From patchwork Sun Nov 6 16:03:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 14998 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AD27C43217 for ; Sun, 6 Nov 2022 16:04:12 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web12.17573.1667750645926639926 for ; Sun, 06 Nov 2022 08:04:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=cU2Df7AS; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id l22-20020a17090a3f1600b00212fbbcfb78so12373475pjc.3 for ; Sun, 06 Nov 2022 08:04:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3s245h10/jc8nqBYl/qK3HY54rQhPrg6ICzvmaHzV8g=; b=cU2Df7ASSQ1WbnX0Ebm7X5Jh16/Oy/T/i7HOSeX26KcSP9F4wfXtxwV3otYuBaeIaB 8GhwZ/xPeXGVpkI4cybuayc3NuknO7fzwbgBbukQmcA+tuBCiDnbVVFQpRjXPhXtiAnY YT1eu6NDIOsKC5qDi+jHhn/4A2oo79bkSm4SzM4ICOCK0VPKhxB1XNDX1tAEy8iQK+H+ 8yCZWCd8ZYg/ArlC8fqhylaIE0wjohUO415liSprwaP6sCBXpEk2BkxoVXsoDNjcity2 MlKVOtdvDVPIoskP7eGbD8YH3JpkR4+oKLx/wwudYgD9DXoso/0TXbKSeHyt6pDzr4EY FdVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3s245h10/jc8nqBYl/qK3HY54rQhPrg6ICzvmaHzV8g=; b=s4UjChnA0NnfaP7PNAtLH0aeFJNlOqzoFp7xPxAhmuv1HD0EWfZCLyyyqwe2hBQ4uE iUjJDNR9gI0qcpwvWVJj4Zc2I9AssjPDA/MPaztJ5B1qgL2q9W24MYUBBZ1RDi0XfnW4 A2Gp+gVYzYu7V/14sjcyqdq20t70Shzj36P3hjzP6bOIochMJRuK73gRYBDXIzI03LjB ocGgpSUoGJdLHk65d1FmPGw5JHdGxos3VHq0ZswEv7Odlb/SVejirPegpXTz3XIv6Xo6 /DA8txzXsOrclquOLtlyoTTpYwSRGJ1f3oALvkBXrHZWywI9nAXuj4e6pQHpZ5pHr9bW GO8w== X-Gm-Message-State: ACrzQf0H+7Epmo1aDoPb6C3Q8Hxrg9RrveWI0uZzvZxbLSBg+ogjIDHr yAZFK1fnFHK7MuvjwR+G/2pOCnhGTk6VeR7j X-Google-Smtp-Source: AMsMyM4CQqWUslMVm+KeVTb0FguM28bfGBAkZiL/SwC/BVSmCV4EYZQQ8TKNLejoEnuC25IADE4lVQ== X-Received: by 2002:a17:90b:1bca:b0:213:c9ce:dad4 with SMTP id oa10-20020a17090b1bca00b00213c9cedad4mr41861737pjb.205.1667750644789; Sun, 06 Nov 2022 08:04:04 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:04 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 1/8] golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters Date: Sun, 6 Nov 2022 06:03:46 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172807 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-2880.patch | 164 ++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 2e1d8240f6..3341beb159 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -41,6 +41,7 @@ SRC_URI += "\ file://0002-CVE-2022-32190.patch \ file://0003-CVE-2022-32190.patch \ file://0004-CVE-2022-32190.patch \ + file://CVE-2022-2880.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch new file mode 100644 index 0000000000..8376dc45ba --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-2880.patch @@ -0,0 +1,164 @@ +From 753e3f8da191c2ac400407d83c70f46900769417 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Thu, 27 Oct 2022 12:22:41 +0530 +Subject: [PATCH] CVE-2022-2880 + +Upstream-Status: Backport [https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e] +CVE: CVE-2022-2880 +Signed-off-by: Hitendra Prajapati + +net/http/httputil: avoid query parameter + +Query parameter smuggling occurs when a proxy's interpretation +of query parameters differs from that of a downstream server. +Change ReverseProxy to avoid forwarding ignored query parameters. + +Remove unparsable query parameters from the outbound request + + * if req.Form != nil after calling ReverseProxy.Director; and + * before calling ReverseProxy.Rewrite. + +This change preserves the existing behavior of forwarding the +raw query untouched if a Director hook does not parse the query +by calling Request.ParseForm (possibly indirectly). +--- + src/net/http/httputil/reverseproxy.go | 36 +++++++++++ + src/net/http/httputil/reverseproxy_test.go | 74 ++++++++++++++++++++++ + 2 files changed, 110 insertions(+) + +diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go +index 2072a5f..c6fb873 100644 +--- a/src/net/http/httputil/reverseproxy.go ++++ b/src/net/http/httputil/reverseproxy.go +@@ -212,6 +212,9 @@ func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + } + + p.Director(outreq) ++ if outreq.Form != nil { ++ outreq.URL.RawQuery = cleanQueryParams(outreq.URL.RawQuery) ++ } + outreq.Close = false + + reqUpType := upgradeType(outreq.Header) +@@ -561,3 +564,36 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) { + _, err := io.Copy(c.backend, c.user) + errc <- err + } ++ ++func cleanQueryParams(s string) string { ++ reencode := func(s string) string { ++ v, _ := url.ParseQuery(s) ++ return v.Encode() ++ } ++ for i := 0; i < len(s); { ++ switch s[i] { ++ case ';': ++ return reencode(s) ++ case '%': ++ if i+2 >= len(s) || !ishex(s[i+1]) || !ishex(s[i+2]) { ++ return reencode(s) ++ } ++ i += 3 ++ default: ++ i++ ++ } ++ } ++ return s ++} ++ ++func ishex(c byte) bool { ++ switch { ++ case '0' <= c && c <= '9': ++ return true ++ case 'a' <= c && c <= 'f': ++ return true ++ case 'A' <= c && c <= 'F': ++ return true ++ } ++ return false ++} +diff --git a/src/net/http/httputil/reverseproxy_test.go b/src/net/http/httputil/reverseproxy_test.go +index 9a7223a..bc87a3b 100644 +--- a/src/net/http/httputil/reverseproxy_test.go ++++ b/src/net/http/httputil/reverseproxy_test.go +@@ -1269,3 +1269,77 @@ func TestSingleJoinSlash(t *testing.T) { + } + } + } ++ ++const ( ++ testWantsCleanQuery = true ++ testWantsRawQuery = false ++) ++ ++func TestReverseProxyQueryParameterSmugglingDirectorDoesNotParseForm(t *testing.T) { ++ testReverseProxyQueryParameterSmuggling(t, testWantsRawQuery, func(u *url.URL) *ReverseProxy { ++ proxyHandler := NewSingleHostReverseProxy(u) ++ oldDirector := proxyHandler.Director ++ proxyHandler.Director = func(r *http.Request) { ++ oldDirector(r) ++ } ++ return proxyHandler ++ }) ++} ++ ++func TestReverseProxyQueryParameterSmugglingDirectorParsesForm(t *testing.T) { ++ testReverseProxyQueryParameterSmuggling(t, testWantsCleanQuery, func(u *url.URL) *ReverseProxy { ++ proxyHandler := NewSingleHostReverseProxy(u) ++ oldDirector := proxyHandler.Director ++ proxyHandler.Director = func(r *http.Request) { ++ // Parsing the form causes ReverseProxy to remove unparsable ++ // query parameters before forwarding. ++ r.FormValue("a") ++ oldDirector(r) ++ } ++ return proxyHandler ++ }) ++} ++ ++func testReverseProxyQueryParameterSmuggling(t *testing.T, wantCleanQuery bool, newProxy func(*url.URL) *ReverseProxy) { ++ const content = "response_content" ++ backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ++ w.Write([]byte(r.URL.RawQuery)) ++ })) ++ defer backend.Close() ++ backendURL, err := url.Parse(backend.URL) ++ if err != nil { ++ t.Fatal(err) ++ } ++ proxyHandler := newProxy(backendURL) ++ frontend := httptest.NewServer(proxyHandler) ++ defer frontend.Close() ++ ++ // Don't spam output with logs of queries containing semicolons. ++ backend.Config.ErrorLog = log.New(io.Discard, "", 0) ++ frontend.Config.ErrorLog = log.New(io.Discard, "", 0) ++ ++ for _, test := range []struct { ++ rawQuery string ++ cleanQuery string ++ }{{ ++ rawQuery: "a=1&a=2;b=3", ++ cleanQuery: "a=1", ++ }, { ++ rawQuery: "a=1&a=%zz&b=3", ++ cleanQuery: "a=1&b=3", ++ }} { ++ res, err := frontend.Client().Get(frontend.URL + "?" + test.rawQuery) ++ if err != nil { ++ t.Fatalf("Get: %v", err) ++ } ++ defer res.Body.Close() ++ body, _ := io.ReadAll(res.Body) ++ wantQuery := test.rawQuery ++ if wantCleanQuery { ++ wantQuery = test.cleanQuery ++ } ++ if got, want := string(body), wantQuery; got != want { ++ t.Errorf("proxy forwarded raw query %q as %q, want %q", test.rawQuery, got, want) ++ } ++ } ++} +-- +2.25.1 + From patchwork Sun Nov 6 16:03:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 14999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 504ECC433FE for ; Sun, 6 Nov 2022 16:04:12 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.17771.1667750647610177340 for ; Sun, 06 Nov 2022 08:04:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=4WJ5o30n; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 78so8409551pgb.13 for ; Sun, 06 Nov 2022 08:04:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/ICLTZ5nuihrMT4rNxb0FXkJWhjj5eihvwL7MvjD0Tc=; b=4WJ5o30nj8szMLE9OHGJoW/IbjEaen7/e+Hs8ZRlE1aZOmDZr0nMiMCmyu/bizmTwB 6XFnWFPe/MNldgeCzHWyZshYds/oEUPL9BvhWrztu23Up6bJcqn8a1jacDIsTsdypKew 8C+82OkWUYnN3CO+2XtN7W8ezegK9DdfAQkreu7JrUIZ1Z0guaoRbR3hgtAwxJco8+CA Slh6mEPq1lbFuUPiIJ1HHv2fMPk0fVMsrOXxWJwe1e8v1X36KsYVDWk3KRlShy8ZAMQb ZOUs1etZ+jfZrjutqNx5BLC7g5vplNwkznXe66PaxdCkZRAdkjjrp1AQlruM4o4OvyQm Fz8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/ICLTZ5nuihrMT4rNxb0FXkJWhjj5eihvwL7MvjD0Tc=; b=obqJwCf+FFhft5GRJxXT26cpfUFyYCNaZuJCm7nUyFjYdTdooq1LqADt9jutki0LYV m9A991w4EKE1jX/IuP50nhbUz5C220sxfiHY8iPd9fcLWdUpLACSthPVUPm8VEgXQf/F hlcOnNC7W/d/dngsYOrOxLlEWArcaEyMM+9XOItoZeeQWY0pyAMJX+ulL0qhOFNDJWkr IQ9mAzhylYMsTYy2RZ06qmRkz1nevSvd5Vdsy0lCNeIEYahMxd5zzE6YiKcmW6VNzhbW NVY1fP0V4P6AwxkMlS76rzoapczD2IcZYY7Mj8laQUxY0sEzkVX7j7NVQNlyAK9ZsfLD XdJA== X-Gm-Message-State: ACrzQf18x+hxlzEUa9yi67eIEaQ7BU5t6cgXThZ5qKsxEctccGP6ftVg Aye1pCcLX5EbEZ/MyvRGyvGP66tnPEKPZyu7 X-Google-Smtp-Source: AMsMyM6lmNlrbezsksTI+K2IU2WsyhSZHKCcGMQOqV3w/Q4IMRTfT2tWa5PGM8u5sEM8Bl3+GSa1FA== X-Received: by 2002:a63:e53:0:b0:46e:c7be:16fc with SMTP id 19-20020a630e53000000b0046ec7be16fcmr647160pgo.462.1667750646612; Sun, 06 Nov 2022 08:04:06 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:06 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 2/8] libX11: CVE-2022-3554 Fix memory leak Date: Sun, 6 Nov 2022 06:03:47 -1000 Message-Id: <1d36df9c9ec0ea13c4e0c3794b0d97305e2c6ac1.1667750511.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172808 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../xorg-lib/libx11/CVE-2022-3554.patch | 58 +++++++++++++++++++ .../recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch new file mode 100644 index 0000000000..fb61195225 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch @@ -0,0 +1,58 @@ +From 8b51d1375a4dd6a7cf3a919da83d8e87e57e7333 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Wed, 2 Nov 2022 17:04:15 +0530 +Subject: [PATCH] CVE-2022-3554 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef] +CVE: CVE-2022-3554 +Signed-off-by: Hitendra Prajapati + +fix a memory leak in XRegisterIMInstantiateCallback + +Analysis: + + _XimRegisterIMInstantiateCallback() opens an XIM and closes it using + the internal function pointers, but the internal close function does + not free the pointer to the XIM (this would be done in XCloseIM()). + +Report/patch: + + Date: Mon, 03 Oct 2022 18:47:32 +0800 + From: Po Lu + To: xorg-devel@lists.x.org + Subject: Re: Yet another leak in Xlib + + For reference, here's how I'm calling XRegisterIMInstantiateCallback: + + XSetLocaleModifiers (""); + XRegisterIMInstantiateCallback (compositor.display, + XrmGetDatabase (compositor.display), + (char *) compositor.resource_name, + (char *) compositor.app_name, + IMInstantiateCallback, NULL); + and XMODIFIERS is: + + @im=ibus + +Signed-off-by: Thomas E. Dickey's avatarThomas E. Dickey +--- + modules/im/ximcp/imInsClbk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c +index 961aaba..0a8a874 100644 +--- a/modules/im/ximcp/imInsClbk.c ++++ b/modules/im/ximcp/imInsClbk.c +@@ -204,6 +204,9 @@ _XimRegisterIMInstantiateCallback( + if( xim ) { + lock = True; + xim->methods->close( (XIM)xim ); ++ /* XIMs must be freed manually after being opened; close just ++ does the protocol to deinitialize the IM. */ ++ XFree( xim ); + lock = False; + icb->call = True; + callback( display, client_data, NULL ); +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb index ff2a6f7265..72ab1d4150 100644 --- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb +++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb @@ -16,6 +16,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \ file://CVE-2020-14344.patch \ file://CVE-2020-14363.patch \ file://CVE-2021-31535.patch \ + file://CVE-2022-3554.patch \ " SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2" From patchwork Sun Nov 6 16:03:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15001 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56FE0C43219 for ; Sun, 6 Nov 2022 16:04:12 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web08.17567.1667750649379873045 for ; Sun, 06 Nov 2022 08:04:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Cf5IBk6K; spf=softfail (domain: sakoman.com, ip: 209.85.216.44, mailfrom: steve@sakoman.com) Received: by mail-pj1-f44.google.com with SMTP id l6so8508096pjj.0 for ; Sun, 06 Nov 2022 08:04:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ULwbGoYNT72gxmpGhUdxezikKhfyZVyoE50s+aSXUZ8=; b=Cf5IBk6KJCh0Thf+O46x8Q5UGYVEt5use2WHiJOGW3Cg3yKj3Okq5TgUc1Ie6DHtwP oRvKMF3I++qIbVBcQoBDv2sHnzjsVG10p9IKjEnnxbtEvlAUDn1mW3SyEri0csBGlOGm nD0zmYa3hjeC/I8miTQaG32SYt2hKFffUKy105Y2Ppvw44yeXSoFHaDCTSjCBZ3+FQjD Mf9pqbphCZGwwitnZfqSFPZv6CULloqOHdq1p3uKL+8oNPke1Vd9yGGQmEnjbFmdcHKC FaU3JNzZ+pHJDkNnWmhArtfMJ9gtSiOdHbHTAKKDCLCD8B3BwkTnfzLSzgfxjpR6SgCb AX7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ULwbGoYNT72gxmpGhUdxezikKhfyZVyoE50s+aSXUZ8=; b=AUjyu0Hk8u+l4qC4O6ENeam7HjUQQGqXnLaL+sAEsBGs6BA2i8v4i0C+JVkzMciHVw 7c47EpzSI7JYwJWBjeEX+E6ih3cmBChWvb8gTEopYZRtxCURysrjZa0lGnH5nN2SdR+K zeCnX683UH3FS87IhNMTuNaAgFdJTAvs5DRfwj9JBH2E78bZ4TgNb5pnEDpglDlB8Q6P eS8hXCBCSmAfD7CsA0ex9OCXl/HcGE/R7u2p+CNtw/TkFGfCq+cNKWfXu5Jh8zxppW8l Xpj/n0lDE7LI2M74DJvECCrIKBqasiGw+8Y8TGWX4VBIHUNSDpaNAB3YPrS3nkj0m/2q moMQ== X-Gm-Message-State: ACrzQf2yColwqDpUk8ULsv5mrtqnRrLoj2Tyvk4MmTTNgpAVFdL6P+dG EqTzdruQr16Ga9j7A/xETzdGFsLVCwGsq2r9 X-Google-Smtp-Source: AMsMyM5d5Z0uEb6jWfslg6mWeqjWfphIY8BpXoV4MPbEalgv64C+qOf/Q12QpOtUGqMfDk7f5D2t7g== X-Received: by 2002:a17:902:ea95:b0:186:a6b7:4410 with SMTP id x21-20020a170902ea9500b00186a6b74410mr47468287plb.109.1667750648412; Sun, 06 Nov 2022 08:04:08 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:07 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 3/8] expat: Fix CVE-2022-43680 for expat Date: Sun, 6 Nov 2022 06:03:48 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172809 From: Ranjitsinh Rathod Add a patch to fix CVE-2022-43680 issue where use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680 Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../expat/expat/CVE-2022-43680.patch | 33 +++++++++++++++++++ meta/recipes-core/expat/expat_2.2.9.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch new file mode 100644 index 0000000000..6f93bc3ed7 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch @@ -0,0 +1,33 @@ +From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Tue, 20 Sep 2022 02:44:34 +0200 +Subject: [PATCH] lib: Fix overeager DTD destruction in + XML_ExternalEntityParserCreate + +CVE: CVE-2022-43680 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4.patch] +Signed-off-by: Ranjitsinh Rathod +Comments: Hunk refreshed +--- + lib/xmlparse.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index aacd6e7fc..57bf103cc 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -1035,6 +1035,14 @@ parserCreate(const XML_Char *encodingNam + parserInit(parser, encodingName); + + if (encodingName && ! parser->m_protocolEncodingName) { ++ if (dtd) { ++ // We need to stop the upcoming call to XML_ParserFree from happily ++ // destroying parser->m_dtd because the DTD is shared with the parent ++ // parser and the only guard that keeps XML_ParserFree from destroying ++ // parser->m_dtd is parser->m_isParamEntity but it will be set to ++ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). ++ parser->m_dtd = NULL; ++ } + XML_ParserFree(parser); + return NULL; + } diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb index 578edfcbff..8a5006e59a 100644 --- a/meta/recipes-core/expat/expat_2.2.9.bb +++ b/meta/recipes-core/expat/expat_2.2.9.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \ file://CVE-2022-25315.patch \ file://libtool-tag.patch \ file://CVE-2022-40674.patch \ + file://CVE-2022-43680.patch \ " SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13" From patchwork Sun Nov 6 16:03:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15000 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49E60C4332F for ; Sun, 6 Nov 2022 16:04:12 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web09.17886.1667750651194663452 for ; Sun, 06 Nov 2022 08:04:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=0mBk/I+F; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id d13-20020a17090a3b0d00b00213519dfe4aso8331478pjc.2 for ; Sun, 06 Nov 2022 08:04:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=l+RAn+KEKbGC2dpv+DUNzaUtWaBHIhkNYyz9aGuyfHQ=; b=0mBk/I+FVb+l43bsMK91dSdG66WdMdRpPcvW4VTSnW44hSJWdAqzyeqDtQNa92YeGc CHiRFgcP0usl1dJ/Ws5hAfnYt4W05kZ8FcaI5cxipU69D9fh77z38SIXp3cnJzjkq6Wc snsMRS5rOEufgkFafs0CX0EF3wmBvuU63/IjlAByhb/MQSsPFn3b7xO+xWhJI31D2h4B GVJe4oWTskgd+m7QD7bD1qvRy1cS3qOBchNTCXOEA9wSVA1HGgp1pl5InW92PJRn6xd8 Kesw84NvmVjWAWpbsjqHJ6lgtXZKFioVpFggO/F0i+2NBgcLX755bHi67pnrcffyfCHA nYEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l+RAn+KEKbGC2dpv+DUNzaUtWaBHIhkNYyz9aGuyfHQ=; b=uI8PMzXWu8w/4IGUxJvKy/1Fc22te3nmVOIiCuJBjMig/Jjq2Dm+QEpAUptO87omA1 HAV+Cuj4nDozLf0gSXhslIsaVsbwn+70jKhqfJ52/w/O14JaBRp2Ggc5QwcLigzi5r3z 1nP53I/OIYSiVQZrlVDCsRvYi51UkfuEqu+FeWKA+xaaIJ0c9+21weVcfefuzHd7MbaU 3sn2wLdAF44hKLi8msEp67P6sl479cuqXvspgHoUA6kLIIu3YMiCdkSwERg1cqnDMgjx DXuMvkqG3hs0gMMyMaii6G7c/XzeYD3BItpRbjgRFIhzgHKpoc1iAje0UYqQwof/nyno Rg6A== X-Gm-Message-State: ACrzQf14PzK2LGavDKAlKQaUXBA3y/PCp5Pyn7e5uXsEgi4CTMXYQNEu WRiP1TyJJAeL5R44dEiMNj98Mf9/4Ndq+UTL X-Google-Smtp-Source: AMsMyM451poYFWgWEu1AbbEK/r2NBaqjf0zToJNCHQ7JMg3TL6M5bXOZvIe8klzqlWLRIXRPaFNh2w== X-Received: by 2002:a17:90a:de13:b0:213:eab9:5e38 with SMTP id m19-20020a17090ade1300b00213eab95e38mr37120793pjv.44.1667750650106; Sun, 06 Nov 2022 08:04:10 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 4/8] cve-update-db-native: add timeout to urlopen() calls Date: Sun, 6 Nov 2022 06:03:49 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172810 From: Frank de Brabander The urlopen() call can block indefinitely under some circumstances. This can result in the bitbake process to run endlessly because of the 'do_fetch' task of cve-update-bb-native to remain active. This adds a default timeout of 60 seconds to avoid this hang, while being large enough to minimize the risk of unwanted timeouts. Signed-off-by: Frank de Brabander Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit e5f6652854f544106b40d860de2946954de642f3) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 85874ead01..59e7d7dc2c 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -17,6 +17,9 @@ deltask do_populate_sysroot # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" +# Timeout for blocking socket operations, such as the connection attempt. +CVE_SOCKET_TIMEOUT ?= "60" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -39,6 +42,8 @@ python do_fetch() { db_file = d.getVar("CVE_CHECK_DB_FILE") db_dir = os.path.dirname(db_file) + cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) + if os.path.exists("{0}-journal".format(db_file)): # If a journal is present the last update might have been interrupted. In that case, # just wipe any leftovers and force the DB to be recreated. @@ -77,7 +82,7 @@ python do_fetch() { # Retrieve meta last modified date try: - response = urllib.request.urlopen(meta_url) + response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') bb.warn("Failed to fetch CVE data (%s)" % e.reason) @@ -104,7 +109,7 @@ python do_fetch() { # Update db with current year json file try: - response = urllib.request.urlopen(json_url) + response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout) if response: update_db(conn, gzip.decompress(response.read()).decode('utf-8')) conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() From patchwork Sun Nov 6 16:03:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15002 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43CD6C4332F for ; Sun, 6 Nov 2022 16:04:22 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.17722.1667750652715546454 for ; Sun, 06 Nov 2022 08:04:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=vXrZ1zgg; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id v17so9068326plo.1 for ; Sun, 06 Nov 2022 08:04:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3CgP3DbtW0rq4CYKFrLBggH1mZMAqU3TJt7+Ep1uQzY=; b=vXrZ1zggYHzmR7xdiFbtwkwG1Atx4wA9xorcnmhdd/pGrULrzxt59WROqGGpdkogua yU1+OvE88hS1rYbL1DpbWfv/VbdIMhEnFDsAdJsvyGkFp4galrAZ2BrK0kRSNCuNjncA pV+V/h7AdbEXk/Up5ncSDHKhtYx2ojzF6wwHdn9ZV9/946HXa3rdFmT7UXgO4qd3l8i/ FiuMbuAy0wzfUkMStuSfwzt4oAVEp9U/Vw7RQ75uZAkCGy3e7bVWDnmQMrJIaBArn9LH TtDpN3A1D9K80sJCqEYN5znW+VuXnFIb6rSN6drnZDdduU7hISsyLAQ7lDAp+iXhnuYl GxJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3CgP3DbtW0rq4CYKFrLBggH1mZMAqU3TJt7+Ep1uQzY=; b=DzVZgIMd7IBubGQJGRfJeHDbidn6LmeoUg9GOdtyX4uP2jyZu+CIYgiV8UKmUDcift 9QxxkD0MSxH/ciOC+MWl6nCQhI30l8HcEeRii58zwrNGrs7sOmMyKP9OKq64RvsUPs/7 tKNSkzeWYUhRkAFDmTtDnByhMA7xqadH4Cqe6DfRJVFH+KeSFC/gE1x4nGW5CcgDW5HD KdD9LOA+ny4xCzin1m0jUlc7LezuxddxNESZ/uTNt4IuGwkCu9/Tac2whsNQlQRFkenq uBevcosDE81NDBz+VoY9m14fEC1YhLyLQPFg1Pbz3zAaC4okR6drNmHTU1XrQZA8Y+iz eKjw== X-Gm-Message-State: ACrzQf2ZY6LkOuoCKVmU+C3oJlXfhvkZgrsBINbDlAiEFhL5onZElcjS mGSdnnut4f7i+EUG6zvF2D2+Hjj+2Sl633Ij X-Google-Smtp-Source: AMsMyM5Z8KMkDX6sXSYmCkmFwbM+q8hNSydZsiEfKFIIBsOsg7GN0ShgaKfaUEJaEep6g/bNHp8kqw== X-Received: by 2002:a17:903:2285:b0:188:505b:25f with SMTP id b5-20020a170903228500b00188505b025fmr20518484plh.71.1667750651786; Sun, 06 Nov 2022 08:04:11 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:11 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 5/8] vim: Upgrade 9.0.0598 -> 9.0.0614 Date: Sun, 6 Nov 2022 06:03:50 -1000 Message-Id: <30ade05280760253bb1de4f5d757363e1b7e4fc0.1667750511.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172811 From: Teoh Jay Shen Include fixes for CVE-2022-3352. Signed-off-by: Teoh Jay Shen Signed-off-by: Luca Ceresoli (cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index f2cd235329..e9fd7a3eec 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0598" -SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" +PV .= ".0614" +SRCREV = "ef976323e770315b5fca544efb6b2faa25674d15" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Sun Nov 6 16:03:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15003 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E8C0C43217 for ; Sun, 6 Nov 2022 16:04:22 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web09.17887.1667750654482618491 for ; Sun, 06 Nov 2022 08:04:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=LZ4FFzuF; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id p21so9044169plr.7 for ; Sun, 06 Nov 2022 08:04:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ADY2A/Kon2HfilIpy7soWAB/xmYiNWJgrT+pXA/1ydk=; b=LZ4FFzuF5XSKMz8hPynJCEUsBrGw/+IiK3a9+9IH2eOG9Q2eIAwSobnu26lWsLSAvk iA/n0di9n9RaL2Q949AnrT7NPQSFgsDu+ImBx7Pma0IUynGoVZF5oLJ3PvL72nOvvSVR 3uPZbsQIay+mBBCwcOTRmI9OgYS1gs89knf1tcrYOWUXHVKLr+6E+goO7G1mBSwdguXH izuj6eAyz1YUb/ZLkdrbebGWXiayj/GBclHZL/obTyyHaFEReC+xGBh3pxIqH6ZJ0lRO p6U91u40kSPNIyikqu1FCSX90EBV9VbuS3bdojaoJ6Obwu4eUMM5gwZ4qL7zWGs4v52O NGYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ADY2A/Kon2HfilIpy7soWAB/xmYiNWJgrT+pXA/1ydk=; b=p+AiPZECThpSIUWTzUwlFHPb1D7oNpJY6VIdgRh5bvBqMN7CTHjxz8D1E3KGHNarDt +Sj7pGDvkzf8xfwRn3ff10dwEQp9qLwqNpKdWHKtwYUfVJmhH2OW0JHxRNd4TPhi7GDi hl/6W9VF3KoRhCLDTTrnQ8mRK4MZyz7JnTKfTFoHZpfX1pJ5m0L1NVLvPJ4LStXWy5G/ ThWxtjQt0U3niFUSdKzED+5VTeChBZ7GxAbdpKMDgtCUY/Odu7cic7XleQ8xqQtv+0kE ceSm1COulkntsnkgMlqVKMBp1DmoFszNTKvQ5tMdNHTAJATmjwmYIvbM3DoVkplRBzq0 PHrw== X-Gm-Message-State: ACrzQf2rCT4OPiRo4ajQVmgbYTYoTmnnICYvb27nEyfCNem0rBwmwKzQ X0vHDL1IUSgQiyok3TiW0kl1nN1c0UwobLvM X-Google-Smtp-Source: AMsMyM5lwwUxkXsvDcswVmwXcqF1VNf85vi5yJt5MD226TDLk9pm1stTIPDv25y2FzT3Czns5a4pcg== X-Received: by 2002:a17:902:e803:b0:187:3a52:d262 with SMTP id u3-20020a170902e80300b001873a52d262mr28593142plg.85.1667750653601; Sun, 06 Nov 2022 08:04:13 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 6/8] tzdata: update to 2022d Date: Sun, 6 Nov 2022 06:03:51 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172812 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f) Signed-off-by: Steve Sakoman --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index d032fed356..d3c78e9157 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022c" +PV = "2022d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "3e7ce1f3620cc0481907c7e074d69910793285bffe0ca331ef1a6d1ae3ea90cc" -SRC_URI[tzdata.sha256sum] = "6974f4e348bf2323274b56dff9e7500247e3159eaa4b485dfa0cd66e75c14bfe" +SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0" +SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0" From patchwork Sun Nov 6 16:03:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15004 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A45DC4321E for ; Sun, 6 Nov 2022 16:04:22 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web08.17571.1667750656479486971 for ; Sun, 06 Nov 2022 08:04:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Ne51eKSC; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id g129so8422799pgc.7 for ; Sun, 06 Nov 2022 08:04:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PmaCXYSKM8fehfsPYvn9cHHfnUhnODty/4ZRsK7DAUk=; b=Ne51eKSCBTWhLn8uzPRdvffaJky1OwwiE9orNMIoqV6trb8/wSKZdJdt7vYQaSAUl1 jxtwPoP/ULws8rguez2uD2Q3hJ0pY5qsu9c7DwgclH3uFZ8ZrEDPbLfTTtYqffx5Drk2 LI61qE128YF/0ZALY2VhR/cCTsz5xeWwJB5ljCT57TdGh1XbpbcNSD7mBBGLYfAyOhoL kI5KV2m8EDddePH48et+1Scxyngf0Yh9tTEpZPaqo69cuZ5jmCOcTKfFvgj+KH/y7TyD umdV+DE6gUl7VAKsMRbPkfIECGNG9waQqNSiBE728UCTXL2Gs2HGuvngGqigoUtiURA4 BvVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PmaCXYSKM8fehfsPYvn9cHHfnUhnODty/4ZRsK7DAUk=; b=XTC0KenlvPfEKf+b+OdTNjxwmJN5Umeu1vP63mWAkTAYgTWWlxxHLv/stgv+j8voQJ F5urFL2NiO6DETS0YO2gpF0/cOv6f458ZvsIXHhxRcTSl55K54ywlLCSNaocAaCh9MF9 7jicN6RfwQUkla0pTPob7dPACE6OOCKUEIFijpLdMkK9gplsPUQg+v6dhUa4YItDlDoV Y0CgNKm1NlbAOJdtH7Lpj071V19XPT1cWnNFwkHFNQYRuPm+3Wz7RlPsVooldwHFHhhk P/ei7oSu6b0b4DYpRkmaItL1YeD0kNZWs7im82PqdcoOmnE0pDHEEAdu1d6dY6yrp7Hj 0kQg== X-Gm-Message-State: ACrzQf33euPdbpVpMJPwOe6b7NYYpBqkz3TP0Qd2LgkoPCnWg4IxO00n W6yrWRoIzCBF3kMcw7zjBZgoyNHKmms+edx0 X-Google-Smtp-Source: AMsMyM6RKMDp3rK7TNTVsQI4iwFbzzJB8M9uvE4ylRfaKyBr5VGUSR88QUmbzFAMZ9VduRd0v+eoxg== X-Received: by 2002:a63:ee4f:0:b0:46f:87a8:97ab with SMTP id n15-20020a63ee4f000000b0046f87a897abmr36400356pgk.349.1667750655525; Sun, 06 Nov 2022 08:04:15 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 7/8] coreutils: add openssl PACKAGECONFIG Date: Sun, 6 Nov 2022 06:03:52 -1000 Message-Id: <590d8f2bdbb7ea558b9e99e58a1dae2b5eb58153.1667750511.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172813 From: Daniel McGregor coreutils-native will pick up openssl on the host if it's GPL compatible (version >= 3), which causes uninative failures with hosts that don't have openssl3. Add a PACKAGECONFIG entry for openssl so it can be enabled, but isn't by default. Signed-off-by: Daniel McGregor Signed-off-by: Richard Purdie (cherry picked from commit 9859a8124a0c09ac38d476445e7df7097f41d153) Signed-off-by: Steve Sakoman --- meta/recipes-core/coreutils/coreutils_8.31.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/coreutils/coreutils_8.31.bb b/meta/recipes-core/coreutils/coreutils_8.31.bb index 3d569881e8..3841f71155 100644 --- a/meta/recipes-core/coreutils/coreutils_8.31.bb +++ b/meta/recipes-core/coreutils/coreutils_8.31.bb @@ -51,6 +51,7 @@ PACKAGECONFIG_class-nativesdk ??= "xattr" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl," PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,," +PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl" # [ df mktemp nice printenv base64 gets a special treatment and is not included in this bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \ From patchwork Sun Nov 6 16:03:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15005 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49BA0C43219 for ; Sun, 6 Nov 2022 16:04:22 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web09.17888.1667750658365772395 for ; Sun, 06 Nov 2022 08:04:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=p1gXfjGB; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id m6so8602602pfb.0 for ; Sun, 06 Nov 2022 08:04:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=q50Q3YcBRUaqfNd5gJW+VT5Weg9h+OdMwfD4l6moZTk=; b=p1gXfjGBXdNaJ74sRfPHjM8F8xGr4LiA0I8TA7CdeEjZkBbmaV/+9H4NbIKEzLAwsp tRgXjrZnRlDGzkEQ4K5rTMdf3kHBE4CS4taFcuewzYD3tlLVSphp6uolNfxrCEANb6m3 COEazaW1nmKtxe7rqK9+lyy+flWE9OCJcempKUs87glyGL6lxOUqf0uzPzwNIsxzRIIm vRFa68qRvPnv1c+WahoiJ2ZoNYpz+c50eIYXGIS30lEo9q+sNgsdtrUO+LtVPirZakNr d2E67+6d+/OtLYYIG2B9LksFZLin6MLOFA6jdGo3OjaIhRvobclF++9gwQUTu+Cgn6ks uM6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q50Q3YcBRUaqfNd5gJW+VT5Weg9h+OdMwfD4l6moZTk=; b=n1XvLBFmJwoxqyh1HVcpoHHrLA8zOj504+FqKRpg/FKIWE5P1s5V8lOnF03vA6kClm 7kdCQmeXhObwGd6SZTU6Dz/khyTTJJa60IInr4PGu2DjC9rgLSAsO6/hKP9pk3L/rw3h jCw2eVXvfPsJC4IWeOMlAEsDfrt42pPqXCeFIWYnUz/OxvNQLJWQ5gKjGtXznlO1sJT6 d7WghgHjwL3Ah0A6qGyrEM3dow/Z4j1cBeK1x6bYYW6bJS6RRjQ24xma8zb5lt08E1yE 6J4byS35qpCTSh61Y+UhkyFydYJjQD9/JyK79LQSmbtnlLMwUHc9gs/GLPHwPmawsOuK Tv4g== X-Gm-Message-State: ACrzQf0VZitN5PSbL+vPGZNTLv3m+XYnyUmA8ZLyzoivZ5haKPzFnNdK EEjgL6JjUJPZ6fDMqtdX/hGBosuk5Q+d05Wx X-Google-Smtp-Source: AMsMyM6HF09P881/qCNHLrUP1OUXsM+zrFQ9eWgBwf9lvFcdEoqBgGUPv+cCAhj7AoU7upCltPtBtA== X-Received: by 2002:a65:6e0e:0:b0:434:59e0:27d3 with SMTP id bd14-20020a656e0e000000b0043459e027d3mr38009523pgb.185.1667750657394; Sun, 06 Nov 2022 08:04:17 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id s11-20020a170902ea0b00b0018700ba9090sm3294683plg.185.2022.11.06.08.04.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Nov 2022 08:04:17 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 8/8] bluez5: add dbus to RDEPENDS Date: Sun, 6 Nov 2022 06:03:53 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 06 Nov 2022 16:04:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172814 From: Bartosz Golaszewski Unless we're using systemd, dbus is not pulled into the system automatically. Bluez5 will not work without dbus so add it to RDEPENDS explicitly. Signed-off-by: Bartosz Golaszewski Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 377ef7009a8638efe688b6b61f67ae399eb1f23d) Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/bluez5/bluez5.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index eaac9ee849..7ad054b3a7 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" DEPENDS = "dbus glib-2.0" +RDEPENDS:${PN} += "dbus" PROVIDES += "bluez-hcidump" RPROVIDES_${PN} += "bluez-hcidump"