From patchwork Thu Jul 21 21:38:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7BFBC433EF for ; Thu, 21 Jul 2022 21:38:41 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.1056.1658439516069643221 for ; Thu, 21 Jul 2022 14:38:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=bVO8dS/y; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id b7-20020a17090a12c700b001f20eb82a08so6499052pjg.3 for ; Thu, 21 Jul 2022 14:38:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xBGXjssI8CCcV4vZoc8I+6ru3iiR6THkySdIA2i747k=; b=bVO8dS/yjl8jtYfbvWpeSCRAFTSnsNmRVQa/Mls2WHAj41YPxA8EnM8Mhvrlcg474c sWe9bLQqVVlTZf49LIZRl85aWfOgtTe2WtN/xlgs8mz/JCLliHzLbaC5JFjh3buCHoj+ cMsDBSpXVKYGdLjgyImdyjZIHSJI/xBg6rD+OLLXuPkCyAn9h9hZ1SLaRD8UBJg8l30d nOsEPphgTbNEgBVosrgpZDR9ekrA5dsv+s1FPNQ7eeW5QZunRYaaLVoPdIGCRSrMYFBG h7YkXj6QXFC1wTZTbzOuwy/yc4gd+Gh15MRqJnd5rPWt1Ck6aqN6OTsgdMe7SxYu0rmh hzpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xBGXjssI8CCcV4vZoc8I+6ru3iiR6THkySdIA2i747k=; b=4dB3WQ3qkOqOoug0gi7eriJRTX09aQSJTcf+uXrMHTEpN0nz7PWb6spvYQKJMlRFYE l7LNrNm/xktpGYTX4hHUb7nm5hJV+RSoJmn+eB+lf1KVT4xwdFkY6NCy7A44i17b9TUs KZkWz6AGDJAYZwFXDUFvxsFKrtTRRYJaQT7mzQWBuwbhaLIoYZkdOdxrcUXJeS+YXHna PAjYYBxb4PI7PHqWIP8IcTLtjpCb4DBlBMZ3jqhUvwyfq9He2eslXeanIa/UQR8bOITc 9r9FInQDClBMt600S9FsDvhkvrjN99h/zVbb/pRrQNCqMvT8++zoP494LM1TXe5Yp+Nj JxWQ== X-Gm-Message-State: AJIora9Bd8rWueFsVKgWeM5hcHkdMdVFZlFecQGMhqNfAOlRQdlb3Y2b yE6Sttdwn+FKcL3QuLMlN+yq9aGyhWyQP9Bu X-Google-Smtp-Source: AGRyM1syWUaXGFzf9GpUmkvX0Urg+ylBlL6NIiD4rNPxaaEqQezpXGBUnSa6d6Fa6S/Q31bK9i2BSg== X-Received: by 2002:a17:90b:4c0c:b0:1ef:e4f6:409f with SMTP id na12-20020a17090b4c0c00b001efe4f6409fmr13295856pjb.227.1658439514565; Thu, 21 Jul 2022 14:38:34 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id x184-20020a6263c1000000b005283f9e9b19sm2194275pfb.180.2022.07.21.14.38.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jul 2022 14:38:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 1/4] cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST Date: Thu, 21 Jul 2022 11:38:16 -1000 Message-Id: <5cb48712e09ffb4198b36897495215e578f9fe62.1658429064.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Jul 2022 21:38:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168393 From: Ranjitsinh Rathod Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell branch Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- meta/conf/distro/include/cve-extra-exclusions.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 70442df991..f3490db9dd 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc @@ -57,19 +57,19 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html # qemu maintainers say the patch is incorrect and should not be applied # Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable -CVE_CHECK_IGNORE += "CVE-2021-20255" +CVE_CHECK_WHITELIST += "CVE-2021-20255" # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 # There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can # still be reproduced or where exactly any bug is. # Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. -CVE_CHECK_IGNORE += "CVE-2019-12067" +CVE_CHECK_WHITELIST += "CVE-2019-12067" # nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 # It is a fuzzing related buffer overflow. It is of low impact since most devices # wouldn't expose an assembler. The upstream is inactive and there is little to be # done about the bug, ignore from an OE perspective. -CVE_CHECK_IGNORE += "CVE-2020-18974" +CVE_CHECK_WHITELIST += "CVE-2020-18974" From patchwork Thu Jul 21 21:38:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C891DC43334 for ; Thu, 21 Jul 2022 21:38:41 +0000 (UTC) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.web08.1016.1658439518592294950 for ; Thu, 21 Jul 2022 14:38:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Xyyzvgza; spf=softfail (domain: sakoman.com, ip: 209.85.216.42, mailfrom: steve@sakoman.com) Received: by mail-pj1-f42.google.com with SMTP id s18-20020a17090aa11200b001f1e9e2438cso6513242pjp.2 for ; Thu, 21 Jul 2022 14:38:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=T+MMtApEU8/XV8odix7sZFXiozFo05FGJJ1GRg7sg28=; b=XyyzvgzadW9hkomsz51aW1fgzdRQFwMA+222sgCW+FTzxp1MMRRwiC9hQg8QVafeKL EZQABYWeSTkHeNdI8qtYlUN9McEwnynjVuEtPNlRgTMgKQ5dNFTJ70BWqchGe5P2hTAv +3Dn+Uj9fykBJbvWoBWAJTWAjCZ3F2g7T5J+LkS5WvjjEIht+iNWehrQk39KiBc6A7ag xn1Y3waIlHJl8n0NuVOOc/wJlyRNF3sdwtpa3G46K5eYIDwtaFBfWrtneFYQ2uq0r+Rt t6OrfIhk6WoalkSCRjpJYX9sU9zTMxVfi87vXyt7phWg0hFhL9gvgMtqMMAP8QQtnSAk bLgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=T+MMtApEU8/XV8odix7sZFXiozFo05FGJJ1GRg7sg28=; b=SQ3JGkT7jeGG9nZ56FJd10nzSItRoeLG+1TrrZBemDjNbKREZ75gNO5FuTkS52QCVT 5wGlFHTkqUiOTjVtMrWUygtGKQx/p891HSmdjdx5mh6FSIvnmuT/eAyuYCmO2zboXXEH eJ+NkqQ8hxTtyuLvOeXV9Qt0aMpo+r0vso0jZKTEVSzgfv5hxwFTikXvzb/GONlDSFjO Lyg/z+3kOGX5OAwLn1FvmuLpkaYJNEk5kgnJDIt8lbeMvOjM678U/ZvNS94gb2vv25/x /TIcjNwPP95RbOtSllZnyDB316htTb3pVQl57UHzJALeip2LExbin1r6hsYfmsIrgLWG 1Izg== X-Gm-Message-State: AJIora9slL2L6Us4BKxy6nr/nesHdJczzRGI/eXRMjkIIPUwSK2lSnMd LwKundkBH/mdCWU94lKXQqBOT+sIw27d7zIv X-Google-Smtp-Source: AGRyM1uT2Mb5XHMOpeb62nUjqZsp0RTaiMw4u5BK7UWiA2W8HWA6zooVzLrQCdfvV7vA1Wpm/SVC1Q== X-Received: by 2002:a17:902:cecc:b0:16d:3fec:22fe with SMTP id d12-20020a170902cecc00b0016d3fec22femr112033plg.96.1658439517000; Thu, 21 Jul 2022 14:38:37 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id x184-20020a6263c1000000b005283f9e9b19sm2194275pfb.180.2022.07.21.14.38.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jul 2022 14:38:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 2/4] curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208 Date: Thu, 21 Jul 2022 11:38:17 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Jul 2022 21:38:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168394 From: Robert Joslyn Backport fixes for: * CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html * CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html * CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html Signed-off-by: Robert Joslyn Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2022-32206.patch | 52 ++++ .../curl/curl/CVE-2022-32207.patch | 284 ++++++++++++++++++ .../curl/curl/CVE-2022-32208.patch | 72 +++++ meta/recipes-support/curl/curl_7.69.1.bb | 3 + 4 files changed, 411 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32206.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32207.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32208.patch diff --git a/meta/recipes-support/curl/curl/CVE-2022-32206.patch b/meta/recipes-support/curl/curl/CVE-2022-32206.patch new file mode 100644 index 0000000000..3d76aeb43d --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32206.patch @@ -0,0 +1,52 @@ +From 25e7be39be5f8ed696b6085ced9cf6c17e6128f4 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 16 May 2022 16:28:13 +0200 +Subject: [PATCH] content_encoding: return error on too many compression steps + +The max allowed steps is arbitrarily set to 5. + +Bug: https://curl.se/docs/CVE-2022-32206.html +CVE-2022-32206 +Reported-by: Harry Sintonen +Closes #9049 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/3a09fbb7f264c67c43] +Signed-off-by: Robert Joslyn +--- + lib/content_encoding.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/lib/content_encoding.c b/lib/content_encoding.c +index 6d47537..91e621f 100644 +--- a/lib/content_encoding.c ++++ b/lib/content_encoding.c +@@ -934,6 +934,9 @@ static const content_encoding *find_encoding(const char *name, size_t len) + return NULL; + } + ++/* allow no more than 5 "chained" compression steps */ ++#define MAX_ENCODE_STACK 5 ++ + /* Set-up the unencoding stack from the Content-Encoding header value. + * See RFC 7231 section 3.1.2.2. */ + CURLcode Curl_build_unencoding_stack(struct connectdata *conn, +@@ -941,6 +944,7 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + { + struct Curl_easy *data = conn->data; + struct SingleRequest *k = &data->req; ++ int counter = 0; + + do { + const char *name; +@@ -975,6 +979,11 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + if(!encoding) + encoding = &error_encoding; /* Defer error at stack use. */ + ++ if(++counter >= MAX_ENCODE_STACK) { ++ failf(data, "Reject response due to %u content encodings", ++ counter); ++ return CURLE_BAD_CONTENT_ENCODING; ++ } + /* Stack the unencoding stage. */ + writer = new_unencoding_writer(conn, encoding, k->writer_stack); + if(!writer) diff --git a/meta/recipes-support/curl/curl/CVE-2022-32207.patch b/meta/recipes-support/curl/curl/CVE-2022-32207.patch new file mode 100644 index 0000000000..f75aaecd64 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32207.patch @@ -0,0 +1,284 @@ +From af92181055d7d64dfc0bc9d5a13c8b98af3196be Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 25 May 2022 10:09:53 +0200 +Subject: [PATCH] fopen: add Curl_fopen() for better overwriting of files + +Bug: https://curl.se/docs/CVE-2022-32207.html +CVE-2022-32207 +Reported-by: Harry Sintonen +Closes #9050 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/20f9dd6bae50b] +Signed-off-by: Robert Joslyn +--- + CMakeLists.txt | 1 + + configure.ac | 1 + + lib/Makefile.inc | 4 +- + lib/cookie.c | 19 ++----- + lib/curl_config.h.cmake | 3 ++ + lib/fopen.c | 113 ++++++++++++++++++++++++++++++++++++++++ + lib/fopen.h | 30 +++++++++++ + 7 files changed, 155 insertions(+), 16 deletions(-) + create mode 100644 lib/fopen.c + create mode 100644 lib/fopen.h + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 73b053b..cc587b0 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -869,6 +869,7 @@ elseif(HAVE_LIBSOCKET) + set(CMAKE_REQUIRED_LIBRARIES socket) + endif() + ++check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) + check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) + check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) + check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) +diff --git a/configure.ac b/configure.ac +index d090622..7071077 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -4059,6 +4059,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se + + + AC_CHECK_FUNCS([fnmatch \ ++ fchmod \ + geteuid \ + getpass_r \ + getppid \ +diff --git a/lib/Makefile.inc b/lib/Makefile.inc +index 46ded90..79307d8 100644 +--- a/lib/Makefile.inc ++++ b/lib/Makefile.inc +@@ -63,7 +63,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ + curl_multibyte.c hostcheck.c conncache.c dotdot.c \ + x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ + mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \ +- doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c ++ doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c fopen.c + + LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ + formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ +@@ -84,7 +84,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ + x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ + curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ + curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \ +- curl_get_line.h altsvc.h quic.h socketpair.h rename.h ++ curl_get_line.h altsvc.h quic.h socketpair.h rename.h fopen.h + + LIB_RCFILES = libcurl.rc + +diff --git a/lib/cookie.c b/lib/cookie.c +index 68054e1..a9ad20a 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -97,8 +97,8 @@ Example set of cookies: + #include "curl_memrchr.h" + #include "inet_pton.h" + #include "parsedate.h" +-#include "rand.h" + #include "rename.h" ++#include "fopen.h" + + /* The last 3 #include files should be in this order */ + #include "curl_printf.h" +@@ -1524,18 +1524,9 @@ static int cookie_output(struct Curl_easy *data, + use_stdout = TRUE; + } + else { +- unsigned char randsuffix[9]; +- +- if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) +- return 2; +- +- tempstore = aprintf("%s.%s.tmp", filename, randsuffix); +- if(!tempstore) +- return 1; +- +- out = fopen(tempstore, FOPEN_WRITETEXT); +- if(!out) +- goto error; ++ error = Curl_fopen(data, filename, &out, &tempstore); ++ if(error) ++ goto error; + } + + fputs("# Netscape HTTP Cookie File\n" +@@ -1581,7 +1572,7 @@ static int cookie_output(struct Curl_easy *data, + if(!use_stdout) { + fclose(out); + out = NULL; +- if(Curl_rename(tempstore, filename)) { ++ if(tempstore && Curl_rename(tempstore, filename)) { + unlink(tempstore); + goto error; + } +diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake +index 98cdf51..fe43751 100644 +--- a/lib/curl_config.h.cmake ++++ b/lib/curl_config.h.cmake +@@ -124,6 +124,9 @@ + /* Define to 1 if you have the header file. */ + #cmakedefine HAVE_ASSERT_H 1 + ++/* Define to 1 if you have the `fchmod' function. */ ++#cmakedefine HAVE_FCHMOD 1 ++ + /* Define to 1 if you have the `basename' function. */ + #cmakedefine HAVE_BASENAME 1 + +diff --git a/lib/fopen.c b/lib/fopen.c +new file mode 100644 +index 0000000..ad3691b +--- /dev/null ++++ b/lib/fopen.c +@@ -0,0 +1,113 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++ ++#include "curl_setup.h" ++ ++#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ ++ !defined(CURL_DISABLE_HSTS) ++ ++#ifdef HAVE_FCNTL_H ++#include ++#endif ++ ++#include "urldata.h" ++#include "rand.h" ++#include "fopen.h" ++/* The last 3 #include files should be in this order */ ++#include "curl_printf.h" ++#include "curl_memory.h" ++#include "memdebug.h" ++ ++/* ++ * Curl_fopen() opens a file for writing with a temp name, to be renamed ++ * to the final name when completed. If there is an existing file using this ++ * name at the time of the open, this function will clone the mode from that ++ * file. if 'tempname' is non-NULL, it needs a rename after the file is ++ * written. ++ */ ++CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, ++ FILE **fh, char **tempname) ++{ ++ CURLcode result = CURLE_WRITE_ERROR; ++ unsigned char randsuffix[9]; ++ char *tempstore = NULL; ++ struct_stat sb; ++ int fd = -1; ++ *tempname = NULL; ++ ++ if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { ++ /* a non-regular file, fallback to direct fopen() */ ++ *fh = fopen(filename, FOPEN_WRITETEXT); ++ if(*fh) ++ return CURLE_OK; ++ goto fail; ++ } ++ ++ result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); ++ if(result) ++ goto fail; ++ ++ tempstore = aprintf("%s.%s.tmp", filename, randsuffix); ++ if(!tempstore) { ++ result = CURLE_OUT_OF_MEMORY; ++ goto fail; ++ } ++ ++ result = CURLE_WRITE_ERROR; ++ fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); ++ if(fd == -1) ++ goto fail; ++ ++#ifdef HAVE_FCHMOD ++ { ++ struct_stat nsb; ++ if((fstat(fd, &nsb) != -1) && ++ (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { ++ /* if the user and group are the same, clone the original mode */ ++ if(fchmod(fd, sb.st_mode) == -1) ++ goto fail; ++ } ++ } ++#endif ++ ++ *fh = fdopen(fd, FOPEN_WRITETEXT); ++ if(!*fh) ++ goto fail; ++ ++ *tempname = tempstore; ++ return CURLE_OK; ++ ++fail: ++ if(fd != -1) { ++ close(fd); ++ unlink(tempstore); ++ } ++ ++ free(tempstore); ++ ++ *tempname = NULL; ++ return result; ++} ++ ++#endif /* ! disabled */ +diff --git a/lib/fopen.h b/lib/fopen.h +new file mode 100644 +index 0000000..289e55f +--- /dev/null ++++ b/lib/fopen.h +@@ -0,0 +1,30 @@ ++#ifndef HEADER_CURL_FOPEN_H ++#define HEADER_CURL_FOPEN_H ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++ ++CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, ++ FILE **fh, char **tempname); ++ ++#endif diff --git a/meta/recipes-support/curl/curl/CVE-2022-32208.patch b/meta/recipes-support/curl/curl/CVE-2022-32208.patch new file mode 100644 index 0000000000..2939314d09 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32208.patch @@ -0,0 +1,72 @@ +From 3b90f0b2a7a84645acce151c86b40d25b5de6615 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 9 Jun 2022 09:27:24 +0200 +Subject: [PATCH] krb5: return error properly on decode errors + +Bug: https://curl.se/docs/CVE-2022-32208.html +CVE-2022-32208 +Reported-by: Harry Sintonen +Closes #9051 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/6ecdf5136b52af7] +Signed-off-by: Robert Joslyn +--- + lib/krb5.c | 5 +---- + lib/security.c | 13 ++++++++++--- + 2 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/lib/krb5.c