From patchwork Fri Jul 25 18:44:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67472 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18252C87FCF for ; Fri, 25 Jul 2025 18:44:47 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.26631.1753469079733909863 for ; Fri, 25 Jul 2025 11:44:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Q3EW2Vig; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-2350fc2591dso30409025ad.1 for ; Fri, 25 Jul 2025 11:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469079; x=1754073879; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jBuXIFvxg9nHrdiUgj/KZLU23sMXCEWoE2967Dib7Ug=; b=Q3EW2VigVErpECQhw2xf050B04SPBUuHzAWZeqMGpKW9z+htHFjWctTNq2JYcGVfZR MN9+zGuGMsmefNt8hODbjuSn/uLl8C29vw3RT39tsHhLBIxgi6SKkE+qrlPUSk9dmFfN /wBNPTK6/mLJ8Zwj72i2EZ+ibY9TDgtgjdOs1eqIQa5m9zIKdTfdXV+i0ZXbu14HxF9G REiDLK60YgX/aO9QBJ0MwaHZwGxr+DVxKB2iXvJ+yayUsdTpEdMEqRkfcmkHOR9QW9J1 sUXMLRRD6SBfQKP7N7ypATzE89YHpPl5Bq/mbzaCik599Y1uX5taVKs1UN31uFeUYVUS egHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469079; x=1754073879; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jBuXIFvxg9nHrdiUgj/KZLU23sMXCEWoE2967Dib7Ug=; b=RdosyW2E+SlgB8pUMT2KR/gQvXmTg+EzQPpd9Mltbltz1X61/6wTTJXWp3XncHPTKs okcZou4CNfBtEhxoZFHuzP33WJm6YsTXkwVHvAHk7kSqvOJkH2CmI9dIjm/KQpirxFyD ypDRMeakHCXG7LpGm0lAZ3NGZBneDrJmlr0WqgwZwD7ocYJXCAy+MtUQ4RTcRw5k1Fny BJiPDCJH+IVUuCkcakTgbj20teUxCEj5CqVmYCBZ9fzxwgr0ehKfSbd9lgYjLAd6a9Jk FAGjBJTaVxgKqqSQhTQlWj6W2xmS2G53D7fIURdhN8o2FY8Z5AIbrN93BLEa5lH1I8iC HNcg== X-Gm-Message-State: AOJu0YyfMPweljb7o5kXul6XswrTpzws2R/+u69aEMEE7GDy4+a9tfxT kKQdkeNpcqsRwoTD7I0mjG/YqgwhXgX05agk1pf2YMEUgqcjGqSf38Z+5qMyS5iwBbxeQ+jn6Va VuKO1 X-Gm-Gg: ASbGncslu10MKpf5SaXJarQZKfv+7R27/w4DVJhfeTVmVMxZchCiF1KGu1aTdV0flnD giF0Iud9Lwi3enEs4ppSeB7MasLYN0+/9eb/KrceqdohJlzDkfkAmdW+6gdOXICA7WmRDlEEL1/ BpYLRiUmFui/JGLsxUY2b1BiZ8fMXhw9j7xhuMBTU53T34a5ZZAnNHI+h0Eo2tjZwiukMwouSFL WawtZ0mvmN5cuIpZkpDKqzkGI1RqDqWIHeEM+1G6mVVS64QYo22eECfnIuUscD83lx0N+xGbr1J c48U0S3yYIUeNFdHT46WpKtEdH42kTI3cNhoyBuPX+9e1ssHzAzSQcIfm1DPvWZI/x3k8MkrYO6 94XDKwsLCBTEpTQ== X-Google-Smtp-Source: AGHT+IF3YSxK98cWV11Ed0o3kyDinF9a103YX5mE/lqWDkW55DvjPoIa6BkNpWWd3xTQ9ex6AeIqjw== X-Received: by 2002:a17:903:15c8:b0:235:e1d6:2ac0 with SMTP id d9443c01a7336-23fa5dc6ec9mr102197115ad.24.1753469078849; Fri, 25 Jul 2025 11:44:38 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:38 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 01/16] libxml2: fix CVE-2025-49795 Date: Fri, 25 Jul 2025 11:44:15 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220917 From: Roland Kovacs A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Signed-off-by: Roland Kovacs Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2025-49795.patch | 92 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 + 2 files changed, 93 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch new file mode 100644 index 0000000000..2e21a99b45 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch @@ -0,0 +1,92 @@ +From 19e0a3ed092085a4d6689397d4f08cf5d86267af Mon Sep 17 00:00:00 2001 +From: Michael Mann +Date: Sat, 21 Jun 2025 12:11:30 -0400 +Subject: [PATCH] Schematron: Fix null pointer dereference leading to DoS + +(CVE-2025-49795) + +Fixes #932 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667] +CVE: CVE-2025-49795 + +(cherry picked from commit c24909ba2601848825b49a60f988222da3019667) +Signed-off-by: Roland Kovacs +--- + result/schematron/zvon16_0 | 6 ++++++ + result/schematron/zvon16_0.err | 5 +++++ + schematron.c | 5 +++++ + test/schematron/zvon16.sct | 7 +++++++ + test/schematron/zvon16_0.xml | 5 +++++ + 5 files changed, 28 insertions(+) + create mode 100644 result/schematron/zvon16_0 + create mode 100644 result/schematron/zvon16_0.err + create mode 100644 test/schematron/zvon16.sct + create mode 100644 test/schematron/zvon16_0.xml + +diff --git a/result/schematron/zvon16_0 b/result/schematron/zvon16_0 +new file mode 100644 +index 00000000..768cf6f5 +--- /dev/null ++++ b/result/schematron/zvon16_0 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ Test Author ++ ++ +diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err +new file mode 100644 +index 00000000..a4fab4c8 +--- /dev/null ++++ b/result/schematron/zvon16_0.err +@@ -0,0 +1,5 @@ ++Pattern: TestPattern ++xmlXPathCompOpEval: function falae not found ++XPath error : Unregistered function ++/library/book line 2: Book ++./test/schematron/zvon16_0.xml fails to validate +diff --git a/schematron.c b/schematron.c +index a8259201..86c63e64 100644 +--- a/schematron.c ++++ b/schematron.c +@@ -1481,6 +1481,11 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt, + select = xmlGetNoNsProp(child, BAD_CAST "select"); + comp = xmlXPathCtxtCompile(ctxt->xctxt, select); + eval = xmlXPathCompiledEval(comp, ctxt->xctxt); ++ if (eval == NULL) { ++ xmlXPathFreeCompExpr(comp); ++ xmlFree(select); ++ return ret; ++ } + + switch (eval->type) { + case XPATH_NODESET: { +diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct +new file mode 100644 +index 00000000..f03848aa +--- /dev/null ++++ b/test/schematron/zvon16.sct +@@ -0,0 +1,7 @@ ++ ++ ++ ++ Book test ++ ++ ++ +diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml +new file mode 100644 +index 00000000..551e2d65 +--- /dev/null ++++ b/test/schematron/zvon16_0.xml +@@ -0,0 +1,5 @@ ++ ++ ++ Test Author ++ ++ +-- +2.34.1 + diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 488ace62e5..c289de6f73 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb @@ -22,6 +22,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://CVE-2025-32415.patch \ file://CVE-2025-6021.patch \ file://CVE-2025-49794-CVE-2025-49796.patch \ + file://CVE-2025-49795.patch \ " SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995" From patchwork Fri Jul 25 18:44:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67475 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2179CC87FCA for ; Fri, 25 Jul 2025 18:44:47 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web11.26735.1753469081305708909 for ; Fri, 25 Jul 2025 11:44:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=EUDRTIME; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-234b9dfb842so22456935ad.1 for ; Fri, 25 Jul 2025 11:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469080; x=1754073880; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JEdhDyCEzwkYtCrlPMFujykdyfexG7Fc6uPHi2MwqIo=; b=EUDRTIMEKrYbXkpz2YG4gw5QG9Gjc38u4880La+OS0t+W6R8aqfXJTQaj9v0YGFL4L G0/Y5ZrRf8HGjR5BXbvGkCNxJS56XU3WvcTLbAWgVBMVSa0xlX2H1PwOU5ukuqC9d7Q0 f3YBtHXKBbhx30wNUWKb6KUeyH33hlTBp64em7P0fjabQ/vTa3F7N38ZHld0kvlLMspd B1/wnei9+o3upjmIIONitgr1rm3YP97SpwMak/PPxrC0SrWsqmyckwtyGaShElbvmLWj kpIhzCHOkLILj5JWcQ93Pdb8uHpPMFXzRbCzEYv4exQtHDUHhGesSgsUr/6miQf85CLu 2VTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469080; x=1754073880; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JEdhDyCEzwkYtCrlPMFujykdyfexG7Fc6uPHi2MwqIo=; b=itiNAdxPQKA+GvX9iIvmZ1fU/w8VH2DBDSoRzUdKJNvI6tRWUz19yf/allHP2vyfFb o/XLjEBE6Nz7i+5RKzJHnsnpGR6zvZKXPh3UZZJV4mgUq1/1Upj8jQtwFb++5S/lQnpB eDdgC4Zacm7RrEHt94X+hPW4gpcP0pN0sNMUE3HHI32/yBD3u+bOZ7MVGoU1r2oq4RGj pv6hVCK6/c2bw2tVSCzcsBxHmPGidBxrj4DMIs0FIWWQY4fe+JWk9JsMP2C540DNfPYs Q/crNFWym1Z19XsmRxTPuh4jxxOlWP9OrB2eE4UnIRLS12VAESpF2OTSMBf/bc6EOeQD hCZg== X-Gm-Message-State: AOJu0YyPK/d/9DDj0DY/uJMkAwNiTIcvvcvW7pYifRkSUGW47ncQn3z3 UgEUsF8XgskQc7gMbsvwRzAgtVb5l758wyHeh4MQdcQr+PDpnmSbcZyQXR8RWz240N9pJQZIKh8 uqoU5 X-Gm-Gg: ASbGncs9ujKaMnNPOW4PkEXRnRRIA1HaN3k9Cy9K6W8Ac8Xjq7ZhVY3TzYE5woCvDml vtzP52L5P+vSuqXW90TXEXgyCUUxeXpVMrQuLSfLudq3H1ObAiHWFIqTmAL4UJq/UXmoCRKsGQu Vouc3tpK63rb/Mc7QyO2vjfGwCkb6vDK/IiqV09rDnUe97QS9fJQiWCtgVfmZpY5jfdhwR0Vyo1 bdQ7vcCR/weiECU/n7ne9n6+jnpEO9bjsZmbCdetDmSPLaNxwbBRZTQk4IN7y4nwC434aDjpA5/ pEYs1qoL4eIwGFdn2YyyiXBCAwDHnsebj7fqD4jmva9Nk6ZfoOY2pfniMyVbuVXtQTc0cSw5jKZ 822BbyBVVkYQ8tw== X-Google-Smtp-Source: AGHT+IE/PpHohKGi39Ssr7V/yXqlNJS7+Y0sCIm+B27kfkX6GOsV8HQa0ktiySRliGKvAuJq5GDeJA== X-Received: by 2002:a17:902:ccce:b0:234:c5c1:9b63 with SMTP id d9443c01a7336-23fb30ab826mr41461625ad.18.1753469080507; Fri, 25 Jul 2025 11:44:40 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 02/16] binutils: Fix CVE-2025-7546 Date: Fri, 25 Jul 2025 11:44:16 -0700 Message-ID: <3a54f11b9462905e103e13161a77ef681f14dc92.1753468892.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220918 From: Yash Shinde Report corrupted group section instead of trying to recover. CVE: CVE-2025-7546 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b] PR 33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0023-CVE-2025-7546.patch | 58 +++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 9471e6accd..a3ad655dbe 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -53,5 +53,6 @@ SRC_URI = "\ file://CVE-2025-1179.patch \ file://0022-CVE-2025-5245.patch \ file://0022-CVE-2025-5244.patch \ + file://0023-CVE-2025-7546.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch new file mode 100644 index 0000000000..23c38091a2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7546.patch @@ -0,0 +1,58 @@ +From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:52:00 +0800 +Subject: [PATCH] elf: Report corrupted group section + +Report corrupted group section instead of trying to recover. + + PR binutils/33050 + * elf.c (bfd_elf_set_group_contents): Report corrupted group + section. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b] +CVE: CVE-2025-7546 + +Signed-off-by: H.J. Lu +Signed-off-by: Yash Shinde +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index 14ce15c7254..ee894eb05f2 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) + break; + } + +- /* We should always get here with loc == sec->contents + 4, but it is +- possible to craft bogus SHT_GROUP sections that will cause segfaults +- in objcopy without checking loc here and in the loop above. */ +- if (loc == sec->contents) +- BFD_ASSERT (0); +- else ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ ++ loc -= 4; ++ if (loc != sec->contents) + { +- loc -= 4; +- if (loc != sec->contents) +- { +- BFD_ASSERT (0); +- memset (sec->contents + 4, 0, loc - sec->contents); +- loc = sec->contents; +- } ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = true; ++ return; + } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); +-- +2.43.5 + From patchwork Fri Jul 25 18:44:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67474 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AF17C87FD2 for ; Fri, 25 Jul 2025 18:44:47 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web10.26637.1753469082969256436 for ; Fri, 25 Jul 2025 11:44:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=f4zArm4A; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-b3bcb168fd5so2392572a12.3 for ; Fri, 25 Jul 2025 11:44:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469082; x=1754073882; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7m5wsfoBhApr3F1QDW3hUj+XHNdMwWHBucmZMerAAXM=; b=f4zArm4Az+/keDGgTpxNQ6xjs9TXQl9G5/yZBdzpG8bJaW/2wslmR1sLFWSlOAcimx F2NthiExXTQNNfqWzrw8EyweI3/X0kypbwZZhBN3IIs67Pkf6lK5GQ7qlAlN8WXuXMw6 T+qK9MiZ0HzxJ6Mtk278ttO47bXY/kOl21OFwmp+qDV7nAaLURUnNHkAFcrNeSHwYyvJ wx1PK+nIuc6q0wFJcZm76dN7T83FyDjnhCF8Qy5d0SD4UDRF5mLsUp6EBPKaVQut9CyR Rhp9JpmPa045FnvMdqGFWH+i12Epwto7ZTv8VkUPi6Hq2TjWPd4lUKyoWdbn/GK2X24N nG1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469082; x=1754073882; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7m5wsfoBhApr3F1QDW3hUj+XHNdMwWHBucmZMerAAXM=; b=qcKy3rFyZb9Pec/qw3LeoQnEuDaZoH1rbrOyAxWqSg2EvMLgE7O5DOOXHleyE5QBjG t9V3yW/zJnBVM6QM+HlvJVxFTDKUYYsYR+XCxErHtJFoPcr1ihlXpz150P8Z4KuoRYG9 ndil2K4AgbQw+j3vyNa7u6GQp7tA+UhewNtPw+75RIJ1Cd4tXuaQ6YR4KcmCPdmfSYqQ QIU7ufba4Go/WoSSxAaRx5MCO8+43gi3MLcGn+rYr7gBDaTcQkypcZcHrlSUILjdvvyQ aETSKYdns8elteYgyUV58kniEmR/afVgl+XfCtMVQBTItz9tfi8r4s+lbe2ucIuU6Am8 6F4Q== X-Gm-Message-State: AOJu0YxZ/N6dXmbj+IHqePpnDpC7RgKhdTFi4ycucbSSKKYnRNFWaGFo CVoeMrvAF2yYvZaTX1AIAEcCNzWXO1ilD9DJGsoYH4C3SiooonYrDXLs8RoTPaj3z1PaKLV9fFZ C1Ftr X-Gm-Gg: ASbGncvoOYZY9kD5bS6IKwopNkzIpvzmfOT/lYf6Xtu5nT+TLZTiRDl/vr5nKB1Ei/4 oC4gJxMIKoTHIViQdGfZP3cK+glWVVjRDWIn8n71VdWaKmP5o9/y5NFc6RYh8jrvQjF1M1l1tEP 0vRnLXv63SmbBIxEzjUaj1zPR/E4GHJV1hDos0qEDzK0sHTGwHw7OArmbJtDObGrFzEXLv5VLSl LVSq+Qi9bMEQmX8V5OnCaQKrZXrIrNYB+JHIVhilYp1gJG5UB3tivsH5nKk3oyG+8YhaRYzy2EE 2qLFccGmNjqkd/mlO5hkE2vG6Hrjq48hc6THnytjb/Vlfm6JO/EJYp/txYhmsxRCLtPZWjc0DNM LJNFJeFWD6r89pQ== X-Google-Smtp-Source: AGHT+IFuWjaiJ1wliHD+uIGYp6Z5t2bP2ZyRPqlaRkme/9mFYCIXT9E4eg+8y8TY2KR98X5NR6Rb1w== X-Received: by 2002:a17:903:1446:b0:234:d7b2:2ab9 with SMTP id d9443c01a7336-23fb306bcbfmr52826675ad.12.1753469082089; Fri, 25 Jul 2025 11:44:42 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:41 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 03/16] binutils: Fix CVE-2025-7545 Date: Fri, 25 Jul 2025 11:44:17 -0700 Message-ID: <128e40c39d8eafdd32fea71b902b38801afec202.1753468892.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220919 From: Deepesh Varatharajan objcopy: Don't extend the output section size Since the output section contents are copied from the input, don't extend the output section size beyond the input section size. Backport a patch from upstream to fix CVE-2025-7545 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0023-CVE-2025-7545.patch | 39 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index a3ad655dbe..fb34ea9763 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -54,5 +54,6 @@ SRC_URI = "\ file://0022-CVE-2025-5245.patch \ file://0022-CVE-2025-5244.patch \ file://0023-CVE-2025-7546.patch \ + file://0023-CVE-2025-7545.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch new file mode 100644 index 0000000000..de132f74fc --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2025-7545.patch @@ -0,0 +1,39 @@ +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:36:56 +0800 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] +CVE: CVE-2025-7545 + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: Deepesh Varatharajan + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index a85d2620..18cd1bfd 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4547,6 +4547,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4566,6 +4567,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; From patchwork Fri Jul 25 18:44:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67476 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 225BEC87FD1 for ; Fri, 25 Jul 2025 18:44:47 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.26638.1753469084521907433 for ; Fri, 25 Jul 2025 11:44:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fTUtrP8l; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-234b9dfb842so22457285ad.1 for ; Fri, 25 Jul 2025 11:44:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469084; x=1754073884; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0/X4H1xGyV9CThq9C3i6aVwRdt+1/QHoZDnU52k1v6w=; b=fTUtrP8l5Ry8V5yZgl7q8pFtklRBOY13YxI+5w3pNlOW1oSEEXbqv3POx9mOkvmdxS CVidUKC//SlUjAvjVAQPCMOjveolXs5lKXaBsyaqAnT8toNJHel2zwoLNU9d0g9gjZXo pJVk/e7hVHwJbCeaNzLPU4sOLyUsvERWDp33cv3LFqKpftLq4E7fySjHkGV2dbORACHN Y0S4VZ2nPm6+vNRb4/3jMswnnQMq81PcTYEkDUcQs3eAnG94C7h0wDnQBW2TfF9DssLr NESFA8cozs3dEhIYjY7xPsuOWlLt8Qk2oBy9zGmidvReFUXqiHDbzJnth4y2yo8uLQJE Pbjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469084; x=1754073884; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0/X4H1xGyV9CThq9C3i6aVwRdt+1/QHoZDnU52k1v6w=; b=cL/Gegnr70GOvja2qqi7OXmV/QjQLHd0nt/fufAo5FrljqO2p7XBidl9El1+9NqT8h T970phG1c1V4GGkKm4hhk01GJBc/HPyPIySXow1PLA1zeiypQLPN4JBVnRFSD/x8c3GT ENNjC2dXumlTCcKagg5IYt/t/Ot2e9umZ2IHo9XRcUkrmgHEwrxShnN2F/4c2jbpinkm QqylvvCAMykf59dl7cR6uipu9VPDU5mp2/BPX18avE1F4epYUZ6nVNx4GzSykCnkKCNi T9pBifB2Ii1YdB5Mt2bN8qlzlnAAl0UghNyKEcWKxnHgyzGET/IOtqVDVB36/HKv5UtG dtxQ== X-Gm-Message-State: AOJu0YxiW6gwQ32pNTAQ9Bj0gWswqIbKGvBQ3d8ojinIYa4A7GUNAcin V0cwRaEoZEKHLcX2teqq15rYtZVizNe8GEDeBZ+UDWQ+9kBG6oU2HKvmG4pSP6dySSCse/IZSsq /Lk2L X-Gm-Gg: ASbGnctFwt8BP/kg/0LvNJy1w7c+2/SPWUS79EkMJzVdCuhIKvyqz1ddcaJne1WDXec VOnkEvnLTBCblCANqhNrEVS4Fwz7na1h5b1KFA2UPEA6ie7dcuQ8qH+a7E9P6/r0KoZmmjsF4Ya MlAlOUy7ycFa8j+UlRb0+g7yaKPzXU5yFWNRJuKETh5ZirvhPmP7AC5nmlCCMtI6tJTQB3N6NDC u4V298tehj4dupifgTFkpEzIJWPm9AKbpEuNMwyzwWTgE1rWuNcXslxZEtNjrD1ud2Eg/Mctc0M UbsnhpnxiSW6YlA458SGfnIJNA+4aD/rD03F0MqBMLbwCLYJL4dY4mcEmrfiHqCwBw2nOamLhK0 hZLaVOaRhlHYu2w== X-Google-Smtp-Source: AGHT+IHTRI0FLLfNSC6bm2JdmcrBA8N7wKB8NLRh/bVVKWoGOIkLHUb6BmxjeiUQ/mP7vTfH1kBWuQ== X-Received: by 2002:a17:902:db02:b0:234:966c:a2f3 with SMTP id d9443c01a7336-23fb315a9demr45226975ad.27.1753469083556; Fri, 25 Jul 2025 11:44:43 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:43 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 04/16] sqlite3: fix CVE-2025-6965 Date: Fri, 25 Jul 2025 11:44:18 -0700 Message-ID: <52499a5ea3b4ba145914aca873844ab718953289.1753468892.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220920 From: Roland Kovacs There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. Signed-off-by: Roland Kovacs Signed-off-by: Steve Sakoman --- .../sqlite/sqlite3/CVE-2025-6965.patch | 112 ++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.45.3.bb | 1 + 2 files changed, 113 insertions(+) create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch new file mode 100644 index 0000000000..233d8697ec --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2025-6965.patch @@ -0,0 +1,112 @@ +From a91c0d55011d06858726d4783fd16ed8ec71e793 Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Fri, 27 Jun 2025 19:02:21 +0000 +Subject: [PATCH] Raise an error right away if the number of aggregate terms in + a query exceeds the maximum number of columns. + +FossilOrigin-Name: 5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 + +CVE: CVE-2025-6965 +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/c52e9d97d485a3eb168e3f8f3674a7bc4b419703] +Signed-off-by: Roland Kovacs +--- + sqlite3.c | 30 ++++++++++++++++++++++++++---- + 1 file changed, 26 insertions(+), 4 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 1ee8de4a85..5c7c126076 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -15000,6 +15000,14 @@ typedef INT16_TYPE LogEst; + #define LARGEST_UINT64 (0xffffffff|(((u64)0xffffffff)<<32)) + #define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64) + ++/* ++** Macro SMXV(n) return the maximum value that can be held in variable n, ++** assuming n is a signed integer type. UMXV(n) is similar for unsigned ++** integer types. ++*/ ++#define SMXV(n) ((((i64)1)<<(sizeof(n)*8-1))-1) ++#define UMXV(n) ((((i64)1)<<(sizeof(n)*8))-1) ++ + /* + ** Round up a number to the next larger multiple of 8. This is used + ** to force 8-byte alignment on 64-bit architectures. +@@ -18785,7 +18793,7 @@ struct AggInfo { + ** from source tables rather than from accumulators */ + u8 useSortingIdx; /* In direct mode, reference the sorting index rather + ** than the source table */ +- u16 nSortingColumn; /* Number of columns in the sorting index */ ++ u32 nSortingColumn; /* Number of columns in the sorting index */ + int sortingIdx; /* Cursor number of the sorting index */ + int sortingIdxPTab; /* Cursor number of pseudo-table */ + int iFirstReg; /* First register in range for aCol[] and aFunc[] */ +@@ -18794,8 +18802,8 @@ struct AggInfo { + Table *pTab; /* Source table */ + Expr *pCExpr; /* The original expression */ + int iTable; /* Cursor number of the source table */ +- i16 iColumn; /* Column number within the source table */ +- i16 iSorterColumn; /* Column number in the sorting index */ ++ int iColumn; /* Column number within the source table */ ++ int iSorterColumn; /* Column number in the sorting index */ + } *aCol; + int nColumn; /* Number of used entries in aCol[] */ + int nAccumulator; /* Number of columns that show through to the output. +@@ -115162,7 +115170,9 @@ static void findOrCreateAggInfoColumn( + ){ + struct AggInfo_col *pCol; + int k; ++ int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN]; + ++ assert( mxTerm <= SMXV(i16) ); + assert( pAggInfo->iFirstReg==0 ); + pCol = pAggInfo->aCol; + for(k=0; knColumn; k++, pCol++){ +@@ -115180,6 +115190,10 @@ static void findOrCreateAggInfoColumn( + assert( pParse->db->mallocFailed ); + return; + } ++ if( k>mxTerm ){ ++ sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm); ++ k = mxTerm; ++ } + pCol = &pAggInfo->aCol[k]; + assert( ExprUseYTab(pExpr) ); + pCol->pTab = pExpr->y.pTab; +@@ -115213,6 +115227,7 @@ fix_up_expr: + if( pExpr->op==TK_COLUMN ){ + pExpr->op = TK_AGG_COLUMN; + } ++ assert( k <= SMXV(pExpr->iAgg) ); + pExpr->iAgg = (i16)k; + } + +@@ -115297,13 +115312,19 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + ** function that is already in the pAggInfo structure + */ + struct AggInfo_func *pItem = pAggInfo->aFunc; ++ int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN]; ++ assert( mxTerm <= SMXV(i16) ); + for(i=0; inFunc; i++, pItem++){ + if( NEVER(pItem->pFExpr==pExpr) ) break; + if( sqlite3ExprCompare(0, pItem->pFExpr, pExpr, -1)==0 ){ + break; + } + } +- if( i>=pAggInfo->nFunc ){ ++ if( i>mxTerm ){ ++ sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm); ++ i = mxTerm; ++ assert( inFunc ); ++ }else if( i>=pAggInfo->nFunc ){ + /* pExpr is original. Make a new entry in pAggInfo->aFunc[] + */ + u8 enc = ENC(pParse->db); +@@ -115357,6 +115378,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + */ + assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) ); + ExprSetVVAProperty(pExpr, EP_NoReduce); ++ assert( i <= SMXV(pExpr->iAgg) ); + pExpr->iAgg = (i16)i; + pExpr->pAggInfo = pAggInfo; + return WRC_Prune; diff --git a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb index d39cb3805b..60a8f1449b 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2025-3277.patch \ file://CVE-2025-29088.patch \ + file://CVE-2025-6965.patch \ " SRC_URI[sha256sum] = "b2809ca53124c19c60f42bf627736eae011afdcc205bb48270a5ee9a38191531" From patchwork Fri Jul 25 18:44:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67477 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38E86C87FD3 for ; Fri, 25 Jul 2025 18:44:47 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.26741.1753469085791934976 for ; Fri, 25 Jul 2025 11:44:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=lvhAZohU; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-b3bcb168fd5so2392605a12.3 for ; Fri, 25 Jul 2025 11:44:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469085; x=1754073885; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YaVCZw7rVH9WBQNClAI9WhIhDm7oaqb72sS5HDzbtkU=; b=lvhAZohU1p0xia0LcGYvQbfv223FMC7Y8nFhdehzMPm0+TJ2/REBeSDFFJkfpwpBPS KPjgF4gBTrxKD+UHBiIhdiE9R7mEpid+eR4yNqqMx1EB9rCOWI3cAIRujEdQS7fASjO4 SD8XlioYNKQuEdtr8y/ZR0wZdFO00XnGbOO3PtGG60qyA4iIXfzxVpMDQe/NupA4kViz MpkzaXER0vBoWi+PEF+p2A8dxCJn7St/6Xjv+Yz5FDexj9Fc8PinFQkyD7u1EDjbcxOX bMlCaK8ZsXU5a1d8tjJIwGC1tzZDaFyHxE2908bMt/HzDyuEee7PQyEalht2ph4kzNbT zrYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469085; x=1754073885; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YaVCZw7rVH9WBQNClAI9WhIhDm7oaqb72sS5HDzbtkU=; b=ptKpGZ2nvag3YEN+d1hMVa0ZqoiG6DbROHlrMqHXzh+tz3gd0EU7Ngs+83p4lQ+EtP 5e6oUaTS78imQwPZglmCsjzjZ8K7hjjdQjp/+HVwt6wwQQ8roQXiTldr3zhc2ZMc66zM i5oUdwwWJ7O/4vukmB+xgK9K3eSBv73Bl7B2Ub+G1X4ZsS86U34jD+jqLlG1fN7p2msy EdaBK1QTStXtslSC+XVUtPSHTkZsGwmpKfzXalyzOZ+hsle5bmjyalNDfWojdmNrzB+I y63JkGZVmL2rYSyTly1gisW8bWedBdwERSwqP8zSzuAfcx2JD88scEOrfGZbHHfUbB7F VUtA== X-Gm-Message-State: AOJu0YyBNuyekn02QEYHoIEGAKiwhHySQUCJxDSWtvnhF0+2tE9ykuVB c5ApqRp2b5wpWugAPa3AmFizJxhL4Ndh6UKfD7hnEkL2sJdR0lRTReMsSFm3pOuUloM9j4ZkMJU jZONr X-Gm-Gg: ASbGnctqs8DwXhrrX8f2MS33PlEJqoI4DU7sI7ofns7BaKntUWiwgYivXGlO00f5pkm 5rmPT08ymXwbZDuEJK3Uf+R5RytZ5M3v3GQv6COsGtYVZXYWuCGw57xtajSmb3ixPoDln2ai4KB oTO0zBd0/zZlFnffHhALsKYUiLaSymf1tjk8t6n4r1YfkNTGO/OiF3biYlI8qvhiXRdrRkIyESt R9gO45qRSrFhH33ONAjGRTDVcaRKXlaYV1hE/TTmeSCuwj49cxhUtXDaXGWHJA8/Vd2/YupB35t x6vNvZFuHcDQpMuEfp4SqnPL//5voyGxVFI5DPRxs5dv8fbeHesAJhoWxIzpYnRyw+KWMnNKW10 t5m8QbnsVdS4hdQ== X-Google-Smtp-Source: AGHT+IGV5jdqK8elObk9rJWyH28MWQmd6y/LksnbcYZMhPFNYlxuRTEPCJG4asPIV5fqPgUamT+MsQ== X-Received: by 2002:a17:902:da8d:b0:234:d10d:9f9f with SMTP id d9443c01a7336-23fb315da00mr40449275ad.40.1753469084972; Fri, 25 Jul 2025 11:44:44 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:44 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 05/16] orc: set CVE_PRODUCT Date: Fri, 25 Jul 2025 11:44:19 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220921 From: Peter Marko There are new CVEs reported for this recipe which are not for this componene, but for a component with same name from apache. sqlite> select vendor, product, id, count(*) from products where product like 'orc' group by vendor, product, id; apache|orc|CVE-2018-8015|1 apache|orc|CVE-2025-47436|4 gstreamer|orc|CVE-2024-40897|1 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/orc/orc_0.4.40.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/orc/orc_0.4.40.bb b/meta/recipes-devtools/orc/orc_0.4.40.bb index e437831cd7..ee96ca0a4c 100644 --- a/meta/recipes-devtools/orc/orc_0.4.40.bb +++ b/meta/recipes-devtools/orc/orc_0.4.40.bb @@ -9,6 +9,9 @@ SRC_URI[sha256sum] = "3fc2bee78dfb7c41fd9605061fc69138db7df007eae2f669a1f56e8bac inherit meson pkgconfig gtk-doc +# distinguish from apache:orc +CVE_PRODUCT = "gstreamer:orc" + GTKDOC_MESON_OPTION = "gtk_doc" GTKDOC_MESON_ENABLE_FLAG = "enabled" GTKDOC_MESON_DISABLE_FLAG = "disabled" From patchwork Fri Jul 25 18:44:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34B58C87FCE for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.26742.1753469087307776420 for ; Fri, 25 Jul 2025 11:44:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=f4RfCKUy; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2350fc2591dso30410045ad.1 for ; Fri, 25 Jul 2025 11:44:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469086; x=1754073886; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0SExyELtirSLHPZawYAEgVSr0buqvalPQSqNJfMTY24=; b=f4RfCKUy3noTLVDc9+sO7NtM/SpIH4HRxfwqwAQjZvPjOH3Dc8SaLnMPXwf0+bb1Dm Fxa9nVi0cDXMfElSp+gJUKmVVZg+c657thisJfLWlvuiON7uYNROJSlQSSHdfIhh6t8x LVOse2+B1nq2GCUW6UKaeZT7Abp+anY6SrJdGlx4KiHp92f37cKkLUc2lF6mzElgCLaO r6BMGabevNxvvKInE5Oxv/FaJJDaLtOtKv9DtPT305Fg6zIrcN6rnic/ppHzxgd/TmRI zPBmUU/SuX5isOdHfjU2QO14xV5F/WCRWjEzlQmp3ZhDuWiy9u5tAl+weCxBZqh1TvX1 3Urw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469086; x=1754073886; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0SExyELtirSLHPZawYAEgVSr0buqvalPQSqNJfMTY24=; b=EM7CyEijXxMuDpv/HCVip/zISQDlmG31++q7DaEjIY9XgagcmLAETM8mAJV2FUUAhR fHMeB8y11/ri9+DJaSzwRqAD2hKqDKgCSBeSuhvSS4BdR+v9A0+BA0rnRMbePbzTfO2j k24YCNoenySvSpzziY07oHABbKcmv4a4E4VGmhASe+xu6qDAh/m5WqLDzciSTbw82lHb hCqHzwjWsxXmcWAdRcL0YfNOYSHwRUsjcP3Es9NU3A55bGY/ZHpMbIvyz3ze15VAtgTA 8W+Rh7yDByywnLuQo+pVJmpIqdM376R+/n8q6oT35H9/JeFArJPfP5xFmNc6u8VcuQ64 8LIw== X-Gm-Message-State: AOJu0Yz1invgJOq79+jBNig6TnauzZOTGD0E1Qb0dkNlHoF8ELM90H2T rWCcl3ZqaG5t6f4/TP+LbaaFt5GDWQ05plQjCt5HteVwWv4KoWzsbVCJtisP5uw2MTm7d02Ul+M GK9E7 X-Gm-Gg: ASbGncsLP4hY0t7UL6PrcLskmaSLRPZpG4wHWbqF8zHthFVSNCeVp1UqrcArIBAfllv t1cv3t+sP0SPzXXHnyUxjJEguXBJw6q6HvqrrxsR+RBdNmchkt4R9J0ygcU80YT/FF8ZxHquFMa 5uJMi7etk9sGvEB3wbB99Hhuk/WYYm/B+dNWzFaSLSctlIquNRd2U6gQN6O8UHmd53Ls+tyn+fY Ji/nQjS+hdGlZhwO77Vyq/YSE7fF6NDhkOcipsdMbu/kbg3bYEwXaP5G0kB/ZEtv9k8gDsljpQ2 QjgGFiVlqgHD5s4q6vESqbPM78OfePVnYU/ffrd7qMJjLsb0clcjGFX+CMjh+7mFmRMl0K4zfjh JjRockd1LkyFnOOfi9oErp7Dl X-Google-Smtp-Source: AGHT+IETFmYD4kSjmkWSOHq9St4ywmZJd9ODW9pm8pYiWKUbv6hGzoRGrTn2eAMGuoTDE1RuFUAN5Q== X-Received: by 2002:a17:903:1cb:b0:231:9817:6ec1 with SMTP id d9443c01a7336-23fb2b9994dmr47711835ad.17.1753469086373; Fri, 25 Jul 2025 11:44:46 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 06/16] openssl: CVE-2024-41996 Date: Fri, 25 Jul 2025 11:44:20 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220922 From: Archana Polampalli From: Peter Marko As discussed in [1], this commit fixes CVE-2024-41996. Although openssl project does not consider this a vulnerability, it got CVE number assigned so it deserves attention. [1] https://github.com/openssl/openssl/pull/25088 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2024-41996.patch | 44 +++++++++++++++++++ .../openssl/openssl_3.2.4.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch new file mode 100644 index 0000000000..dc18e0bef1 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch @@ -0,0 +1,44 @@ +From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 5 Aug 2024 17:54:14 +0200 +Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known + safe-prime groups +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The partial validation is fully sufficient to check the key validity. + +Thanks to Szilárd Pfeiffer for reporting the issue. + +Reviewed-by: Neil Horman +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/25088) + +CVE: CVE-2024-41996 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e70e34d857d4003199bcb5d3b52ca8102ccc1b98] +Signed-off-by: Peter Marko +--- + providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c +index 82c3093b12..ebdce76710 100644 +--- a/providers/implementations/keymgmt/dh_kmgmt.c ++++ b/providers/implementations/keymgmt/dh_kmgmt.c +@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype) + if (pub_key == NULL) + return 0; + +- /* The partial test is only valid for named group's with q = (p - 1) / 2 */ +- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK +- && ossl_dh_is_named_safe_prime_group(dh)) ++ /* ++ * The partial test is only valid for named group's with q = (p - 1) / 2 ++ * but for that case it is also fully sufficient to check the key validity. ++ */ ++ if (ossl_dh_is_named_safe_prime_group(dh)) + return ossl_dh_check_pub_key_partial(dh, pub_key, &res); + + return DH_check_pub_key_ex(dh, pub_key); diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb index c4ad80e734..d6bf32d989 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb @@ -12,6 +12,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://CVE-2024-41996.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Fri Jul 25 18:44:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BD11C87FCF for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.26644.1753469090114682031 for ; Fri, 25 Jul 2025 11:44:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=m2zWn7jk; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-235e1d710d8so33029445ad.1 for ; Fri, 25 Jul 2025 11:44:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469089; x=1754073889; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZgBkUfMLvm31afbkioodXPjmmJcvaL1EnndIfpbKyOo=; b=m2zWn7jk1wmHenyTGdHBl3WykrTuTnnrZIEnaYvPrpQFoXXs9Gw6Z1LsLQQ1sQGODW f3ROMWdyPlRm9YlgraO+/1dTkRhEnWxEyhupF777ogu8+bja0FGzLNRjB3cJJfeWhEdq bF1nbHGXxBVJa7C3eXkkd//7MI5hu/etdP4rrufIs0THOooSlazpFk288L0yzRWBhcC0 cde1NGszhQlVr8LZR2fmHI78jqBWmeCriE6zjehR5HUbOuXwIGlMv27uULWbWUeXlRGH TcelIOO1DJS/ez8igPilD7+h5iiBW7nFBTepQt7cBlf2C7VidKy43MM58PGmxOled8qu ltNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469089; x=1754073889; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZgBkUfMLvm31afbkioodXPjmmJcvaL1EnndIfpbKyOo=; b=xFdSYPdpYsgCoR4xjE+3neTEbtyv9eBJOcBdAeibptyyLuhAwmeDIs2AYM0SQZnWpO c4ltLbUdlX8eIbdhnQXFVdkxfZoYayKesLIQ/sSPajTZ5b7gOkLrBq93mMv6tIDhaoXK TN/iuA9dNdw7NpZhzKORx2Rufhoq/YK5mgKjewg1/IUqJwfAQyh8EUo1wMlC+1Ou+5J1 0wmWWMsVb/FgEoAOVt6EozYYqULtx//nqI1H2yAKeeUc+8y0jMTVl502A8vwT+RcI00z qREwfmvV7MzpXq5W35fRpmycU1Aj9rAmW1/Mt44AdLAhOm9D+gv8vbI9J8jigTMKdeI5 XzdQ== X-Gm-Message-State: AOJu0YwrrAA/ortu0HHBtvR2OFGOyKf7tcrf8U55FrBf0hc5B/PYNdXW o6sh33xQ/SeJBVTfSYXFyZ1fC5HRnUprf9ZHfbEGFuTSRqmsAz1sucjcCYUKHYEflQkSE1XoAE9 lUmwP X-Gm-Gg: ASbGncuKdGKs/kSTsJxKV2tNXSy5l5j1qz7nNdZC5RbCJU3kxwJGGasjqQ/uPct4MF1 2Su7dfoxpxrDeLBP1ftc+GjIqNDGF3kumclwr/3hZG6abFmpvd4zgZFAiX01hbiVAXaPZRycJiM qgs/y9AK2+IJISU8p6iQOFA92t6h3Gy0kjbKSi4UeEofUKtH82NbUZlzRORL7cVDfZsezlQvL5/ P2aJa7OUdl20jUpu8Vri4P742wifhZaEHrTCGMgnzYvWdOzKL1duA/h8DNbyrIcKj/Kbnzo3fn9 zbquT7KvIyO5wvHzkyiFYckj11iW3ieWJc2PGwkrmvwPgoKFK9koHXhBEjdTM7BPf8eg02vzXP7 agCjGMqx2i1fjkQ== X-Google-Smtp-Source: AGHT+IFh+A0GHwKRXGA9wfzJY99t5uxg0MlWncIwSYhJZdspX5Ix75xfJYPwzQwy+4xGZs8RkIMtjQ== X-Received: by 2002:a17:902:f708:b0:234:c5c1:9b84 with SMTP id d9443c01a7336-23fb3165b4emr35243895ad.37.1753469088490; Fri, 25 Jul 2025 11:44:48 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 07/16] openssl: patch CVE-2025-27587 Date: Fri, 25 Jul 2025 11:44:21 -0700 Message-ID: <57c04a32997c1b045121aff045f3ffaa7bb0b5f5.1753468892.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220923 From: Peter Marko Pick commits for Minerva fix between 3.2.4 and 3.2.5 release. Update to 3.2.5 is blocked due to problem with python ptest errors, so use patch instead of upgrade for now. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2025-27587-1.patch | 1918 +++++++++++++++++ .../openssl/openssl/CVE-2025-27587-2.patch | 129 ++ .../openssl/openssl_3.2.4.bb | 2 + 3 files changed, 2049 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch new file mode 100644 index 0000000000..eb3fc52dca --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch @@ -0,0 +1,1918 @@ +From 14ac0f0e4e1f36793d09b41ffd5e482575289ab2 Mon Sep 17 00:00:00 2001 +From: Danny Tsen +Date: Tue, 11 Feb 2025 13:48:01 -0500 +Subject: [PATCH] Fix Minerva timing side-channel signal for P-384 curve on PPC + +1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6() + for Montgomery multiplication. +2. ecp_nistp384-ppc64.pl: + - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with + minumum perl wrapper. + - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce. + - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly. +3. ecp_nistp384.c: + - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce. + +Signed-off-by: Danny Tsen + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/26709) + +(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5) + +CVE: CVE-2025-27587 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/14ac0f0e4e1f36793d09b41ffd5e482575289ab2] +Signed-off-by: Peter Marko +--- + crypto/bn/bn_ppc.c | 3 + + crypto/ec/asm/ecp_nistp384-ppc64.pl | 1724 +++++++++++++++++++++++---- + crypto/ec/ecp_nistp384.c | 28 +- + 3 files changed, 1504 insertions(+), 251 deletions(-) + +diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c +index 1e9421bee2..29293bad55 100644 +--- a/crypto/bn/bn_ppc.c ++++ b/crypto/bn/bn_ppc.c +@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + */ + + #if defined(_ARCH_PPC64) && !defined(__ILP32__) ++ /* Minerva side-channel fix danny */ ++# if defined(USE_FIXED_N6) + if (num == 6) { + if (OPENSSL_ppccap_P & PPC_MADD300) + return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); + else + return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); + } ++# endif + #endif + + return bn_mul_mont_int(rp, ap, bp, np, n0, num); +diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl +index 28f4168e52..b663bddfc6 100755 +--- a/crypto/ec/asm/ecp_nistp384-ppc64.pl ++++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl +@@ -7,13 +7,15 @@ + # https://www.openssl.org/source/license.html + # + # ==================================================================== +-# Written by Rohan McLure for the OpenSSL +-# project. ++# Written by Danny Tsen # for the OpenSSL project. ++# ++# Copyright 2025- IBM Corp. + # ==================================================================== + # +-# p384 lower-level primitives for PPC64 using vector instructions. ++# p384 lower-level primitives for PPC64. + # + ++ + use strict; + use warnings; + +@@ -21,7 +23,7 @@ my $flavour = shift; + my $output = ""; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + if (!$output) { +- $output = "-"; ++ $output = "-"; + } + + my ($xlate, $dir); +@@ -35,271 +37,1495 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; + + my $code = ""; + +-my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12"); +- +-my $vzero = "v32"; +- +-sub startproc($) +-{ +- my ($name) = @_; +- +- $code.=<<___; +- .globl ${name} +- .align 5 +-${name}: +- +-___ +-} +- +-sub endproc($) +-{ +- my ($name) = @_; +- +- $code.=<<___; +- blr +- .size ${name},.-${name} +- +-___ +-} +- +-sub load_vrs($$) +-{ +- my ($pointer, $reg_list) = @_; +- +- for (my $i = 0; $i <= 6; $i++) { +- my $offset = $i * 8; +- $code.=<<___; +- lxsd $reg_list->[$i],$offset($pointer) +-___ +- } +- +- $code.=<<___; +- +-___ +-} +- +-sub store_vrs($$) +-{ +- my ($pointer, $reg_list) = @_; +- +- for (my $i = 0; $i <= 12; $i++) { +- my $offset = $i * 16; +- $code.=<<___; +- stxv $reg_list->[$i],$offset($pointer) +-___ +- } +- +- $code.=<<___; +- +-___ +-} +- + $code.=<<___; +-.machine "any" ++.machine "any" + .text + +-___ ++.globl p384_felem_mul ++.type p384_felem_mul,\@function ++.align 4 ++p384_felem_mul: + +-{ +- # mul/square common +- my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43"); +- my ($zero, $one) = ("r8", "r9"); +- my $out = "v51"; ++ stdu 1, -176(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) + +- { +- # +- # p384_felem_mul +- # ++ bl _p384_felem_mul_core + +- my ($in1p, $in2p) = ("r4", "r5"); +- my @in1 = map("v$_",(44..50)); +- my @in2 = map("v$_",(35..41)); ++ mtlr 0 ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ addi 1, 1, 176 ++ blr ++.size p384_felem_mul,.-p384_felem_mul + +- startproc("p384_felem_mul"); ++.globl p384_felem_square ++.type p384_felem_square,\@function ++.align 4 ++p384_felem_square: + +- $code.=<<___; +- vspltisw $vzero,0 ++ stdu 1, -176(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) + +-___ ++ bl _p384_felem_square_core + +- load_vrs($in1p, \@in1); +- load_vrs($in2p, \@in2); +- +- $code.=<<___; +- vmsumudm $out,$in1[0],$in2[0],$vzero +- stxv $out,0($outp) +- +- xxpermdi $t1,$in1[0],$in1[1],0b00 +- xxpermdi $t2,$in2[1],$in2[0],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,16($outp) +- +- xxpermdi $t2,$in2[2],$in2[1],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in1[2],$in2[0],$out +- stxv $out,32($outp) +- +- xxpermdi $t2,$in2[1],$in2[0],0b00 +- xxpermdi $t3,$in1[2],$in1[3],0b00 +- xxpermdi $t4,$in2[3],$in2[2],0b00 +- vmsumudm $out,$t1,$t4,$vzero +- vmsumudm $out,$t3,$t2,$out +- stxv $out,48($outp) +- +- xxpermdi $t2,$in2[4],$in2[3],0b00 +- xxpermdi $t4,$in2[2],$in2[1],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- vmsumudm $out,$in1[4],$in2[0],$out +- stxv $out,64($outp) +- +- xxpermdi $t2,$in2[5],$in2[4],0b00 +- xxpermdi $t4,$in2[3],$in2[2],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- xxpermdi $t4,$in2[1],$in2[0],0b00 +- xxpermdi $t1,$in1[4],$in1[5],0b00 +- vmsumudm $out,$t1,$t4,$out +- stxv $out,80($outp) +- +- xxpermdi $t1,$in1[0],$in1[1],0b00 +- xxpermdi $t2,$in2[6],$in2[5],0b00 +- xxpermdi $t4,$in2[4],$in2[3],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- xxpermdi $t2,$in2[2],$in2[1],0b00 +- xxpermdi $t1,$in1[4],$in1[5],0b00 +- vmsumudm $out,$t1,$t2,$out +- vmsumudm $out,$in1[6],$in2[0],$out +- stxv $out,96($outp) +- +- xxpermdi $t1,$in1[1],$in1[2],0b00 +- xxpermdi $t2,$in2[6],$in2[5],0b00 +- xxpermdi $t3,$in1[3],$in1[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- xxpermdi $t3,$in2[2],$in2[1],0b00 +- xxpermdi $t1,$in1[5],$in1[6],0b00 +- vmsumudm $out,$t1,$t3,$out +- stxv $out,112($outp) +- +- xxpermdi $t1,$in1[2],$in1[3],0b00 +- xxpermdi $t3,$in1[4],$in1[5],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$t3,$t4,$out +- vmsumudm $out,$in1[6],$in2[2],$out +- stxv $out,128($outp) +- +- xxpermdi $t1,$in1[3],$in1[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- xxpermdi $t1,$in1[5],$in1[6],0b00 +- vmsumudm $out,$t1,$t4,$out +- stxv $out,144($outp) +- +- vmsumudm $out,$t3,$t2,$vzero +- vmsumudm $out,$in1[6],$in2[4],$out +- stxv $out,160($outp) +- +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,176($outp) +- +- vmsumudm $out,$in1[6],$in2[6],$vzero +- stxv $out,192($outp) +-___ ++ mtlr 0 ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ addi 1, 1, 176 ++ blr ++.size p384_felem_square,.-p384_felem_square + +- endproc("p384_felem_mul"); +- } ++# ++# Felem mul core function - ++# r3, r4 and r5 need to pre-loaded. ++# ++.type _p384_felem_mul_core,\@function ++.align 4 ++_p384_felem_mul_core: + +- { +- # +- # p384_felem_square +- # ++ ld 6,0(4) ++ ld 14,0(5) ++ ld 7,8(4) ++ ld 15,8(5) ++ ld 8,16(4) ++ ld 16,16(5) ++ ld 9,24(4) ++ ld 17,24(5) ++ ld 10,32(4) ++ ld 18,32(5) ++ ld 11,40(4) ++ ld 19,40(5) ++ ld 12,48(4) ++ ld 20,48(5) + +- my ($inp) = ("r4"); +- my @in = map("v$_",(44..50)); +- my @inx2 = map("v$_",(35..41)); ++ # out0 ++ mulld 21, 14, 6 ++ mulhdu 22, 14, 6 ++ std 21, 0(3) ++ std 22, 8(3) + +- startproc("p384_felem_square"); ++ vxor 0, 0, 0 + +- $code.=<<___; +- vspltisw $vzero,0 ++ # out1 ++ mtvsrdd 32+13, 14, 6 ++ mtvsrdd 32+14, 7, 15 ++ vmsumudm 1, 13, 14, 0 + +-___ ++ # out2 ++ mtvsrdd 32+15, 15, 6 ++ mtvsrdd 32+16, 7, 16 ++ mtvsrdd 32+17, 0, 8 ++ mtvsrdd 32+18, 0, 14 ++ vmsumudm 19, 15, 16, 0 ++ vmsumudm 2, 17, 18, 19 + +- load_vrs($inp, \@in); ++ # out3 ++ mtvsrdd 32+13, 16, 6 ++ mtvsrdd 32+14, 7, 17 ++ mtvsrdd 32+15, 14, 8 ++ mtvsrdd 32+16, 9, 15 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 3, 15, 16, 19 + +- $code.=<<___; +- li $zero,0 +- li $one,1 +- mtvsrdd $t1,$one,$zero +-___ ++ # out4 ++ mtvsrdd 32+13, 17, 6 ++ mtvsrdd 32+14, 7, 18 ++ mtvsrdd 32+15, 15, 8 ++ mtvsrdd 32+16, 9, 16 ++ mtvsrdd 32+17, 0, 10 ++ mtvsrdd 32+18, 0, 14 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 4, 15, 16, 19 ++ vmsumudm 4, 17, 18, 4 + +- for (my $i = 0; $i <= 6; $i++) { +- $code.=<<___; +- vsld $inx2[$i],$in[$i],$t1 +-___ +- } +- +- $code.=<<___; +- vmsumudm $out,$in[0],$in[0],$vzero +- stxv $out,0($outp) +- +- vmsumudm $out,$in[0],$inx2[1],$vzero +- stxv $out,16($outp) +- +- vmsumudm $out,$in[0],$inx2[2],$vzero +- vmsumudm $out,$in[1],$in[1],$out +- stxv $out,32($outp) +- +- xxpermdi $t1,$in[0],$in[1],0b00 +- xxpermdi $t2,$inx2[3],$inx2[2],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,48($outp) +- +- xxpermdi $t4,$inx2[4],$inx2[3],0b00 +- vmsumudm $out,$t1,$t4,$vzero +- vmsumudm $out,$in[2],$in[2],$out +- stxv $out,64($outp) +- +- xxpermdi $t2,$inx2[5],$inx2[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in[2],$inx2[3],$out +- stxv $out,80($outp) +- +- xxpermdi $t2,$inx2[6],$inx2[5],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in[2],$inx2[4],$out +- vmsumudm $out,$in[3],$in[3],$out +- stxv $out,96($outp) +- +- xxpermdi $t3,$in[1],$in[2],0b00 +- vmsumudm $out,$t3,$t2,$vzero +- vmsumudm $out,$in[3],$inx2[4],$out +- stxv $out,112($outp) +- +- xxpermdi $t1,$in[2],$in[3],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- vmsumudm $out,$in[4],$in[4],$out +- stxv $out,128($outp) +- +- xxpermdi $t1,$in[3],$in[4],0b00 +- vmsumudm $out,$t1,$t2,$vzero +- stxv $out,144($outp) +- +- vmsumudm $out,$in[4],$inx2[6],$vzero +- vmsumudm $out,$in[5],$in[5],$out +- stxv $out,160($outp) +- +- vmsumudm $out,$in[5],$inx2[6],$vzero +- stxv $out,176($outp) +- +- vmsumudm $out,$in[6],$in[6],$vzero +- stxv $out,192($outp) +-___ ++ # out5 ++ mtvsrdd 32+13, 18, 6 ++ mtvsrdd 32+14, 7, 19 ++ mtvsrdd 32+15, 16, 8 ++ mtvsrdd 32+16, 9, 17 ++ mtvsrdd 32+17, 14, 10 ++ mtvsrdd 32+18, 11, 15 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 5, 15, 16, 19 ++ vmsumudm 5, 17, 18, 5 ++ ++ stxv 32+1, 16(3) ++ stxv 32+2, 32(3) ++ stxv 32+3, 48(3) ++ stxv 32+4, 64(3) ++ stxv 32+5, 80(3) ++ ++ # out6 ++ mtvsrdd 32+13, 19, 6 ++ mtvsrdd 32+14, 7, 20 ++ mtvsrdd 32+15, 17, 8 ++ mtvsrdd 32+16, 9, 18 ++ mtvsrdd 32+17, 15, 10 ++ mtvsrdd 32+18, 11, 16 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 6, 15, 16, 19 ++ mtvsrdd 32+13, 0, 12 ++ mtvsrdd 32+14, 0, 14 ++ vmsumudm 19, 17, 18, 6 ++ vmsumudm 6, 13, 14, 19 ++ ++ # out7 ++ mtvsrdd 32+13, 19, 7 ++ mtvsrdd 32+14, 8, 20 ++ mtvsrdd 32+15, 17, 9 ++ mtvsrdd 32+16, 10, 18 ++ mtvsrdd 32+17, 15, 11 ++ mtvsrdd 32+18, 12, 16 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 7, 15, 16, 19 ++ vmsumudm 7, 17, 18, 7 ++ ++ # out8 ++ mtvsrdd 32+13, 19, 8 ++ mtvsrdd 32+14, 9, 20 ++ mtvsrdd 32+15, 17, 10 ++ mtvsrdd 32+16, 11, 18 ++ mtvsrdd 32+17, 0, 12 ++ mtvsrdd 32+18, 0, 16 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 8, 15, 16, 19 ++ vmsumudm 8, 17, 18, 8 ++ ++ # out9 ++ mtvsrdd 32+13, 19, 9 ++ mtvsrdd 32+14, 10, 20 ++ mtvsrdd 32+15, 17, 11 ++ mtvsrdd 32+16, 12, 18 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 9, 15, 16, 19 ++ ++ # out10 ++ mtvsrdd 32+13, 19, 10 ++ mtvsrdd 32+14, 11, 20 ++ mtvsrdd 32+15, 0, 12 ++ mtvsrdd 32+16, 0, 18 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 10, 15, 16, 19 ++ ++ # out11 ++ mtvsrdd 32+17, 19, 11 ++ mtvsrdd 32+18, 12, 20 ++ vmsumudm 11, 17, 18, 0 ++ ++ stxv 32+6, 96(3) ++ stxv 32+7, 112(3) ++ stxv 32+8, 128(3) ++ stxv 32+9, 144(3) ++ stxv 32+10, 160(3) ++ stxv 32+11, 176(3) ++ ++ # out12 ++ mulld 21, 20, 12 ++ mulhdu 22, 20, 12 # out12 ++ ++ std 21, 192(3) ++ std 22, 200(3) ++ ++ blr ++.size _p384_felem_mul_core,.-_p384_felem_mul_core ++ ++# ++# Felem square core function - ++# r3 and r4 need to pre-loaded. ++# ++.type _p384_felem_square_core,\@function ++.align 4 ++_p384_felem_square_core: ++ ++ ld 6, 0(4) ++ ld 7, 8(4) ++ ld 8, 16(4) ++ ld 9, 24(4) ++ ld 10, 32(4) ++ ld 11, 40(4) ++ ld 12, 48(4) ++ ++ vxor 0, 0, 0 ++ ++ # out0 ++ mulld 14, 6, 6 ++ mulhdu 15, 6, 6 ++ std 14, 0(3) ++ std 15, 8(3) ++ ++ # out1 ++ add 14, 6, 6 ++ mtvsrdd 32+13, 0, 14 ++ mtvsrdd 32+14, 0, 7 ++ vmsumudm 1, 13, 14, 0 ++ ++ # out2 ++ mtvsrdd 32+15, 7, 14 ++ mtvsrdd 32+16, 7, 8 ++ vmsumudm 2, 15, 16, 0 ++ ++ # out3 ++ add 15, 7, 7 ++ mtvsrdd 32+13, 8, 14 ++ mtvsrdd 32+14, 15, 9 ++ vmsumudm 3, 13, 14, 0 ++ ++ # out4 ++ mtvsrdd 32+13, 9, 14 ++ mtvsrdd 32+14, 15, 10 ++ mtvsrdd 32+15, 0, 8 ++ vmsumudm 4, 13, 14, 0 ++ vmsumudm 4, 15, 15, 4 ++ ++ # out5 ++ mtvsrdd 32+13, 10, 14 ++ mtvsrdd 32+14, 15, 11 ++ add 16, 8, 8 ++ mtvsrdd 32+15, 0, 16 ++ mtvsrdd 32+16, 0, 9 ++ vmsumudm 5, 13, 14, 0 ++ vmsumudm 5, 15, 16, 5 ++ ++ stxv 32+1, 16(3) ++ stxv 32+2, 32(3) ++ stxv 32+3, 48(3) ++ stxv 32+4, 64(3) ++ ++ # out6 ++ mtvsrdd 32+13, 11, 14 ++ mtvsrdd 32+14, 15, 12 ++ mtvsrdd 32+15, 9, 16 ++ mtvsrdd 32+16, 9, 10 ++ stxv 32+5, 80(3) ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 6, 15, 16, 19 ++ ++ # out7 ++ add 17, 9, 9 ++ mtvsrdd 32+13, 11, 15 ++ mtvsrdd 32+14, 16, 12 ++ mtvsrdd 32+15, 0, 17 ++ mtvsrdd 32+16, 0, 10 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 7, 15, 16, 19 ++ ++ # out8 ++ mtvsrdd 32+13, 11, 16 ++ mtvsrdd 32+14, 17, 12 ++ mtvsrdd 32+15, 0, 10 ++ vmsumudm 19, 13, 14, 0 ++ vmsumudm 8, 15, 15, 19 ++ ++ # out9 ++ add 14, 10, 10 ++ mtvsrdd 32+13, 11, 17 ++ mtvsrdd 32+14, 14, 12 ++ vmsumudm 9, 13, 14, 0 ++ ++ # out10 ++ mtvsrdd 32+13, 11, 14 ++ mtvsrdd 32+14, 11, 12 ++ vmsumudm 10, 13, 14, 0 ++ ++ stxv 32+6, 96(3) ++ stxv 32+7, 112(3) ++ ++ # out11 ++ #add 14, 11, 11 ++ #mtvsrdd 32+13, 0, 14 ++ #mtvsrdd 32+14, 0, 12 ++ #vmsumudm 11, 13, 14, 0 ++ ++ mulld 6, 12, 11 ++ mulhdu 7, 12, 11 ++ addc 8, 6, 6 ++ adde 9, 7, 7 ++ ++ stxv 32+8, 128(3) ++ stxv 32+9, 144(3) ++ stxv 32+10, 160(3) ++ #stxv 32+11, 176(3) ++ ++ # out12 ++ mulld 14, 12, 12 ++ mulhdu 15, 12, 12 ++ ++ std 8, 176(3) ++ std 9, 184(3) ++ std 14, 192(3) ++ std 15, 200(3) ++ ++ blr ++.size _p384_felem_square_core,.-_p384_felem_square_core ++ ++# ++# widefelem (128 bits) * 8 ++# ++.macro F128_X_8 _off1 _off2 ++ ld 9,\\_off1(3) ++ ld 8,\\_off2(3) ++ srdi 10,9,61 ++ rldimi 10,8,3,0 ++ sldi 9,9,3 ++ std 9,\\_off1(3) ++ std 10,\\_off2(3) ++.endm ++ ++.globl p384_felem128_mul_by_8 ++.type p384_felem128_mul_by_8, \@function ++.align 4 ++p384_felem128_mul_by_8: ++ ++ F128_X_8 0, 8 ++ ++ F128_X_8 16, 24 ++ ++ F128_X_8 32, 40 ++ ++ F128_X_8 48, 56 ++ ++ F128_X_8 64, 72 ++ ++ F128_X_8 80, 88 ++ ++ F128_X_8 96, 104 ++ ++ F128_X_8 112, 120 ++ ++ F128_X_8 128, 136 ++ ++ F128_X_8 144, 152 ++ ++ F128_X_8 160, 168 ++ ++ F128_X_8 176, 184 ++ ++ F128_X_8 192, 200 ++ ++ blr ++.size p384_felem128_mul_by_8,.-p384_felem128_mul_by_8 ++ ++# ++# widefelem (128 bits) * 2 ++# ++.macro F128_X_2 _off1 _off2 ++ ld 9,\\_off1(3) ++ ld 8,\\_off2(3) ++ srdi 10,9,63 ++ rldimi 10,8,1,0 ++ sldi 9,9,1 ++ std 9,\\_off1(3) ++ std 10,\\_off2(3) ++.endm ++ ++.globl p384_felem128_mul_by_2 ++.type p384_felem128_mul_by_2, \@function ++.align 4 ++p384_felem128_mul_by_2: ++ ++ F128_X_2 0, 8 ++ ++ F128_X_2 16, 24 ++ ++ F128_X_2 32, 40 ++ ++ F128_X_2 48, 56 ++ ++ F128_X_2 64, 72 ++ ++ F128_X_2 80, 88 ++ ++ F128_X_2 96, 104 ++ ++ F128_X_2 112, 120 ++ ++ F128_X_2 128, 136 ++ ++ F128_X_2 144, 152 ++ ++ F128_X_2 160, 168 ++ ++ F128_X_2 176, 184 ++ ++ F128_X_2 192, 200 ++ ++ blr ++.size p384_felem128_mul_by_2,.-p384_felem128_mul_by_2 ++ ++.globl p384_felem_diff128 ++.type p384_felem_diff128, \@function ++.align 4 ++p384_felem_diff128: ++ ++ addis 5, 2, .LConst_two127\@toc\@ha ++ addi 5, 5, .LConst_two127\@toc\@l ++ ++ ld 10, 0(3) ++ ld 8, 8(3) ++ li 9, 0 ++ addc 10, 10, 9 ++ li 7, -1 ++ rldicr 7, 7, 0, 0 # two127 ++ adde 8, 8, 7 ++ ld 11, 0(4) ++ ld 12, 8(4) ++ subfc 11, 11, 10 ++ subfe 12, 12, 8 ++ std 11, 0(3) # out0 ++ std 12, 8(3) ++ ++ # two127m71 = (r10, r9) ++ ld 8, 16(3) ++ ld 7, 24(3) ++ ld 10, 24(5) # two127m71 ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 16(4) ++ ld 12, 24(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 16(3) # out1 ++ std 12, 24(3) ++ ++ ld 8, 32(3) ++ ld 7, 40(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 32(4) ++ ld 12, 40(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 32(3) # out2 ++ std 12, 40(3) ++ ++ ld 8, 48(3) ++ ld 7, 56(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 48(4) ++ ld 12, 56(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 48(3) # out3 ++ std 12, 56(3) ++ ++ ld 8, 64(3) ++ ld 7, 72(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 64(4) ++ ld 12, 72(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 64(3) # out4 ++ std 12, 72(3) ++ ++ ld 8, 80(3) ++ ld 7, 88(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 80(4) ++ ld 12, 88(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 80(3) # out5 ++ std 12, 88(3) ++ ++ ld 8, 96(3) ++ ld 7, 104(3) ++ ld 6, 40(5) # two127p111m79m71 ++ addc 8, 8, 9 ++ adde 7, 7, 6 ++ ld 11, 96(4) ++ ld 12, 104(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 96(3) # out6 ++ std 12, 104(3) ++ ++ ld 8, 112(3) ++ ld 7, 120(3) ++ ld 6, 56(5) # two127m119m71 ++ addc 8, 8, 9 ++ adde 7, 7, 6 ++ ld 11, 112(4) ++ ld 12, 120(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 112(3) # out7 ++ std 12, 120(3) ++ ++ ld 8, 128(3) ++ ld 7, 136(3) ++ ld 6, 72(5) # two127m95m71 ++ addc 8, 8, 9 ++ adde 7, 7, 6 ++ ld 11, 128(4) ++ ld 12, 136(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 128(3) # out8 ++ std 12, 136(3) ++ ++ ld 8, 144(3) ++ ld 7, 152(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 144(4) ++ ld 12, 152(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 144(3) # out9 ++ std 12, 152(3) ++ ++ ld 8, 160(3) ++ ld 7, 168(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 160(4) ++ ld 12, 168(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 160(3) # out10 ++ std 12, 168(3) ++ ++ ld 8, 176(3) ++ ld 7, 184(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 176(4) ++ ld 12, 184(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 176(3) # out11 ++ std 12, 184(3) ++ ++ ld 8, 192(3) ++ ld 7, 200(3) ++ addc 8, 8, 9 ++ adde 7, 7, 10 ++ ld 11, 192(4) ++ ld 12, 200(4) ++ subfc 11, 11, 8 ++ subfe 12, 12, 7 ++ std 11, 192(3) # out12 ++ std 12, 200(3) ++ ++ blr ++.size p384_felem_diff128,.-p384_felem_diff128 ++ ++.data ++.align 4 ++.LConst_two127: ++#two127 ++.long 0x00000000, 0x00000000, 0x00000000, 0x80000000 ++#two127m71 ++.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff ++#two127p111m79m71 ++.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff ++#two127m119m71 ++.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff ++#two127m95m71 ++.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff ++ ++.text ++ ++.globl p384_felem_diff_128_64 ++.type p384_felem_diff_128_64, \@function ++.align 4 ++p384_felem_diff_128_64: ++ addis 5, 2, .LConst_128_two64\@toc\@ha ++ addi 5, 5, .LConst_128_two64\@toc\@l ++ ++ ld 9, 0(3) ++ ld 10, 8(3) ++ ld 8, 48(5) # two64p48m16 ++ li 7, 0 ++ addc 9, 9, 8 ++ li 6, 1 ++ adde 10, 10, 6 ++ ld 11, 0(4) ++ subfc 8, 11, 9 ++ subfe 12, 7, 10 ++ std 8, 0(3) # out0 ++ std 12, 8(3) ++ ++ ld 9, 16(3) ++ ld 10, 24(3) ++ ld 8, 0(5) # two64m56m8 ++ addc 9, 9, 8 ++ addze 10, 10 ++ ld 11, 8(4) ++ subfc 11, 11, 9 ++ subfe 12, 7, 10 ++ std 11, 16(3) # out1 ++ std 12, 24(3) ++ ++ ld 9, 32(3) ++ ld 10, 40(3) ++ ld 8, 16(5) # two64m32m8 ++ addc 9, 9, 8 ++ addze 10, 10 ++ ld 11, 16(4) ++ subfc 11, 11, 9 ++ subfe 12, 7, 10 ++ std 11, 32(3) # out2 ++ std 12, 40(3) ++ ++ ld 10, 48(3) ++ ld 8, 56(3) ++ #ld 9, 32(5) # two64m8 ++ li 9, -256 # two64m8 ++ addc 10, 10, 9 ++ addze 8, 8 ++ ld 11, 24(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 8 ++ std 11, 48(3) # out3 ++ std 12, 56(3) ++ ++ ld 10, 64(3) ++ ld 8, 72(3) ++ addc 10, 10, 9 ++ addze 8, 8 ++ ld 11, 32(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 8 ++ std 11, 64(3) # out4 ++ std 12, 72(3) ++ ++ ld 10, 80(3) ++ ld 8, 88(3) ++ addc 10, 10, 9 ++ addze 8, 8 ++ ld 11, 40(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 8 ++ std 11, 80(3) # out5 ++ std 12, 88(3) ++ ++ ld 10, 96(3) ++ ld 8, 104(3) ++ addc 10, 10, 9 ++ addze 9, 8 ++ ld 11, 48(4) ++ subfc 11, 11, 10 ++ subfe 12, 7, 9 ++ std 11, 96(3) # out6 ++ std 12, 104(3) ++ ++ blr ++.size p384_felem_diff_128_64,.-p384_felem_diff_128_64 ++ ++.data ++.align 4 ++.LConst_128_two64: ++#two64m56m8 ++.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000 ++#two64m32m8 ++.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000 ++#two64m8 ++.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000 ++#two64p48m16 ++.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000 ++ ++.LConst_two60: ++#two60m52m4 ++.long 0xfffffff0, 0x0fefffff, 0x0, 0x0 ++#two60p44m12 ++.long 0xfffff000, 0x10000fff, 0x0, 0x0 ++#two60m28m4 ++.long 0xeffffff0, 0x0fffffff, 0x0, 0x0 ++#two60m4 ++.long 0xfffffff0, 0x0fffffff, 0x0, 0x0 ++ ++.text ++# ++# static void felem_diff64(felem out, const felem in) ++# ++.globl p384_felem_diff64 ++.type p384_felem_diff64, \@function ++.align 4 ++p384_felem_diff64: ++ addis 5, 2, .LConst_two60\@toc\@ha ++ addi 5, 5, .LConst_two60\@toc\@l ++ ++ ld 9, 0(3) ++ ld 8, 16(5) # two60p44m12 ++ li 7, 0 ++ add 9, 9, 8 ++ ld 11, 0(4) ++ subf 8, 11, 9 ++ std 8, 0(3) # out0 ++ ++ ld 9, 8(3) ++ ld 8, 0(5) # two60m52m4 ++ add 9, 9, 8 ++ ld 11, 8(4) ++ subf 11, 11, 9 ++ std 11, 8(3) # out1 ++ ++ ld 9, 16(3) ++ ld 8, 32(5) # two60m28m4 ++ add 9, 9, 8 ++ ld 11, 16(4) ++ subf 11, 11, 9 ++ std 11, 16(3) # out2 ++ ++ ld 10, 24(3) ++ ld 9, 48(5) # two60m4 ++ add 10, 10, 9 ++ ld 12, 24(4) ++ subf 12, 12, 10 ++ std 12, 24(3) # out3 ++ ++ ld 10, 32(3) ++ add 10, 10, 9 ++ ld 11, 32(4) ++ subf 11, 11, 10 ++ std 11, 32(3) # out4 ++ ++ ld 10, 40(3) ++ add 10, 10, 9 ++ ld 12, 40(4) ++ subf 12, 12, 10 ++ std 12, 40(3) # out5 + +- endproc("p384_felem_square"); +- } +-} ++ ld 10, 48(3) ++ add 10, 10, 9 ++ ld 11, 48(4) ++ subf 11, 11, 10 ++ std 11, 48(3) # out6 ++ ++ blr ++.size p384_felem_diff64,.-p384_felem_diff64 ++ ++.text ++# ++# Shift 128 bits right ++# ++.macro SHR o_h o_l in_h in_l nbits ++ srdi \\o_l, \\in_l, \\nbits # shift lower right ++ rldimi \\o_l, \\in_h, 64-\\nbits, 0 # insert <64-nbits> from hi ++ srdi \\o_h, \\in_h, \\nbits # shift higher right ++.endm ++ ++# ++# static void felem_reduce(felem out, const widefelem in) ++# ++.global p384_felem_reduce ++.type p384_felem_reduce,\@function ++.align 4 ++p384_felem_reduce: ++ ++ stdu 1, -208(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) ++ std 23, 128(1) ++ std 24, 136(1) ++ std 25, 144(1) ++ std 26, 152(1) ++ std 27, 160(1) ++ std 28, 168(1) ++ std 29, 176(1) ++ std 30, 184(1) ++ std 31, 192(1) ++ ++ bl _p384_felem_reduce_core ++ ++ mtlr 0 ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ ld 23, 128(1) ++ ld 24, 136(1) ++ ld 25, 144(1) ++ ld 26, 152(1) ++ ld 27, 160(1) ++ ld 28, 168(1) ++ ld 29, 176(1) ++ ld 30, 184(1) ++ ld 31, 192(1) ++ addi 1, 1, 208 ++ blr ++.size p384_felem_reduce,.-p384_felem_reduce ++ ++# ++# Felem reduction core function - ++# r3 and r4 need to pre-loaded. ++# ++.type _p384_felem_reduce_core,\@function ++.align 4 ++_p384_felem_reduce_core: ++ addis 12, 2, .LConst\@toc\@ha ++ addi 12, 12, .LConst\@toc\@l ++ ++ # load constat p ++ ld 11, 8(12) # hi - two124m68 ++ ++ # acc[6] = in[6] + two124m68; ++ ld 26, 96(4) # in[6].l ++ ld 27, 96+8(4) # in[6].h ++ add 27, 27, 11 ++ ++ # acc[5] = in[5] + two124m68; ++ ld 24, 80(4) # in[5].l ++ ld 25, 80+8(4) # in[5].h ++ add 25, 25, 11 ++ ++ # acc[4] = in[4] + two124m68; ++ ld 22, 64(4) # in[4].l ++ ld 23, 64+8(4) # in[4].h ++ add 23, 23, 11 ++ ++ # acc[3] = in[3] + two124m68; ++ ld 20, 48(4) # in[3].l ++ ld 21, 48+8(4) # in[3].h ++ add 21, 21, 11 ++ ++ ld 11, 48+8(12) # hi - two124m92m68 ++ ++ # acc[2] = in[2] + two124m92m68; ++ ld 18, 32(4) # in[2].l ++ ld 19, 32+8(4) # in[2].h ++ add 19, 19, 11 ++ ++ ld 11, 16+8(12) # high - two124m116m68 ++ ++ # acc[1] = in[1] + two124m116m68; ++ ld 16, 16(4) # in[1].l ++ ld 17, 16+8(4) # in[1].h ++ add 17, 17, 11 ++ ++ ld 11, 32+8(12) # high - two124p108m76 ++ ++ # acc[0] = in[0] + two124p108m76; ++ ld 14, 0(4) # in[0].l ++ ld 15, 0+8(4) # in[0].h ++ add 15, 15, 11 ++ ++ # compute mask ++ li 7, -1 ++ ++ # Eliminate in[12] ++ ++ # acc[8] += in[12] >> 32; ++ ld 5, 192(4) # in[12].l ++ ld 6, 192+8(4) # in[12].h ++ SHR 9, 10, 6, 5, 32 ++ ld 30, 128(4) # in[8].l ++ ld 31, 136(4) # in[8].h ++ addc 30, 30, 10 ++ adde 31, 31, 9 ++ ++ # acc[7] += (in[12] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ ld 28, 112(4) # in[7].l ++ ld 29, 120(4) # in[7].h ++ addc 28, 28, 11 ++ addze 29, 29 ++ ++ # acc[7] += in[12] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 28, 28, 10 ++ adde 29, 29, 9 ++ ++ # acc[6] += (in[12] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 26, 26, 11 ++ addze 27, 27 ++ ++ # acc[6] -= in[12] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 26, 10, 26 ++ subfe 27, 9, 27 ++ ++ # acc[5] -= (in[12] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 24, 11, 24 ++ subfe 25, 9, 25 ++ ++ # acc[6] += in[12] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] += (in[12] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 24, 24, 11 ++ addze 25, 25 ++ ++ # Eliminate in[11] ++ ++ # acc[7] += in[11] >> 32; ++ ld 5, 176(4) # in[11].l ++ ld 6, 176+8(4) # in[11].h ++ SHR 9, 10, 6, 5, 32 ++ addc 28, 28, 10 ++ adde 29, 29, 9 ++ ++ # acc[6] += (in[11] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 26, 26, 11 ++ addze 27, 27 ++ ++ # acc[6] += in[11] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] += (in[11] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 24, 24, 11 ++ addze 25, 25 ++ ++ # acc[5] -= in[11] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 24, 10, 24 ++ subfe 25, 9, 25 ++ ++ # acc[4] -= (in[11] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 22, 11, 22 ++ subfe 23, 9, 23 ++ ++ # acc[5] += in[11] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] += (in[11] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 22, 22, 11 ++ addze 23, 23 ++ ++ # Eliminate in[10] ++ ++ # acc[6] += in[10] >> 32; ++ ld 5, 160(4) # in[10].l ++ ld 6, 160+8(4) # in[10].h ++ SHR 9, 10, 6, 5, 32 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] += (in[10] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 24, 24, 11 ++ addze 25, 25 ++ ++ # acc[5] += in[10] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] += (in[10] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 22, 22, 11 ++ addze 23, 23 ++ ++ # acc[4] -= in[10] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 22, 10, 22 ++ subfe 23, 9, 23 ++ ++ # acc[3] -= (in[10] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 20, 11, 20 ++ subfe 21, 9, 21 ++ ++ # acc[4] += in[10] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] += (in[10] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 20, 20, 11 ++ addze 21, 21 ++ ++ # Eliminate in[9] ++ ++ # acc[5] += in[9] >> 32; ++ ld 5, 144(4) # in[9].l ++ ld 6, 144+8(4) # in[9].h ++ SHR 9, 10, 6, 5, 32 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] += (in[9] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 22, 22, 11 ++ addze 23, 23 ++ ++ # acc[4] += in[9] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] += (in[9] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 20, 20, 11 ++ addze 21, 21 ++ ++ # acc[3] -= in[9] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 20, 10, 20 ++ subfe 21, 9, 21 ++ ++ # acc[2] -= (in[9] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 18, 11, 18 ++ subfe 19, 9, 19 ++ ++ # acc[3] += in[9] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (in[9] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 18, 18, 11 ++ addze 19, 19 ++ ++ # Eliminate acc[8] ++ ++ # acc[4] += acc[8] >> 32; ++ mr 5, 30 # acc[8].l ++ mr 6, 31 # acc[8].h ++ SHR 9, 10, 6, 5, 32 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] += (acc[8] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 20, 20, 11 ++ addze 21, 21 ++ ++ # acc[3] += acc[8] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (acc[8] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 18, 18, 11 ++ addze 19, 19 ++ ++ # acc[2] -= acc[8] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 18, 10, 18 ++ subfe 19, 9, 19 ++ ++ # acc[1] -= (acc[8] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 16, 11, 16 ++ subfe 17, 9, 17 ++ ++ #acc[2] += acc[8] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] += (acc[8] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 16, 16, 11 ++ addze 17, 17 ++ ++ # Eliminate acc[7] ++ ++ # acc[3] += acc[7] >> 32; ++ mr 5, 28 # acc[7].l ++ mr 6, 29 # acc[7].h ++ SHR 9, 10, 6, 5, 32 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (acc[7] & 0xffffffff) << 24; ++ srdi 11, 7, 32 # 0xffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 24 # << 24 ++ addc 18, 18, 11 ++ addze 19, 19 ++ ++ # acc[2] += acc[7] >> 8; ++ SHR 9, 10, 6, 5, 8 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] += (acc[7] & 0xff) << 48; ++ andi. 11, 5, 0xff ++ sldi 11, 11, 48 ++ addc 16, 16, 11 ++ addze 17, 17 ++ ++ # acc[1] -= acc[7] >> 16; ++ SHR 9, 10, 6, 5, 16 ++ subfc 16, 10, 16 ++ subfe 17, 9, 17 ++ ++ # acc[0] -= (acc[7] & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 11, 11, 5 ++ sldi 11, 11, 40 # << 40 ++ li 9, 0 ++ subfc 14, 11, 14 ++ subfe 15, 9, 15 ++ ++ # acc[1] += acc[7] >> 48; ++ SHR 9, 10, 6, 5, 48 ++ addc 16, 16, 10 ++ adde 17, 17, 9 ++ ++ # acc[0] += (acc[7] & 0xffffffffffff) << 8; ++ srdi 11, 7, 16 # 0xffffffffffff ++ and 11, 11, 5 ++ sldi 11, 11, 8 # << 8 ++ addc 14, 14, 11 ++ addze 15, 15 ++ ++ # ++ # Carry 4 -> 5 -> 6 ++ # ++ # acc[5] += acc[4] >> 56; ++ # acc[4] &= 0x00ffffffffffffff; ++ SHR 9, 10, 23, 22, 56 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ srdi 11, 7, 8 # 0x00ffffffffffffff ++ and 22, 22, 11 ++ li 23, 0 ++ ++ # acc[6] += acc[5] >> 56; ++ # acc[5] &= 0x00ffffffffffffff; ++ SHR 9, 10, 25, 24, 56 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ and 24, 24, 11 ++ li 25, 0 ++ ++ # [3]: Eliminate high bits of acc[6] */ ++ # temp = acc[6] >> 48; ++ # acc[6] &= 0x0000ffffffffffff; ++ SHR 31, 30, 27, 26, 48 # temp = acc[6] >> 48 ++ srdi 11, 7, 16 # 0x0000ffffffffffff ++ and 26, 26, 11 ++ li 27, 0 ++ ++ # temp < 2^80 ++ # acc[3] += temp >> 40; ++ SHR 9, 10, 31, 30, 40 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] += (temp & 0xffffffffff) << 16; ++ srdi 11, 7, 24 # 0xffffffffff ++ and 10, 30, 11 ++ sldi 10, 10, 16 ++ addc 18, 18, 10 ++ addze 19, 19 ++ ++ # acc[2] += temp >> 16; ++ SHR 9, 10, 31, 30, 16 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] += (temp & 0xffff) << 40; ++ srdi 11, 7, 48 # 0xffff ++ and 10, 30, 11 ++ sldi 10, 10, 40 ++ addc 16, 16, 10 ++ addze 17, 17 ++ ++ # acc[1] -= temp >> 24; ++ SHR 9, 10, 31, 30, 24 ++ subfc 16, 10, 16 ++ subfe 17, 9, 17 ++ ++ # acc[0] -= (temp & 0xffffff) << 32; ++ srdi 11, 7, 40 # 0xffffff ++ and 10, 30, 11 ++ sldi 10, 10, 32 ++ li 9, 0 ++ subfc 14, 10, 14 ++ subfe 15, 9, 15 ++ ++ # acc[0] += temp; ++ addc 14, 14, 30 ++ adde 15, 15, 31 ++ ++ # Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6 ++ # ++ # acc[1] += acc[0] >> 56; /* acc[1] < acc_old[1] + 2^72 */ ++ SHR 9, 10, 15, 14, 56 ++ addc 16, 16, 10 ++ adde 17, 17, 9 ++ ++ # acc[0] &= 0x00ffffffffffffff; ++ srdi 11, 7, 8 # 0x00ffffffffffffff ++ and 14, 14, 11 ++ li 15, 0 ++ ++ # acc[2] += acc[1] >> 56; /* acc[2] < acc_old[2] + 2^72 + 2^16 */ ++ SHR 9, 10, 17, 16, 56 ++ addc 18, 18, 10 ++ adde 19, 19, 9 ++ ++ # acc[1] &= 0x00ffffffffffffff; ++ and 16, 16, 11 ++ li 17, 0 ++ ++ # acc[3] += acc[2] >> 56; /* acc[3] < acc_old[3] + 2^72 + 2^16 */ ++ SHR 9, 10, 19, 18, 56 ++ addc 20, 20, 10 ++ adde 21, 21, 9 ++ ++ # acc[2] &= 0x00ffffffffffffff; ++ and 18, 18, 11 ++ li 19, 0 ++ ++ # acc[4] += acc[3] >> 56; ++ SHR 9, 10, 21, 20, 56 ++ addc 22, 22, 10 ++ adde 23, 23, 9 ++ ++ # acc[3] &= 0x00ffffffffffffff; ++ and 20, 20, 11 ++ li 21, 0 ++ ++ # acc[5] += acc[4] >> 56; ++ SHR 9, 10, 23, 22, 56 ++ addc 24, 24, 10 ++ adde 25, 25, 9 ++ ++ # acc[4] &= 0x00ffffffffffffff; ++ and 22, 22, 11 ++ ++ # acc[6] += acc[5] >> 56; ++ SHR 9, 10, 25, 24, 56 ++ addc 26, 26, 10 ++ adde 27, 27, 9 ++ ++ # acc[5] &= 0x00ffffffffffffff; ++ and 24, 24, 11 ++ ++ std 14, 0(3) ++ std 16, 8(3) ++ std 18, 16(3) ++ std 20, 24(3) ++ std 22, 32(3) ++ std 24, 40(3) ++ std 26, 48(3) ++ blr ++.size _p384_felem_reduce_core,.-_p384_felem_reduce_core ++ ++.data ++.align 4 ++.LConst: ++# two124m68: ++.long 0x0, 0x0, 0xfffffff0, 0xfffffff ++# two124m116m68: ++.long 0x0, 0x0, 0xfffffff0, 0xfefffff ++#two124p108m76: ++.long 0x0, 0x0, 0xfffff000, 0x10000fff ++#two124m92m68: ++.long 0x0, 0x0, 0xeffffff0, 0xfffffff ++ ++.text ++ ++# ++# void p384_felem_square_reduce(felem out, const felem in) ++# ++.global p384_felem_square_reduce ++.type p384_felem_square_reduce,\@function ++.align 4 ++p384_felem_square_reduce: ++ stdu 1, -512(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) ++ std 23, 128(1) ++ std 24, 136(1) ++ std 25, 144(1) ++ std 26, 152(1) ++ std 27, 160(1) ++ std 28, 168(1) ++ std 29, 176(1) ++ std 30, 184(1) ++ std 31, 192(1) ++ ++ std 3, 496(1) ++ addi 3, 1, 208 ++ bl _p384_felem_square_core ++ ++ mr 4, 3 ++ ld 3, 496(1) ++ bl _p384_felem_reduce_core ++ ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ ld 23, 128(1) ++ ld 24, 136(1) ++ ld 25, 144(1) ++ ld 26, 152(1) ++ ld 27, 160(1) ++ ld 28, 168(1) ++ ld 29, 176(1) ++ ld 30, 184(1) ++ ld 31, 192(1) ++ addi 1, 1, 512 ++ mtlr 0 ++ blr ++.size p384_felem_square_reduce,.-p384_felem_square_reduce ++ ++# ++# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2) ++# ++.global p384_felem_mul_reduce ++.type p384_felem_mul_reduce,\@function ++.align 5 ++p384_felem_mul_reduce: ++ stdu 1, -512(1) ++ mflr 0 ++ std 14, 56(1) ++ std 15, 64(1) ++ std 16, 72(1) ++ std 17, 80(1) ++ std 18, 88(1) ++ std 19, 96(1) ++ std 20, 104(1) ++ std 21, 112(1) ++ std 22, 120(1) ++ std 23, 128(1) ++ std 24, 136(1) ++ std 25, 144(1) ++ std 26, 152(1) ++ std 27, 160(1) ++ std 28, 168(1) ++ std 29, 176(1) ++ std 30, 184(1) ++ std 31, 192(1) ++ ++ std 3, 496(1) ++ addi 3, 1, 208 ++ bl _p384_felem_mul_core ++ ++ mr 4, 3 ++ ld 3, 496(1) ++ bl _p384_felem_reduce_core ++ ++ ld 14, 56(1) ++ ld 15, 64(1) ++ ld 16, 72(1) ++ ld 17, 80(1) ++ ld 18, 88(1) ++ ld 19, 96(1) ++ ld 20, 104(1) ++ ld 21, 112(1) ++ ld 22, 120(1) ++ ld 23, 128(1) ++ ld 24, 136(1) ++ ld 25, 144(1) ++ ld 26, 152(1) ++ ld 27, 160(1) ++ ld 28, 168(1) ++ ld 29, 176(1) ++ ld 30, 184(1) ++ ld 31, 192(1) ++ addi 1, 1, 512 ++ mtlr 0 ++ blr ++.size p384_felem_mul_reduce,.-p384_felem_mul_reduce ++___ + + $code =~ s/\`([^\`]*)\`/eval $1/gem; + print $code; +diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c +index 3fd7a40020..e0b5786bc1 100644 +--- a/crypto/ec/ecp_nistp384.c ++++ b/crypto/ec/ecp_nistp384.c +@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in) + out[6] = two60m4 - in[6]; + } + ++#if defined(ECP_NISTP384_ASM) ++void p384_felem_diff64(felem out, const felem in); ++void p384_felem_diff128(widefelem out, const widefelem in); ++void p384_felem_diff_128_64(widefelem out, const felem in); ++ ++# define felem_diff64 p384_felem_diff64 ++# define felem_diff128 p384_felem_diff128 ++# define felem_diff_128_64 p384_felem_diff_128_64 ++ ++#else + /*- + * felem_diff64 subtracts |in| from |out| + * On entry: +@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in) + for (i = 0; i < 2*NLIMBS-1; i++) + out[i] -= in[i]; + } ++#endif /* ECP_NISTP384_ASM */ + + static void felem_square_ref(widefelem out, const felem in) + { +@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2) + * [3]: Y = 2^48 (acc[6] >> 48) + * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d) + */ +-static void felem_reduce(felem out, const widefelem in) ++static void felem_reduce_ref(felem out, const widefelem in) + { + /* + * In order to prevent underflow, we add a multiple of p before subtracting. +@@ -682,8 +693,11 @@ static void (*felem_square_p)(widefelem out, const felem in) = + static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) = + felem_mul_wrapper; + ++static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref; ++ + void p384_felem_square(widefelem out, const felem in); + void p384_felem_mul(widefelem out, const felem in1, const felem in2); ++void p384_felem_reduce(felem out, const widefelem in); + + # if defined(_ARCH_PPC64) + # include "crypto/ppc_arch.h" +@@ -695,6 +709,7 @@ static void felem_select(void) + if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) { + felem_square_p = p384_felem_square; + felem_mul_p = p384_felem_mul; ++ felem_reduce_p = p384_felem_reduce; + + return; + } +@@ -703,6 +718,7 @@ static void felem_select(void) + /* Default */ + felem_square_p = felem_square_ref; + felem_mul_p = felem_mul_ref; ++ felem_reduce_p = p384_felem_reduce; + } + + static void felem_square_wrapper(widefelem out, const felem in) +@@ -719,10 +735,17 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2) + + # define felem_square felem_square_p + # define felem_mul felem_mul_p ++# define felem_reduce felem_reduce_p ++ ++void p384_felem_square_reduce(felem out, const felem in); ++void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); ++ ++# define felem_square_reduce p384_felem_square_reduce ++# define felem_mul_reduce p384_felem_mul_reduce + #else + # define felem_square felem_square_ref + # define felem_mul felem_mul_ref +-#endif ++# define felem_reduce felem_reduce_ref + + static ossl_inline void felem_square_reduce(felem out, const felem in) + { +@@ -739,6 +762,7 @@ static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem + felem_mul(tmp, in1, in2); + felem_reduce(out, tmp); + } ++#endif + + /*- + * felem_inv calculates |out| = |in|^{-1} diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch new file mode 100644 index 0000000000..0659a9d6d9 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch @@ -0,0 +1,129 @@ +From 6b1646e472c9e8c08bb14066ba2a7c3eed45f84a Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" +Date: Thu, 17 Apr 2025 08:51:53 -0500 +Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets + +The change adding an asm implementation of p384_felem_reduce incorrectly +uses the accelerated version on both targets that support the intrinsics +*and* targets that don't, instead of falling back to the generics on older +targets. This results in crashes when trying to use P-384 on < Power9. + +Signed-off-by: Anna Wilcox +Closes: #27350 +Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC") + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/27429) + +(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425) + +CVE: CVE-2025-27587 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/6b1646e472c9e8c08bb14066ba2a7c3eed45f84a] +Signed-off-by: Peter Marko +--- + crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++---------------- + 1 file changed, 33 insertions(+), 21 deletions(-) + +diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c +index e0b5786bc1..439b4d03a3 100644 +--- a/crypto/ec/ecp_nistp384.c ++++ b/crypto/ec/ecp_nistp384.c +@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in) + out[i] = acc[i]; + } + ++static ossl_inline void felem_square_reduce_ref(felem out, const felem in) ++{ ++ widefelem tmp; ++ ++ felem_square_ref(tmp, in); ++ felem_reduce_ref(out, tmp); ++} ++ ++static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2) ++{ ++ widefelem tmp; ++ ++ felem_mul_ref(tmp, in1, in2); ++ felem_reduce_ref(out, tmp); ++} ++ + #if defined(ECP_NISTP384_ASM) + static void felem_square_wrapper(widefelem out, const felem in); + static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2); +@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) = + + static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref; + ++static void (*felem_square_reduce_p)(felem out, const felem in) = ++ felem_square_reduce_ref; ++static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) = ++ felem_mul_reduce_ref; ++ + void p384_felem_square(widefelem out, const felem in); + void p384_felem_mul(widefelem out, const felem in1, const felem in2); + void p384_felem_reduce(felem out, const widefelem in); + ++void p384_felem_square_reduce(felem out, const felem in); ++void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); ++ + # if defined(_ARCH_PPC64) + # include "crypto/ppc_arch.h" + # endif +@@ -710,6 +734,8 @@ static void felem_select(void) + felem_square_p = p384_felem_square; + felem_mul_p = p384_felem_mul; + felem_reduce_p = p384_felem_reduce; ++ felem_square_reduce_p = p384_felem_square_reduce; ++ felem_mul_reduce_p = p384_felem_mul_reduce; + + return; + } +@@ -718,7 +744,9 @@ static void felem_select(void) + /* Default */ + felem_square_p = felem_square_ref; + felem_mul_p = felem_mul_ref; +- felem_reduce_p = p384_felem_reduce; ++ felem_reduce_p = felem_reduce_ref; ++ felem_square_reduce_p = felem_square_reduce_ref; ++ felem_mul_reduce_p = felem_mul_reduce_ref; + } + + static void felem_square_wrapper(widefelem out, const felem in) +@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2) + # define felem_mul felem_mul_p + # define felem_reduce felem_reduce_p + +-void p384_felem_square_reduce(felem out, const felem in); +-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); +- +-# define felem_square_reduce p384_felem_square_reduce +-# define felem_mul_reduce p384_felem_mul_reduce ++# define felem_square_reduce felem_square_reduce_p ++# define felem_mul_reduce felem_mul_reduce_p + #else + # define felem_square felem_square_ref + # define felem_mul felem_mul_ref + # define felem_reduce felem_reduce_ref + +-static ossl_inline void felem_square_reduce(felem out, const felem in) +-{ +- widefelem tmp; +- +- felem_square(tmp, in); +- felem_reduce(out, tmp); +-} +- +-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2) +-{ +- widefelem tmp; +- +- felem_mul(tmp, in1, in2); +- felem_reduce(out, tmp); +-} ++# define felem_square_reduce felem_square_reduce_ref ++# define felem_mul_reduce felem_mul_reduce_ref + #endif + + /*- diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb index d6bf32d989..fd98b32007 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb @@ -13,6 +13,8 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ file://CVE-2024-41996.patch \ + file://CVE-2025-27587-1.patch \ + file://CVE-2025-27587-2.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Fri Jul 25 18:44:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5671DC87FD2 for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web11.26743.1753469092767152324 for ; Fri, 25 Jul 2025 11:44:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=eealrDY9; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-b3f741a77f7so1412327a12.1 for ; Fri, 25 Jul 2025 11:44:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469092; x=1754073892; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8uvhGgatvOgtMrxkyQiQXCRmczM19uOVMJV3aO82G6g=; b=eealrDY9wx6okRMxFMEOLtklXagw72DTG39sbXskwnqp6fPNvuZbSIMXDZD4DPD0Lt e60teSzDtA8B2MOwIGcdOWi9L/xdYCMXX5hrcttZcmG/pTd4+Gq7kxEIgT/U2eoWCoYv WLSJAZAT1I392Ag5HaRSal8Z+U6d9elf4vmERXbpBUyb9L1PjTrlCHBEibXacMFUGeMi yvtxs7HvWQSgw0BPfN4z5zINDa045iSagVcJvHgKxGP/B9rDURtOpnzLVox7HzxXsBUm ahNq9HS9pjbRCA0JGfsQSpExjW50a5VdGotclbdKGG5uHfNGrzKMoLZUH+hYPP7RKxsx VRXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469092; x=1754073892; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8uvhGgatvOgtMrxkyQiQXCRmczM19uOVMJV3aO82G6g=; b=Do/G8gRGP7HpprnXnqPdEBGlb5fiD2V5tKNQk3JosWJD7dkzI390XWyFJ6E0rAiiCM dztm72thEKk/diLteZ2hhABMrdc+a9Nz3f4Mr4vhJn0T/LcZVLZQqO6TzxtJ5HzGCvkQ LfSlrxWRiqynVDj2crZj4A/EmCv6aHd4pC9v6e7oq9ZKLIfXt8RxHHGKgk/OEb+PkATW jTsb8ZFODbU90o4CyLfejqjidAuzIx8UVnEIIfVy4rw2VNdHcGmzg4QCTgVtiI/uORDD F9UPsO+Z+0cKytDUrkTVCAemLGaBY6vYODgKwsOuwZtggbUIHWiln0WkBaQK6jHdFh+N XP8Q== X-Gm-Message-State: AOJu0YxTg5OsBec/0Vi+p7mkCTg70V67kxWIx1jXAvsAXpPcxfxTgV4Z tceuOADo2D8hOF4aXGdsDt+H9whUjBxESuN7Rd86j+zr3yro1C+dRYKIFW0dDf8d0VVC2/kSHqx JNOjW X-Gm-Gg: ASbGncsxOEH6u5GGpiF7dvTbXYgADI2Q+Ah/nsyd0KdgW8g9oUw9Cbno1JqRuX6lWgZ 1OFpjrxkVz9IBuK1yj1O+n5/tewfrXQR1StUK+gc7jrZuM22yMMU8Lh6T5GRzPM92Qafzv6AOfZ kfeQdHq+eJS2UxKvtzeoOES1f7vuVDZfbdnoBLtuuxbDWOEMIR8lBl/MPOCs6J7+lQnF6T+Bz6V NgbQWi8F0UPZldoTHE1VoXBBt5HqRw0WsrE7MoFG6SO8oGZbq9gOxgn/CDhVMZcjCzCWY5uvL0z X4XMNiFt6xypbouT7YXDvnhEvkZnkBqo8ze9uHSwhWH8gTEuXHaot4vcQgEDR6R3J+KAj4QTHxC I23BLOr12Nwyhx5feYr0pCPi9 X-Google-Smtp-Source: AGHT+IHtXZVWvTA60ludk57cfcccNDQ5PTKTIMzKKHuVp8CozDBdtnp2253dQg3kSndgdVHtjyno+A== X-Received: by 2002:a17:903:2f8a:b0:23c:7b9e:163e with SMTP id d9443c01a7336-23fb2ff890dmr35443165ad.11.1753469090526; Fri, 25 Jul 2025 11:44:50 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:49 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 08/16] libpam: fix CVE-2025-6020 Date: Fri, 25 Jul 2025 11:44:22 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220925 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e && https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1 && https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libpam/0001-pam-inline-pam-asprintf.patch | 101 ++ .../libpam/0002-pam-namespace-rebase.patch | 750 +++++++++++ .../pam/libpam/CVE-2025-6020-01.patch | 1128 +++++++++++++++++ .../pam/libpam/CVE-2025-6020-02.patch | 187 +++ .../pam/libpam/CVE-2025-6020-03.patch | 35 + meta/recipes-extended/pam/libpam_1.5.3.bb | 5 + 6 files changed, 2206 insertions(+) create mode 100644 meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch create mode 100644 meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch diff --git a/meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch b/meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch new file mode 100644 index 0000000000..9d1a0223df --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-pam-inline-pam-asprintf.patch @@ -0,0 +1,101 @@ +From 10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Tue, 18 Feb 2025 08:00:00 +0000 +Subject: [PATCH] pam_inline: introduce pam_asprintf(), pam_snprintf(), and + pam_sprintf() + +pam_asprintf() is essentially asprintf() with the following semantic +difference: it returns the string itself instead of its length. + +pam_snprintf() is essentially snprintf() with the following semantic +difference: it returns -1 in case of truncation. + +pam_sprintf() is essentially snprintf() but with a check that the buffer +is an array, and with an automatically calculated buffer size. + +Use of these helpers would make error checking simpler. + +(cherry picked from commit 10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc) +Signed-off-by: Dmitry V. Levin + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc] +Signed-off-by: Hitendra Prajapati +--- + libpam/include/pam_cc_compat.h | 6 ++++++ + libpam/include/pam_inline.h | 36 ++++++++++++++++++++++++++++++++++ + 2 files changed, 42 insertions(+) + +diff --git a/libpam/include/pam_cc_compat.h b/libpam/include/pam_cc_compat.h +index 0a6e32d..af05428 100644 +--- a/libpam/include/pam_cc_compat.h ++++ b/libpam/include/pam_cc_compat.h +@@ -21,6 +21,12 @@ + # define PAM_ATTRIBUTE_ALIGNED(arg) /* empty */ + #endif + ++#if PAM_GNUC_PREREQ(3, 0) ++# define PAM_ATTRIBUTE_MALLOC __attribute__((__malloc__)) ++#else ++# define PAM_ATTRIBUTE_MALLOC /* empty */ ++#endif ++ + #if PAM_GNUC_PREREQ(4, 6) + # define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic push"); \ +diff --git a/libpam/include/pam_inline.h b/libpam/include/pam_inline.h +index 7721c0b..ec0497c 100644 +--- a/libpam/include/pam_inline.h ++++ b/libpam/include/pam_inline.h +@@ -9,6 +9,8 @@ + #define PAM_INLINE_H + + #include "pam_cc_compat.h" ++#include ++#include + #include + #include + #include +@@ -126,6 +128,40 @@ pam_drop_response(struct pam_response *reply, int replies) + } + + ++static inline char * PAM_FORMAT((printf, 1, 2)) PAM_NONNULL((1)) PAM_ATTRIBUTE_MALLOC ++pam_asprintf(const char *fmt, ...) ++{ ++ int rc; ++ char *res; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ rc = vasprintf(&res, fmt, ap); ++ va_end(ap); ++ ++ return rc < 0 ? NULL : res; ++} ++ ++static inline int PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) ++pam_snprintf(char *str, size_t size, const char *fmt, ...) ++{ ++ int rc; ++ va_list ap; ++ ++ va_start(ap, fmt); ++ rc = vsnprintf(str, size, fmt, ap); ++ va_end(ap); ++ ++ if (rc < 0 || (unsigned int) rc >= size) ++ return -1; ++ return rc; ++} ++ ++#define pam_sprintf(str_, fmt_, ...) \ ++ pam_snprintf((str_), sizeof(str_) + PAM_MUST_BE_ARRAY(str_), (fmt_), \ ++ ##__VA_ARGS__) ++ ++ + static inline int + pam_read_passwords(int fd, int npass, char **passwords) + { +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch b/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch new file mode 100644 index 0000000000..ff5a8a4946 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch @@ -0,0 +1,750 @@ +From df1dab1a1a7900650ad4be157fea1a002048cc49 Mon Sep 17 00:00:00 2001 +From: Olivier Bal-Petre +Date: Tue, 4 Mar 2025 14:37:02 +0100 +Subject: [PATCH ] pam-namespace-rebase + +Refresh the pam-namespace. + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/a8b4dce7b53d73de372e150028c970ee0a2a2e97] +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/pam_namespace.c | 444 +++++++++++++------------- + modules/pam_namespace/pam_namespace.h | 7 +- + 2 files changed, 224 insertions(+), 227 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index b026861..166bfce 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -41,7 +41,7 @@ + #include "pam_namespace.h" + #include "argv_parse.h" + +-/* --- evaluting all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ ++/* --- evaluating all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ + static const char *base_name(const char *path) + { + const char *base = strrchr(path, '/'); +@@ -55,6 +55,155 @@ compare_filename(const void *a, const void *b) + base_name(* (char * const *) b)); + } + ++static void close_fds_pre_exec(struct instance_data *idata) ++{ ++ if (pam_modutil_sanitize_helper_fds(idata->pamh, PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_IGNORE_FD, PAM_MODUTIL_IGNORE_FD) < 0) { ++ _exit(1); ++ } ++} ++ ++static void ++strip_trailing_slashes(char *str) ++{ ++ char *p = str + strlen(str); ++ ++ while (--p > str && *p == '/') ++ *p = '\0'; ++} ++ ++static int protect_mount(int dfd, const char *path, struct instance_data *idata) ++{ ++ struct protect_dir_s *dir = idata->protect_dirs; ++ char tmpbuf[64]; ++ ++ while (dir != NULL) { ++ if (strcmp(path, dir->dir) == 0) { ++ return 0; ++ } ++ dir = dir->next; ++ } ++ ++ if (pam_sprintf(tmpbuf, "/proc/self/fd/%d", dfd) < 0) ++ return -1; ++ ++ dir = calloc(1, sizeof(*dir)); ++ ++ if (dir == NULL) { ++ return -1; ++ } ++ ++ dir->dir = strdup(path); ++ ++ if (dir->dir == NULL) { ++ free(dir); ++ return -1; ++ } ++ ++ if (idata->flags & PAMNS_DEBUG) { ++ pam_syslog(idata->pamh, LOG_INFO, ++ "Protect mount of %s over itself", path); ++ } ++ ++ if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { ++ int save_errno = errno; ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Protect mount of %s failed: %m", tmpbuf); ++ free(dir->dir); ++ free(dir); ++ errno = save_errno; ++ return -1; ++ } ++ ++ dir->next = idata->protect_dirs; ++ idata->protect_dirs = dir; ++ ++ return 0; ++} ++ ++static int protect_dir(const char *path, mode_t mode, int do_mkdir, ++ struct instance_data *idata) ++{ ++ char *p = strdup(path); ++ char *d; ++ char *dir = p; ++ int dfd = AT_FDCWD; ++ int dfd_next; ++ int save_errno; ++ int flags = O_RDONLY | O_DIRECTORY; ++ int rv = -1; ++ struct stat st; ++ ++ if (p == NULL) { ++ return -1; ++ } ++ ++ if (*dir == '/') { ++ dfd = open("/", flags); ++ if (dfd == -1) { ++ goto error; ++ } ++ dir++; /* assume / is safe */ ++ } ++ ++ while ((d=strchr(dir, '/')) != NULL) { ++ *d = '\0'; ++ dfd_next = openat(dfd, dir, flags); ++ if (dfd_next == -1) { ++ goto error; ++ } ++ ++ if (dfd != AT_FDCWD) ++ close(dfd); ++ dfd = dfd_next; ++ ++ if (fstat(dfd, &st) != 0) { ++ goto error; ++ } ++ ++ if (flags & O_NOFOLLOW) { ++ /* we are inside user-owned dir - protect */ ++ if (protect_mount(dfd, p, idata) == -1) ++ goto error; ++ } else if (st.st_uid != 0 || st.st_gid != 0 || ++ (st.st_mode & S_IWOTH)) { ++ /* do not follow symlinks on subdirectories */ ++ flags |= O_NOFOLLOW; ++ } ++ ++ *d = '/'; ++ dir = d + 1; ++ } ++ ++ rv = openat(dfd, dir, flags); ++ ++ if (rv == -1) { ++ if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { ++ goto error; ++ } ++ rv = openat(dfd, dir, flags); ++ } ++ ++ if (flags & O_NOFOLLOW) { ++ /* we are inside user-owned dir - protect */ ++ if (protect_mount(rv, p, idata) == -1) { ++ save_errno = errno; ++ close(rv); ++ rv = -1; ++ errno = save_errno; ++ } ++ } ++ ++error: ++ save_errno = errno; ++ free(p); ++ if (dfd != AT_FDCWD && dfd >= 0) ++ close(dfd); ++ errno = save_errno; ++ ++ return rv; ++} ++ + /* Evaluating a list of files which have to be parsed in the right order: + * + * - If etc/security/namespace.d/@filename@.conf exists, then +@@ -129,6 +278,7 @@ static char **read_namespace_dir(struct instance_data *idata) + return file_list; + } + ++ + /* + * Adds an entry for a polyinstantiated directory to the linked list of + * polyinstantiated directories. It is called from process_line() while +@@ -198,7 +348,7 @@ static void cleanup_protect_data(pam_handle_t *pamh UNUSED , void *data, int err + unprotect_dirs(data); + } + +-static char *expand_variables(const char *orig, const char *var_names[], const char *var_values[]) ++static char *expand_variables(const char *orig, const char *const var_names[], const char *var_values[]) + { + const char *src = orig; + char *dst; +@@ -209,7 +359,7 @@ static char *expand_variables(const char *orig, const char *var_names[], const c + if (*src == '$') { + int i; + for (i = 0; var_names[i]; i++) { +- int namelen = strlen(var_names[i]); ++ size_t namelen = strlen(var_names[i]); + if (strncmp(var_names[i], src+1, namelen) == 0) { + dstlen += strlen(var_values[i]) - 1; /* $ */ + src += namelen; +@@ -227,7 +377,7 @@ static char *expand_variables(const char *orig, const char *var_names[], const c + if (c == '$') { + int i; + for (i = 0; var_names[i]; i++) { +- int namelen = strlen(var_names[i]); ++ size_t namelen = strlen(var_names[i]); + if (strncmp(var_names[i], src+1, namelen) == 0) { + dst = stpcpy(dst, var_values[i]); + --dst; +@@ -311,8 +461,7 @@ static int parse_iscript_params(char *params, struct polydir_s *poly) + + if (*params != '\0') { + if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */ +- if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1) +- return -1; ++ poly->init_script = pam_asprintf("%s%s", NAMESPACE_D_DIR, params); + } else { + poly->init_script = strdup(params); + } +@@ -394,9 +543,9 @@ static int parse_method(char *method, struct polydir_s *poly, + { + enum polymethod pm; + char *sptr = NULL; +- static const char *method_names[] = { "user", "context", "level", "tmpdir", ++ static const char *const method_names[] = { "user", "context", "level", "tmpdir", + "tmpfs", NULL }; +- static const char *flag_names[] = { "create", "noinit", "iscript", ++ static const char *const flag_names[] = { "create", "noinit", "iscript", + "shared", "mntopts", NULL }; + static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT, + POLYDIR_ISCRIPT, POLYDIR_SHARED, POLYDIR_MNTOPTS }; +@@ -421,7 +570,7 @@ static int parse_method(char *method, struct polydir_s *poly, + + while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) { + for (i = 0; flag_names[i]; i++) { +- int namelen = strlen(flag_names[i]); ++ size_t namelen = strlen(flag_names[i]); + + if (strncmp(flag, flag_names[i], namelen) == 0) { + poly->flags |= flag_values[i]; +@@ -467,27 +616,27 @@ static int parse_method(char *method, struct polydir_s *poly, + * of the namespace configuration file. It skips over comments and incomplete + * or malformed lines. It processes a valid line with information on + * polyinstantiating a directory by populating appropriate fields of a +- * polyinstatiated directory structure and then calling add_polydir_entry to ++ * polyinstantiated directory structure and then calling add_polydir_entry to + * add that entry to the linked list of polyinstantiated directories. + */ + static int process_line(char *line, const char *home, const char *rhome, + struct instance_data *idata) + { + char *dir = NULL, *instance_prefix = NULL, *rdir = NULL; ++ const char *config_dir, *config_instance_prefix; + char *method, *uids; + char *tptr; + struct polydir_s *poly; + int retval = 0; + char **config_options = NULL; +- static const char *var_names[] = {"HOME", "USER", NULL}; ++ static const char *const var_names[] = {"HOME", "USER", NULL}; + const char *var_values[] = {home, idata->user}; + const char *rvar_values[] = {rhome, idata->ruser}; +- int len; + + /* + * skip the leading white space + */ +- while (*line && isspace(*line)) ++ while (*line && isspace((unsigned char)*line)) + line++; + + /* +@@ -523,22 +672,19 @@ static int process_line(char *line, const char *home, const char *rhome, + goto erralloc; + } + +- dir = config_options[0]; +- if (dir == NULL) { ++ config_dir = config_options[0]; ++ if (config_dir == NULL) { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing polydir"); + goto skipping; + } +- instance_prefix = config_options[1]; +- if (instance_prefix == NULL) { ++ config_instance_prefix = config_options[1]; ++ if (config_instance_prefix == NULL) { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing instance_prefix"); +- instance_prefix = NULL; + goto skipping; + } + method = config_options[2]; + if (method == NULL) { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing method"); +- instance_prefix = NULL; +- dir = NULL; + goto skipping; + } + +@@ -553,19 +699,16 @@ static int process_line(char *line, const char *home, const char *rhome, + /* + * Expand $HOME and $USER in poly dir and instance dir prefix + */ +- if ((rdir=expand_variables(dir, var_names, rvar_values)) == NULL) { +- instance_prefix = NULL; +- dir = NULL; ++ if ((rdir = expand_variables(config_dir, var_names, rvar_values)) == NULL) { + goto erralloc; + } + +- if ((dir=expand_variables(dir, var_names, var_values)) == NULL) { +- instance_prefix = NULL; ++ if ((dir = expand_variables(config_dir, var_names, var_values)) == NULL) { + goto erralloc; + } + +- if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values)) +- == NULL) { ++ if ((instance_prefix = expand_variables(config_instance_prefix, ++ var_names, var_values)) == NULL) { + goto erralloc; + } + +@@ -575,15 +718,8 @@ static int process_line(char *line, const char *home, const char *rhome, + pam_syslog(idata->pamh, LOG_DEBUG, "Expanded instance prefix: '%s'", instance_prefix); + } + +- len = strlen(dir); +- if (len > 0 && dir[len-1] == '/') { +- dir[len-1] = '\0'; +- } +- +- len = strlen(rdir); +- if (len > 0 && rdir[len-1] == '/') { +- rdir[len-1] = '\0'; +- } ++ strip_trailing_slashes(dir); ++ strip_trailing_slashes(rdir); + + if (dir[0] == '\0' || rdir[0] == '\0') { + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); +@@ -594,26 +730,19 @@ static int process_line(char *line, const char *home, const char *rhome, + * Populate polyinstantiated directory structure with appropriate + * pathnames and the method with which to polyinstantiate. + */ +- if (strlen(dir) >= sizeof(poly->dir) +- || strlen(rdir) >= sizeof(poly->rdir) +- || strlen(instance_prefix) >= sizeof(poly->instance_prefix)) { +- pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); +- goto skipping; +- } +- strcpy(poly->dir, dir); +- strcpy(poly->rdir, rdir); +- strcpy(poly->instance_prefix, instance_prefix); +- + if (parse_method(method, poly, idata) != 0) { + goto skipping; + } + +- if (poly->method == TMPDIR) { +- if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { +- pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); +- goto skipping; +- } +- strcat(poly->instance_prefix, "XXXXXX"); ++#define COPY_STR(dst, src, apd) \ ++ pam_sprintf((dst), "%s%s", (src), (apd)) ++ ++ if (COPY_STR(poly->dir, dir, "") < 0 ++ || COPY_STR(poly->rdir, rdir, "") < 0 ++ || COPY_STR(poly->instance_prefix, instance_prefix, ++ poly->method == TMPDIR ? "XXXXXX" : "") < 0) { ++ pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); ++ goto skipping; + } + + /* +@@ -637,7 +766,7 @@ static int process_line(char *line, const char *home, const char *rhome, + if (uids) { + uid_t *uidptr; + const char *ustr, *sstr; +- int count, i; ++ size_t count, i; + + if (*uids == '~') { + poly->flags |= POLYDIR_EXCLUSIVE; +@@ -646,8 +775,13 @@ static int process_line(char *line, const char *home, const char *rhome, + for (count = 0, ustr = sstr = uids; sstr; ustr = sstr + 1, count++) + sstr = strchr(ustr, ','); + ++ if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) { ++ pam_syslog(idata->pamh, LOG_ERR, "Too many uids encountered in configuration"); ++ goto skipping; ++ } ++ + poly->num_uids = count; +- poly->uid = (uid_t *) malloc(count * sizeof (uid_t)); ++ poly->uid = malloc(count * sizeof (uid_t)); + uidptr = poly->uid; + if (uidptr == NULL) { + goto erralloc; +@@ -996,6 +1130,7 @@ static int form_context(const struct polydir_s *polyptr, + return rc; + } + /* Should never get here */ ++ freecon(scon); + return PAM_SUCCESS; + } + #endif +@@ -1057,10 +1192,8 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + + switch (pm) { + case USER: +- if (asprintf(i_name, "%s", idata->user) < 0) { +- *i_name = NULL; ++ if ((*i_name = strdup(idata->user)) == NULL) + goto fail; +- } + break; + + #ifdef WITH_SELINUX +@@ -1070,17 +1203,12 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context"); + goto fail; + } +- if (polyptr->flags & POLYDIR_SHARED) { +- if (asprintf(i_name, "%s", rawcon) < 0) { +- *i_name = NULL; +- goto fail; +- } +- } else { +- if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) { +- *i_name = NULL; +- goto fail; +- } +- } ++ if (polyptr->flags & POLYDIR_SHARED) ++ *i_name = strdup(rawcon); ++ else ++ *i_name = pam_asprintf("%s_%s", rawcon, idata->user); ++ if (*i_name == NULL) ++ goto fail; + break; + + #endif /* WITH_SELINUX */ +@@ -1110,11 +1238,12 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + *i_name = hash; + hash = NULL; + } else { +- char *newname; +- if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), +- *i_name, hash) < 0) { ++ char *newname = ++ pam_asprintf("%.*s_%s", ++ NAMESPACE_MAX_DIR_LEN - 1 - (int)strlen(hash), ++ *i_name, hash); ++ if (newname == NULL) + goto fail; +- } + free(*i_name); + *i_name = newname; + } +@@ -1139,137 +1268,6 @@ fail: + return rc; + } + +-static int protect_mount(int dfd, const char *path, struct instance_data *idata) +-{ +- struct protect_dir_s *dir = idata->protect_dirs; +- char tmpbuf[64]; +- +- while (dir != NULL) { +- if (strcmp(path, dir->dir) == 0) { +- return 0; +- } +- dir = dir->next; +- } +- +- dir = calloc(1, sizeof(*dir)); +- +- if (dir == NULL) { +- return -1; +- } +- +- dir->dir = strdup(path); +- +- if (dir->dir == NULL) { +- free(dir); +- return -1; +- } +- +- snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); +- +- if (idata->flags & PAMNS_DEBUG) { +- pam_syslog(idata->pamh, LOG_INFO, +- "Protect mount of %s over itself", path); +- } +- +- if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { +- int save_errno = errno; +- pam_syslog(idata->pamh, LOG_ERR, +- "Protect mount of %s failed: %m", tmpbuf); +- free(dir->dir); +- free(dir); +- errno = save_errno; +- return -1; +- } +- +- dir->next = idata->protect_dirs; +- idata->protect_dirs = dir; +- +- return 0; +-} +- +-static int protect_dir(const char *path, mode_t mode, int do_mkdir, +- struct instance_data *idata) +-{ +- char *p = strdup(path); +- char *d; +- char *dir = p; +- int dfd = AT_FDCWD; +- int dfd_next; +- int save_errno; +- int flags = O_RDONLY | O_DIRECTORY; +- int rv = -1; +- struct stat st; +- +- if (p == NULL) { +- goto error; +- } +- +- if (*dir == '/') { +- dfd = open("/", flags); +- if (dfd == -1) { +- goto error; +- } +- dir++; /* assume / is safe */ +- } +- +- while ((d=strchr(dir, '/')) != NULL) { +- *d = '\0'; +- dfd_next = openat(dfd, dir, flags); +- if (dfd_next == -1) { +- goto error; +- } +- +- if (dfd != AT_FDCWD) +- close(dfd); +- dfd = dfd_next; +- +- if (fstat(dfd, &st) != 0) { +- goto error; +- } +- +- if (flags & O_NOFOLLOW) { +- /* we are inside user-owned dir - protect */ +- if (protect_mount(dfd, p, idata) == -1) +- goto error; +- } else if (st.st_uid != 0 || st.st_gid != 0 || +- (st.st_mode & S_IWOTH)) { +- /* do not follow symlinks on subdirectories */ +- flags |= O_NOFOLLOW; +- } +- +- *d = '/'; +- dir = d + 1; +- } +- +- rv = openat(dfd, dir, flags); +- +- if (rv == -1) { +- if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { +- goto error; +- } +- rv = openat(dfd, dir, flags); +- } +- +- if (flags & O_NOFOLLOW) { +- /* we are inside user-owned dir - protect */ +- if (protect_mount(rv, p, idata) == -1) { +- save_errno = errno; +- close(rv); +- rv = -1; +- errno = save_errno; +- } +- } +- +-error: +- save_errno = errno; +- free(p); +- if (dfd != AT_FDCWD && dfd >= 0) +- close(dfd); +- errno = save_errno; +- +- return rv; +-} +- + static int check_inst_parent(char *ipath, struct instance_data *idata) + { + struct stat instpbuf; +@@ -1281,13 +1279,12 @@ static int check_inst_parent(char *ipath, struct instance_data *idata) + * admin explicitly instructs to ignore the instance parent + * mode by the "ignore_instance_parent_mode" argument). + */ +- inst_parent = (char *) malloc(strlen(ipath)+1); ++ inst_parent = strdup(ipath); + if (!inst_parent) { + pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string"); + return PAM_SESSION_ERR; + } + +- strcpy(inst_parent, ipath); + trailing_slash = strrchr(inst_parent, '/'); + if (trailing_slash) + *trailing_slash = '\0'; +@@ -1371,9 +1368,10 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + if (setuid(geteuid()) < 0) { + /* ignore failures, they don't matter */ + } ++ close_fds_pre_exec(idata); + +- if (execle(init_script, init_script, +- polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) ++ execle(init_script, init_script, ++ polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp); + _exit(1); + } else if (pid > 0) { + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && +@@ -1424,7 +1422,9 @@ static int create_polydir(struct polydir_s *polyptr, + + #ifdef WITH_SELINUX + if (idata->flags & PAMNS_SELINUX_ENABLED) { +- getfscreatecon_raw(&oldcon_raw); ++ if (getfscreatecon_raw(&oldcon_raw) != 0) ++ pam_syslog(idata->pamh, LOG_NOTICE, ++ "Error retrieving fs create context: %m"); + + label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); + if (!label_handle) { +@@ -1453,6 +1453,9 @@ static int create_polydir(struct polydir_s *polyptr, + if (rc == -1) { + pam_syslog(idata->pamh, LOG_ERR, + "Error creating directory %s: %m", dir); ++#ifdef WITH_SELINUX ++ freecon(oldcon_raw); ++#endif + return PAM_SESSION_ERR; + } + +@@ -1640,16 +1643,14 @@ static int ns_setup(struct polydir_s *polyptr, + + retval = protect_dir(polyptr->dir, 0, 0, idata); + +- if (retval < 0 && errno != ENOENT) { +- pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", +- polyptr->dir); +- return PAM_SESSION_ERR; +- } +- + if (retval < 0) { +- if ((polyptr->flags & POLYDIR_CREATE) && +- create_polydir(polyptr, idata) != PAM_SUCCESS) +- return PAM_SESSION_ERR; ++ if (errno != ENOENT || !(polyptr->flags & POLYDIR_CREATE)) { ++ pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", ++ polyptr->dir); ++ return PAM_SESSION_ERR; ++ } ++ if (create_polydir(polyptr, idata) != PAM_SUCCESS) ++ return PAM_SESSION_ERR; + } else { + close(retval); + } +@@ -1698,7 +1699,7 @@ static int ns_setup(struct polydir_s *polyptr, + #endif + } + +- if (asprintf(&inst_dir, "%s%s", polyptr->instance_prefix, instname) < 0) ++ if ((inst_dir = pam_asprintf("%s%s", polyptr->instance_prefix, instname)) == NULL) + goto error_out; + + if (idata->flags & PAMNS_DEBUG) +@@ -1810,8 +1811,9 @@ static int cleanup_tmpdirs(struct instance_data *idata) + _exit(1); + } + #endif +- if (execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp) < 0) +- _exit(1); ++ close_fds_pre_exec(idata); ++ execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp); ++ _exit(1); + } else if (pid > 0) { + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && + (errno == EINTR)); +@@ -1826,7 +1828,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) + } + } else if (pid < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Cannot fork to run namespace init script, %m"); ++ "Cannot fork to cleanup temporary directory, %m"); + rc = PAM_SESSION_ERR; + goto out; + } +diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h +index a991b4c..180e042 100644 +--- a/modules/pam_namespace/pam_namespace.h ++++ b/modules/pam_namespace/pam_namespace.h +@@ -44,21 +44,16 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include + #include + #include +-#include + #include + #include +-#include + #include + #include + #include +-#include + #include "security/pam_modules.h" + #include "security/pam_modutil.h" + #include "security/pam_ext.h" +@@ -114,7 +109,7 @@ + #define PAMNS_MOUNT_PRIVATE 0x00080000 /* Make the polydir mounts private */ + + /* polydir flags */ +-#define POLYDIR_EXCLUSIVE 0x00000001 /* polyinstatiate exclusively for override uids */ ++#define POLYDIR_EXCLUSIVE 0x00000001 /* polyinstantiate exclusively for override uids */ + #define POLYDIR_CREATE 0x00000002 /* create the polydir */ + #define POLYDIR_NOINIT 0x00000004 /* no init script */ + #define POLYDIR_SHARED 0x00000008 /* share context/level instances among users */ +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch b/meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch new file mode 100644 index 0000000000..ff0331aa38 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2025-6020-01.patch @@ -0,0 +1,1128 @@ +From 475bd60c552b98c7eddb3270b0b4196847c0072e Mon Sep 17 00:00:00 2001 +From: Olivier Bal-Petre +Date: Tue, 4 Mar 2025 14:37:02 +0100 +Subject: [PATCH] pam_namespace: fix potential privilege escalation + +Existing protection provided by protect_dir() and protect_mount() were +bind mounting on themselves all directories part of the to-be-secured +paths. However, this works *only* against attacks executed by processes +in the same mount namespace as the one the mountpoint was created in. +Therefore, a user with an out-of-mount-namespace access, or multiple +users colluding, could exploit multiple race conditions, and, for +instance, elevate their privileges to root. + +This commit keeps the existing protection as a defense in depth +measure, and to keep the existing behavior of the module. However, +it converts all the needed function calls to operate on file +descriptors instead of absolute paths to protect against race +conditions globally. + +Signed-off-by: Olivier Bal-Petre +Signed-off-by: Dmitry V. Levin + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e] +CVE: CVE-2025-6020 +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/pam_namespace.c | 637 ++++++++++++++++++-------- + modules/pam_namespace/pam_namespace.h | 10 + + 2 files changed, 457 insertions(+), 190 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 166bfce..9d993d4 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -41,6 +41,8 @@ + #include "pam_namespace.h" + #include "argv_parse.h" + ++#define MAGIC_LNK_FD_SIZE 64 ++ + /* --- evaluating all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ + static const char *base_name(const char *path) + { +@@ -75,7 +77,7 @@ strip_trailing_slashes(char *str) + static int protect_mount(int dfd, const char *path, struct instance_data *idata) + { + struct protect_dir_s *dir = idata->protect_dirs; +- char tmpbuf[64]; ++ char tmpbuf[MAGIC_LNK_FD_SIZE]; + + while (dir != NULL) { + if (strcmp(path, dir->dir) == 0) { +@@ -121,56 +123,107 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata) + return 0; + } + +-static int protect_dir(const char *path, mode_t mode, int do_mkdir, ++/* ++ * Returns a fd to the given absolute path, acquired securely. This means: ++ * - iterating on each segment of the path, ++ * - not following user symlinks, ++ * - using race-free operations. ++ * ++ * Takes a bit mask to specify the operation mode: ++ * - SECURE_OPENDIR_PROTECT: call protect_mount() on each unsafe segment of path ++ * - SECURE_OPENDIR_MKDIR: create last segment of path if does not exist ++ * - SECURE_OPENDIR_FULL_FD: open the directory with O_RDONLY instead of O_PATH, ++ * allowing more operations to be done with the returned fd ++ * ++ * Be aware that using SECURE_OPENDIR_PROTECT: ++ * - will modify some external state (global structure...) and should not be ++ * called in cleanup code paths. See wrapper secure_opendir_stateless() ++ * - need a non-NULL idata to call protect_mount() ++ */ ++static int secure_opendir(const char *path, int opm, mode_t mode, + struct instance_data *idata) + { +- char *p = strdup(path); ++ char *p; + char *d; +- char *dir = p; +- int dfd = AT_FDCWD; ++ char *dir; ++ int dfd = -1; + int dfd_next; + int save_errno; +- int flags = O_RDONLY | O_DIRECTORY; ++ int flags = O_DIRECTORY | O_CLOEXEC; + int rv = -1; + struct stat st; + +- if (p == NULL) { ++ if (opm & SECURE_OPENDIR_FULL_FD) ++ flags |= O_RDONLY; ++ else ++ flags |= O_PATH; ++ ++ /* Check for args consistency */ ++ if ((opm & SECURE_OPENDIR_PROTECT) && idata == NULL) + return -1; +- } + +- if (*dir == '/') { +- dfd = open("/", flags); +- if (dfd == -1) { +- goto error; +- } +- dir++; /* assume / is safe */ ++ /* Accept only absolute paths */ ++ if (*path != '/') ++ return -1; ++ ++ dir = p = strdup(path); ++ if (p == NULL) ++ return -1; ++ ++ /* Assume '/' is safe */ ++ dfd = open("/", flags); ++ if (dfd == -1) ++ goto error; ++ ++ /* Needed to not loop too far and call openat() on NULL */ ++ strip_trailing_slashes(p); ++ ++ dir++; ++ ++ /* In case path is '/' */ ++ if (*dir == '\0') { ++ free(p); ++ return dfd; + } + + while ((d=strchr(dir, '/')) != NULL) { + *d = '\0'; ++ + dfd_next = openat(dfd, dir, flags); +- if (dfd_next == -1) { ++ if (dfd_next == -1) + goto error; +- } +- +- if (dfd != AT_FDCWD) +- close(dfd); +- dfd = dfd_next; + +- if (fstat(dfd, &st) != 0) { ++ if (fstat(dfd_next, &st) != 0) { ++ close(dfd_next); + goto error; + } + +- if (flags & O_NOFOLLOW) { ++ if ((flags & O_NOFOLLOW) && (opm & SECURE_OPENDIR_PROTECT)) { + /* we are inside user-owned dir - protect */ +- if (protect_mount(dfd, p, idata) == -1) ++ if (protect_mount(dfd_next, p, idata) == -1) { ++ close(dfd_next); ++ goto error; ++ } ++ /* ++ * Reopen the directory to obtain a new descriptor ++ * after protect_mount(), this is necessary in cases ++ * when another directory is going to be mounted over ++ * the given path. ++ */ ++ close(dfd_next); ++ dfd_next = openat(dfd, dir, flags); ++ if (dfd_next == -1) + goto error; +- } else if (st.st_uid != 0 || st.st_gid != 0 || +- (st.st_mode & S_IWOTH)) { ++ } else if (st.st_uid != 0 ++ || (st.st_gid != 0 && (st.st_mode & S_IWGRP)) ++ || (st.st_mode & S_IWOTH)) { + /* do not follow symlinks on subdirectories */ + flags |= O_NOFOLLOW; + } + ++ close(dfd); ++ dfd = dfd_next; ++ + *d = '/'; + dir = d + 1; + } +@@ -178,13 +231,14 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, + rv = openat(dfd, dir, flags); + + if (rv == -1) { +- if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { ++ if ((opm & SECURE_OPENDIR_MKDIR) && mkdirat(dfd, dir, mode) == 0) ++ rv = openat(dfd, dir, flags); ++ ++ if (rv == -1) + goto error; +- } +- rv = openat(dfd, dir, flags); + } + +- if (flags & O_NOFOLLOW) { ++ if ((flags & O_NOFOLLOW) && (opm & SECURE_OPENDIR_PROTECT)) { + /* we are inside user-owned dir - protect */ + if (protect_mount(rv, p, idata) == -1) { + save_errno = errno; +@@ -192,18 +246,95 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, + rv = -1; + errno = save_errno; + } ++ /* ++ * Reopen the directory to obtain a new descriptor after ++ * protect_mount(), this is necessary in cases when another ++ * directory is going to be mounted over the given path. ++ */ ++ close(rv); ++ rv = openat(dfd, dir, flags); + } + + error: + save_errno = errno; + free(p); +- if (dfd != AT_FDCWD && dfd >= 0) ++ if (dfd >= 0) + close(dfd); + errno = save_errno; + + return rv; + } + ++/* ++ * Returns a fd to the given path, acquired securely. ++ * It can be called in all situations, including in cleanup code paths, as ++ * it does not modify external state (no access to global structures...). ++ */ ++static int secure_opendir_stateless(const char *path) ++{ ++ return secure_opendir(path, 0, 0, NULL); ++} ++ ++/* ++ * Umount securely the given path, even if the directories along ++ * the path are under user control. It should protect against ++ * symlinks attacks and race conditions. ++ */ ++static int secure_umount(const char *path) ++{ ++ int save_errno; ++ int rv = -1; ++ int dfd = -1; ++ char s_path[MAGIC_LNK_FD_SIZE]; ++ ++ dfd = secure_opendir_stateless(path); ++ if (dfd == -1) ++ return rv; ++ ++ if (pam_sprintf(s_path, "/proc/self/fd/%d", dfd) < 0) ++ goto error; ++ ++ /* ++ * We still have a fd open to path itself, ++ * so we need to do a lazy umount. ++ */ ++ rv = umount2(s_path, MNT_DETACH); ++ ++error: ++ save_errno = errno; ++ close(dfd); ++ errno = save_errno; ++ return rv; ++} ++ ++/* ++ * Rmdir the given path securely, protecting against symlinks attacks ++ * and race conditions. ++ * This function is currently called only in cleanup code paths where ++ * any errors returned are not handled, so do not handle them either. ++ * Basically, try to rmdir the path on a best-effort basis. ++ */ ++static void secure_try_rmdir(const char *path) ++{ ++ int dfd; ++ char *buf; ++ char *parent; ++ ++ buf = strdup(path); ++ if (buf == NULL) ++ return; ++ ++ parent = dirname(buf); ++ ++ dfd = secure_opendir_stateless(parent); ++ if (dfd >= 0) { ++ unlinkat(dfd, base_name(path), AT_REMOVEDIR); ++ close(dfd); ++ } ++ ++ free(buf); ++} ++ + /* Evaluating a list of files which have to be parsed in the right order: + * + * - If etc/security/namespace.d/@filename@.conf exists, then +@@ -330,7 +461,7 @@ static void unprotect_dirs(struct protect_dir_s *dir) + struct protect_dir_s *next; + + while (dir != NULL) { +- umount(dir->dir); ++ secure_umount(dir->dir); + free(dir->dir); + next = dir->next; + free(dir); +@@ -734,13 +865,9 @@ static int process_line(char *line, const char *home, const char *rhome, + goto skipping; + } + +-#define COPY_STR(dst, src, apd) \ +- pam_sprintf((dst), "%s%s", (src), (apd)) +- +- if (COPY_STR(poly->dir, dir, "") < 0 +- || COPY_STR(poly->rdir, rdir, "") < 0 +- || COPY_STR(poly->instance_prefix, instance_prefix, +- poly->method == TMPDIR ? "XXXXXX" : "") < 0) { ++ if (pam_sprintf(poly->dir, "%s", dir) < 0 ++ || pam_sprintf(poly->rdir, "%s", rdir) < 0 ++ || pam_sprintf(poly->instance_prefix, "%s", instance_prefix) < 0) { + pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); + goto skipping; + } +@@ -1023,6 +1150,23 @@ static char *md5hash(const char *instname, struct instance_data *idata) + } + + #ifdef WITH_SELINUX ++static char *secure_getfilecon(pam_handle_t *pamh, const char *dir) ++{ ++ char *ctx = NULL; ++ int dfd = secure_opendir(dir, SECURE_OPENDIR_FULL_FD, 0, NULL); ++ if (dfd < 0) { ++ pam_syslog(pamh, LOG_ERR, "Error getting fd to %s: %m", dir); ++ return NULL; ++ } ++ if (fgetfilecon(dfd, &ctx) < 0) ++ ctx = NULL; ++ if (ctx == NULL) ++ pam_syslog(pamh, LOG_ERR, ++ "Error getting poly dir context for %s: %m", dir); ++ close(dfd); ++ return ctx; ++} ++ + static int form_context(const struct polydir_s *polyptr, + char **i_context, char **origcon, + struct instance_data *idata) +@@ -1034,12 +1178,9 @@ static int form_context(const struct polydir_s *polyptr, + /* + * Get the security context of the directory to polyinstantiate. + */ +- rc = getfilecon(polyptr->dir, origcon); +- if (rc < 0 || *origcon == NULL) { +- pam_syslog(idata->pamh, LOG_ERR, +- "Error getting poly dir context, %m"); ++ *origcon = secure_getfilecon(idata->pamh, polyptr->dir); ++ if (*origcon == NULL) + return PAM_SESSION_ERR; +- } + + if (polyptr->method == USER) return PAM_SUCCESS; + +@@ -1136,29 +1277,52 @@ static int form_context(const struct polydir_s *polyptr, + #endif + + /* +- * poly_name returns the name of the polyinstantiated instance directory ++ * From the instance differentiation string, set in the polyptr structure: ++ * - the absolute path to the instance dir, ++ * - the absolute path to the previous dir (parent), ++ * - the instance name (may be different than the instance differentiation string) ++ */ ++static int set_polydir_paths(struct polydir_s *polyptr, const char *inst_differentiation) ++{ ++ char *tmp; ++ ++ if (pam_sprintf(polyptr->instance_absolute, "%s%s", ++ polyptr->instance_prefix, inst_differentiation) < 0) ++ return -1; ++ ++ polyptr->instname = strrchr(polyptr->instance_absolute, '/') + 1; ++ ++ if (pam_sprintf(polyptr->instance_parent, "%s", polyptr->instance_absolute) < 0) ++ return -1; ++ ++ tmp = strrchr(polyptr->instance_parent, '/') + 1; ++ *tmp = '\0'; ++ ++ return 0; ++} ++ ++/* ++ * Set the name of the polyinstantiated instance directory + * based on the method used for polyinstantiation (user, context or level) + * In addition, the function also returns the security contexts of the + * original directory to polyinstantiate and the polyinstantiated instance + * directory. + */ + #ifdef WITH_SELINUX +-static int poly_name(const struct polydir_s *polyptr, char **i_name, +- char **i_context, char **origcon, +- struct instance_data *idata) ++static int poly_name(struct polydir_s *polyptr, char **i_context, ++ char **origcon, struct instance_data *idata) + #else +-static int poly_name(const struct polydir_s *polyptr, char **i_name, +- struct instance_data *idata) ++static int poly_name(struct polydir_s *polyptr, struct instance_data *idata) + #endif + { + int rc; ++ char *inst_differentiation = NULL; + char *hash = NULL; + enum polymethod pm; + #ifdef WITH_SELINUX + char *rawcon = NULL; + #endif + +- *i_name = NULL; + #ifdef WITH_SELINUX + *i_context = NULL; + *origcon = NULL; +@@ -1192,7 +1356,7 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + + switch (pm) { + case USER: +- if ((*i_name = strdup(idata->user)) == NULL) ++ if ((inst_differentiation = strdup(idata->user)) == NULL) + goto fail; + break; + +@@ -1204,20 +1368,24 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + goto fail; + } + if (polyptr->flags & POLYDIR_SHARED) +- *i_name = strdup(rawcon); ++ inst_differentiation = strdup(rawcon); + else +- *i_name = pam_asprintf("%s_%s", rawcon, idata->user); +- if (*i_name == NULL) ++ inst_differentiation = pam_asprintf("%s_%s", rawcon, idata->user); ++ if (inst_differentiation == NULL) + goto fail; + break; + + #endif /* WITH_SELINUX */ + + case TMPDIR: ++ if ((inst_differentiation = strdup("XXXXXX")) == NULL) ++ goto fail; ++ goto success; ++ + case TMPFS: +- if ((*i_name=strdup("")) == NULL) ++ if ((inst_differentiation=strdup("")) == NULL) + goto fail; +- return PAM_SUCCESS; ++ goto success; + + default: + if (idata->flags & PAMNS_DEBUG) +@@ -1226,32 +1394,37 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, + } + + if (idata->flags & PAMNS_DEBUG) +- pam_syslog(idata->pamh, LOG_DEBUG, "poly_name %s", *i_name); ++ pam_syslog(idata->pamh, LOG_DEBUG, "poly_name %s", inst_differentiation); + +- if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) { +- hash = md5hash(*i_name, idata); ++ if ((idata->flags & PAMNS_GEN_HASH) || strlen(inst_differentiation) > NAMESPACE_MAX_DIR_LEN) { ++ hash = md5hash(inst_differentiation, idata); + if (hash == NULL) { + goto fail; + } + if (idata->flags & PAMNS_GEN_HASH) { +- free(*i_name); +- *i_name = hash; ++ free(inst_differentiation); ++ inst_differentiation = hash; + hash = NULL; + } else { + char *newname = + pam_asprintf("%.*s_%s", + NAMESPACE_MAX_DIR_LEN - 1 - (int)strlen(hash), +- *i_name, hash); ++ inst_differentiation, hash); + if (newname == NULL) + goto fail; +- free(*i_name); +- *i_name = newname; ++ free(inst_differentiation); ++ inst_differentiation = newname; + } + } +- rc = PAM_SUCCESS; + ++success: ++ if (set_polydir_paths(polyptr, inst_differentiation) == -1) ++ goto fail; ++ ++ rc = PAM_SUCCESS; + fail: + free(hash); ++ free(inst_differentiation); + #ifdef WITH_SELINUX + freecon(rawcon); + #endif +@@ -1262,55 +1435,35 @@ fail: + freecon(*origcon); + *origcon = NULL; + #endif +- free(*i_name); +- *i_name = NULL; + } + return rc; + } + +-static int check_inst_parent(char *ipath, struct instance_data *idata) ++static int check_inst_parent(int dfd, struct instance_data *idata) + { + struct stat instpbuf; +- char *inst_parent, *trailing_slash; +- int dfd; ++ + /* +- * stat the instance parent path to make sure it exists +- * and is a directory. Check that its mode is 000 (unless the +- * admin explicitly instructs to ignore the instance parent +- * mode by the "ignore_instance_parent_mode" argument). ++ * Stat the instance parent directory to make sure it's writable by ++ * root only (unless the admin explicitly instructs to ignore the ++ * instance parent mode by the "ignore_instance_parent_mode" argument). + */ +- inst_parent = strdup(ipath); +- if (!inst_parent) { +- pam_syslog(idata->pamh, LOG_CRIT, "Error allocating pathname string"); +- return PAM_SESSION_ERR; +- } + +- trailing_slash = strrchr(inst_parent, '/'); +- if (trailing_slash) +- *trailing_slash = '\0'; +- +- dfd = protect_dir(inst_parent, 0, 1, idata); ++ if (idata->flags & PAMNS_IGN_INST_PARENT_MODE) ++ return PAM_SUCCESS; + +- if (dfd == -1 || fstat(dfd, &instpbuf) < 0) { ++ if (fstat(dfd, &instpbuf) < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Error creating or accessing instance parent %s, %m", inst_parent); +- if (dfd != -1) +- close(dfd); +- free(inst_parent); ++ "Error accessing instance parent, %m"); + return PAM_SESSION_ERR; + } + +- if ((idata->flags & PAMNS_IGN_INST_PARENT_MODE) == 0) { +- if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000 or owner not root", +- inst_parent); +- close(dfd); +- free(inst_parent); +- return PAM_SESSION_ERR; +- } ++ if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Mode of inst parent not 000 or owner not root"); ++ return PAM_SESSION_ERR; + } +- close(dfd); +- free(inst_parent); ++ + return PAM_SUCCESS; + } + +@@ -1449,14 +1602,16 @@ static int create_polydir(struct polydir_s *polyptr, + } + #endif + +- rc = protect_dir(dir, mode, 1, idata); ++ rc = secure_opendir(dir, ++ SECURE_OPENDIR_PROTECT | SECURE_OPENDIR_MKDIR | SECURE_OPENDIR_FULL_FD, ++ mode, idata); + if (rc == -1) { + pam_syslog(idata->pamh, LOG_ERR, + "Error creating directory %s: %m", dir); + #ifdef WITH_SELINUX + freecon(oldcon_raw); + #endif +- return PAM_SESSION_ERR; ++ return -1; + } + + #ifdef WITH_SELINUX +@@ -1477,9 +1632,9 @@ static int create_polydir(struct polydir_s *polyptr, + pam_syslog(idata->pamh, LOG_ERR, + "Error changing mode of directory %s: %m", dir); + close(rc); +- umount(dir); /* undo the eventual protection bind mount */ +- rmdir(dir); +- return PAM_SESSION_ERR; ++ secure_umount(dir); /* undo the eventual protection bind mount */ ++ secure_try_rmdir(dir); ++ return -1; + } + } + +@@ -1497,41 +1652,37 @@ static int create_polydir(struct polydir_s *polyptr, + pam_syslog(idata->pamh, LOG_ERR, + "Unable to change owner on directory %s: %m", dir); + close(rc); +- umount(dir); /* undo the eventual protection bind mount */ +- rmdir(dir); +- return PAM_SESSION_ERR; ++ secure_umount(dir); /* undo the eventual protection bind mount */ ++ secure_try_rmdir(dir); ++ return -1; + } + +- close(rc); +- + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, + "Polydir owner %u group %u", uid, gid); + +- return PAM_SUCCESS; ++ return rc; + } + + /* +- * Create polyinstantiated instance directory (ipath). ++ * Create polyinstantiated instance directory. ++ * To protect against races, changes are done on a fd to the parent of the ++ * instance directory (dfd_iparent) and a relative path (polyptr->instname). ++ * The absolute path (polyptr->instance_absolute) is only updated when creating ++ * a tmpdir and used for logging purposes. + */ + #ifdef WITH_SELINUX +-static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, +- const char *icontext, const char *ocontext, +- struct instance_data *idata) ++static int create_instance(struct polydir_s *polyptr, int dfd_iparent, ++ struct stat *statbuf, const char *icontext, const char *ocontext, ++ struct instance_data *idata) + #else +-static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, +- struct instance_data *idata) ++static int create_instance(struct polydir_s *polyptr, int dfd_iparent, ++ struct stat *statbuf, struct instance_data *idata) + #endif + { + struct stat newstatbuf; + int fd; + +- /* +- * Check to make sure instance parent is valid. +- */ +- if (check_inst_parent(ipath, idata)) +- return PAM_SESSION_ERR; +- + /* + * Create instance directory and set its security context to the context + * returned by the security policy. Set its mode and ownership +@@ -1540,29 +1691,39 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + */ + + if (polyptr->method == TMPDIR) { +- if (mkdtemp(polyptr->instance_prefix) == NULL) { +- pam_syslog(idata->pamh, LOG_ERR, "Error creating temporary instance %s, %m", +- polyptr->instance_prefix); +- polyptr->method = NONE; /* do not clean up! */ +- return PAM_SESSION_ERR; +- } +- /* copy the actual directory name to ipath */ +- strcpy(ipath, polyptr->instance_prefix); +- } else if (mkdir(ipath, S_IRUSR) < 0) { ++ char s_path[PATH_MAX]; ++ /* ++ * Create the template for mkdtemp() as a magic link based on ++ * our existing fd to avoid symlink attacks and races. ++ */ ++ if (pam_sprintf(s_path, "/proc/self/fd/%d/%s", dfd_iparent, polyptr->instname) < 0 ++ || mkdtemp(s_path) == NULL) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Error creating temporary instance dir %s, %m", ++ polyptr->instance_absolute); ++ polyptr->method = NONE; /* do not clean up! */ ++ return PAM_SESSION_ERR; ++ } ++ ++ /* Copy the actual directory name to polyptr->instname */ ++ strcpy(polyptr->instname, base_name(s_path)); ++ } else if (mkdirat(dfd_iparent, polyptr->instname, S_IRUSR) < 0) { + if (errno == EEXIST) + return PAM_IGNORE; + else { + pam_syslog(idata->pamh, LOG_ERR, "Error creating %s, %m", +- ipath); ++ polyptr->instance_absolute); + return PAM_SESSION_ERR; + } + } + +- /* Open a descriptor to it to prevent races */ +- fd = open(ipath, O_DIRECTORY | O_RDONLY); ++ /* Open a descriptor to prevent races, based on our existing fd. */ ++ fd = openat(dfd_iparent, polyptr->instname, ++ O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); + if (fd < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error opening %s, %m", ipath); +- rmdir(ipath); ++ pam_syslog(idata->pamh, LOG_ERR, "Error opening %s, %m", ++ polyptr->instance_absolute); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + #ifdef WITH_SELINUX +@@ -1572,17 +1733,19 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + if (icontext) { + if (fsetfilecon(fd, icontext) < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Error setting context of %s to %s", ipath, icontext); ++ "Error setting context of %s to %s", ++ polyptr->instance_absolute, icontext); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + } else { + if (fsetfilecon(fd, ocontext) < 0) { + pam_syslog(idata->pamh, LOG_ERR, +- "Error setting context of %s to %s", ipath, ocontext); ++ "Error setting context of %s to %s", ++ polyptr->instance_absolute, ocontext); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + } +@@ -1590,9 +1753,9 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + #endif + if (fstat(fd, &newstatbuf) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", +- ipath); ++ polyptr->instance_absolute); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + if (newstatbuf.st_uid != statbuf->st_uid || +@@ -1600,17 +1763,17 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * + if (fchown(fd, statbuf->st_uid, statbuf->st_gid) < 0) { + pam_syslog(idata->pamh, LOG_ERR, + "Error changing owner for %s, %m", +- ipath); ++ polyptr->instance_absolute); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + } + if (fchmod(fd, statbuf->st_mode & 07777) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Error changing mode for %s, %m", +- ipath); ++ polyptr->instance_absolute); + close(fd); +- rmdir(ipath); ++ unlinkat(dfd_iparent, polyptr->instname, AT_REMOVEDIR); + return PAM_SESSION_ERR; + } + close(fd); +@@ -1629,9 +1792,12 @@ static int ns_setup(struct polydir_s *polyptr, + struct instance_data *idata) + { + int retval; ++ int dfd_iparent = -1; ++ int dfd_ipath = -1; ++ int dfd_pptrdir = -1; + int newdir = 1; +- char *inst_dir = NULL; +- char *instname = NULL; ++ char s_ipath[MAGIC_LNK_FD_SIZE]; ++ char s_pptrdir[MAGIC_LNK_FD_SIZE]; + struct stat statbuf; + #ifdef WITH_SELINUX + char *instcontext = NULL, *origcontext = NULL; +@@ -1641,37 +1807,48 @@ static int ns_setup(struct polydir_s *polyptr, + pam_syslog(idata->pamh, LOG_DEBUG, + "Set namespace for directory %s", polyptr->dir); + +- retval = protect_dir(polyptr->dir, 0, 0, idata); ++ dfd_pptrdir = secure_opendir(polyptr->dir, SECURE_OPENDIR_PROTECT, 0, idata); + +- if (retval < 0) { ++ if (dfd_pptrdir < 0) { + if (errno != ENOENT || !(polyptr->flags & POLYDIR_CREATE)) { + pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", + polyptr->dir); + return PAM_SESSION_ERR; + } +- if (create_polydir(polyptr, idata) != PAM_SUCCESS) ++ dfd_pptrdir = create_polydir(polyptr, idata); ++ if (dfd_pptrdir < 0) + return PAM_SESSION_ERR; +- } else { +- close(retval); + } + + if (polyptr->method == TMPFS) { +- if (mount("tmpfs", polyptr->dir, "tmpfs", polyptr->mount_flags, polyptr->mount_opts) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", +- polyptr->dir); +- return PAM_SESSION_ERR; +- } ++ /* ++ * There is no function mount() that operate on a fd, so instead, we ++ * get the magic link corresponding to the fd and give it to mount(). ++ * This protects against potential races exploitable by an unpriv user. ++ */ ++ if (pam_sprintf(s_pptrdir, "/proc/self/fd/%d", dfd_pptrdir) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error pam_sprintf s_pptrdir"); ++ goto error_out; ++ } + +- if (polyptr->flags & POLYDIR_NOINIT) +- return PAM_SUCCESS; ++ if (mount("tmpfs", s_pptrdir, "tmpfs", polyptr->mount_flags, polyptr->mount_opts) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", ++ polyptr->dir); ++ goto error_out; ++ } ++ ++ if (polyptr->flags & POLYDIR_NOINIT) { ++ retval = PAM_SUCCESS; ++ goto cleanup; ++ } + +- return inst_init(polyptr, "tmpfs", idata, 1); ++ retval = inst_init(polyptr, "tmpfs", idata, 1); ++ goto cleanup; + } + +- if (stat(polyptr->dir, &statbuf) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", +- polyptr->dir); +- return PAM_SESSION_ERR; ++ if (fstat(dfd_pptrdir, &statbuf) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", polyptr->dir); ++ goto error_out; + } + + /* +@@ -1680,15 +1857,16 @@ static int ns_setup(struct polydir_s *polyptr, + * security policy. + */ + #ifdef WITH_SELINUX +- retval = poly_name(polyptr, &instname, &instcontext, +- &origcontext, idata); ++ retval = poly_name(polyptr, &instcontext, &origcontext, idata); + #else +- retval = poly_name(polyptr, &instname, idata); ++ retval = poly_name(polyptr, idata); + #endif + + if (retval != PAM_SUCCESS) { +- if (retval != PAM_IGNORE) ++ if (retval != PAM_IGNORE) { + pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); ++ goto error_out; ++ } + goto cleanup; + } else { + #ifdef WITH_SELINUX +@@ -1699,22 +1877,33 @@ static int ns_setup(struct polydir_s *polyptr, + #endif + } + +- if ((inst_dir = pam_asprintf("%s%s", polyptr->instance_prefix, instname)) == NULL) +- goto error_out; +- +- if (idata->flags & PAMNS_DEBUG) +- pam_syslog(idata->pamh, LOG_DEBUG, "instance_dir %s", +- inst_dir); ++ /* ++ * Gets a fd in a secure manner (we may be operating on a path under ++ * user control), and check it's compliant. ++ * Then, we should *always* operate on *this* fd and a relative path ++ * to be protected against race conditions. ++ */ ++ dfd_iparent = secure_opendir(polyptr->instance_parent, ++ SECURE_OPENDIR_PROTECT | SECURE_OPENDIR_MKDIR, 0, idata); ++ if (dfd_iparent == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "polyptr->instance_parent %s access error", ++ polyptr->instance_parent); ++ goto error_out; ++ } ++ if (check_inst_parent(dfd_iparent, idata)) { ++ goto error_out; ++ } + + /* + * Create instance directory with appropriate security + * contexts, owner, group and mode bits. + */ + #ifdef WITH_SELINUX +- retval = create_instance(polyptr, inst_dir, &statbuf, instcontext, +- origcontext, idata); ++ retval = create_instance(polyptr, dfd_iparent, &statbuf, instcontext, ++ origcontext, idata); + #else +- retval = create_instance(polyptr, inst_dir, &statbuf, idata); ++ retval = create_instance(polyptr, dfd_iparent, &statbuf, idata); + #endif + + if (retval == PAM_IGNORE) { +@@ -1726,19 +1915,48 @@ static int ns_setup(struct polydir_s *polyptr, + goto error_out; + } + ++ /* ++ * Instead of getting a new secure fd, we reuse the fd opened on directory ++ * polyptr->instance_parent to ensure we are working on the same dir as ++ * previously, and thus ensure that previous checks (e.g. check_inst_parent()) ++ * are still relevant. ++ */ ++ dfd_ipath = openat(dfd_iparent, polyptr->instname, ++ O_PATH | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); ++ if (dfd_ipath == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error openat on %s, %m", ++ polyptr->instname); ++ goto error_out; ++ } ++ ++ if (pam_sprintf(s_ipath, "/proc/self/fd/%d", dfd_ipath) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error pam_sprintf s_ipath"); ++ goto error_out; ++ } ++ ++ if (pam_sprintf(s_pptrdir, "/proc/self/fd/%d", dfd_pptrdir) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error pam_sprintf s_pptrdir"); ++ goto error_out; ++ } ++ + /* + * Bind mount instance directory on top of the polyinstantiated + * directory to provide an instance of polyinstantiated directory + * based on polyinstantiated method. ++ * ++ * Operates on magic links created from two fd obtained securely ++ * to protect against race conditions and symlink attacks. Indeed, ++ * the source and destination can be in a user controled path. + */ +- if (mount(inst_dir, polyptr->dir, NULL, MS_BIND, NULL) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error mounting %s on %s, %m", +- inst_dir, polyptr->dir); ++ if(mount(s_ipath, s_pptrdir, NULL, MS_BIND, NULL) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Error mounting %s on %s (%s on %s), %m", ++ s_ipath, s_pptrdir, polyptr->instance_absolute, polyptr->dir); + goto error_out; + } + + if (!(polyptr->flags & POLYDIR_NOINIT)) +- retval = inst_init(polyptr, inst_dir, idata, newdir); ++ retval = inst_init(polyptr, polyptr->instance_absolute, idata, newdir); + + goto cleanup; + +@@ -1750,8 +1968,12 @@ error_out: + retval = PAM_SESSION_ERR; + + cleanup: +- free(inst_dir); +- free(instname); ++ if (dfd_iparent != -1) ++ close(dfd_iparent); ++ if (dfd_ipath != -1) ++ close(dfd_ipath); ++ if (dfd_pptrdir != -1) ++ close(dfd_pptrdir); + #ifdef WITH_SELINUX + freecon(instcontext); + freecon(origcontext); +@@ -1790,6 +2012,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) + { + struct polydir_s *pptr; + pid_t rc, pid; ++ int dfd = -1; + struct sigaction newsa, oldsa; + int status; + +@@ -1801,7 +2024,17 @@ static int cleanup_tmpdirs(struct instance_data *idata) + } + + for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { +- if (pptr->method == TMPDIR && access(pptr->instance_prefix, F_OK) == 0) { ++ if (pptr->method == TMPDIR) { ++ ++ dfd = secure_opendir_stateless(pptr->instance_parent); ++ if (dfd == -1) ++ continue; ++ ++ if (faccessat(dfd, pptr->instname, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { ++ close(dfd); ++ continue; ++ } ++ + pid = fork(); + if (pid == 0) { + static char *envp[] = { NULL }; +@@ -1811,10 +2044,21 @@ static int cleanup_tmpdirs(struct instance_data *idata) + _exit(1); + } + #endif ++ if (fchdir(dfd) == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, "Failed fchdir to %s: %m", ++ pptr->instance_absolute); ++ _exit(1); ++ } ++ + close_fds_pre_exec(idata); +- execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp); ++ ++ execle("/bin/rm", "/bin/rm", "-rf", pptr->instname, NULL, envp); + _exit(1); + } else if (pid > 0) { ++ ++ if (dfd != -1) ++ close(dfd); ++ + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && + (errno == EINTR)); + if (rc == (pid_t)-1) { +@@ -1827,6 +2071,10 @@ static int cleanup_tmpdirs(struct instance_data *idata) + "Error removing %s", pptr->instance_prefix); + } + } else if (pid < 0) { ++ ++ if (dfd != -1) ++ close(dfd); ++ + pam_syslog(idata->pamh, LOG_ERR, + "Cannot fork to cleanup temporary directory, %m"); + rc = PAM_SESSION_ERR; +@@ -1850,6 +2098,7 @@ out: + static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) + { + int retval = 0, need_poly = 0, changing_dir = 0; ++ int dfd = -1; + char *cptr, *fptr, poly_parent[PATH_MAX]; + struct polydir_s *pptr; + +@@ -1965,13 +2214,21 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) + strcpy(poly_parent, "/"); + else if (cptr) + *cptr = '\0'; +- if (chdir(poly_parent) < 0) { ++ ++ dfd = secure_opendir_stateless(poly_parent); ++ if (dfd == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Failed opening %s to fchdir: %m", poly_parent); ++ } ++ else if (fchdir(dfd) == -1) { + pam_syslog(idata->pamh, LOG_ERR, +- "Can't chdir to %s, %m", poly_parent); ++ "Failed fchdir to %s: %m", poly_parent); + } ++ if (dfd != -1) ++ close(dfd); + } + +- if (umount(pptr->rdir) < 0) { ++ if (secure_umount(pptr->rdir) < 0) { + int saved_errno = errno; + pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", + pptr->rdir); +@@ -2041,7 +2298,7 @@ static int orig_namespace(struct instance_data *idata) + "Unmounting instance dir for user %d & dir %s", + idata->uid, pptr->dir); + +- if (umount(pptr->dir) < 0) { ++ if (secure_umount(pptr->dir) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", + pptr->dir); + return PAM_SESSION_ERR; +diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h +index 180e042..721d39a 100644 +--- a/modules/pam_namespace/pam_namespace.h ++++ b/modules/pam_namespace/pam_namespace.h +@@ -121,6 +121,13 @@ + #define NAMESPACE_POLYDIR_DATA "pam_namespace:polydir_data" + #define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data" + ++/* ++ * Operation mode for function secure_opendir() ++ */ ++#define SECURE_OPENDIR_PROTECT 0x00000001 ++#define SECURE_OPENDIR_MKDIR 0x00000002 ++#define SECURE_OPENDIR_FULL_FD 0x00000004 ++ + /* + * Polyinstantiation method options, based on user, security context + * or both +@@ -158,6 +165,9 @@ struct polydir_s { + char dir[PATH_MAX]; /* directory to polyinstantiate */ + char rdir[PATH_MAX]; /* directory to unmount (based on RUSER) */ + char instance_prefix[PATH_MAX]; /* prefix for instance dir path name */ ++ char instance_absolute[PATH_MAX]; /* absolute path to the instance dir (instance_parent + instname) */ ++ char instance_parent[PATH_MAX]; /* parent dir of the instance dir */ ++ char *instname; /* last segment of the path to the instance dir */ + enum polymethod method; /* method used to polyinstantiate */ + unsigned int num_uids; /* number of override uids */ + uid_t *uid; /* list of override uids */ +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch b/meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch new file mode 100644 index 0000000000..18c2a82fb4 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2025-6020-02.patch @@ -0,0 +1,187 @@ +From 592d84e1265d04c3104acee815a503856db503a1 Mon Sep 17 00:00:00 2001 +From: Olivier Bal-Petre +Date: Tue, 4 Mar 2025 14:37:02 +0100 +Subject: [PATCH] pam_namespace: add flags to indicate path safety + +Add two flags in the script to indicate if the paths to the polydir +and the instance directories are safe (root owned and writable by +root only). + +Signed-off-by: Olivier Bal-Petre +Signed-off-by: Dmitry V. Levin + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1] +CVE: CVE-2025-6020 +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/namespace.init | 56 ++++++++++++------- + modules/pam_namespace/pam_namespace.c | 79 ++++++++++++++++++++++++++- + 2 files changed, 115 insertions(+), 20 deletions(-) + +diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init +index d9053a1..8782178 100755 +--- a/modules/pam_namespace/namespace.init ++++ b/modules/pam_namespace/namespace.init +@@ -1,25 +1,43 @@ + #!/bin/sh +-# It receives polydir path as $1, the instance path as $2, +-# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, +-# and user name in $4. ++# It receives as arguments: ++# - $1 polydir path (see WARNING below) ++# - $2 instance path (see WARNING below) ++# - $3 flag whether the instance dir was newly created (0 - no, 1 - yes) ++# - $4 user name ++# - $5 flag whether the polydir path ($1) is safe (0 - unsafe, 1 -safe) ++# - $6 flag whether the instance path ($2) is safe (0 - unsafe, 1 - safe) ++# ++# WARNING: This script is invoked with full root privileges. Accessing ++# the polydir ($1) and the instance ($2) directories in this context may be ++# extremely dangerous as those can be under user control. The flags $5 and $6 ++# are provided to let you know if all the segments part of the path (except the ++# last one) are owned by root and are writable by root only. If the path does ++# not meet these criteria, you expose yourself to possible symlink attacks when ++# accessing these path. ++# However, even if the path components are safe, the content of the ++# directories may still be owned/writable by a user, so care must be taken! + # + # The following section will copy the contents of /etc/skel if this is a + # newly created home directory. +-if [ "$3" = 1 ]; then +- # This line will fix the labeling on all newly created directories +- [ -x /sbin/restorecon ] && /sbin/restorecon "$1" +- user="$4" +- passwd=$(getent passwd "$user") +- homedir=$(echo "$passwd" | cut -f6 -d":") +- if [ "$1" = "$homedir" ]; then +- gid=$(echo "$passwd" | cut -f4 -d":") +- cp -rT /etc/skel "$homedir" +- chown -R "$user":"$gid" "$homedir" +- mask=$(awk '/^UMASK/{gsub("#.*$", "", $2); print $2; exit}' /etc/login.defs) +- mode=$(printf "%o" $((0777 & ~mask))) +- chmod ${mode:-700} "$homedir" +- [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" +- fi +-fi + ++# Executes only if the polydir path is safe ++if [ "$5" = 1 ]; then ++ ++ if [ "$3" = 1 ]; then ++ # This line will fix the labeling on all newly created directories ++ [ -x /sbin/restorecon ] && /sbin/restorecon "$1" ++ user="$4" ++ passwd=$(getent passwd "$user") ++ homedir=$(echo "$passwd" | cut -f6 -d":") ++ if [ "$1" = "$homedir" ]; then ++ gid=$(echo "$passwd" | cut -f4 -d":") ++ cp -rT /etc/skel "$homedir" ++ chown -R "$user":"$gid" "$homedir" ++ mask=$(sed -E -n 's/^UMASK[[:space:]]+([^#[:space:]]+).*/\1/p' /etc/login.defs) ++ mode=$(printf "%o" $((0777 & ~mask))) ++ chmod ${mode:-700} "$homedir" ++ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" ++ fi ++ fi ++fi + exit 0 +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 9d993d4..4c8153b 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -1467,6 +1467,79 @@ static int check_inst_parent(int dfd, struct instance_data *idata) + return PAM_SUCCESS; + } + ++/* ++ * Check for a given absolute path that all segments except the last one are: ++ * 1. a directory owned by root and not writable by group or others ++ * 2. a symlink owned by root and referencing a directory respecting 1. ++ * Returns 0 if safe, -1 is unsafe. ++ * If the path is not accessible (does not exist, hidden under a mount...), ++ * returns -1 (unsafe). ++ */ ++static int check_safe_path(const char *path, struct instance_data *idata) ++{ ++ char *p = strdup(path); ++ char *d; ++ char *dir = p; ++ struct stat st; ++ ++ if (p == NULL) ++ return -1; ++ ++ /* Check path is absolute */ ++ if (p[0] != '/') ++ goto error; ++ ++ strip_trailing_slashes(p); ++ ++ /* Last segment of the path may be owned by the user */ ++ if ((d = strrchr(dir, '/')) != NULL) ++ *d = '\0'; ++ ++ while ((d=strrchr(dir, '/')) != NULL) { ++ ++ /* Do not follow symlinks */ ++ if (lstat(dir, &st) != 0) ++ goto error; ++ ++ if (S_ISLNK(st.st_mode)) { ++ if (st.st_uid != 0) { ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Path deemed unsafe: Symlink %s should be owned by root", dir); ++ goto error; ++ } ++ ++ /* Follow symlinks */ ++ if (stat(dir, &st) != 0) ++ goto error; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Path deemed unsafe: %s is expected to be a directory", dir); ++ goto error; ++ } ++ ++ if (st.st_uid != 0 || ++ ((st.st_mode & (S_IWGRP|S_IWOTH)) && !(st.st_mode & S_ISVTX))) { ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Path deemed unsafe: %s should be owned by root, and not be writable by group or others", dir); ++ goto error; ++ } ++ ++ *d = '\0'; ++ } ++ ++ free(p); ++ return 0; ++ ++error: ++ free(p); ++ return -1; ++} ++ + /* + * Check to see if there is a namespace initialization script in + * the /etc/security directory. If such a script exists +@@ -1524,7 +1597,11 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + close_fds_pre_exec(idata); + + execle(init_script, init_script, +- polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp); ++ polyptr->dir, ipath, ++ newdir ? "1":"0", idata->user, ++ (check_safe_path(polyptr->dir, idata) == -1) ? "0":"1", ++ (check_safe_path(ipath, idata) == -1) ? "0":"1", ++ NULL, envp); + _exit(1); + } else if (pid > 0) { + while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch b/meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch new file mode 100644 index 0000000000..238bef47ec --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2025-6020-03.patch @@ -0,0 +1,35 @@ +From 976c20079358d133514568fc7fd95c02df8b5773 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Tue, 27 May 2025 08:00:00 +0000 +Subject: [PATCH] pam_namespace: secure_opendir: do not look at the group + ownership + +When the directory is not group-writable, the group ownership does +not matter, and when it is group-writable, there should not be any +exceptions for the root group as there is no guarantee that the root +group does not include non-root users. + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773] +CVE: CVE-2025-6020 +Signed-off-by: Hitendra Prajapati +--- + modules/pam_namespace/pam_namespace.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 4c8153b..791dd07 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -215,8 +215,7 @@ static int secure_opendir(const char *path, int opm, mode_t mode, + if (dfd_next == -1) + goto error; + } else if (st.st_uid != 0 +- || (st.st_gid != 0 && (st.st_mode & S_IWGRP)) +- || (st.st_mode & S_IWOTH)) { ++ || (st.st_mode & (S_IWGRP|S_IWOTH))) { + /* do not follow symlinks on subdirectories */ + flags |= O_NOFOLLOW; + } +-- +2.49.0 + diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb index 714cdb6552..815085cc82 100644 --- a/meta/recipes-extended/pam/libpam_1.5.3.bb +++ b/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -29,6 +29,11 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://CVE-2024-22365.patch \ file://CVE-2024-10041-1.patch \ file://CVE-2024-10041-2.patch \ + file://0001-pam-inline-pam-asprintf.patch \ + file://0002-pam-namespace-rebase.patch \ + file://CVE-2025-6020-01.patch \ + file://CVE-2025-6020-02.patch \ + file://CVE-2025-6020-03.patch \ " SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" From patchwork Fri Jul 25 18:44:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45EA2C87FD3 for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.26645.1753469092510188834 for ; Fri, 25 Jul 2025 11:44:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fVC0Wl5b; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2363616a1a6so20580595ad.3 for ; Fri, 25 Jul 2025 11:44:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469092; x=1754073892; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Dydt2fcc7HxFJdrBqrikSIq9mVuFmwi2cOm79sNhPuY=; b=fVC0Wl5bRNXtcZ5Yq90rJyuK0mN9WBPgpFQgJPYHFqHPLU3vsUJVyT4pnhWsJMyjVX qtE/dq65sYK2aGkuFihUL7nrMvO4j1wyhQKD3/z4ZCDgr433bGwAMO9csR1vMhovCaG+ GmwrVbqqfzyJ8esPx7DK1VGXM8Z+M5rXCYRYWbdZSPngmuvmSA7/pCryLMcfUNiAbeAV 7BBl8bT+wVuKNxtBdvfwmLTbeCNPtnuRc+7sZQ8JG8LnMk51985Pi/yxKU2pNALQ/Fvj HA9yQrrPyW1pX1V+ODU0uFk8QO21zO1GyGPOormJVUJEX2TcCKR4ljqXZHhfNMXz1frC 1ulQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469092; x=1754073892; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dydt2fcc7HxFJdrBqrikSIq9mVuFmwi2cOm79sNhPuY=; b=LQDC/PH41DgbJit3XcZK6EfO/1mA3vlfwOMUzWh4U3rC5oST4L4M9SsGho6gdAoHTX S+k63ZgNrzxT9uYWGtDNnfno9lcVnJKQI+mfcL/jFv+uumtwkssqFfp4bI3HlDlv6wgh e2b/YHHlvCjfmShOYmpzwTI08X8lj+y6x0bp2qCffmuPC5CqIiZQjoZxES1a+tMs+8Av AOSxuws0uYC7L792oFALKTkZxhQeGIPl13eXrOeyXN9dhwNvvdRPKyV7mNNoWXcP2SOx IbNjL4ym4IwYnPvf7d0KAE7QXtPhDyVYKrrGTsqurjkj80GvmXWaO3rPYtGkjRF0mftY Ckkw== X-Gm-Message-State: AOJu0Yw4fqGreHgdelGZgDVibLgN3cXbO7u/ZD2IxEY/9BreRlnxzTcT Vl7p+tJZ+MiDv+pG4CIGp7FBQ7/bJbjyAxPiWDFnTYJu2xPfkc8UCAPfpR1X4UeFzJlhnUfGbbW kItCI X-Gm-Gg: ASbGncs7CUym40BtGgSyIWv9BTc4zNnefxBPXyc3MF9eQ0Msy5jUiQOSdmWU+kpLv2Y L6RkP9kWiFUgztzhXZqurF9UPxZcwWzpqAYHZiDdSA8abK2B3HfZFpE0tCuDjTOzhBODrFqhdjA n0cbc3sFqlpxDRR8zho00DiLJbhYuFOe+fZP8ovldgn6Ck54a0kMoM+1SsrLkn8F3T1Hqkuxcdj 88WZnDLOWnu5TmfHRT4HBvvqLb60OYVPqXpo1303Bf6QbA4GJAVWS075xpkqlz9pFpN8tFd2bXm XqGS43RRHddsASHUjy992DLK0oGwt7AZnYLXRJQLaYDhgho+BPL5lf4lUr6zA2ik+jklhs1Ev9q 4VYAhQ+DLAP+ykD9l+aXSY7jl X-Google-Smtp-Source: AGHT+IHQC7jrLXibK4taDxe9OYOU7fn2LDF0m/IuyHbDaCBg7zk6BagN9524WycSAl63CnQ9rQh9bQ== X-Received: by 2002:a17:903:3508:b0:235:f298:cbb3 with SMTP id d9443c01a7336-23fb3084948mr39348465ad.18.1753469091607; Fri, 25 Jul 2025 11:44:51 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:51 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 09/16] glibc: stable 2.39 branch updates Date: Fri, 25 Jul 2025 11:44:23 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220924 From: Deepesh Varatharajan $ git log --oneline 06a70769fd0b2e1f2a3085ad50ab620282bd77b3..cff1042cceec3502269947e96cf7023451af22f3 cff1042cce Fix error reporting (false negatives) in SGID tests 1924d341c0 support: Pick group in support_capture_subprogram_self_sgid if UID == 0 Testing Results: Before After Diff PASS 5074 5082 +8 XPASS 4 4 0 FAIL 121 116 -5 XFAIL 16 16 0 UNSUPPORTED 157 154 -3 cff1042cce Fix error reporting (false negatives) in SGID tests Improved SGID test handling by unifying error reporting and using secure temporary directories. Replaced non-standard exit codes and fixed premature exits to avoid masking failures. These changes reduced false negatives, increasing overall test pass rates UNSUPPORTED tests changes -UNSUPPORTED: stdlib/tst-secure-getenv -UNSUPPORTED: elf/tst-env-setuid-static -UNSUPPORTED: elf/tst-env-setuid-tunables FAILed tests changes -FAIL: malloc/tst-aligned-alloc-random-thread-cross-malloc-check -FAIL: malloc/tst-aligned-alloc-random-thread-malloc-check -FAIL: malloc/tst-dynarray -FAIL: malloc/tst-dynarray-mem -FAIL: resolv/tst-resolv-aliases PASSed tests changes +PASS: stdlib/tst-secure-getenv +PASS: elf/tst-env-setuid-static +PASS: elf/tst-env-setuid-tunables +PASS: malloc/tst-aligned-alloc-random-thread-cross-malloc-check +PASS: malloc/tst-aligned-alloc-random-thread-malloc-check +PASS: malloc/tst-dynarray +PASS: malloc/tst-dynarray-mem +PASS: resolv/tst-resolv-aliases Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 0130613936..6ee9fc7a0b 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.39/master" PV = "2.39+git" -SRCREV_glibc ?= "06a70769fd0b2e1f2a3085ad50ab620282bd77b3" +SRCREV_glibc ?= "cff1042cceec3502269947e96cf7023451af22f3" SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" From patchwork Fri Jul 25 18:44:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67481 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56829C87FD5 for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.26646.1753469093744063946 for ; Fri, 25 Jul 2025 11:44:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OiIg+hF/; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-23f8d27eeeaso23915275ad.2 for ; Fri, 25 Jul 2025 11:44:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469093; x=1754073893; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0Hvo5vsVjKoOjscMm2OibQrM1vdRdkv7ItWY8D/ctRU=; b=OiIg+hF/nRwxS7HDGNbYEATIBezZJB45e7gZsOsTFzmoPL+ubzm4iUhASmw+UAzeRt P3OS/jiFw+29GVPGxYtmISztKm64JVub4h78LXE6Sq7dVBDpbc04EmMvY9u4OJg7J4MN 0oKYrCLlAnCCY7V2pKI4OeEPH7jIEDarJJ4xG4j26Dvf9Qpmy5Wml7oSdzNIZhODH5yq mhWtXBzYONNZU9zaLzRjddLjok2aLGjuvmDyHwx1hAalOBUdpxnzT3GEg2DLshPL6cH2 S0YkDdko/EJXJ0EMMF/09pOMq32T/gr1dFiS35MaSlvP1DWjJbFIPJv52fe2USUmvPh1 kw2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469093; x=1754073893; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0Hvo5vsVjKoOjscMm2OibQrM1vdRdkv7ItWY8D/ctRU=; b=hGsGEHgWMiESJd21gfh5Ke1A711LzZTFsEvTYr1mztZUC7W9Wy/g+OnwgFfnEoR5fx wQ8RAEtw6IZGGwz47CxIMDU572b/N8MYIiZTlhtFYuXAXqTChl0NGSDpA8tMp2deMa3o OA3+cu3c9P5LPqZ/kBJ59J48gRV6Cb0sBo2Y6Xim3T8a7Lxox8Hnj+Hw2D/faF4epvCJ CquW2pla/rTbQSwNQ1nlpBONJPwpqksNMkYowsJpB/KJCL8I4R5ZXjpJULWx0IHLunUK rJDZM81KKsBSvPM4v/N2qiuFgYeqP/6+FZov7k3NRADuARFWKWLVdz0bRfOnyCiWE/zS 5a6Q== X-Gm-Message-State: AOJu0Yx0fJm6M2dENSbNMTUBdS8ZbNSW+CbJ98t9f4jNfHq8TqPtyOCK lfRSnN0jmCIgBGFbXE2SosLd/y4NT1957sWOemC836+16L0cz5ND33KUKfBGPWBH5HKKverKfy+ zYgnI X-Gm-Gg: ASbGnct+Xbx0QBVsTZa3mMx3aIi/yzkQfAt4pnkD3MFNsdABs9aebe2tQHSNGlB0QHV sk9mhoWWRg07Nv0UsjqKUcnFG2HpsRl6xOus48AndVjLbcob5GiymcOUlCQq/qtJ9i9Y5f8QqrU kcMNDBn8gHiBKFAQ4rDHXkpVGCebQDMaIgpZfeIe9dQo49ecE0RbDfcHexHmH0jrD3690ll4mLL 9Law7KEPu9xkcG9EO8H7EX4KNl8VmFnrExanA5Q2WjJRReRgLztsw30i2BzAN/lgq2XCafEBWoy f4zahm1TOAGPBtdQHRUW/m2QYsQczUKmIV9xE2nLsy9FX4YnKOpCUp+j0BtU4ENdvtO3DnsXRIJ GzJ8SQhYqOrxF1w== X-Google-Smtp-Source: AGHT+IE+28v5Xwe1eYpaJcCG6vYekUbnOrKLgW/sy4GzEEf3jQG0PsOjD7Ct/cmgAeN63CrZB6Ws7Q== X-Received: by 2002:a17:902:f68e:b0:235:ea0d:ae10 with SMTP id d9443c01a7336-23fb30b8503mr54233655ad.12.1753469092895; Fri, 25 Jul 2025 11:44:52 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 10/16] xserver-xorg: upgrade 21.1.6 -> 21.1.18 Date: Fri, 25 Jul 2025 11:44:24 -0700 Message-ID: <2ab7c45631f78ac8f6d19889fa8526d062329992.1753468892.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220926 From: Vijay Anusuri xorg-server 21.1.17 This release contains the fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html * CVE-2025-49175 * CVE-2025-49176 * CVE-2025-49177 * CVE-2025-49178 * CVE-2025-49179 * CVE-2025-49180 Additionally, this release includes a fix for CVE-2022-49737 which was issued after the fix was merged back in 2022 and several other various fixes. Ref: https://lists.x.org/archives/xorg-announce/2025-June/003609.html xorg-server 21.1.18 This release contains an additional fix for CVE-2025-49176 from June 17 security advisory: https://lists.x.org/archives/xorg/2025-June/062055.html Ref: https://lists.x.org/archives/xorg-announce/2025-June/003612.html Signed-off-by: Vijay Anusuri Signed-off-by: Richard Purdie (cherry picked from commit a59b385184fb3a548dc27310fd04d64351d8dfba) Signed-off-by: Steve Sakoman --- .../{xserver-xorg_21.1.16.bb => xserver-xorg_21.1.18.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.16.bb => xserver-xorg_21.1.18.bb} (92%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb similarity index 92% rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb index 38c81f2372..14c45be432 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.16.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb @@ -3,7 +3,7 @@ require xserver-xorg.inc SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ " -SRC_URI[sha256sum] = "b14a116d2d805debc5b5b2aac505a279e69b217dae2fae2dfcb62400471a9970" +SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352" # These extensions are now integrated into the server, so declare the migration # path for in-place upgrades. From patchwork Fri Jul 25 18:44:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67482 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61937C87FD4 for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.web10.26648.1753469094908559977 for ; Fri, 25 Jul 2025 11:44:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=mLh2d7c3; spf=softfail (domain: sakoman.com, ip: 209.85.215.178, mailfrom: steve@sakoman.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-b34a78bb6e7so2190191a12.3 for ; Fri, 25 Jul 2025 11:44:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469094; x=1754073894; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HSsdKBra9mZkHSzcTEDb25tIoW0vzyYhkK/O+6KW4fU=; b=mLh2d7c3+0/gEExnMV8MvsTx0lHDbgnZFlC3Qr0TbmRSvZvbL+hoZZYqCqhjK+UAn4 NO2RO0yYc8S590yOnnlq1bj5dRk7uf6v52OpZxmmPP+de956qi+Hkubv8i1gRRoKSvT0 k4uD4nNEmJmcMcHIEKWWNKeDqqwqpOAJitDHJmbXoy1CgtiYdTUO3aEgv0w1f0UnNvvT 8NqueITRWdJDYQFXWKiA4hs/1vFFTmURktRcOnZNfaM2Y86wXXFvusnHVSVeWeBdb1xR HD0LgiB+chPsZY3PAMP/JTJ/5V1RVjP64vDvA6yGe3NLBQ/a6L4le5OIfSZj26eGYJOU 3ELg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469094; x=1754073894; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HSsdKBra9mZkHSzcTEDb25tIoW0vzyYhkK/O+6KW4fU=; b=mlfQDM31Grl7n3wyAqU/Un5iJUE5RFf/BNSVtupFbP3phjOjBEcoNcMyXW8l6uROL5 U1Gr1ssj5cRL9V1KyNCL+XYOkjsUGWGGXUqfFPECO1xkg1Vxct8CjoY+NxTapsHwcxr7 UY6W/ZUFonDMRCe9vKN0g9YnUnWTuia3W4tcVqiMUu51Lcq8MSHGwJ89vFN2l/Iz4FpQ lGG6h2Upg69cX548DePC6lBXGt9qj8h0I2oUgD96kD93lFuKrSVK5oUAfeXJjKc8uxnX OML3tnr341txr01IlWqYtsyWnhJUbTxnDIPeQ9YEbenEWLzoH4ZhEBJ5gJlJCkx+KGfX Xl5Q== X-Gm-Message-State: AOJu0YyA568sUhB7KEkd6ejOH+pVhSI9oPm4DAgljzTL/rlz7PDz5Ust 5MmvNCnqXuCO0HXYNd/yf8uICXtQD8NVnCcqHpMJ4N7cydws4jNpcGhfW+0ynJNRoPIKd87km3S RmmcC X-Gm-Gg: ASbGncuoBVfEB0zl9g/jjCxnJdX2rjbF6UWs3n0hb1fzxmL+tdmGKAMEChAdsAjcVNn LwNtmrggsRjFQZmdejmlCbyanF5NpcxZHfCIh4zS43k0M8oKzldBH3RV8//zKiIabaPC5Z0JpAt LQHc7fj5tuDE7D/n3kmzdJqr75fg18lJM4WFb+fvTGiYZR2iPmDyHSDV4CDB+L+IwI3NENjlvgd VPm/K6aWYOdXN9izg6Ylw/93jdIQ6o2WZPfKi1dEahzR6L3vSDypinKjco9txK2LG3lA06x+8tE uxbhPkNGlxvmtrzk/dwowLTE0/aJS0rQ5tj6PbpZEgcR+FA8hfRtj1b3o3daeYVvdE+9pJuo/ma jQ1K1cSn7wDWFag== X-Google-Smtp-Source: AGHT+IHwm38k+zACuSF7kL2E21HCqNsWsCH3aGt9+fjMjj9UmWhYEyo1+hBFtpyrj/aNtVj97RQulA== X-Received: by 2002:a17:903:2f8a:b0:23f:8d03:c4ac with SMTP id d9443c01a7336-23fb2ff96ecmr46656795ad.2.1753469094077; Fri, 25 Jul 2025 11:44:54 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:53 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 11/16] mtools: upgrade 4.0.43 -> 4.0.44 Date: Fri, 25 Jul 2025 11:44:25 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220927 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (From OE-Core rev: dd8c333576d7ebb8abab3a62b3451439519a0caa) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/mtools/clang_UNUSED.patch | 19 +++++++++++++------ .../mtools/disable-hardcoded-configs.patch | 7 +++---- .../mtools/mtools/mtools-makeinfo.patch | 11 +++++------ .../{mtools_4.0.43.bb => mtools_4.0.44.bb} | 2 +- 4 files changed, 22 insertions(+), 17 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.43.bb => mtools_4.0.44.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 6bb9d6a3da..20a6d1b8b3 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,12 +1,19 @@ -Undefine UNUSED macros with clang +From c72d075cb0c3a65ef17621c7ed1ffac35ca3b68e Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 19 Sep 2018 11:55:41 -0700 +Subject: [PATCH] Undefine UNUSED macros with clang Upstream-Status: Pending Signed-off-by: Khem Raj -Index: mtools-4.0.18/sysincludes.h -=================================================================== ---- mtools-4.0.18.orig/sysincludes.h -+++ mtools-4.0.18/sysincludes.h -@@ -101,7 +101,7 @@ typedef void *caddr_t; +--- + sysincludes.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysincludes.h b/sysincludes.h +index e16ab45..8d285d4 100644 +--- a/sysincludes.h ++++ b/sysincludes.h +@@ -98,7 +98,7 @@ typedef void *caddr_t; #if defined __GNUC__ && defined __STDC__ /* gcc -traditional doesn't have PACKED, UNUSED and NORETURN */ # define PACKED __attribute__ ((packed)) diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 57be935487..1bed4e7614 100644 --- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 2ef9b371a5cc44e730143e694d71665831fac216 Mon Sep 17 00:00:00 2001 +From 0953b744b0257e26c170fb6d6b4c0f6210e4ae43 Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -6,16 +6,15 @@ Subject: [PATCH] Disabled reading host configs. Upstream-Status: Inappropriate [native] Signed-off-by: Ed Bartosh - --- config.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 2f6a297..3181ed7 100644 +index 358282b..8ebafb4 100644 --- a/config.c +++ b/config.c -@@ -844,14 +844,6 @@ void read_config(void) +@@ -868,14 +868,6 @@ void read_config(void) memcpy(devices, const_devices, nr_const_devices*sizeof(struct device)); diff --git a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch index 6ae91d6cb9..3771f94c59 100644 --- a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch +++ b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch @@ -1,17 +1,16 @@ -From 3cf56b36db78679273f61ba78fbbf7f3fab52f68 Mon Sep 17 00:00:00 2001 +From 184b76e9742ff89f90a066edb0f46b4a150351cf Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Fri, 8 Jun 2007 08:35:12 +0000 Subject: [PATCH] mtools: imported from OE Upstream-Status: Inappropriate [licensing] - --- Makefile.in | 11 ++++++----- configure.in | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 616d59f..85b5b1d 100644 +index 5db50d7..92ad461 100644 --- a/Makefile.in +++ b/Makefile.in @@ -26,10 +26,11 @@ USERCFLAGS = @@ -30,7 +29,7 @@ index 616d59f..85b5b1d 100644 # do not edit below this line -@@ -199,7 +200,7 @@ dvi: mtools.dvi +@@ -185,7 +186,7 @@ dvi: mtools.dvi ps: mtools.ps %.ps: %.dvi @@ -40,10 +39,10 @@ index 616d59f..85b5b1d 100644 pdf: mtools.pdf %.pdf: %.texi sysconfdir.texi diff --git a/configure.in b/configure.in -index 5ff75c1..c0f7440 100644 +index 1de916e..fd6cb08 100644 --- a/configure.in +++ b/configure.in -@@ -35,6 +35,33 @@ AC_CANONICAL_SYSTEM +@@ -32,6 +32,33 @@ AC_CANONICAL_TARGET AC_C_CONST AC_C_INLINE diff --git a/meta/recipes-devtools/mtools/mtools_4.0.43.bb b/meta/recipes-devtools/mtools/mtools_4.0.44.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.43.bb rename to meta/recipes-devtools/mtools/mtools_4.0.44.bb index 859103979e..d8dd671be2 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.43.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.44.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "541e179665dc4e272b9602f2074243591a157da89cc47064da8c5829dbd2b339" +SRC_URI[sha256sum] = "37dc4df022533c3d4b2ec1c78973c27c7e8b585374c2d46ab64c6a3db31eddb8" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Fri Jul 25 18:44:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67480 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41DB7C87FD1 for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.26745.1753469095844840168 for ; Fri, 25 Jul 2025 11:44:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=1j6groIu; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-b271f3ae786so2049392a12.3 for ; Fri, 25 Jul 2025 11:44:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469095; x=1754073895; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NzAxt/O2Fay1mqf/qQx9AHOhDhpUFstU1dd9oPxAxLQ=; b=1j6groIuab3b9BlAIQ5sKNewwHMpozRNUaucMYu7+PlOOo9g28OChI4y7Km3xX9J1v GPymVziqroT+jCG+TiTjYZrCDuRSPw7cLQXhcVkfOQyFZZXLGqXZhRSMheylWajUrW8s /xR3yBHKK5XLbbS1gAdIiChPHoxOGJpOWSd/bdEy+wOTCb2Ag6lhKNLBRdMgP2fMrV1U CIni2pszSMAAkVSj+9fFtHeBSQ3E1ytoiygfoLgJGiY+SO1A7RxDIAXT12wyCAdzaeXa 28F85YynjzpcRPITVGN1TWB051r2vlEhQjV2Lpsut7cdAmqnV43Ca1NM4LlIGf6rtCYq fcVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469095; x=1754073895; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NzAxt/O2Fay1mqf/qQx9AHOhDhpUFstU1dd9oPxAxLQ=; b=i4OasLbo1upxMONegX+RQjjDBZPhkGZgVkL9AekhecCy05wGUg9r60kAms28D6xeJI K/CebzJPLELsBDeuMg4MiZQKbljrX4cj9a6D9MvkOt2eYK7XQkMmSfnEhMUAtxDltkUL ArKkAU+6O2fA/lft7lfUfCPgTjosGFtaQfNNtdAZn5CST9Inu2Pxf898AZPvlfHW7szW AgzaFPmUit8YF+pD2AUufcFtmuKjBPjVB/nxK4Yxant4eOcEH7HAvnuK0SmB5E1KD81s JNkRRfY/gqlQrdNCv7557rj0ftaedKPy7pGJ1/1xW72ECk8QOM7VEcqcPhfFi69m2U+b m/Eg== X-Gm-Message-State: AOJu0YwjoM1h0BJUo2yv9b4bzmRzntLx/ufe8yJWsdZpjMu3bIqQDZ/y VoUpLnrzw8BJJZaS4lKoycj+ZZRM6vcWFItRn1/y0c06sF8JOcqIF568FIAURxUxhN5cyRPUlzS PiW73 X-Gm-Gg: ASbGncttLWCRAEm1In7+rrneDiOTu4g/HcsjSsnIDJB4eWhrUyvpWiLygF21rdU9e+w Fk2M8kbZPrJ9+DnXcFB/y5FtQDGPx33nVmCS6yFR6BY8JQ8I+DcdSy/jgfJ14rxtP2/g3CsoELB HimJoBv6D9BXKTNxTT/N/H1tCn4XJvEfVZhNL9WF0R4eY7oN3OLGy6YGE/BuxJBRW1BD8k/M8tB g5IB+wclshIKo6Ht5zlX0/TmUfKZTvZS06kNnIJjbGxk778ac0kbKpwQhFO57epv+Eyii2puK0k 4ThEPXA+qdwfWnxQAYKWbNsuYz0Lzi/PZfIVL9K0R2lZVfzmEvmp2zL+BCTAThImnUgT+mmjkE8 4YVoJdzxCSrIGsw== X-Google-Smtp-Source: AGHT+IEJ2/VNwUCKMKjaLx8GV7evY52AuM3Hw4q7on1JVqq0YEazIOL2VUphtKhleoeZ7glyd2ngqQ== X-Received: by 2002:a17:903:183:b0:234:914b:3841 with SMTP id d9443c01a7336-23fb3164644mr40805535ad.39.1753469095079; Fri, 25 Jul 2025 11:44:55 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:54 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 12/16] mtools: upgrade 4.0.44 -> 4.0.45 Date: Fri, 25 Jul 2025 11:44:26 -0700 Message-ID: <77340d2bb1f31e305394df5d589fc0d3a0c5cd9a.1753468892.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220928 From: Wang Mingyu Changelog: ============ - Fixed iconv descriptor leak - Fixed size of error message buffer Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (From OE-Core rev: cc1975888ffdc58655e80d3d14450cf68ee0f719) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/{mtools_4.0.44.bb => mtools_4.0.45.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/mtools/{mtools_4.0.44.bb => mtools_4.0.45.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools_4.0.44.bb b/meta/recipes-devtools/mtools/mtools_4.0.45.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.44.bb rename to meta/recipes-devtools/mtools/mtools_4.0.45.bb index d8dd671be2..34040d7a0d 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.44.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.45.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "37dc4df022533c3d4b2ec1c78973c27c7e8b585374c2d46ab64c6a3db31eddb8" +SRC_URI[sha256sum] = "0b008a96bd0efe0e542fa4383d469af66bc4a93394990b103730a8160a67d618" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Fri Jul 25 18:44:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67483 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BC5FC87FD6 for ; Fri, 25 Jul 2025 18:44:57 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.26649.1753469097031686536 for ; Fri, 25 Jul 2025 11:44:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ZJJZKWnv; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-74ad4533ac5so1916894b3a.0 for ; Fri, 25 Jul 2025 11:44:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469096; x=1754073896; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3z9SldFNgT4ZI6OK1LZ29TPpvD4+RmFlODYbOy5Yt4w=; b=ZJJZKWnvKjN4P5vEnQae9tu4eX/QBcz6yUqPBG/Xju8cVNBlfbPH5jBrK2i+HGQGPF ghDqULwxqGqtA5Br0OROBzqvVF/9VXxFcKm7UYsqVM9ckQfjWvUy1pIpT/OpYCxSOFG9 gC8GpqwkIOEw/yqFAqqSprgm+WckskCoyb5o9/PooZQhafhVJ3xlsEENqDGk+9c4KFXC PPnH5FEit28Tju26FMSMZeTEb9EPl+6sY8hqOnjff+IptqewaN38y+ocZGUqXTgGDHyA IHuyiAhodxUoFu0pnLPriRCr+4vIfTzXEFT6TfZ3Hg4PGGCiofFvlOu1xSeCBybqSuZc bgVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469096; x=1754073896; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3z9SldFNgT4ZI6OK1LZ29TPpvD4+RmFlODYbOy5Yt4w=; b=w0T6Pt3zwYXQGBIZOph7zVnNFGVYAFYS0clZI1hAuThZpZgKfBqydD4ncz7AHDiCfX VOP00eAWA5iAFgJGt4SapPg9P+z6Rdfw2ZorTAomk07nVX9HcuF31qBDrNZWCS7oKkBH zRWUx2MbVC0hmycuUlgXQJXDzV59ulZHRT8Uf4HDDeTDU+TqHbGnGNpJHFx1JL6RSAe5 BFjaMt4KKtXU6XfKKJk+0+K1OJsBkBGgnj2Fgmb0wHOTBwjRwIZVDyoPrK9JRfr1vki2 RNSGWK5LhexFFGmMYVfc+sJqIVnreX8vtdU3hDuzrKG5jAiME2aFFeaMCf40+aYcqUNe vVgw== X-Gm-Message-State: AOJu0YzqHKbHhFCiHVksCfiGmRt1Ng0aP2zb1ZfV7dP8wFqFyRHgSU6r 549eZITab8GPOjaSUN8OP/P4NKcYA7/Lo1/KtWG9go8zz50snRBNmnwSZKgHqVXxHkk976fIhHF rCiYI X-Gm-Gg: ASbGncuScRTonX1mwhzwxehVl3If33p2PS/XWN+CZGu8T0Y4AD8jrN71aMZWJr6gzBw adTM0wMS082SCbFuSp44ifPcuv1Eit7RxLsi4aS6NfEtqJwZGNTrvUdvTKeG+APhIheudKrBHLc JuYtsr0QRv+jvo4CYmOjjtTQIQnIwlcFZK6xUmEUuj3djD36gr0wdbtrVqc798oNnYptNaTX18p AJ+1eAVU6H3GPjIyBQh9wK3dO8uSpyDDKZrTZEzsF2i1D8omH2/xX2Xce1YCFl3wiRz6aGA6n9j M5fOk3d2YUPL53Tgm/+sdBpO7FSFJUngXV0tjYl7OobSJA3yx11JnONStkjhY+K+ry/+CT9dt90 IojpExrauWs4vbNqnnQW89nn9 X-Google-Smtp-Source: AGHT+IFaSj+bI0eTqNIVN37gx3fEdAmMfGZ+vnb+BQ30RB3cl5rKmrsbkcY/CLDrkMw7C3pDxMlclQ== X-Received: by 2002:a17:903:2ac4:b0:232:609:86c9 with SMTP id d9443c01a7336-23fa5ceb006mr78184165ad.9.1753469096175; Fri, 25 Jul 2025 11:44:56 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:55 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 13/16] mtools: upgrade 4.0.45 -> 4.0.46 Date: Fri, 25 Jul 2025 11:44:27 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:44:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220929 From: Wang Mingyu clang_UNUSED.patch mtools-makeinfo.patch refreshed for 4.0.46 Changelog: ============= - iconv buffer overflow fixes - removed references to mread and mwrite (obsolete subcommands from mcopy) - documented mdoctorfat, and addressed 2 bugs/oversights - removed references to obsolete mread and mwrite - portability fixes (dietlibc and MacOS X) & simplification Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (From OE-Core rev: f5a5b2372669d8be4ae3f19ed6892264ea3999d0) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/mtools/clang_UNUSED.patch | 6 +++--- .../mtools/mtools/mtools-makeinfo.patch | 16 ++++++++-------- .../{mtools_4.0.45.bb => mtools_4.0.46.bb} | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.45.bb => mtools_4.0.46.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 20a6d1b8b3..1420d84b86 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,4 +1,4 @@ -From c72d075cb0c3a65ef17621c7ed1ffac35ca3b68e Mon Sep 17 00:00:00 2001 +From 6654edfb1eee416b58bcb6490658f80071a353c2 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 19 Sep 2018 11:55:41 -0700 Subject: [PATCH] Undefine UNUSED macros with clang @@ -10,10 +10,10 @@ Signed-off-by: Khem Raj 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysincludes.h b/sysincludes.h -index e16ab45..8d285d4 100644 +index 6b322ff..48daecd 100644 --- a/sysincludes.h +++ b/sysincludes.h -@@ -98,7 +98,7 @@ typedef void *caddr_t; +@@ -85,7 +85,7 @@ ac_cv_func_setpgrp_void=yes ../mtools/configure --build=i386-linux-gnu --host=i3 #if defined __GNUC__ && defined __STDC__ /* gcc -traditional doesn't have PACKED, UNUSED and NORETURN */ # define PACKED __attribute__ ((packed)) diff --git a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch index 3771f94c59..8c80040f91 100644 --- a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch +++ b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch @@ -1,4 +1,4 @@ -From 184b76e9742ff89f90a066edb0f46b4a150351cf Mon Sep 17 00:00:00 2001 +From fd1e84c66852c2c906ee292aad942b4bfbd9e306 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Fri, 8 Jun 2007 08:35:12 +0000 Subject: [PATCH] mtools: imported from OE @@ -6,11 +6,11 @@ Subject: [PATCH] mtools: imported from OE Upstream-Status: Inappropriate [licensing] --- Makefile.in | 11 ++++++----- - configure.in | 27 +++++++++++++++++++++++++++ + configure.ac | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 5db50d7..92ad461 100644 +index 7b305b0..70c8c74 100644 --- a/Makefile.in +++ b/Makefile.in @@ -26,10 +26,11 @@ USERCFLAGS = @@ -38,11 +38,11 @@ index 5db50d7..92ad461 100644 pdf: mtools.pdf %.pdf: %.texi sysconfdir.texi -diff --git a/configure.in b/configure.in -index 1de916e..fd6cb08 100644 ---- a/configure.in -+++ b/configure.in -@@ -32,6 +32,33 @@ AC_CANONICAL_TARGET +diff --git a/configure.ac b/configure.ac +index de108a8..0fd9ef0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -33,6 +33,33 @@ AC_CANONICAL_TARGET AC_C_CONST AC_C_INLINE diff --git a/meta/recipes-devtools/mtools/mtools_4.0.45.bb b/meta/recipes-devtools/mtools/mtools_4.0.46.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.45.bb rename to meta/recipes-devtools/mtools/mtools_4.0.46.bb index 34040d7a0d..1173718662 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.45.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.46.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "0b008a96bd0efe0e542fa4383d469af66bc4a93394990b103730a8160a67d618" +SRC_URI[sha256sum] = "9aad8dd859f88fb7787924ec47590192d3abf7bad6c840509c854290d6bc16c0" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Fri Jul 25 18:44:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DAACC87FCE for ; Fri, 25 Jul 2025 18:45:07 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.26650.1753469098305077184 for ; Fri, 25 Jul 2025 11:44:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oNEUAfg4; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-23dea2e01e4so32194995ad.1 for ; Fri, 25 Jul 2025 11:44:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469097; x=1754073897; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UwwUi9JuNSH19d7iE1Oeh8hYS90Xyi53paCrizCwBBI=; b=oNEUAfg4g8ht2mFf/akYzSxoIFXrGGyTWHRrENRMiAp7thLrBeFARcycwhfqr+noPv Aqu2k6hBFgHvbvyoL9/a3XJTJU6c98yJTA9i0ffdQkXhaCFcw0OAjjyVObR4R4To7NoN rbbiLqjlkeNSlOf6enIYhir0j01tiSTa/WlDe5biO8Xlp39OsjuGiwvIstDwB7kAHpab a4YSasgaYhqlcrtdgHoMm6awtfVfWo/wYVSBOXOc6rNbsMfFCJOpbTcd7vkZANazGGnG Cc0KWD8E1nSdnwtmpn9hV9kprtEvha+97GqwfRMTlYv2T6kE0dCuQh4txgX1t127J/ft 6uLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469097; x=1754073897; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UwwUi9JuNSH19d7iE1Oeh8hYS90Xyi53paCrizCwBBI=; b=KdaU3aChonb0mM8cFOaVYCQ3VxDnSMeQmcvJ/aSr7x+synxPWhoN41DLpaO8nwOdrb eXh99tASvxGDFFjG8ukmIPclYFUIzh+8Bwp4nIGenMmAJs3Ge7nkErTbHpXTkd0eC3R4 RKT97CWMHSjEOQMyYsgGAR3hT6AFDn/6pjXaszi7c4QjmNZHN6dBB7Zn8pRRJZ/pSxyo A3vW+4LSSZzVvgyHHMzSY4n7h+ORfWDCKLYUlq1yGfURFy3qvdZcOsE2HuT2443rXEvG qSZSRwYURp+cXkXxvdyUsdbFsoiceOk7o0aceNnsAbbP+CMDRcustuJDD0bxJPVPb+Ki kGkQ== X-Gm-Message-State: AOJu0YxknXuoOIMMmHwecNE4A2oWDNWQsj0UTmfChxXHyUnXAdrJlkV/ /uEwCH0GL/sMJJI0PZM58Q9DBUDxYDhXj6ewbtx0Uh22ay0jSd3NKSlnvmUjBK+XpNy+9hrEw4/ RxrRN X-Gm-Gg: ASbGncuFZjKTVl7uzxp/oQ5shkvOhJKHQuvcPvL8kMkUX7nkYV/xBNrNwuD2/cXeZJN gavAxRvjy1FggWidXh3PUwTAjeAuJXP/LGXYka4ErMj7nVX/fmWdMSTwH9vxtIs4LR8Rko/PYV1 gyHrDj5sBH7J+GhSIPKfQTDkagiCpMtalsFaxmlhbTlIJr9HlPs1xDYjCHlwzv+0BTA7dcYz2gg knN/UpdBdGdKY5aOx8V+HE5b7I0ZU2cnWYQWrravZ7SA8L31asjaRwmsoXM8wgsbHUWnA7mmlui pm+LDFM4hq9MTnl5l+If3vtvRFZTyiMG3vWXf5WV2E7D5oviNkUjQTXq5AgSxcoDrpXDPy8/3Wd uKE5w8NlUlBhGJg== X-Google-Smtp-Source: AGHT+IF2LHt+D8/i7s34p3/1hYxn6QkQCBYknaBX+rgqCPQNVcmrofMtyanF+6GHixNytTbXlooj+g== X-Received: by 2002:a17:903:2ec8:b0:235:5a9:9769 with SMTP id d9443c01a7336-23fb30aaffbmr41987455ad.25.1753469097357; Fri, 25 Jul 2025 11:44:57 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 14/16] mtools: upgrade 4.0.46 -> 4.0.47 Date: Fri, 25 Jul 2025 11:44:28 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:45:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220930 From: Richard Purdie Signed-off-by: Richard Purdie (From OE-Core rev: 14ef270cc003646e6ca97ff3405507f2b9e92736) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch | 2 +- .../mtools/mtools/disable-hardcoded-configs.patch | 4 ++-- meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch | 6 +++--- .../mtools/{mtools_4.0.46.bb => mtools_4.0.47.bb} | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.46.bb => mtools_4.0.47.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 1420d84b86..2f3c452420 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,4 +1,4 @@ -From 6654edfb1eee416b58bcb6490658f80071a353c2 Mon Sep 17 00:00:00 2001 +From d8e9cf472f49c8dbb3b0855145974d199a83e8a4 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 19 Sep 2018 11:55:41 -0700 Subject: [PATCH] Undefine UNUSED macros with clang diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 1bed4e7614..1b3c3e003d 100644 --- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 0953b744b0257e26c170fb6d6b4c0f6210e4ae43 Mon Sep 17 00:00:00 2001 +From 4e51cf33fc34e8e82661b9bc3ab13858a2ffe43d Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -11,7 +11,7 @@ Signed-off-by: Ed Bartosh 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 358282b..8ebafb4 100644 +index 436c94b..794f098 100644 --- a/config.c +++ b/config.c @@ -868,14 +868,6 @@ void read_config(void) diff --git a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch index 8c80040f91..fb7ba56eec 100644 --- a/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch +++ b/meta/recipes-devtools/mtools/mtools/mtools-makeinfo.patch @@ -1,4 +1,4 @@ -From fd1e84c66852c2c906ee292aad942b4bfbd9e306 Mon Sep 17 00:00:00 2001 +From b517158e8ffc6a665506007b20708d6c2589cec1 Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Fri, 8 Jun 2007 08:35:12 +0000 Subject: [PATCH] mtools: imported from OE @@ -39,10 +39,10 @@ index 7b305b0..70c8c74 100644 pdf: mtools.pdf %.pdf: %.texi sysconfdir.texi diff --git a/configure.ac b/configure.ac -index de108a8..0fd9ef0 100644 +index 37f0d00..c93cfb5 100644 --- a/configure.ac +++ b/configure.ac -@@ -33,6 +33,33 @@ AC_CANONICAL_TARGET +@@ -36,6 +36,33 @@ AC_PATH_PROG(INSTALL_INFO, install-info, "") AC_C_CONST AC_C_INLINE diff --git a/meta/recipes-devtools/mtools/mtools_4.0.46.bb b/meta/recipes-devtools/mtools/mtools_4.0.47.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.46.bb rename to meta/recipes-devtools/mtools/mtools_4.0.47.bb index 1173718662..70d6579621 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.46.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.47.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "9aad8dd859f88fb7787924ec47590192d3abf7bad6c840509c854290d6bc16c0" +SRC_URI[sha256sum] = "31aa06078cc3f50591b95e71a909c56dd179d87e9cbdc07bf435e595bd7cc7ff" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Fri Jul 25 18:44:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DAE8C87FCF for ; Fri, 25 Jul 2025 18:45:07 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.26747.1753469099607701379 for ; Fri, 25 Jul 2025 11:44:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=NPiIhkxQ; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-b3bcb168fd5so2392766a12.3 for ; Fri, 25 Jul 2025 11:44:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469099; x=1754073899; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CQvMXhlZlayx67Y6Dc7k6iygqLMX6C/0XzonRfr9oC4=; b=NPiIhkxQhlJYs63348S4zx0oD9pM5Jk/2TwAdP1/rq03Rte7kEHWKTH93SuJsMQ54T cVcTzaNOhbyb9AEVnFYqy8hb3dJYWAB6+XBzglZ9ZCZ8/31Tdg4YKAR5s9Pia17jJYPJ chOq//GXmrlotHEe24+h25WHDFnGtikc0Qq+KyXvRwpIMWJNYNIFwvd8SAiVQ6b3dFlQ DSp/yV0Ub5icQk6V+LJw3B7LNErZBcU/qq7n9DM8PhVZm284Ygm/YK1p6GCM3BcaRK0A SmNuWxHalucs2srcqVZerAOkoxRLVlF0g2P9bNhRWJ+ULVCzDOo3D0XHd4em+eFsIbtc NEOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469099; x=1754073899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CQvMXhlZlayx67Y6Dc7k6iygqLMX6C/0XzonRfr9oC4=; b=YxKAcnfpk7SOZ4pvtsG1h16bMpODSavicytEkXnunFyvcd2QL8XegNeSSadxzw3wyN SMnjS5b88UmBhdqmFJJWGOlCkoYsZAj7Y6xVSm/s4T4xFBMtAuwdAg5v8vssC6lavr/i IcQ1XkM5B6+/7kglNjh/RJCDlL2+mXSGJPK8/siF8M6fID38q6DgHF8Sebrgk4pX9UXs ImuwhFKIEfjb6qo6d4GR698zjX9k3kcJeKxyl1TDLl1utTR2L2JKP24J/n3NbI8Zyw9y EZwAM3z6c6B91xtQJcJ2mWsDtwio1JobvIznVccfGSANG/04KOXewVfIgY+9qNcXdbNI lhAw== X-Gm-Message-State: AOJu0Yx0pc7x4wIfcpzxCQlpPlSDDeFk6C7GbnGDkh/QJsvSPANXEcJs 8aGXO/ttrhP/Tzav/BBdjXEvxLmYvvA4FMvMUAo/zIWJLJQ5Sw3HbbADkpYKNDuqy0/50fPDxM3 aQEKP X-Gm-Gg: ASbGncvjnFTszOM5K52u3DNwMzCtEyRjOb6QLpSImAz0DtiMexpOI6M/YOGG3T2Jnyz dmFNLE3tclP1r6GqIc0gWdK8xc9sLTSNcg1if7SVVqJEeKX+tB/4QSbXRowlUo1vyB1rG40SLDI eohHYSw3utk51H1PExm/IsnbwMzIexjtmSqUGL/IyD9XUsRZ6utXbE1GyV0o8FuHxqY+et5RU2j pn61wAstFEYaD0MZhlcXqTP9BptE/8EDpPXiB8/I/hqmPx5mMK4T3aSCiTU1qmCc+97/14oK54y sTuCkrbAvu3TOjw7Si0IbS8EzCw5cCI6u8qflABS7uFTzS2f7ppPLD/MyZj6NvWeFvprxN/efn2 vyNa2uRz9tMkJR9GYyNGwBrHD X-Google-Smtp-Source: AGHT+IFd+euoCkskaBNuV0/VZXNqY+xUwxHkbgRE58VcfDwYofR4zgYmx1TQqK2VR5h7Sz68IjV+Lw== X-Received: by 2002:a17:903:1a44:b0:235:5d1:e366 with SMTP id d9443c01a7336-23fb3051419mr53587725ad.10.1753469098581; Fri, 25 Jul 2025 11:44:58 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:57 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 15/16] mtools: upgrade 4.0.47 -> 4.0.48 Date: Fri, 25 Jul 2025 11:44:29 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:45:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220931 From: Wang Mingyu clang_UNUSED.patch disable-hardcoded-configs.patch refreshed for 4.0.48 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (From OE-Core rev: 1d5aee7e67cd614073a15b47b832375428865260) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch | 6 +++--- .../mtools/mtools/disable-hardcoded-configs.patch | 6 +++--- .../mtools/{mtools_4.0.47.bb => mtools_4.0.48.bb} | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) rename meta/recipes-devtools/mtools/{mtools_4.0.47.bb => mtools_4.0.48.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch index 2f3c452420..ddf3706f51 100644 --- a/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch +++ b/meta/recipes-devtools/mtools/mtools/clang_UNUSED.patch @@ -1,4 +1,4 @@ -From d8e9cf472f49c8dbb3b0855145974d199a83e8a4 Mon Sep 17 00:00:00 2001 +From 6914c6e15cd15daf1dae81458e5346958c9d5449 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 19 Sep 2018 11:55:41 -0700 Subject: [PATCH] Undefine UNUSED macros with clang @@ -10,10 +10,10 @@ Signed-off-by: Khem Raj 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysincludes.h b/sysincludes.h -index 6b322ff..48daecd 100644 +index 272b316..49ee5ae 100644 --- a/sysincludes.h +++ b/sysincludes.h -@@ -85,7 +85,7 @@ ac_cv_func_setpgrp_void=yes ../mtools/configure --build=i386-linux-gnu --host=i3 +@@ -98,7 +98,7 @@ ac_cv_func_setpgrp_void=yes ../mtools/configure --build=i386-linux-gnu --host=i3 #if defined __GNUC__ && defined __STDC__ /* gcc -traditional doesn't have PACKED, UNUSED and NORETURN */ # define PACKED __attribute__ ((packed)) diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch index 1b3c3e003d..63992ac547 100644 --- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch +++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch @@ -1,4 +1,4 @@ -From 4e51cf33fc34e8e82661b9bc3ab13858a2ffe43d Mon Sep 17 00:00:00 2001 +From 16969d42ec6514883bcee87cc89b3e7864481d7e Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Tue, 13 Jun 2017 14:55:52 +0300 Subject: [PATCH] Disabled reading host configs. @@ -11,10 +11,10 @@ Signed-off-by: Ed Bartosh 1 file changed, 8 deletions(-) diff --git a/config.c b/config.c -index 436c94b..794f098 100644 +index 2433457..3972150 100644 --- a/config.c +++ b/config.c -@@ -868,14 +868,6 @@ void read_config(void) +@@ -849,14 +849,6 @@ void read_config(void) memcpy(devices, const_devices, nr_const_devices*sizeof(struct device)); diff --git a/meta/recipes-devtools/mtools/mtools_4.0.47.bb b/meta/recipes-devtools/mtools/mtools_4.0.48.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.47.bb rename to meta/recipes-devtools/mtools/mtools_4.0.48.bb index 70d6579621..646735f3b3 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.47.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.48.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "31aa06078cc3f50591b95e71a909c56dd179d87e9cbdc07bf435e595bd7cc7ff" +SRC_URI[sha256sum] = "03c29aac8735dd7154a989fbc29eaf2b506121ae1c3a35cd0bf2a02e94d271a9" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \ From patchwork Fri Jul 25 18:44:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A27FC87FD1 for ; Fri, 25 Jul 2025 18:45:07 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.26651.1753469100483052710 for ; Fri, 25 Jul 2025 11:45:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=l8TfV5p2; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-23aeac7d77aso24108685ad.3 for ; Fri, 25 Jul 2025 11:45:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753469100; x=1754073900; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+EUzBbuX5jJiyLwh16AZ5V0k/dCAbCosKGG4CIDqINk=; b=l8TfV5p2B5v83K6p/QoSKkdm9MlBcWPRFgnzZSzrCjjKdiMUcbLNfHuZ3zBr+oh5HC 8Rki816bzcEjB7gHUvn9cSuBWq+P3+ImSxrb0vEwhziRdnx4mCIOGN1ytgqtAue0ILf7 WaktBFKxGVa9cqV+ak+IKRC4k6DaJva76KGG5YhJzuszejjJ3WanZeKDXG4h1rKxRib+ WQeZSqGgsXlzr73EIO+LF1npLVBlJN6G5v0KohFSmJIA4rHcTrm1O1jUeikRRNoehYXf 8gkJFQAYTcnb/JnDY/uRYbVD6zNz0EFaUgd+1ahLn7/wqodHQzxfdD85rEC54WJnyOc7 5zEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753469100; x=1754073900; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+EUzBbuX5jJiyLwh16AZ5V0k/dCAbCosKGG4CIDqINk=; b=HU7sOqjoZgqurOzp+EgtiAk7mTxwkoTYOxFuZyYKsyvh+8AMYpGwdclu08koEh9PPz hvKZadYLXYekrlET07qMlDfqL/ewBHs9rdh/h/NsfCxlFZd8P0m4e0FOWQlf8HyyvSmr ILxvDdTrpV1JbwlUavCR7HWQzG7TXN8YZ2GgTnH8eS4+Zqz3ebbLvrO1lmJClbwdiEyM e5e0ui+9plE2T99A43AdqDyfNXfpdNV5LO479qYc/Pg0LvXyeIT83I5gjNPWY7aGBJ7x rIBJh4CzgRpOzz5iMd5p392j2Ls+ZDxBbPiVod73KWq+8gIxqtRN5Ezk3PuYtJEMqxGi k6JQ== X-Gm-Message-State: AOJu0YwOruD1tPinqbwQhNbQAf5NDzCb1vkN4F5YA8ZHYzL3vbmBxQh9 PKaxXab9HjlMpBNgk9HKEGhPyBEGu/Jz33B2hsw9HBqK9dOS/C+h2c/AbdBoEivxJY+3AvEJ0DI BBkkC X-Gm-Gg: ASbGnculfb3g9Oj1NAGP5FWDe9U00ywYkqOPN0R0K0mmJ6hrOCqSregPCUvuiE57MaT 9t2irdfWeasL3pqS3ddW5aWo7pZRJcGwcva0EmzsHmyb1DjUrWSWhVv0ApIlLOcfsivVwINzwrG Wgqq9NxyaPIdn2PAiUeDOz2AzFr78YG8+jIHefwkjvwEc3H4qeJGD6D80cdeq+xZ1WtBo6XYDcE 9akg+eYtYZ+BsZSky+qI3e+mD+5FP3acblmioAb6xtJQXLg50oqrAQPyaBIj1XNCGzdJf4KnoR4 IHPLoodFs2fhhfU4M1nxhalimPUtOMOutgMxsuGJOGS9k+Lf+HX4BZRAlrmqrTWnk3TWocm+Nzt r+TcMcwmP9z38Ag== X-Google-Smtp-Source: AGHT+IE5jVxK3WT1gRzoEhu0cI9VeXQRzKVp6V+wr+leTy+UEP5Rw8Rtp2gsqBJ6SLLjeDQXjYE/4Q== X-Received: by 2002:a17:903:3c4d:b0:234:c8f6:1afb with SMTP id d9443c01a7336-23fb2ee8a67mr42578155ad.0.1753469099720; Fri, 25 Jul 2025 11:44:59 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:b695:a542:567c:1988]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fbe537f8asm2451225ad.167.2025.07.25.11.44.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Jul 2025 11:44:58 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap V2 16/16] mtools: upgrade 4.0.48 -> 4.0.49 Date: Fri, 25 Jul 2025 11:44:30 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 25 Jul 2025 18:45:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/220932 From: Jinfeng Wang New version includes check for overlong file names, see [1]. [1] https://lists.gnu.org/archive/html/info-mtools/2025-06/msg00005.html Signed-off-by: Jinfeng Wang Signed-off-by: Antonin Godard (From OE-Core rev: 044c2bceefcc12262cb2421e8f1da5f6c2ed9f72) Signed-off-by: Jinfeng Wang Signed-off-by: Steve Sakoman --- .../mtools/{mtools_4.0.48.bb => mtools_4.0.49.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/mtools/{mtools_4.0.48.bb => mtools_4.0.49.bb} (93%) diff --git a/meta/recipes-devtools/mtools/mtools_4.0.48.bb b/meta/recipes-devtools/mtools/mtools_4.0.49.bb similarity index 93% rename from meta/recipes-devtools/mtools/mtools_4.0.48.bb rename to meta/recipes-devtools/mtools/mtools_4.0.49.bb index 646735f3b3..294b2f37b2 100644 --- a/meta/recipes-devtools/mtools/mtools_4.0.48.bb +++ b/meta/recipes-devtools/mtools/mtools_4.0.49.bb @@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\ glibc-gconv-ibm866 \ glibc-gconv-ibm869 \ " -SRC_URI[sha256sum] = "03c29aac8735dd7154a989fbc29eaf2b506121ae1c3a35cd0bf2a02e94d271a9" +SRC_URI[sha256sum] = "6fe5193583d6e7c59da75e63d7234f76c0b07caf33b103894f46f66a871ffc9f" SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \ file://mtools-makeinfo.patch \