From patchwork Sat Nov 19 17:47:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15687 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B3CAC4332F for ; Sat, 19 Nov 2022 17:48:08 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.26038.1668880078112827127 for ; Sat, 19 Nov 2022 09:47:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=I1+45Yvh; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id j12so7200666plj.5 for ; Sat, 19 Nov 2022 09:47:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ciUKVu1vAmiJHvYNTKTXNLF5pwVQJCAkhblRAsjOjQo=; b=I1+45Yvh1yaTluuZL6aUfX7Q/MMhrZO8fDpfjjFD2yhQ1ZzjHijCzUuC6wJBjj65kl lkIOoLY7zjhNFjvp5/oEPoaRGjBUfEP7KXAed9I9T88dIRxDhcowuzqT59lPb2TN5BwM ZxM9h9kXrEnYBglKnlLk+piNXgR5KSeHZD7jztedodNNb+5gqelS8zx8BoEZAbuRj9OI 11ZQo1Gmzj4lh26bAiRPqNd3Wrd9nGT9+gb6PJUZ086wxPSIzrmGgHrzgSASfNaKHsoP fdGzbqlb03AMahpEs0SBeR96nWhcH0fp8L6p9LCJ5GaVOAEwNF0tz3gs1DGyncC/9IwT X/GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ciUKVu1vAmiJHvYNTKTXNLF5pwVQJCAkhblRAsjOjQo=; b=h7RKNUVMDDCWaa+21OB5YrN02oGWGQTAAn2zzDuGSuIR0YclZS3garNY1IEyN4mQab r0f5mSIPw5HR/ea5YQ+ohmsp5Qfa+iGydbsJWe0Mgg4/IDF1OGV7tCow396aYOUguCHJ RUsTzyWdDPBmPznoH84W0nd+8T6sLWd9gaIS1meQMuhz+2xgJLcQEzEQYCDkKI24LpVX zFbfdjiApRfRhPPO31OE5DZc8r2K3DJ3jRcpy59n1AMzjzW8B4hmkZ7IiKMFU0fuTB1c E+3gvKeAXIGRRzpQ2t8AtEPf8j+L8Luwi2r6hE5ERZiIslBhkqx6e7fkJLagrHA54Ou4 YOJQ== X-Gm-Message-State: ANoB5pkNhlSHky9jMEpzIWK6Y/e9gZ45TuSp82xyP3+C0d/Fbv6MTuIx qGQ71EV86kPwaRh81JslM6dOrsyQ/dnIb6o0T8c= X-Google-Smtp-Source: AA0mqf5N+7iMTn9UU10ON0Ap9nRLEgjLfoqXf3MZWThs7PAM0QX8DSimVHGAZ+ZR8nFfl0aoP6/Fkg== X-Received: by 2002:a17:903:1342:b0:186:90a7:6b75 with SMTP id jl2-20020a170903134200b0018690a76b75mr4674847plb.23.1668880077071; Sat, 19 Nov 2022 09:47:57 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.47.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:47:56 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/21] sudo: CVE-2022-43995 heap-based overflow with very small passwords Date: Sat, 19 Nov 2022 07:47:29 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173519 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../sudo/sudo/CVE-2022-43995.patch | 59 +++++++++++++++++++ meta/recipes-extended/sudo/sudo_1.8.32.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2022-43995.patch diff --git a/meta/recipes-extended/sudo/sudo/CVE-2022-43995.patch b/meta/recipes-extended/sudo/sudo/CVE-2022-43995.patch new file mode 100644 index 0000000000..1336c7701d --- /dev/null +++ b/meta/recipes-extended/sudo/sudo/CVE-2022-43995.patch @@ -0,0 +1,59 @@ +From e1554d7996a59bf69544f3d8dd4ae683027948f9 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Tue, 15 Nov 2022 09:17:18 +0530 +Subject: [PATCH] CVE-2022-43995 + +Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050] +CVE: CVE-2022-43995 +Signed-off-by: Hitendra Prajapati + +Potential heap overflow for passwords < 8 +characters. Starting with sudo 1.8.0 the plaintext password buffer is +dynamically sized so it is not safe to assume that it is at least 9 bytes in +size. +Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz. +--- + plugins/sudoers/auth/passwd.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c +index 03c7a16..76a7824 100644 +--- a/plugins/sudoers/auth/passwd.c ++++ b/plugins/sudoers/auth/passwd.c +@@ -63,7 +63,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) + int + sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) + { +- char sav, *epass; ++ char des_pass[9], *epass; + char *pw_epasswd = auth->data; + size_t pw_len; + int matched = 0; +@@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + + /* + * Truncate to 8 chars if standard DES since not all crypt()'s do this. +- * If this turns out not to be safe we will have to use OS #ifdef's (sigh). + */ +- sav = pass[8]; + pw_len = strlen(pw_epasswd); +- if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) +- pass[8] = '\0'; ++ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { ++ strlcpy(des_pass, pass, sizeof(des_pass)); ++ pass = des_pass; ++ } + + /* + * Normal UN*X password check. +@@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + * only compare the first DESLEN characters in that case. + */ + epass = (char *) crypt(pass, pw_epasswd); +- pass[8] = sav; + if (epass != NULL) { + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + matched = !strncmp(pw_epasswd, epass, DESLEN); +-- +2.25.1 + diff --git a/meta/recipes-extended/sudo/sudo_1.8.32.bb b/meta/recipes-extended/sudo/sudo_1.8.32.bb index 8d16ec2538..10785beedf 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.32.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.32.bb @@ -4,6 +4,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0001-Include-sys-types.h-for-id_t-definition.patch \ file://0001-Fix-includes-when-building-with-musl.patch \ + file://CVE-2022-43995.patch \ " PAM_SRC_URI = "file://sudo.pam" From patchwork Sat Nov 19 17:47:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15685 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42386C4321E for ; Sat, 19 Nov 2022 17:48:08 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.26302.1668880080260198294 for ; Sat, 19 Nov 2022 09:48:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=G1fe4y6i; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 62so7621316pgb.13 for ; Sat, 19 Nov 2022 09:48:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=js3G/0tv12zGoR6DvCkwN1dcGoM0A5ogYKoQHEKycus=; b=G1fe4y6iaFhsIAn0XM8nfC05dEy0XKejorMXzkXaLNAgRz8/Vqx6G342H5xH3Lxazi hcC7b1vsKJVmO3G7e3BHfQMAPstos+3Ojg5M8M79Cm4hD3UcsfWhHJ50cOmQAhlY3fuU JAMGsg+5kOi3s50t3xujooe9vdKt12rtk2LYJeAiEIxd49HTMzehg1dLVXylO0Bh4FGB l67LbMCj6SviArNXv4by8Vp6fowIUPgwNwKVsFcnEoJvvcFJFzMho0uSKr3chkZUUEij BLN20kUnXIDm73lWz5Bo3iAfzX36kaZfntZDE4uiY9fhmr3z4p+gzwvIRBTFXsSjvsq+ E7+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=js3G/0tv12zGoR6DvCkwN1dcGoM0A5ogYKoQHEKycus=; b=olZF/0QSFFokkOXgHc6Zh3wQjQWj/7o561Q1HQ9Zv/35SiFZ8igGlE2KfEN7hzOCLe 7R/9DIt0OSjvvBYAR0XbgPcDh0Q+KXP8tGXvoAo9PejDbjprxdNPCu8F8E12nJ52awPU gUnzOn0phu2rT/BQVP124wyb153L7pg658l5SlccQSSBxr7B3YC9bXZCT55hjNYfPTWd bRtUcnD+nZlRqXL0jHdDrJiZxanV4zonVrFY+HKj211WpuoWw5vNoTcmDCZvPG3k3c1C m3ZvhTK5FmWBmrNOUaSopnpb6sjsLBKuUhNR0qqXepB7NTqbFolqJvePTyY8Rg6YwJc2 +YTA== X-Gm-Message-State: ANoB5pmgN1rw4+aNon4x3t77eaRA15T7LAkf+lVWHfva18aKdg/z7uBa Vn3bze5YXiz1T5xekgwkCve3mUoOyzZtzyp4/IQ= X-Google-Smtp-Source: AA0mqf7EHGPN8dLwN6vx/vzogWhj/Ea4hllOiKRNy1rCtKEMZCK1eY1uITxop/qunObmWkk9kH1NQQ== X-Received: by 2002:a62:1d86:0:b0:56d:d08c:baf0 with SMTP id d128-20020a621d86000000b0056dd08cbaf0mr13399285pfd.72.1668880079206; Sat, 19 Nov 2022 09:47:59 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.47.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:47:58 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/21] systemd: Fix CVE-2022-3821 issue Date: Sat, 19 Nov 2022 07:47:30 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173520 From: Ranjitsinh Rathod An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. Add a patch to solve above CVE issue Link: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../systemd/systemd/CVE-2022-3821.patch | 47 +++++++++++++++++++ meta/recipes-core/systemd/systemd_244.5.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch new file mode 100644 index 0000000000..f9c6704cfc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch @@ -0,0 +1,47 @@ +From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 7 Jul 2022 18:27:02 +0900 +Subject: [PATCH] time-util: fix buffer-over-run + +Fixes #23928. + +CVE: CVE-2022-3821 +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e.patch] +Signed-off-by: Ranjitsinh Rathod +Comment: Both the hunks refreshed to backport + +--- + src/basic/time-util.c | 2 +- + src/test/test-time-util.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index abbc4ad5cd70..26d59de12348 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t + t = b; + } + +- n = MIN((size_t) k, l); ++ n = MIN((size_t) k, l-1); + + l -= n; + p += n; +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index e8e4e2a67bb1..58c5fa9be40c 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -501,6 +501,12 @@ int main(int argc, char *argv[]) { + test_format_timespan(1); + test_format_timespan(USEC_PER_MSEC); + test_format_timespan(USEC_PER_SEC); ++ ++ /* See issue #23928. */ ++ _cleanup_free_ char *buf; ++ assert_se(buf = new(char, 5)); ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); ++ + test_timezone_is_valid(); + test_get_timezones(); + test_usec_add(); diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index f3e5395465..77ef2bc42f 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -33,6 +33,7 @@ SRC_URI += "file://touchscreen.rules \ file://CVE-2021-3997-1.patch \ file://CVE-2021-3997-2.patch \ file://CVE-2021-3997-3.patch \ + file://CVE-2022-3821.patch \ " # patches needed by musl From patchwork Sat Nov 19 17:47:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15686 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B3BCC433FE for ; Sat, 19 Nov 2022 17:48:08 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web11.26039.1668880082241181972 for ; Sat, 19 Nov 2022 09:48:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=GBEJJyiV; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id f3so7683615pgc.2 for ; Sat, 19 Nov 2022 09:48:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LfQgRLUijI/VHAAqENJBkHD48BaaU9IDiUBit2ygm/w=; b=GBEJJyiVyb7qQitdsp5LZXpQlrcIdn0iyWM5jhI46jjQqJ9r7QTQofQ8Hdh/1czuXM ZASseLBMfFMHgcffHC3OByqWvrCmFR5Ut36lPgxcJGV1mP63fdDiy0Gwp820n2VLQ6Zp E536rGnteu/iLOlQ4jd1FjMbfwpVAJ4tkBdNh5vonDrs6b7LJ0+vuGegT0K8b8uG9lCY 0A9MC0v+TKf3TQDKM2n0FQHiAbjIkGnmJB3d/BvhEUbOyhRuYfc3jUpkmrcb1vH3ET8w qj0OsWfQLyXo9jHPe6bHFjvs1l2CBOT4svMC6E9puSRP1/Yfwc9XadUusWnGDt0Bfs5C vqvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LfQgRLUijI/VHAAqENJBkHD48BaaU9IDiUBit2ygm/w=; b=3zyx8LwrzRo6LqAKyML3oBex+Xhseuu+WKVeZQ5XzqFaI5NpF9u2r/4cqyK6SAR3HF Ckig79ZfNiAxTSJ7ErKquBHixe+UPD7yeCGsENxnVt0zCzZNZZ90JxNUSnPTuhTWnXxU +BqdI0LO5MH3xFqorCDddr1mkpDMSKYy9RraeqbOkQCPfaNxVFP7j4nf/hEJfDFX5q9+ RRgIOkOnD/qmx/L55HRahGUKhmM5LWeGoWAUQM3UKrzHrVA8v1Y749U0TUnx7B0i2TCC MugAtKm3dxtyTwKML0NR9wWaGITI/Dxi5fGBWjIlx+O82jmevPRm4qWgu9VJnC/dDeSg WxvQ== X-Gm-Message-State: ANoB5pm9mD47RBBJuhnAcji4GAp9BHo0SO+M3s/ZoBDJRYdkwjCfvfKy xcKb4tvlWSql24egMdTVa/hKVXnw5glNt8gZy3g= X-Google-Smtp-Source: AA0mqf6uanJqr/eYmqVXynN2nOgG3Zg2IzNbV33rZ33SqaNnFgXFpzFkkFSZQOBYaGP04Tk3a+C+/w== X-Received: by 2002:a63:134a:0:b0:476:bfca:112d with SMTP id 10-20020a63134a000000b00476bfca112dmr11611562pgt.574.1668880081146; Sat, 19 Nov 2022 09:48:01 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:00 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/21] python3: Fix CVE-2022-45061 Date: Sat, 19 Nov 2022 07:47:31 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173521 From: Omkar Fix CVE-2022-45061, referenced as https://github.com/python/cpython/issues/98433 patch taken from https://github.com/python/cpython/pull/99231/commits/064ec20bf7a181ba5fa961aaa12973812aa6ca5d Signed-off-by: Omkar Signed-off-by: Steve Sakoman --- .../python/files/CVE-2022-45061.patch | 100 ++++++++++++++++++ .../recipes-devtools/python/python3_3.8.14.bb | 1 + 2 files changed, 101 insertions(+) create mode 100644 meta/recipes-devtools/python/files/CVE-2022-45061.patch diff --git a/meta/recipes-devtools/python/files/CVE-2022-45061.patch b/meta/recipes-devtools/python/files/CVE-2022-45061.patch new file mode 100644 index 0000000000..647bf59908 --- /dev/null +++ b/meta/recipes-devtools/python/files/CVE-2022-45061.patch @@ -0,0 +1,100 @@ +From 064ec20bf7a181ba5fa961aaa12973812aa6ca5d Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 7 Nov 2022 18:57:10 -0800 +Subject: [PATCH] [3.11] gh-98433: Fix quadratic time idna decoding. (GH-99092) + (GH-99222) + +There was an unnecessary quadratic loop in idna decoding. This restores +the behavior to linear. + +(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d) + +(cherry picked from commit a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15) + +Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> +Co-authored-by: Gregory P. Smith + +CVE: CVE-2022-45061 +Upstream-Status: Backport [https://github.com/python/cpython/pull/99231/commits/064ec20bf7a181ba5fa961aaa12973812aa6ca5d] +Signed-off-by: Omkar Patil + +--- + Lib/encodings/idna.py | 32 +++++++++---------- + Lib/test/test_codecs.py | 6 ++++ + ...2-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 ++++ + 3 files changed, 27 insertions(+), 17 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst + +diff --git a/Lib/encodings/idna.py b/Lib/encodings/idna.py +index ea4058512fe3..bf98f513366b 100644 +--- a/Lib/encodings/idna.py ++++ b/Lib/encodings/idna.py +@@ -39,23 +39,21 @@ def nameprep(label): + + # Check bidi + RandAL = [stringprep.in_table_d1(x) for x in label] +- for c in RandAL: +- if c: +- # There is a RandAL char in the string. Must perform further +- # tests: +- # 1) The characters in section 5.8 MUST be prohibited. +- # This is table C.8, which was already checked +- # 2) If a string contains any RandALCat character, the string +- # MUST NOT contain any LCat character. +- if any(stringprep.in_table_d2(x) for x in label): +- raise UnicodeError("Violation of BIDI requirement 2") +- +- # 3) If a string contains any RandALCat character, a +- # RandALCat character MUST be the first character of the +- # string, and a RandALCat character MUST be the last +- # character of the string. +- if not RandAL[0] or not RandAL[-1]: +- raise UnicodeError("Violation of BIDI requirement 3") ++ if any(RandAL): ++ # There is a RandAL char in the string. Must perform further ++ # tests: ++ # 1) The characters in section 5.8 MUST be prohibited. ++ # This is table C.8, which was already checked ++ # 2) If a string contains any RandALCat character, the string ++ # MUST NOT contain any LCat character. ++ if any(stringprep.in_table_d2(x) for x in label): ++ raise UnicodeError("Violation of BIDI requirement 2") ++ # 3) If a string contains any RandALCat character, a ++ # RandALCat character MUST be the first character of the ++ # string, and a RandALCat character MUST be the last ++ # character of the string. ++ if not RandAL[0] or not RandAL[-1]: ++ raise UnicodeError("Violation of BIDI requirement 3") + + return label + +diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py +index d1faf0126c1e..37ade7d80d02 100644 +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1532,6 +1532,12 @@ def test_builtin_encode(self): + self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") + self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") + ++ def test_builtin_decode_length_limit(self): ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*1100).decode("idna") ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*70).decode("idna") ++ + def test_stream(self): + r = codecs.getreader("idna")(io.BytesIO(b"abc")) + r.read(3) +diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +new file mode 100644 +index 000000000000..5185fac2e29d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +@@ -0,0 +1,6 @@ ++The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` ++related name resolution functions no longer involves a quadratic algorithm. ++This prevents a potential CPU denial of service if an out-of-spec excessive ++length hostname involving bidirectional characters were decoded. Some protocols ++such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker ++to supply such a name. diff --git a/meta/recipes-devtools/python/python3_3.8.14.bb b/meta/recipes-devtools/python/python3_3.8.14.bb index 035eda9ecd..cbf57684ca 100644 --- a/meta/recipes-devtools/python/python3_3.8.14.bb +++ b/meta/recipes-devtools/python/python3_3.8.14.bb @@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ file://makerace.patch \ + file://CVE-2022-45061.patch \ " SRC_URI_append_class-native = " \ From patchwork Sat Nov 19 17:47:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15684 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BD75C4167B for ; Sat, 19 Nov 2022 17:48:08 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web10.26305.1668880084153380796 for ; Sat, 19 Nov 2022 09:48:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=gwcod9OT; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id w3-20020a17090a460300b00218524e8877so9117858pjg.1 for ; Sat, 19 Nov 2022 09:48:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XvQrBVeXcxu0NdbYKROb6jSW68W2I1C1ZQRtDatulUw=; b=gwcod9OTyuy89PhKTD3FMshGO/7950EdftKnaFVANCxUYdxbH/iUX0Ra/ASfSKyz3+ q0BjycG9JFA/rDwFZI6EX/071QjYfUomOCc99xt96pmRhUYbmXXSQaTj7n2fp4I6sEkh kpGFitH0UkUOInATNGSBY5QhbuG+sdpjBeOFm4rCZHB+Wa64jCdw/mnA9IaLlu8CYVBw zXOqY3cZ/jKGwVA/uWB53yyvDQG8yevfuMvXKmAuqsUsA+zDVqY633jlyyZuNfEvqCqf WSZXNAUPWHAEuzv6c2QWCEbXNA2QXDN4ih67UsBMEEA1ak5EvYYDpfNopvSH7c5pEWqD w7uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XvQrBVeXcxu0NdbYKROb6jSW68W2I1C1ZQRtDatulUw=; b=Fv3b2dDEEtqfjvgQidtAicqcMr7L5ZJ05wHL5UFi/ntsXCXmwBhdITM7nWg68qdIj+ L4DcXddJyeKf+yTjMP4CfjmGsKd1i0xaW6mTMWxOmrjz7sDVnALO+aiTGvOOW0r9ZFbx rgiZd0WELjZwWvy68vd5K1P7Waiy1z/4L711YMe9fYpywq99G7ugruKaKfTDm3bER0qj FYDpCJai11Brq8A5ISNiv8SU4RaH4y6kYCVEWcZ8KBqxEC/XbbAu1D1ZQPEptw8wDeW3 yW5UgvZr9R1ihRBvJnr//wryA4dMLSkhBdpkCrlDMSRy/xs3WcDe5XZEwXvrijVUA10G oGBA== X-Gm-Message-State: ANoB5pnYrFv4xGirfAnSn6ctqb6+SYZ6BW13O8ao98jggPuXRvnuyvRj OzmsDW4hwDm1vhaNCg8yzDoVMaZ9Gfwm5PdFk5Y= X-Google-Smtp-Source: AA0mqf5yt+zs2xiL+ZsnhjO6OmjX+J3k4CZdlYRZ2AhTr98FIq0hM/q9sHoV7FNVEcbRsO4HsF8t8g== X-Received: by 2002:a17:90b:2552:b0:212:f8d0:a075 with SMTP id nw18-20020a17090b255200b00212f8d0a075mr12884846pjb.92.1668880083148; Sat, 19 Nov 2022 09:48:03 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:02 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/21] libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der Date: Sat, 19 Nov 2022 07:47:32 -1000 Message-Id: <20ef1066860254b9dbfbcc68fff3af8f965fcc61.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173522 From: Vivek Kumbhar Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5] Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- .../gnutls/libtasn1/CVE-2021-46848.patch | 45 +++++++++++++++++++ .../recipes-support/gnutls/libtasn1_4.16.0.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch new file mode 100644 index 0000000000..9a8ceecbe7 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch @@ -0,0 +1,45 @@ +From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001 +From: Vivek Kumbhar +Date: Thu, 17 Nov 2022 12:07:50 +0530 +Subject: [PATCH] CVE-2021-46848 + +Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5] +CVE: CVE-2021-46848 +Signed-off-by: Vivek Kumbhar + +Fix ETYPE_OK off by one array size check. +--- + NEWS | 4 ++++ + lib/int.h | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index f042481..d8f684e 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,9 @@ + GNU Libtasn1 NEWS -*- outline -*- + ++* Noteworthy changes in release ?.? (????-??-??) [?] ++- Fix ETYPE_OK out of bounds read. Closes: #32. ++- Update gnulib files and various maintenance fixes. ++ + * Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable] + - asn1_decode_simple_ber: added support for constructed definite + octet strings. This allows this function decode the whole set of +diff --git a/lib/int.h b/lib/int.h +index ea16257..c877282 100644 +--- a/lib/int.h ++++ b/lib/int.h +@@ -97,7 +97,7 @@ typedef struct tag_and_class_st + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ +- (etype) <= _asn1_tags_size && \ ++ (etype) < _asn1_tags_size && \ + _asn1_tags[(etype)].desc != NULL)?1:0) + + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ +-- +2.25.1 + diff --git a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb index 8d3a14506a..d2b3c492ec 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://dont-depend-on-help2man.patch \ + file://CVE-2021-46848.patch \ " DEPENDS = "bison-native" From patchwork Sat Nov 19 17:47:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15683 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 302B8C43219 for ; Sat, 19 Nov 2022 17:48:08 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.26041.1668880086367882744 for ; Sat, 19 Nov 2022 09:48:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=l6GS74H4; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id k22so7791542pfd.3 for ; Sat, 19 Nov 2022 09:48:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lTZsqj6H60SZTllrRe8wuD4tyQfisAPs2geiikxtcmo=; b=l6GS74H470FC8KZaIUtW8CEetgghMlt0+5lGVRlSqu5+Qe4EsaPSTIdg1UcTbr0KmG FPB6By1SXv463368U9kir5cs1Wufl3hBHgEyKed4+mG1p+pYT02RGexfJ57QW/TBRAs+ i84DKtfp7/6wJsIfkG+vGbH1A12Qu426F8JhPw7bEsgnpnehaQSLvW9T+BzLWBhqciLK +ZCnn9AEvQptajEe0v7ozdapXfu5UF1npeWofbdqS0GRD+g/L824Nk9WBj5FIMRShAj5 5XvekvJI2lpU+PrEMVO+zm45uKjpxx8WezAXPwdgWSKzKyohiSRF90pqsjq6tphUiY3z cdIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lTZsqj6H60SZTllrRe8wuD4tyQfisAPs2geiikxtcmo=; b=pgRa2ebPjOqCy7MLqFG4I9gEQXMJTjygGEDM2WlbjXXbnam0V7ufimgoRp4E9gc8dP zXlXJu7Ve3DVqtQlGSxlEtPvrUPcFpUtDbjfq2+eTY3/4iG6Wgs8SY/uJF/TjWW/oYyu PmHPc6QAl5DWgPetCTaftdm3qEywSDSb6n4oAN3CmE1bMC5R72MH45ulP5R5SINGAHvs Lrkuft4sd4Ma0yTd6bZXjBwF9dnlHYKrI7tWsEW2v94xn+fBewqI3HW4STMyS7rEv+PG om6laq3g6PAdR/mSmUT99vbesDLOPThIrg72mnoPNi3rOUo0+onZX/7dX7BzafueUsrY UkXA== X-Gm-Message-State: ANoB5pmylrZg8ipO65QV6z7UO5pBP0PsKfpkX1jigCtbpzj31kNzRfdt b3VVumEjRDFV9mf03XBshSCrrvghFpIYMDcOP/4= X-Google-Smtp-Source: AA0mqf5boRBMRW2iSx5iGkfaBgm191uUA1tiu/A84Tuft7Olrc06L4UlXB2QNx0imG6hG5HbhTkgaQ== X-Received: by 2002:a63:4a44:0:b0:476:837b:d4c4 with SMTP id j4-20020a634a44000000b00476837bd4c4mr11109157pgl.524.1668880085096; Sat, 19 Nov 2022 09:48:05 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:04 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/21] libxml2: Fix CVE-2022-40303 Date: Sat, 19 Nov 2022 07:47:33 -1000 Message-Id: <46ea70448ea444b508d4e8297f4ab5f5ee6a50b8.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173523 From: Bhabu Bindu Fix integer overflows with XML_PARSE_HUGE Link: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 Upstream-Status: Pending Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2022-40303.patch | 623 ++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 + 2 files changed, 624 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch new file mode 100644 index 0000000000..bdb9e9eb7a --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch @@ -0,0 +1,623 @@ +From c846986356fc149915a74972bf198abc266bc2c0 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Thu, 25 Aug 2022 17:43:08 +0200 +Subject: [PATCH] [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE + +Also impose size limits when XML_PARSE_HUGE is set. Limit size of names +to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to +XML_MAX_HUGE_LENGTH (1 billion bytes). + +Move some the length checks to the end of the respective loop to make +them strict. + +xmlParseEntityValue didn't have a length limitation at all. But without +XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. + +Thanks to Maddie Stone working with Google Project Zero for the report! + +CVE: CVE-2022-40303 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0] +Comments: Refreshed hunk + +Signed-off-by: Bhabu Bindu +--- + parser.c | 233 +++++++++++++++++++++++++++++-------------------------- + 1 file changed, 121 insertions(+), 112 deletions(-) + +diff --git a/parser.c b/parser.c +index 93f031be..79479979 100644 +--- a/parser.c ++++ b/parser.c +@@ -102,6 +102,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt); + * * + ************************************************************************/ + ++#define XML_MAX_HUGE_LENGTH 1000000000 ++ + #define XML_PARSER_BIG_ENTITY 1000 + #define XML_PARSER_LOT_ENTITY 5000 + +@@ -552,7 +554,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info) + errmsg = "Malformed declaration expecting version"; + break; + case XML_ERR_NAME_TOO_LONG: +- errmsg = "Name too long use XML_PARSE_HUGE option"; ++ errmsg = "Name too long"; + break; + #if 0 + case: +@@ -3202,6 +3204,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNameComplex++; +@@ -3267,7 +3272,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } +@@ -3293,13 +3299,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3338,7 +3344,10 @@ const xmlChar * + xmlParseName(xmlParserCtxtPtr ctxt) { + const xmlChar *in; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + GROW; + +@@ -3362,8 +3371,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) { + in++; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3384,6 +3392,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + size_t startPosition = 0; + + #ifdef DEBUG +@@ -3404,17 +3415,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */ + (xmlIsNameChar(ctxt, c) && (c != ':'))) { + if (count++ > XML_PARSER_CHUNK_SIZE) { +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- return(NULL); +- } + count = 0; + GROW; + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + if (c == 0) { +@@ -3432,8 +3439,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3459,7 +3465,10 @@ static const xmlChar * + xmlParseNCName(xmlParserCtxtPtr ctxt) { + const xmlChar *in, *e; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNCName++; +@@ -3484,8 +3493,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { + goto complex; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3567,6 +3575,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + const xmlChar *cur = *str; + int len = 0, l; + int c; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseStringName++; +@@ -3602,12 +3613,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3621,14 +3626,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + COPY_BUF(l,buffer,len,c); + cur += l; + c = CUR_SCHAR(cur, l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + *str = cur; + return(buffer); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3655,6 +3664,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNmToken++; +@@ -3706,12 +3718,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((max > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3725,6 +3731,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + COPY_BUF(l,buffer,len,c); + NEXTL(l); + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + return(buffer); +@@ -3732,8 +3743,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + } + if (len == 0) + return(NULL); +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); + return(NULL); + } +@@ -3759,6 +3769,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int c, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlChar stop; + xmlChar *ret = NULL; + const xmlChar *cur = NULL; +@@ -3818,6 +3831,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + GROW; + c = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED, ++ "entity value too long\n"); ++ goto error; ++ } + } + buf[len] = 0; + if (ctxt->instate == XML_PARSER_EOF) +@@ -3905,6 +3924,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + xmlChar *rep = NULL; + size_t len = 0; + size_t buf_size = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int c, l, in_space = 0; + xmlChar *current = NULL; + xmlEntityPtr ent; +@@ -3925,16 +3925,6 @@ + while (((NXT(0) != limit) && /* checked */ + (IS_CHAR(c)) && (c != '<')) && + (ctxt->instate != XML_PARSER_EOF)) { +- /* +- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE +- * special option is given +- */ +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } + if (c == 0) break; + if (c == '&') { + in_space = 0; +@@ -4093,6 +4105,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } + GROW; + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, ++ "AttValue length too long\n"); ++ goto mem_error; ++ } + } + if (ctxt->instate == XML_PARSER_EOF) + goto error; +@@ -4114,16 +4131,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } else + NEXT; + +- /* +- * There we potentially risk an overflow, don't allow attribute value of +- * length more than INT_MAX it is a very reasonable assumption ! +- */ +- if (len >= INT_MAX) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } +- + if (attlen != NULL) *attlen = (int) len; + return(buf); + +@@ -4194,6 +4201,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int cur, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar stop; + int state = ctxt->instate; + int count = 0; +@@ -4221,13 +4231,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); +- xmlFree(buf); +- ctxt->instate = (xmlParserInputState) state; +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4256,6 +4259,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); ++ xmlFree(buf); ++ ctxt->instate = (xmlParserInputState) state; ++ return(NULL); ++ } + } + buf[len] = 0; + ctxt->instate = (xmlParserInputState) state; +@@ -4283,6 +4292,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar cur; + xmlChar stop; + int count = 0; +@@ -4310,12 +4322,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + if (len + 1 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); +- xmlFree(buf); +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4343,6 +4349,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR; + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); ++ xmlFree(buf); ++ return(NULL); ++ } + } + buf[len] = 0; + if (cur != stop) { +@@ -4742,6 +4753,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + int r, rl; + int cur, l; + size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int inputid; + + inputid = ctxt->input->id; +@@ -4787,13 +4801,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + if ((r == '-') && (q == '-')) { + xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL); + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, +- "Comment too big found", NULL); +- xmlFree (buf); +- return; +- } + if (len + 5 >= size) { + xmlChar *new_buf; + size_t new_size; +@@ -4831,6 +4838,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + GROW; + cur = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, ++ "Comment too big found", NULL); ++ xmlFree (buf); ++ return; ++ } + } + buf[len] = 0; + if (cur == 0) { +@@ -4875,6 +4889,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t size = XML_PARSER_BUFFER_SIZE; + size_t len = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlParserInputState state; + const xmlChar *in; + size_t nbchar = 0; +@@ -4958,8 +4975,7 @@ get_more: + buf[len] = 0; + } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, + "Comment too big found", NULL); + xmlFree (buf); +@@ -5159,6 +5175,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t len = 0; + size_t size = XML_PARSER_BUFFER_SIZE; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int cur, l; + const xmlChar *target; + xmlParserInputState state; +@@ -5234,14 +5253,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + return; + } + count = 0; +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + } + COPY_BUF(l,buf,len,cur); + NEXTL(l); +@@ -5251,15 +5262,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + GROW; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, ++ "PI %s too big found", target); ++ xmlFree(buf); ++ ctxt->instate = state; ++ return; ++ } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + buf[len] = 0; + if (cur != '?') { + xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +@@ -8954,6 +8964,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + const xmlChar *in = NULL, *start, *end, *last; + xmlChar *ret = NULL; + int line, col; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + GROW; + in = (xmlChar *) CUR_PTR; +@@ -8993,8 +9006,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + start = in; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9007,8 +9019,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + if ((*in++ == 0x20) && (*in == 0x20)) break; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9041,16 +9052,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + last = last + delta; + } + end = ctxt->input->end; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); + } + } + } +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9063,8 +9072,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + col++; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9072,8 +9080,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + } + } + last = in; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9763,6 +9770,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + int s, sl; + int cur, l; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + /* Check 2.6.0 was NXT(0) not RAW */ + if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) { +@@ -9796,13 +9806,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED, +- "CData section too big found", NULL); +- xmlFree (buf); +- return; +- } + tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar)); + if (tmp == NULL) { + xmlFree(buf); +@@ -9829,6 +9832,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + } + NEXTL(l); + cur = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED, ++ "CData section too big found\n"); ++ xmlFree(buf); ++ return; ++ } + } + buf[len] = 0; + ctxt->instate = XML_PARSER_CONTENT; +-- +GitLab diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index dc62991739..39036f2688 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -34,6 +34,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://CVE-2022-29824.patch \ file://0001-Port-gentest.py-to-Python-3.patch \ file://CVE-2016-3709.patch \ + file://CVE-2022-40303.patch \ " SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" From patchwork Sat Nov 19 17:47:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15682 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F810C43217 for ; Sat, 19 Nov 2022 17:48:08 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.26302.1668880080260198294 for ; Sat, 19 Nov 2022 09:48:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=vii4f+jS; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 62so7621471pgb.13 for ; Sat, 19 Nov 2022 09:48:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=y0UAmTaUmhIMaeeKs4RtVCdsMwc+FzgLS6majGOAK8Q=; b=vii4f+jS2pSq99lxqrskfkPD2ssAKswyeDlr70rflKa2HoP4rynZwu+3Cv83OOI7Wy eyPdmQIPP4cBm+qkvmdcxwS5Lof9RDtGl2EEfeYXLqwXoOPd8qFjcdfiaG/3hAUj+WdS Dtr9RDpXpE9a0b2llVTmtM69Kw9bKDNFYn6+wgXYW+BOXStx3deCbiT3lNUALkI+5Jmf Q0QO4IW1XKeuI1v9y81bLMJLKjwlBnWYwsQNIhzS+OB2kdElX1bLORDVAReg6ExFjqqc I4pfBxIlC3ttnhBXDRFZNeff8PdgzjjSs1ctJMXZrn4F03IFiQdHwMs1p7YHWlfjQZvV I3Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y0UAmTaUmhIMaeeKs4RtVCdsMwc+FzgLS6majGOAK8Q=; b=x/YFCeaOpAdjVvIfYFR3jQouWd5VXp96C5jCyTdz4HgwpCBwhtzEiMModcc51sWzk7 38fHJKobeBfFthVBc2lVTCFeMb++W9PNWdc2tx11J2zxv42A+4bgqGSitoyUc/1lbiMu FXoo8nIWDXMl1ExAZGMY/tfzGGPO36UjP5mTwpJjrzZdqOWV5dTD1awRU8eCf3i7T8l/ wCralft5wsmlJ8BgRLN1HveVo3e/PRxVIi2elT5hBhH9334w28FrOB5PS2Xy8IXpKk49 WfcLOzB3mNraalaWZht0wH/1R88DyZD0F5+eM2EJelhfsNBzEDg/xJHmHGyoD17E7Gju DYBQ== X-Gm-Message-State: ANoB5pncziQb6mm4UfpwTkH+PbeL0XMc83abMmnhF4k5qDcZN6BKOZuR k1DFInY21jH3gW0W6t7lm8VvG+1jxcJAF183bNg= X-Google-Smtp-Source: AA0mqf4Q19l9Swap7vl4ky346m5IZRFYKyNapY4OsAdWe3C8p7SVWrckkQpePF+4jyYeXfDSRby0ZA== X-Received: by 2002:a63:1466:0:b0:476:cac7:16ad with SMTP id 38-20020a631466000000b00476cac716admr11336319pgu.128.1668880087074; Sat, 19 Nov 2022 09:48:07 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:06 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/21] libxml2: Fix CVE-2022-40304 Date: Sat, 19 Nov 2022 07:47:34 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173524 From: Bhabu Bindu Fix dict corruption caused by entity reference cycles Link: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b Upstream-Status: Pending Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2022-40304.patch | 104 ++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 + 2 files changed, 105 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch new file mode 100644 index 0000000000..c19726fe9f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch @@ -0,0 +1,104 @@ +From 1b41ec4e9433b05bb0376be4725804c54ef1d80b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 31 Aug 2022 22:11:25 +0200 +Subject: [PATCH] [CVE-2022-40304] Fix dict corruption caused by entity + reference cycles + +When an entity reference cycle is detected, the entity content is +cleared by setting its first byte to zero. But the entity content might +be allocated from a dict. In this case, the dict entry becomes corrupted +leading to all kinds of logic errors, including memory errors like +double-frees. + +Stop storing entity content, orig, ExternalID and SystemID in a dict. +These values are unlikely to occur multiple times in a document, so they +shouldn't have been stored in a dict in the first place. + +Thanks to Ned Williamson and Nathan Wachholz working with Google Project +Zero for the report! + +CVE: CVE-2022-40304 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b] +Signed-off-by: Bhabu Bindu +--- + entities.c | 55 ++++++++++++++++-------------------------------------- + 1 file changed, 16 insertions(+), 39 deletions(-) + +diff --git a/entities.c b/entities.c +index 84435515..d4e5412e 100644 +--- a/entities.c ++++ b/entities.c +@@ -128,36 +128,19 @@ xmlFreeEntity(xmlEntityPtr entity) + if ((entity->children) && (entity->owner == 1) && + (entity == (xmlEntityPtr) entity->children->parent)) + xmlFreeNodeList(entity->children); +- if (dict != NULL) { +- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name))) +- xmlFree((char *) entity->name); +- if ((entity->ExternalID != NULL) && +- (!xmlDictOwns(dict, entity->ExternalID))) +- xmlFree((char *) entity->ExternalID); +- if ((entity->SystemID != NULL) && +- (!xmlDictOwns(dict, entity->SystemID))) +- xmlFree((char *) entity->SystemID); +- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI))) +- xmlFree((char *) entity->URI); +- if ((entity->content != NULL) +- && (!xmlDictOwns(dict, entity->content))) +- xmlFree((char *) entity->content); +- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig))) +- xmlFree((char *) entity->orig); +- } else { +- if (entity->name != NULL) +- xmlFree((char *) entity->name); +- if (entity->ExternalID != NULL) +- xmlFree((char *) entity->ExternalID); +- if (entity->SystemID != NULL) +- xmlFree((char *) entity->SystemID); +- if (entity->URI != NULL) +- xmlFree((char *) entity->URI); +- if (entity->content != NULL) +- xmlFree((char *) entity->content); +- if (entity->orig != NULL) +- xmlFree((char *) entity->orig); +- } ++ if ((entity->name != NULL) && ++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name)))) ++ xmlFree((char *) entity->name); ++ if (entity->ExternalID != NULL) ++ xmlFree((char *) entity->ExternalID); ++ if (entity->SystemID != NULL) ++ xmlFree((char *) entity->SystemID); ++ if (entity->URI != NULL) ++ xmlFree((char *) entity->URI); ++ if (entity->content != NULL) ++ xmlFree((char *) entity->content); ++ if (entity->orig != NULL) ++ xmlFree((char *) entity->orig); + xmlFree(entity); + } + +@@ -193,18 +176,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type, + ret->SystemID = xmlStrdup(SystemID); + } else { + ret->name = xmlDictLookup(dict, name, -1); +- if (ExternalID != NULL) +- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1); +- if (SystemID != NULL) +- ret->SystemID = xmlDictLookup(dict, SystemID, -1); ++ ret->ExternalID = xmlStrdup(ExternalID); ++ ret->SystemID = xmlStrdup(SystemID); + } + if (content != NULL) { + ret->length = xmlStrlen(content); +- if ((dict != NULL) && (ret->length < 5)) +- ret->content = (xmlChar *) +- xmlDictLookup(dict, content, ret->length); +- else +- ret->content = xmlStrndup(content, ret->length); ++ ret->content = xmlStrndup(content, ret->length); + } else { + ret->length = 0; + ret->content = NULL; +-- +GitLab diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index 39036f2688..40e3434ead 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb @@ -35,6 +35,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://0001-Port-gentest.py-to-Python-3.patch \ file://CVE-2016-3709.patch \ file://CVE-2022-40303.patch \ + file://CVE-2022-40304.patch \ " SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" From patchwork Sat Nov 19 17:47:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3008BC43219 for ; Sat, 19 Nov 2022 17:48:18 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.26043.1668880090348337760 for ; Sat, 19 Nov 2022 09:48:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=29YBZbql; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id k15so7797951pfg.2 for ; Sat, 19 Nov 2022 09:48:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rCILu5G4oZ7MKaP7F7cLPGWvq2IL/Wp5Xy/OVKpJWvk=; b=29YBZbqljDgywCyLYdc0WGaSFnZb73DAaYsjZXI3OUVjfY9QVdw+ycgfyOn4mH7FN6 /fpoV/64hkxe70I4X8r93mV8l/5BGL09QmcMyAJCZCB74MoviIu5Smbis4wIf3lcN5yK u3p1j21Mmh5rER6NuVhS/cDeuQkVsBp219PrraeWAKpBWU9TilQTKh6EO7OqfE/YK8d6 FQeMI21psfUeFPrVMHXtX5TUtIdAcjOA6m5PpzUf2tun3YncHxU0vxrVnSRk/DYfH0Wg xk0wETIA+eG7TgXKWSWj4q/4ZiLwzGPUVNJfh6HOZsiS2q4DIZQ5Ufu6extoBW9YCdln +Zrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rCILu5G4oZ7MKaP7F7cLPGWvq2IL/Wp5Xy/OVKpJWvk=; b=E2t92MQ7daRK5h82IsiNjXEF56aMPrvUenShEcv4ijvkGOiB0FYpRu6WXyhz/fEh8O 1Qhq9FiW9f3OuZY4SeO8uXKFGtX6fwmHOrgHGRy2956OwWhih5eYXfJoCAu0zkFWuvw+ Gk4GNBEqEILCHvoSVhFsUkKdr9MkehHLBK4jGG7IdcCUU07HtDZ4d+rgC5RxlvDND4Q1 E7+eVEl82pM2K/V4+9cb4FzT4PMgZXW3dmT8FsLA5n1TDoMvI2PyJ+S4p42ztke5Cp+F 1n7WxB/vwbUpP7U2z6nLBktyOJi+wL61SHIFdwqjHImC01Q4PFDzWiDFAFG+IgW28zgb Y6VA== X-Gm-Message-State: ANoB5pk6j7JJeDpxuBrKeM+jiiTpA84d0RRDbzE8AP+X7TZ3xi2NL4KP 4B0K+gLvEJrlm5kTEuih69/lDWwF6CGgJH5vSbk= X-Google-Smtp-Source: AA0mqf65xq0EO1bvLT4hNDcvXIPxi6RcuHrLB8gqk/sEsKir796jIeR8cIGedANUwU3OstVKdiZ6AA== X-Received: by 2002:a05:6a00:2b4:b0:537:51d3:db1b with SMTP id q20-20020a056a0002b400b0053751d3db1bmr2902329pfs.42.1668880088968; Sat, 19 Nov 2022 09:48:08 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:08 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/21] golang: fix CVE-2021-33195 Date: Sat, 19 Nov 2022 07:47:35 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173525 From: Ralph Siemsen Upstream-Status: Backport [https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e] CVE: CVE-2021-33195 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2021-33195.patch | 373 ++++++++++++++++++ 2 files changed, 374 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33195.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index e8ff1c4ec9..3814bf0149 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -43,6 +43,7 @@ SRC_URI += "\ file://0004-CVE-2022-32190.patch \ file://CVE-2022-2880.patch \ file://CVE-2022-2879.patch \ + file://CVE-2021-33195.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33195.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-33195.patch new file mode 100644 index 0000000000..3d9de888ff --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33195.patch @@ -0,0 +1,373 @@ +From 9324d7e53151e9dfa4b25af994a28c2e0b11f729 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Thu, 27 May 2021 10:40:06 -0700 +Subject: [PATCH] net: verify results from Lookup* are valid domain names + +Upstream-Status: Backport [https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e] +CVE: CVE-2021-33195 +Signed-off-by: Ralph Siemsen + + +For the methods LookupCNAME, LookupSRV, LookupMX, LookupNS, and +LookupAddr check that the returned domain names are in fact valid DNS +names using the existing isDomainName function. + +Thanks to Philipp Jeitner and Haya Shulman from Fraunhofer SIT for +reporting this issue. + +Updates #46241 +Fixes #46356 +Fixes CVE-2021-33195 + +Change-Id: I47a4f58c031cb752f732e88bbdae7f819f0af4f3 +Reviewed-on: https://go-review.googlesource.com/c/go/+/323131 +Trust: Roland Shoemaker +Run-TryBot: Roland Shoemaker +TryBot-Result: Go Bot +Reviewed-by: Filippo Valsorda +Reviewed-by: Katie Hockman +(cherry picked from commit cdcd02842da7c004efd023881e3719105209c908) +Reviewed-on: https://go-review.googlesource.com/c/go/+/323269 +--- + src/net/dnsclient_unix_test.go | 157 +++++++++++++++++++++++++++++++++ + src/net/lookup.go | 111 ++++++++++++++++++++--- + 2 files changed, 255 insertions(+), 13 deletions(-) + +diff --git a/src/net/dnsclient_unix_test.go b/src/net/dnsclient_unix_test.go +index 2ad40df..b8617d9 100644 +--- a/src/net/dnsclient_unix_test.go ++++ b/src/net/dnsclient_unix_test.go +@@ -1800,3 +1800,160 @@ func TestPTRandNonPTR(t *testing.T) { + t.Errorf("names = %q; want %q", names, want) + } + } ++ ++func TestCVE202133195(t *testing.T) { ++ fake := fakeDNSServer{ ++ rh: func(n, _ string, q dnsmessage.Message, _ time.Time) (dnsmessage.Message, error) { ++ r := dnsmessage.Message{ ++ Header: dnsmessage.Header{ ++ ID: q.Header.ID, ++ Response: true, ++ RCode: dnsmessage.RCodeSuccess, ++ RecursionAvailable: true, ++ }, ++ Questions: q.Questions, ++ } ++ switch q.Questions[0].Type { ++ case dnsmessage.TypeCNAME: ++ r.Answers = []dnsmessage.Resource{} ++ case dnsmessage.TypeA: // CNAME lookup uses a A/AAAA as a proxy ++ r.Answers = append(r.Answers, ++ dnsmessage.Resource{ ++ Header: dnsmessage.ResourceHeader{ ++ Name: dnsmessage.MustNewName(".golang.org."), ++ Type: dnsmessage.TypeA, ++ Class: dnsmessage.ClassINET, ++ Length: 4, ++ }, ++ Body: &dnsmessage.AResource{ ++ A: TestAddr, ++ }, ++ }, ++ ) ++ case dnsmessage.TypeSRV: ++ n := q.Questions[0].Name ++ if n.String() == "_hdr._tcp.golang.org." { ++ n = dnsmessage.MustNewName(".golang.org.") ++ } ++ r.Answers = append(r.Answers, ++ dnsmessage.Resource{ ++ Header: dnsmessage.ResourceHeader{ ++ Name: n, ++ Type: dnsmessage.TypeSRV, ++ Class: dnsmessage.ClassINET, ++ Length: 4, ++ }, ++ Body: &dnsmessage.SRVResource{ ++ Target: dnsmessage.MustNewName(".golang.org."), ++ }, ++ }, ++ ) ++ case dnsmessage.TypeMX: ++ r.Answers = append(r.Answers, ++ dnsmessage.Resource{ ++ Header: dnsmessage.ResourceHeader{ ++ Name: dnsmessage.MustNewName(".golang.org."), ++ Type: dnsmessage.TypeMX, ++ Class: dnsmessage.ClassINET, ++ Length: 4, ++ }, ++ Body: &dnsmessage.MXResource{ ++ MX: dnsmessage.MustNewName(".golang.org."), ++ }, ++ }, ++ ) ++ case dnsmessage.TypeNS: ++ r.Answers = append(r.Answers, ++ dnsmessage.Resource{ ++ Header: dnsmessage.ResourceHeader{ ++ Name: dnsmessage.MustNewName(".golang.org."), ++ Type: dnsmessage.TypeNS, ++ Class: dnsmessage.ClassINET, ++ Length: 4, ++ }, ++ Body: &dnsmessage.NSResource{ ++ NS: dnsmessage.MustNewName(".golang.org."), ++ }, ++ }, ++ ) ++ case dnsmessage.TypePTR: ++ r.Answers = append(r.Answers, ++ dnsmessage.Resource{ ++ Header: dnsmessage.ResourceHeader{ ++ Name: dnsmessage.MustNewName(".golang.org."), ++ Type: dnsmessage.TypePTR, ++ Class: dnsmessage.ClassINET, ++ Length: 4, ++ }, ++ Body: &dnsmessage.PTRResource{ ++ PTR: dnsmessage.MustNewName(".golang.org."), ++ }, ++ }, ++ ) ++ } ++ return r, nil ++ }, ++ } ++ ++ r := Resolver{PreferGo: true, Dial: fake.DialContext} ++ // Change the default resolver to match our manipulated resolver ++ originalDefault := DefaultResolver ++ DefaultResolver = &r ++ defer func() { ++ DefaultResolver = originalDefault ++ }() ++ ++ _, err := r.LookupCNAME(context.Background(), "golang.org") ++ if expected := "lookup golang.org: CNAME target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("Resolver.LookupCNAME returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ _, err = LookupCNAME("golang.org") ++ if expected := "lookup golang.org: CNAME target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("LookupCNAME returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ ++ _, _, err = r.LookupSRV(context.Background(), "target", "tcp", "golang.org") ++ if expected := "lookup golang.org: SRV target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("Resolver.LookupSRV returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ _, _, err = LookupSRV("target", "tcp", "golang.org") ++ if expected := "lookup golang.org: SRV target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("LookupSRV returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ ++ _, _, err = r.LookupSRV(context.Background(), "hdr", "tcp", "golang.org") ++ if expected := "lookup golang.org: SRV header name is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("Resolver.LookupSRV returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ _, _, err = LookupSRV("hdr", "tcp", "golang.org") ++ if expected := "lookup golang.org: SRV header name is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("LookupSRV returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ ++ _, err = r.LookupMX(context.Background(), "golang.org") ++ if expected := "lookup golang.org: MX target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("Resolver.LookupMX returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ _, err = LookupMX("golang.org") ++ if expected := "lookup golang.org: MX target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("LookupMX returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ ++ _, err = r.LookupNS(context.Background(), "golang.org") ++ if expected := "lookup golang.org: NS target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("Resolver.LookupNS returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ _, err = LookupNS("golang.org") ++ if expected := "lookup golang.org: NS target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("LookupNS returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ ++ _, err = r.LookupAddr(context.Background(), "1.2.3.4") ++ if expected := "lookup 1.2.3.4: PTR target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("Resolver.LookupAddr returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++ _, err = LookupAddr("1.2.3.4") ++ if expected := "lookup 1.2.3.4: PTR target is invalid"; err == nil || err.Error() != expected { ++ t.Errorf("LookupAddr returned unexpected error, got %q, want %q", err.Error(), expected) ++ } ++} +diff --git a/src/net/lookup.go b/src/net/lookup.go +index 9cebd10..05e88e4 100644 +--- a/src/net/lookup.go ++++ b/src/net/lookup.go +@@ -364,8 +364,11 @@ func (r *Resolver) LookupPort(ctx context.Context, network, service string) (por + // LookupCNAME does not return an error if host does not + // contain DNS "CNAME" records, as long as host resolves to + // address records. ++// ++// The returned canonical name is validated to be a properly ++// formatted presentation-format domain name. + func LookupCNAME(host string) (cname string, err error) { +- return DefaultResolver.lookupCNAME(context.Background(), host) ++ return DefaultResolver.LookupCNAME(context.Background(), host) + } + + // LookupCNAME returns the canonical name for the given host. +@@ -378,8 +381,18 @@ func LookupCNAME(host string) (cname string, err error) { + // LookupCNAME does not return an error if host does not + // contain DNS "CNAME" records, as long as host resolves to + // address records. +-func (r *Resolver) LookupCNAME(ctx context.Context, host string) (cname string, err error) { +- return r.lookupCNAME(ctx, host) ++// ++// The returned canonical name is validated to be a properly ++// formatted presentation-format domain name. ++func (r *Resolver) LookupCNAME(ctx context.Context, host string) (string, error) { ++ cname, err := r.lookupCNAME(ctx, host) ++ if err != nil { ++ return "", err ++ } ++ if !isDomainName(cname) { ++ return "", &DNSError{Err: "CNAME target is invalid", Name: host} ++ } ++ return cname, nil + } + + // LookupSRV tries to resolve an SRV query of the given service, +@@ -391,8 +404,11 @@ func (r *Resolver) LookupCNAME(ctx context.Context, host string) (cname string, + // That is, it looks up _service._proto.name. To accommodate services + // publishing SRV records under non-standard names, if both service + // and proto are empty strings, LookupSRV looks up name directly. ++// ++// The returned service names are validated to be properly ++// formatted presentation-format domain names. + func LookupSRV(service, proto, name string) (cname string, addrs []*SRV, err error) { +- return DefaultResolver.lookupSRV(context.Background(), service, proto, name) ++ return DefaultResolver.LookupSRV(context.Background(), service, proto, name) + } + + // LookupSRV tries to resolve an SRV query of the given service, +@@ -404,28 +420,82 @@ func LookupSRV(service, proto, name string) (cname string, addrs []*SRV, err err + // That is, it looks up _service._proto.name. To accommodate services + // publishing SRV records under non-standard names, if both service + // and proto are empty strings, LookupSRV looks up name directly. +-func (r *Resolver) LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*SRV, err error) { +- return r.lookupSRV(ctx, service, proto, name) ++// ++// The returned service names are validated to be properly ++// formatted presentation-format domain names. ++func (r *Resolver) LookupSRV(ctx context.Context, service, proto, name string) (string, []*SRV, error) { ++ cname, addrs, err := r.lookupSRV(ctx, service, proto, name) ++ if err != nil { ++ return "", nil, err ++ } ++ if cname != "" && !isDomainName(cname) { ++ return "", nil, &DNSError{Err: "SRV header name is invalid", Name: name} ++ } ++ for _, addr := range addrs { ++ if addr == nil { ++ continue ++ } ++ if !isDomainName(addr.Target) { ++ return "", nil, &DNSError{Err: "SRV target is invalid", Name: name} ++ } ++ } ++ return cname, addrs, nil + } + + // LookupMX returns the DNS MX records for the given domain name sorted by preference. ++// ++// The returned mail server names are validated to be properly ++// formatted presentation-format domain names. + func LookupMX(name string) ([]*MX, error) { +- return DefaultResolver.lookupMX(context.Background(), name) ++ return DefaultResolver.LookupMX(context.Background(), name) + } + + // LookupMX returns the DNS MX records for the given domain name sorted by preference. ++// ++// The returned mail server names are validated to be properly ++// formatted presentation-format domain names. + func (r *Resolver) LookupMX(ctx context.Context, name string) ([]*MX, error) { +- return r.lookupMX(ctx, name) ++ records, err := r.lookupMX(ctx, name) ++ if err != nil { ++ return nil, err ++ } ++ for _, mx := range records { ++ if mx == nil { ++ continue ++ } ++ if !isDomainName(mx.Host) { ++ return nil, &DNSError{Err: "MX target is invalid", Name: name} ++ } ++ } ++ return records, nil + } + + // LookupNS returns the DNS NS records for the given domain name. ++// ++// The returned name server names are validated to be properly ++// formatted presentation-format domain names. + func LookupNS(name string) ([]*NS, error) { +- return DefaultResolver.lookupNS(context.Background(), name) ++ return DefaultResolver.LookupNS(context.Background(), name) + } + + // LookupNS returns the DNS NS records for the given domain name. ++// ++// The returned name server names are validated to be properly ++// formatted presentation-format domain names. + func (r *Resolver) LookupNS(ctx context.Context, name string) ([]*NS, error) { +- return r.lookupNS(ctx, name) ++ records, err := r.lookupNS(ctx, name) ++ if err != nil { ++ return nil, err ++ } ++ for _, ns := range records { ++ if ns == nil { ++ continue ++ } ++ if !isDomainName(ns.Host) { ++ return nil, &DNSError{Err: "NS target is invalid", Name: name} ++ } ++ } ++ return records, nil + } + + // LookupTXT returns the DNS TXT records for the given domain name. +@@ -441,14 +511,29 @@ func (r *Resolver) LookupTXT(ctx context.Context, name string) ([]string, error) + // LookupAddr performs a reverse lookup for the given address, returning a list + // of names mapping to that address. + // ++// The returned names are validated to be properly formatted presentation-format ++// domain names. ++// + // When using the host C library resolver, at most one result will be + // returned. To bypass the host resolver, use a custom Resolver. + func LookupAddr(addr string) (names []string, err error) { +- return DefaultResolver.lookupAddr(context.Background(), addr) ++ return DefaultResolver.LookupAddr(context.Background(), addr) + } + + // LookupAddr performs a reverse lookup for the given address, returning a list + // of names mapping to that address. +-func (r *Resolver) LookupAddr(ctx context.Context, addr string) (names []string, err error) { +- return r.lookupAddr(ctx, addr) ++// ++// The returned names are validated to be properly formatted presentation-format ++// domain names. ++func (r *Resolver) LookupAddr(ctx context.Context, addr string) ([]string, error) { ++ names, err := r.lookupAddr(ctx, addr) ++ if err != nil { ++ return nil, err ++ } ++ for _, name := range names { ++ if !isDomainName(name) { ++ return nil, &DNSError{Err: "PTR target is invalid", Name: addr} ++ } ++ } ++ return names, nil + } From patchwork Sat Nov 19 17:47:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15690 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3551DC433FE for ; Sat, 19 Nov 2022 17:48:18 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.26311.1668880092056527129 for ; Sat, 19 Nov 2022 09:48:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ummq0Rr0; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id h14so7117738pjv.4 for ; Sat, 19 Nov 2022 09:48:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tyynZzsfxaVMp3tdSN975KqybX6GL2w2MRW7IN7MSDs=; b=ummq0Rr0b2T/QJsD9VgmJKTVM93nTnOiUMFE1sS1pFP08+/TYEyWfaVaX/17Hj+W8Q Dxam6KB4Iydv4/4St/bx+YX6YR3FokT+aOLqtv+4xCOOoOeJOxYtZzMFnI4mfNrZLQUB 0NQ/uKkjfKfFQvnli6YbNWvonqtXM4VxX75wZX5ESDYG5KXwueuCyiK2k9ZJGvaIWWg2 O7fPJu4lwEM0w5ehqpRKByzzGZv1/dIxtCZVbpnXq91IjmA7wNmTwgRZc0Zwf1AYdJB3 MGW/0/OjpyoMTGy1sV+5EDfq7ixSeLCUQCubbPAmpMoxzXiClumlMXN/0OCszWAjFcUC MfmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tyynZzsfxaVMp3tdSN975KqybX6GL2w2MRW7IN7MSDs=; b=T0KPxHNVn9w1y2a6ZX6MhnGWpMROdcBbRJAnLuTTYD1GB5SwGv9PI0vQkURebkJxsm kGDoGjheHdP7FnYY8+CgJ5Ok8MkOYfFDoJ5wZ4pPugC1heMWYuflW566ZeceoQG9yYSU RlonpfB4KKFG21ecI1+IcFenchwohL9Uy2ZDID10pPOcqlMtNXMwYA4n9vpGn/6zyqnt chUzg6gNTZsMdj5kmETJgXjR7/4xRo7Mc1EoyfwId6FBgoaUA+ChxxGKWdTQdTf+kAn0 zPePgDBirJNTRFgozIs1c9OGHlPG/ltNA9yp+CVuIoT5xoHZ4B4P2ug/rHF9GxjEua9e ExEg== X-Gm-Message-State: ANoB5pnwAso1nmbpbx7lcLpYvZTqugkY3WUvjItyZAWrv2BmrBSMCkWo qrQtgBmyIXCYeFFfc2IcaCerVrYiUtBSxCBZV8o= X-Google-Smtp-Source: AA0mqf6DDF4W1617YFfo9fIzcSTrvkQy1YuyV+6ImRHLrsjHNuAJHGZWHEdZJWpE0PL9ZNmHXxI0Og== X-Received: by 2002:a17:90a:d805:b0:213:a95:88bd with SMTP id a5-20020a17090ad80500b002130a9588bdmr18963488pjv.98.1668880091038; Sat, 19 Nov 2022 09:48:11 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:10 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/21] golang: fix CVE-2021-33198 Date: Sat, 19 Nov 2022 07:47:36 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173526 From: Ralph Siemsen Upstream-Status: Backport [https://github.com/golang/go/commit/df9ce19db6df32d94eae8760927bdfbc595433c3] CVE: CVE-2021-33198 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2021-33198.patch | 113 ++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 3814bf0149..ae2c4746f4 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -44,6 +44,7 @@ SRC_URI += "\ file://CVE-2022-2880.patch \ file://CVE-2022-2879.patch \ file://CVE-2021-33195.patch \ + file://CVE-2021-33198.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch new file mode 100644 index 0000000000..241c08dad7 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33198.patch @@ -0,0 +1,113 @@ +From c8866491ac424cdf39aedb325e6dec9e54418cfb Mon Sep 17 00:00:00 2001 +From: Robert Griesemer +Date: Sun, 2 May 2021 11:27:03 -0700 +Subject: [PATCH] math/big: check for excessive exponents in Rat.SetString + +CVE-2021-33198 + +Upstream-Status: Backport [https://github.com/golang/go/commit/df9ce19db6df32d94eae8760927bdfbc595433c3] +CVE: CVE-2021-33198 +Signed-off-by: Ralph Siemsen + + +Found by OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33284 + +Thanks to Emmanuel Odeke for reporting this issue. + +Updates #45910 +Fixes #46305 +Fixes CVE-2021-33198 + +Change-Id: I61e7b04dbd80343420b57eede439e361c0f7b79c +Reviewed-on: https://go-review.googlesource.com/c/go/+/316149 +Trust: Robert Griesemer +Trust: Katie Hockman +Run-TryBot: Robert Griesemer +TryBot-Result: Go Bot +Reviewed-by: Katie Hockman +Reviewed-by: Emmanuel Odeke +(cherry picked from commit 6c591f79b0b5327549bd4e94970f7a279efb4ab0) +Reviewed-on: https://go-review.googlesource.com/c/go/+/321831 +Run-TryBot: Katie Hockman +Reviewed-by: Roland Shoemaker +--- + src/math/big/ratconv.go | 15 ++++++++------- + src/math/big/ratconv_test.go | 25 +++++++++++++++++++++++++ + 2 files changed, 33 insertions(+), 7 deletions(-) + +diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go +index e8cbdbe..90053a9 100644 +--- a/src/math/big/ratconv.go ++++ b/src/math/big/ratconv.go +@@ -51,7 +51,8 @@ func (z *Rat) Scan(s fmt.ScanState, ch rune) error { + // An optional base-10 ``e'' or base-2 ``p'' (or their upper-case variants) + // exponent may be provided as well, except for hexadecimal floats which + // only accept an (optional) ``p'' exponent (because an ``e'' or ``E'' cannot +-// be distinguished from a mantissa digit). ++// be distinguished from a mantissa digit). If the exponent's absolute value ++// is too large, the operation may fail. + // The entire string, not just a prefix, must be valid for success. If the + // operation failed, the value of z is undefined but the returned value is nil. + func (z *Rat) SetString(s string) (*Rat, bool) { +@@ -174,6 +175,9 @@ func (z *Rat) SetString(s string) (*Rat, bool) { + return nil, false + } + } ++ if n > 1e6 { ++ return nil, false // avoid excessively large exponents ++ } + pow5 := z.b.abs.expNN(natFive, nat(nil).setWord(Word(n)), nil) // use underlying array of z.b.abs + if exp5 > 0 { + z.a.abs = z.a.abs.mul(z.a.abs, pow5) +@@ -186,15 +190,12 @@ func (z *Rat) SetString(s string) (*Rat, bool) { + } + + // apply exp2 contributions ++ if exp2 < -1e7 || exp2 > 1e7 { ++ return nil, false // avoid excessively large exponents ++ } + if exp2 > 0 { +- if int64(uint(exp2)) != exp2 { +- panic("exponent too large") +- } + z.a.abs = z.a.abs.shl(z.a.abs, uint(exp2)) + } else if exp2 < 0 { +- if int64(uint(-exp2)) != -exp2 { +- panic("exponent too large") +- } + z.b.abs = z.b.abs.shl(z.b.abs, uint(-exp2)) + } + +diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go +index b820df4..e55e655 100644 +--- a/src/math/big/ratconv_test.go ++++ b/src/math/big/ratconv_test.go +@@ -590,3 +590,28 @@ func TestIssue31184(t *testing.T) { + } + } + } ++ ++func TestIssue45910(t *testing.T) { ++ var x Rat ++ for _, test := range []struct { ++ input string ++ want bool ++ }{ ++ {"1e-1000001", false}, ++ {"1e-1000000", true}, ++ {"1e+1000000", true}, ++ {"1e+1000001", false}, ++ ++ {"0p1000000000000", true}, ++ {"1p-10000001", false}, ++ {"1p-10000000", true}, ++ {"1p+10000000", true}, ++ {"1p+10000001", false}, ++ {"1.770p02041010010011001001", false}, // test case from issue ++ } { ++ _, got := x.SetString(test.input) ++ if got != test.want { ++ t.Errorf("SetString(%s) got ok = %v; want %v", test.input, got, test.want) ++ } ++ } ++} From patchwork Sat Nov 19 17:47:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15692 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35553C4167B for ; Sat, 19 Nov 2022 17:48:18 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web11.26045.1668880093860375860 for ; Sat, 19 Nov 2022 09:48:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Vmx1qhIZ; spf=softfail (domain: sakoman.com, ip: 209.85.216.41, mailfrom: steve@sakoman.com) Received: by mail-pj1-f41.google.com with SMTP id e7-20020a17090a77c700b00216928a3917so10967918pjs.4 for ; Sat, 19 Nov 2022 09:48:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=N5H81qHlpR+SEZl+598nIoGHVm4h6wLbCvol3yVrGWM=; b=Vmx1qhIZMg46x9XlDEeFJmaKipTl8Enjq9xVIEWQW2xOjEV4wfgKR4lud5tMdG6IBP NyBiCCBaxoEHlOgyYTEJqQTZpg6+OUL8bk4ox8nHnqDieWOA+lSyLwnb1oYk/wvayZ1T 6y60yDI3Bts1Vm8rUHEhqCKbT/3NVBooXwqIXoApIe5RwKmSr2ipT3FVDBalL4OelMop tIVZ+Be6xWQPIX9jJQATGYc89p5gxan1f+1kWs6JQgJ0OXfnuj4dWBDvGBj3rhGXzgQX 65TGFpNLD8uOtIllEt6KwHzY8vLrweFNpCDbEaLIiwNFKhLahZe1gcss0wIF9Z6321l8 J3kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N5H81qHlpR+SEZl+598nIoGHVm4h6wLbCvol3yVrGWM=; b=DjwLB9kZRsdPL0acstxC5fQdX2MDu/NN9y3Z4Lk/D8x8gMDsFFgM9oOV9tiXR4YJWn qFmSBZ8NwYqT+fxvdnmiQ/CHYqS/I8bMlOTld9hsOLrkxXC6VQh2qJH32D8gidZVtPtB LaArgHpPVvZdNGEmHE2lJSsEsyT2Pbr9kyDjdBq6F6ughy8qeGj2CoQ6JQvGLQuaepZr sD+F4N8ENe/L0JqjHJlLnSAsTA1KOODBnFQYbWBg78NCMIJEFCNvMRs0yIXBbt9yv20L 9xHjE9mrxUyTixk5eZDffHxt9ZUebR6iwFSnHHCOSDOGY28CvJ//RkuVAS/Qf9SYYfjl kPpw== X-Gm-Message-State: ANoB5pnX5eGSMHVq7/ckQt365lcdT7V00fVT36fJPhDvsMzDbU1pp+OH tQJMjLMUYUDqUbxXdUnnvWCh4T/1lDSrw57cXUE= X-Google-Smtp-Source: AA0mqf7Cs9JBU/qrz32RonT7jxdBrpKq3vP+RpdiVsKmbidMzx1UqKxPl2ZrlKcvDYbQqu9/bSnx8g== X-Received: by 2002:a17:902:a503:b0:188:6baf:2011 with SMTP id s3-20020a170902a50300b001886baf2011mr1250051plq.165.1668880092843; Sat, 19 Nov 2022 09:48:12 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/21] golang: fix CVE-2021-44716 Date: Sat, 19 Nov 2022 07:47:37 -1000 Message-Id: <154e1857b8800e3b01c42c3f2313c985e2867f96.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173527 From: Ralph Siemsen Upstream-Status: Backport [https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a] CVE: CVE-2021-44716 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2021-44716.patch | 93 +++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index ae2c4746f4..73b981db2b 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -45,6 +45,7 @@ SRC_URI += "\ file://CVE-2022-2879.patch \ file://CVE-2021-33195.patch \ file://CVE-2021-33198.patch \ + file://CVE-2021-44716.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch new file mode 100644 index 0000000000..9c4fee2db4 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch @@ -0,0 +1,93 @@ +From 9f1860075990e7bf908ca7cc329d1d3ef91741c8 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Thu, 9 Dec 2021 06:13:31 -0500 +Subject: [PATCH] net/http: update bundled golang.org/x/net/http2 + +Upstream-Status: Backport [https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a] +CVE: CVE-2021-44716 +Signed-off-by: Ralph Siemsen + + +Pull in security fix + + a5309b3 http2: cap the size of the server's canonical header cache + +Updates #50058 +Fixes CVE-2021-44716 + +Change-Id: Ifdd13f97fce168de5fb4b2e74ef2060d059800b9 +Reviewed-on: https://go-review.googlesource.com/c/go/+/370575 +Trust: Filippo Valsorda +Run-TryBot: Filippo Valsorda +Reviewed-by: Alex Rakoczy +TryBot-Result: Gopher Robot +(cherry picked from commit d0aebe3e74fe14799f97ddd3f01129697c6a290a) +--- + src/go.mod | 2 +- + src/go.sum | 4 ++-- + src/net/http/h2_bundle.go | 10 +++++++++- + src/vendor/modules.txt | 2 +- + 4 files changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/go.mod b/src/go.mod +index ec6bd98..56f2fbb 100644 +--- a/src/go.mod ++++ b/src/go.mod +@@ -4,7 +4,7 @@ go 1.14 + + require ( + golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d +- golang.org/x/net v0.0.0-20210129194117-4acb7895a057 ++ golang.org/x/net v0.0.0-20211209100217-a5309b321dca + golang.org/x/sys v0.0.0-20200201011859-915c9c3d4ccf // indirect + golang.org/x/text v0.3.3-0.20191031172631-4b67af870c6f // indirect + ) +diff --git a/src/go.sum b/src/go.sum +index 171e083..1ceba05 100644 +--- a/src/go.sum ++++ b/src/go.sum +@@ -2,8 +2,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk + golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d h1:9FCpayM9Egr1baVnV1SX0H87m+XB0B8S0hAMi99X/3U= + golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= + golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +-golang.org/x/net v0.0.0-20210129194117-4acb7895a057 h1:HThQeV5c0Ab/Puir+q6mC97b7+3dfZdsLWMLoBrzo68= +-golang.org/x/net v0.0.0-20210129194117-4acb7895a057/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= ++golang.org/x/net v0.0.0-20211209100217-a5309b321dca h1:UmeWAm8AwB6NA/e4FSaGlK1EKTLXKX3utx4Si+6kfPg= ++golang.org/x/net v0.0.0-20211209100217-a5309b321dca/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= + golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20200201011859-915c9c3d4ccf h1:+4j7oujXP478CVb/AFvHJmVX5+Pczx2NGts5yirA0oY= +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index 702fd5a..83f2a72 100644 +--- a/src/net/http/h2_bundle.go ++++ b/src/net/http/h2_bundle.go +@@ -4293,7 +4293,15 @@ func (sc *http2serverConn) canonicalHeader(v string) string { + sc.canonHeader = make(map[string]string) + } + cv = CanonicalHeaderKey(v) +- sc.canonHeader[v] = cv ++ // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of ++ // entries in the canonHeader cache. This should be larger than the number ++ // of unique, uncommon header keys likely to be sent by the peer, while not ++ // so high as to permit unreaasonable memory usage if the peer sends an unbounded ++ // number of unique header keys. ++ const maxCachedCanonicalHeaders = 32 ++ if len(sc.canonHeader) < maxCachedCanonicalHeaders { ++ sc.canonHeader[v] = cv ++ } + return cv + } + +diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt +index 669bd9b..1d67183 100644 +--- a/src/vendor/modules.txt ++++ b/src/vendor/modules.txt +@@ -8,7 +8,7 @@ golang.org/x/crypto/curve25519 + golang.org/x/crypto/hkdf + golang.org/x/crypto/internal/subtle + golang.org/x/crypto/poly1305 +-# golang.org/x/net v0.0.0-20210129194117-4acb7895a057 ++# golang.org/x/net v0.0.0-20211209100217-a5309b321dca + ## explicit + golang.org/x/net/dns/dnsmessage + golang.org/x/net/http/httpguts From patchwork Sat Nov 19 17:47:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15688 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B614C4332F for ; Sat, 19 Nov 2022 17:48:18 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.26047.1668880095767739425 for ; Sat, 19 Nov 2022 09:48:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=zeOGdgkO; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id g10so7178272plo.11 for ; Sat, 19 Nov 2022 09:48:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Lb+Vt/Oo6cyW5vMpaUrPJRzS8ADY7RVukKsPMH9NMb0=; b=zeOGdgkOx4nvo7QjG3ahuCYm8jEHM4iWMO6RHTZ++AhNjjeFdhjeB44P/u4ZO88zgb Q0kPeIREFQvt++Xh08iFhheRU2paljhWwfTY6HsnjlbhQ6kRjiBMAYT3e+Lg1fCWCa9A 4Gio1E/4iS9s/uqTwR4rrkqJI+IFsNXYnV2oSeIAB/SXmZT1UZicjOO83hKDIV3y/oti yNrgMu+de2tr/4OAIcm6bsDeuevTLYyKytQ4ML3wSs4H5hmuw04q4jCh9PD6wq95qzMa +2aV5rYqPaiZazOFj+C3HwiLc8caZeYifChuOfVUqoDYHOLzBiPHoqX7pt9cQsNlhyk0 6Puw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Lb+Vt/Oo6cyW5vMpaUrPJRzS8ADY7RVukKsPMH9NMb0=; b=hNZmWspiSGPXJSOxJZQb2u3VDe46MOn/yRqd7yg0OZllMXEkrTs3riUbSdFKmAeus6 VgkOPfz9tGR+mrFIjAlg1nH3aWdUkxxd0nnQv2XfQunB1Es10sR3XFvbGi0WEab0a0Mu GGxXgD7r12wMSgL5lk1RSTXXZbSRoQ4R6El4JvBw6c2+CC8+rGEO/V+8CkUt79HNbCcs P1T6fB7c/N/sa3LbU8d6yXBCQ/WxMj6aRUuoSxk2vdg2hY0MN1PkbSo4xt4mxnEbZjMl voCD5OqgQH1Vsew8cOsMrlrhH75D0IBtt9BmKRVx9EYfkpBtAXNeaCqXfqRWp7EayjcM 6RDg== X-Gm-Message-State: ANoB5pn6D4f2SF26gPPofMJrPj3F1Ce/U7hC8PZPIffhTVyfVQMORTZ3 n8uTxvdjLRNLnNTpBXvlhG1Ruf0MPny/4mgPUwo= X-Google-Smtp-Source: AA0mqf4TuOsRNnWlP2meAcDl6lALDKEAAAQ1i9tpYozOSLxj3AqbWyY/7ATadcHQfu7yP8OPRdqq0A== X-Received: by 2002:a17:90a:458a:b0:214:166e:e202 with SMTP id v10-20020a17090a458a00b00214166ee202mr13360191pjg.165.1668880094674; Sat, 19 Nov 2022 09:48:14 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:14 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/21] golang: fix CVE-2022-24291 Date: Sat, 19 Nov 2022 07:47:38 -1000 Message-Id: <25e1b1177fd0290e8b0f227ad5d609d3c9908617.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173528 From: Ralph Siemsen Upstream-Status: Backport [https://github.com/golang/go/commit/2b65cde5868d8245ef8a0b8eba1e361440252d3b] CVE: CVE-2022-24921 Signed-off-by: Ralph Siemsen --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-24921.patch | 198 ++++++++++++++++++ 2 files changed, 199 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-24921.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 73b981db2b..08eefdcb5c 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -46,6 +46,7 @@ SRC_URI += "\ file://CVE-2021-33195.patch \ file://CVE-2021-33198.patch \ file://CVE-2021-44716.patch \ + file://CVE-2022-24921.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-24921.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-24921.patch new file mode 100644 index 0000000000..e4270d8a75 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-24921.patch @@ -0,0 +1,198 @@ +From ba99f699d26483ea1045f47c760e9be30799e311 Mon Sep 17 00:00:00 2001 +From: Russ Cox +Date: Wed, 2 Feb 2022 16:41:32 -0500 +Subject: [PATCH] regexp/syntax: reject very deeply nested regexps in Parse +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream-Status: Backport [https://github.com/golang/go/commit/2b65cde5868d8245ef8a0b8eba1e361440252d3b] +CVE: CVE-2022-24921 +Signed-off-by: Ralph Siemsen +Run-TryBot: Russ Cox +Reviewed-by: Ian Lance Taylor +Reviewed-on: https://go-review.googlesource.com/c/go/+/384855 +--- + src/regexp/syntax/parse.go | 72 ++++++++++++++++++++++++++++++++- + src/regexp/syntax/parse_test.go | 7 ++++ + 2 files changed, 77 insertions(+), 2 deletions(-) + +diff --git a/src/regexp/syntax/parse.go b/src/regexp/syntax/parse.go +index 8c6d43a..55bd20d 100644 +--- a/src/regexp/syntax/parse.go ++++ b/src/regexp/syntax/parse.go +@@ -76,13 +76,29 @@ const ( + opVerticalBar + ) + ++// maxHeight is the maximum height of a regexp parse tree. ++// It is somewhat arbitrarily chosen, but the idea is to be large enough ++// that no one will actually hit in real use but at the same time small enough ++// that recursion on the Regexp tree will not hit the 1GB Go stack limit. ++// The maximum amount of stack for a single recursive frame is probably ++// closer to 1kB, so this could potentially be raised, but it seems unlikely ++// that people have regexps nested even this deeply. ++// We ran a test on Google's C++ code base and turned up only ++// a single use case with depth > 100; it had depth 128. ++// Using depth 1000 should be plenty of margin. ++// As an optimization, we don't even bother calculating heights ++// until we've allocated at least maxHeight Regexp structures. ++const maxHeight = 1000 ++ + type parser struct { + flags Flags // parse mode flags + stack []*Regexp // stack of parsed expressions + free *Regexp + numCap int // number of capturing groups seen + wholeRegexp string +- tmpClass []rune // temporary char class work space ++ tmpClass []rune // temporary char class work space ++ numRegexp int // number of regexps allocated ++ height map[*Regexp]int // regexp height for height limit check + } + + func (p *parser) newRegexp(op Op) *Regexp { +@@ -92,16 +108,52 @@ func (p *parser) newRegexp(op Op) *Regexp { + *re = Regexp{} + } else { + re = new(Regexp) ++ p.numRegexp++ + } + re.Op = op + return re + } + + func (p *parser) reuse(re *Regexp) { ++ if p.height != nil { ++ delete(p.height, re) ++ } + re.Sub0[0] = p.free + p.free = re + } + ++func (p *parser) checkHeight(re *Regexp) { ++ if p.numRegexp < maxHeight { ++ return ++ } ++ if p.height == nil { ++ p.height = make(map[*Regexp]int) ++ for _, re := range p.stack { ++ p.checkHeight(re) ++ } ++ } ++ if p.calcHeight(re, true) > maxHeight { ++ panic(ErrInternalError) ++ } ++} ++ ++func (p *parser) calcHeight(re *Regexp, force bool) int { ++ if !force { ++ if h, ok := p.height[re]; ok { ++ return h ++ } ++ } ++ h := 1 ++ for _, sub := range re.Sub { ++ hsub := p.calcHeight(sub, false) ++ if h < 1+hsub { ++ h = 1 + hsub ++ } ++ } ++ p.height[re] = h ++ return h ++} ++ + // Parse stack manipulation. + + // push pushes the regexp re onto the parse stack and returns the regexp. +@@ -137,6 +189,7 @@ func (p *parser) push(re *Regexp) *Regexp { + } + + p.stack = append(p.stack, re) ++ p.checkHeight(re) + return re + } + +@@ -252,6 +305,7 @@ func (p *parser) repeat(op Op, min, max int, before, after, lastRepeat string) ( + re.Sub = re.Sub0[:1] + re.Sub[0] = sub + p.stack[n-1] = re ++ p.checkHeight(re) + + if op == OpRepeat && (min >= 2 || max >= 2) && !repeatIsValid(re, 1000) { + return "", &Error{ErrInvalidRepeatSize, before[:len(before)-len(after)]} +@@ -699,6 +753,21 @@ func literalRegexp(s string, flags Flags) *Regexp { + // Flags, and returns a regular expression parse tree. The syntax is + // described in the top-level comment. + func Parse(s string, flags Flags) (*Regexp, error) { ++ return parse(s, flags) ++} ++ ++func parse(s string, flags Flags) (_ *Regexp, err error) { ++ defer func() { ++ switch r := recover(); r { ++ default: ++ panic(r) ++ case nil: ++ // ok ++ case ErrInternalError: ++ err = &Error{Code: ErrInternalError, Expr: s} ++ } ++ }() ++ + if flags&Literal != 0 { + // Trivial parser for literal string. + if err := checkUTF8(s); err != nil { +@@ -710,7 +779,6 @@ func Parse(s string, flags Flags) (*Regexp, error) { + // Otherwise, must do real work. + var ( + p parser +- err error + c rune + op Op + lastRepeat string +diff --git a/src/regexp/syntax/parse_test.go b/src/regexp/syntax/parse_test.go +index 5581ba1..1ef6d8a 100644 +--- a/src/regexp/syntax/parse_test.go ++++ b/src/regexp/syntax/parse_test.go +@@ -207,6 +207,11 @@ var parseTests = []parseTest{ + // Valid repetitions. + {`((((((((((x{2}){2}){2}){2}){2}){2}){2}){2}){2}))`, ``}, + {`((((((((((x{1}){2}){2}){2}){2}){2}){2}){2}){2}){2})`, ``}, ++ ++ // Valid nesting. ++ {strings.Repeat("(", 999) + strings.Repeat(")", 999), ``}, ++ {strings.Repeat("(?:", 999) + strings.Repeat(")*", 999), ``}, ++ {"(" + strings.Repeat("|", 12345) + ")", ``}, // not nested at all + } + + const testFlags = MatchNL | PerlX | UnicodeGroups +@@ -482,6 +487,8 @@ var invalidRegexps = []string{ + `a{100000}`, + `a{100000,}`, + "((((((((((x{2}){2}){2}){2}){2}){2}){2}){2}){2}){2})", ++ strings.Repeat("(", 1000) + strings.Repeat(")", 1000), ++ strings.Repeat("(?:", 1000) + strings.Repeat(")*", 1000), + `\Q\E*`, + } + From patchwork Sat Nov 19 17:47:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B659C43217 for ; Sat, 19 Nov 2022 17:48:18 +0000 (UTC) Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by mx.groups.io with SMTP id smtpd.web11.26049.1668880097457767399 for ; Sat, 19 Nov 2022 09:48:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=0A3xZu8w; spf=softfail (domain: sakoman.com, ip: 209.85.216.47, mailfrom: steve@sakoman.com) Received: by mail-pj1-f47.google.com with SMTP id k2-20020a17090a4c8200b002187cce2f92so5775836pjh.2 for ; Sat, 19 Nov 2022 09:48:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hZsZrMxaqyEAGE9lOdn3WwK74AIxIiNhIk30SxMig44=; b=0A3xZu8w+mdCQ3uTlgM3813WF8/NH21CJOBiRY1ypmNeVF6Rv87C3LWsbDT1yi3SFd r9TlGRK5UAI+fYRawiFnHMU0xUB+LYFAPoyDogEQqrxV5SsWgDWMIuexVhoUagAy4KwL XDTOY2TLm4dDoFPNnEh5em0C7EBk9LzCEF/XsDAoTZ0bv3/4OptdJQuWL7B16Dxl4txV TnWmwip+loyDZlOv6chAaA63t7rKBYqqdwuIAqmhu/MJYh8nazHjMQSfREWprYVaSkMT 5OpHW/1F2rGEmKRVoO/nVhBoPo8wJQtpTW4/8IQyAHfoUWf/nG4ymuT0CoV5np8NPoFK PWvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hZsZrMxaqyEAGE9lOdn3WwK74AIxIiNhIk30SxMig44=; b=TqHFatTTOlECGj+x7U429mXMmH+CWoq1IGjvBdId8HCV7cyE1U8oFhwMyP46ZH31iu axTsUFqeshiGGmZpHNrv+bscg0OBEXqRK0k5wfFvI7nyeBdfeothW4EV8qKUZRy3M66n 0qTv9fjKar+65CwRZAghy1lCN254VsW1mivtOJDX7I8yJOhSJ1p1Ge7Qrrpb817IY93/ bw8vYTHHSVysOvz6AukKY/gtwfGpPUmOoLW12axvXJa6ad9//np7T86BtAsmESoq4ZUZ vjJ0FN2gnu4ihTTymzA5hmkAMZVYxZ1Uw/s1LicuHqEj9FfQ/KRcg5JFjVLTv7N/FU6T uNbQ== X-Gm-Message-State: ANoB5pnMNZeRvwxzch+0cPjqTC51TCkWMZvnImG1QHOTvBl/H0/ml/Sq kmr26BQdbwRRs/XFA8IlSd8c2x86LfdAL/ZMEuo= X-Google-Smtp-Source: AA0mqf5hNencOTC7m5B9vSu6+ZVqdYcSQ0A/HD2+NHJjszDxi55x2DF8dUwrAVxyENeoNv7KQJFEOg== X-Received: by 2002:a17:903:44e:b0:176:a9d6:ed53 with SMTP id iw14-20020a170903044e00b00176a9d6ed53mr1426985plb.5.1668880096501; Sat, 19 Nov 2022 09:48:16 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:16 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/21] golang: fix CVE-2022-28131 Date: Sat, 19 Nov 2022 07:47:39 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173529 From: Ralph Siemsen Upstream-Status: Backport [https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae] CVE: CVE-2022-28131 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-28131.patch | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 08eefdcb5c..525a3e77c5 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -47,6 +47,7 @@ SRC_URI += "\ file://CVE-2021-33198.patch \ file://CVE-2021-44716.patch \ file://CVE-2022-24921.patch \ + file://CVE-2022-28131.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch new file mode 100644 index 0000000000..8afa292144 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-28131.patch @@ -0,0 +1,104 @@ +From 8136eb2e5c316a51d0da710fbd0504cbbefee526 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 28 Mar 2022 18:41:26 -0700 +Subject: [PATCH] encoding/xml: use iterative Skip, rather than recursive + +Upstream-Status: Backport [https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae] +CVE: CVE-2022-28131 +Signed-off-by: Ralph Siemsen + + +Prevents exhausting the stack limit in _incredibly_ deeply nested +structures. + +Fixes #53711 +Updates #53614 +Fixes CVE-2022-28131 + +Change-Id: I47db4595ce10cecc29fbd06afce7b299868599e6 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1419912 +Reviewed-by: Julie Qiu +Reviewed-by: Damien Neil +(cherry picked from commit 9278cb78443d2b4deb24cbb5b61c9ba5ac688d49) +Reviewed-on: https://go-review.googlesource.com/c/go/+/417068 +TryBot-Result: Gopher Robot +Reviewed-by: Heschi Kreinick +Run-TryBot: Michael Knyszek +--- + src/encoding/xml/read.go | 15 ++++++++------- + src/encoding/xml/read_test.go | 18 ++++++++++++++++++ + 2 files changed, 26 insertions(+), 7 deletions(-) + +diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go +index 4ffed80..3fac859 100644 +--- a/src/encoding/xml/read.go ++++ b/src/encoding/xml/read.go +@@ -743,12 +743,12 @@ Loop: + } + + // Skip reads tokens until it has consumed the end element +-// matching the most recent start element already consumed. +-// It recurs if it encounters a start element, so it can be used to +-// skip nested structures. ++// matching the most recent start element already consumed, ++// skipping nested structures. + // It returns nil if it finds an end element matching the start + // element; otherwise it returns an error describing the problem. + func (d *Decoder) Skip() error { ++ var depth int64 + for { + tok, err := d.Token() + if err != nil { +@@ -756,11 +756,12 @@ func (d *Decoder) Skip() error { + } + switch tok.(type) { + case StartElement: +- if err := d.Skip(); err != nil { +- return err +- } ++ depth++ + case EndElement: +- return nil ++ if depth == 0 { ++ return nil ++ } ++ depth-- + } + } + } +diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go +index 6a20b1a..7a621a5 100644 +--- a/src/encoding/xml/read_test.go ++++ b/src/encoding/xml/read_test.go +@@ -5,9 +5,11 @@ + package xml + + import ( ++ "bytes" + "errors" + "io" + "reflect" ++ "runtime" + "strings" + "testing" + "time" +@@ -1093,3 +1095,19 @@ func TestCVE202228131(t *testing.T) { + t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth) + } + } ++ ++func TestCVE202230633(t *testing.T) { ++ if runtime.GOARCH == "wasm" { ++ t.Skip("causes memory exhaustion on js/wasm") ++ } ++ defer func() { ++ p := recover() ++ if p != nil { ++ t.Fatal("Unmarshal panicked") ++ } ++ }() ++ var example struct { ++ Things []string ++ } ++ Unmarshal(bytes.Repeat([]byte(""), 17_000_000), &example) ++} From patchwork Sat Nov 19 17:47:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15694 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28BE4C4332F for ; Sat, 19 Nov 2022 17:48:28 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.26316.1668880099409590250 for ; Sat, 19 Nov 2022 09:48:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=UH4XVTHW; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id r61-20020a17090a43c300b00212f4e9cccdso10955076pjg.5 for ; Sat, 19 Nov 2022 09:48:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EhdbC3RWVka9fOVF7NzRRg0nCLpJRdDefxRhVQGji98=; b=UH4XVTHWO2CjHp+aYB0TreAJ+nLWGUowUNymNF8A00WEwyJ7B7iy/IO2oKTExXtdmd OaIG9Sc40Owrb9uHIRnLNPGE8osP42fwqG4N2j+B5uMiXiRjcuqW05QjjyvsYIlOeMoy ZQfdTwmeeYr3ldRA4loQ8Ofs+b6Pe5HsIO19gIGzlyzqiQFfQE8pEhrTHKEkmCpJ3efD Lrs6ipfRHoledRRjY9pgWNiFLiTotmto7SkkqSa2iOHYisrKOXTZF8NfFQo550o6Dmys HlV1nYyagmeDv/834IeNw7xPHR92PemZsHhevhaDTfkcMepdYvnp6C9vmRDpt7+QXsH7 M3BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EhdbC3RWVka9fOVF7NzRRg0nCLpJRdDefxRhVQGji98=; b=v9Yk9fLEWQy+4wr8wmP7qlSPO++P9MA0sTW5JBOOuXA6Ulopfs4RrU/UqnqE5dzbZw R6lvyf1OpjelG/Ihg4jDDCUgyUVGmwlhfqnsW6TXpz72m5sUp6YnaVTHdfUD1Nrrt+ZP 4KfaoOHgxvdTts3x6DMPdQMcaOVCQu+dD33AQWHrVrZAliV71dN22+8yLsa1u6NCVBqe msRKwhPME4gbJ4gxJOR9+5jDFO6JrXGiO1wc8SazseHwU4Z+TqieKAdfEbB3933/FZWQ i9/BWAtgyf4akdnoF/4cjejjjbmWHIVrI2PHGk6BIhUJ4qzywFUjds7rDu2NHnHwJkEh +VbA== X-Gm-Message-State: ANoB5pnHxJt28BUyH6bVkN5dyyZ8M/+KrRmX3gsewoFl3eNf+2nkeeUB D1EWyDsHKvrU1I8WTvtbMTraMX3oM4Emq/y6UkM= X-Google-Smtp-Source: AA0mqf50QRwWWUmJX9YGE9yVrA73LXBvtW5/NAprnk27eCH6OZnABi0/5gux0GNrEPYnG7HlOxg1hg== X-Received: by 2002:a17:903:2144:b0:188:a1eb:9a8a with SMTP id s4-20020a170903214400b00188a1eb9a8amr4548707ple.153.1668880098416; Sat, 19 Nov 2022 09:48:18 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/21] golang: fix CVE-2022-28327 Date: Sat, 19 Nov 2022 07:47:40 -1000 Message-Id: <7333de25c554375a5ea9ba21a6bdc79036e7bb6d.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173530 From: Ralph Siemsen Upstream-Status: Backport [https://github.com/golang/go/commit/7139e8b024604ab168b51b99c6e8168257a5bf58] CVE: CVE-2022-28327 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2022-28327.patch | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 525a3e77c5..6e596f4141 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -48,6 +48,7 @@ SRC_URI += "\ file://CVE-2021-44716.patch \ file://CVE-2022-24921.patch \ file://CVE-2022-28131.patch \ + file://CVE-2022-28327.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch new file mode 100644 index 0000000000..6361deec7d --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch @@ -0,0 +1,36 @@ +From 34d9ab78568d63d8097911237897b188bdaba9c2 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Thu, 31 Mar 2022 12:31:58 -0400 +Subject: [PATCH] crypto/elliptic: tolerate zero-padded scalars in generic + P-256 + +Upstream-Status: Backport [https://github.com/golang/go/commit/7139e8b024604ab168b51b99c6e8168257a5bf58] +CVE: CVE-2022-28327 +Signed-off-by: Ralph Siemsen + + +Updates #52075 +Fixes #52076 +Fixes CVE-2022-28327 + +Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27 +Reviewed-on: https://go-review.googlesource.com/c/go/+/397136 +Trust: Filippo Valsorda +Reviewed-by: Julie Qiu +--- + src/crypto/elliptic/p256.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go +index c23e414..787e3e7 100644 +--- a/src/crypto/elliptic/p256.go ++++ b/src/crypto/elliptic/p256.go +@@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) { + n := new(big.Int).SetBytes(in) + var scalarBytes []byte + +- if n.Cmp(p256Params.N) >= 0 { ++ if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) { + n.Mod(n, p256Params.N) + scalarBytes = n.Bytes() + } else { From patchwork Sat Nov 19 17:47:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15695 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36DBFC43217 for ; Sat, 19 Nov 2022 17:48:28 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web10.26318.1668880101379279032 for ; Sat, 19 Nov 2022 09:48:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=1YEPeKLP; spf=softfail (domain: sakoman.com, ip: 209.85.216.41, mailfrom: steve@sakoman.com) Received: by mail-pj1-f41.google.com with SMTP id y14-20020a17090a2b4e00b002189a1b84d4so1405041pjc.2 for ; Sat, 19 Nov 2022 09:48:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mcFAsnghJt+5On3xKYr6KDnszmlPYJby7b1bn8r6vZA=; b=1YEPeKLPIbOIBpgLlsQxQrI9sMZCLMQT+3TSvrqP7fSI3vmTYUKavAreqVsfWZ/22E G9ifxGa7Gi0M7sJEa/J++Fo9rbhnbGNpDdukHAqoRbZ7tN7Em4gTaSruO6GAlCXvQ81x dY4c0vvGBc/BB/0+wTyI6nBzw3IJTBGrJCyDvX70fOZBs2daKT4nBr5Rj3MMIwqA+YrW wn8m1tv+Q0xZfhVgk4r+3P4ikJhweKTwwokSNC00pYl18GStaUtBI4Cpai4I33iBhWho oyizBMMzAqRG5QoYmn91H4edbLCkkObuTMhitiAppHU5xNW2bhuAQc3EmJ/DcsOXzpRc 6nYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mcFAsnghJt+5On3xKYr6KDnszmlPYJby7b1bn8r6vZA=; b=0OcJErb0czJkFE6iHSkakR9rn/WJL4KP7KExLCxeyJ2aDE8k7A39MQlSIQpUhbW7n8 GHJIpz4y5m14hCwKxi45L6HVjPvE7IoRtAodkm7oXPbYaztxD15p3nH/yjI8eQ9M1TOS L9B6g0uOPC7Z7jEqoihC5OBbIV5YdNQVCRg/jnHtbj5Dp1zpVOhdV38fCoTuoAz+XHON ZIwcxr+jkHfoldJpokK2lE7x9UZ/7NEI5C7J6U7dUvLcejJ9KgUENO2SQeI/BzSfPSB4 wRFD1YFhS/stzBjypFbSGxBs1dVIIzG0H9NVqGEj3w67J5At20Vhtxpfb1ECMQ8sjX4Q 7Osw== X-Gm-Message-State: ANoB5plHS3+0hIcLCrVOdHcuRhlIz/RVAVE87ypVBLVhWlDDG52XrSIW utkVSerFFYmeLiqQzt7lv7PrmDVC0yBjeo2Y89k= X-Google-Smtp-Source: AA0mqf5og1AjKojRgOh/ehLgrGmpy9ZjQ+2PF30UsDUw7/8LY1tldBe2nOncxwD2X6bi9C3khPToKQ== X-Received: by 2002:a17:902:7b96:b0:188:b0db:cd5d with SMTP id w22-20020a1709027b9600b00188b0dbcd5dmr4728773pll.104.1668880100406; Sat, 19 Nov 2022 09:48:20 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:20 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/21] golang: ignore CVE-2022-29804 Date: Sat, 19 Nov 2022 07:47:41 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173531 From: Ralph Siemsen The issue only affects Windows per the golang announcement [1]: On Windows, the filepath.Clean function could convert an invalid path to a valid, absolute path. For example, Clean(`.\c:`) returned `c:`. [1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 6e596f4141..a0278b9816 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -64,4 +64,5 @@ CVE_CHECK_WHITELIST += "CVE-2021-29923" CVE_CHECK_WHITELIST += "CVE-2022-29526" # Issue only on windows +CVE_CHECK_WHITELIST += "CVE-2022-29804" CVE_CHECK_WHITELIST += "CVE-2022-30634" From patchwork Sat Nov 19 17:47:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15696 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36E8CC4167B for ; Sat, 19 Nov 2022 17:48:28 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web11.26055.1668880103298233807 for ; Sat, 19 Nov 2022 09:48:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=hLlwjWNJ; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id io19so7190898plb.8 for ; Sat, 19 Nov 2022 09:48:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wmwLVcB1CCHEHRpQzQE2I2JDnGaceVFN193k7lpOPJ4=; b=hLlwjWNJ/h0BFqtQU3Cl8g8c05TQ1T86LAD2xpvc8CbfK2cJ15qhq3f3sqfLsgS1Fp z0Yh5r7QgLz0+0M9BOQ/OL6ZxChHOrkv5PU3+9O6rfmFSjNGgjIhpn7n5onqyW7gIzXQ kv8a+19BnI7PGq8cgKWmzpX8tNTZ8OUBpeAssXiCgISp3TUNTW5Bo0TO0iz/pvrSYMv8 VDPmtKoabzYMYyi7rq01pjUyLBy0UkxK0IYJT7DiwhCBNZGgbcEdX2ajUR9tVPhl3diO oNSVf8kyUkwyHsl/WBx8jpC3DNdws9Kj0YBycs1hTu4CJvqFi5CIfRbWOb/0+KfQLiqa sV7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wmwLVcB1CCHEHRpQzQE2I2JDnGaceVFN193k7lpOPJ4=; b=vvxJ7Vte7lhf7rx4Inq2qbWX3I5BFI+1boMuLr3d9xJN1uBmoPb1BDsfnAGpR5jOMa PHKRiKY6dysbO6eem6R/2n6Z/ad7m3QRMLSkDfK8BuUbsKhRdm4krQNTk2lCYVXoQ8r9 6WOJuiIdZGErnKU4eVeS7xZ4MMOkJsfwzQ7H0oIwN46g/v7tonvZU8Lgugxo/9oo3861 PcDc3EAfHO6x98TtZoPipjkQLOsxHfx47tnvYc31ZlyloHARiJJM7k93dvR3E1pIX2Nm caE4YQMCd7hUcjxjQkkgRofSsFzBnJPpBzlhlDdegQaNedzBrofI4QPwFSY80vJ25gjj ZjHQ== X-Gm-Message-State: ANoB5pnMafmfoJTRWLvK9u5bTDG8ogWbxlI6ACgJ8+be1tItqo6HVR+L hkPDLjSIjPpmKSDS0NZtXfnHLERFkh76GQTju30= X-Google-Smtp-Source: AA0mqf6as9aLPyDFZ3DLwd4Y6MxC16SNkijOWZCILFbh5WXkSMfxgEv19nHwxzcHwDlCCRU8thTIwQ== X-Received: by 2002:a17:90a:db52:b0:212:d2c2:8e1a with SMTP id u18-20020a17090adb5200b00212d2c28e1amr19421238pjx.54.1668880102331; Sat, 19 Nov 2022 09:48:22 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:21 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/21] golang: ignore CVE-2021-33194 Date: Sat, 19 Nov 2022 07:47:42 -1000 Message-Id: <14ceef5ca6a941dc931459ce58786bd4a0babffd.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173532 From: Ralph Siemsen This is a bug in golang.org/x/net/html/parse.go. The golang compiler includes a partial copy of this under src/vendor/golang.org/x/net/ however the "html" subdirectory is not included. So this bug does not apply to the compiler itself. Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index a0278b9816..ac4c4e9973 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -66,3 +66,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-29526" # Issue only on windows CVE_CHECK_WHITELIST += "CVE-2022-29804" CVE_CHECK_WHITELIST += "CVE-2022-30634" + +# Issue is in golang.org/x/net/html/parse.go, not used in go compiler +CVE_CHECK_WHITELIST += "CVE-2021-33194" From patchwork Sat Nov 19 17:47:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15693 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28BBAC433FE for ; Sat, 19 Nov 2022 17:48:28 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web10.26322.1668880105241392246 for ; Sat, 19 Nov 2022 09:48:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=TOGPv9Iq; spf=softfail (domain: sakoman.com, ip: 209.85.216.53, mailfrom: steve@sakoman.com) Received: by mail-pj1-f53.google.com with SMTP id b11so7131355pjp.2 for ; Sat, 19 Nov 2022 09:48:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BsBcTdtCRI+v2IQw07PIN0xONEK9XBkvYNdxOApaVPQ=; b=TOGPv9IqX45Y0YFzaKZVIWYnmeHbFi7KKjwtRvq9QXRmVRto5VGt68IhW0+9gPAD14 NLZRuXAqSx8LnKFAvtw7RXgPbKbmcXpFfmugEfQ9pEKNYUBjUqmK+F8TIXtVfE1efscX xEDXzQdRdEVd319AF9l1ZVb+AGOSc37C8MrPb8FDuB/5TPGrFCnyEwt5Cvar5dcbNIIP CU77X/Uj7V0kF7BPbS/ki9yW27NZ1/wYDcyuqUsRPdIfFNonDCr5k0bwf3Z8fzIcwTjV cGHhG2nzLR7nI9EDEeucbIMvXS7HV4+2tPHJElitnkLEbR7MNyeYqFv6Ytz/at4Ry3zr E0zA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BsBcTdtCRI+v2IQw07PIN0xONEK9XBkvYNdxOApaVPQ=; b=kQgG517abftB77a5yrwB+fDWTMTOEuPCVJZTWeRVDi2ohj/M1MPby+dGkoXG3bM0/k AgpDpmHeTe14RCihM71Zu15yhnOupR7D/bD3VySYmxtpBkvnyWGQcQJtFaS8ScvFCCaU GAMU0WlamVFK601//shuh2N+BD5h8YyCCQzmznyq5h6wuzH3ADyeBOgOVEfPbO2+AgNI buQZH15WQrYXSnmbYCQpe4OtRPNtnrbPRc9sVRvkgN/xcKFRj92QnzYkz2KmfTmstnhW DBplLmiNkuRMlXsCFdEbFpem4K4v/GPq9icsjgWS24Eg1EO2pBEJTL/Bbv01vPaP0Zmm PS/w== X-Gm-Message-State: ANoB5pnrzDO8CckaPXqNnOMUSET/bYrQpBHlP3B0EB3IAu5snbH5/YbV 6ddNOqDMyfFq2ibpVIojcWrJAN39GUiRJISvIk4= X-Google-Smtp-Source: AA0mqf6wi9DjZ6SHagJJIZx+RMZMUNGS8+P9E8R1Sz0+IR80WrsXr++mIcb/D4iFQyGVSVXAAo2jzQ== X-Received: by 2002:a17:902:e849:b0:186:dd96:ce45 with SMTP id t9-20020a170902e84900b00186dd96ce45mr4686010plg.73.1668880104235; Sat, 19 Nov 2022 09:48:24 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 15/21] golang: ignore CVE-2021-41772 Date: Sat, 19 Nov 2022 07:47:43 -1000 Message-Id: <6633e3836a15632ead428434d6abe76a9cfbb118.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173533 From: Ralph Siemsen Dunfell uses golang 1.14 which does not contain the affected code (it was introduced in golang 1.16). From the golang announcement [1] "Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made to panic by an attacker providing either a crafted ZIP archive containing completely invalid names or an empty filename argument. [1] https://groups.google.com/g/golang-announce/c/0fM21h43arc Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index ac4c4e9973..8c7df2dede 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -69,3 +69,6 @@ CVE_CHECK_WHITELIST += "CVE-2022-30634" # Issue is in golang.org/x/net/html/parse.go, not used in go compiler CVE_CHECK_WHITELIST += "CVE-2021-33194" + +# Issue introduced in go1.16, does not exist in 1.14 +CVE_CHECK_WHITELIST += "CVE-2021-41772" From patchwork Sat Nov 19 17:47:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15697 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29B7AC43219 for ; Sat, 19 Nov 2022 17:48:28 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.26316.1668880099409590250 for ; Sat, 19 Nov 2022 09:48:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=MrXVET86; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id r61-20020a17090a43c300b00212f4e9cccdso10955220pjg.5 for ; Sat, 19 Nov 2022 09:48:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Q05cbEM3sVTlspnRwmmNYIUiOM+ukLZ/qck9O9Bh1k4=; b=MrXVET86lx4y0IbdWI+R7kJ9JSE/F7jQauIT79aO025JbmwavYVLJ3KC3YQAhnecP/ a17vkS/V4mLwb9wmozMHbqaHzK9oHhFNVLXY+gaWMe92RZURFN2R8CGcjOJfhWrcR6qx BEDwy0u1Io+RXd625x1ck43om57UOuY2OZd+fCJ2N6CLpGKHX+UAmnHIAx+4U8FGLlAf ld+wrl9EG5xHK1dMS7b7mwgfL8hp3nYRZw50hwzYWqjI3ltcmoXgRYEW51mIASYqM5mf Cg0eXPCocw7j6wqvxL/ki6JA69ch9P/Yg30kLSOSwp+z6sUG5OdEsxtjBuqMj3Exmzb7 DdCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q05cbEM3sVTlspnRwmmNYIUiOM+ukLZ/qck9O9Bh1k4=; b=3Rd0uya6Dm3XpWsk+M3qthEG/PjdjnsIrzGNj0JYiQ/IX1BKqxTgmdDDdMpptifOvW aMaicxfWaf9uumFX5XLKuKWEGCFJ/4d507m7tnr1MHWs+NFi5kZhTM+NmeWPIbWURNHz 70fAFdKin1MbRZyae83I7XPCIhjEietLeCmX9F2yohNBBkPUXUWGxoGKp7MaqchZJN3C wgnDTK56iNaIorJjnWkKjrIJoUnJz9cDz2AYyM5S/ufsPynq/SoF6m2gJ1j8XU76iw9p GGXfQgZdqNORcX2K5NZIMkSy1jUnsdi0L1wAUDEF3Q49Tj3K4Atob+oXuXZbpgQluK2p LUBQ== X-Gm-Message-State: ANoB5pkjFe40HkPaH9iwkX8rrkRr26tLQuS403BSJFhegkxT/p+1x8hi rflF3kNYJ3NF9YJJZE4I3pvYGL3MbHN2FfEXYjQ= X-Google-Smtp-Source: AA0mqf5NA5d7GtM9ixGzOS9SqDsTfNV25MK6VMZdWmWZ6LaMWZ5ZAyfsIBtcXWDQY7m8k2g1xLYxBQ== X-Received: by 2002:a17:902:d711:b0:188:c7b2:2dd with SMTP id w17-20020a170902d71100b00188c7b202ddmr4658041ply.88.1668880106054; Sat, 19 Nov 2022 09:48:26 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 16/21] golang: ignore CVE-2022-30580 Date: Sat, 19 Nov 2022 07:47:44 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173534 From: Ralph Siemsen Only affects Windows platform, as per the release announcement [1]: "If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput are executed when Cmd.Path is unset and, in the working directory, there are binaries named either "..com" or "..exe", they will be executed." [1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 8c7df2dede..a0eaa80ed4 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -65,6 +65,7 @@ CVE_CHECK_WHITELIST += "CVE-2022-29526" # Issue only on windows CVE_CHECK_WHITELIST += "CVE-2022-29804" +CVE_CHECK_WHITELIST += "CVE-2022-30580" CVE_CHECK_WHITELIST += "CVE-2022-30634" # Issue is in golang.org/x/net/html/parse.go, not used in go compiler From patchwork Sat Nov 19 17:47:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15699 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A256C4332F for ; Sat, 19 Nov 2022 17:48:38 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.26057.1668880108766705885 for ; Sat, 19 Nov 2022 09:48:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ggDpTzA6; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id w23so7168434ply.12 for ; Sat, 19 Nov 2022 09:48:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f3PklPrJ3KOg4FL23rZztsylQVvrGlXvnYmCLDQHrmc=; b=ggDpTzA6emTiUOD2XNduFX+A+8ZXDwI0GJM8p3JVG3yWmUSZ2clxjNKMthEHqltCnW xEkdEz5AUSc2Yhtx09OCf7PrRRJFdqV1atr+h+vqt7pjXx/8RgG7Hd/0w1d9A62UB3kL HoMyePoPJmXCt+0bv4nYG2Yn0i30CHVxxILFPW6TnsUjPnbEGr+zhQWA7hdR3WqWuWQt W3x67BOMFkQF3Z23hmipNzP+kLEaohj4zjqk+23958+UWvv9v9ggRgnCGd1y14OCXv/M Vx7uEqt/zUTX9QQSoM/QpXtFI7TjDE6Bma6GOgG/XHPGKdvtRMAC5cJLMvexTrh95/iV 6b9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f3PklPrJ3KOg4FL23rZztsylQVvrGlXvnYmCLDQHrmc=; b=qFMFFJC0k7/QonJ8Ikd0BtWJ8U7Cqz3pgPRD/3heyBbakWa3KcPgUNjuG6ZL/3GIkd 59tdAyrpX0V93hRrqtutTzftoQrfmWEqmhU4rxcSrUAWbogIt67ZRsOUolK/fxWu0W21 DmKMlyYXid6ad1q3H8fd1eKckOCmgCBmWCpDl6j+aW/uN9t2+6bqlBNUBCnsIL2fzuK9 YBpBf9u9dBeSYstsP/pOA80uw7CL4UCA4K7gFSSZAZALWPspIa/vXfIiW70ajeMtnzNx 44CF1M1i0FAqTVmEjsFVWFd+6aG36bDZ2aGy5SN7LZv3BCCWswdFGf1oj428hz34LOOa MsWg== X-Gm-Message-State: ANoB5pnr5G2mdA4CyMd5FfGmc2rzhdTxuxDTUa7CyvojVcjxJTen1CXQ ULicAk9NPVK16FFLuIp1m7JpRVp4+Yf0i1k5/4M= X-Google-Smtp-Source: AA0mqf67WbSBMCvRoY5MjpOQTVCNeKG7VE4/BF/QVkepQe4H/k3uXQfXCs5g500DOpTDV6MCc31BcQ== X-Received: by 2002:a17:902:6b89:b0:179:eaa8:9113 with SMTP id p9-20020a1709026b8900b00179eaa89113mr4763645plk.55.1668880107872; Sat, 19 Nov 2022 09:48:27 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:27 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 17/21] golang: ignore CVE-2022-30630 Date: Sat, 19 Nov 2022 07:47:45 -1000 Message-Id: <283de0feeea4c0780e90e56edb3b15134f71638b.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173535 From: Ralph Siemsen The CVE is in the io/fs package, which first appeared in go1.16. Since dunfell is using go1.14, this issue does not apply. CVE was fixed in fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 Original code in b64202bc29b9c1cf0118878d1c0acc9cdb2308f6 Signed-off-by: Ralph Siemsen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index a0eaa80ed4..cec37c1b09 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -73,3 +73,6 @@ CVE_CHECK_WHITELIST += "CVE-2021-33194" # Issue introduced in go1.16, does not exist in 1.14 CVE_CHECK_WHITELIST += "CVE-2021-41772" + +# Fixes code that was added in go1.16, does not exist in 1.14 +CVE_CHECK_WHITELIST += "CVE-2022-30630" From patchwork Sat Nov 19 17:47:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E742C43219 for ; Sat, 19 Nov 2022 17:48:38 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web10.26327.1668880113173982499 for ; Sat, 19 Nov 2022 09:48:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ur86gpIv; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id 6so7659501pgm.6 for ; Sat, 19 Nov 2022 09:48:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=njIN5T94heYkTh699CuQS1+M4s6byRtQaSHmQAT/GVQ=; b=ur86gpIvAbWfyyIaVuxnIuSL03zjHiLyQjlSulqvonvgDyqO32+zY0iNRMUpxdJSAp +rejFwruKJkKkJn7U1RPJswOzVwBYIqw51j8EnKn0KQbF9G2ZbO52KgQ0HAwmMvX99B7 /bUVEWTJEtKuCqFDDkxASIudb3+ACmW92A843Vvh3/383UV1o5OIQPLXFiD3ZT5alYRC KlybLyOPDtcfW6fu6+jXLVcjjqEPaG13rs7eq09uZVegig0InJH/VxfxvNQW2NVfvXZO dQLcCzE14Owne+pYmKXvF/4+P0BRaVt5Qp8yh2vwk4o43J3SgCDMTMGXm+hbTeYvytVD QwmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=njIN5T94heYkTh699CuQS1+M4s6byRtQaSHmQAT/GVQ=; b=oWgaUwtZlj+ZoLbBCs8sFcKa326t9KmGj3r3soRHBsN8CyXDVxqGR10eLUzDfEgcZg ijGOBkyuoLjLlsbeBUu5u0FjPaknYMSkJQcCfjWjxbnrPbdecPx5cclE5204chYrDcEP dkcziwyMJn14U5aQUewWz79i/UTYH8XigDFoNUbXfObVTkEmsNU05+484hL4uEohkDMo yGA1jy+VS/UG8KNrZxEHMOGdzlcCIt3Jd4ZVlqjbPfR10/lLUiX62cxMXF3pDYrvZNCT ASovPfkXDpByc58KOzWKRfDdZH5IYl2qRjNB8nUJhjfJRPAdad/JCTibIrbNipt4RWcP rRLg== X-Gm-Message-State: ANoB5plz+HxymVaXie+Nr+GifUD1Ja0Bp6D7W1hy3YHaKkU6lOCK9z0y +zzad00cERfWZ0AiRY/+mh73+FN5N2DvijUSbJY= X-Google-Smtp-Source: AA0mqf6bQdkoYrVkqCTQebdpBJupEb2Mf2fqd/inK8gf0iysRpiJf62Wg2rIUreEY2oM67wG/J9qzA== X-Received: by 2002:a63:5148:0:b0:439:3c55:3df1 with SMTP id r8-20020a635148000000b004393c553df1mr11277788pgl.606.1668880109971; Sat, 19 Nov 2022 09:48:29 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:29 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 18/21] gcc : upgrade to v9.5 Date: Sat, 19 Nov 2022 07:47:46 -1000 Message-Id: <60984f7119a4b54cbefda48f93762b4f2b179c70.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173537 From: Sundeep KOKKONDA gcc stable version upgraded from v9.3 to v9.5 Below is the bug fix list for v9.5 https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=9.5 Signed-off-by: Sundeep KOKKONDA Signed-off-by: Steve Sakoman --- ...-PR-tree-optimization-97236-fix-bad-.patch | 119 ---- ...ight-Line-Speculation-SLS-mitigation.patch | 204 ------ ...e-SLS-mitigation-for-RET-and-BR-inst.patch | 600 ---------------- ...h64-Mitigate-SLS-for-BLR-instruction.patch | 659 ------------------ ...x-missing-dependencies-for-selftests.patch | 45 -- .../gcc/{gcc-9.3.inc => gcc-9.5.inc} | 13 +- ...0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch | 0 .../0002-gcc-poison-system-directories.patch | 0 ...-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch | 0 .../0004-64-bit-multilib-hack.patch | 0 .../0005-optional-libstdc.patch | 0 .../0006-COLLECT_GCC_OPTIONS.patch | 0 ...ts.h-in-B-instead-of-S-and-t-oe-in-B.patch | 0 .../0008-fortran-cross-compile-hack.patch | 0 .../0009-cpp-honor-sysroot.patch | 0 .../0010-MIPS64-Default-to-N64-ABI.patch | 0 ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 0 ...gcc-Fix-argument-list-too-long-error.patch | 0 .../0013-Disable-sdt.patch | 0 .../{gcc-9.3 => gcc-9.5}/0014-libtool.patch | 0 ...s-fix-v4bx-to-linker-to-support-EABI.patch | 0 ...-config-files-from-B-instead-of-usin.patch | 0 ...ir-from-.la-which-usually-points-to-.patch | 0 .../0018-export-CPP.patch | 0 ...e-target-gcc-headers-can-be-included.patch | 0 ...ild-with-disable-dependency-tracking.patch | 0 ...t-directory-during-relink-if-inst_pr.patch | 0 ...IR-replacement-instead-of-hardcoding.patch | 0 ...23-aarch64-Add-support-for-musl-ldso.patch | 0 ...-fix-libcc1-s-install-path-and-rpath.patch | 0 ...le-sysroot-support-for-nativesdk-gcc.patch | 0 ...sroot-gcc-version-specific-dirs-with.patch | 0 ...ous-_FOR_BUILD-and-related-variables.patch | 0 ...028-nios2-Define-MUSL_DYNAMIC_LINKER.patch | 0 ...d-to-link-commandline-for-musl-targe.patch | 0 .../0030-ldbl128-config.patch | 0 ...using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch | 0 ...as-for-__cpu_indicator_init-instead-.patch | 0 .../0033-sync-gcc-stddef.h-with-musl.patch | 0 ...-fault-in-precompiled-header-generat.patch | 0 .../0035-Fix-for-testsuite-failure.patch | 0 ...Re-introduce-spe-commandline-options.patch | 0 ...heck-zero-value-in-simple_object_elf.patch | 0 ...s-Do-not-use-__LINE__-for-maintainin.patch | 0 ...ands-Don-t-match-user-defined-regs-o.patch | 0 ...adian_9.3.bb => gcc-cross-canadian_9.5.bb} | 0 .../{gcc-cross_9.3.bb => gcc-cross_9.5.bb} | 0 ...cc-crosssdk_9.3.bb => gcc-crosssdk_9.5.bb} | 0 ...{gcc-runtime_9.3.bb => gcc-runtime_9.5.bb} | 0 ...anitizers_9.3.bb => gcc-sanitizers_9.5.bb} | 0 .../{gcc-source_9.3.bb => gcc-source_9.5.bb} | 0 .../gcc/{gcc_9.3.bb => gcc_9.5.bb} | 0 ...c-initial_9.3.bb => libgcc-initial_9.5.bb} | 0 .../gcc/{libgcc_9.3.bb => libgcc_9.5.bb} | 0 ...{libgfortran_9.3.bb => libgfortran_9.5.bb} | 0 55 files changed, 4 insertions(+), 1636 deletions(-) delete mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0001-Backport-fix-for-PR-tree-optimization-97236-fix-bad-.patch delete mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch delete mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch delete mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch delete mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch rename meta/recipes-devtools/gcc/{gcc-9.3.inc => gcc-9.5.inc} (89%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0002-gcc-poison-system-directories.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0003-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0004-64-bit-multilib-hack.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0005-optional-libstdc.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0006-COLLECT_GCC_OPTIONS.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0007-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0008-fortran-cross-compile-hack.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0009-cpp-honor-sysroot.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0010-MIPS64-Default-to-N64-ABI.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0011-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0012-gcc-Fix-argument-list-too-long-error.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0013-Disable-sdt.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0014-libtool.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0015-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0016-Use-the-multilib-config-files-from-B-instead-of-usin.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0017-Avoid-using-libdir-from-.la-which-usually-points-to-.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0018-export-CPP.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0019-Ensure-target-gcc-headers-can-be-included.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0020-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0021-Don-t-search-host-directory-during-relink-if-inst_pr.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0022-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0023-aarch64-Add-support-for-musl-ldso.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0024-libcc1-fix-libcc1-s-install-path-and-rpath.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0025-handle-sysroot-support-for-nativesdk-gcc.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0026-Search-target-sysroot-gcc-version-specific-dirs-with.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0027-Fix-various-_FOR_BUILD-and-related-variables.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0028-nios2-Define-MUSL_DYNAMIC_LINKER.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0029-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0030-ldbl128-config.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0031-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0032-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0033-sync-gcc-stddef.h-with-musl.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0034-fix-segmentation-fault-in-precompiled-header-generat.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0035-Fix-for-testsuite-failure.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0036-Re-introduce-spe-commandline-options.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch (100%) rename meta/recipes-devtools/gcc/{gcc-9.3 => gcc-9.5}/0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch (100%) rename meta/recipes-devtools/gcc/{gcc-cross-canadian_9.3.bb => gcc-cross-canadian_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-cross_9.3.bb => gcc-cross_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-crosssdk_9.3.bb => gcc-crosssdk_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-runtime_9.3.bb => gcc-runtime_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-sanitizers_9.3.bb => gcc-sanitizers_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{gcc-source_9.3.bb => gcc-source_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{gcc_9.3.bb => gcc_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{libgcc-initial_9.3.bb => libgcc-initial_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{libgcc_9.3.bb => libgcc_9.5.bb} (100%) rename meta/recipes-devtools/gcc/{libgfortran_9.3.bb => libgfortran_9.5.bb} (100%) diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0001-Backport-fix-for-PR-tree-optimization-97236-fix-bad-.patch b/meta/recipes-devtools/gcc/gcc-9.3/0001-Backport-fix-for-PR-tree-optimization-97236-fix-bad-.patch deleted file mode 100644 index dc1039dcc8..0000000000 --- a/meta/recipes-devtools/gcc/gcc-9.3/0001-Backport-fix-for-PR-tree-optimization-97236-fix-bad-.patch +++ /dev/null @@ -1,119 +0,0 @@ -Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=97b668f9a8c6ec565c278a60e7d1492a6932e409] -Signed-off-by: Jon Mason - -From 97b668f9a8c6ec565c278a60e7d1492a6932e409 Mon Sep 17 00:00:00 2001 -From: Matthias Klose -Date: Tue, 6 Oct 2020 13:41:37 +0200 -Subject: [PATCH] Backport fix for PR/tree-optimization/97236 - fix bad use of - VMAT_CONTIGUOUS - -This avoids using VMAT_CONTIGUOUS with single-element interleaving -when using V1mode vectors. Instead keep VMAT_ELEMENTWISE but -continue to avoid load-lanes and gathers. - -2020-10-01 Richard Biener - - PR tree-optimization/97236 - * tree-vect-stmts.c (get_group_load_store_type): Keep - VMAT_ELEMENTWISE for single-element vectors. - - * gcc.dg/vect/pr97236.c: New testcase. - -(cherry picked from commit 1ab88985631dd2c5a5e3b5c0dce47cf8b6ed2f82) ---- - gcc/testsuite/gcc.dg/vect/pr97236.c | 43 +++++++++++++++++++++++++++++ - gcc/tree-vect-stmts.c | 20 ++++++-------- - 2 files changed, 52 insertions(+), 11 deletions(-) - create mode 100644 gcc/testsuite/gcc.dg/vect/pr97236.c - -diff --git a/gcc/testsuite/gcc.dg/vect/pr97236.c b/gcc/testsuite/gcc.dg/vect/pr97236.c -new file mode 100644 -index 000000000000..9d3dc20d953d ---- /dev/null -+++ b/gcc/testsuite/gcc.dg/vect/pr97236.c -@@ -0,0 +1,43 @@ -+typedef unsigned char __uint8_t; -+typedef __uint8_t uint8_t; -+typedef struct plane_t { -+ uint8_t *p_pixels; -+ int i_lines; -+ int i_pitch; -+} plane_t; -+ -+typedef struct { -+ plane_t p[5]; -+} picture_t; -+ -+#define N 4 -+ -+void __attribute__((noipa)) -+picture_Clone(picture_t *picture, picture_t *res) -+{ -+ for (int i = 0; i < N; i++) { -+ res->p[i].p_pixels = picture->p[i].p_pixels; -+ res->p[i].i_lines = picture->p[i].i_lines; -+ res->p[i].i_pitch = picture->p[i].i_pitch; -+ } -+} -+ -+int -+main() -+{ -+ picture_t aaa, bbb; -+ uint8_t pixels[10] = {1, 1, 1, 1, 1, 1, 1, 1}; -+ -+ for (unsigned i = 0; i < N; i++) -+ aaa.p[i].p_pixels = pixels; -+ -+ picture_Clone (&aaa, &bbb); -+ -+ uint8_t c = 0; -+ for (unsigned i = 0; i < N; i++) -+ c += bbb.p[i].p_pixels[0]; -+ -+ if (c != N) -+ __builtin_abort (); -+ return 0; -+} -diff --git a/gcc/tree-vect-stmts.c b/gcc/tree-vect-stmts.c -index 507f81b0a0e8..ffbba3441de2 100644 ---- a/gcc/tree-vect-stmts.c -+++ b/gcc/tree-vect-stmts.c -@@ -2355,25 +2355,23 @@ get_group_load_store_type (stmt_vec_info stmt_info, tree vectype, bool slp, - /* First cope with the degenerate case of a single-element - vector. */ - if (known_eq (TYPE_VECTOR_SUBPARTS (vectype), 1U)) -- *memory_access_type = VMAT_CONTIGUOUS; -+ ; - - /* Otherwise try using LOAD/STORE_LANES. */ -- if (*memory_access_type == VMAT_ELEMENTWISE -- && (vls_type == VLS_LOAD -- ? vect_load_lanes_supported (vectype, group_size, masked_p) -- : vect_store_lanes_supported (vectype, group_size, -- masked_p))) -+ else if (vls_type == VLS_LOAD -+ ? vect_load_lanes_supported (vectype, group_size, masked_p) -+ : vect_store_lanes_supported (vectype, group_size, -+ masked_p)) - { - *memory_access_type = VMAT_LOAD_STORE_LANES; - overrun_p = would_overrun_p; - } - - /* If that fails, try using permuting loads. */ -- if (*memory_access_type == VMAT_ELEMENTWISE -- && (vls_type == VLS_LOAD -- ? vect_grouped_load_supported (vectype, single_element_p, -- group_size) -- : vect_grouped_store_supported (vectype, group_size))) -+ else if (vls_type == VLS_LOAD -+ ? vect_grouped_load_supported (vectype, single_element_p, -+ group_size) -+ : vect_grouped_store_supported (vectype, group_size)) - { - *memory_access_type = VMAT_CONTIGUOUS_PERMUTE; - overrun_p = would_overrun_p; --- -2.20.1 - diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch b/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch deleted file mode 100644 index a7e29f4bd7..0000000000 --- a/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch +++ /dev/null @@ -1,204 +0,0 @@ -CVE: CVE-2020-13844 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 20da13e395bde597d8337167c712039c8f923c3b Mon Sep 17 00:00:00 2001 -From: Matthew Malcomson -Date: Thu, 9 Jul 2020 09:11:58 +0100 -Subject: [PATCH 1/3] aarch64: New Straight Line Speculation (SLS) mitigation - flags - -Here we introduce the flags that will be used for straight line speculation. - -The new flag introduced is `-mharden-sls=`. -This flag can take arguments of `none`, `all`, or a comma seperated list -of one or more of `retbr` or `blr`. -`none` indicates no special mitigation of the straight line speculation -vulnerability. -`all` requests all mitigations currently implemented. -`retbr` requests that the RET and BR instructions have a speculation -barrier inserted after them. -`blr` requests that BLR instructions are replaced by a BL to a function -stub using a BR with a speculation barrier after it. - -Setting this on a per-function basis using attributes or the like is not -enabled, but may be in the future. - -(cherry picked from commit a9ba2a9b77bec7eacaf066801f22d1c366a2bc86) - -gcc/ChangeLog: - -2020-06-02 Matthew Malcomson - - * config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p): - New. - (aarch64_harden_sls_blr_p): New. - * config/aarch64/aarch64.c (enum aarch64_sls_hardening_type): - New. - (aarch64_harden_sls_retbr_p): New. - (aarch64_harden_sls_blr_p): New. - (aarch64_validate_sls_mitigation): New. - (aarch64_override_options): Parse options for SLS mitigation. - * config/aarch64/aarch64.opt (-mharden-sls): New option. - * doc/invoke.texi: Document new option. ---- - gcc/config/aarch64/aarch64-protos.h | 3 ++ - gcc/config/aarch64/aarch64.c | 76 +++++++++++++++++++++++++++++ - gcc/config/aarch64/aarch64.opt | 4 ++ - gcc/doc/invoke.texi | 12 +++++ - 4 files changed, 95 insertions(+) - -diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h -index c083cad53..31493f412 100644 ---- a/gcc/config/aarch64/aarch64-protos.h -+++ b/gcc/config/aarch64/aarch64-protos.h -@@ -644,4 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode); - - bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT); - -+extern bool aarch64_harden_sls_retbr_p (void); -+extern bool aarch64_harden_sls_blr_p (void); -+ - #endif /* GCC_AARCH64_PROTOS_H */ -diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c -index b452a53af..269ff6c92 100644 ---- a/gcc/config/aarch64/aarch64.c -+++ b/gcc/config/aarch64/aarch64.c -@@ -11734,6 +11734,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res, - return false; - } - -+/* Straight line speculation indicators. */ -+enum aarch64_sls_hardening_type -+{ -+ SLS_NONE = 0, -+ SLS_RETBR = 1, -+ SLS_BLR = 2, -+ SLS_ALL = 3, -+}; -+static enum aarch64_sls_hardening_type aarch64_sls_hardening; -+ -+/* Return whether we should mitigatate Straight Line Speculation for the RET -+ and BR instructions. */ -+bool -+aarch64_harden_sls_retbr_p (void) -+{ -+ return aarch64_sls_hardening & SLS_RETBR; -+} -+ -+/* Return whether we should mitigatate Straight Line Speculation for the BLR -+ instruction. */ -+bool -+aarch64_harden_sls_blr_p (void) -+{ -+ return aarch64_sls_hardening & SLS_BLR; -+} -+ -+/* As of yet we only allow setting these options globally, in the future we may -+ allow setting them per function. */ -+static void -+aarch64_validate_sls_mitigation (const char *const_str) -+{ -+ char *token_save = NULL; -+ char *str = NULL; -+ -+ if (strcmp (const_str, "none") == 0) -+ { -+ aarch64_sls_hardening = SLS_NONE; -+ return; -+ } -+ if (strcmp (const_str, "all") == 0) -+ { -+ aarch64_sls_hardening = SLS_ALL; -+ return; -+ } -+ -+ char *str_root = xstrdup (const_str); -+ str = strtok_r (str_root, ",", &token_save); -+ if (!str) -+ error ("invalid argument given to %<-mharden-sls=%>"); -+ -+ int temp = SLS_NONE; -+ while (str) -+ { -+ if (strcmp (str, "blr") == 0) -+ temp |= SLS_BLR; -+ else if (strcmp (str, "retbr") == 0) -+ temp |= SLS_RETBR; -+ else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0) -+ { -+ error ("%<%s%> must be by itself for %<-mharden-sls=%>", str); -+ break; -+ } -+ else -+ { -+ error ("invalid argument %<%s%> for %<-mharden-sls=%>", str); -+ break; -+ } -+ str = strtok_r (NULL, ",", &token_save); -+ } -+ aarch64_sls_hardening = (aarch64_sls_hardening_type) temp; -+ free (str_root); -+} -+ - /* Parses CONST_STR for branch protection features specified in - aarch64_branch_protect_types, and set any global variables required. Returns - the parsing result and assigns LAST_STR to the last processed token from -@@ -11972,6 +12045,9 @@ aarch64_override_options (void) - selected_arch = NULL; - selected_tune = NULL; - -+ if (aarch64_harden_sls_string) -+ aarch64_validate_sls_mitigation (aarch64_harden_sls_string); -+ - if (aarch64_branch_protection_string) - aarch64_validate_mbranch_protection (aarch64_branch_protection_string); - -diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt -index 3c6d1cc90..d27ab6df8 100644 ---- a/gcc/config/aarch64/aarch64.opt -+++ b/gcc/config/aarch64/aarch64.opt -@@ -71,6 +71,10 @@ mgeneral-regs-only - Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save - Generate code which uses only the general registers. - -+mharden-sls= -+Target RejectNegative Joined Var(aarch64_harden_sls_string) -+Generate code to mitigate against straight line speculation. -+ - mfix-cortex-a53-835769 - Target Report Var(aarch64_fix_a53_err835769) Init(2) Save - Workaround for ARM Cortex-A53 Erratum number 835769. -diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi -index 2f7ffe456..5f04a7d2b 100644 ---- a/gcc/doc/invoke.texi -+++ b/gcc/doc/invoke.texi -@@ -638,6 +638,7 @@ Objective-C and Objective-C++ Dialects}. - -mpc-relative-literal-loads @gol - -msign-return-address=@var{scope} @gol - -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]|@var{bti} @gol -+-mharden-sls=@var{opts} @gol - -march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol - -moverride=@var{string} -mverbose-cost-dump @gol - -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol -@@ -15955,6 +15956,17 @@ argument @samp{leaf} can be used to extend the signing to include leaf - functions. - @samp{bti} turns on branch target identification mechanism. - -+@item -mharden-sls=@var{opts} -+@opindex mharden-sls -+Enable compiler hardening against straight line speculation (SLS). -+@var{opts} is a comma-separated list of the following options: -+@table @samp -+@item retbr -+@item blr -+@end table -+In addition, @samp{-mharden-sls=all} enables all SLS hardening while -+@samp{-mharden-sls=none} disables all SLS hardening. -+ - @item -msve-vector-bits=@var{bits} - @opindex msve-vector-bits - Specify the number of bits in an SVE vector register. This option only has --- -2.25.1 - diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch b/meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch deleted file mode 100644 index c972088d2b..0000000000 --- a/meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch +++ /dev/null @@ -1,600 +0,0 @@ -CVE: CVE-2020-13844 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From dc586a749228ecfb71f72ec2ca10e6f7b6874af3 Mon Sep 17 00:00:00 2001 -From: Matthew Malcomson -Date: Thu, 9 Jul 2020 09:11:59 +0100 -Subject: [PATCH 2/3] aarch64: Introduce SLS mitigation for RET and BR - instructions - -Instructions following RET or BR are not necessarily executed. In order -to avoid speculation past RET and BR we can simply append a speculation -barrier. - -Since these speculation barriers will not be architecturally executed, -they are not expected to add a high performance penalty. - -The speculation barrier is to be SB when targeting architectures which -have this enabled, and DSB SY + ISB otherwise. - -We add tests for each of the cases where such an instruction was seen. - -This is implemented by modifying each machine description pattern that -emits either a RET or a BR instruction. We choose not to use something -like `TARGET_ASM_FUNCTION_EPILOGUE` since it does not affect the -`indirect_jump`, `jump`, `sibcall_insn` and `sibcall_value_insn` -patterns and we find it preferable to implement the functionality in the -same way for every pattern. - -There is one particular case which is slightly tricky. The -implementation of TARGET_ASM_TRAMPOLINE_TEMPLATE uses a BR which needs -to be mitigated against. The trampoline template is used *once* per -compilation unit, and the TRAMPOLINE_SIZE is exposed to the user via the -builtin macro __LIBGCC_TRAMPOLINE_SIZE__. -In the future we may implement function specific attributes to turn on -and off hardening on a per-function basis. -The fixed nature of the trampoline described above implies it will be -safer to ensure this speculation barrier is always used. - -Testing: - Bootstrap and regtest done on aarch64-none-linux - Used a temporary hack(1) to use these options on every test in the - testsuite and a script to check that the output never emitted an - unmitigated RET or BR. - -1) Temporary hack was a change to the testsuite to always use -`-save-temps` and run a script on the assembly output of those -compilations which produced one to ensure every RET or BR is immediately -followed by a speculation barrier. - -(cherry picked from be178ecd5ac1fe1510d960ff95c66d0ff831afe1) - -gcc/ChangeLog: - - * config/aarch64/aarch64-protos.h (aarch64_sls_barrier): New. - * config/aarch64/aarch64.c (aarch64_output_casesi): Emit - speculation barrier after BR instruction if needs be. - (aarch64_trampoline_init): Handle ptr_mode value & adjust size - of code copied. - (aarch64_sls_barrier): New. - (aarch64_asm_trampoline_template): Add needed barriers. - * config/aarch64/aarch64.h (AARCH64_ISA_SB): New. - (TARGET_SB): New. - (TRAMPOLINE_SIZE): Account for barrier. - * config/aarch64/aarch64.md (indirect_jump, *casesi_dispatch, - simple_return, *do_return, *sibcall_insn, *sibcall_value_insn): - Emit barrier if needs be, also account for possible barrier using - "sls_length" attribute. - (sls_length): New attribute. - (length): Determine default using any non-default sls_length - value. - -gcc/testsuite/ChangeLog: - - * gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c: New test. - * gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c: - New test. - * gcc.target/aarch64/sls-mitigation/sls-mitigation.exp: New file. - * lib/target-supports.exp (check_effective_target_aarch64_asm_sb_ok): - New proc. ---- - gcc/config/aarch64/aarch64-protos.h | 1 + - gcc/config/aarch64/aarch64.c | 41 +++++- - gcc/config/aarch64/aarch64.h | 10 +- - gcc/config/aarch64/aarch64.md | 75 ++++++++--- - .../sls-mitigation/sls-miti-retbr-pacret.c | 15 +++ - .../aarch64/sls-mitigation/sls-miti-retbr.c | 119 ++++++++++++++++++ - .../aarch64/sls-mitigation/sls-mitigation.exp | 73 +++++++++++ - gcc/testsuite/lib/target-supports.exp | 3 +- - 8 files changed, 312 insertions(+), 25 deletions(-) - create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c - create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c - create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp - -diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h -index 31493f412..885eae893 100644 ---- a/gcc/config/aarch64/aarch64-protos.h -+++ b/gcc/config/aarch64/aarch64-protos.h -@@ -644,6 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode); - - bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT); - -+const char *aarch64_sls_barrier (int); - extern bool aarch64_harden_sls_retbr_p (void); - extern bool aarch64_harden_sls_blr_p (void); - -diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c -index 269ff6c92..dff61105c 100644 ---- a/gcc/config/aarch64/aarch64.c -+++ b/gcc/config/aarch64/aarch64.c -@@ -8412,8 +8412,8 @@ aarch64_return_addr (int count, rtx frame ATTRIBUTE_UNUSED) - static void - aarch64_asm_trampoline_template (FILE *f) - { -- int offset1 = 16; -- int offset2 = 20; -+ int offset1 = 24; -+ int offset2 = 28; - - if (aarch64_bti_enabled ()) - { -@@ -8436,6 +8436,17 @@ aarch64_asm_trampoline_template (FILE *f) - } - asm_fprintf (f, "\tbr\t%s\n", reg_names [IP1_REGNUM]); - -+ /* We always emit a speculation barrier. -+ This is because the same trampoline template is used for every nested -+ function. Since nested functions are not particularly common or -+ performant we don't worry too much about the extra instructions to copy -+ around. -+ This is not yet a problem, since we have not yet implemented function -+ specific attributes to choose between hardening against straight line -+ speculation or not, but such function specific attributes are likely to -+ happen in the future. */ -+ asm_fprintf (f, "\tdsb\tsy\n\tisb\n"); -+ - /* The trampoline needs an extra padding instruction. In case if BTI is - enabled the padding instruction is replaced by the BTI instruction at - the beginning. */ -@@ -8450,10 +8461,14 @@ static void - aarch64_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value) - { - rtx fnaddr, mem, a_tramp; -- const int tramp_code_sz = 16; -+ const int tramp_code_sz = 24; - - /* Don't need to copy the trailing D-words, we fill those in below. */ -- emit_block_move (m_tramp, assemble_trampoline_template (), -+ /* We create our own memory address in Pmode so that `emit_block_move` can -+ use parts of the backend which expect Pmode addresses. */ -+ rtx temp = convert_memory_address (Pmode, XEXP (m_tramp, 0)); -+ emit_block_move (gen_rtx_MEM (BLKmode, temp), -+ assemble_trampoline_template (), - GEN_INT (tramp_code_sz), BLOCK_OP_NORMAL); - mem = adjust_address (m_tramp, ptr_mode, tramp_code_sz); - fnaddr = XEXP (DECL_RTL (fndecl), 0); -@@ -8640,6 +8655,8 @@ aarch64_output_casesi (rtx *operands) - output_asm_insn (buf, operands); - output_asm_insn (patterns[index][1], operands); - output_asm_insn ("br\t%3", operands); -+ output_asm_insn (aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()), -+ operands); - assemble_label (asm_out_file, label); - return ""; - } -@@ -18976,6 +18993,22 @@ aarch64_file_end_indicate_exec_stack () - #undef GNU_PROPERTY_AARCH64_FEATURE_1_BTI - #undef GNU_PROPERTY_AARCH64_FEATURE_1_AND - -+/* Helper function for straight line speculation. -+ Return what barrier should be emitted for straight line speculation -+ mitigation. -+ When not mitigating against straight line speculation this function returns -+ an empty string. -+ When mitigating against straight line speculation, use: -+ * SB when the v8.5-A SB extension is enabled. -+ * DSB+ISB otherwise. */ -+const char * -+aarch64_sls_barrier (int mitigation_required) -+{ -+ return mitigation_required -+ ? (TARGET_SB ? "sb" : "dsb\tsy\n\tisb") -+ : ""; -+} -+ - /* Target-specific selftests. */ - - #if CHECKING_P -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 772a97296..72ddc6fd9 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -235,6 +235,7 @@ extern unsigned aarch64_architecture_version; - #define AARCH64_ISA_F16FML (aarch64_isa_flags & AARCH64_FL_F16FML) - #define AARCH64_ISA_RCPC8_4 (aarch64_isa_flags & AARCH64_FL_RCPC8_4) - #define AARCH64_ISA_V8_5 (aarch64_isa_flags & AARCH64_FL_V8_5) -+#define AARCH64_ISA_SB (aarch64_isa_flags & AARCH64_FL_SB) - - /* Crypto is an optional extension to AdvSIMD. */ - #define TARGET_CRYPTO (TARGET_SIMD && AARCH64_ISA_CRYPTO) -@@ -285,6 +286,9 @@ extern unsigned aarch64_architecture_version; - #define TARGET_FIX_ERR_A53_835769_DEFAULT 1 - #endif - -+/* SB instruction is enabled through +sb. */ -+#define TARGET_SB (AARCH64_ISA_SB) -+ - /* Apply the workaround for Cortex-A53 erratum 835769. */ - #define TARGET_FIX_ERR_A53_835769 \ - ((aarch64_fix_a53_err835769 == 2) \ -@@ -931,8 +935,10 @@ typedef struct - - #define RETURN_ADDR_RTX aarch64_return_addr - --/* BTI c + 3 insns + 2 pointer-sized entries. */ --#define TRAMPOLINE_SIZE (TARGET_ILP32 ? 24 : 32) -+/* BTI c + 3 insns -+ + sls barrier of DSB + ISB. -+ + 2 pointer-sized entries. */ -+#define TRAMPOLINE_SIZE (24 + (TARGET_ILP32 ? 8 : 16)) - - /* Trampolines contain dwords, so must be dword aligned. */ - #define TRAMPOLINE_ALIGNMENT 64 -diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md -index cc5a887d4..494aee964 100644 ---- a/gcc/config/aarch64/aarch64.md -+++ b/gcc/config/aarch64/aarch64.md -@@ -331,10 +331,25 @@ - ;; Attribute that specifies whether the alternative uses MOVPRFX. - (define_attr "movprfx" "no,yes" (const_string "no")) - -+;; Attribute to specify that an alternative has the length of a single -+;; instruction plus a speculation barrier. -+(define_attr "sls_length" "none,retbr,casesi" (const_string "none")) -+ - (define_attr "length" "" - (cond [(eq_attr "movprfx" "yes") - (const_int 8) -- ] (const_int 4))) -+ -+ (eq_attr "sls_length" "retbr") -+ (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 4) -+ (match_test "TARGET_SB") (const_int 8)] -+ (const_int 12)) -+ -+ (eq_attr "sls_length" "casesi") -+ (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 16) -+ (match_test "TARGET_SB") (const_int 20)] -+ (const_int 24)) -+ ] -+ (const_int 4))) - - ;; Strictly for compatibility with AArch32 in pipeline models, since AArch64 has - ;; no predicated insns. -@@ -370,8 +385,12 @@ - (define_insn "indirect_jump" - [(set (pc) (match_operand:DI 0 "register_operand" "r"))] - "" -- "br\\t%0" -- [(set_attr "type" "branch")] -+ { -+ output_asm_insn ("br\\t%0", operands); -+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()); -+ } -+ [(set_attr "type" "branch") -+ (set_attr "sls_length" "retbr")] - ) - - (define_insn "jump" -@@ -657,7 +676,7 @@ - "* - return aarch64_output_casesi (operands); - " -- [(set_attr "length" "16") -+ [(set_attr "sls_length" "casesi") - (set_attr "type" "branch")] - ) - -@@ -736,14 +755,18 @@ - [(return)] - "" - { -+ const char *ret = NULL; - if (aarch64_return_address_signing_enabled () - && TARGET_ARMV8_3 - && !crtl->calls_eh_return) -- return "retaa"; -- -- return "ret"; -+ ret = "retaa"; -+ else -+ ret = "ret"; -+ output_asm_insn (ret, operands); -+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()); - } -- [(set_attr "type" "branch")] -+ [(set_attr "type" "branch") -+ (set_attr "sls_length" "retbr")] - ) - - (define_expand "return" -@@ -755,8 +778,12 @@ - (define_insn "simple_return" - [(simple_return)] - "aarch64_use_simple_return_insn_p ()" -- "ret" -- [(set_attr "type" "branch")] -+ { -+ output_asm_insn ("ret", operands); -+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()); -+ } -+ [(set_attr "type" "branch") -+ (set_attr "sls_length" "retbr")] - ) - - (define_insn "*cb1" -@@ -947,10 +974,16 @@ - (match_operand 1 "" "")) - (return)] - "SIBLING_CALL_P (insn)" -- "@ -- br\\t%0 -- b\\t%c0" -- [(set_attr "type" "branch, branch")] -+ { -+ if (which_alternative == 0) -+ { -+ output_asm_insn ("br\\t%0", operands); -+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()); -+ } -+ return "b\\t%c0"; -+ } -+ [(set_attr "type" "branch, branch") -+ (set_attr "sls_length" "retbr,none")] - ) - - (define_insn "*sibcall_value_insn" -@@ -960,10 +993,16 @@ - (match_operand 2 "" ""))) - (return)] - "SIBLING_CALL_P (insn)" -- "@ -- br\\t%1 -- b\\t%c1" -- [(set_attr "type" "branch, branch")] -+ { -+ if (which_alternative == 0) -+ { -+ output_asm_insn ("br\\t%1", operands); -+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()); -+ } -+ return "b\\t%c1"; -+ } -+ [(set_attr "type" "branch, branch") -+ (set_attr "sls_length" "retbr,none")] - ) - - ;; Call subroutine returning any type. -diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c -new file mode 100644 -index 000000000..7656123ee ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c -@@ -0,0 +1,15 @@ -+/* Avoid ILP32 since pacret is only available for LP64 */ -+/* { dg-do compile { target { ! ilp32 } } } */ -+/* { dg-additional-options "-mharden-sls=retbr -mbranch-protection=pac-ret -march=armv8.3-a" } */ -+ -+/* Testing the do_return pattern for retaa. */ -+long retbr_subcall(void); -+long retbr_do_return_retaa(void) -+{ -+ return retbr_subcall()+1; -+} -+ -+/* Ensure there are no BR or RET instructions which are not directly followed -+ by a speculation barrier. */ -+/* { dg-final { scan-assembler-not {\t(br|ret|retaa)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb)} } } */ -+/* { dg-final { scan-assembler-not {ret\t} } } */ -diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c -new file mode 100644 -index 000000000..573b30cdc ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c -@@ -0,0 +1,119 @@ -+/* We ensure that -Wpedantic is off since it complains about the trampolines -+ we explicitly want to test. */ -+/* { dg-additional-options "-mharden-sls=retbr -Wno-pedantic " } */ -+/* -+ Ensure that the SLS hardening of RET and BR leaves no unprotected RET/BR -+ instructions. -+ */ -+typedef int (foo) (int, int); -+typedef void (bar) (int, int); -+struct sls_testclass { -+ foo *x; -+ bar *y; -+ int left; -+ int right; -+}; -+ -+int -+retbr_sibcall_value_insn (struct sls_testclass x) -+{ -+ return x.x(x.left, x.right); -+} -+ -+void -+retbr_sibcall_insn (struct sls_testclass x) -+{ -+ x.y(x.left, x.right); -+} -+ -+/* Aim to test two different returns. -+ One that introduces a tail call in the middle of the function, and one that -+ has a normal return. */ -+int -+retbr_multiple_returns (struct sls_testclass x) -+{ -+ int temp; -+ if (x.left % 10) -+ return x.x(x.left, 100); -+ else if (x.right % 20) -+ { -+ return x.x(x.left * x.right, 100); -+ } -+ temp = x.left % x.right; -+ temp *= 100; -+ temp /= 2; -+ return temp % 3; -+} -+ -+void -+retbr_multiple_returns_void (struct sls_testclass x) -+{ -+ if (x.left % 10) -+ { -+ x.y(x.left, 100); -+ } -+ else if (x.right % 20) -+ { -+ x.y(x.left * x.right, 100); -+ } -+ return; -+} -+ -+/* Testing the casesi jump via register. */ -+__attribute__ ((optimize ("Os"))) -+int -+retbr_casesi_dispatch (struct sls_testclass x) -+{ -+ switch (x.left) -+ { -+ case -5: -+ return -2; -+ case -3: -+ return -1; -+ case 0: -+ return 0; -+ case 3: -+ return 1; -+ case 5: -+ break; -+ default: -+ __builtin_unreachable (); -+ } -+ return x.right; -+} -+ -+/* Testing the BR in trampolines is mitigated against. */ -+void f1 (void *); -+void f3 (void *, void (*)(void *)); -+void f2 (void *); -+ -+int -+retbr_trampolines (void *a, int b) -+{ -+ if (!b) -+ { -+ f1 (a); -+ return 1; -+ } -+ if (b) -+ { -+ void retbr_tramp_internal (void *c) -+ { -+ if (c == a) -+ f2 (c); -+ } -+ f3 (a, retbr_tramp_internal); -+ } -+ return 0; -+} -+ -+/* Testing the indirect_jump pattern. */ -+void -+retbr_indirect_jump (int *buf) -+{ -+ __builtin_longjmp(buf, 1); -+} -+ -+/* Ensure there are no BR or RET instructions which are not directly followed -+ by a speculation barrier. */ -+/* { dg-final { scan-assembler-not {\t(br|ret|retaa)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb|sb)} } } */ -diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp -new file mode 100644 -index 000000000..812250379 ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp -@@ -0,0 +1,73 @@ -+# Regression driver for SLS mitigation on AArch64. -+# Copyright (C) 2020 Free Software Foundation, Inc. -+# Contributed by ARM Ltd. -+# -+# This file is part of GCC. -+# -+# GCC is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 3, or (at your option) -+# any later version. -+# -+# GCC is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with GCC; see the file COPYING3. If not see -+# . */ -+ -+# Exit immediately if this isn't an AArch64 target. -+if {![istarget aarch64*-*-*] } then { -+ return -+} -+ -+# Load support procs. -+load_lib gcc-dg.exp -+load_lib torture-options.exp -+ -+# If a testcase doesn't have special options, use these. -+global DEFAULT_CFLAGS -+if ![info exists DEFAULT_CFLAGS] then { -+ set DEFAULT_CFLAGS " " -+} -+ -+# Initialize `dg'. -+dg-init -+torture-init -+ -+# Use different architectures as well as the normal optimisation options. -+# (i.e. use both SB and DSB+ISB barriers). -+ -+set save-dg-do-what-default ${dg-do-what-default} -+# Main loop. -+# Run with torture tests (i.e. a bunch of different optimisation levels) just -+# to increase test coverage. -+set dg-do-what-default assemble -+gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \ -+ "-save-temps" $DEFAULT_CFLAGS -+ -+# Run the same tests but this time with SB extension. -+# Since not all supported assemblers will support that extension we decide -+# whether to assemble or just compile based on whether the extension is -+# supported for the available assembler. -+ -+set templist {} -+foreach x $DG_TORTURE_OPTIONS { -+ lappend templist "$x -march=armv8.3-a+sb " -+ lappend templist "$x -march=armv8-a+sb " -+} -+set-torture-options $templist -+if { [check_effective_target_aarch64_asm_sb_ok] } { -+ set dg-do-what-default assemble -+} else { -+ set dg-do-what-default compile -+} -+gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \ -+ "-save-temps" $DEFAULT_CFLAGS -+set dg-do-what-default ${save-dg-do-what-default} -+ -+# All done. -+torture-finish -+dg-finish -diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp -index ea9a50ccb..79482f9b6 100644 ---- a/gcc/testsuite/lib/target-supports.exp -+++ b/gcc/testsuite/lib/target-supports.exp -@@ -8579,7 +8579,8 @@ proc check_effective_target_aarch64_tiny { } { - # Create functions to check that the AArch64 assembler supports the - # various architecture extensions via the .arch_extension pseudo-op. - --foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve"} { -+foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve" -+ "sb"} { - eval [string map [list FUNC $aarch64_ext] { - proc check_effective_target_aarch64_asm_FUNC_ok { } { - if { [istarget aarch64*-*-*] } { --- -2.25.1 - diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch b/meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch deleted file mode 100644 index 6dffef0a34..0000000000 --- a/meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch +++ /dev/null @@ -1,659 +0,0 @@ -CVE: CVE-2020-13844 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 2155170525f93093b90a1a065e7ed71a925566e9 Mon Sep 17 00:00:00 2001 -From: Matthew Malcomson -Date: Thu, 9 Jul 2020 09:11:59 +0100 -Subject: [PATCH 3/3] aarch64: Mitigate SLS for BLR instruction - -This patch introduces the mitigation for Straight Line Speculation past -the BLR instruction. - -This mitigation replaces BLR instructions with a BL to a stub which uses -a BR to jump to the original value. These function stubs are then -appended with a speculation barrier to ensure no straight line -speculation happens after these jumps. - -When optimising for speed we use a set of stubs for each function since -this should help the branch predictor make more accurate predictions -about where a stub should branch. - -When optimising for size we use one set of stubs for all functions. -This set of stubs can have human readable names, and we are using -`__call_indirect_x` for register x. - -When BTI branch protection is enabled the BLR instruction can jump to a -`BTI c` instruction using any register, while the BR instruction can -only jump to a `BTI c` instruction using the x16 or x17 registers. -Hence, in order to ensure this transformation is safe we mov the value -of the original register into x16 and use x16 for the BR. - -As an example when optimising for size: -a - BLR x0 -instruction would get transformed to something like - BL __call_indirect_x0 -where __call_indirect_x0 labels a thunk that contains -__call_indirect_x0: - MOV X16, X0 - BR X16 - - -The first version of this patch used local symbols specific to a -compilation unit to try and avoid relocations. -This was mistaken since functions coming from the same compilation unit -can still be in different sections, and the assembler will insert -relocations at jumps between sections. - -On any relocation the linker is permitted to emit a veneer to handle -jumps between symbols that are very far apart. The registers x16 and -x17 may be clobbered by these veneers. -Hence the function stubs cannot rely on the values of x16 and x17 being -the same as just before the function stub is called. - -Similar can be said for the hot/cold partitioning of single functions, -so function-local stubs have the same restriction. - -This updated version of the patch never emits function stubs for x16 and -x17, and instead forces other registers to be used. - -Given the above, there is now no benefit to local symbols (since they -are not enough to avoid dealing with linker intricacies). This patch -now uses global symbols with hidden visibility each stored in their own -COMDAT section. This means stubs can be shared between compilation -units while still avoiding the PLT indirection. - -This patch also removes the `__call_indirect_x30` stub (and -function-local equivalent) which would simply jump back to the original -location. - -The function-local stubs are emitted to the assembly output file in one -chunk, which means we need not add the speculation barrier directly -after each one. -This is because we know for certain that the instructions directly after -the BR in all but the last function stub will be from another one of -these stubs and hence will not contain a speculation gadget. -Instead we add a speculation barrier at the end of the sequence of -stubs. - -The global stubs are emitted in COMDAT/.linkonce sections by -themselves so that the linker can remove duplicates from multiple object -files. This means they are not emitted in one chunk, and each one must -include the speculation barrier. - -Another difference is that since the global stubs are shared across -compilation units we do not know that all functions will be targeting an -architecture supporting the SB instruction. -Rather than provide multiple stubs for each architecture, we provide a -stub that will work for all architectures -- using the DSB+ISB barrier. - -This mitigation does not apply for BLR instructions in the following -places: -- Some accesses to thread-local variables use a code sequence with a BLR - instruction. This code sequence is part of the binary interface between - compiler and linker. If this BLR instruction needs to be mitigated, it'd - probably be best to do so in the linker. It seems that the code sequence - for thread-local variable access is unlikely to lead to a Spectre Revalation - Gadget. -- PLT stubs are produced by the linker and each contain a BLR instruction. - It seems that at most only after the last PLT stub a Spectre Revalation - Gadget might appear. - -Testing: - Bootstrap and regtest on AArch64 - (with BOOT_CFLAGS="-mharden-sls=retbr,blr") - Used a temporary hack(1) in gcc-dg.exp to use these options on every - test in the testsuite, a slight modification to emit the speculation - barrier after every function stub, and a script to check that the - output never emitted a BLR, or unmitigated BR or RET instruction. - Similar on an aarch64-none-elf cross-compiler. - -1) Temporary hack emitted a speculation barrier at the end of every stub -function, and used a script to ensure that: - a) Every RET or BR is immediately followed by a speculation barrier. - b) No BLR instruction is emitted by compiler. - -(cherry picked from 96b7f495f9269d5448822e4fc28882edb35a58d7) - -gcc/ChangeLog: - - * config/aarch64/aarch64-protos.h (aarch64_indirect_call_asm): - New declaration. - * config/aarch64/aarch64.c (aarch64_regno_regclass): Handle new - stub registers class. - (aarch64_class_max_nregs): Likewise. - (aarch64_register_move_cost): Likewise. - (aarch64_sls_shared_thunks): Global array to store stub labels. - (aarch64_sls_emit_function_stub): New. - (aarch64_create_blr_label): New. - (aarch64_sls_emit_blr_function_thunks): New. - (aarch64_sls_emit_shared_blr_thunks): New. - (aarch64_asm_file_end): New. - (aarch64_indirect_call_asm): New. - (TARGET_ASM_FILE_END): Use aarch64_asm_file_end. - (TARGET_ASM_FUNCTION_EPILOGUE): Use - aarch64_sls_emit_blr_function_thunks. - * config/aarch64/aarch64.h (STB_REGNUM_P): New. - (enum reg_class): Add STUB_REGS class. - (machine_function): Introduce `call_via` array for - function-local stub labels. - * config/aarch64/aarch64.md (*call_insn, *call_value_insn): Use - aarch64_indirect_call_asm to emit code when hardening BLR - instructions. - * config/aarch64/constraints.md (Ucr): New constraint - representing registers for indirect calls. Is GENERAL_REGS - usually, and STUB_REGS when hardening BLR instruction against - SLS. - * config/aarch64/predicates.md (aarch64_general_reg): STUB_REGS class - is also a general register. - -gcc/testsuite/ChangeLog: - - * gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c: New test. - * gcc.target/aarch64/sls-mitigation/sls-miti-blr.c: New test. ---- - gcc/config/aarch64/aarch64-protos.h | 1 + - gcc/config/aarch64/aarch64.c | 225 +++++++++++++++++- - gcc/config/aarch64/aarch64.h | 15 ++ - gcc/config/aarch64/aarch64.md | 11 +- - gcc/config/aarch64/constraints.md | 9 + - gcc/config/aarch64/predicates.md | 3 +- - .../aarch64/sls-mitigation/sls-miti-blr-bti.c | 40 ++++ - .../aarch64/sls-mitigation/sls-miti-blr.c | 33 +++ - 8 files changed, 328 insertions(+), 9 deletions(-) - create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c - create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c - -diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h -index 885eae893..2676e43ae 100644 ---- a/gcc/config/aarch64/aarch64-protos.h -+++ b/gcc/config/aarch64/aarch64-protos.h -@@ -645,6 +645,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode); - bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT); - - const char *aarch64_sls_barrier (int); -+const char *aarch64_indirect_call_asm (rtx); - extern bool aarch64_harden_sls_retbr_p (void); - extern bool aarch64_harden_sls_blr_p (void); - -diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c -index dff61105c..bc6c02c3a 100644 ---- a/gcc/config/aarch64/aarch64.c -+++ b/gcc/config/aarch64/aarch64.c -@@ -8190,6 +8190,9 @@ aarch64_label_mentioned_p (rtx x) - enum reg_class - aarch64_regno_regclass (unsigned regno) - { -+ if (STUB_REGNUM_P (regno)) -+ return STUB_REGS; -+ - if (GP_REGNUM_P (regno)) - return GENERAL_REGS; - -@@ -8499,6 +8502,7 @@ aarch64_class_max_nregs (reg_class_t regclass, machine_mode mode) - unsigned int nregs; - switch (regclass) - { -+ case STUB_REGS: - case TAILCALL_ADDR_REGS: - case POINTER_REGS: - case GENERAL_REGS: -@@ -10693,10 +10697,12 @@ aarch64_register_move_cost (machine_mode mode, - = aarch64_tune_params.regmove_cost; - - /* Caller save and pointer regs are equivalent to GENERAL_REGS. */ -- if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS) -+ if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS -+ || to == STUB_REGS) - to = GENERAL_REGS; - -- if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS) -+ if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS -+ || from == STUB_REGS) - from = GENERAL_REGS; - - /* Moving between GPR and stack cost is the same as GP2GP. */ -@@ -19009,6 +19015,215 @@ aarch64_sls_barrier (int mitigation_required) - : ""; - } - -+static GTY (()) tree aarch64_sls_shared_thunks[30]; -+static GTY (()) bool aarch64_sls_shared_thunks_needed = false; -+const char *indirect_symbol_names[30] = { -+ "__call_indirect_x0", -+ "__call_indirect_x1", -+ "__call_indirect_x2", -+ "__call_indirect_x3", -+ "__call_indirect_x4", -+ "__call_indirect_x5", -+ "__call_indirect_x6", -+ "__call_indirect_x7", -+ "__call_indirect_x8", -+ "__call_indirect_x9", -+ "__call_indirect_x10", -+ "__call_indirect_x11", -+ "__call_indirect_x12", -+ "__call_indirect_x13", -+ "__call_indirect_x14", -+ "__call_indirect_x15", -+ "", /* "__call_indirect_x16", */ -+ "", /* "__call_indirect_x17", */ -+ "__call_indirect_x18", -+ "__call_indirect_x19", -+ "__call_indirect_x20", -+ "__call_indirect_x21", -+ "__call_indirect_x22", -+ "__call_indirect_x23", -+ "__call_indirect_x24", -+ "__call_indirect_x25", -+ "__call_indirect_x26", -+ "__call_indirect_x27", -+ "__call_indirect_x28", -+ "__call_indirect_x29", -+}; -+ -+/* Function to create a BLR thunk. This thunk is used to mitigate straight -+ line speculation. Instead of a simple BLR that can be speculated past, -+ we emit a BL to this thunk, and this thunk contains a BR to the relevant -+ register. These thunks have the relevant speculation barries put after -+ their indirect branch so that speculation is blocked. -+ -+ We use such a thunk so the speculation barriers are kept off the -+ architecturally executed path in order to reduce the performance overhead. -+ -+ When optimizing for size we use stubs shared by the linked object. -+ When optimizing for performance we emit stubs for each function in the hope -+ that the branch predictor can better train on jumps specific for a given -+ function. */ -+rtx -+aarch64_sls_create_blr_label (int regnum) -+{ -+ gcc_assert (STUB_REGNUM_P (regnum)); -+ if (optimize_function_for_size_p (cfun)) -+ { -+ /* For the thunks shared between different functions in this compilation -+ unit we use a named symbol -- this is just for users to more easily -+ understand the generated assembly. */ -+ aarch64_sls_shared_thunks_needed = true; -+ const char *thunk_name = indirect_symbol_names[regnum]; -+ if (aarch64_sls_shared_thunks[regnum] == NULL) -+ { -+ /* Build a decl representing this function stub and record it for -+ later. We build a decl here so we can use the GCC machinery for -+ handling sections automatically (through `get_named_section` and -+ `make_decl_one_only`). That saves us a lot of trouble handling -+ the specifics of different output file formats. */ -+ tree decl = build_decl (BUILTINS_LOCATION, FUNCTION_DECL, -+ get_identifier (thunk_name), -+ build_function_type_list (void_type_node, -+ NULL_TREE)); -+ DECL_RESULT (decl) = build_decl (BUILTINS_LOCATION, RESULT_DECL, -+ NULL_TREE, void_type_node); -+ TREE_PUBLIC (decl) = 1; -+ TREE_STATIC (decl) = 1; -+ DECL_IGNORED_P (decl) = 1; -+ DECL_ARTIFICIAL (decl) = 1; -+ make_decl_one_only (decl, DECL_ASSEMBLER_NAME (decl)); -+ resolve_unique_section (decl, 0, false); -+ aarch64_sls_shared_thunks[regnum] = decl; -+ } -+ -+ return gen_rtx_SYMBOL_REF (Pmode, thunk_name); -+ } -+ -+ if (cfun->machine->call_via[regnum] == NULL) -+ cfun->machine->call_via[regnum] -+ = gen_rtx_LABEL_REF (Pmode, gen_label_rtx ()); -+ return cfun->machine->call_via[regnum]; -+} -+ -+/* Helper function for aarch64_sls_emit_blr_function_thunks and -+ aarch64_sls_emit_shared_blr_thunks below. */ -+static void -+aarch64_sls_emit_function_stub (FILE *out_file, int regnum) -+{ -+ /* Save in x16 and branch to that function so this transformation does -+ not prevent jumping to `BTI c` instructions. */ -+ asm_fprintf (out_file, "\tmov\tx16, x%d\n", regnum); -+ asm_fprintf (out_file, "\tbr\tx16\n"); -+} -+ -+/* Emit all BLR stubs for this particular function. -+ Here we emit all the BLR stubs needed for the current function. Since we -+ emit these stubs in a consecutive block we know there will be no speculation -+ gadgets between each stub, and hence we only emit a speculation barrier at -+ the end of the stub sequences. -+ -+ This is called in the TARGET_ASM_FUNCTION_EPILOGUE hook. */ -+void -+aarch64_sls_emit_blr_function_thunks (FILE *out_file) -+{ -+ if (! aarch64_harden_sls_blr_p ()) -+ return; -+ -+ bool any_functions_emitted = false; -+ /* We must save and restore the current function section since this assembly -+ is emitted at the end of the function. This means it can be emitted *just -+ after* the cold section of a function. That cold part would be emitted in -+ a different section. That switch would trigger a `.cfi_endproc` directive -+ to be emitted in the original section and a `.cfi_startproc` directive to -+ be emitted in the new section. Switching to the original section without -+ restoring would mean that the `.cfi_endproc` emitted as a function ends -+ would happen in a different section -- leaving an unmatched -+ `.cfi_startproc` in the cold text section and an unmatched `.cfi_endproc` -+ in the standard text section. */ -+ section *save_text_section = in_section; -+ switch_to_section (function_section (current_function_decl)); -+ for (int regnum = 0; regnum < 30; ++regnum) -+ { -+ rtx specu_label = cfun->machine->call_via[regnum]; -+ if (specu_label == NULL) -+ continue; -+ -+ targetm.asm_out.print_operand (out_file, specu_label, 0); -+ asm_fprintf (out_file, ":\n"); -+ aarch64_sls_emit_function_stub (out_file, regnum); -+ any_functions_emitted = true; -+ } -+ if (any_functions_emitted) -+ /* Can use the SB if needs be here, since this stub will only be used -+ by the current function, and hence for the current target. */ -+ asm_fprintf (out_file, "\t%s\n", aarch64_sls_barrier (true)); -+ switch_to_section (save_text_section); -+} -+ -+/* Emit shared BLR stubs for the current compilation unit. -+ Over the course of compiling this unit we may have converted some BLR -+ instructions to a BL to a shared stub function. This is where we emit those -+ stub functions. -+ This function is for the stubs shared between different functions in this -+ compilation unit. We share when optimizing for size instead of speed. -+ -+ This function is called through the TARGET_ASM_FILE_END hook. */ -+void -+aarch64_sls_emit_shared_blr_thunks (FILE *out_file) -+{ -+ if (! aarch64_sls_shared_thunks_needed) -+ return; -+ -+ for (int regnum = 0; regnum < 30; ++regnum) -+ { -+ tree decl = aarch64_sls_shared_thunks[regnum]; -+ if (!decl) -+ continue; -+ -+ const char *name = indirect_symbol_names[regnum]; -+ switch_to_section (get_named_section (decl, NULL, 0)); -+ ASM_OUTPUT_ALIGN (out_file, 2); -+ targetm.asm_out.globalize_label (out_file, name); -+ /* Only emits if the compiler is configured for an assembler that can -+ handle visibility directives. */ -+ targetm.asm_out.assemble_visibility (decl, VISIBILITY_HIDDEN); -+ ASM_OUTPUT_TYPE_DIRECTIVE (out_file, name, "function"); -+ ASM_OUTPUT_LABEL (out_file, name); -+ aarch64_sls_emit_function_stub (out_file, regnum); -+ /* Use the most conservative target to ensure it can always be used by any -+ function in the translation unit. */ -+ asm_fprintf (out_file, "\tdsb\tsy\n\tisb\n"); -+ ASM_DECLARE_FUNCTION_SIZE (out_file, name, decl); -+ } -+} -+ -+/* Implement TARGET_ASM_FILE_END. */ -+void -+aarch64_asm_file_end () -+{ -+ aarch64_sls_emit_shared_blr_thunks (asm_out_file); -+ /* Since this function will be called for the ASM_FILE_END hook, we ensure -+ that what would be called otherwise (e.g. `file_end_indicate_exec_stack` -+ for FreeBSD) still gets called. */ -+#ifdef TARGET_ASM_FILE_END -+ TARGET_ASM_FILE_END (); -+#endif -+} -+ -+const char * -+aarch64_indirect_call_asm (rtx addr) -+{ -+ gcc_assert (REG_P (addr)); -+ if (aarch64_harden_sls_blr_p ()) -+ { -+ rtx stub_label = aarch64_sls_create_blr_label (REGNO (addr)); -+ output_asm_insn ("bl\t%0", &stub_label); -+ } -+ else -+ output_asm_insn ("blr\t%0", &addr); -+ return ""; -+} -+ - /* Target-specific selftests. */ - - #if CHECKING_P -@@ -19529,6 +19744,12 @@ aarch64_libgcc_floating_mode_supported_p - #define TARGET_RUN_TARGET_SELFTESTS selftest::aarch64_run_selftests - #endif /* #if CHECKING_P */ - -+#undef TARGET_ASM_FILE_END -+#define TARGET_ASM_FILE_END aarch64_asm_file_end -+ -+#undef TARGET_ASM_FUNCTION_EPILOGUE -+#define TARGET_ASM_FUNCTION_EPILOGUE aarch64_sls_emit_blr_function_thunks -+ - struct gcc_target targetm = TARGET_INITIALIZER; - - #include "gt-aarch64.h" -diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h -index 72ddc6fd9..60682a100 100644 ---- a/gcc/config/aarch64/aarch64.h -+++ b/gcc/config/aarch64/aarch64.h -@@ -540,6 +540,16 @@ extern unsigned aarch64_architecture_version; - #define GP_REGNUM_P(REGNO) \ - (((unsigned) (REGNO - R0_REGNUM)) <= (R30_REGNUM - R0_REGNUM)) - -+/* Registers known to be preserved over a BL instruction. This consists of the -+ GENERAL_REGS without x16, x17, and x30. The x30 register is changed by the -+ BL instruction itself, while the x16 and x17 registers may be used by -+ veneers which can be inserted by the linker. */ -+#define STUB_REGNUM_P(REGNO) \ -+ (GP_REGNUM_P (REGNO) \ -+ && (REGNO) != R16_REGNUM \ -+ && (REGNO) != R17_REGNUM \ -+ && (REGNO) != R30_REGNUM) \ -+ - #define FP_REGNUM_P(REGNO) \ - (((unsigned) (REGNO - V0_REGNUM)) <= (V31_REGNUM - V0_REGNUM)) - -@@ -561,6 +571,7 @@ enum reg_class - { - NO_REGS, - TAILCALL_ADDR_REGS, -+ STUB_REGS, - GENERAL_REGS, - STACK_REG, - POINTER_REGS, -@@ -580,6 +591,7 @@ enum reg_class - { \ - "NO_REGS", \ - "TAILCALL_ADDR_REGS", \ -+ "STUB_REGS", \ - "GENERAL_REGS", \ - "STACK_REG", \ - "POINTER_REGS", \ -@@ -596,6 +608,7 @@ enum reg_class - { \ - { 0x00000000, 0x00000000, 0x00000000 }, /* NO_REGS */ \ - { 0x00030000, 0x00000000, 0x00000000 }, /* TAILCALL_ADDR_REGS */\ -+ { 0x3ffcffff, 0x00000000, 0x00000000 }, /* STUB_REGS */ \ - { 0x7fffffff, 0x00000000, 0x00000003 }, /* GENERAL_REGS */ \ - { 0x80000000, 0x00000000, 0x00000000 }, /* STACK_REG */ \ - { 0xffffffff, 0x00000000, 0x00000003 }, /* POINTER_REGS */ \ -@@ -735,6 +748,8 @@ typedef struct GTY (()) machine_function - struct aarch64_frame frame; - /* One entry for each hard register. */ - bool reg_is_wrapped_separately[LAST_SAVED_REGNUM]; -+ /* One entry for each general purpose register. */ -+ rtx call_via[SP_REGNUM]; - bool label_is_assembled; - } machine_function; - #endif -diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md -index 494aee964..ed8cf8ece 100644 ---- a/gcc/config/aarch64/aarch64.md -+++ b/gcc/config/aarch64/aarch64.md -@@ -908,15 +908,14 @@ - ) - - (define_insn "*call_insn" -- [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "r, Usf")) -+ [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "Ucr, Usf")) - (match_operand 1 "" "")) - (clobber (reg:DI LR_REGNUM))] - "" - "@ -- blr\\t%0 -+ * return aarch64_indirect_call_asm (operands[0]); - bl\\t%c0" -- [(set_attr "type" "call, call")] --) -+ [(set_attr "type" "call, call")]) - - (define_expand "call_value" - [(parallel [(set (match_operand 0 "" "") -@@ -934,12 +933,12 @@ - - (define_insn "*call_value_insn" - [(set (match_operand 0 "" "") -- (call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "r, Usf")) -+ (call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "Ucr, Usf")) - (match_operand 2 "" ""))) - (clobber (reg:DI LR_REGNUM))] - "" - "@ -- blr\\t%1 -+ * return aarch64_indirect_call_asm (operands[1]); - bl\\t%c1" - [(set_attr "type" "call, call")] - ) -diff --git a/gcc/config/aarch64/constraints.md b/gcc/config/aarch64/constraints.md -index 21f9549e6..7756dbe83 100644 ---- a/gcc/config/aarch64/constraints.md -+++ b/gcc/config/aarch64/constraints.md -@@ -24,6 +24,15 @@ - (define_register_constraint "Ucs" "TAILCALL_ADDR_REGS" - "@internal Registers suitable for an indirect tail call") - -+(define_register_constraint "Ucr" -+ "aarch64_harden_sls_blr_p () ? STUB_REGS : GENERAL_REGS" -+ "@internal Registers to be used for an indirect call. -+ This is usually the general registers, but when we are hardening against -+ Straight Line Speculation we disallow x16, x17, and x30 so we can use -+ indirection stubs. These indirection stubs cannot use the above registers -+ since they will be reached by a BL that may have to go through a linker -+ veneer.") -+ - (define_register_constraint "w" "FP_REGS" - "Floating point and SIMD vector registers.") - -diff --git a/gcc/config/aarch64/predicates.md b/gcc/config/aarch64/predicates.md -index 8e1b78421..4250aecb3 100644 ---- a/gcc/config/aarch64/predicates.md -+++ b/gcc/config/aarch64/predicates.md -@@ -32,7 +32,8 @@ - - (define_predicate "aarch64_general_reg" - (and (match_operand 0 "register_operand") -- (match_test "REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS"))) -+ (match_test "REGNO_REG_CLASS (REGNO (op)) == STUB_REGS -+ || REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS"))) - - ;; Return true if OP a (const_int 0) operand. - (define_predicate "const0_operand" -diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c -new file mode 100644 -index 000000000..b1fb754c7 ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c -@@ -0,0 +1,40 @@ -+/* { dg-do compile } */ -+/* { dg-additional-options "-mharden-sls=blr -mbranch-protection=bti" } */ -+/* -+ Ensure that the SLS hardening of BLR leaves no BLR instructions. -+ Here we also check that there are no BR instructions with anything except an -+ x16 or x17 register. This is because a `BTI c` instruction can be branched -+ to using a BLR instruction using any register, but can only be branched to -+ with a BR using an x16 or x17 register. -+ */ -+typedef int (foo) (int, int); -+typedef void (bar) (int, int); -+struct sls_testclass { -+ foo *x; -+ bar *y; -+ int left; -+ int right; -+}; -+ -+/* We test both RTL patterns for a call which returns a value and a call which -+ does not. */ -+int blr_call_value (struct sls_testclass x) -+{ -+ int retval = x.x(x.left, x.right); -+ if (retval % 10) -+ return 100; -+ return 9; -+} -+ -+int blr_call (struct sls_testclass x) -+{ -+ x.y(x.left, x.right); -+ if (x.left % 10) -+ return 100; -+ return 9; -+} -+ -+/* { dg-final { scan-assembler-not {\tblr\t} } } */ -+/* { dg-final { scan-assembler-not {\tbr\tx(?!16|17)} } } */ -+/* { dg-final { scan-assembler {\tbr\tx(16|17)} } } */ -+ -diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c -new file mode 100644 -index 000000000..88baffffe ---- /dev/null -+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c -@@ -0,0 +1,33 @@ -+/* { dg-additional-options "-mharden-sls=blr -save-temps" } */ -+/* Ensure that the SLS hardening of BLR leaves no BLR instructions. -+ We only test that all BLR instructions have been removed, not that the -+ resulting code makes sense. */ -+typedef int (foo) (int, int); -+typedef void (bar) (int, int); -+struct sls_testclass { -+ foo *x; -+ bar *y; -+ int left; -+ int right; -+}; -+ -+/* We test both RTL patterns for a call which returns a value and a call which -+ does not. */ -+int blr_call_value (struct sls_testclass x) -+{ -+ int retval = x.x(x.left, x.right); -+ if (retval % 10) -+ return 100; -+ return 9; -+} -+ -+int blr_call (struct sls_testclass x) -+{ -+ x.y(x.left, x.right); -+ if (x.left % 10) -+ return 100; -+ return 9; -+} -+ -+/* { dg-final { scan-assembler-not {\tblr\t} } } */ -+/* { dg-final { scan-assembler {\tbr\tx[0-9][0-9]?} } } */ --- -2.25.1 - diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch b/meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch deleted file mode 100644 index c8960c6098..0000000000 --- a/meta/recipes-devtools/gcc/gcc-9.3/0040-fix-missing-dependencies-for-selftests.patch +++ /dev/null @@ -1,45 +0,0 @@ -From b19d8aac15649f31a7588b2634411a1922906ea8 Mon Sep 17 00:00:00 2001 -From: Romain Naour -Date: Wed, 3 Jun 2020 12:30:57 -0600 -Subject: [PATCH] Fix missing dependencies for selftests which occasionally - causes failed builds. - -gcc/ - - * Makefile.in (SELFTEST_DEPS): Move before including language makefile - fragments. - -Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=b19d8aac15649f31a7588b2634411a1922906ea8] -Signed-off-by:Steve Sakoman - ---- - gcc/Makefile.in | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/gcc/Makefile.in b/gcc/Makefile.in -index aab1dbba57b..be11311b60d 100644 ---- a/gcc/Makefile.in -+++ b/gcc/Makefile.in -@@ -1735,6 +1735,10 @@ $(FULL_DRIVER_NAME): ./xgcc$(exeext) - $(LN_S) $< $@ - - # -+# SELFTEST_DEPS need to be set before including language makefile fragments. -+# Otherwise $(SELFTEST_DEPS) is empty when used from /Make-lang.in. -+SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests -+ - # Language makefile fragments. - - # The following targets define the interface between us and the languages. -@@ -2010,8 +2014,6 @@ DEVNULL=$(if $(findstring mingw,$(build)),nul,/dev/null) - SELFTEST_FLAGS = -nostdinc $(DEVNULL) -S -o $(DEVNULL) \ - -fself-test=$(srcdir)/testsuite/selftests - --SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests -- - # Run the selftests during the build once we have a driver and the frontend, - # so that self-test failures are caught as early as possible. - # Use "s-selftest-FE" to ensure that we only run the selftests if the --- -2.27.0 - diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.5.inc similarity index 89% rename from meta/recipes-devtools/gcc/gcc-9.3.inc rename to meta/recipes-devtools/gcc/gcc-9.5.inc index c171f673e9..6a0a892b10 100644 --- a/meta/recipes-devtools/gcc/gcc-9.3.inc +++ b/meta/recipes-devtools/gcc/gcc-9.5.inc @@ -2,13 +2,13 @@ require gcc-common.inc # Third digit in PV should be incremented after a minor release -PV = "9.3.0" +PV = "9.5.0" # BINV should be incremented to a revision after a minor gcc release -BINV = "9.3.0" +BINV = "9.5.0" -FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-9.3:${FILE_DIRNAME}/gcc-9.3/backport:" +FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-9.5:${FILE_DIRNAME}/gcc-9.5/backport:" DEPENDS =+ "mpfr gmp libmpc zlib flex-native" NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native flex-native" @@ -69,14 +69,9 @@ SRC_URI = "\ file://0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch \ file://0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \ file://0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch \ - file://0040-fix-missing-dependencies-for-selftests.patch \ - file://0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch \ - file://0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch \ - file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \ - file://0001-Backport-fix-for-PR-tree-optimization-97236-fix-bad-.patch \ " S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}" -SRC_URI[sha256sum] = "71e197867611f6054aa1119b13a0c0abac12834765fe2d81f35ac57f84f742d1" +SRC_URI[sha256sum] = "27769f64ef1d4cd5e2be8682c0c93f9887983e6cfd1a927ce5a0a2915a95cf8f" # For dev release snapshotting #S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/official-gcc-${RELEASE}" #B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}" diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch b/meta/recipes-devtools/gcc/gcc-9.5/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0002-gcc-poison-system-directories.patch b/meta/recipes-devtools/gcc/gcc-9.5/0002-gcc-poison-system-directories.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0002-gcc-poison-system-directories.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0002-gcc-poison-system-directories.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0003-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch b/meta/recipes-devtools/gcc/gcc-9.5/0003-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0003-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0003-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0004-64-bit-multilib-hack.patch b/meta/recipes-devtools/gcc/gcc-9.5/0004-64-bit-multilib-hack.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0004-64-bit-multilib-hack.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0004-64-bit-multilib-hack.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0005-optional-libstdc.patch b/meta/recipes-devtools/gcc/gcc-9.5/0005-optional-libstdc.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0005-optional-libstdc.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0005-optional-libstdc.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0006-COLLECT_GCC_OPTIONS.patch b/meta/recipes-devtools/gcc/gcc-9.5/0006-COLLECT_GCC_OPTIONS.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0006-COLLECT_GCC_OPTIONS.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0006-COLLECT_GCC_OPTIONS.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0007-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch b/meta/recipes-devtools/gcc/gcc-9.5/0007-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0007-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0007-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0008-fortran-cross-compile-hack.patch b/meta/recipes-devtools/gcc/gcc-9.5/0008-fortran-cross-compile-hack.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0008-fortran-cross-compile-hack.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0008-fortran-cross-compile-hack.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0009-cpp-honor-sysroot.patch b/meta/recipes-devtools/gcc/gcc-9.5/0009-cpp-honor-sysroot.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0009-cpp-honor-sysroot.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0009-cpp-honor-sysroot.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0010-MIPS64-Default-to-N64-ABI.patch b/meta/recipes-devtools/gcc/gcc-9.5/0010-MIPS64-Default-to-N64-ABI.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0010-MIPS64-Default-to-N64-ABI.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0010-MIPS64-Default-to-N64-ABI.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0011-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc-9.5/0011-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0011-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0011-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0012-gcc-Fix-argument-list-too-long-error.patch b/meta/recipes-devtools/gcc/gcc-9.5/0012-gcc-Fix-argument-list-too-long-error.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0012-gcc-Fix-argument-list-too-long-error.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0012-gcc-Fix-argument-list-too-long-error.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0013-Disable-sdt.patch b/meta/recipes-devtools/gcc/gcc-9.5/0013-Disable-sdt.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0013-Disable-sdt.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0013-Disable-sdt.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0014-libtool.patch b/meta/recipes-devtools/gcc/gcc-9.5/0014-libtool.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0014-libtool.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0014-libtool.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0015-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc-9.5/0015-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0015-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0015-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0016-Use-the-multilib-config-files-from-B-instead-of-usin.patch b/meta/recipes-devtools/gcc/gcc-9.5/0016-Use-the-multilib-config-files-from-B-instead-of-usin.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0016-Use-the-multilib-config-files-from-B-instead-of-usin.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0016-Use-the-multilib-config-files-from-B-instead-of-usin.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0017-Avoid-using-libdir-from-.la-which-usually-points-to-.patch b/meta/recipes-devtools/gcc/gcc-9.5/0017-Avoid-using-libdir-from-.la-which-usually-points-to-.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0017-Avoid-using-libdir-from-.la-which-usually-points-to-.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0017-Avoid-using-libdir-from-.la-which-usually-points-to-.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0018-export-CPP.patch b/meta/recipes-devtools/gcc/gcc-9.5/0018-export-CPP.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0018-export-CPP.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0018-export-CPP.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0019-Ensure-target-gcc-headers-can-be-included.patch b/meta/recipes-devtools/gcc/gcc-9.5/0019-Ensure-target-gcc-headers-can-be-included.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0019-Ensure-target-gcc-headers-can-be-included.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0019-Ensure-target-gcc-headers-can-be-included.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0020-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch b/meta/recipes-devtools/gcc/gcc-9.5/0020-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0020-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0020-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0021-Don-t-search-host-directory-during-relink-if-inst_pr.patch b/meta/recipes-devtools/gcc/gcc-9.5/0021-Don-t-search-host-directory-during-relink-if-inst_pr.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0021-Don-t-search-host-directory-during-relink-if-inst_pr.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0021-Don-t-search-host-directory-during-relink-if-inst_pr.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0022-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch b/meta/recipes-devtools/gcc/gcc-9.5/0022-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0022-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0022-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0023-aarch64-Add-support-for-musl-ldso.patch b/meta/recipes-devtools/gcc/gcc-9.5/0023-aarch64-Add-support-for-musl-ldso.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0023-aarch64-Add-support-for-musl-ldso.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0023-aarch64-Add-support-for-musl-ldso.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0024-libcc1-fix-libcc1-s-install-path-and-rpath.patch b/meta/recipes-devtools/gcc/gcc-9.5/0024-libcc1-fix-libcc1-s-install-path-and-rpath.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0024-libcc1-fix-libcc1-s-install-path-and-rpath.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0024-libcc1-fix-libcc1-s-install-path-and-rpath.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0025-handle-sysroot-support-for-nativesdk-gcc.patch b/meta/recipes-devtools/gcc/gcc-9.5/0025-handle-sysroot-support-for-nativesdk-gcc.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0025-handle-sysroot-support-for-nativesdk-gcc.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0025-handle-sysroot-support-for-nativesdk-gcc.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0026-Search-target-sysroot-gcc-version-specific-dirs-with.patch b/meta/recipes-devtools/gcc/gcc-9.5/0026-Search-target-sysroot-gcc-version-specific-dirs-with.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0026-Search-target-sysroot-gcc-version-specific-dirs-with.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0026-Search-target-sysroot-gcc-version-specific-dirs-with.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0027-Fix-various-_FOR_BUILD-and-related-variables.patch b/meta/recipes-devtools/gcc/gcc-9.5/0027-Fix-various-_FOR_BUILD-and-related-variables.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0027-Fix-various-_FOR_BUILD-and-related-variables.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0027-Fix-various-_FOR_BUILD-and-related-variables.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0028-nios2-Define-MUSL_DYNAMIC_LINKER.patch b/meta/recipes-devtools/gcc/gcc-9.5/0028-nios2-Define-MUSL_DYNAMIC_LINKER.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0028-nios2-Define-MUSL_DYNAMIC_LINKER.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0028-nios2-Define-MUSL_DYNAMIC_LINKER.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0029-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch b/meta/recipes-devtools/gcc/gcc-9.5/0029-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0029-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0029-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0030-ldbl128-config.patch b/meta/recipes-devtools/gcc/gcc-9.5/0030-ldbl128-config.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0030-ldbl128-config.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0030-ldbl128-config.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0031-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch b/meta/recipes-devtools/gcc/gcc-9.5/0031-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0031-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0031-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0032-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch b/meta/recipes-devtools/gcc/gcc-9.5/0032-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0032-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0032-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0033-sync-gcc-stddef.h-with-musl.patch b/meta/recipes-devtools/gcc/gcc-9.5/0033-sync-gcc-stddef.h-with-musl.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0033-sync-gcc-stddef.h-with-musl.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0033-sync-gcc-stddef.h-with-musl.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0034-fix-segmentation-fault-in-precompiled-header-generat.patch b/meta/recipes-devtools/gcc/gcc-9.5/0034-fix-segmentation-fault-in-precompiled-header-generat.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0034-fix-segmentation-fault-in-precompiled-header-generat.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0034-fix-segmentation-fault-in-precompiled-header-generat.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0035-Fix-for-testsuite-failure.patch b/meta/recipes-devtools/gcc/gcc-9.5/0035-Fix-for-testsuite-failure.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0035-Fix-for-testsuite-failure.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0035-Fix-for-testsuite-failure.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0036-Re-introduce-spe-commandline-options.patch b/meta/recipes-devtools/gcc/gcc-9.5/0036-Re-introduce-spe-commandline-options.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0036-Re-introduce-spe-commandline-options.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0036-Re-introduce-spe-commandline-options.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch b/meta/recipes-devtools/gcc/gcc-9.5/0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch b/meta/recipes-devtools/gcc/gcc-9.5/0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch b/meta/recipes-devtools/gcc/gcc-9.5/0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch similarity index 100% rename from meta/recipes-devtools/gcc/gcc-9.3/0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch rename to meta/recipes-devtools/gcc/gcc-9.5/0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_9.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc-cross-canadian_9.3.bb rename to meta/recipes-devtools/gcc/gcc-cross-canadian_9.5.bb diff --git a/meta/recipes-devtools/gcc/gcc-cross_9.3.bb b/meta/recipes-devtools/gcc/gcc-cross_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc-cross_9.3.bb rename to meta/recipes-devtools/gcc/gcc-cross_9.5.bb diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_9.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc-crosssdk_9.3.bb rename to meta/recipes-devtools/gcc/gcc-crosssdk_9.5.bb diff --git a/meta/recipes-devtools/gcc/gcc-runtime_9.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc-runtime_9.3.bb rename to meta/recipes-devtools/gcc/gcc-runtime_9.5.bb diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_9.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc-sanitizers_9.3.bb rename to meta/recipes-devtools/gcc/gcc-sanitizers_9.5.bb diff --git a/meta/recipes-devtools/gcc/gcc-source_9.3.bb b/meta/recipes-devtools/gcc/gcc-source_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc-source_9.3.bb rename to meta/recipes-devtools/gcc/gcc-source_9.5.bb diff --git a/meta/recipes-devtools/gcc/gcc_9.3.bb b/meta/recipes-devtools/gcc/gcc_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/gcc_9.3.bb rename to meta/recipes-devtools/gcc/gcc_9.5.bb diff --git a/meta/recipes-devtools/gcc/libgcc-initial_9.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/libgcc-initial_9.3.bb rename to meta/recipes-devtools/gcc/libgcc-initial_9.5.bb diff --git a/meta/recipes-devtools/gcc/libgcc_9.3.bb b/meta/recipes-devtools/gcc/libgcc_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/libgcc_9.3.bb rename to meta/recipes-devtools/gcc/libgcc_9.5.bb diff --git a/meta/recipes-devtools/gcc/libgfortran_9.3.bb b/meta/recipes-devtools/gcc/libgfortran_9.5.bb similarity index 100% rename from meta/recipes-devtools/gcc/libgfortran_9.3.bb rename to meta/recipes-devtools/gcc/libgfortran_9.5.bb From patchwork Sat Nov 19 17:47:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E692C4321E for ; Sat, 19 Nov 2022 17:48:38 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.26061.1668880112943124052 for ; Sat, 19 Nov 2022 09:48:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=HVh9Iots; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id q9so7788761pfg.5 for ; Sat, 19 Nov 2022 09:48:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zV9xIRffQihAV8Jqp4j4ZIKzHddrqEAWeCaHK7p0zpU=; b=HVh9Iots2oAc30X1tnRZS2V62aulxVJRgznZsOe7/b4u5AntCowkuhACdo0T0gjWAb 3ZQlg5X3t7rLVoks4gx+dhq5enyWJD4Nwo4A7OrP86aGu4UQLvHWJaPh4c5LrxmBGSBf S5t+NbjcwxGeL7jicxUAUvqrtAHjWIxxUGj9mz+R986lZbt9s55OsWde6O/HBWA3dwDS cPXB8MIdAAAU9Zl0yERkKL7bBJvH1mRcjXe4dI7DNJR5hKmsd+dK7suOWe3a7SuJKYe7 Mc2pEYdqVMUKPWFp0GTwRYJMvFOlctzYHj3c8QHonvQUwayh/dkFkBSBloY2hWKRIysN /t1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zV9xIRffQihAV8Jqp4j4ZIKzHddrqEAWeCaHK7p0zpU=; b=Ja+sxC6JT1aNwinUZZ3wpKItv3kG65fJ9Aswpt6sd3fOW1ZHR4sBApqQdbEcJi2lRm RpnAQKEUAF39i0UtE/N+UC3H9s7k+RH2OfurvZfGtM8jRpReC+ZyDIHM0AuQwLGYD+mx lepmXUgXYSqFlcdy2/V7QksM7OGnuQgjHsYYHKa+me17HsXzthJj3uNcfrAqCETBcSJE c0evMQRS5KHWsM0annAh7DjYArgaaw0NihSHOSdhk46q7AnORY+7aqqHPzFgZdAfgf48 W0y07hOsZCX9WzNibY8KyM6ar4+pZ/jaxno7rBKLLuqKj9d0mgen/GeeXedJ7JdIQKUd ga6w== X-Gm-Message-State: ANoB5pmyLvp9bMD6Nl3+MztZqb+wGe6sY07FBwyLq5yzTMy78wOndTec YoBWTlo6if5vYH5amusEGu0MKjxzo4Dler5ICiY= X-Google-Smtp-Source: AA0mqf6wXqMJWjF4nNz/Y0bA9WeEkrxFY50Ti86QKIVUlSR+wEnHVY6J7p1+OAtAwe2+s+siotqraw== X-Received: by 2002:a63:1425:0:b0:459:664e:68a3 with SMTP id u37-20020a631425000000b00459664e68a3mr11061553pgl.340.1668880112055; Sat, 19 Nov 2022 09:48:32 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:31 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 19/21] maintainers: update gcc version to 9.5 Date: Sat, 19 Nov 2022 07:47:47 -1000 Message-Id: <58d776cad60ef67746f3988db6741afffb428dc5.1668879817.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173536 SIgned-off-by: Steve Sakoman --- meta/conf/distro/include/maintainers.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 1575fce8c7..11a35a2c59 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -194,7 +194,7 @@ RECIPE_MAINTAINER_pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj X-Patchwork-Id: 15698 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A8A6C43217 for ; Sat, 19 Nov 2022 17:48:38 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web10.26328.1668880114777591319 for ; Sat, 19 Nov 2022 09:48:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=MKj/ZGGI; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id b62so7718343pgc.0 for ; Sat, 19 Nov 2022 09:48:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3p4YW9N3KqmSmGc9S42q1BI/3NF3CjsH8e9MIKD5KmQ=; b=MKj/ZGGIi9dtpHKT+brAD910/1Axc87Z61wRSeaND2jyfYWTMMkmlI6wrZWfKwEXx9 AU789WIi91JTyJFIJ+7hIkvBtALYaoaR6FeYM6wJAteD7n/fQtGq1DGPnXRJkj2HQuHM 1DB3O5f8Do+IG8H6400BZT8Jvf+FJPpxJY0rCpBLhBRCncLECN3ReDOpJjJPOdx6GmAw i1s1/X7LYEqlMUQ6apCvJYpIAskk2Tl3pVEB5zQHWvTPCH1KOFiGU1/oeUgpppliSG2v 8w9dZIZBlqdjDcwCmw2rQu/fwhkPuqrnaiZAKWWHYQTRtf5/O8AaVUGpu2qLdvpwcLqF IHnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3p4YW9N3KqmSmGc9S42q1BI/3NF3CjsH8e9MIKD5KmQ=; b=fXXh/CP3Ua/UQZVQl6yxbhqVbBTvnjb+2ruG6gy7zGK3IViuiPSLpyTktM8+WVBwu/ Y6dOV/SghIVrQ5Lqj0Ru4zKrdH1+bPMWcmulMNqu61/ZGsKVrDggrVNmsKHoMJqMZUPX mgDfWUFlH0U6nP6zYQ2eCwqOPKj1xxw+WEpBIYdE2ypXwWEp1zvX5HJZMfgPTnCevgX8 YiUUMTdt96O5EdHq642Rl83j/RbzIhjO6X/am9bkxL3HeoSiA3c9rjWWM7AVNrP84bA9 26FFA5sn8YRmeyQgvw1Dv+Mn4kTSGLzLvHjiXyMPzaYdLF37wSg9M41+W9ULFHn88ghm LSng== X-Gm-Message-State: ANoB5pmjgyQnvSZjHltPIygYZqLxicelYbX9tjHUxdcEEE77UsUupho/ P2LP3noVXc45rudkQruuSacoBC290nfmQmhDqHw= X-Google-Smtp-Source: AA0mqf7QbCS71MxvNmqpSeNWW4gwN21Dj+spiXZVdl9l+2kls6qLLZw9xMN4+TNy3SFmE1eD7xZsag== X-Received: by 2002:a05:6a00:2396:b0:572:698b:5fa9 with SMTP id f22-20020a056a00239600b00572698b5fa9mr13018528pfc.28.1668880113843; Sat, 19 Nov 2022 09:48:33 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 20/21] vim: upgrade 9.0.0614 -> 9.0.0820 Date: Sat, 19 Nov 2022 07:47:48 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173538 From: Tim Orling Includes fixes for CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 For a short list of important changes, see: https://www.arp242.net/vimlog/ Signed-off-by: Tim Orling Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index e9fd7a3eec..262c97bf0f 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0614" -SRCREV = "ef976323e770315b5fca544efb6b2faa25674d15" +PV .= ".0820" +SRCREV = "03d6e6f42b0deeb02d52c8a48c14abe431370c1c" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Sat Nov 19 17:47:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 15701 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A20DC433FE for ; Sat, 19 Nov 2022 17:48:38 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.26316.1668880099409590250 for ; Sat, 19 Nov 2022 09:48:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ABf70Np2; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id r61-20020a17090a43c300b00212f4e9cccdso10955400pjg.5 for ; Sat, 19 Nov 2022 09:48:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vmyVFVGUnfxF2rKgfyiXMLlQ/e8kPCvyeinQ/5NJoOE=; b=ABf70Np2YRau/AMjp3oMXfItDzUyErJwxmfiNmKHnNGOaXIQAih2akJZZz+TGBd0bj ks/O8VaXtWMpdkpgW9gNG5Kxrbfj7rcWIIwy1k1XgTGwM3HbOxS5ndw2kb5W4FgnLzGP MoGT94Xj+SAdkyjuehnj9LtdgnvKGowfOur0tcv/gw1M9HhfWYmIAKeem9AWpY6/ov4e TNd2Az8EXlykBsLnbk4pDGkRboCFo/r0i/dJRJNr6Xic3fovqCv+iYN08fPSh52IF2mv lqFi+UT5O4tDAY8nq2Rb9pSdVLB90iTDk7p56D8+m5LUrRaV6RoJ9EztRYg9al3/z+xW L0BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vmyVFVGUnfxF2rKgfyiXMLlQ/e8kPCvyeinQ/5NJoOE=; b=t4/CnIhTudrxAx1bIzj9u3XDySnk0vVFFLpstTVzD2WxTTLzcflyG384o5wi8T4zFg hJ343hYxkmYOavD37uEEV0HpgRhoe6Rgh5WUGGpNCgDtrt1oOJ/4YccfHbXVlmneyijV dG9gJz0scm4BYl7ShyKSCV17i/AkdCkGD5lK4FcVq8ehax6jPMJ97tglOFKkfkV2o/Tv lGPngQgd9jZYvVT162zyYf1HvBEYmHMSZpy+QcpPeZa93sEBJL0cGesvtZZElkC22P9o HavkQR9uNG7D45n58uTpoMS1FoheFKMGLVaiv6TGtOIycWR3PfiaCYG+6YvThN329Lkf ToTA== X-Gm-Message-State: ANoB5plLAa9hu7wJICUmu4gKTLkhIrVK/sBxj3Lr7vfWxGHyic3nDmG1 hMd9h8bmzQAaanZbMxlzuONrsG3aupefeT7Tkok= X-Google-Smtp-Source: AA0mqf7fGFm8LjBI1GPd4n3pFE7YSnUjv/pj55kz+qjkQ7b8ygNnxd+O47eWJzSJCKej2G430HeraQ== X-Received: by 2002:a17:902:eb42:b0:189:1368:de88 with SMTP id i2-20020a170902eb4200b001891368de88mr1683200pli.67.1668880115828; Sat, 19 Nov 2022 09:48:35 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net. [72.253.6.214]) by smtp.gmail.com with ESMTPSA id m6-20020a17090a668600b0020d3662cc77sm7384151pjj.48.2022.11.19.09.48.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 09:48:35 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 21/21] sstate: Account for reserved characters when shortening sstate filenames Date: Sat, 19 Nov 2022 07:47:49 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 19 Nov 2022 17:48:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173539 From: Manuel Leonhardt Previously, when shortening sstate filenames, the reserved characters for .siginfo were not considered, when siginfo=False, resulting in differently shortend filenames for the sstate and siginfo files. With this change, the filenames of the truncated sstate and siginfo files have the same basename, just as is already the case for untruncated filenames. Making sure that the .siginfo files always have the filename of the corresponding sstate file plus its .siginfo suffix, also when being truncated, makes it easier to manage the sstate cache and an sstate mirror outside of Bitbake/Yocto. Signed-off-by: Manuel Leonhardt Cc: Richard Purdie Signed-off-by: Richard Purdie (cherry picked from commit c2e0e43b7123cf5149833e0072c8edaea3629112) Signed-off-by: Steve Sakoman --- meta/classes/sstate.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 3d6fb84d63..1058778980 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -20,7 +20,7 @@ def generate_sstatefn(spec, hash, taskname, siginfo, d): components = spec.split(":") # Fields 0,5,6 are mandatory, 1 is most useful, 2,3,4 are just for information # 7 is for the separators - avail = (254 - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3 + avail = (limit - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3 components[2] = components[2][:avail] components[3] = components[3][:avail] components[4] = components[4][:avail]