b/lib/krb5.c +index f50287a..5b77e35 100644 +--- a/lib/krb5.c ++++ b/lib/krb5.c +@@ -86,11 +86,8 @@ krb5_decode(void *app_data, void *buf, int len, + enc.value = buf; + enc.length = len; + maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); +- if(maj != GSS_S_COMPLETE) { +- if(len >= 4) +- strcpy(buf, "599 "); ++ if(maj != GSS_S_COMPLETE) + return -1; +- } + + memcpy(buf, dec.value, dec.length); + len = curlx_uztosi(dec.length); +diff --git a/lib/security.c b/lib/security.c +index fbfa707..3542210 100644 +--- a/lib/security.c ++++ b/lib/security.c +@@ -192,6 +192,7 @@ static CURLcode read_data(struct connectdata *conn, + { + int len; + CURLcode result; ++ int nread; + + result = socket_read(fd, &len, sizeof(len)); + if(result) +@@ -200,7 +201,10 @@ static CURLcode read_data(struct connectdata *conn, + if(len) { + /* only realloc if there was a length */ + len = ntohl(len); +- buf->data = Curl_saferealloc(buf->data, len); ++ if(len > CURL_MAX_INPUT_LENGTH) ++ len = 0; ++ else ++ buf->data = Curl_saferealloc(buf->data, len); + } + if(!len || !buf->data) + return CURLE_OUT_OF_MEMORY; +@@ -208,8 +212,11 @@ static CURLcode read_data(struct connectdata *conn, + result = socket_read(fd, buf->data, len); + if(result) + return result; +- buf->size = conn->mech->decode(conn->app_data, buf->data, len, +- conn->data_prot, conn); ++ nread = buf->size = conn->mech->decode(conn->app_data, buf->data, len, ++ conn->data_prot, conn); ++ if(nread < 0) ++ return CURLE_RECV_ERROR; ++ buf->size = (size_t)nread; + buf->index = 0; + return CURLE_OK; + } diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 5a597a7dd9..7b67b68f1d 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -35,6 +35,9 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2022-27781.patch \ file://CVE-2022-27782-1.patch \ file://CVE-2022-27782-2.patch \ + file://CVE-2022-32206.patch \ + file://CVE-2022-32207.patch \ + file://CVE-2022-32208.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" From patchwork Thu Jul 21 21:38:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7A44C43334 for ; Thu, 21 Jul 2022 21:38:51 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web12.1062.1658439520809133216 for ; Thu, 21 Jul 2022 14:38:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ssDXO6gJ; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id b9so2893655pfp.10 for ; Thu, 21 Jul 2022 14:38:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=gEnQFacqmdHKjODwxwMVjyOKiuZyPYo0hXBibGpVFA4=; b=ssDXO6gJjV1+K6rytiX/sRvpgykIq4UpQyPS+zrNDzq+IdkGFagsQcerITxFVqDVfi 50Qg/Px0BsSNBR5qjYDWrdIqbq4WtKeygy2+SE3brR43Ll9qt9rRF2rFpfy1ph6X9Mxu pWPLReRRxeIX3dYGB7YSEaULzJsO3v6Lgtg1EpfVH3jytd3GzUY33Au2CJugKrEi4M7M 0F+YIqZI5MvG366HDLyBqjCQev45WKaPk19PdqTcLaZ+R+VgbhtzQ2asJtNvJ5JDFMcg WVXulh40xIu9hp9Yp/Oem5OsZr3Y1E2tWbadd+mg2r/aNG1VzKj7w4yxH/cFvLNs7oiB 3D2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gEnQFacqmdHKjODwxwMVjyOKiuZyPYo0hXBibGpVFA4=; b=RW0Pcuk9XdOzdmnDoFCt60iK1rxlN0P2e6HQy8ZhDeTn5Eqrxt62SYMONfEAkkEYRg OdxnKatg8eNzd77PvZExLPwZOevMeTD6LqOTu60EFEIFxubVth7iM472Kny71pW6k0f9 5rsyWtX8UO3MScy+uQBhCVIf0hGxhlm9QaEtromW3XbnD/W294mUV4WLlr3+pQzhKpEd mf9e+j9i/d7SLjVA6r9Fnu+dwt7Pc9eIF5JVMQNE1/8C4R3aCBaW5XL6BdmZvQA6t5XI PM91ZSAZ0RjjncBQh3vBYuw4dZX5LUFmutM9TrqeKWqB5wuDNVHog+wvqxbqkDDE6azF PDOQ== X-Gm-Message-State: AJIora8gI1oLzmUA55rMexkb1vydK/O7q6hdSDna0lz8cdVLJpO3ALZP kIpD6EByC0X9nP9Jyxv2w8qgI+2DDDK94UMt X-Google-Smtp-Source: AGRyM1txbHOgIkhdegHhUQapauu9gZycnru9uqbYIIWZHxTYdCcCZrnVZiAn6a7NAmYEdK487C98yA== X-Received: by 2002:a65:6cc4:0:b0:412:35fa:5bce with SMTP id g4-20020a656cc4000000b0041235fa5bcemr338748pgw.466.1658439519324; Thu, 21 Jul 2022 14:38:39 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id x184-20020a6263c1000000b005283f9e9b19sm2194275pfb.180.2022.07.21.14.38.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jul 2022 14:38:38 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 3/4] linux-yocto/5.4: update to v5.4.205 Date: Thu, 21 Jul 2022 11:38:18 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Jul 2022 21:38:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168395 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 0ec831fa971d Linux 5.4.205 1be11d7f3c89 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate b31ab132561c dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate f19026ede26e dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly 164e88024f82 dmaengine: pl330: Fix lockdep warning about non-static key 5af3f2a697d5 ida: don't use BUG_ON() for debugging d88022b41eff dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo aaf875578fd9 misc: rtsx_usb: set return value in rsp_buf alloc err path 29612c43a2c5 misc: rtsx_usb: use separate command and response buffers 0e517d0d7feb misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer 858c2d070895 dmaengine: imx-sdma: Allow imx8m for imx7 FW revs 67586906893c i2c: cadence: Unregister the clk notifier in error path acb72388aed5 selftests: forwarding: fix error message in learning_test 7adf3d45c460 selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT 681738560bf2 selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT 0711d15ccb27 ibmvnic: Properly dispose of all skbs during a failover. aa698affa62c ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt 6b4747d5af43 ARM: at91: pm: use proper compatible for sama5d2's rtc 123540275034 pinctrl: sunxi: sunxi_pconf_set: use correct offset 12a690536931 pinctrl: sunxi: a83t: Fix NAND function name for some pins 3cf8ece91132 ARM: meson: Fix refcount leak in meson_smp_prepare_cpus c465bbcd3c74 xfs: remove incorrect ASSERT in xfs_rename 845dac0276a5 can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits 9afdff9dd820 can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression 93f228fcbef2 can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info 0adb049bac09 powerpc/powernv: delay rng platform device creation until later in boot 782b65ee7bbe video: of_display_timing.h: include errno.h af93e8219734 fbcon: Prevent that screen size is smaller than font size 4f34f380f952 fbcon: Disallow setting font bigger than screen size 997d86cd3e39 fbmem: Check virtual screen sizes in fb_set_var() 407c1b491fbd fbdev: fbmem: Fix logo center image dx issue 14ff1184310f iommu/vt-d: Fix PCI bus rescan device hot add 800bb66ab275 net: rose: fix UAF bug caused by rose_t0timer_expiry 04894ab34faf usbnet: fix memory leak in error case 6f655b5e13fa can: gs_usb: gs_usb_open/close(): fix memory leak eb7bbd7728da can: grcan: grcan_probe(): remove extra of_node_get() 5b48f5711f1c can: bcm: use call_rcu() instead of costly synchronize_rcu() e7e3e90d6710 mm/slub: add missing TID updates on slab deactivation 3defefd22ad5 esp: limit skb_page_frag_refill use to a single page 49286fbdad47 Linux 5.4.204 0ac2845937ce clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() d40057538bee net: usb: qmi_wwan: add Telit 0x1070 composition ea89a522b4cc net: usb: qmi_wwan: add Telit 0x1060 composition 5c03cad51b84 xen/arm: Fix race in RB-tree based P2M accounting 60ac50daad36 xen/blkfront: force data bouncing when backend is untrusted ede57be88a5f xen/netfront: force data bouncing when backend is untrusted 04945b5beb73 xen/netfront: fix leaking data in shared pages 42112e8f9461 xen/blkfront: fix leaking data in shared pages b7c996abe545 selftests/rseq: Change type of rseq_offset to ptrdiff_t dc2825288012 selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area f89d15c9861c selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area 618da2318e15 selftests/rseq: Fix: work-around asm goto compiler bugs 58082d4e8186 selftests/rseq: Remove arm/mips asm goto compiler work-around 1c9f13880f47 selftests/rseq: Fix warnings about #if checks of undefined tokens 6f87493c3aa6 selftests/rseq: Fix ppc32 offsets by using long rather than off_t 4e9c8fd7f7f0 selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store d0ca70238f40 selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian 20e2f0108539 selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 71c04fdf59ca selftests/rseq: Introduce thread pointer getters f491e073b992 selftests/rseq: Introduce rseq_get_abi() helper 158d91ffe0be selftests/rseq: Remove volatile from __rseq_abi 7037c511f67d selftests/rseq: Remove useless assignment to cpu variable 9aa134cb66b4 selftests/rseq: introduce own copy of rseq uapi header 8417f4475959 selftests/rseq: remove ARRAY_SIZE define from individual tests b13119007056 rseq/selftests,x86_64: Add rseq_offset_deref_addv() 7b6bffcfb9d3 ipv6/sit: fix ipip6_tunnel_get_prl return value 05387c4ff568 sit: use min e99a98616191 net: dsa: bcm_sf2: force pause link settings ac9cd4f66a4d hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails ee25841221c1 xen/gntdev: Avoid blocking in unmap_grant_pages() 5eac00ef2a11 net: tun: avoid disabling NAPI twice 8f968872ec34 NFC: nxp-nci: Don't issue a zero length i2c_master_read() 37287fd28fb0 nfc: nfcmrvl: Fix irq_of_parse_and_map() return value 893825289ba8 net: bonding: fix use-after-free after 802.3ad slave unbind 6fdef80e7eaa net: bonding: fix possible NULL deref in rlb code bb1dc7cc576e net/sched: act_api: Notify user space if any actions were flushed before error 3b2ddeb89fe7 netfilter: nft_dynset: restore set element counter when failing to update 5b3a1c6bca38 s390: remove unneeded 'select BUILD_BIN2C' bdecd912e99a PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events e1284ec4a6d7 caif_virtio: fix race between virtio_device_ready() and ndo_open() 9204bc3e8722 net: ipv6: unexport __init-annotated seg6_hmac_net_init() 7a79f71f6931 usbnet: fix memory allocation in helpers 5af106f8e072 linux/dim: Fix divide by 0 in RDMA DIM 85d7d672e896 RDMA/qedr: Fix reporting QP timeout attribute ea0519bc578d net: tun: stop NAPI when detaching queues a8cf91902237 net: tun: unlink NAPI from device on destruction 22e75461014b selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test 1d877327da33 virtio-net: fix race between ndo_open() and virtio_device_ready() 7f89bb5d7102 net: usb: ax88179_178a: Fix packet receiving bb91556d2af0 net: rose: fix UAF bugs caused by timer handler 76a477d39836 SUNRPC: Fix READ_PLUS crasher 13816057eaf2 s390/archrandom: simplify back to earlier design and initialize earlier f157bd9cf377 dm raid: fix KASAN warning in raid5_add_disks 90de15357504 dm raid: fix accesses beyond end of raid member array b6125c5dc3d6 powerpc/bpf: Fix use of user_pt_regs in uapi 1ef2e87736a6 powerpc/prom_init: Fix kernel config grep d5e32f08e7f1 nvdimm: Fix badblocks clear off-by-one error 53fb996f2709 ipv6: take care of disable_policy when restoring routes Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++---------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 7fa1b81229..5bc1993cf2 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "fa8536530bdd6a87856aa6fe0af4f9ef4af21fe0" -SRCREV_meta ?= "010ac788e81b6cb6c3fd2367802eee9d8feac34f" +SRCREV_machine ?= "086bb7f7d2b47d654922e5cc526cc6274b28e319" +SRCREV_meta ?= "aaaf9f090dfb3160154b24fbc2f9a6e669babc87" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.203" +LINUX_VERSION ?= "5.4.205" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index d08658cf7e..769743856f 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.203" +LINUX_VERSION ?= "5.4.205" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "d92cd7d5916772a20105ef776c7f3bf433df55a4" -SRCREV_machine ?= "5f7c3e952857eb90a4113a41901bb770150af46b" -SRCREV_meta ?= "010ac788e81b6cb6c3fd2367802eee9d8feac34f" +SRCREV_machine_qemuarm ?= "6a3e65256e24a2ff0e4e9fcd877987fb8afd12f2" +SRCREV_machine ?= "d730b865a7cb7ff89efcf8ac725ca247283f3eeb" +SRCREV_meta ?= "aaaf9f090dfb3160154b24fbc2f9a6e669babc87" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 545c754c1d..1043da7208 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "bf4029e0d9ff2e65d654909d7e9df50dce294c77" -SRCREV_machine_qemuarm64 ?= "3e0dab732964f7bbc26671fee05be420fd02890a" -SRCREV_machine_qemumips ?= "e8bea70e0c6a527383f2351e4f3d189aedf543a3" -SRCREV_machine_qemuppc ?= "24cc2a066b8151925fdf86136b70b63cf37cc540" -SRCREV_machine_qemuriscv64 ?= "9eab27738de4b3222b1c99cdebf3bde9611ef9fa" -SRCREV_machine_qemux86 ?= "9eab27738de4b3222b1c99cdebf3bde9611ef9fa" -SRCREV_machine_qemux86-64 ?= "9eab27738de4b3222b1c99cdebf3bde9611ef9fa" -SRCREV_machine_qemumips64 ?= "5a5e07ef8df0e73b2f318b921f9262b49a6125d5" -SRCREV_machine ?= "9eab27738de4b3222b1c99cdebf3bde9611ef9fa" -SRCREV_meta ?= "010ac788e81b6cb6c3fd2367802eee9d8feac34f" +SRCREV_machine_qemuarm ?= "943e7e1f32e61dc7dd7a7029062e789219d81b14" +SRCREV_machine_qemuarm64 ?= "24d18667d92b460ee33480942306a0d9c80c491b" +SRCREV_machine_qemumips ?= "2d469a0343033962ecea678491852aa9457b8ff6" +SRCREV_machine_qemuppc ?= "85932dee050f49fa824fd9b49af7b8159fe28a8e" +SRCREV_machine_qemuriscv64 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86" +SRCREV_machine_qemux86 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86" +SRCREV_machine_qemux86-64 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86" +SRCREV_machine_qemumips64 ?= "0edbd472c7f0b51994d20d07bb26ead379dc10ed" +SRCREV_machine ?= "8a59dfded81659402005acfb06fbb00b71c8ce86" +SRCREV_meta ?= "aaaf9f090dfb3160154b24fbc2f9a6e669babc87" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.203" +LINUX_VERSION ?= "5.4.205" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Jul 21 21:38:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 10487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7A24C433EF for ; Thu, 21 Jul 2022 21:38:51 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web09.1046.1658439523134211153 for ; Thu, 21 Jul 2022 14:38:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Wb0kpLoZ; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id h132so2807526pgc.10 for ; Thu, 21 Jul 2022 14:38:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zm1XK9G37Ck3T57/TbXZgPAy1E9pzwgsUprmKCoGPz0=; b=Wb0kpLoZEfr3Pnf5uwYzn+M2B4wmmxg3bwZAbfg1qhMbyMdSXNk1DvwQq/uYXyP/pT TTOjIqXlPwHjZWoGoWqc1O9uDpDgRw1gtQtVvwrp0kb/f2xrDiQL9YmBKv1JgC+Xrx8P 3PyWfE+5DNnWpxw9MqIB8NpxDARIcPQa/888x459zBgLjPNeo7McCly0rnMgAFvZZNuk hubbLNfy35GfB4k/L6+rsu3Bbn5u7PDgjaMVG6cjvpnJ3+16yCO48wtpn1jj+RQiy+gT qr/GIJiSRzEH8h6JITfk9iZV5NH23GlVK9q9VuHRK0ty/j6BHRWqUeIvQdNgWUQnIAJl PAmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zm1XK9G37Ck3T57/TbXZgPAy1E9pzwgsUprmKCoGPz0=; b=X5EiVU6EAa7Y8byEvHy9FcLr+ol8WCkTlx372O4w6L6lWdVsLRuPMjhRq5l2O+OuET 2Egt645WNCJ9LXCr6TPpieJme0yoiInV64SQTU5hkpbGe1jcgKiIBDs1fTr3Zm+M8wDv 79qlXR1qqUMMy8/5tJC1OQOb6j010EfUm4xvYMoQbrxj/7ry8VhpLdHlteoj8qD1nK2e Dt355OGTXfvmP9oe7MMIjvODh8Nwo+7qM7DBKtFh/qRWYLuXO7qioFt/oT0um8jb/flv kO9yeMgTMQGO7hMt4T6GmS5ABbtAzs2dFDpzVY2UsAMWcwtLHOTVY8hkP7EJHJDyDO6A Rpqw== X-Gm-Message-State: AJIora9/AwVqQAP8mZndvX3bjWHB3jvBVLG8Z2vYgaizoD52MkGtrdGo 0mM8JLzBNpm3cMM0MXdv/DTKLzpPc5XPgmYU X-Google-Smtp-Source: AGRyM1uTfg6d7WKZeRhMvgCT5E7o8kmP83pGfWEGSqzQJuRo8v0lbeBTLzcoD8cwdmOEp3tOh1nRaA== X-Received: by 2002:a63:b443:0:b0:40c:fbf9:8366 with SMTP id n3-20020a63b443000000b0040cfbf98366mr348196pgu.308.1658439521504; Thu, 21 Jul 2022 14:38:41 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id x184-20020a6263c1000000b005283f9e9b19sm2194275pfb.180.2022.07.21.14.38.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jul 2022 14:38:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 4/4] linux-yocto-rt/5.4: fixup -rt build breakage Date: Thu, 21 Jul 2022 11:38:19 -1000 Message-Id: <597eef3b2f6cb884c474c44e87b1137e6acbe6b5.1658429064.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Jul 2022 21:38:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/168396 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.4: cc478e363cc3 rt: fixup random and irq/manage merge issues Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 5bc1993cf2..fe75aee4da 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,7 +11,7 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "086bb7f7d2b47d654922e5cc526cc6274b28e319" +SRCREV_machine ?= "cc478e363cc35064b58a871a4cc535aa973c5891" SRCREV_meta ?= "aaaf9f090dfb3160154b24fbc2f9a6e669babc87" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \