From patchwork Wed May 11 18:19:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7913 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42C5FC433FE for ; Wed, 11 May 2022 18:20:02 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web08.409.1652293194705572555 for ; Wed, 11 May 2022 11:19:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=cZrgQ9gI; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id m12so2684919plb.4 for ; Wed, 11 May 2022 11:19:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=+8ha8tRJgsQxZln4GAPXKYrBYXvK+fY9K3AH+06ObcQ=; b=cZrgQ9gIx2gq8tfUInATW/fcnNSvx8cz7/lX6EBBEmKR4bM9JoY5vP3zBDOdqA4fF7 PRNjcuIJkAVXvOFC+kwKt+BsnDrQtDGGrAJ4ZYHI1aZjqJqc9hulBmR5/K+koPkxTTuS q9UlRlJe5qXxZfDW2BWm72bkfBCQFi/l4J3vGgu9vs2XwdikhwGCpGk5nbS6Da+z/f6+ 08Vcmake/wnJmM8oek8apJlYuZBweNQBt+nOc+6+zYThVu8v4DyP7czC//b35WFcgoUW 3GGlToHJopU7tpss6HR3iF749E+/llOKl/LFiF/U4eJQP6W9uDV3EIIcMaTxJtAiKRJB VJng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+8ha8tRJgsQxZln4GAPXKYrBYXvK+fY9K3AH+06ObcQ=; b=DOhOXOwwfLZdWiad7q9zBF+sZI9e6eTqpK25/VDIr6PIdy4lIKzY5NjJy3nmk/umE8 LfwyEPAnThh5kApN3gLPhZWvM2CZwAOZ2lT3gHyVnYQpvqdIiSr4qBb8pOnXioxHGyc8 nGeyoCAvbXnMkDDe/TOxGD3sJxnl1cgTr1ilSH8mx9m7WVTCEw4Q+TENPKGoCho2N70K VSsKETIIC5MgmMKrlKAEcAjGspCFz6bMcS3Fx6KnOulBtcvLfyEzfGoJ7rxX4wGfQ9pl FI2w5oXbeFwO1Y0gcapdxUFWXSHAjI5pd6Y2JPLdYXyG/WoZS3IlxuRMSp3T/cEd8HD/ NAWw== X-Gm-Message-State: AOAM5311rYknIXXBGKVyS/wh3S+lYZEOr67/dqoSZcenvTPTeId4ke0T ZBSI3qc00VJjmfSyq40sX8+fi9AQa9j2+7dG X-Google-Smtp-Source: ABdhPJxN+AfGS0RWhC7ClkAyOGNhRx6kpS+E0+wh2xj1wowAaqqNqTAIi8StsRNupNL5J9+1PCb6ow== X-Received: by 2002:a17:90b:1894:b0:1dc:103a:3ba2 with SMTP id mn20-20020a17090b189400b001dc103a3ba2mr6581489pjb.181.1652293193380; Wed, 11 May 2022 11:19:53 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.19.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:19:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Date: Wed, 11 May 2022 08:19:20 -1000 Message-Id: <1c96b8af59e105724db884967a982bb5a47a7eb1.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165507 From: Pawan Badganchi Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 CVE-2022-25308.patch Link: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 CVE-2022-25309.patch Link: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3 CVE-2022-25310.patch Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f Signed-off-by: Pawan Badganchi Signed-off-by: Steve Sakoman --- .../fribidi/fribidi/CVE-2022-25308.patch | 50 +++++++++++++++++++ .../fribidi/fribidi/CVE-2022-25309.patch | 31 ++++++++++++ .../fribidi/fribidi/CVE-2022-25310.patch | 30 +++++++++++ meta/recipes-support/fribidi/fribidi_1.0.9.bb | 3 ++ 4 files changed, 114 insertions(+) create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch new file mode 100644 index 0000000000..8f2c2ade0e --- /dev/null +++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch @@ -0,0 +1,50 @@ +From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001 +From: Akira TAGOH +Date: Thu, 17 Feb 2022 17:30:12 +0900 +Subject: [PATCH] Fix the stack buffer overflow issue + +strlen() could returns 0. Without a conditional check for len, +accessing S_ pointer with len - 1 may causes a stack buffer overflow. + +AddressSanitizer reports this like: +==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0 +43b30 sp 0x7ffdce043b28 +READ of size 1 at 0x7ffdce043c1f thread T0 + #0 0x403546 in main ../bin/fribidi-main.c:393 + #1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f) + #2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648) + #3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4) + +Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame + #0 0x4022bf in main ../bin/fribidi-main.c:193 + + This frame has 5 object(s): + [32, 36) 'option_index' (line 233) + [48, 52) 'base' (line 386) + [64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this variable + [65328, 130328) 'outstring' (line 385) + [130592, 390592) 'logical' (line 384) + +This fixes https://github.com/fribidi/fribidi/issues/181 + +CVE: CVE-2022-25308 +Upstream-Status: Backport [https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1] +Signed-off-by: Pawan Badganchi + +--- + bin/fribidi-main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c +index 3cf9fe1..3ae4fb6 100644 +--- a/bin/fribidi-main.c ++++ b/bin/fribidi-main.c +@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS + S_[sizeof (S_) - 1] = 0; + len = strlen (S_); + /* chop */ +- if (S_[len - 1] == '\n') ++ if (len > 0 && S_[len - 1] == '\n') + { + len--; + S_[len] = '\0'; diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch new file mode 100644 index 0000000000..0efba3d05c --- /dev/null +++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch @@ -0,0 +1,31 @@ +From f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Mon Sep 17 00:00:00 2001 +From: Dov Grobgeld +Date: Fri, 25 Mar 2022 09:09:49 +0300 +Subject: [PATCH] Protected against garbage in the CapRTL encoder + +CVE: CVE-2022-25309 +Upstream-Status: Backport [https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3] +Signed-off-by: Pawan Badganchi + +--- + lib/fribidi-char-sets-cap-rtl.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/fribidi-char-sets-cap-rtl.c b/lib/fribidi-char-sets-cap-rtl.c +index b0c0e4a..f74e010 100644 +--- a/lib/fribidi-char-sets-cap-rtl.c ++++ b/lib/fribidi-char-sets-cap-rtl.c +@@ -232,7 +232,12 @@ fribidi_cap_rtl_to_unicode ( + } + } + else +- us[j++] = caprtl_to_unicode[(int) s[i]]; ++ { ++ if ((int)s[i] < 0) ++ us[j++] = '?'; ++ else ++ us[j++] = caprtl_to_unicode[(int) s[i]]; ++ } + } + + return j; diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch new file mode 100644 index 0000000000..d79a82d648 --- /dev/null +++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch @@ -0,0 +1,30 @@ +From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001 +From: Akira TAGOH +Date: Thu, 17 Feb 2022 19:06:10 +0900 +Subject: [PATCH] Fix SEGV issue in fribidi_remove_bidi_marks + +Escape from fribidi_remove_bidi_marks() immediately if str is null. + +This fixes https://github.com/fribidi/fribidi/issues/183 + +CVE: CVE-2022-25310 +Upstream-Status: Backport [https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f] +Signed-off-by: Pawan Badganchi + +--- + lib/fribidi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/fribidi.c b/lib/fribidi.c +index f5da0da..70bdab2 100644 +--- a/lib/fribidi.c ++++ b/lib/fribidi.c +@@ -74,7 +74,7 @@ fribidi_remove_bidi_marks ( + fribidi_boolean status = false; + + if UNLIKELY +- (len == 0) ++ (len == 0 || str == NULL) + { + status = true; + goto out; diff --git a/meta/recipes-support/fribidi/fribidi_1.0.9.bb b/meta/recipes-support/fribidi/fribidi_1.0.9.bb index ac9ef88e27..62b7d72812 100644 --- a/meta/recipes-support/fribidi/fribidi_1.0.9.bb +++ b/meta/recipes-support/fribidi/fribidi_1.0.9.bb @@ -10,6 +10,9 @@ LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ + file://CVE-2022-25308.patch \ + file://CVE-2022-25309.patch \ + file://CVE-2022-25310.patch \ " SRC_URI[md5sum] = "1b767c259c3cd8e0c8496970f63c22dc" SRC_URI[sha256sum] = "c5e47ea9026fb60da1944da9888b4e0a18854a0e2410bbfe7ad90a054d36e0c7" From patchwork Wed May 11 18:19:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 14211 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Steve Sakoman" Subject: [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215 Date: Wed, 11 May 2022 08:19:21 -1000 Message-Id: <3f899844b383bfd13f176d86181d9219b3dbe345.1652292852.git.steve@sakoman.com> In-Reply-To: References: MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org From: Pawan Badganchi Add below patch to fix CVE-2022-1215 CVE-2022-1215.patch Link: https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28 Signed-off-by: Pawan Badganchi Signed-off-by: Steve Sakoman --- .../wayland/libinput/CVE-2022-1215.patch | 360 ++++++++++++++++++ .../wayland/libinput_1.15.2.bb | 1 + 2 files changed, 361 insertions(+) create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch diff --git a/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch b/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch new file mode 100644 index 0000000000..313c0c5eb2 --- /dev/null +++ b/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch @@ -0,0 +1,360 @@ +From 2a8b8fde90d63d48ce09ddae44142674bbca1c28 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Wed, 30 Mar 2022 09:25:22 +1000 +Subject: [PATCH] evdev: strip the device name of format directives +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes a format string vulnerabilty. + +evdev_log_message() composes a format string consisting of a fixed +prefix (including the rendered device name) and the passed-in format +buffer. This format string is then passed with the arguments to the +actual log handler, which usually and eventually ends up being printf. + +If the device name contains a printf-style format directive, these ended +up in the format string and thus get interpreted correctly, e.g. for a +device "Foo%sBar" the log message vs printf invocation ends up being: + evdev_log_message(device, "some message %s", "some argument"); + printf("event9 - Foo%sBar: some message %s", "some argument"); + +This can enable an attacker to execute malicious code with the +privileges of the process using libinput. + +To exploit this, an attacker needs to be able to create a kernel device +with a malicious name, e.g. through /dev/uinput or a Bluetooth device. + +To fix this, convert any potential format directives in the device name +by duplicating percentages. + +Pre-rendering the device to avoid the issue altogether would be nicer +but the current log level hooks do not easily allow for this. The device +name is the only user-controlled part of the format string. + +A second potential issue is the sysname of the device which is also +sanitized. + +This issue was found by Albin Eldstål-Ahrens and Benjamin Svensson from +Assured AB, and independently by Lukas Lamster. + +Fixes #752 + +Signed-off-by: Peter Hutterer +(cherry picked from commit a423d7d3269dc32a87384f79e29bb5ac021c83d1) + +CVE: CVE-2022-1215 +Upstream Status: Backport [https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28] +Signed-off-by: Pawan Badganchi + +--- + meson.build | 1 + + src/evdev.c | 31 +++++++++++------ + src/evdev.h | 6 ++-- + src/util-strings.h | 30 ++++++++++++++++ + test/litest-device-format-string.c | 56 ++++++++++++++++++++++++++++++ + test/litest.h | 1 + + test/test-utils.c | 26 ++++++++++++++ + 7 files changed, 139 insertions(+), 12 deletions(-) + create mode 100644 test/litest-device-format-string.c + +diff --git a/meson.build b/meson.build +index 90f528e6..1f6159e7 100644 +--- a/meson.build ++++ b/meson.build +@@ -787,6 +787,7 @@ + 'test/litest-device-dell-canvas-totem-touch.c', + 'test/litest-device-elantech-touchpad.c', + 'test/litest-device-elan-tablet.c', ++ 'test/litest-device-format-string.c', + 'test/litest-device-generic-singletouch.c', + 'test/litest-device-gpio-keys.c', + 'test/litest-device-huion-pentablet.c', +diff --git a/src/evdev.c b/src/evdev.c +index 6d81f58f..d1c35c07 100644 +--- a/src/evdev.c ++++ b/src/evdev.c +@@ -2356,19 +2356,19 @@ evdev_device_create(struct libinput_seat *seat, + struct libinput *libinput = seat->libinput; + struct evdev_device *device = NULL; + int rc; +- int fd; ++ int fd = -1; + int unhandled_device = 0; + const char *devnode = udev_device_get_devnode(udev_device); +- const char *sysname = udev_device_get_sysname(udev_device); ++ char *sysname = str_sanitize(udev_device_get_sysname(udev_device)); + + if (!devnode) { + log_info(libinput, "%s: no device node associated\n", sysname); +- return NULL; ++ goto err; + } + + if (udev_device_should_be_ignored(udev_device)) { + log_debug(libinput, "%s: device is ignored\n", sysname); +- return NULL; ++ goto err; + } + + /* Use non-blocking mode so that we can loop on read on +@@ -2382,13 +2382,15 @@ evdev_device_create(struct libinput_seat *seat, + sysname, + devnode, + strerror(-fd)); +- return NULL; ++ goto err; + } + + if (!evdev_device_have_same_syspath(udev_device, fd)) + goto err; + + device = zalloc(sizeof *device); ++ device->sysname = sysname; ++ sysname = NULL; + + libinput_device_init(&device->base, seat); + libinput_seat_ref(seat); +@@ -2411,6 +2413,9 @@ evdev_device_create(struct libinput_seat *seat, + device->dispatch = NULL; + device->fd = fd; + device->devname = libevdev_get_name(device->evdev); ++ /* the log_prefix_name is used as part of a printf format string and ++ * must not contain % directives, see evdev_log_msg */ ++ device->log_prefix_name = str_sanitize(device->devname); + device->scroll.threshold = 5.0; /* Default may be overridden */ + device->scroll.direction_lock_threshold = 5.0; /* Default may be overridden */ + device->scroll.direction = 0; +@@ -2238,9 +2238,14 @@ + return device; + + err: +- close_restricted(libinput, fd); +- if (device) +- evdev_device_destroy(device); ++ if (fd >= 0) { ++ close_restricted(libinput, fd); ++ if (device) { ++ unhandled_device = device->seat_caps == 0; ++ evdev_device_destroy(device); ++ } ++ } ++ free(sysname); + + return unhandled_device ? EVDEV_UNHANDLED_DEVICE : NULL; + } +@@ -2469,7 +2478,7 @@ evdev_device_get_output(struct evdev_device *device) + const char * + evdev_device_get_sysname(struct evdev_device *device) + { +- return udev_device_get_sysname(device->udev_device); ++ return device->sysname; + } + + const char * +@@ -3066,6 +3075,8 @@ evdev_device_destroy(struct evdev_device *device) + if (device->base.group) + libinput_device_group_unref(device->base.group); + ++ free(device->log_prefix_name); ++ free(device->sysname); + free(device->output_name); + filter_destroy(device->pointer.filter); + libinput_timer_destroy(&device->scroll.timer); +diff --git a/src/evdev.h b/src/evdev.h +index c7d130f8..980c5943 100644 +--- a/src/evdev.h ++++ b/src/evdev.h +@@ -169,6 +169,8 @@ struct evdev_device { + struct udev_device *udev_device; + char *output_name; + const char *devname; ++ char *log_prefix_name; ++ char *sysname; + bool was_removed; + int fd; + enum evdev_device_seat_capability seat_caps; +@@ -786,7 +788,7 @@ evdev_log_msg(struct evdev_device *device, + sizeof(buf), + "%-7s - %s%s%s", + evdev_device_get_sysname(device), +- (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? device->devname : "", ++ (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? device->log_prefix_name : "", + (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? ": " : "", + format); + +@@ -824,7 +826,7 @@ evdev_log_msg_ratelimit(struct evdev_device *device, + sizeof(buf), + "%-7s - %s%s%s", + evdev_device_get_sysname(device), +- (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? device->devname : "", ++ (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? device->log_prefix_name : "", + (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ? ": " : "", + format); + +diff --git a/src/util-strings.h b/src/util-strings.h +index 2a15fab3..d5a84146 100644 +--- a/src/util-strings.h ++++ b/src/util-strings.h +@@ -42,6 +42,7 @@ + #ifdef HAVE_XLOCALE_H + #include + #endif ++#include "util-macros.h" + + #define streq(s1, s2) (strcmp((s1), (s2)) == 0) + #define strneq(s1, s2, n) (strncmp((s1), (s2), (n)) == 0) +@@ -312,3 +313,31 @@ + free(result); + return -1; + } ++ ++/** ++ * Return a copy of str with all % converted to %% to make the string ++ * acceptable as printf format. ++ */ ++static inline char * ++str_sanitize(const char *str) ++{ ++ if (!str) ++ return NULL; ++ ++ if (!strchr(str, '%')) ++ return strdup(str); ++ ++ size_t slen = min(strlen(str), 512); ++ char *sanitized = zalloc(2 * slen + 1); ++ const char *src = str; ++ char *dst = sanitized; ++ ++ for (size_t i = 0; i < slen; i++) { ++ if (*src == '%') ++ *dst++ = '%'; ++ *dst++ = *src++; ++ } ++ *dst = '\0'; ++ ++ return sanitized; ++} +diff --git a/test/litest-device-format-string.c b/test/litest-device-format-string.c +new file mode 100644 +index 00000000..aed15db4 +--- /dev/null ++++ b/test/litest-device-format-string.c +@@ -0,0 +1,56 @@ ++ ++/* ++ * Copyright © 2013 Red Hat, Inc. ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a ++ * copy of this software and associated documentation files (the "Software"), ++ * to deal in the Software without restriction, including without limitation ++ * the rights to use, copy, modify, merge, publish, distribute, sublicense, ++ * and/or sell copies of the Software, and to permit persons to whom the ++ * Software is furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice (including the next ++ * paragraph) shall be included in all copies or substantial portions of the ++ * Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER ++ * DEALINGS IN THE SOFTWARE. ++ */ ++ ++#include "config.h" ++ ++#include "litest.h" ++#include "litest-int.h" ++ ++static struct input_id input_id = { ++ .bustype = 0x3, ++ .vendor = 0x0123, ++ .product = 0x0456, ++}; ++ ++static int events[] = { ++ EV_KEY, BTN_LEFT, ++ EV_KEY, BTN_RIGHT, ++ EV_KEY, BTN_MIDDLE, ++ EV_REL, REL_X, ++ EV_REL, REL_Y, ++ EV_REL, REL_WHEEL, ++ EV_REL, REL_WHEEL_HI_RES, ++ -1 , -1, ++}; ++ ++TEST_DEVICE("mouse-format-string", ++ .type = LITEST_MOUSE_FORMAT_STRING, ++ .features = LITEST_RELATIVE | LITEST_BUTTON | LITEST_WHEEL, ++ .interface = NULL, ++ ++ .name = "Evil %s %d %x Mouse %p %", ++ .id = &input_id, ++ .absinfo = NULL, ++ .events = events, ++) +diff --git a/test/litest.h b/test/litest.h +index 4982e516..1b1daa90 100644 +--- a/test/litest.h ++++ b/test/litest.h +@@ -303,6 +303,7 @@ + LITEST_ALPS_3FG, + LITEST_ELAN_TABLET, + LITEST_ABSINFO_OVERRIDE, ++ LITEST_MOUSE_FORMAT_STRING, + }; + + #define LITEST_DEVICELESS -2 +diff --git a/test/test-utils.c b/test/test-utils.c +index 989adecd..e80754be 100644 +--- a/test/test-utils.c ++++ b/test/test-utils.c +@@ -1267,6 +1267,31 @@ START_TEST(strstartswith_test) + } + END_TEST + ++START_TEST(strsanitize_test) ++{ ++ struct strsanitize_test { ++ const char *string; ++ const char *expected; ++ } tests[] = { ++ { "foobar", "foobar" }, ++ { "", "" }, ++ { "%", "%%" }, ++ { "%%%%", "%%%%%%%%" }, ++ { "x %s", "x %%s" }, ++ { "x %", "x %%" }, ++ { "%sx", "%%sx" }, ++ { "%s%s", "%%s%%s" }, ++ { NULL, NULL }, ++ }; ++ ++ for (struct strsanitize_test *t = tests; t->string; t++) { ++ char *sanitized = str_sanitize(t->string); ++ ck_assert_str_eq(sanitized, t->expected); ++ free(sanitized); ++ } ++} ++END_TEST ++ + START_TEST(list_test_insert) + { + struct list_test { +@@ -1138,6 +1138,7 @@ + tcase_add_test(tc, strsplit_test); + tcase_add_test(tc, kvsplit_double_test); + tcase_add_test(tc, strjoin_test); ++ tcase_add_test(tc, strsanitize_test); + tcase_add_test(tc, time_conversion); + + tcase_add_test(tc, list_test_insert); + +-- +GitLab + diff --git a/meta/recipes-graphics/wayland/libinput_1.15.2.bb b/meta/recipes-graphics/wayland/libinput_1.15.2.bb index 810532774e..d7927d132a 100644 --- a/meta/recipes-graphics/wayland/libinput_1.15.2.bb +++ b/meta/recipes-graphics/wayland/libinput_1.15.2.bb @@ -14,6 +14,7 @@ DEPENDS = "libevdev udev mtdev" SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz \ file://determinism.patch \ + file://CVE-2022-1215.patch \ " SRC_URI[md5sum] = "eb6bd2907ad33d53954d70dfb881a643" SRC_URI[sha256sum] = "971c3fbfb624f95c911adeb2803c372e4e3647d1b98f278f660051f834597747" From patchwork Wed May 11 18:19:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7914 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4514DC4332F for ; Wed, 11 May 2022 18:20:02 +0000 (UTC) Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web11.421.1652293200709727145 for ; Wed, 11 May 2022 11:20:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=sxOT640o; spf=softfail (domain: sakoman.com, ip: 209.85.216.48, mailfrom: steve@sakoman.com) Received: by mail-pj1-f48.google.com with SMTP id cx11-20020a17090afd8b00b001d9fe5965b3so5664956pjb.3 for ; Wed, 11 May 2022 11:20:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=fyJmf5AcDy/wH+zouhLv+A39jvvuKStVUkIPLoZfqXA=; b=sxOT640otc7758kcGuGB1Ox24RzKOohAjsBPfi3U2gTWI+WFH1J3cnSxgzHYGJQLBN FSug/deZgVm6oN0mG8FsKYnxhLssZW/wZDT7RHp2zRJJdv7qmRFU5QDpuATO8mS4+oNM abtNvXeehz/CxTIQNpBvMoTn460V/B9tsoW4QpanVmP3gjWKk2hH78JMompVwdm8YGLn 3vdOrhUApYVFCo+Dg5xkO8VHYrsQudFUsjVNXJkGucCSsm1TVLqDZ7wxweDpQhaH+SPT t/4DXWW37tGqh+jqxzGnmXisvQKRloV6W2CjT1WNXVdUeZvUZhYzD64p4vvGEzYja1fg 9oUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fyJmf5AcDy/wH+zouhLv+A39jvvuKStVUkIPLoZfqXA=; b=8PLyOCPK+WGB/jFO8hIELvxNIWCi3DVZ0kKWwmPP9bDkAsl6DXVVO0GMFtc1YX5Ji2 FhCfaI3vbJUwzkNgOeBSEm9PyUMhvueZZcVC3/imouHBVL3y7P4Fszrhdb5Oj4r+lo8C cPM9uIOoKwqDP0tM3fdcHswwMvMec/ogvqF5bzqqNECZesdhBePOcVnpONvrMe5Zgl5G XSlDsiAKmu7Nf/mjHPSMk2zBczZtszRsm49/eMLuOzqzgOQmL0Bbee2sjMjTpG8lvOYk dNe8S4W49wyJKGJYlB3JhvbJRsBxk9Q6HnCPOmcqWs8ZlS6gwwP4CnExF7ykYLCr+iTG jHBA== X-Gm-Message-State: AOAM532fhBjqm3MYn2Ua1H77ckx3y8Ieng8Ifl2+hxuQWX9ZCV/XhwUd HiEuD/bLODHlG+f5RHSASlok1F/xvsHYZvIY X-Google-Smtp-Source: ABdhPJwfdP6HKpwYXMCbTjahoKGhqvdMKTSrHyE1SQpBkhVSJrZzr8uy/KiwFAjQ1iMTCZpag1TnBg== X-Received: by 2002:a17:902:7891:b0:15e:cae9:7620 with SMTP id q17-20020a170902789100b0015ecae97620mr26717303pll.136.1652293199500; Wed, 11 May 2022 11:19:59 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.19.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:19:58 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391 Date: Wed, 11 May 2022 08:19:22 -1000 Message-Id: <0b9cbcc4ceac3938afd1dd6010ce6d9a3da21598.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165509 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. https://nvd.nist.gov/vuln/detail/CVE-2022-28391 Backported from kirkstone 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4. 2nd patch adjusted to apply on 1.31.1. Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...tr-ensure-only-printable-characters-.patch | 38 +++++++++++ ...e-all-printed-strings-with-printable.patch | 64 +++++++++++++++++++ meta/recipes-core/busybox/busybox_1.31.1.bb | 2 + 3 files changed, 104 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch create mode 100644 meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch diff --git a/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch new file mode 100644 index 0000000000..18bf5f19e4 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch @@ -0,0 +1,38 @@ +From c7e181fdf58c392e06ab805e2c044c3e57d5445a Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Sun, 3 Apr 2022 12:14:33 +0000 +Subject: [PATCH] libbb: sockaddr2str: ensure only printable characters are + returned for the hostname part + +CVE: CVE-2022-28391 +Upstream-Status: Pending +Signed-off-by: Ariadne Conill +Signed-off-by: Steve Sakoman +--- + libbb/xconnect.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libbb/xconnect.c b/libbb/xconnect.c +index eb2871cb1..b5520bb21 100644 +--- a/libbb/xconnect.c ++++ b/libbb/xconnect.c +@@ -501,8 +501,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) + ); + if (rc) + return NULL; ++ /* ensure host contains only printable characters */ + if (flags & IGNORE_PORT) +- return xstrdup(host); ++ return xstrdup(printable_string(host)); + #if ENABLE_FEATURE_IPV6 + if (sa->sa_family == AF_INET6) { + if (strchr(host, ':')) /* heh, it's not a resolved hostname */ +@@ -513,7 +514,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) + #endif + /* For now we don't support anything else, so it has to be INET */ + /*if (sa->sa_family == AF_INET)*/ +- return xasprintf("%s:%s", host, serv); ++ return xasprintf("%s:%s", printable_string(host), serv); + /*return xstrdup(host);*/ + } + diff --git a/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch new file mode 100644 index 0000000000..2c9da33a51 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch @@ -0,0 +1,64 @@ +From f8ad7c331b25ba90fd296b37c443b4114cb196e2 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill +Date: Sun, 3 Apr 2022 12:16:45 +0000 +Subject: [PATCH] nslookup: sanitize all printed strings with printable_string + +Otherwise, terminal sequences can be injected, which enables various terminal injection +attacks from DNS results. + +MJ: One chunk wasn't applicable on 1.31.1 version, because parsing of +SRV records was added only in newer 1.32.0 with: + commit 6b4960155e94076bf25518e4e268a7a5f849308e + Author: Jo-Philipp Wich + Date: Thu Jun 27 17:27:29 2019 +0200 + + nslookup: implement support for SRV records + +CVE: CVE-2022-28391 +Upstream-Status: Pending +Signed-off-by: Ariadne Conill +Signed-off-by: Steve Sakoman +--- + networking/nslookup.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/networking/nslookup.c b/networking/nslookup.c +index 24e09d4f0..89b9c8a13 100644 +--- a/networking/nslookup.c ++++ b/networking/nslookup.c +@@ -404,7 +404,7 @@ static int parse_reply(const unsigned char *msg, size_t len) + //printf("Unable to uncompress domain: %s\n", strerror(errno)); + return -1; + } +- printf(format, ns_rr_name(rr), dname); ++ printf(format, ns_rr_name(rr), printable_string(dname)); + break; + + case ns_t_mx: +@@ -419,7 +419,7 @@ static int parse_reply(const unsigned char *msg, size_t len) + //printf("Cannot uncompress MX domain: %s\n", strerror(errno)); + return -1; + } +- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname); ++ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname)); + break; + + case ns_t_txt: +@@ -431,7 +431,7 @@ static int parse_reply(const unsigned char *msg, size_t len) + if (n > 0) { + memset(dname, 0, sizeof(dname)); + memcpy(dname, ns_rr_rdata(rr) + 1, n); +- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname); ++ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname)); + } + break; + +@@ -461,7 +461,7 @@ static int parse_reply(const unsigned char *msg, size_t len) + return -1; + } + +- printf("\tmail addr = %s\n", dname); ++ printf("\tmail addr = %s\n", printable_string(dname)); + cp += n; + + printf("\tserial = %lu\n", ns_get32(cp)); diff --git a/meta/recipes-core/busybox/busybox_1.31.1.bb b/meta/recipes-core/busybox/busybox_1.31.1.bb index 38b448b3e1..d062f0f7dd 100644 --- a/meta/recipes-core/busybox/busybox_1.31.1.bb +++ b/meta/recipes-core/busybox/busybox_1.31.1.bb @@ -55,6 +55,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://CVE-2021-42374.patch \ file://CVE-2021-42376.patch \ file://CVE-2021-423xx-awk.patch \ + file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ + file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " From patchwork Wed May 11 18:19:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7918 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D2A8C4332F for ; Wed, 11 May 2022 18:20:12 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web10.423.1652293203265242221 for ; Wed, 11 May 2022 11:20:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=p4vKDaot; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id i17so2653366pla.10 for ; Wed, 11 May 2022 11:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=LZ9KPwfgll59BBe1Fh9RlACWBPkZ2De+1w90x2kzu1o=; b=p4vKDaotrAfk4fwF8k5zomWgvBFtUAuZRUQ/71QthuuM92lm9ClEBBX0M2kXJiAhd+ QpIlnVmBqZpL4UdfykgNRKwBe1+AM9pZDWCDxKs6pHKF09ljX3ywHIV5UEeWB8nid8Zm 9um3b5ubC3Eq8IAtaEjzfL91HpmO3XQhczrEK0XWeFrnk/mC2XblDznPuTxxsapTcIRd ezEKNOJ/XeAwVeUMspGF7iOwxQvfWkXYFN9LPHl59LioXqYoIwll/5qb0K2VBXSWKri2 ClvCuqxAZC15R+1zq3T1QEApx7cPyGl2LAPQIeZau6UvGKj1PIJhvGa+di2TlM6cIHOc 2DBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LZ9KPwfgll59BBe1Fh9RlACWBPkZ2De+1w90x2kzu1o=; b=oINBewpg6JIdzS7Z2YS9I6HXYwSTxTey/WI6ejsnyIpTs5mHrSFYxW7SWP75CTPorT 3p9I358SKaYXysVVmzKDlBOGEzhKK/VBI9gqb/Sdqg+Y1vEkAjbIMaagIWhRMB0yszv/ OJ64QaMdSj7rqWTSjw96AmK9wkUPmXlNlnYlXjveHcnd9KBzJkzbdN/piEh2PSHpHyOy XvZIbjzh7k6jn0iudLjyo07Y0f67u3OhJ9ljgEdWPk+7CqFPwNMKqyRRq3G6F0OVMe/S 4rctrJ7pzru1acQBn2UeHy410tfe41XutC6JZTzQIPPapE8N6d9jQin+jeSnhZSLdb92 s+Fg== X-Gm-Message-State: AOAM533jYTz4EVQ9qu/YMM8g4LvJieJ4bDzH5VxqlnmPt+PJTdCM3lrf CcVeA8g0rINL4Sa/hsVygo4AMN2pHJi2gEZz X-Google-Smtp-Source: ABdhPJyu8H4eeo2YOBvQNAVuiboKC8DXc7x1dlJGiR2TzHV8pYhpFdSmr8SXkgrGxW2W5r923VCMww== X-Received: by 2002:a17:902:724b:b0:15f:2d63:9757 with SMTP id c11-20020a170902724b00b0015f2d639757mr6550690pll.154.1652293201779; Wed, 11 May 2022 11:20:01 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:01 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192 Date: Wed, 11 May 2022 08:19:23 -1000 Message-Id: <9784b5a0629cd223865a21a9b72641116d332cf0.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165510 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 1d72b776f6dc Linux 5.4.192 aa2a047b5842 mm, hugetlb: allow for "high" userspace addresses 6a79b2433eb1 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs b69e60f6fc00 tty: n_gsm: fix incorrect UA handling 0f4be29febdc tty: n_gsm: fix wrong command frame length field encoding 21cc640385b4 tty: n_gsm: fix wrong command retry handling 49c40febd45c tty: n_gsm: fix missing explicit ldisc flush 85522dcf0053 tty: n_gsm: fix insufficient txframe size 563bb0f794ca netfilter: nft_socket: only do sk lookups when indev is available fae209521000 tty: n_gsm: fix malformed counter for out of frame data cec2d0782a7b tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 a6d9847a4f82 x86/cpu: Load microcode during restore_processor_state() 9e9d12b81df6 net: ethernet: stmmac: fix write to sgmii_adapter_base 10ba1ac9a22a drivers: net: hippi: Fix deadlock in rr_close() a8275219759e cifs: destage any unwritten data to the server before calling copychunk_write 5335370366a3 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 0ecc5304e80a ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() 781571034993 ASoC: wm8731: Disable the regulator when probing fails a71df406a6a5 tcp: fix F-RTO may not work correctly when receiving DSACK a4ed61e30e32 ixgbe: ensure IPsec VF<->PF compatibility 406aaef0feae bnx2x: fix napi API usage sequence c3e7ea58608a tls: Skip tls_append_frag on zero copy size cd5cec3a0c8f drm/amd/display: Fix memory leak in dcn21_clock_source_create ffce11a39102 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK 3a179538bfd7 net: bcmgenet: hide status block before TX timestamping 8ef6d60aa2f1 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() 194f474ad9b4 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() e80054ea0cde tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT 685ff7d24487 ip_gre: Make o_seqno start from 0 in native mode 69555bb27b2e net/smc: sync err code when tcp connection was refused daca23846eb3 net: hns3: add validity check for message data length 7763a7956632 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe f5bb5940d754 pinctrl: pistachio: fix use of irq_of_parse_and_map() d22fc603694b arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock 68f5200a1f60 ARM: dts: imx6ull-colibri: fix vqmmc regulator c45180375afd sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2cba635570d8 tcp: ensure to use the most recently sent skb when filling the rate sample 3ea6190be92f tcp: md5: incorrect tcp_header_len for incoming connections 2b9a13d98dfc bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook 2e7f70d324ef mtd: rawnand: Fix return value check of wait_for_completion_timeout 2a36ba067b36 ipvs: correctly print the memory size of ip_vs_conn_tab abe86a10dc5c ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 54212850e38f ARM: dts: am3517-evm: Fix misc pinmuxing bba67fe6b022 ARM: dts: Fix mmc order for omap3-gta04 416e0f890732 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe 6ff7c1b827c8 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe 59bdaed5dd73 ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek dbce8fc16a08 phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks b7fc45354be6 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init dd99939b70c4 phy: samsung: exynos5250-sata: fix missing device put in probe error paths 6331b77fdc17 phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe fccbc3168e5e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue b8f0c19d4864 USB: Fix xhci event ring dequeue pointer ERDP update issue 1f47c2625773 mtd: rawnand: fix ecc parameters for mt7622 0405bd7f1888 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards 5f80b5c5f406 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards f6db63819db6 video: fbdev: udlfb: properly check endpoint type c00f3892f4f0 hex2bin: fix access beyond string end 15b78a8e38e8 hex2bin: make the function hex_to_bin constant-time 73f4668ee875 arch_topology: Do not set llc_sibling if llc_id is invalid a3cdd33ca163 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device 89a5728b053c serial: 8250: Also set sticky MCR bits in console restoration 42f749f2232a serial: imx: fix overrun interrupts in DMA mode d29c197df7fa usb: dwc3: gadget: Return proper request status 0f3d081315c5 usb: dwc3: core: Fix tx/rx threshold settings e2ec7b1f6a06 usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() debb276670b0 usb: gadget: uvc: Fix crash when encoding data for usb request 324e67c3b2fc usb: typec: ucsi: Fix role swapping 0366beb40239 usb: misc: fix improper handling of refcount in uss720_probe() 2c97a2b5ef84 iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() e82c726c94ec iio: dac: ad5446: Fix read_raw not returning set value 1aea30f87c65 iio: dac: ad5592r: Fix the missing return value. 1e8716a5c087 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms b8d3a4681f28 xhci: stop polling roothubs after shutdown c8fbc2f875b6 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions 68088dec9b3c USB: serial: option: add support for Cinterion MV32-WA/MV32-WB 56cbdb9d958a USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader 6b10dd966c12 USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS 890fc65448ea USB: quirks: add STRING quirk for VCOM device c4b31d41f5f2 USB: quirks: add a Realtek card reader 5666334ce3bf usb: mtu3: fix USB 3.0 dual-role-switch from device to host b2589647008f lightnvm: disable the subsystem c9af90f0c6b8 hamradio: remove needs_free_netdev to avoid UAF 7361a35bf330 hamradio: defer 6pack kfree after unregister_netdev 7dea5913000c floppy: disable FDRAWCMD by default 4426e6017f73 Linux 5.4.191 3c946909a3ed Revert "net: micrel: fix KS8851_MLL Kconfig" c028b81d062e block/compat_ioctl: fix range check in BLKGETSIZE 27da8d16e4f0 staging: ion: Prevent incorrect reference counting behavour cb158b152ea6 spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller 1b6ad2421084 jbd2: fix a potential race while discarding reserved buffers after an abort 0b1ba14ab263 ext4: force overhead calculation if the s_overhead_cluster makes no sense 425301ef608a ext4: fix overhead calculation to account for the reserved gdt blocks ea9c206111ea ext4, doc: fix incorrect h_reserved size 259dc49deaa2 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole faadbf7ac4f2 ext4: fix use-after-free in ext4_search_dir 0309665eb244 ext4: fix symlink file size not match to file content ddfe3babc546 arm_pmu: Validate single/group leader events 852b02d1f808 ARC: entry: fix syscall_trace_exit argument 016ba7cbed57 e1000e: Fix possible overflow in LTR decoding 1217cf141b24 ASoC: soc-dapm: fix two incorrect uses of list iterator aa7070556087 openvswitch: fix OOB access in reserve_sfa_size() d24e0d9d691b xtensa: fix a7 clobbering in coprocessor context load/store 4c26a96d0c29 xtensa: patch_text: Fixup last cpu should be master 8d6937c1e093 powerpc/perf: Fix power9 event alternatives 0dafb826ed70 drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage 013231f75fce KVM: PPC: Fix TCE handling for VFIO 9cf05812cb10 drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare 4f08e85ca0fc drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised 23f0ba5585a5 dma: at_xdmac: fix a missing check on list iterator a22f3c99268c ata: pata_marvell: Check the 'bmdma_addr' beforing reading 0441d3e95bca oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup 530d32ac52f7 EDAC/synopsys: Read the error count from the correct register 91367af460da stat: fix inconsistency between struct stat and struct compat_stat 837e319ebe62 scsi: qedi: Fix failed disconnect handling 4b813ce289ed net: macb: Restart tx only if queue pointer is lagging a1419bee4dde drm/msm/mdp5: check the return of kzalloc() 80b188da30aa dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info() 46f9fa0a6632 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant 12a753edd963 mt76: Fix undefined behavior due to shift overflowing the constant 7c48a6e62ddb cifs: Check the IOCB_DIRECT flag, not O_DIRECT 435142fbdcc0 vxlan: fix error return code in vxlan_fdb_append 99c2d9a52f37 ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant 3e28d157e5f2 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative 54be94d33660 reset: tegra-bpmp: Restore Handle errors in BPMP response 0cb2c00dd1ab ARM: vexpress/spc: Avoid negative array index when !SMP 3a5ad1b8db9f selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets d37295129efa netlink: reset network and mac headers in netlink_dump() 4c4f2a019ff9 