVE-2025-49176 from June 17 security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html Ref: https://lists.x.org/archives/xorg-announce/2025-June/003612.html Signed-off-by: Vijay Anusuri Signed-off-by: Richard Purdie (cherry picked from commit a59b385184fb3a548dc27310fd04d64351d8dfba) Signed-off-by: Steve Sakoman --- .../{xserver-xorg_21.1.16.bb => xserver-xorg_21.1.18.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.16.bb => xserver-xorg_21.1.18.bb} (92%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb similarity index 92% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb index 38c81f2372..14c45be432 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "b14a116d2d805debc5b5b2aac505a279e69b217dae2fae2dfcb62400471a9970" +SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. From patchwork Thu Jul 24 21:35:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67443 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 818CCC83F26 for ; Thu, 24 Jul 2025 21:36:10 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.5252.1753392961639097813 for ; Thu, 24 Jul 2025 14:36:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TJ1t0XbB; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-747c2cc3419so1253526b3a.2 for ; Thu, 24 Jul 2025 14:36:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392961; x=1753997761; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HSsdKBra9mZkHSzcTEDb25tIoW0vzyYhkK/O+6KW4fU=; b=TJ1t0XbBMOOXgTxty8jmoJFNvjIaTlD8xTjIiuiovaYTY+iWNRbUfoqAxyDVI3ZkwZ 2M1AKR7Cln9R9fKwRhfVADjoIduh2Cf9rdwrSBka4i/bxBCLaJKXyYub5ohwAuQJmWIR Pb9CQwoXikYglQWd9MXbtCg9ybTA9R8j9hrV54IBEnrsDLAtzVWSalZBDs5vk0iANPIR sV87l5qhRLu8pY0H3c6nv1e/he1P1ChEyX3x7/Un+G9A/IGwmeWC1ObjYPPgtJPz08rR oHrQoENh8IMNFMAf4vMp1Md4sayurQxPsvr0Y77xuIXhyA2bPj6n6ZQBorivXNjp49q8 8sqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392961; x=1753997761; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HSsdKBra9mZkHSzcTEDb25tIoW0vzyYhkK/O+6KW4fU=; b=dUe9qQgf8yAkcE3hVHYYJwndNam1Z+hN8Xv+RHVpp5MsGwI3oxq8i6kDNyLkMO6NSb R5JmFvzbRndOGWqOiXgq5FNkeFJDFVhjdQqxLfZeF/7NGyjkgKkOxHlwPEch7ZzMutK3 4VlboLXgVJoQxHrQMo8ZO19SSFjbWNv/eJ7mF/1S0uHlhvLUPoBsvQVNZoprHL15czxe lHg1fXX/e3Pn4UbzE/Ae+1Vt+aijP5O0wzhafiW2uuDOOFDQnh3kqdABhum1w2EIaU0V YwSFoOxa1Mj4UvSelxDEkINUFA9ZS7V0CzVUi+4Gbsda2MtkfxQnt6KWEqSWAGj/OPQY Dbrg== X-Gm-Message-State: AOJu0YzAkZkkq9ij/PcUISC4yddi8btfU+qoSuktKPzB6jVBSa49MCX+ ngHbKKZx4DUUx5XnICbYgz61F0hrTGZv2VcmDKPBYzWQa+OypEMIOwZ3uoYQP5XoO5dX6MUnHmf 2LeN+ X-Gm-Gg: ASbGnculBNBuahugciwPJjuUYexufGLtFK+qSn3/lk3gTG0k8hTcomiFf6KBlLQ6Oul aCuBQEOM/nMZnEzqkUt6RNeELWSHnsYDkELYvYiug9C8iykHiK/LatmkLOjGdh8MhXu4/iGlVGk SAUfuWQWITc7Tt8i1RSI2wbVBsPo9jmqnLv6Wqg4GQGCS8sT162mKXOJuZQJYVP9OHiwKqQFOnt FLMvogmI/v9vEjcW/9/7L1Eunw1hLNR2SFA864cAzWIES0fezMBpzrYN8V+woQaXwNcIgZJMeRT NBpRnxzh4TGN0o2W4sUuj6dAAWCCbVxgd7fx/x9pAXTcvSXCImxQxA84s1ZbtdPqRC3GEePfc4M ruz5G7euhkXFg X-Google-Smtp-Source: AGHT+IFOQJb4l/RmWPs5aaESwSMHr35jaYmwfeGT93TVxro1AogkEd9vVti/hyvIkK2NPQCaRPJaoA== X-Received: by 2002:a05:6a00:ad0:b0:748:fcfa:8bd5 with SMTP id d2e1a72fcca58-76034c002c7mr13449620b3a.3.1753392960777; Thu, 24 Jul 2025 14:36:00 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.35.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:36:00 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/16] mtools: upgrade 4.0.43 -> 4.0.44 Date: Thu, 24 Jul 2025 14:35:27 -0700 Message-ID: <972b82b816a0a9cc51b2a7c8f6a96e66e15ae2fa.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220884 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (From OE-Core rev: dd8c333576d7ebb8abab3a62b3451439519a0caa) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/mtools/clang_UNUSED.patch | 19 +++++++++++++------ .../mtools/disable-hardcoded-configs.patch | 7 +++---- .../mtools/mtools/mtools-makeinfo.patch | 11 +++++------ .../{mtools_4.0.43.bb => mtools_4.0.44.bb} | 2 +- 4 files changed, 22 insertions(+), 17 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.43.bb => mtools_4.0.44.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 6bb9d6a3da..20a6d1b8b3 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,12 +1,19 @@ -Undefine UNUSED macros with clang +From c72d075cb0c3a65ef17621c7ed1ffac35ca3b68e Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 19 Sep 2018 11:55:41 -0700 +Subject: [PATCH] Undefine UNUSED macros with clang Upstream-Status: Pending Signed-off-by: Khem Raj -Index: mtools-4.0.18/sysincludes.h -=================================================================== ---- mtools-4.0.18.orig/sysincludes.h -+++ mtools-4.0.18/sysincludes.h -@@ -101,7 +101,7 @@ typedef void *caddr_t; +--- + sysincludes.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysincludes.h b/sysincludes.h +index e16ab45..8d285d4 100644 +--- a/sysincludes.h ++++ b/sysincludes.h +@@ -98,7 +98,7 @@ typedef void *caddr_t; #if defined __GNUC__ && defined __STDC__ /* gcc -traditional doesn't have PACKED, UNUSED and NORETURN */ # define PACKED __attribute__ ((packed)) diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 57be935487..1bed4e7614 100644 --- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 2ef9b371a5cc44e730143e694d71665831fac216 Mon Sep 17 00:00:00 2001 +From 0953b744b0257e26c170fb6d6b4c0f6210e4ae43 Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -6,16 +6,15 @@ Subject: [PATCH] Disabled reading host configs. Upstream-Status: Inappropriate [native] Signed-off-by: Ed Bartosh - --- config.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 2f6a297..3181ed7 100644 +index 358282b..8ebafb4 100644 --- a/config.c +++ b/config.c -@@ -844,14 +844,6 @@ void read_config(void) +@@ -868,14 +868,6 @@ void read_config(void) memcpy(devices, const_devices, nr_const_devices*sizeof(struct device)); diff --git a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch index 6ae91d6cb9..3771f94c59 100644 --- a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch +++ b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch @@ -1,17 +1,16 @@ -From 3cf56b36db78679273f61ba78fbbf7f3fab52f68 Mon Sep 17 00:00:00 2001 +From 184b76e9742ff89f90a066edb0f46b4a150351cf Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Fri, 8 Jun 2007 08:35:12 +0000 Subject: [PATCH] mtools: imported from OE Upstream-Status: Inappropriate [licensing] - --- Makefile.in | 11 ++++++----- configure.in | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 616d59f..85b5b1d 100644 +index 5db50d7..92ad461 100644 --- a/Makefile.in +++ b/Makefile.in @@ -26,10 +26,11 @@ USERCFLAGS = @@ -30,7 +29,7 @@ index 616d59f..85b5b1d 100644 # do not edit below this line -@@ -199,7 +200,7 @@ dvi: mtools.dvi +@@ -185,7 +186,7 @@ dvi: mtools.dvi ps: mtools.ps %.ps: %.dvi @@ -40,10 +39,10 @@ index 616d59f..85b5b1d 100644 pdf: mtools.pdf %.pdf: %.texi sysconfdir.texi diff --git a/configure.in b/configure.in -index 5ff75c1..c0f7440 100644 +index 1de916e..fd6cb08 100644 --- a/configure.in +++ b/configure.in -@@ -35,6 +35,33 @@ AC_CANONICAL_SYSTEM +@@ -32,6 +32,33 @@ AC_CANONICAL_TARGET AC_C_CONST AC_C_INLINE diff --git a/meta/recipes-devtools/mtools/mtools_4.0.43.bb b/meta/recipes-devtools/mtools/mtools_4.0.44.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.43.bb rename to meta/recipes-devtools/mtools/mtools_4.0.44.bb index 859103979e..d8dd671be2 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.43.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.44.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "541e179665dc4e272b9602f2074243591a157da89cc47064da8c5829dbd2b339" +SRC_URI[sha256sum] = "37dc4df022533c3d4b2ec1c78973c27c7e8b585374c2d46ab64c6a3db31eddb8" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Thu Jul 24 21:35:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67442 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81906C87FCA for ; Thu, 24 Jul 2025 21:36:10 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.5129.1753392963276538518 for ; Thu, 24 Jul 2025 14:36:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HAy1eKMO; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7600271f3e9so1347125b3a.0 for ; Thu, 24 Jul 2025 14:36:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392962; x=1753997762; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NzAxt/O2Fay1mqf/qQx9AHOhDhpUFstU1dd9oPxAxLQ=; b=HAy1eKMOUk4B0s0QEmMzxIBOILvSV53SQwDfEJphIZhM3wbWXB29LRKJuOffWnYBi4 vnJiDs6BnKJ1lrNo54P7uOUIExxcCbxziicX9QIlhKrxOF2cMrNL61lysIiYxRfnlCFB AtXoxWKecvS/wIc1BqB00TJ68EM9ChwO+O62DXTq5kWnoIpzq5czemtZX0sNfEE6GoAH paR4yqTt0MEBVLKyxDNKBN9NcOSHSV1AXp0+Ys5vGOwxeQEbOcd6kfgY7hxlzWtitATI VylSt9oCoXos5QuWWmOOHS6dAnHqh/hVmXt+RZYNx7E8+PtHrDyxU3oAsESjmRS5zgrQ Y8rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392962; x=1753997762; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NzAxt/O2Fay1mqf/qQx9AHOhDhpUFstU1dd9oPxAxLQ=; b=RvcoiJ7bBgr8/gNbpVF3WJ1EM4dZ5sp6a0DL+i7ZDGFhDVS2IjcGGamqkq2hSCnM6M feJaB8WN0jn8LvALsjBO1Z/gEWyME1kq45Q5bqxx35gqGWktpB3YDXX+9LV+I9KbTqKx NGLsgh/lu5t33HhrLmi3pSlRhbROnWJNgyhHSTffW2TLZLRlrEvkxkOB5HjQZNTaScPk cftXfagvriltdMHqdUELwR0YtKnnuY7cDJHFz0kC21i1g+W7hEajop3cbtHVYa5Z456/ 1KIjsYuu579vqqK5l1PXP+vWZG2zFQmwc07GttsSSQqq0TieGbHRUZrBy65qxbhx3mh3 sndg== X-Gm-Message-State: AOJu0YziAGRmGlZ5i0njV3J8DsqozwBpuM9bg1G28+AcHCY8yFqbq7Qi W6DOx6a6euyacO5BFD2TEdndqB0S2eFXTgV0KXF96wjbYdWc2DLeJ/1FLioAhBrxTz9W3hfQuxn WEVql X-Gm-Gg: ASbGncuCgQ8cQs+V1fIezaL5EJl2y6928vvDgej4Ip0J/gz6A3rpWikpTfZfc1OcGrX kz1ipNNvZoQcHcxa57gA/3g+U7yMSuC1Kl6LDqAyv3sWeVTuntcdM1vHE0lPAbajytDVEgXQlHY ULJlJPduWapbo1sOGyhcwlC0DEkrSq4vRw5oTfj5srCQHkcpXpJNQgRa1JReNLvR71M1MzXNkx+ j4fSzLtAb8ZMV8pKKpW2cz1bikKdR6S4OQSYIxWb99hBKQw0Xwiu3s5ZwHAEBVyC1Bb5qOZmJ6V 3oSp62b15ec1V0uxj1XoyS/5R6tsLJpA9yrE6bIaXoQGaFz+BINgK7U/r25yxbhOM4s9hX3W9g3 sRWDv/+LWjJn1 X-Google-Smtp-Source: AGHT+IHaHQKMYTvL9Drfj/FkFBIm5gJU3Iet9JekMFDbuOIhGlsuQKdJkK0YhmfGclp8DqYyZzA7UQ== X-Received: by 2002:a05:6a00:1a08:b0:742:aed4:3e1 with SMTP id d2e1a72fcca58-761ee65d556mr4122116b3a.2.1753392962475; Thu, 24 Jul 2025 14:36:02 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.36.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:36:02 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/16] mtools: upgrade 4.0.44 -> 4.0.45 Date: Thu, 24 Jul 2025 14:35:28 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220885 From: Wang Mingyu Changelog: ============ - Fixed iconv descriptor leak - Fixed size of error message buffer Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (From OE-Core rev: cc1975888ffdc58655e80d3d14450cf68ee0f719) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/{mtools_4.0.44.bb => mtools_4.0.45.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/mtools/{mtools_4.0.44.bb => mtools_4.0.45.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools_4.0.44.bb b/meta/recipes-devtools/mtools/mtools_4.0.45.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.44.bb rename to meta/recipes-devtools/mtools/mtools_4.0.45.bb index d8dd671be2..34040d7a0d 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.44.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.45.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "37dc4df022533c3d4b2ec1c78973c27c7e8b585374c2d46ab64c6a3db31eddb8" +SRC_URI[sha256sum] = "0b008a96bd0efe0e542fa4383d469af66bc4a93394990b103730a8160a67d618" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Thu Jul 24 21:35:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67444 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E48FC87FC5 for ; Thu, 24 Jul 2025 21:36:10 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.5256.1753392965053412240 for ; Thu, 24 Jul 2025 14:36:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xRVJAAdj; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-75ce8f8a3cdso1049950b3a.0 for ; Thu, 24 Jul 2025 14:36:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392964; x=1753997764; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3z9SldFNgT4ZI6OK1LZ29TPpvD4+RmFlODYbOy5Yt4w=; b=xRVJAAdjYT/1twDfX84eVLHlEHan/Uv+VkZd9P2uY1ua38XfbVLoFs15LUY+AGzqAc SastUqgOEZUwxiAf7Hze5TTI3+Xu4cRqJtIMUWQ1DWHAbsdX3BVkB5UMp5u0UHjS5fkj dLIShR2VJPWUT1qjrO6VNEjUqktkybu7YoOPcbJBtnVFTgWXoHVzdh8dvBHMs5KHJQK+ cXQv/0ciBqPVxP7nfDqC50eLZWxVGIS8NU9D6KDJnKZst6LapR8mR4a5sQG9RzjhLP3+ pTLh4+qipDCoBMwC3imQZ0jajRkmKC+66g25W4/ZLG15Vqx3ISwKM6yZif4VdFTiTJQt 6J0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392964; x=1753997764; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3z9SldFNgT4ZI6OK1LZ29TPpvD4+RmFlODYbOy5Yt4w=; b=TiSdxnVs577k2TFLYm9558jGFfq02NQtpqUrZ+GMrry/nZAat+UdgIpymnW/Gy4X/L w5gAM4xUIAJVLbSQVl4SXtoKYyZuuhxQRDbzO/+j/LOUtDak/jZpXLx/W8XSDwW8visW gqSSPgrHuTnSy3ZlEbQDd38FJOGSz1sb4QErH6L/mYpvzwPtJ1vnlun0F2D0XlpR4CG0 qPzsSDOL+XpKLsDFRQ+HqTzGY52vgR0ZBKy87j8PuLRH9nyydArQSS6mXGkTcIcgG6HU Wz1FR+uxLlgj1fwkqffPRufQ17B1M7xs06RKhhqKnmWcSJR4DRU/TOFyDwBXeXSE8GsY UaPQ== X-Gm-Message-State: AOJu0YzoitZas6pwljR9Ob1IVaTCmBkSL5vyogIiR91mEw66+lwmVXN+ zmjcbevAXHKPj/W6ELG7Fh6eQxDfdqXgjpEEI4zR45tlV8bqiy5LfuIbnTxi1rT6ZrwMm09QOil 2UNHD X-Gm-Gg: ASbGncti14lyQOCR5iw3fFUhnvv6qDvadRLFB1dzMGLoJPpqoRRfVXhNmhg6WL91V8K UUhxP7l1I9q0HYw6OJ6YgR2WoklR0qxrJPu3Kj+DMz7Dyv13ObqaIBSU5hQYZJOTa5+HSo4MKJK m7zcxNudLtxfsVP0yjVxs4+UCPXlmTPCQTsGMj1L1+sgCR5AnUY9KccflZseDFunYwXNsRCAeG/ kwM+Bwec3gqcCsOtQ+mm9gx2W2BgGxp7OvBtVs3Ka3rMaj9K8JCepT4oRzZ+m6VAhMtkpIcv5pm tFsYgG82FK9yd7raqZsmJMbpYGPxj2j+Gt9BOSO7ZQfRSbglAwnsmpdLmz16S3XeTQmnpRdKNb9 PknjKpaoWio5+ X-Google-Smtp-Source: AGHT+IFE9N7wfIbcgpuGu8ARdLg8PISvCqbmMhcC9nCo8zoQj18TucMy5K3Iw6YaaYlN40i93y/cQA== X-Received: by 2002:a05:6a21:1fc7:b0:239:23ef:41bc with SMTP id adf61e73a8af0-23d49146b88mr11999166637.41.1753392964221; Thu, 24 Jul 2025 14:36:04 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.36.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:36:03 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/16] mtools: upgrade 4.0.45 -> 4.0.46 Date: Thu, 24 Jul 2025 14:35:29 -0700 Message-ID: <57ce12a28781fa86ccf08df2b7da59d1b18a5295.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220886 From: Wang Mingyu clang_UNUSED.patch mtools-makeinfo.patch refreshed for 4.0.46 Changelog: ============= - iconv buffer overflow fixes - removed references to mread and mwrite (obsolete subcommands from mcopy) - documented mdoctorfat, and addressed 2 bugs/oversights - removed references to obsolete mread and mwrite - portability fixes (dietlibc and MacOS X) & simplification Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (From OE-Core rev: f5a5b2372669d8be4ae3f19ed6892264ea3999d0) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/mtools/clang_UNUSED.patch | 6 +++--- .../mtools/mtools/mtools-makeinfo.patch | 16 ++++++++-------- .../{mtools_4.0.45.bb => mtools_4.0.46.bb} | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.45.bb => mtools_4.0.46.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 20a6d1b8b3..1420d84b86 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,4 +1,4 @@ -From c72d075cb0c3a65ef17621c7ed1ffac35ca3b68e Mon Sep 17 00:00:00 2001 +From 6654edfb1eee416b58bcb6490658f80071a353c2 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 19 Sep 2018 11:55:41 -0700 Subject: [PATCH] Undefine UNUSED macros with clang @@ -10,10 +10,10 @@ Signed-off-by: Khem Raj 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysincludes.h b/sysincludes.h -index e16ab45..8d285d4 100644 +index 6b322ff..48daecd 100644 --- a/sysincludes.h +++ b/sysincludes.h -@@ -98,7 +98,7 @@ typedef void *caddr_t; +@@ -85,7 +85,7 @@ ac_cv_func_setpgrp_void=yes ../mtools/configure --build=i386-linux-gnu --host=i3 #if defined __GNUC__ && defined __STDC__ /* gcc -traditional doesn't have PACKED, UNUSED and NORETURN */ # define PACKED __attribute__ ((packed)) diff --git a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch index 3771f94c59..8c80040f91 100644 --- a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch +++ b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch @@ -1,4 +1,4 @@ -From 184b76e9742ff89f90a066edb0f46b4a150351cf Mon Sep 17 00:00:00 2001 +From fd1e84c66852c2c906ee292aad942b4bfbd9e306 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Fri, 8 Jun 2007 08:35:12 +0000 Subject: [PATCH] mtools: imported from OE @@ -6,11 +6,11 @@ Subject: [PATCH] mtools: imported from OE Upstream-Status: Inappropriate [licensing] --- Makefile.in | 11 ++++++----- - configure.in | 27 +++++++++++++++++++++++++++ + configure.ac | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 5db50d7..92ad461 100644 +index 7b305b0..70c8c74 100644 --- a/Makefile.in +++ b/Makefile.in @@ -26,10 +26,11 @@ USERCFLAGS = @@ -38,11 +38,11 @@ index 5db50d7..92ad461 100644 pdf: mtools.pdf %.pdf: %.texi sysconfdir.texi -diff --git a/configure.in b/configure.in -index 1de916e..fd6cb08 100644 ---- a/configure.in -+++ b/configure.in -@@ -32,6 +32,33 @@ AC_CANONICAL_TARGET +diff --git a/configure.ac b/configure.ac +index de108a8..0fd9ef0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -33,6 +33,33 @@ AC_CANONICAL_TARGET AC_C_CONST AC_C_INLINE diff --git a/meta/recipes-devtools/mtools/mtools_4.0.45.bb b/meta/recipes-devtools/mtools/mtools_4.0.46.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.45.bb rename to meta/recipes-devtools/mtools/mtools_4.0.46.bb index 34040d7a0d..1173718662 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.45.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.46.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "0b008a96bd0efe0e542fa4383d469af66bc4a93394990b103730a8160a67d618" +SRC_URI[sha256sum] = "9aad8dd859f88fb7787924ec47590192d3abf7bad6c840509c854290d6bc16c0" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Thu Jul 24 21:35:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67447 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AB05C87FCC for ; Thu, 24 Jul 2025 21:36:10 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.5258.1753392966666665841 for ; Thu, 24 Jul 2025 14:36:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=UQjHLVDk; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-747e41d5469so1672537b3a.3 for ; Thu, 24 Jul 2025 14:36:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392966; x=1753997766; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UwwUi9JuNSH19d7iE1Oeh8hYS90Xyi53paCrizCwBBI=; b=UQjHLVDkxmsPrdKeOAouwQc5YhRXZmYDFb6GMGq7tZgdoiO4Mibhg95Wug0jPtlo+w OqgK0ekZEeLChGNpMq0SIUrqSjazfgQ1Q+hSPI3guqWzxqH2JwmHPoYPHudhiZZ3hL+g eF7eNS0LrK0CuyywBjGKscY01G6kHkQYf5DQnkeNO6KPKFRJe7h3id0Uz+VvG+Z66Lgf UePYN5450cVjOr1A3A5ApQO3gqrXe0cbEaaCLkSlfqMfyTYjjYA1FWW7W+AUaFCWouHB iYxmitU5N1Y0rxqGPPodmCYzVLA047Vl62xM7nLo+4ySqKKUA6Ck9TegeSCrgH2qurM1 khzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392966; x=1753997766; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UwwUi9JuNSH19d7iE1Oeh8hYS90Xyi53paCrizCwBBI=; b=p6zYqa9XNJcl6iflytdcC7JmMVn7PZ9q9yKRkqtzngywXqPMJeMb5b0JDMeFlU1BJp AukxxruzLu5Rriyu8E5/tXPFmh0DeR0R4gppN1DoWO1HaUbUuzX5h8dmkLPwV4R9mHj5 SV0SUAbMbJTHvLLZLQo0YDWCPAGMoc22oqHWIXM9SBSJXgqOKfnooO9YQCfJKehUuJax uPC9Lt/JWZsDJbqghl2u8SRSxEp//JK0rrHnp7XRuXuwN5v7rOQmDwwERIQXQk2dsrqO K2BHcbNRlvakKXGC+kmeELPS1ZcFhPcSExDmk5DqgXp8xKO37NP2m1MNxKsydyG5OvKG lftQ== X-Gm-Message-State: AOJu0YwMWQl/jqUeUxSAAvSMHFOrt3zuisPKTHbEqAuoDFAx0iE0bzqa i8aJI7hLddsriTOyz18tkTkovA8N76ro8kkmlHvgguns0dsnmhLqcR8uHtHmGpNGsXzR7JyDDSR pWeIy X-Gm-Gg: ASbGncsnc5pshRYkEd2XPafKXGyyLmFAaIWdZwwm1K71ZC+NhrCz4CAq50Gf4wwhBTy mwms1WeYjPaOsOs6qvQyEU2y+dbq/1YOgOT3mhIycMJuRWw1abi0Sxkicgc8SgwlND7LenZ1sUB aYO9vUc6dZT0DPPmpMXcMJfhJUok8f3vZaiKTleQ8bIknWdo6X/tAAmTjz8t6mzbckWoVrj+NIY j1o1ZSOHw6lJYhyi9Fhe4XAdXXJojeYuQBjNZyRREN+NL/pt7P9zVbv/zygm7qXbBUuw4VVJYCn pE01+fL9QOe+IeApWNuL8w+H63Q+5wMVDrkV4aRm90MVyHMbO9M0Fi1RwP4psH9s6C87ONU3m4D Jcg6VmlGBXiuWxai9j7OKaZ8= X-Google-Smtp-Source: AGHT+IFeUSYk0E737fDPOKoe3A9t1/n2XR9RgHYnkwa/HjCylITq1M4KIbuz+urjK7SUxdWm7TMazA== X-Received: by 2002:a05:6a20:5491:b0:23d:54c1:f1c2 with SMTP id adf61e73a8af0-23d54c1f3b2mr8361920637.23.1753392965894; Thu, 24 Jul 2025 14:36:05 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.36.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:36:05 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/16] mtools: upgrade 4.0.46 -> 4.0.47 Date: Thu, 24 Jul 2025 14:35:30 -0700 Message-ID: <831d873ead2d38af1461a3b12b70d17528d10aba.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220887 From: Richard Purdie Signed-off-by: Richard Purdie (From OE-Core rev: 14ef270cc003646e6ca97ff3405507f2b9e92736) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch | 2 +- .../mtools/mtools/disable-hardcoded-configs.patch | 4 ++-- meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch | 6 +++--- .../mtools/{mtools_4.0.46.bb => mtools_4.0.47.bb} | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.46.bb => mtools_4.0.47.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 1420d84b86..2f3c452420 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,4 +1,4 @@ -From 6654edfb1eee416b58bcb6490658f80071a353c2 Mon Sep 17 00:00:00 2001 +From d8e9cf472f49c8dbb3b0855145974d199a83e8a4 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 19 Sep 2018 11:55:41 -0700 Subject: [PATCH] Undefine UNUSED macros with clang diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 1bed4e7614..1b3c3e003d 100644 --- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 0953b744b0257e26c170fb6d6b4c0f6210e4ae43 Mon Sep 17 00:00:00 2001 +From 4e51cf33fc34e8e82661b9bc3ab13858a2ffe43d Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -11,7 +11,7 @@ Signed-off-by: Ed Bartosh 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 358282b..8ebafb4 100644 +index 436c94b..794f098 100644 --- a/config.c +++ b/config.c @@ -868,14 +868,6 @@ void read_config(void) diff --git a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch index 8c80040f91..fb7ba56eec 100644 --- a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch +++ b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch @@ -1,4 +1,4 @@ -From fd1e84c66852c2c906ee292aad942b4bfbd9e306 Mon Sep 17 00:00:00 2001 +From b517158e8ffc6a665506007b20708d6c2589cec1 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Fri, 8 Jun 2007 08:35:12 +0000 Subject: [PATCH] mtools: imported from OE @@ -39,10 +39,10 @@ index 7b305b0..70c8c74 100644 pdf: mtools.pdf %.pdf: %.texi sysconfdir.texi diff --git a/configure.ac b/configure.ac -index de108a8..0fd9ef0 100644 +index 37f0d00..c93cfb5 100644 --- a/configure.ac +++ b/configure.ac -@@ -33,6 +33,33 @@ AC_CANONICAL_TARGET +@@ -36,6 +36,33 @@ AC_PATH_PROG(INSTALL_INFO, install-info, "") AC_C_CONST AC_C_INLINE diff --git a/meta/recipes-devtools/mtools/mtools_4.0.46.bb b/meta/recipes-devtools/mtools/mtools_4.0.47.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.46.bb rename to meta/recipes-devtools/mtools/mtools_4.0.47.bb index 1173718662..70d6579621 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.46.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.47.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "9aad8dd859f88fb7787924ec47590192d3abf7bad6c840509c854290d6bc16c0" +SRC_URI[sha256sum] = "31aa06078cc3f50591b95e71a909c56dd179d87e9cbdc07bf435e595bd7cc7ff" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Thu Jul 24 21:35:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67445 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A472EC87FCE for ; Thu, 24 Jul 2025 21:36:10 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web11.5261.1753392968128454801 for ; Thu, 24 Jul 2025 14:36:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=CAWtWgK8; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-75bd436d970so995940b3a.3 for ; Thu, 24 Jul 2025 14:36:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392967; x=1753997767; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CQvMXhlZlayx67Y6Dc7k6iygqLMX6C/0XzonRfr9oC4=; b=CAWtWgK8we3Hn1u71Zx2Zu/U9Yk1/KChEnm31sH8qjTHdc4Icb2XTQMcVSdeTAsSZj o/HlcE0zsytdFhqfXBcXjzLW1GqFsGOxePPIhyhOZO3Qh+QDa8OiZbTCBAsF0cktRLE8 /+cm3FFp7bmiBKVnphwpfF+g80NndiAAAMVohOqRoo5IHS85DFq5ubGKWNz6KujUJvRl 21QWlBWrbwCjwhmkz2PBMetKwgNndZlnn6NsWnE+qz8x0PQGSQ10i8+hJMDD7Z2rXbFv HJuhmkoL4l7s0gLgC9RNRqaA7jOKFfqCSQXZOR4VMElV+g+3JH1ixYCJ58Ft0sr86upw O8VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392967; x=1753997767; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CQvMXhlZlayx67Y6Dc7k6iygqLMX6C/0XzonRfr9oC4=; b=FeXhd8hbcWEVF3m3djVtZU3l8vPq8S7PfhAlfXdzXdAqPK5gy/EZJSJ7Ls1yNjVV+q po2087MVqt8HiEeDv4kWQUBu/03El8GKseRA7brr8QRaCVZb/UVRDTrOp6MWkWVvAIIu 5w/za+Hop88+ZtBstSoK8yqqnonmKqlJd69Jcs2NkGIX1u0qDHKdESBD8BFg2f0Bk7Mf v+rBN6r7F8yX2PLK4QZOOwyknzsjzxWbsYc9BN1V9pAidEbOALxMlcCkVlirk73fJwbc juulzvp+mpynpGt4OBoP+aOtOSGeejADoToRTootABdzd+GvZMMjq2l9rGNxTUKCoZQv e/XA== X-Gm-Message-State: AOJu0YypFLUfLxKOsB5swxZ1BZ313U6NZhzD/VFvBNwDkb4orK2zr9Ll x6yE91G7rELsCYgXrKFeuhiBiRM1CveFcgXIAu4bIZgj3lm+vMdiL2lJ+WVUZGyKYQEvUybYORE fRb00 X-Gm-Gg: ASbGncvGioHE7AWJ3yd3Nt71a5RPneu5n2+yv4yI+NjJxMr8xNp9qtWPRy/o2dVlcJP LcsoVfUEf+qQ1bRsTCqNcRnglngKyqMVA6kgaT3hLgTk9eZyRJ9mobeuSecCzJ6Cy2Iy0SY53oP ks+fLModqy+xefQZxiMAlE18O3baN1FTPYpvZ3KvJ6VsXuSD3HRbB1uaxCiN5qeYKoKqelIzG3r iOkmhcnL4ncXsENvpO1BoljNXiGT495fheQ9J1N7GXNq3SlpBXaioI4UUfhlygk/wS6G2VQH/sY rfZKFWBMOI3hjbTolvH+sp0eEGXJiyTHObx1ysSePdWcos/bcW4hMLvglO2jdrbtstMsoW51yos w78wRpY9vy2XQ X-Google-Smtp-Source: AGHT+IGnlbY/cW8imxDcpDPdvisEn8doSjqqf2Nb6fSIZ/N1vspWUB4d/voBr14W6rIu7MRr8fqupw== X-Received: by 2002:a05:6a20:258d:b0:23d:6956:26e1 with SMTP id adf61e73a8af0-23d6956272dmr912640637.46.1753392967276; Thu, 24 Jul 2025 14:36:07 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.36.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:36:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/16] mtools: upgrade 4.0.47 -> 4.0.48 Date: Thu, 24 Jul 2025 14:35:31 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220888 From: Wang Mingyu clang_UNUSED.patch disable-hardcoded-configs.patch refreshed for 4.0.48 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (From OE-Core rev: 1d5aee7e67cd614073a15b47b832375428865260) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch | 6 +++--- .../mtools/mtools/disable-hardcoded-configs.patch | 6 +++--- .../mtools/{mtools_4.0.47.bb => mtools_4.0.48.bb} | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.47.bb => mtools_4.0.48.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 2f3c452420..ddf3706f51 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,4 +1,4 @@ -From d8e9cf472f49c8dbb3b0855145974d199a83e8a4 Mon Sep 17 00:00:00 2001 +From 6914c6e15cd15daf1dae81458e5346958c9d5449 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 19 Sep 2018 11:55:41 -0700 Subject: [PATCH] Undefine UNUSED macros with clang @@ -10,10 +10,10 @@ Signed-off-by: Khem Raj 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysincludes.h b/sysincludes.h -index 6b322ff..48daecd 100644 +index 272b316..49ee5ae 100644 --- a/sysincludes.h +++ b/sysincludes.h -@@ -85,7 +85,7 @@ ac_cv_func_setpgrp_void=yes ../mtools/configure --build=i386-linux-gnu --host=i3 +@@ -98,7 +98,7 @@ ac_cv_func_setpgrp_void=yes ../mtools/configure --build=i386-linux-gnu --host=i3 #if defined __GNUC__ && defined __STDC__ /* gcc -traditional doesn't have PACKED, UNUSED and NORETURN */ # define PACKED __attribute__ ((packed)) diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 1b3c3e003d..63992ac547 100644 --- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 4e51cf33fc34e8e82661b9bc3ab13858a2ffe43d Mon Sep 17 00:00:00 2001 +From 16969d42ec6514883bcee87cc89b3e7864481d7e Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -11,10 +11,10 @@ Signed-off-by: Ed Bartosh 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 436c94b..794f098 100644 +index 2433457..3972150 100644 --- a/config.c +++ b/config.c -@@ -868,14 +868,6 @@ void read_config(void) +@@ -849,14 +849,6 @@ void read_config(void) memcpy(devices, const_devices, nr_const_devices*sizeof(struct device)); diff --git a/meta/recipes-devtools/mtools/mtools_4.0.47.bb b/meta/recipes-devtools/mtools/mtools_4.0.48.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.47.bb rename to meta/recipes-devtools/mtools/mtools_4.0.48.bb index 70d6579621..646735f3b3 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.47.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.48.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "31aa06078cc3f50591b95e71a909c56dd179d87e9cbdc07bf435e595bd7cc7ff" +SRC_URI[sha256sum] = "03c29aac8735dd7154a989fbc29eaf2b506121ae1c3a35cd0bf2a02e94d271a9" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Thu Jul 24 21:35:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67446 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A486DC87FD1 for ; Thu, 24 Jul 2025 21:36:10 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web11.5262.1753392969802393448 for ; Thu, 24 Jul 2025 14:36:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cndjcP31; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-7426c44e014so1297434b3a.3 for ; Thu, 24 Jul 2025 14:36:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753392969; x=1753997769; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+EUzBbuX5jJiyLwh16AZ5V0k/dCAbCosKGG4CIDqINk=; b=cndjcP31+WUTEqVD9Xl37LAcfYLIDgbmYUgWvgpiGt4k6SFHRJbd5JBry5Esbh/hvr M3uP/4+SZ59f/Qp6+KKDkqCfV93WuuN/LsHTZpEhKE1Mtq3Pq5zhb0UsRF0dOKO6OvSO raEj0LOyrS0qv9/S24pAB+RpLUcKz5JO16oTufiYtUVkXGOKA+FzQkcJrtxeJQAGUCx2 /P/UvU2nv7i3LHror+xC5wPJMnEkwaFoPZIRa7s5z5R9CM5Y0M1umXj2vuHSHCahaUVd x/HE08Jxi5CeRDVHli8Ro64r+pVi8RytwG5X0k0S6VK3GWF3TTmktdcprF9jf0ISZvPB d2LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753392969; x=1753997769; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+EUzBbuX5jJiyLwh16AZ5V0k/dCAbCosKGG4CIDqINk=; b=INeAmQD4Y0QHY6Jo8E//PMZiLA3IpXnfmiccZzt1ef0FmRXkXAPIO4uBSFNPqZ3C8N r1e8mwtV9FhqAT/wfv5RFOgWi1qjkb6E6QOnPhxe0h0COAHfDf19aaWISRkT7+lfVbE1 35wy+K6rEZTuFENHDpITXrkW4+ZxWPDjM9nH4xEmnrwjq6rb8NVgzMAosgEva4ObuO83 SDZbLwcB2WiQFMJeEJJLUaWJftFU39z8mKQ2x/x+Bej2VKlRuZvOA1CAJQ8w+PBPwrmg Htdb0HybXuxzQKfNRXtyX+2mv5mWF72tQfDKvfyya63RZ35aLsOJM69by+XThqBa813k jHRw== X-Gm-Message-State: AOJu0YypNTjU2kq0ZLnHwjPPSvWVje7P1rop//T+CCulE5+yrwPvKkv+ QUrohVVpTKtUjXyf4epsIBjD0JNCOsJq3XlkvP4k+B7L/fB35EZWrKJ+ODDOx8m/sQPgsGU1jVo gcyyx X-Gm-Gg: ASbGncuKdDP/KV6C+SBlTxi13UCpJIiiJKkkE2+rYsgEUUfyWZR3rsyepNDOkgxvPq8 PjT37k6RxpyAMQaQy4pIUqtwR/FiDpejtivNxHE+XBd38nWg49UMCEJVVavUEIvQdCxjdUFBBzd q10IKMqj0kmucKALxQNjmfULtIhJX8iMGQH6kwDR827jN5OQgkF17QMaovZzE1ncjjBx/yNcOFo Q4tR/e7JVx9UfdqoDebQCIbGlwgzTP7a1erlUgwWXisO972ojnaqotN0lGgIYy28M9NF3oSBtyF boc5a2jdZXHsImCmXwKLrNgbKIwmfrLvNK4XEK6nUpbyCU5h2Nj0q7Z3E9gRq9WUaEvFS683PBc FkzBgPaYYQbaf X-Google-Smtp-Source: AGHT+IEh7YGKKnBKG6sXcDDJwFzzNPgM7rKkkJY9jJIneK4t0zK0oYbzJoVMKPCClxsiFvVqkBf6og== X-Received: by 2002:a05:6a00:3a09:b0:746:2ae9:fc42 with SMTP id d2e1a72fcca58-76035df1466mr12605736b3a.19.1753392969020; Thu, 24 Jul 2025 14:36:09 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:e2fc:f94:bcdc:cb9e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-761ae158129sm2253735b3a.32.2025.07.24.14.36.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 14:36:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 16/16] mtools: upgrade 4.0.48 -> 4.0.49 Date: Thu, 24 Jul 2025 14:35:32 -0700 Message-ID: <55bf577848f4dfdd9a5daed77f800332cb2b07e1.1753392770.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 24 Jul 2025 21:36:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220889 From: Jinfeng Wang New version includes check for overlong file names, see [1]. [1] https://lists.gnu.org/archive/html/info-mtools/2025-06/msg00005.html Signed-off-by: Jinfeng Wang Signed-off-by: Antonin Godard (From OE-Core rev: 044c2bceefcc12262cb2421e8f1da5f6c2ed9f72) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/{mtools_4.0.48.bb => mtools_4.0.49.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/mtools/{mtools_4.0.48.bb => mtools_4.0.49.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools_4.0.48.bb b/meta/recipes-devtools/mtools/mtools_4.0.49.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.48.bb rename to meta/recipes-devtools/mtools/mtools_4.0.49.bb index 646735f3b3..294b2f37b2 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.48.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.49.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "03c29aac8735dd7154a989fbc29eaf2b506121ae1c3a35cd0bf2a02e94d271a9" +SRC_URI[sha256sum] = "6fe5193583d6e7c59da75e63d7234f76c0b07caf33b103894f46f66a871ffc9f" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \