From patchwork Tue Oct 14 20:38:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72294 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 655E9CCD190 for ; Tue, 14 Oct 2025 20:39:19 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.6632.1760474352204977919 for ; Tue, 14 Oct 2025 13:39:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=d1OoD/no; spf=pass (domain: gmail.com, ip: 209.85.210.176, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-791c287c10dso4914080b3a.1 for ; Tue, 14 Oct 2025 13:39:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760474351; x=1761079151; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=UbSHY8zV8X07WfZIcPpka/9601yZuMsS/60qGcA79iI=; b=d1OoD/novzjpS++EFk9UMvDonVQmiSfVacRlRm4M26KDD9UqOOWyTIO7NmS1Ka+0vu zToXO8w6fYYNg97vHrpSUFJDgL/FHzSntSZDIzUXFCxloJkbHGLxxtDSrNin35TGVni+ 2ej4xzbt9xK+KWYhhcIyJn7ZAZ5qxNU0QKRG9FINssyvJ8T+084JRY0qqzNlWWej/EMG uKygN8znFR59y2xQi8i6NGh5HxPkmO+IGLiXNjGgbT9QQp0WE3zyW+xFzo/WjJxAof84 2rg4jAwY9W5h3jllXSbwj0qjwCdkdEssohIi7BJbS3VWun7Sbha0uGBKZkzqrmyacCcJ 2pQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760474351; x=1761079151; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UbSHY8zV8X07WfZIcPpka/9601yZuMsS/60qGcA79iI=; b=l53jtqeHKdpWbwepO0N0q1OBenXRNLhpGHBa8UfBlUt/imWNXPixK40t2ekj+9fp44 RB1VmVcl8HRHW0HZuAoQg3ceU2TGJHQxLikSDWjBRHqx0VrXAKh+J8dnVstIrlpxKcpB TNwDceE0V+YQl068tOjoC2dTiFM3jOnV7MLf32EwALFo04SayWYqgvR+XZAwd4fXAY/K JfncA9HDXnH1rBFnlyGN/nW69yhdUqezZDE5V+pdo6WVMq5t7w9gkILFnZJ4W+Bs/rUM SQfmXGU80iRpUSsa8krw5BkD7ipBO5yaED5uMrqAZsXZB0ozzsonxI6k3zCVrEBgIhSI cTjw== X-Gm-Message-State: AOJu0YyWvnfFXPMbpFhQra8eiPwAWQiijJ3GQvgSASMS8afKO9AMtyv4 JQYsN85Qv0P9RGl4ATDZMv+er91bk9vKVsxI0CdBsYK1EXxYPE1FR/g3RSXWcQ== X-Gm-Gg: ASbGncsz3cFhwlMEXCYDnMW/7j5Cij/ZC3b0RqjkbL69tTkfF0rMONZrgOAop0jNWE0 a/2q6g8sbyrN6AYmejgTA3wHvsXAllz2sifjCSfBX5qesM/hl6trCK0jCaVDXuxEkzG+ltwfR1F lL5NzhzGZgDXL9k39RNcgVNf2w/+fi1It6e40T6iIWQyOhGYivoLVMiFncjSNfytiFR6PULPa7e C7OzcyM+2hIXEvTJLJPWlFOogzM97qdjsJZSUxcKb3tORpxrpTwZwfCa8U2ZLDkj4dxrQQXvdfX a+Qgy16yVArg6/DGv4SklstwymGo4pue8c/42bqe1OGMtLYf/0i1ughBKSqH2UdhO5hbG+vTpCl nrg6pXwOXQ9Rd8/MtlthbekXVa8eawUg8x6uRWIE7B8yS8NlSyDQBSe8= X-Google-Smtp-Source: AGHT+IEExUQILMLoM6jg9ft8NRcZ/nou+tHddOtbL6VWGKkSZwpU3SEH6pKrFos3TIQzV1U8byx59Q== X-Received: by 2002:a05:6a00:2e0d:b0:772:3b9d:70fb with SMTP id d2e1a72fcca58-793883db1a7mr31514577b3a.31.1760474351295; Tue, 14 Oct 2025 13:39:11 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992b733355sm16009495b3a.26.2025.10.14.13.39.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 13:39:10 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Christos Gavros , Yoann Congal , Randy MacLeod , Khem Raj , Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 1/6] corosync: reproducibility issue Date: Wed, 15 Oct 2025 09:38:56 +1300 Message-ID: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Oct 2025 20:39:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120626 From: Christos Gavros Corosync is not reproducible due to change of value in NETSNMP_SYS_CONTACT which is set in net-snmp: NETSNMP_SYS_CONTACT = "$ME@$LOC" $ME = whoami $LOC assigned domain name from /etc/resolv.conf Use build in'--with-sys-contact' to overwrite it https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/30/steps/28/logs/stdio CC: Yoann Congal CC: Randy MacLeod Signed-off-by: Christos Gavros Signed-off-by: Khem Raj (cherry picked from commit bb138b9f6b0ae7a77b5be468356a9ed0d7787c88) Signed-off-by: Ankur Tyagi --- meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb index 395b02df00..f9572a1869 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.4.bb @@ -53,6 +53,8 @@ PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable PACKAGECONFIG[smux] = "" PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd" +SYSCONTACT_DISTRO ?= "no-contact-set@example.com" + EXTRA_OECONF = " \ --enable-shared \ --disable-manuals \ @@ -61,6 +63,7 @@ EXTRA_OECONF = " \ --with-persistent-directory=${localstatedir}/lib/net-snmp \ --with-endianness=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \ --with-mib-modules='${MIB_MODULES}' \ + --with-sys-contact='${SYSCONTACT_DISTRO}' \ " MIB_MODULES = "" From patchwork Tue Oct 14 20:38:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72292 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 655A4CCD184 for ; Tue, 14 Oct 2025 20:39:19 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.6639.1760474355087154263 for ; Tue, 14 Oct 2025 13:39:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DkDjtZAF; spf=pass (domain: gmail.com, ip: 209.85.210.182, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-78118e163e5so250573b3a.0 for ; Tue, 14 Oct 2025 13:39:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760474354; x=1761079154; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aEupTtAk1y1pw9nSh6GXJuMNFencLf7Fj6L1Xzx6HIM=; b=DkDjtZAFdAI4bAxkR5Xg0qnYQ0rn8TUpqYQ2ht8KxtjrtT7lWwuW/ESD2cKWmxh3LT u8GqFDUtrgKr6Sz781JSVqCaNUIEYmDUPoJEZw5zyj5oRsOTvkvYa3S4GUD9TrqcJREJ P9P5eXE7cgMMAI0LQ2kERvz+uw0dvJyOkdlcG8Fr5OeajiOtfljDhX6IkyCDFiBAhd2v 55Ry97g7ibc1Zu/Ctuw+jBIbCNkmUkfpMkFgJqXmp5Sj7ECETmrasEEHnCU5FpuGCrCx WG8vyPJj7f4q4a/431KeABbX/SqzWF0pgqhs2w5WZDOW4cG1am1qH213EQ38Iw4rPb0K VjYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760474354; x=1761079154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aEupTtAk1y1pw9nSh6GXJuMNFencLf7Fj6L1Xzx6HIM=; b=sZKUo812OsvSGtonIVLligFaMwfvtjqV+QUJBVYY+ihUQNWKrypT7zKVYO7XRQvx8F Dc/qPDb1b8mmP8EyeT3IPyGFzVvDOqM0wE3GRSk+k5/VETfCLfnpFhaizvjPbyLisS56 6Sy3S1gy54CyOeJFlMR4ZvQq7enZXtEEHuPnwnCUKfe+gDdvo4KlBdrYmLnvxrz17IPX yxvo67kkvSNDhje5YITZsd2V7Z/S/SYl7rICj48nADAS6Y67Z95cbYAK2XIRr0XptrkN jTxsu5flPdp6Ut0umgBjyhdIfFSAwj4hZc4zKkDW48zI6TDGpmeA8FyWb5Cdcc4NP6GD 4aFQ== X-Gm-Message-State: AOJu0Yy8LlklEI7byhETbaXevDy2HKQmn+fFJDtKAWEbZ7HdzU/KPBJg e0f9U4FUH/NVWdcTKnUV/YaYO/rTjgfAOpbjv9vvjrpyi7ThtXp+RqqCTbLWAw== X-Gm-Gg: ASbGncvKAfrg0kMvzxaN4l/1U5qqTV5F4Zg/GTB5ILzhEgZKvupyNffw5zWWL31WGYa TjjV/OY7YWtgsrU6EKozdllSimLSHjpg0yxxZQeAo4LPjok9g0gh5T1nXXNE7gS2wUluJiYIVnt l7CLWOIkBz6ZxaD3NJB5ZIAQwQFb3Zw9sj/5T5D8V/5Nb2YdlA4I9rz37PpVHxmJOKo5pHyX7qy AND+/iIC9+wE3a6htIdvM41BXQG7Jt4MVqHhToAbxsH2k5o6RHP3bUfsOQx0foojCSItk16VnCS cZXLTWL82YCGyXyasUNj98xQgiV+rDhVnfCOok1/OgdBPTS1TcMyBDVST8Rdil2WfYVuxZ2Jw3I +2X6RoyuPq6lOP7M2TmgJ4EwMMuGEBhXQL4vm/CmrKSdDFwNqwlfEAU7Y9pm1Qqy/Ng== X-Google-Smtp-Source: AGHT+IHlVfU8YzToc1YgKbnp+YVjx2fbSO6Cthok7K6rVJUEtRDdG/oW7/Gksk3YpsrQhvN1doO/Lg== X-Received: by 2002:a05:6a21:6d93:b0:2ca:f345:5673 with SMTP id adf61e73a8af0-32da90145fdmr30899717637.27.1760474354347; Tue, 14 Oct 2025 13:39:14 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992b733355sm16009495b3a.26.2025.10.14.13.39.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 13:39:14 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Peter Marko , Khem Raj , Gyorgy Sarvari , Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 2/6] corosync: fix upstream version check Date: Wed, 15 Oct 2025 09:38:57 +1300 Message-ID: <20251014203901.1479326-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> References: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Oct 2025 20:39:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120627 From: Peter Marko github-releases is needed that it work at all: ERROR: Automatic discovery of latest version/revision failed - you must provide a version using the --version/-V option, or for recipes that fetch from an SCM such as git, the --srcrev/-S option. UPSTREAM_CHECK_GITTAGREGEX is needed to get correct version, otherwise: $ devtool latest-version corosync ... INFO: Current version: 3.1.6 INFO: Latest version: 414.336.75.75.75 Signed-off-by: Peter Marko Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari (cherry picked from commit 9aed476a9031577e7acfc2ba2f4ff0abd5106580) Signed-off-by: Ankur Tyagi --- meta-networking/recipes-extended/corosync/corosync_3.1.6.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-networking/recipes-extended/corosync/corosync_3.1.6.bb b/meta-networking/recipes-extended/corosync/corosync_3.1.6.bb index 8fca576614..eb70bbe923 100644 --- a/meta-networking/recipes-extended/corosync/corosync_3.1.6.bb +++ b/meta-networking/recipes-extended/corosync/corosync_3.1.6.bb @@ -5,13 +5,13 @@ HOMEPAGE = "http://corosync.github.io/corosync/" SECTION = "base" -inherit autotools pkgconfig systemd +inherit autotools pkgconfig systemd github-releases -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ +SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://corosync.conf \ " SRC_URI[sha256sum] = "ca6ed32b4d7f33ed614afce8760fe58d0de92c68b575d4969ebacd892f3d1e27" -UPSTREAM_CHECK_REGEX = "(?P\d+\.(?!99)\d+(\.\d+)+)" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=a85eb4ce24033adb6088dd1d6ffc5e5d" From patchwork Tue Oct 14 20:38:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72293 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B47ECCD18E for ; Tue, 14 Oct 2025 20:39:19 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web11.6657.1760474358208249727 for ; Tue, 14 Oct 2025 13:39:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lFB2h0M3; spf=pass (domain: gmail.com, ip: 209.85.210.172, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-78f3bfe3f69so5210367b3a.2 for ; Tue, 14 Oct 2025 13:39:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760474357; x=1761079157; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YnwVPK14oAQCEpec945M7Ysk3LGPIWUBblNncQjm5P4=; b=lFB2h0M3v5WL6fYcSkK6ZXdCr2g8NWOYburyrTVOPRodHVQBgT+crGaFS/z7AASFcD EyeXXA2+YcN/r3dAZIb/zm38XxRRoqdYs7UltY7fkkHfqzX/pRggNGuZQ5Q3sWnYgrwJ uNHuW59Zahby4vFQxnq6X8ZVrolp5PXrJ1g9qOwM0etZjQCK+JZRC5NeyiIhaTY3spPl z6AhupD3rwFvoWq4rc+vKiLGh7qeOlLEj6tGvzFEjiElreA2/f0SCe+Di0kmFPmkBOZI wPxjHbT7qu7WSrOQO1sjd36j7BVijM2iNoZG1AUtQzrhDSoOCatraL9NFJMnO3ZcLevN NACg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760474357; x=1761079157; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YnwVPK14oAQCEpec945M7Ysk3LGPIWUBblNncQjm5P4=; b=gkkFHkrkdw5p8JpGbuy+tnA7xueE9BhrI31VfULJslDeTgbPSe07owKMAt6Dyz4nxY dkA1OxpoRUE1kkfMStB7IGt09oiuzUm4Cg06Je+qiTe97H8M+Eh3+0omxSfgia07Ae/d BHiv1iy1Dc542jAMkwtYJzdSIT/rBXzzkpoWqlpn9BaasVrNpG1AFaOGL2oeunXy0/s9 XANHgPC/tPOBPB26VUlrPHKRWMarlTzVTLMs0LvVSSkGjZQ8Hs45dfoAG7ljG2q/B3rH qL9KfHry3EeOoToUeS7DvqxYLCYfdR/b3gx/XItkdYvBjatJoFa1w2NMKOgx1TFoQgD6 w2Wg== X-Gm-Message-State: AOJu0YxQ2qesgSIQgs0XXSgdaWJnoY5r9uKnFseb5dgoeg2gEGvDiNbv FVqiDEXd7zBkPJgcgpQbl1BxllBHqKEqKxljgeTHvw00Gb730Fol5Kld2pWh8g== X-Gm-Gg: ASbGncuTYyoP6VNPzbDn9wmqyre5vKYwmvj9bGQq5I5r2PIFi0EEKOvcCQMX3oHTlBx tIOhVKGkCSSaX+/BBDT3iokFz5CP84cyv9E0rL3P5+4XQr+DfnrmNFg1+Njx4HaWJO3msQBNGEz +CMn4g7tiZBX0zr9shIvTlxH414mnhrGhPwl7+vC3KuJkVDw7ZD99oYRkHxtE9IQ8rqXBg+H6ct 6CWqgRJBWCUW6b/PQgtNYUlPFrUFR9oL3s2PhKJii8gaDV9GiCLUS9Zkam81EECPe+VcRU75siS XY4LLOKmMLOARYekifafhpLAxFsMAaUTXQPFNJgpr8GMlqMtFoj+QngbjCEvrWKlqS1BWN9D5oO bJhY//a6fKO861vbEM2w+zoqwK10ynV9Qc9tCBzU+PnrhWDtr88FBHMU= X-Google-Smtp-Source: AGHT+IEOpxAIgPaMVFY2UdATTsHwthluGy6v8UaIwbpPPVMBUuk9bAZJ4PfjnyYiCFgbr7SAfB9Uyw== X-Received: by 2002:a05:6a00:1491:b0:780:ed4f:e191 with SMTP id d2e1a72fcca58-79387c18f99mr25110344b3a.23.1760474357365; Tue, 14 Oct 2025 13:39:17 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992b733355sm16009495b3a.26.2025.10.14.13.39.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 13:39:17 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Peter Marko , Khem Raj , Gyorgy Sarvari , Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 3/6] corosync: upgrade 3.1.6 -> 3.1.9 Date: Wed, 15 Oct 2025 09:38:58 +1300 Message-ID: <20251014203901.1479326-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> References: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Oct 2025 20:39:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120628 From: Peter Marko dbus dir was changed from sysconfdir to datadir drop unused configure code License-Update: copyright years refreshed Signed-off-by: Peter Marko Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari (cherry picked from commit 950c603f21d14b07874f7bfdfb71eae86f6de3c7) Signed-off-by: Ankur Tyagi --- .../corosync/{corosync_3.1.6.bb => corosync_3.1.9.bb} | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) rename meta-networking/recipes-extended/corosync/{corosync_3.1.6.bb => corosync_3.1.9.bb} (90%) diff --git a/meta-networking/recipes-extended/corosync/corosync_3.1.6.bb b/meta-networking/recipes-extended/corosync/corosync_3.1.9.bb similarity index 90% rename from meta-networking/recipes-extended/corosync/corosync_3.1.6.bb rename to meta-networking/recipes-extended/corosync/corosync_3.1.9.bb index eb70bbe923..b4e0f1c7db 100644 --- a/meta-networking/recipes-extended/corosync/corosync_3.1.6.bb +++ b/meta-networking/recipes-extended/corosync/corosync_3.1.9.bb @@ -10,11 +10,11 @@ inherit autotools pkgconfig systemd github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://corosync.conf \ " -SRC_URI[sha256sum] = "ca6ed32b4d7f33ed614afce8760fe58d0de92c68b575d4969ebacd892f3d1e27" +SRC_URI[sha256sum] = "203354bbddee1a97b3c50a076eae89c635f406dd674ccaefc94bb9092acd9535" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=a85eb4ce24033adb6088dd1d6ffc5e5d" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d9c2cca5d3448c43e52a399ad611658a" DEPENDS = "groff-native nss libqb kronosnet" @@ -34,11 +34,6 @@ PACKAGECONFIG[systemd] = "--enable-systemd --with-systemddir=${systemd_system_un EXTRA_OECONF = "ac_cv_path_BASHPATH=${base_bindir}/bash ap_cv_cc_pie=no" EXTRA_OEMAKE = "tmpfilesdir_DATA=" -#do_configure:prepend() { -# ( cd ${S} -# ${S}/autogen.sh ) -#} - do_install:append() { install -D -m 0644 ${WORKDIR}/corosync.conf ${D}${sysconfdir}/corosync/corosync.conf.example install -d ${D}${sysconfdir}/sysconfig/ @@ -59,5 +54,6 @@ do_install:append() { RDEPENDS:${PN} += "bash ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'sysvinit-pidof', 'procps', d)}" +FILES:${PN} += "${datadir}/dbus-1" FILES:${PN}-dbg += "${libexecdir}/lcrso/.debug" FILES:${PN}-doc += "${datadir}/snmp/mibs/COROSYNC-MIB.txt" From patchwork Tue Oct 14 20:38:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72296 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4DA3BCCD190 for ; Tue, 14 Oct 2025 20:39:29 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.6659.1760474361339869810 for ; Tue, 14 Oct 2025 13:39:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XFNZmYEp; spf=pass (domain: gmail.com, ip: 209.85.210.174, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-781ea2cee3fso5588104b3a.0 for ; Tue, 14 Oct 2025 13:39:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760474360; x=1761079160; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=e3dErGWZhUilwr6e6fZ2g5gPmNT9iqC8kjiHGvft6Ug=; b=XFNZmYEpqQ+LFV4KfgxE/3aH96TTHxiEJzZ3lZe3LAR6TTjlN9HxYHJjgGVJS3mVPM 5LtKk4xC7dObbe3M7m9HDgSSobzvMLhxng6OER5CQoKZRobJKjnmJmBuzeTvoGj3RI0I wbqIcCgcmGwcy0ulReP6WN4Bb7Roro0l6tkVLbdUx3fSLJFAmUcexW9GKb+1/dEMYG0N ME5eLcCwvwAgossBaVdgw3TMF1wAKeRkcm0jcVey06IVEHqxfmTj4kxUZ+ilIv+gB1b+ JT0/iAOP+4wdXxch0iCHUOtvc1643SUx+kNAdjJH8+24VpmAFJYzkrzz8/uJ6xTcIRIl TAHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760474360; x=1761079160; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e3dErGWZhUilwr6e6fZ2g5gPmNT9iqC8kjiHGvft6Ug=; b=qITlSUbg4tsRXEyf2u4e9yRzvs3owdv4YPWXqNj1vI9HySViYvJ/C3tnif4UwHnetK bYNCU/1HdKOxkWaXKbrL+UN4siBeJPVtXbfxftoRApBPzZDoZi0B+mNCcZhfxtZ4W4PS imnVtqKnBrmOXsJWhSkxdQfOksfjo+jBnPq4gGFIR/Hn60rvSk7VJYm8PZiLM2tIxvJs Jbj7Z+zAHoEW45sny54bhiqPH0eZ9PiG4iIOlye+KUv1KormhR8JsCaBwgbvWgf/KDtS cqvobimGy31l1RaixljIhVazzdUvINqsdAiRnVLsrgVkvOts9+2jflwKkA5eszfCAl0U GOEg== X-Gm-Message-State: AOJu0YxDzGvsFI8Iv0gdh6daf3FrLhkrSYLnqkUIpIwcSDYPr1ihi6As RtYTk3WyfLo48wJpAm0k/Ym/WCnuulYTEl09Bsdo+6JJD4AqmcUTsQG4BbI6MA== X-Gm-Gg: ASbGnctUbLJiiDq/O7AGhgPfGoKItiZBX0f66csgJZJq73Pbyjjz0vKt8UwJSyfssyr oHUjnyNFnDYd08zvfoE6OzA1I3ldCDHYDKwyy1CVSzOPZX/FB3Y/iX/TKyPADqnsshV+yTl3MEG ZKXrhy8c1LlCWvONwdLqTec21lA3mckOPl38vn26mN60fgjG60sJkcWp5BYMJx+auaClR3FCO1b Kwi2MZZg+adsIFk7q/YUDYJI02f0cywlvDd5dEhaWT5JLjP6clvSQeN4I+DpnBDg3uutsx4SinL +6pHCebM50baoF8SYWs5bOtmND+S9gOFS8cQYVp1lpmr2AFfEtwJEijhSGAXB6p8jv2EqZ54SVd JMb1cMi5Tsq9C7b7LcNnhKPMny6+VfIsqDFwjPPcMtMq6erQNEJW2+44= X-Google-Smtp-Source: AGHT+IGfaYcWS+YJFFUxfg4zRHDBJeotMagKOkbhE3WOWbMxfUSvdGRknAyhyZ4SxgeGUisqx6XlJg== X-Received: by 2002:a05:6a00:4fca:b0:78a:f6be:74d9 with SMTP id d2e1a72fcca58-793876375c2mr29374351b3a.26.1760474360536; Tue, 14 Oct 2025 13:39:20 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992b733355sm16009495b3a.26.2025.10.14.13.39.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 13:39:20 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Peter Marko , Khem Raj , Gyorgy Sarvari , Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 4/6] corosync: patch CVE-2025-30472 Date: Wed, 15 Oct 2025 09:38:59 +1300 Message-ID: <20251014203901.1479326-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> References: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Oct 2025 20:39:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120629 From: Peter Marko Pick commit from [1] mentioned in [2] from [3] [1] https://github.com/corosync/corosync/issues/778 [2] https://github.com/corosync/corosync/pull/779 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-30472 Signed-off-by: Peter Marko Signed-off-by: Khem Raj Signed-off-by: Gyorgy Sarvari (cherry picked from commit eab04e462009f938fcaefefdde5e67cc94c525e8) Signed-off-by: Ankur Tyagi --- .../corosync/corosync/CVE-2025-30472.patch | 69 +++++++++++++++++++ .../corosync/corosync_3.1.9.bb | 1 + 2 files changed, 70 insertions(+) create mode 100644 meta-networking/recipes-extended/corosync/corosync/CVE-2025-30472.patch diff --git a/meta-networking/recipes-extended/corosync/corosync/CVE-2025-30472.patch b/meta-networking/recipes-extended/corosync/corosync/CVE-2025-30472.patch new file mode 100644 index 0000000000..9b36dbe3fb --- /dev/null +++ b/meta-networking/recipes-extended/corosync/corosync/CVE-2025-30472.patch @@ -0,0 +1,69 @@ +From 7839990f9cdf34e55435ed90109e82709032466a Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Mon, 24 Mar 2025 12:05:08 +0100 +Subject: [PATCH] totemsrp: Check size of orf_token msg + +orf_token message is stored into preallocated array on endian convert +so carefully crafted malicious message can lead to crash of corosync. + +Solution is to check message size beforehand. + +Signed-off-by: Jan Friesse +Reviewed-by: Christine Caulfield + +CVE: CVE-2025-30472 +Upstream-Status: Backport [https://github.com/corosync/corosync/commits/7839990f9cdf34e55435ed90109e82709032466a] +Signed-off-by: Peter Marko +--- + exec/totemsrp.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/exec/totemsrp.c b/exec/totemsrp.c +index 962d0e2a..364528ce 100644 +--- a/exec/totemsrp.c ++++ b/exec/totemsrp.c +@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity( + const struct totemsrp_instance *instance, + const void *msg, + size_t msg_len, ++ size_t max_msg_len, + int endian_conversion_needed) + { + int rtr_entries; + const struct orf_token *token = (const struct orf_token *)msg; + size_t required_len; + ++ if (msg_len > max_msg_len) { ++ log_printf (instance->totemsrp_log_level_security, ++ "Received orf_token message is too long... ignoring."); ++ ++ return (-1); ++ } ++ + if (msg_len < sizeof(struct orf_token)) { + log_printf (instance->totemsrp_log_level_security, + "Received orf_token message is too short... ignoring."); +@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity( + rtr_entries = token->rtr_list_entries; + } + ++ if (rtr_entries > RETRANSMIT_ENTRIES_MAX) { ++ log_printf (instance->totemsrp_log_level_security, ++ "Received orf_token message rtr_entries is corrupted... ignoring."); ++ ++ return (-1); ++ } ++ + required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item); + if (msg_len < required_len) { + log_printf (instance->totemsrp_log_level_security, +@@ -3868,7 +3883,8 @@ static int message_handler_orf_token ( + "Time since last token %0.4f ms", tv_diff / (float)QB_TIME_NS_IN_MSEC); + #endif + +- if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) { ++ if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage), ++ endian_conversion_needed) == -1) { + return (0); + } + diff --git a/meta-networking/recipes-extended/corosync/corosync_3.1.9.bb b/meta-networking/recipes-extended/corosync/corosync_3.1.9.bb index b4e0f1c7db..cd9feb5da5 100644 --- a/meta-networking/recipes-extended/corosync/corosync_3.1.9.bb +++ b/meta-networking/recipes-extended/corosync/corosync_3.1.9.bb @@ -9,6 +9,7 @@ inherit autotools pkgconfig systemd github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://corosync.conf \ + file://CVE-2025-30472.patch \ " SRC_URI[sha256sum] = "203354bbddee1a97b3c50a076eae89c635f406dd674ccaefc94bb9092acd9535" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" From patchwork Tue Oct 14 20:39:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72295 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D9FFCCD184 for ; Tue, 14 Oct 2025 20:39:29 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.6670.1760474363725719190 for ; Tue, 14 Oct 2025 13:39:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=TRLuSLM1; spf=pass (domain: gmail.com, ip: 209.85.210.182, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-782bfd0a977so4858565b3a.3 for ; Tue, 14 Oct 2025 13:39:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760474363; x=1761079163; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KuHObWYC1ebz1v78RMCaXViosS6lpH2EK5GFmog0Eb8=; b=TRLuSLM1JqytkYOdmnSZtAG6rWpmnqAwBr6mEN1yYFP6me1q7YM72W96b/F2HjklXR FPLGtIgzne3XkN7AtO16va7NyXs7CJcy037f0T3LayVE/0zXxOt4jq9xtDF4M52qTpJO H535b6+Hwq0nCp3V4AGIL0gU9XkgvTsWrrHGz43Q86vdIuDljD3f/HXSdgtCA3ApctFd G426vvUzEKHlCXXSwBKC7sVvolMPia8MrbqclWvCfAvq92BPo9PZpH+VMYa/xW1WzEk9 FN9u9EG+3waHL/u9N1CgAn4t/46tnpwNWSNaC4QUKQaH7sDE3EZaiZrZAlcswXeUJj5X vYeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760474363; x=1761079163; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KuHObWYC1ebz1v78RMCaXViosS6lpH2EK5GFmog0Eb8=; b=Gg+y7iNpJhwnURmh7yYi0+Y+Fg08xx12exqlMf4vquRg3Tz4qJtL9+zDaYIhnPZpb+ jd8/zUzfpNXvLPf4BRIDvaNI9EzwjG/Lp3xu1hwLnt0qw7QI56HCqdAASfSNX+exukkV 1Vqg49hPq2e6bfpDASwprw6MvL+0LXqSTIisGQcnEold5QFlOktytfKDKeDO4M1Ca8kW cyDCqtz+j8xoD6ekVndfQyWrurxRavsrfhVemGwpsE8pF2JaF8AuwuhY/DznLcQEXXhi A43+q7JJijOGrYekyQzSNhw9AAGe1ecVfVKLZksjtt/rYzNh0nND63iw/8JtUrHfYBJp EHQQ== X-Gm-Message-State: AOJu0YyBH957cmj/F2xgZ+P71lGCaVNlJd4xkGWr6kZui7VhiED5FC9/ 3JsBun1HlSwzAAx/biLL69NWiF5WugOgyaRJPTJM/EsLgZCCAM9amn/kYBl7YA== X-Gm-Gg: ASbGncvp4Wx9ildZgh4Orq9CjAHfN1jv47o1m4dRvi1QZLFq0+2KT6CNSDMNMXeDP5C Y3F9kVohLPAxqFvVEw8SlyiPRKu5GQeQaHErHmOUmipVqSK1dm3QX5l814ggR9s/c7+exkyVcUr hlyrwfxpUJOFczaZsX3hPzvVL1ns/LJrR2hwFB3ci+EjxwiU2Nnl08dKTC+VZvCdCmXJ5EFV0Ur ALC5A96DKKNEeT5iTNC+BUPGaUBv9Q+5l3G5DurE7EJZU5dRR2SaD6hUWT6S9LWP6RqGi2g4IMS aLqVwjayUGNlnH9ZJcTixdjvwP3pTBnudN+GQSrIRBLquQ7VkKuTheKiNp0TfafSIs6+WdEw4CW 9xGHBM0FooVLS+ehAfh1QvgfgvdtCDoZp9170H9rqF8iCkqroxGPmRCI= X-Google-Smtp-Source: AGHT+IGP0Mcv2BPWI363wFeWFnUkajN5qMBhatkYEBGneWbKCPwqDGUPaVqzir49sS3A6DndVpsNUQ== X-Received: by 2002:a05:6a20:5493:b0:263:3b40:46d4 with SMTP id adf61e73a8af0-32da84640d0mr33623359637.56.1760474362890; Tue, 14 Oct 2025 13:39:22 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992b733355sm16009495b3a.26.2025.10.14.13.39.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 13:39:22 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi , Gyorgy Sarvari Subject: [oe][meta-networking][scarthgap][PATCH 5/6] tinyproxy: patch CVE-2023-49606 Date: Wed, 15 Oct 2025 09:39:00 +1300 Message-ID: <20251014203901.1479326-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> References: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Oct 2025 20:39:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120630 Details https://nvd.nist.gov/vuln/detail/CVE-2023-49606 Signed-off-by: Ankur Tyagi Signed-off-by: Gyorgy Sarvari (cherry picked from commit 7f8516d8db5e51c5d2e75f6c6ca75199bee55217) Signed-off-by: Ankur Tyagi --- .../tinyproxy/0001-CVE-2023-49606.patch | 59 +++++++++++++++++++ .../tinyproxy/tinyproxy_1.11.1.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch new file mode 100644 index 0000000000..dd10d2cd33 --- /dev/null +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch @@ -0,0 +1,59 @@ +From 982a46347c5939e08ad659858b1ac32361d7ffb8 Mon Sep 17 00:00:00 2001 +From: rofl0r +Date: Sun, 5 May 2024 10:37:29 +0000 +Subject: [PATCH] CVE-2023-49606 + +fix potential UAF in header handling + +https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 + +this bug was brought to my attention today by the debian tinyproxy +package maintainer. the above link states that the issue was known +since last year and that maintainers have been contacted, but if +that is even true then it probably was done via a private email +to a potentially outdated email address of one of the maintainers, +not through the channels described clearly on the tinyproxy homepage: + +> Feel free to report a new bug or suggest features via github issues. +> Tinyproxy developers hang out in #tinyproxy on irc.libera.chat. + +no github issue was filed, and nobody mentioned a vulnerability on +the mentioned IRC chat. if the issue had been reported on github or +IRC, the bug would have been fixed within a day. + +CVE: CVE-2023-49606 +Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/12a8484265f7b00591293da492bb3c9987001956] + +(cherry picked from commit 12a8484265f7b00591293da492bb3c9987001956) +Signed-off-by: Ankur Tyagi +--- + src/reqs.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/reqs.c b/src/reqs.c +index b865190..705ce11 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -779,7 +779,7 @@ static int remove_connection_headers (orderedmap hashofheaders) + char *data; + char *ptr; + ssize_t len; +- int i; ++ int i,j,df; + + for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) { + /* Look for the connection header. If it's not found, return. */ +@@ -804,7 +804,12 @@ static int remove_connection_headers (orderedmap hashofheaders) + */ + ptr = data; + while (ptr < data + len) { +- orderedmap_remove (hashofheaders, ptr); ++ df = 0; ++ /* check that ptr isn't one of headers to prevent ++ double-free (CVE-2023-49606) */ ++ for (j = 0; j != (sizeof (headers) / sizeof (char *)); ++j) ++ if(!strcasecmp(ptr, headers[j])) df = 1; ++ if (!df) orderedmap_remove (hashofheaders, ptr); + + /* Advance ptr to the next token */ + ptr += strlen (ptr) + 1; diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb index 999deff4de..8aff50fac8 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb @@ -8,6 +8,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz file://tinyproxy.service \ file://tinyproxy.conf \ file://CVE-2022-40468.patch \ + file://0001-CVE-2023-49606.patch \ " SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047" From patchwork Tue Oct 14 20:39:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72297 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 548ECCCD18E for ; Tue, 14 Oct 2025 20:39:29 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.6677.1760474365849079697 for ; Tue, 14 Oct 2025 13:39:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cJnuYgZ6; spf=pass (domain: gmail.com, ip: 209.85.210.176, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-780fc3b181aso3476638b3a.2 for ; Tue, 14 Oct 2025 13:39:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760474365; x=1761079165; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Q95GyYUnAjW6T8UQwPbCosN6A9n6Vql2qJbaRpCzDzk=; b=cJnuYgZ65WJeaebnSD5s4OE7eJ6Uz5Y6mTrQEuhs0xd/HBTkFdDYsoddNcPPtRXu2E juXhqNRjyGPHMa8IZQTITEFCSpF2X9k/PjP4ZwkyjUAJ0o/yEYspJZv+5y1zIrIgmdhC lrgdFwTbr1Xfp8G2L+Uj2/809hsVV+6ixmgozMxPC6nwXfZGHTcKbYYqgKWovKXSKHb1 gsiFYG5k3qCZ6heElhWOJi0VJGpL+IC7gzJq7dC7p1HualEQ7iI5/BjVTCvd8xHPxb0Z /QUXdlZ3DgIdUFogx0je8Rb5MMcMZ4Cg3ya1TdzDimlu7cSY+RGURFQm3vuqBsEe0282 6o4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760474365; x=1761079165; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q95GyYUnAjW6T8UQwPbCosN6A9n6Vql2qJbaRpCzDzk=; b=uEruWKjnpFYAMD6i0r02B+NZiL/iZb+NvAkwj1lOGEbQSE5uZoJQtBxw+3JXYquqAY WRGzUYMWs5hcIs0pQVKH1q8FSWQtxm5QadeJ3jzPnBrxh+XqSrc/HMdYTILW9BNgtryI 5ig6E5nGswMU7VYE5YSUj9/PJJMwt4eq4ctSFmhynyz1yCpyNxcSZnu3BWg86BxPYdZN haIyHArXlp/ALAeC7t8DwjdlAqmDR/MSRHlu8Wd0ye2CS2GuNL2pgCI0vg0h0EbR5uhA NT0mQBvv7QeQVlH/O4uRpz80pp4dPiybPBSdYdG9ny3XQ3O/6GeNB9DK2jiwK8N6BnmI Cjlw== X-Gm-Message-State: AOJu0Yyb3g964HjaoSC6bLJ626DREjHqnapuZdwdytau5ihCXMOkXdZ/ VZUdaRySMFebO1XiAguisMpSMSFmBU9yvwnzRAe6uVvKFaijpmkUdp4ytrlpaw== X-Gm-Gg: ASbGnctFO0aKA4wbrdbUc26qAJtUVvKPHE3sOdtD6s3NWkxfvWGlW+ozyv/jF9hJ3Kg /TffqMw+GF+1g+txZD9JL+h80zRKpMvVKk2qFIfAUWw4CzXT1zZWTZTurDMnDd0l2C+nXKFqLxi BIFgNJGtLvcDYW5T7+440PdtmYVOBt6bxV8fDvofiri/aMlsXLPtV+NXQ2uhzXJFbAUPra/ASiI ZGgMg3GDic1jo4O5BPMD33ysEjROxem7YXMLgDYUROZfcO8521gWp1zEoSj5jmrSMOBEZ9suC7q WYzBlDRMPWgrAc9eaJSBfUYvVkGyAkGoYC/QikPvOc4jbw4W7Bqp6sIXFYNiOupkrMuObj+QhFw yO31OWsoJkQBvEserIYMXSb3mkLOBlZ22+iVTt0AEKGRKdLlykNTq9Eg8znjvOQBEaQ== X-Google-Smtp-Source: AGHT+IFa1hJpQymbVr5YVajAVBZWHGMDoY/n+4vgWUKdc6z9vQ1Stj4ynQ5/xuL4bjDjiiPxZip7PQ== X-Received: by 2002:a05:6a00:21d5:b0:781:1b5a:95b2 with SMTP id d2e1a72fcca58-79387a212afmr34056441b3a.28.1760474364971; Tue, 14 Oct 2025 13:39:24 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992b733355sm16009495b3a.26.2025.10.14.13.39.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 13:39:24 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 6/6] frr: patch CVE-2024-44070 Date: Wed, 15 Oct 2025 09:39:01 +1300 Message-ID: <20251014203901.1479326-6-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> References: <20251014203901.1479326-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 14 Oct 2025 20:39:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120631 Details https://nvd.nist.gov/vuln/detail/CVE-2024-44070 Signed-off-by: Ankur Tyagi --- .../frr/frr/CVE-2024-44070.patch | 54 +++++++++++++++++++ .../recipes-protocols/frr/frr_9.1.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch new file mode 100644 index 0000000000..87bd16efa6 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch @@ -0,0 +1,54 @@ +From 335dc7f0421dc5b59a50795f21f28bd92ed4ef12 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Wed, 31 Jul 2024 08:35:14 +0300 +Subject: [PATCH] bgpd: Check the actual remaining stream length before taking + TLV value + +``` + 0 0xb50b9f898028 in __sanitizer_print_stack_trace (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x368028) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7) + 1 0xb50b9f7ed8e4 in fuzzer::PrintStackTrace() (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x2bd8e4) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7) + 2 0xb50b9f7d4d9c in fuzzer::Fuzzer::CrashCallback() (/home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x2a4d9c) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7) + 3 0xe0d12d7469cc (linux-vdso.so.1+0x9cc) (BuildId: 1a77697e9d723fe22246cfd7641b140c427b7e11) + 4 0xe0d12c88f1fc in __pthread_kill_implementation nptl/pthread_kill.c:43:17 + 5 0xe0d12c84a678 in gsignal signal/../sysdeps/posix/raise.c:26:13 + 6 0xe0d12c83712c in abort stdlib/abort.c:79:7 + 7 0xe0d12d214724 in _zlog_assert_failed /home/ubuntu/frr-public/frr_public_private-libfuzzer/lib/zlog.c:789:2 + 8 0xe0d12d1285e4 in stream_get /home/ubuntu/frr-public/frr_public_private-libfuzzer/lib/stream.c:324:3 + 9 0xb50b9f8e47c4 in bgp_attr_encap /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_attr.c:2758:3 + 10 0xb50b9f8dcd38 in bgp_attr_parse /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_attr.c:3783:10 + 11 0xb50b9faf74b4 in bgp_update_receive /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:2383:20 + 12 0xb50b9faf1dcc in bgp_process_packet /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_packet.c:4075:11 + 13 0xb50b9f8c90d0 in LLVMFuzzerTestOneInput /home/ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/bgp_main.c:582:3 +``` + +CVE: CVE-2024-44070 +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/21cd931a5f9303e12104c72ce31ca383c0c57514] + +Reported-by: Iggy Frankovic +Signed-off-by: Donatas Abraitis +(cherry picked from commit 0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5) +(cherry picked from commit 21cd931a5f9303e12104c72ce31ca383c0c57514) +Signed-off-by: Ankur Tyagi +--- + bgpd/bgp_attr.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 797f05d606..cc63251cc8 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -2718,6 +2718,14 @@ static int bgp_attr_encap(struct bgp_attr_parser_args *args) + args->total); + } + ++ if (STREAM_READABLE(BGP_INPUT(peer)) < sublength) { ++ zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining stream length %zu", ++ sublength, STREAM_READABLE(BGP_INPUT(peer))); ++ return bgp_attr_malformed(args, ++ BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, ++ args->total); ++ } ++ + /* alloc and copy sub-tlv */ + /* TBD make sure these are freed when attributes are released */ + tlv = XCALLOC(MTYPE_ENCAP_TLV, diff --git a/meta-networking/recipes-protocols/frr/frr_9.1.bb b/meta-networking/recipes-protocols/frr/frr_9.1.bb index 7c1691259d..ce9876c79f 100644 --- a/meta-networking/recipes-protocols/frr/frr_9.1.bb +++ b/meta-networking/recipes-protocols/frr/frr_9.1.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.1 \ file://CVE-2024-31951.patch \ file://CVE-2024-31948.patch \ file://CVE-2024-31949.patch \ + file://CVE-2024-44070.patch \ " SRCREV = "ca2d6f0f1e000951224a18973cc1827f7f5215b5"