l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 8c5ca6492a86 net/sched: cls_u32: fix possible leak in u32_init_knode() f883def54654 net/packet: fix packet_sock xmit return value checking e1bc684c81f1 net/smc: Fix sock leak when release after smc_shutdown() f10e5c9f226c rxrpc: Restore removed timer deletion 9a9c48159365 igc: Fix BUG: scheduling while atomic f9d5d17d234f igc: Fix infinite loop in release_swfw_sync 6d6271dbbbe5 dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources 65c36555bd7d dmaengine: imx-sdma: Fix error checking in sdma_event_remap ccf554d148eb ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component 6a20bf46c625 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek 6a54979c7830 ALSA: usb-audio: Clear MIDI port active flag after draining 9c99aacfb4c6 tcp: Fix potential use-after-free due to double kfree() 5a4f3eba211a net/sched: cls_u32: fix netns refcount changes in u32_change() b01b700e0c5a tcp: fix race condition when creating child sockets from syncookies ebb3b84596bd gfs2: assign rgrp glock before compute_bitstructs 660784e7194a can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path 2da11442a1e3 tracing: Dump stacktrace trigger to the corresponding instance bad7ed55756f mm: page_alloc: fix building error on -Werror=array-compare ac94e87675b2 etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++---------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 764a875699..bf5359d120 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "5b157591793811a9d226866d9f8acde817339fe9" -SRCREV_meta ?= "6a12bea7312868626062fe8206ce3c5bcb7c9101" +SRCREV_machine ?= "24d323fa0e17bcd62c9cfe1fd4153c304a06f38c" +SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.190" +LINUX_VERSION ?= "5.4.192" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 7be0f31eb0..dee636aca5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.190" +LINUX_VERSION ?= "5.4.192" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "25567bdff9816844f3b9e09cdb490d7c7bfb4edb" -SRCREV_machine ?= "36a8131ee4418c5f8883ff165833776746e61e84" -SRCREV_meta ?= "6a12bea7312868626062fe8206ce3c5bcb7c9101" +SRCREV_machine_qemuarm ?= "460de085c07ab1a221317e6804c13657456c5368" +SRCREV_machine ?= "b414a2fc5ce5f68c33d297d9cde4fef5437b773b" +SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 23a5abb2c6..680f40d208 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "c4efc0b0650c3d2a7a321a6ba5fe612b7d14bd3f" -SRCREV_machine_qemuarm64 ?= "c5b5ccb7df29d44c4e3d71d0e2ccf3e8a462a7f0" -SRCREV_machine_qemumips ?= "addad5fd9e5c386a4b06938ae73de42292d552be" -SRCREV_machine_qemuppc ?= "ee0f3e8a7de91b0520da532f87f8deeb91a92e27" -SRCREV_machine_qemuriscv64 ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44" -SRCREV_machine_qemux86 ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44" -SRCREV_machine_qemux86-64 ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44" -SRCREV_machine_qemumips64 ?= "971edcacc688c0deb078f4643125c5c5372010c5" -SRCREV_machine ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44" -SRCREV_meta ?= "6a12bea7312868626062fe8206ce3c5bcb7c9101" +SRCREV_machine_qemuarm ?= "68a2ce69aaf2e8d96eef4aaccd70fc0ef7368a46" +SRCREV_machine_qemuarm64 ?= "acfed0930d37a714d705645ff7cfbfbd0ad040e7" +SRCREV_machine_qemumips ?= "e7046a2c8972e925cd2e6ac7f392abe87cbec5f5" +SRCREV_machine_qemuppc ?= "997e06e0af674c27627eaa76a60b2f63cb16f38d" +SRCREV_machine_qemuriscv64 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649" +SRCREV_machine_qemux86 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649" +SRCREV_machine_qemux86-64 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649" +SRCREV_machine_qemumips64 ?= "7b526cde12d78604b6f1e1ad62da31dcb729f35f" +SRCREV_machine ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649" +SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.190" +LINUX_VERSION ?= "5.4.192" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Wed May 11 18:19:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7915 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40C68C433FE for ; Wed, 11 May 2022 18:20:12 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web08.409.1652293194705572555 for ; Wed, 11 May 2022 11:20:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=PWM4ekTw; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id m12so2684919plb.4 for ; Wed, 11 May 2022 11:20:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=x6EeKBHE3rdete5IdmBiVRYMyuaDmKehY6Bd+e1156o=; b=PWM4ekTwDkp/P2AEEu32AkHtF0EF65Jy0GTKtrKQEv5FVDXyLrXinGtofPavYVfGN6 YNR/4eDVhTjEnqU4nYLwys/J1tXzxFCsWvfjQ4HQEVV7xSw3t51nL+xMWkvkCeIOjUKN /iyCwVvVokOWaI/foRq4n9ipSDplX3V8tyESih5mMxEVZrm3i+JCKNUbLVce5fLDfAQ1 MKFzVtxpnglo4TcabQEAIfpIso4Mwqj3jo8bESLzaMrIrY9J2PTu97r0AyJ19HfxUnI9 6q2Mzv9zjllt9tu8Dj9P/gDXbu8YayAU4bpHVCSBn/d7e2HYsi+7sbEQYVDnb4RLlYaS lT/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=x6EeKBHE3rdete5IdmBiVRYMyuaDmKehY6Bd+e1156o=; b=CvKq9bv3OSp/CN2xwaQUNjWKIrXo7djJwoI4R2pL2uM2nMap0iKKnKK8VylO7xEbFE 218r6PO/xsbBtL8jhVCXUTl+Q1gFhNsII8sZSHWoodBj4dGeil4FzKSmXfICBgpi6lKY 34J5BCEyyeEHIZHDh6Ga8E9eHYywIKieLHGIBIJKoZmkEu12KBpFCxZJa1NI945JAN8+ pm+SQcA00nhMIxiciA3Vnjw+8FY0kDshXXZnoRnecvICxvNVuxidfQ7A3xVU9vR7F0zs mENEtTyq3iDUWL8GKIfXWNniXr1FirIfhqch+7E8RzxWHE0B1r44ezHaOIDZ1oeV4tHh Lgwg== X-Gm-Message-State: AOAM530mf4HerXO/XzpOq6WbJa7afEeyJsuZlOjdlFHvahpby0SxhzUL V5OHntj92VbTW6BvtOi387jFMLxo+l2g7tgh X-Google-Smtp-Source: ABdhPJwv52zVmXh+XvuLzMEUcA21UGWufHME0zz/46Pv981z6gjA7v0CW4Mf7hS+DRIXdatN8TNm2g== X-Received: by 2002:a17:902:ef43:b0:156:9c5d:b0fe with SMTP id e3-20020a170902ef4300b001569c5db0femr26708820plx.158.1652293204276; Wed, 11 May 2022 11:20:04 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:03 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task Date: Wed, 11 May 2022 08:19:24 -1000 Message-Id: <72e5204bc7272414cc7bcfba18f52a177242ed79.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165511 From: Ross Burton The only part of the cve-check task which needs files is the patch examination, and typically these patches are local so fetch isn't needed. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54) Signed-off-by: Steve Sakoman (cherry picked from commit 3dc8edd6611e7ad4abcece44ca4701eda7aeff94) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index a7156cbdfb..41b4eb2dbf 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -121,7 +121,7 @@ python do_cve_check () { } -addtask cve_check before do_build after do_fetch +addtask cve_check before do_build do_cve_check[depends] = "cve-update-db-native:do_fetch" do_cve_check[nostamp] = "1" From patchwork Wed May 11 18:19:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7917 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D73CC433F5 for ; Wed, 11 May 2022 18:20:12 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web12.464.1652293207982169279 for ; Wed, 11 May 2022 11:20:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Jp9ENPu+; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d17so2719872plg.0 for ; Wed, 11 May 2022 11:20:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=CFDJuYpeDLImoVA2SoCeHmKXpnHEmGUyV9GpMlBYtW4=; b=Jp9ENPu+LJCrJ1iUSB11nqR7IRdGxzbyKHYH5tJeRHFBzgR3yebhSyWyPVBO8ASVYP Jo23mSu4MnSlzt0+bWrYRaS7QgvzGQtt/2dnX8OtpkESIhj+8Yi9rk/OFEN6COfVJZ0e oW81LVdhhVugcO9V1OXuM4369916wbQ1Q/EPcjTD/aonYmkQS08wWZkSaqIfxrpWp+Ej khMEqIahWDJR/Ts9oNoqeHattDupBEWWx/hXbXUWH6+qZKMJSGA8x2q9QvDyweeGxRHe Co9uiER+Tl7TGhyFMf3D1upjdp09M86nn8aWYGzIXKt05U28i8WsTqJBVXAB3qDmKaNU 9mKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CFDJuYpeDLImoVA2SoCeHmKXpnHEmGUyV9GpMlBYtW4=; b=XU5rE4X2MASYpmryU4O/PG6acbBamFlCmfDxR4gqxjyrtvqwaNu+sN7gmoUmJ40KUG Lgy49kuR2HYEXjAYV1Zr75EiU2+WgY5mEk7iD7SAvJz0BY8anFfKoHElaAx/CuVCbGB8 ICiGF9+6HDZliGcYaMM9Ge4FjoieoxOsDnwiIruLqGNLkulsU20thGRkGKWA13DZ4hj2 V7REQtd1fGKWYQ62jSbg8mLqTIObjBWeuCiBZJhfn4fZIn9jR4FXo9ytuVYdTpK0hMkd sFYKU8NmDcf78qsevvPK8xafqMI5IKtzloorJJ8RIsqVc/rC0X1a+wVmhUundNsT0rBi 2HQQ== X-Gm-Message-State: AOAM5335lMQ3ATLw6QAPHGkglEVC4a0ZJpBcCaSbFgOaYPWdxl8c2IXM t9rvP4QYDtAwTP9rocTOJdPZVRrobjMztfWa X-Google-Smtp-Source: ABdhPJyp4CFgxaZ7ly5BYqJWH6SJN1rF2TmV8wbTTyytiokZnu2M2+DxpZyHnB8iwRxUzDOphU4b7Q== X-Received: by 2002:a17:902:b48f:b0:15e:da68:8f12 with SMTP id y15-20020a170902b48f00b0015eda688f12mr26283336plr.27.1652293206695; Wed, 11 May 2022 11:20:06 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:05 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only Date: Wed, 11 May 2022 08:19:25 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165512 From: Marta Rybczynska The update of the NVD database was expected to happen once per hour. However, the database file date changes only if the content was actually updated. In practice, the check worked for the first hour after the new download. As the NVD database changes usually only once a day, we can just update it less frequently. Signed-off-by: Marta Rybczynska Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3) Signed-off-by: Steve Sakoman (cherry picked from commit 88f2fb1581a17b2cf59a694ca9afb89e38ed40b5) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 50052f8532..a6144979f0 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -42,10 +42,10 @@ python do_fetch() { if os.path.exists(db_file): os.remove(db_file) - # Don't refresh the database more than once an hour + # The NVD database changes once a day, so no need to update more frequently try: import time - if time.time() - os.path.getmtime(db_file) < (60*60): + if time.time() - os.path.getmtime(db_file) < (24*60*60): return except OSError: pass From patchwork Wed May 11 18:19:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7916 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49B93C433EF for ; Wed, 11 May 2022 18:20:12 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web10.424.1652293210973332866 for ; Wed, 11 May 2022 11:20:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=WscMwW6P; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id 137so2494285pgb.5 for ; Wed, 11 May 2022 11:20:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=tMcgu+VQP4Zk4q3mDyj2MheX1oAFn9We/uDmG9HydUA=; b=WscMwW6PGKU9jTqYNsIOja7v27TPMc2k1ltj27a1O441HFshJDHO3YCLQL8+GYwCIK PqFpDbRKAUTxlGv8jd2SPCTvfA76W2ew92xo2XiOr5BbUDGm5XHnXd86hpLttHMlc8ro QfHj2PZuPDEr0N24kuQd2ghUOWTJvA70/NS6mO96wP3l59iWW+CrqhiJkNN0j+9/EkMK tz78ZPzQ6PkoxXtGu8J2Ajl2jwak+fNQJNg02aFvBrqxpv/y2TvsQlKwRRqEZhYjFeKV Do1HtKuxrOhYt5ds1CVosWdDNZCEN+HpXOWWKTnXSn7d7zLzCkpaPdRxH0nNYbeW5FIR HUjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tMcgu+VQP4Zk4q3mDyj2MheX1oAFn9We/uDmG9HydUA=; b=RASNZ2Fm8lMEn2aGe8Leb2SfyxOr6k6KfjOfUivx29MW2uMLnAAQrazKSozT29vQxK 4k4gDI+Dm8pGEqZ4OqyAQ9D5r+/tk6Hufvx6KVgQ/i2MOtxtjKQLJ9Iny8GxXgHMikP5 FWL1c03stKQ/9j27D/0aywfO9ygU4lzghSVwLRkJeYmI7BXt9YoxaPgD1zPjX4sEzAXK v4TsmFqkRDdIknyTCmAYLXdBrukooCEmYxQM/pwKdKfdF+mu+c/R8KuYOKJOS1KBcZa8 ZGhY82KN3dOKQWXN9vI+v+eUk/SsFRsFARPURUugRbHQa85TD24RST5qITAB4E68D77J Wl4A== X-Gm-Message-State: AOAM530H9/hq4teKEF2dQweMQ1XL6xdQY4iTd/Rz4f1TVfQqBhJx4FEq tHvyRdU6PzS4fgFqJn9hZMWcMxiFNEGMxO5N X-Google-Smtp-Source: ABdhPJyDFnCF9+pOyOtX3QmjLy7dekDwNBl2sA4/MNAl17TNCzO70hIoW8zQrBoLx95l+AfWGlTQ6Q== X-Received: by 2002:a05:6a00:1306:b0:512:ca3d:392f with SMTP id j6-20020a056a00130600b00512ca3d392fmr1256791pfu.79.1652293209847; Wed, 11 May 2022 11:20:09 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval Date: Wed, 11 May 2022 08:19:26 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165513 From: Marta Rybczynska Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set the database update interval. - a positive value sets an interval (in seconds) - a zero ("0") forces the database update Signed-off-by: Marta Rybczynska Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index a6144979f0..594bf947c8 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -12,6 +12,10 @@ deltask do_compile deltask do_install deltask do_populate_sysroot +# CVE database update interval, in seconds. By default: once a day (24*60*60). +# Use 0 to force the update +CVE_DB_UPDATE_INTERVAL ?= "86400" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -43,10 +47,15 @@ python do_fetch() { os.remove(db_file) # The NVD database changes once a day, so no need to update more frequently + # Allow the user to force-update try: import time - if time.time() - os.path.getmtime(db_file) < (24*60*60): + update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) + if (update_interval < 0): + update_interval = 0 + if time.time() - os.path.getmtime(db_file) < update_interval: return + except OSError: pass From patchwork Wed May 11 18:19:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7922 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FCEAC433EF for ; Wed, 11 May 2022 18:20:22 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web09.388.1652293213975340687 for ; Wed, 11 May 2022 11:20:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=7QcwZi8H; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id v11so2680486pff.6 for ; Wed, 11 May 2022 11:20:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=bhyZT/rfVdH1irvYTNnrL9I0h0s+F8RRHKR+Ow86ExA=; b=7QcwZi8HRc1Kvxzwdf3VTZb8qJ8+bZWdwsgMKPWHkgzNkylaq8IdsK2Qf8ojFm1i2r IaRmFYQQcRIoRHEPFm7NziJqUrBMPURfMsY6H8p9zLCgG+jrtoSvFScrWHkZPPjYhj0t 3BkCrk6RIGTSqErh21OeNeflHcmYOkPIy+PkBF8ILJDIsuIRLJIihYUsCSzDOSbU3yCO mbBOVufu97gZAMqOGDtUORbzQnaQBOsfQ1V17GRASt6Dx/E/4V5h1B6kYAbyKDq8DPnE cAMF2lG5qtg4vBt/23aDgcVlLmCO50YG4vK640AuS46P7XCnWbc236rAcOHDh1izf5kl mEuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bhyZT/rfVdH1irvYTNnrL9I0h0s+F8RRHKR+Ow86ExA=; b=MwS+dkGiqy6BtXhqwQ1n5r5WscJKF/wEUvQLqa0tzlKx8ZHtYAbxpUDi7/MdQpBajP bBetjI7dQaOzhGoWNC2ud1938kphX2dSbDvVFIBPUjxp6hiSqhBALaXi81d2bkgX//gH hpvm4m5PtD/oLwOLIDvJDetGwRurUNMuVjDV1WH131siBcvxqc/lnHXRGS1SPf6egDLh nvF0VXifAKIZSZ/d8YhyqPFSXdZTzn/UHLwbBfb89Mmpijfx8VUyi5HR57mJAEXICzwB bjyE7z+wWvyAH/7Fd2I5Ew1aJzc5b7PDhj7SG1qYwEHCtD9KkGHSSA6SBk+96DKggsVf RIgQ== X-Gm-Message-State: AOAM533YrizL84YSViDE0mvFkkI/MJgcpt4WqPSSAea/rpbmjKINynIo ZKBsgNIXKVJm8t+fyZHH2DT+JM0ADlJ/bn0z X-Google-Smtp-Source: ABdhPJxjioavyPXNJCji15T6L4+DgvwW/BVYR0g76YOaUiSNCM+P0CFCeLqW/ARLsm8s0Y3QEENgiQ== X-Received: by 2002:a63:4a04:0:b0:3c5:e6c2:a111 with SMTP id x4-20020a634a04000000b003c5e6c2a111mr22489814pga.432.1652293212618; Wed, 11 May 2022 11:20:12 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/14] cve-check: add JSON format to summary output Date: Wed, 11 May 2022 08:19:27 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165514 From: Davide Gardenal Create generate_json_report including all the code used to generate the JSON manifest file. Add to cve_save_summary_handler the ability to create the summary in JSON format. Signed-off-by: Davide Gardenal Signed-off-by: Luca Ceresoli (cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 51 ++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 18 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 41b4eb2dbf..350ed8ec39 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -75,6 +75,30 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" # set to "alphabetical" for version using single alphabetical character as increment release CVE_VERSION_SUFFIX ??= "" +def generate_json_report(out_path, link_path): + if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): + import json + from oe.cve_check import cve_check_merge_jsons + + bb.note("Generating JSON CVE summary") + index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") + summary = {"version":"1", "package": []} + with open(index_file) as f: + filename = f.readline() + while filename: + with open(filename.rstrip()) as j: + data = json.load(j) + cve_check_merge_jsons(summary, data) + filename = f.readline() + + with open(out_path, "w") as f: + json.dump(summary, f, indent=2) + + if link_path != out_path: + if os.path.exists(os.path.realpath(link_path)): + os.remove(link_path) + os.symlink(os.path.basename(out_path), link_path) + python cve_save_summary_handler () { import shutil import datetime @@ -97,6 +121,11 @@ python cve_save_summary_handler () { if os.path.exists(os.path.realpath(cvefile_link)): os.remove(cvefile_link) os.symlink(os.path.basename(cve_summary_file), cvefile_link) + + json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) + json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) + generate_json_report(json_summary_name, json_summary_link_name) + bb.plain("CVE report summary created at: %s" % json_summary_link_name) } addhandler cve_save_summary_handler @@ -170,25 +199,11 @@ python cve_check_write_rootfs_manifest () { os.symlink(os.path.basename(manifest_name), manifest_link) bb.plain("Image CVE report stored in: %s" % manifest_name) - if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): - import json + link_path = os.path.join(deploy_dir, "%s.json" % link_name) + manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") bb.note("Generating JSON CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") - link_name = d.getVar("IMAGE_LINK_NAME") - manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") - index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH") - manifest = {"version":"1", "package": []} - with open(index_file) as f: - filename = f.readline() - while filename: - with open(filename.rstrip()) as j: - data = json.load(j) - cve_check_merge_jsons(manifest, data) - filename = f.readline() - - with open(manifest_name, "w") as f: - json.dump(manifest, f, indent=2) - bb.plain("Image CVE report stored in: %s" % manifest_name) + generate_json_report(json_summary_name, json_summary_link_name) + bb.plain("Image CVE JSON report stored in: %s" % link_path) } ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" From patchwork Wed May 11 18:19:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7920 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50B3AC433FE for ; Wed, 11 May 2022 18:20:22 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web10.426.1652293216736051389 for ; Wed, 11 May 2022 11:20:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=QLRZ7uxe; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id l11so2469493pgt.13 for ; Wed, 11 May 2022 11:20:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=rMucJn9CzeEvjvAov73DePIsAR17A64WAdQ2vKL5wSo=; b=QLRZ7uxejYt7Aubme9mLQ0bp6nxDvXsr4IapI4JGAxdZQFQTqOPFfjKhobx/EtxJIa 8NGqhyyVPIwh8x1KM7MwLP4gApt/ZzFm0StPTqAckSfMhLAM7+ZFClPMrn6RVdmSKqYX j0wzfYvQEiKZWlfefWFrKerfMwUgsC4jeBerRAcfrdBFV9fOw5eVf6NDRS5noxL+hU3I xKGxFcpYVQRBxOKfkP3V5TSFk6hLZ/fOwYSuzTka/5hT2RwUIj6z5JY9E3hZKKqkzU4r r9LuGYR5n1XxLdqn1TGkDF2qOOu3s8IgJColfPunAE4vn/HQXbUW1fu3XhM8C8ywYyXk RVxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rMucJn9CzeEvjvAov73DePIsAR17A64WAdQ2vKL5wSo=; b=aDPzpi1cP0PRJSoQ5nzEvTtouH1MAiQ9ZfKTvW6t/uFWQV0f1MsY89kU9v8DgxCDXC vdwPnnLk2QSsSJhRkcGy9WkFiS12XTSGuzeFTNwMYAfRjZLY1liCoJAbX8WmzsaF5Cmy XY1Ntn0Yg1oCv6jM8ayogb4EkQNnN7kJGUIzqNCqsGqZh3pxceoOW5zxNdCOErPgPKrz 5zYiFSo/Q93nlVOoZXZgjsRQG5rgMum8fj6u/U88pq43D8eG2JgCNf+7in0VGBzMi7cB N+HlfxL57+MYs4C0ZAwJc/EsE2SgdT8y/qqA9fds1rhBT3e76EyhiJ9MxXHtG9suv/5R /Mqg== X-Gm-Message-State: AOAM530mAcspC8mBnRp0+PQvhEgMSMkxmX129dM9m+c21NvsqyQA0Evu 3pMHXGyIb1Qwn9DTVuqAmfePpnJvojJVOWsK X-Google-Smtp-Source: ABdhPJzq9RHjj0Pn36P7yj+wZJXDEpkDS1gswvlHC6/JaDUJCTribY8GFhTIq/D0Jm/N4GHt0YnWYA== X-Received: by 2002:aa7:83d0:0:b0:50c:eb2b:8e8a with SMTP id j16-20020aa783d0000000b0050ceb2b8e8amr26382279pfn.31.1652293215582; Wed, 11 May 2022 11:20:15 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:14 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal Date: Wed, 11 May 2022 08:19:28 -1000 Message-Id: <62965ca8ca7077c12d75dac37efe204d7159cddd.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165515 From: Davide Gardenal An if statement now checks if the link and output path are the same, if they are then the link is not created, otherwise it is. Signed-off-by: Davide Gardenal Signed-off-by: Luca Ceresoli (cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 350ed8ec39..ac9f0fb22c 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -117,10 +117,11 @@ python cve_save_summary_handler () { if cve_summary_file and os.path.exists(cve_summary_file): cvefile_link = os.path.join(cvelogpath, cve_summary_name) - - if os.path.exists(os.path.realpath(cvefile_link)): - os.remove(cvefile_link) - os.symlink(os.path.basename(cve_summary_file), cvefile_link) + # if the paths are the same don't create the link + if cvefile_link != cve_summary_file: + if os.path.exists(os.path.realpath(cvefile_link)): + os.remove(cvefile_link) + os.symlink(os.path.basename(cve_summary_file), cvefile_link) json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")) json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp)) @@ -193,10 +194,12 @@ python cve_check_write_rootfs_manifest () { if manifest_name and os.path.exists(manifest_name): manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name) - # If we already have another manifest, update symlinks - if os.path.exists(os.path.realpath(manifest_link)): - os.remove(manifest_link) - os.symlink(os.path.basename(manifest_name), manifest_link) + # if they are the same don't create the link + if manifest_link != manifest_name: + # If we already have another manifest, update symlinks + if os.path.exists(os.path.realpath(manifest_link)): + os.remove(manifest_link) + os.symlink(os.path.basename(manifest_name), manifest_link) bb.plain("Image CVE report stored in: %s" % manifest_name) link_path = os.path.join(deploy_dir, "%s.json" % link_name) From patchwork Wed May 11 18:19:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7921 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54DDAC433F5 for ; Wed, 11 May 2022 18:20:22 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web12.464.1652293207982169279 for ; Wed, 11 May 2022 11:20:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ElgZngIq; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d17so2719872plg.0 for ; Wed, 11 May 2022 11:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=qSn3X8wAA7X38B0UIKHDEQxKETLv2ycXwI0Mc21xjUM=; b=ElgZngIqYwL7ycbFkSxr/kvzs0nQV6ockBpB+6/h8O4YNnXSrfjFkgHGum/EaOnb1L Ex/UeB8/8GIutJwdoDPmiSmhEAU9NO7F7daAj7QOXVCR1TBSXVVX/3lZctn+X8Uwfaow +uQCDuZFeI6rC2xmeOeuOCTli69dIPiS3daH0dfpfczOGgcB9/RkKp9lP4FUS/lBBUta hCjv1CgxHYR8YJx0ENIGC3ad4XcuXijPH2soAwRD1YRoSR8NLzZSGqU+kF5sf7oM2QXW T2ZMpxPM4zAuq4qJeXUUT/9BR6TJtI9Sb4ETUx5LswoQ5Kc/5HoFKaZaroFv2yl1QmO3 LpSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qSn3X8wAA7X38B0UIKHDEQxKETLv2ycXwI0Mc21xjUM=; b=xAVG26TSFw6dUMn/d6H5juJsTPmm92ipMX7SxDuh205G7Xkv1JWb+MyocIs4fseWQg DEzCZSt2Zzp0P3xmct623Xn+lxDcQCkoFvHThg1HbXTnAqcyIghP1mlHWXxnl6+DdJ28 zeWMnrKHGFp1tkCeQzpFXu+8M/ScSa4UAz+m+t+DkL4kCR3ePEmwnHTeHFs/SGrFXh3G hGHL6Qside+rhHcEDCbAjIY9+NeQdtKr7v6iYRjOVRibNjEn+7fQP9jViRTmFHn6+YiA I7pzYaeQhnJ6iOd2S5eovuuQYYghcLrbbkS7yoQDVgYcSI+S+nqGAXSGNk4tloagFZ5H X6Jg== X-Gm-Message-State: AOAM532mGiw/RyfLq7QKFkFs/DfvT7barmKcksDeyV6aqhhf6Itec7pJ DGHfQ62O7GaUR2IzwDMDG7jJlH6YIdZHq0NM X-Google-Smtp-Source: ABdhPJwYPAGYPQv82tMuRmJkQHcnGwlr89zreSO7XSZ9Y8DUQydpirrUDrjkqV2q6N1PJI+BVHUp+g== X-Received: by 2002:a17:90b:3506:b0:1dc:72c6:384d with SMTP id ls6-20020a17090b350600b001dc72c6384dmr6630728pjb.137.1652293217843; Wed, 11 May 2022 11:20:17 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no Date: Wed, 11 May 2022 08:19:29 -1000 Message-Id: <00db62342e67b916213c3b54db23c8090621462f.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165516 From: Portia The systemd-unit parameter DefaultDependencies changed from true/false to yes/no. This changed in systemd in v242. Signed-off-by: Portia Stephens Signed-off-by: Richard Purdie (cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d) Signed-off-by: Steve Sakoman (cherry picked from commit 9da23a2b912edd043037a8e2e1047f7f3ba6886a) Signed-off-by: Steve Sakoman --- .../recipes-core/volatile-binds/files/volatile-binds.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in index b23355a714..4b34ebd12d 100644 --- a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in +++ b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in @@ -1,6 +1,6 @@ [Unit] Description=Bind mount volatile @where@ -DefaultDependencies=false +DefaultDependencies=no Before=local-fs.target RequiresMountsFor=@whatparent@ @whereparent@ ConditionPathIsReadWrite=@whatparent@ From patchwork Wed May 11 18:19:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7919 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D582C4332F for ; Wed, 11 May 2022 18:20:22 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web08.418.1652293221582786093 for ; Wed, 11 May 2022 11:20:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=QWiEZDWV; spf=softfail (domain: sakoman.com, ip: 209.85.216.44, mailfrom: steve@sakoman.com) Received: by mail-pj1-f44.google.com with SMTP id n10so2967837pjh.5 for ; Wed, 11 May 2022 11:20:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Ddf5Ryz0TUkQCgmCoWpn01Akyx0R9Y4zg+yhvtJM1qA=; b=QWiEZDWVsFL7ZFkFwRMxX1TZTGLN1vbUba0K28TPKkquVHvdA5sE2IOhpTDjk6lNKQ sQ9GkvNhKZyedooJLWZNFCX+8h2Q86toUYKiOLHeOlhq+4ocEUaOxFgOYk3FcPJ9Uf5T 2IT4qIMRg7XG8BNZdY1k2sMSlK9sQ17YIM6bIQM8krX7AvjLRrLoxapo0uyNvgOeyFtM 2TtOQIkRUOj2x0W20X9tPHjjHu/O2MnIJM0uQldKiadC8L0LSc48UfBL/AiL10abBH7f 4MgnzqoZpPZiW3CXQpzi61GAlGv/pmsNflWBDaXQXKdsCZs7s6wCZWiqpSZvgY0dn0QP RtTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ddf5Ryz0TUkQCgmCoWpn01Akyx0R9Y4zg+yhvtJM1qA=; b=UWb59GXwoKMkinTMqi8l4lh3SJrEU84KMUYnozwYKIgSRu292IGQbgN00WVlreDC+y ZgNfv6c/Dtz9XMaKsqWv3gzJposajh1zG66pZEHRbdz8uctWY6NM+k7FgDy0UKAxzG+V 47kcwC62oHQmiCiv2BwaAshViHwUnRT5aw6m+ah5ueVGTBvWe8sp3y8va9BcGwN02yn2 zDroA3BrB0Jpc0zWvSApJz+FdZUGNv7zAMCXZHydvJFG6lPqxUTBV/wgrd4PpvRSZ6NQ TpcP0o4DeQAah0ayZg/otYJUYSVDLVHU3SCfloWuyw8pWNI1uPEdc5ZbCEd+l/gvstey u1og== X-Gm-Message-State: AOAM53322qjcY7L8EXsPojPxq48tK10VM0kFM79zSrBpD5qTfopbTmJx Tuca2W+HQFnnre6xDXndGtW7KkOAhsKKTOay X-Google-Smtp-Source: ABdhPJwqAdJKuK/Hp3gbPu8znBoEs4Fk6qxKVVc9jtt5OKytUQYoV8udaMkbYQD1hLtUKwSPK8K+Dg== X-Received: by 2002:a17:90b:4b42:b0:1dc:15f8:821b with SMTP id mi2-20020a17090b4b4200b001dc15f8821bmr6721956pjb.131.1652293220416; Wed, 11 May 2022 11:20:20 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal Date: Wed, 11 May 2022 08:19:30 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165517 From: Davide Gardenal When creating the manifest and the testdata.json links, if the link name is equal to the output name the link is not created, otherwise it is. This prevents a link-to-self in the first case. Signed-off-by: Davide Gardenal Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008) Signed-off-by: Steve Sakoman --- meta/classes/rootfs-postcommands.bbclass | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index c43b9a9823..0fef52af40 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass @@ -267,9 +267,10 @@ python write_image_manifest () { if os.path.exists(manifest_name) and link_name: manifest_link = deploy_dir + "/" + link_name + ".manifest" - if os.path.lexists(manifest_link): - os.remove(manifest_link) - os.symlink(os.path.basename(manifest_name), manifest_link) + if manifest_link != manifest_name: + if os.path.lexists(manifest_link): + os.remove(manifest_link) + os.symlink(os.path.basename(manifest_name), manifest_link) } # Can be used to create /etc/timestamp during image construction to give a reasonably @@ -339,9 +340,10 @@ python write_image_test_data() { if os.path.exists(testdata_name) and link_name: testdata_link = os.path.join(deploy_dir, "%s.testdata.json" % link_name) - if os.path.lexists(testdata_link): - os.remove(testdata_link) - os.symlink(os.path.basename(testdata_name), testdata_link) + if testdata_link != testdata_name: + if os.path.lexists(testdata_link): + os.remove(testdata_link) + os.symlink(os.path.basename(testdata_name), testdata_link) } write_image_test_data[vardepsexclude] += "TOPDIR" From patchwork Wed May 11 18:19:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7925 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 627B9C4332F for ; Wed, 11 May 2022 18:20:32 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web10.428.1652293223976031255 for ; Wed, 11 May 2022 11:20:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=4k0r/Iiy; spf=softfail (domain: sakoman.com, ip: 209.85.216.41, mailfrom: steve@sakoman.com) Received: by mail-pj1-f41.google.com with SMTP id l20-20020a17090a409400b001dd2a9d555bso2827245pjg.0 for ; Wed, 11 May 2022 11:20:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=caP9KL3caIjJQI1OZxPm2p/LApv8WN6k8t8vn3LQrbY=; b=4k0r/IiytY8TQbbDGrmO1lTotTdeH9lCgW1SW2NQKXc+nj7W0MCE5Tu3NtHgr/3djX fU1zLj+C2kfGTl3YoqPdFHPVNU7EctsVjCJ4sZnjiNrCErLEM9QsfGVLZo+OCR9hw9+m 3Z3A1YvNGGJoQZQFhmDVV0v+qjSLJnSr6qAz0y0E9LVLrNFoB9+Y71NBS3ReM4ZyhaxH HosTf8Lvki3rZYHz1qTzCnSbFGowTeTZMBzdt0dUUOH6982ZEjab+Jk/cJMi2Y06Xh94 i8SjbjwtoqqcfdqMV9BAsDmocgDDRGa1i7rg00ptRder7dY4q/a3UofZYPKnkA1Gim5u K4ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=caP9KL3caIjJQI1OZxPm2p/LApv8WN6k8t8vn3LQrbY=; b=YZU+HegkeRVEOiCjGZME44CPvw/8nLv7iKnHcCG+x6MEx/kfOm+edTxCLfFvi/HRnu 2OJwyTqOIWdcWzEE6bDiC0dr05996M2HHcZsk6c1wqUuLt3ZSYzsjqVpefWMD2I3ZbnD 4b2cCucM56BsaWRFOT7fTcEzk3F/eD3gP0MQHTpTChtF3UYkr7FXOsuLsHwL8T6uuXAW GI8oNtQODjdZLsu4haAcmSoK30hZeoPvt0wI18SuwqceLijVieo31dCZduAU4Ov7Oafz cKO+cR0etTATpFmAn2KJ30RBRUHEyPpg8AIheZQdjr44wcl07hjmT2MAD3SWyYBpdpVz MfXQ== X-Gm-Message-State: AOAM5319OgIjh6q3VZOmFhnQYV8lqDDDUX4zuJ+SWD8gW67LOD5iNFFS W7E0ggCkZ+QQXkjMsY1PzqrsML/rp9htlT5L X-Google-Smtp-Source: ABdhPJys7f063HCEGolYW3E2WsTzL/8fxvJjKuz7PSSikjC5KDN99JaP63IUSlN9P3uimqMozQZQjw== X-Received: by 2002:a17:902:ecc7:b0:15e:8685:77d with SMTP id a7-20020a170902ecc700b0015e8685077dmr27161975plh.20.1652293222865; Wed, 11 May 2022 11:20:22 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts Date: Wed, 11 May 2022 08:19:31 -1000 Message-Id: <1567b7cec5ccbe198bfd0cca9ee8a2b1cf6dbf42.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165518 From: Richard Purdie We'd like to intercept git calls but we don't want circular references and HOSTTOOLS currently sets them up. Tweak to avoid them. Signed-off-by: Richard Purdie (cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7) Signed-off-by: Steve Sakoman --- meta/classes/base.bbclass | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 9ed736b0e1..19604a4646 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -122,6 +122,10 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): tools = d.getVar(toolsvar).split() origbbenv = d.getVar("BB_ORIGENV", False) path = origbbenv.getVar("PATH") + # Need to ignore our own scripts directories to avoid circular links + for p in path.split(":"): + if p.endswith("/scripts"): + path = path.replace(p, "/ignoreme") bb.utils.mkdirhier(dest) notfound = [] for tool in tools: From patchwork Wed May 11 18:19:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7923 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BD81C433F5 for ; Wed, 11 May 2022 18:20:32 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web10.423.1652293203265242221 for ; Wed, 11 May 2022 11:20:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=eJR39IOB; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id i17so2653366pla.10 for ; Wed, 11 May 2022 11:20:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=XpeDrsqeoC5HQePnlGWB7nV/exYG6V8WnCuYbJ2yf4Q=; b=eJR39IOB0xAwu9MMKiPgnTx4PBl3bTV41Nwrz4w4Y8eeHiB9wdreK8P6MOa1/MMtvs 3c3peNHjiF2nb0L/CB2SbaU8ysFi9p4QkpR2oFhiRU1SPIHXO8CrxriRzCD3RHlYOE6z 1OAgWw4xkZY0PrqeWQBfFJhkqJz5T/9KhGgeSrf1cLSVRRu5XUluenQc3XK70W3ALdLu +8IThPWQnTSUOpCyfrHxZmzk5Vg9O/97UU9DNPNtQ953/BDURBspeeDWZwQGJr7U+XMp 6b2BL4VsbMZAIBqPhXU8/O5rMbBjhRj+mjX/nAMaZMsmdHezl8sNQvf+T5QkxVdrhN2u /l9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XpeDrsqeoC5HQePnlGWB7nV/exYG6V8WnCuYbJ2yf4Q=; b=59jFSCP1NYEjeZArCfFFrkEmftlOjxTvlgMJzwbfJD1FtWIf0QhBMrgiOK47zMnFRr 5wcR5xPsDCMqISQLZ7lbFKP0sPsZdQPDd3uhoSgkdq9uOhsE9gcLXyj6crKu5acnz+a2 5WYXkGQTt1sQ3iU6fp4is62/kC2aP9vV1V+nOKYcGb9G4bsL/BrdeUiqixW1dIciZp21 XCVYOu06BugTdOzsHo99N9jnv7Xt804y3bSC9BNPSkH3acQ/BRMW+/pXY2+41qa0yqjg sdXrIOCuZBNvaklnKEE4almdaF5O7y99DIRY9lD9n6CVyLMkyEE81V7zZjj8OdfMUqC/ f2IA== X-Gm-Message-State: AOAM531icrJMCchlAryhOXo1WBlDkJIrunawoE/GccClyfZg+IYOufOq 58Squm7bmCrua2WMJ7jpqK1eNUDETDCGd46v X-Google-Smtp-Source: ABdhPJy1chlhdVtwTQXqR5u14re/ibugh6gdLnT2404ia3sz/NIZAJJH+RkJ8RXHST5krgsFFlhEpA== X-Received: by 2002:a17:903:1104:b0:15f:bce:1a0c with SMTP id n4-20020a170903110400b0015f0bce1a0cmr16807957plh.149.1652293225714; Wed, 11 May 2022 11:20:25 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/14] scripts: Make git intercept global Date: Wed, 11 May 2022 08:19:32 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165519 From: Richard Purdie The previous minimially invasive git intercept simply isn't enough. For example, meson used in the igt-gpu-tools recipe hardcodes the path to git in the configure step so at install time, changing PATH has no effect. There are lots of interesting things we could do to try and avoid problems but making the git intercept and dropping fakeroot privs for git global is probably the least worst solution at this point. It will add slight overhead to git calls but we don't make many so the overall impact is likely minimal. Signed-off-by: Richard Purdie (cherry picked from commit af27c81eaf68ee681dcd9456a74cca6a9ab40bf6) Signed-off-by: Steve Sakoman --- scripts/{git-intercept => }/git | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/{git-intercept => }/git (100%) diff --git a/scripts/git-intercept/git b/scripts/git similarity index 100% rename from scripts/git-intercept/git rename to scripts/git From patchwork Wed May 11 18:19:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 7924 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61B9AC433EF for ; Wed, 11 May 2022 18:20:32 +0000 (UTC) Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web08.419.1652293229303858119 for ; Wed, 11 May 2022 11:20:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=zXpW1Sb8; spf=softfail (domain: sakoman.com, ip: 209.85.216.48, mailfrom: steve@sakoman.com) Received: by mail-pj1-f48.google.com with SMTP id e24so3000352pjt.2 for ; Wed, 11 May 2022 11:20:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=dTndquuCrH4ol1IlnHK2Uglfj0SGBwVkWPPrKLJpoag=; b=zXpW1Sb8rR1m1wjkRz5T3gY4YKGl4oEsqGLr3VyjHixjhqmtFQhGW2vcd8GCFyW/cl iRl3I2sf5uYW92hyJv/PLFjl26lBHAJnilz5vRwywXfflclNk5o7qq/gzUErmcEb3pd/ e19n8YH9y9+7qSdRKL4jXoYh07s8fo8o60GQBzaEDoot7lTCs4P+GcQLrpxOVb+dL2uH Ra08G3bO32y3GuhqnPKpFl7mQ6N+apkUBDqme+6Hnf6CVFuohFTkNEoQbWaLdOOSgk4v DIGvteJGngBMpA80zWqDfZY65FM86QSSBBEpaC/IfzHECGYZ8mB/Wwlog6y9j/VXVZzz yRBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dTndquuCrH4ol1IlnHK2Uglfj0SGBwVkWPPrKLJpoag=; b=PNPcNGMXuv7ZInugatoGRqpKPzBc+QELRoGvvqoMe9od1ete47VujvFJ8IKGsyx72g YiC2sK94jbUi7CLYvACGEkcCAg99iEib30BdjfCsQDaf2MYH3T3NeMRCU9Hc8y0megqJ NkylNJtVxZqRas+qKJLzKgEJmBKe4yYYYPvSBFzmmzdOczVmWsF8+Je4KMRgsShkbyoT wNs5r9tGp1TY/xCuruRpyNdJuv6PKanOv/usO+Uq2VKDgvXJD4Yiv4nxUOy1e49Ob8xK Iq0F2PXJPqL1ORDpme+o9aiM12RXGJZDwUwpzICGjHeqtWGQcnZ3qRCMHJ6cO0J3tP3M CIkg== X-Gm-Message-State: AOAM533QT1k6b0tqaEUwm/5MJxU1uWUVwZ3A6wPIjcuY1U62R61gEfJx vbEB0ewcWBSDjIu5F/kCWmSSBiOzYUZhmteN X-Google-Smtp-Source: ABdhPJyUokYuXZxm0SE+dxe6qszbSdkDFp7t55gnYJAKUehLUOm8O+6ff2jJeaBGknddqyml1FeYBA== X-Received: by 2002:a17:902:b498:b0:15f:2d62:5f3c with SMTP id y24-20020a170902b49800b0015f2d625f3cmr6522103plr.162.1652293228229; Wed, 11 May 2022 11:20:28 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id i14-20020aa787ce000000b0050dc76281bbsm2126132pfo.149.2022.05.11.11.20.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 May 2022 11:20:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references Date: Wed, 11 May 2022 08:19:33 -1000 Message-Id: <0f6ae13d76129d96f788b7ede312cfc361ee2bda.1652292852.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 May 2022 18:20:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165520 From: Richard Purdie This is horrible but I'm running out of better ideas. We hit circular reference issues which we were trying to avoid in the core HOSTTOOLS code. When building the eSDK, there can be two copies of the script. Therefore assume git will never be in a directory called scripts. This fixes eSDK build failures. Signed-off-by: Richard Purdie (cherry picked from commit 27de610ac30d4c81352efc794df7e9b1060f7a68) Signed-off-by: Steve Sakoman --- scripts/git | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/git b/scripts/git index 8adf5c9ecb..644055e540 100755 --- a/scripts/git +++ b/scripts/git @@ -10,7 +10,14 @@ os.environ['PSEUDO_UNLOAD'] = '1' # calculate path to the real 'git' path = os.environ['PATH'] -path = path.replace(os.path.dirname(sys.argv[0]), '') +# we need to remove our path but also any other copy of this script which +# may be present, e.g. eSDK. +replacements = [os.path.dirname(sys.argv[0])] +for p in path.split(":"): + if p.endswith("/scripts"): + replacements.append(p) +for r in replacements: + path = path.replace(r, '/ignoreme') real_git = shutil.which('git', path=path) if len(sys.argv) == 1: