From patchwork Wed Jan 11 14:34:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18004 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDE4FC67871 for ; Wed, 11 Jan 2023 14:34:50 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web11.25210.1673447683897472266 for ; Wed, 11 Jan 2023 06:34:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=VclJgkSf; spf=softfail (domain: sakoman.com, ip: 209.85.215.173, mailfrom: steve@sakoman.com) Received: by mail-pg1-f173.google.com with SMTP id 7so10661244pga.1 for ; Wed, 11 Jan 2023 06:34:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=io659MHCbIfzMhYr63F089VKxJCacu4PIi5WSCUve+4=; b=VclJgkSfwfP/+fpjhZF9Bbkd4thbbPP0N4bJnysZ930sTqMo8pAhYHFbNH4W99pOqr D8OwNLIzlPKPY7ZxmsZhVWosSTMzGxxW0inutxdXf2avBDuAV8Vfx1D4MkFYyp3wfdI0 E6GgdF9ijgep2afi9GsxwexWryK4Bppvdm/4bq2Zev8WhcfV/fpXVvb7s7c9DDP7Sf9k w3QTxZY0fpCnQu7isj/xOgKrfhRudmY5xOgCT0TQHtvU9zZUpkDgInMM6le0P+qvcoVa 39guYncHR8IMl2FbUit7PMJvYK7JjwimXu8zeX44Lid/lKSUkFWDzKvEezWzaVacfq3U uWlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=io659MHCbIfzMhYr63F089VKxJCacu4PIi5WSCUve+4=; b=3w1XN/rdbwQrVTkkyUrY1mB3fZXRsDKn+VcT5ynZLWoTZ8SYJDlEbZiB4+8hJq+LpL IAi4IlKKFNAckjgJmvqSGuYo5MQpojdyE8OQJvL+dS5Hb1AAsx6HwsUC0tESVrjdvwxZ X2l9VoCj1+wzWwXZCffekXeqbxG/QUDHQ2PaD6VUv+rmxvOh3Qd2/E3xBsPeWgW1t48m mNgoLo98gL6odSHLc3gGGCfuJH4tyB4vjn/47R8HONKHu2pDO79AkZ8SF3sLIkAsEXpy stT1UrpHH+Itfr4qfnUbPxoYYUt0TRbXKIIDl8iqYLDgPxwjtG6XsuO2IVlCglET0VtW hE9A== X-Gm-Message-State: AFqh2kowN6cwIoDj3dpqHqDN50Zibw9thA/+ih7FIbchBgtd42bE83CB 7yQMsahf+hSLmhsLodqFpurGeOyDD8aRtxn4hDQ= X-Google-Smtp-Source: AMrXdXue3CLQ1B2VPocblj0YSe449rj1ZMivOFYER3umyrtozpEfQNqtPdQwUagD/cCQV3bmwvUC5Q== X-Received: by 2002:a05:6a00:24c9:b0:57f:7bb4:8fce with SMTP id d9-20020a056a0024c900b0057f7bb48fcemr83165522pfv.32.1673447682718; Wed, 11 Jan 2023 06:34:42 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:42 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 1/8] grub2: Fix CVE-2022-2601 & CVE-2022-3775 Date: Wed, 11 Jan 2023 04:34:23 -1000 Message-Id: <6149febd53b32406dc4b07b1721b3dfbae70723e.1673447528.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:34:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175742 From: Hitendra Prajapati Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency: font: Fix size overflow in grub_font_get_glyph_internal() Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532 CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph() Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e CVE-2022-3775: font: Fix an integer underflow in blit_comb() Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../grub/files/CVE-2022-2601.patch | 87 +++++++++++++ .../grub/files/CVE-2022-3775.patch | 97 +++++++++++++++ ...erflow-in-grub_font_get_glyph_intern.patch | 117 ++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 3 + 4 files changed, 304 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-2601.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-3775.patch create mode 100644 meta/recipes-bsp/grub/files/font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/meta/recipes-bsp/grub/files/CVE-2022-2601.patch new file mode 100644 index 0000000000..090f693be3 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-2601.patch @@ -0,0 +1,87 @@ +From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 01:58:27 +0800 +Subject: [PATCH] font: Fix several integer overflows in + grub_font_construct_glyph() + +This patch fixes several integer overflows in grub_font_construct_glyph(). +Glyphs of invalid size, zero or leading to an overflow, are rejected. +The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() +returns NULL is fixed too. + +Fixes: CVE-2022-2601 + +Reported-by: Zhang Boyang +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper + +Signed-off-by: Xiangyu Chen + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e] +CVE: CVE-2022-2601 +Signed-off-by: Hitendra Prajapati +--- + grub-core/font/font.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index df17dba..f110db9 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1509,6 +1509,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, + struct grub_video_signed_rect bounds; + static struct grub_font_glyph *glyph = 0; + static grub_size_t max_glyph_size = 0; ++ grub_size_t cur_glyph_size; + + ensure_comb_space (glyph_id); + +@@ -1525,29 +1526,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, + if (!glyph_id->ncomb && !glyph_id->attributes) + return main_glyph; + +- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) ++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || ++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) ++ return main_glyph; ++ ++ if (max_glyph_size < cur_glyph_size) + { + grub_free (glyph); +- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; +- if (max_glyph_size < 8) +- max_glyph_size = 8; +- glyph = grub_malloc (max_glyph_size); ++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) ++ max_glyph_size = 0; ++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; + } + if (!glyph) + { ++ max_glyph_size = 0; + grub_errno = GRUB_ERR_NONE; + return main_glyph; + } + +- grub_memset (glyph, 0, sizeof (*glyph) +- + (bounds.width * bounds.height +- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); ++ grub_memset (glyph, 0, cur_glyph_size); + + glyph->font = main_glyph->font; +- glyph->width = bounds.width; +- glyph->height = bounds.height; +- glyph->offset_x = bounds.x; +- glyph->offset_y = bounds.y; ++ if (bounds.width == 0 || bounds.height == 0 || ++ grub_cast (bounds.width, &glyph->width) || ++ grub_cast (bounds.height, &glyph->height) || ++ grub_cast (bounds.x, &glyph->offset_x) || ++ grub_cast (bounds.y, &glyph->offset_y)) ++ return main_glyph; + + if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) + grub_font_blit_glyph_mirror (glyph, main_glyph, +-- +2.25.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/meta/recipes-bsp/grub/files/CVE-2022-3775.patch new file mode 100644 index 0000000000..e2e3f35584 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2022-3775.patch @@ -0,0 +1,97 @@ +From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Mon, 24 Oct 2022 08:05:35 +0800 +Subject: [PATCH] font: Fix an integer underflow in blit_comb() + +The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may +evaluate to a very big invalid value even if both ctx.bounds.height and +combining_glyphs[i]->height are small integers. For example, if +ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this +expression evaluates to 2147483647 (expected -1). This is because +coordinates are allowed to be negative but ctx.bounds.height is an +unsigned int. So, the subtraction operates on unsigned ints and +underflows to a very big value. The division makes things even worse. +The quotient is still an invalid value even if converted back to int. + +This patch fixes the problem by casting ctx.bounds.height to int. As +a result the subtraction will operate on int and grub_uint16_t which +will be promoted to an int. So, the underflow will no longer happen. Other +uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, +to ensure coordinates are always calculated on signed integers. + +Fixes: CVE-2022-3775 + +Reported-by: Daniel Axtens +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper + +Signed-off-by: Xiangyu Chen + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af] +CVE: CVE-2022-3775 +Signed-off-by: Hitendra Prajapati +--- + grub-core/font/font.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index f110db9..3b76b22 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -1200,12 +1200,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + ctx.bounds.height = main_glyph->height; + + above_rightx = main_glyph->offset_x + main_glyph->width; +- above_righty = ctx.bounds.y + ctx.bounds.height; ++ above_righty = ctx.bounds.y + (int) ctx.bounds.height; + + above_leftx = main_glyph->offset_x; +- above_lefty = ctx.bounds.y + ctx.bounds.height; ++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; + +- below_rightx = ctx.bounds.x + ctx.bounds.width; ++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; + below_righty = ctx.bounds.y; + + comb = grub_unicode_get_comb (glyph_id); +@@ -1218,7 +1218,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + if (!combining_glyphs[i]) + continue; +- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; ++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; + /* CGJ is to avoid diacritics reordering. */ + if (comb[i].code + == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) +@@ -1228,8 +1228,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + case GRUB_UNICODE_COMB_OVERLAY: + do_blit (combining_glyphs[i], + targetx, +- (ctx.bounds.height - combining_glyphs[i]->height) / 2 +- - (ctx.bounds.height + ctx.bounds.y), &ctx); ++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 ++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; + break; +@@ -1302,7 +1302,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + /* Fallthrough. */ + case GRUB_UNICODE_STACK_ATTACHED_ABOVE: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height + ctx.bounds.y + space ++ -((int) ctx.bounds.height + ctx.bounds.y + space + + combining_glyphs[i]->height), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +@@ -1310,7 +1310,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, + + case GRUB_UNICODE_COMB_HEBREW_DAGESH: + do_blit (combining_glyphs[i], targetx, +- -(ctx.bounds.height / 2 + ctx.bounds.y ++ -((int) ctx.bounds.height / 2 + ctx.bounds.y + + combining_glyphs[i]->height / 2), &ctx); + if (min_devwidth < combining_glyphs[i]->width) + min_devwidth = combining_glyphs[i]->width; +-- +2.25.1 + diff --git a/meta/recipes-bsp/grub/files/font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/meta/recipes-bsp/grub/files/font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch new file mode 100644 index 0000000000..d4ba3cafc5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch @@ -0,0 +1,117 @@ +From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001 +From: Zhang Boyang +Date: Fri, 5 Aug 2022 00:51:20 +0800 +Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() + +The length of memory allocation and file read may overflow. This patch +fixes the problem by using safemath macros. + +There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe +if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). +It is safe replacement for such code. It has safemath-like prototype. + +This patch also introduces grub_cast(value, pointer), it casts value to +typeof(*pointer) then store the value to *pointer. It returns true when +overflow occurs or false if there is no overflow. The semantics of arguments +and return value are designed to be consistent with other safemath macros. + +Signed-off-by: Zhang Boyang +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532] + +Signed-off-by: Xiangyu Chen +Signed-off-by: Hitendra Prajapati +--- + grub-core/font/font.c | 17 +++++++++++++---- + include/grub/bitmap.h | 18 ++++++++++++++++++ + include/grub/safemath.h | 2 ++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 5edb477..df17dba 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -733,7 +733,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + grub_int16_t xoff; + grub_int16_t yoff; + grub_int16_t dwidth; +- int len; ++ grub_ssize_t len; ++ grub_size_t sz; + + if (index_entry->glyph) + /* Return cached glyph. */ +@@ -760,9 +761,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) + return 0; + } + +- len = (width * height + 7) / 8; +- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); +- if (!glyph) ++ /* Calculate real struct size of current glyph. */ ++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || ++ grub_add (sizeof (struct grub_font_glyph), len, &sz)) ++ { ++ remove_font (font); ++ return 0; ++ } ++ ++ /* Allocate and initialize the glyph struct. */ ++ glyph = grub_malloc (sz); ++ if (glyph == NULL) + { + remove_font (font); + return 0; +diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h +index 5728f8c..0d9603f 100644 +--- a/include/grub/bitmap.h ++++ b/include/grub/bitmap.h +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + struct grub_video_bitmap + { +@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) + return bitmap->mode_info.height; + } + ++/* ++ * Calculate and store the size of data buffer of 1bit bitmap in result. ++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. ++ * Return true when overflow occurs or false if there is no overflow. ++ * This function is intentionally implemented as a macro instead of ++ * an inline function. Although a bit awkward, it preserves data types for ++ * safemath macros and reduces macro side effects as much as possible. ++ * ++ * XXX: Will report false overflow if width * height > UINT64_MAX. ++ */ ++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ ++({ \ ++ grub_uint64_t _bitmap_pixels; \ ++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ ++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ ++}) ++ + void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, + struct grub_video_mode_info *mode_info); + +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +index c17b89b..bb0f826 100644 +--- a/include/grub/safemath.h ++++ b/include/grub/safemath.h +@@ -30,6 +30,8 @@ + #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) + #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + ++#define grub_cast(a, res) grub_add ((a), 0, (res)) ++ + #else + #error gcc 5.1 or newer or clang 3.8 or newer is required + #endif +-- +2.25.1 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 777839d0b6..d09eecd8ac 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -103,6 +103,9 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2022-28734.patch \ file://CVE-2022-28736.patch \ file://CVE-2022-28735.patch \ + file://font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \ + file://CVE-2022-2601.patch \ + file://CVE-2022-3775.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" From patchwork Wed Jan 11 14:34:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18002 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDF05C54EBC for ; Wed, 11 Jan 2023 14:34:50 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.25211.1673447685533330440 for ; Wed, 11 Jan 2023 06:34:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=h+kkOchj; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id 20so6128363pfu.13 for ; Wed, 11 Jan 2023 06:34:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gYgpyuQ979Vyy8Nte+IYi36iaB9R52oIpUZYxwPGxRM=; b=h+kkOchjcXs7s3/D8T2HM2khmCjoGX0WIZd6a/EbilQz97zfJC+oGbA2kTVbjxOWbC aR6OV/zQ9wtfTDAXCksL4uk6748d3StwERFHXTIkQDSnY+PamsxR9iLIf4vyGUrRja4Y 14g71hEIRTSzbNuCfdGo/0RaB4fEJPCF1bWhFOvgAaqk83mSZBz7kcH9J2TcTt48Vcpp Mp9PlaNvm1PsHHbRPVcwgTSeoF5ncy13CvQQWw4tnbHCBnmd0LdoEflg0gBO2uFKKFOy Kx33lqA2zQyOeYRrI1INFFo+pGCEAShy5W3JHV+qSh+pLxIj2KtaHOppzo8fdfrs3iSI r1dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gYgpyuQ979Vyy8Nte+IYi36iaB9R52oIpUZYxwPGxRM=; b=7CJgQdjZ39/abJdf41/wiCudUf0x/DtmhAYFmQeOnerkfR1IJxXndcsgSSzk6sewiw YbzwaQnwRow/vgbXIax0XRuAuSm58WWLmooIx4vW/q1tC+xCOOAB2ByVSWQzanxOukFk Mm95lUhaDGC8tQ/fkxPK8+CmkTlOe1Vf4dF6B4KcCuENt6uF2qGmFUtd75rfqbBrtGF9 XjAHEnWfBkMek01yC2y2VuiQikMCRXsALVHLE0RyDsX7oNQTs4E8UdhIPmN+t+YgRCcX wbjImE2HSAXe4NEbFUXnOxOvmxmPdILgSrQ93GGGsi7ifocUwJSSl9DCMeT2iq5bYsQe Ss6Q== X-Gm-Message-State: AFqh2kp4NS3McRqS/k2AhtwVV8Y2Y1Oe3mMO3eXguIA9OTETg/67WbWa LYuf9l2JJdUet2IWHCioe0jtvX0o0kAuzSxcwOI= X-Google-Smtp-Source: AMrXdXsavTddxtEcajb9Flmk65cUvNm6U6EbJssdLs9D3ZWPR4bC78CCcTX1ac4f6p/oIVZ4QURzfQ== X-Received: by 2002:a62:b617:0:b0:577:b52:4ec2 with SMTP id j23-20020a62b617000000b005770b524ec2mr66276598pff.29.1673447684564; Wed, 11 Jan 2023 06:34:44 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 2/8] libksba: fix CVE-2022-47629 Date: Wed, 11 Jan 2023 04:34:24 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:34:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175743 From: Chee Yang Lee Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- .../libksba/libksba/CVE-2022-47629.patch | 69 +++++++++++++++++++ meta/recipes-support/libksba/libksba_1.3.5.bb | 4 +- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libksba/libksba/CVE-2022-47629.patch diff --git a/meta/recipes-support/libksba/libksba/CVE-2022-47629.patch b/meta/recipes-support/libksba/libksba/CVE-2022-47629.patch new file mode 100644 index 0000000000..b09d0eb557 --- /dev/null +++ b/meta/recipes-support/libksba/libksba/CVE-2022-47629.patch @@ -0,0 +1,69 @@ +From b17444b3c47e32c77a3ba5335ae30ccbadcba3cf Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Tue, 22 Nov 2022 16:36:46 +0100 +Subject: [PATCH] Fix an integer overflow in the CRL signature parser. + +* src/crl.c (parse_signature): N+N2 now checked for overflow. + +* src/ocsp.c (parse_response_extensions): Do not accept too large +values. +(parse_single_extensions): Ditto. +-- + +The second patch is an extra safegourd not related to the reported +bug. + +GnuPG-bug-id: 6284 +Reported-by: Joseph Surin, elttam +CVE: CVE-2022-47629 +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 +Upstream-Status: Backport +Signed-off-by: Chee Yang Lee +--- + src/crl.c | 2 +- + src/ocsp.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/crl.c b/src/crl.c +index 87a3fa3..9d3028e 100644 +--- a/src/crl.c ++++ b/src/crl.c +@@ -1434,7 +1434,7 @@ parse_signature (ksba_crl_t crl) + && !ti.is_constructed) ) + return gpg_error (GPG_ERR_INV_CRL_OBJ); + n2 = ti.nhdr + ti.length; +- if (n + n2 >= DIM(tmpbuf)) ++ if (n + n2 >= DIM(tmpbuf) || (n + n2) < n) + return gpg_error (GPG_ERR_TOO_LARGE); + memcpy (tmpbuf+n, ti.buf, ti.nhdr); + err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length); +diff --git a/src/ocsp.c b/src/ocsp.c +index 4b26f8d..c41234e 100644 +--- a/src/ocsp.c ++++ b/src/ocsp.c +@@ -912,6 +912,12 @@ parse_response_extensions (ksba_ocsp_t ocsp, + else + ocsp->good_nonce = 1; + } ++ if (ti.length > (1<<24)) ++ { ++ /* Bail out on much too large objects. */ ++ err = gpg_error (GPG_ERR_BAD_BER); ++ goto leave; ++ } + ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); + if (!ex) + { +@@ -979,6 +985,12 @@ parse_single_extensions (struct ocsp_reqitem_s *ri, + err = parse_octet_string (&data, &datalen, &ti); + if (err) + goto leave; ++ if (ti.length > (1<<24)) ++ { ++ /* Bail out on much too large objects. */ ++ err = gpg_error (GPG_ERR_BAD_BER); ++ goto leave; ++ } + ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); + if (!ex) + { diff --git a/meta/recipes-support/libksba/libksba_1.3.5.bb b/meta/recipes-support/libksba/libksba_1.3.5.bb index 7f9ab4f5fc..841830efa8 100644 --- a/meta/recipes-support/libksba/libksba_1.3.5.bb +++ b/meta/recipes-support/libksba/libksba_1.3.5.bb @@ -22,7 +22,9 @@ inherit autotools binconfig-disabled pkgconfig texinfo UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://ksba-add-pkgconfig-support.patch" + file://ksba-add-pkgconfig-support.patch \ + file://CVE-2022-47629.patch \ +" SRC_URI[md5sum] = "8302a3e263a7c630aa7dea7d341f07a2" SRC_URI[sha256sum] = "41444fd7a6ff73a79ad9728f985e71c9ba8cd3e5e53358e70d5f066d35c1a340" From patchwork Wed Jan 11 14:34:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18000 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA9B6C46467 for ; Wed, 11 Jan 2023 14:34:50 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.25133.1673447687462365035 for ; Wed, 11 Jan 2023 06:34:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=iNxe5RI5; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id c26so7107393pfp.10 for ; Wed, 11 Jan 2023 06:34:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6n/z5VFCjyMjYgRzZFOHXBOCR1oicD8Vy+jMExlM/D8=; b=iNxe5RI55oQGxemDzR+FdFsnks1g4vlvzp/kJ394tZqAnixxPrqxzysRIdO4G6onVI CfzPNmkaTKOkOklOx8Fg9RRMAO6aB1XBV15zo33l2kW6MBuw027EtA9gferklBq4JCwg J7e8RSuR2YKmg67s8wDLdui1aCJntaTu3avXXFWC8RsToxVV4Bb5ksKJ7PiCTgHHwbHl 8698aq5mSUVf14+v/X2/WSz0/BrqfXAb8LlUgB+FP3w1dpYTDZJZasDVjKP+Jv4EDbaF V5H7LEtQOVejgqHJ8JvTfMKS93/uSx6lFIOWoTsDVJ23lU7KzQBKRizSF4EFeyo2/0GS J/xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6n/z5VFCjyMjYgRzZFOHXBOCR1oicD8Vy+jMExlM/D8=; b=oClu/bbu7HZnqsOf4cL2ktfDjEx4GgG1w184D2suCdop3bC2Xzb7Kq7FoBPfAghzVw iw6Ce6dKtKhdWSs+SPerR+0XxIRy0fKRM+v2C0A5t6qBtd9j3SwcArXVG8Jmyy1cQte0 4fus7LBZUhBzpzzjlEOvWmofJSm8ZtFOZAJNvTa6D69AfxpfzTvJOjx3nRUce2BKNxy5 hSZh+jSE8IIPIuk5ZKnolgxNrRpC7muSpJ4dDV/KQsutCfYHIfogELfw6GK9qFS98sIA LJdS+0XFGvFTy/jMgMLJ96zzo06wwMpQ7uyiEbb3E0fS+njvBWQM9OfpFqVh/g03l2aN lxxQ== X-Gm-Message-State: AFqh2kq5o+NljCzXddJdaSk+C/svb2SBfucxWgWs8BQvqGUC8sLJwmqG YfMYlhTKZo1n8QjI7aJW6rVzv8uUULjCi2BYYDA= X-Google-Smtp-Source: AMrXdXsC62Q7MFaIXsUcaMXQYnD4ny162FLyy6ZJizkcsUFwDpIyJG+lvFnEGFYG9GqfoYXC0mBMRQ== X-Received: by 2002:a05:6a00:21c6:b0:576:a74a:13c3 with SMTP id t6-20020a056a0021c600b00576a74a13c3mr93765700pfj.1.1673447686482; Wed, 11 Jan 2023 06:34:46 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 3/8] base.bbclass: Fix way to check ccache path Date: Wed, 11 Jan 2023 04:34:25 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:34:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175744 From: Changqing Li The previous code had 2 issues: 1. make hosttools/ccache always link to host's ccache (/usr/bin/ccache) even we have one buildtools 2. make hosttools/gcc etc, link to host's gcc event we have one buildtools when keyword ccache in buildtools's path, eg: /mnt/ccache/bin/buildtools This patch is for fix above issues. Signed-off-by: Changqing Li Signed-off-by: Richard Purdie (cherry picked from commit 1b7c81414cf252a7203d95703810a770184d7e4d) Signed-off-by: Steve Sakoman --- meta/classes/base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 19604a4646..3cae577a0e 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -139,7 +139,7 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): # /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc) # would return /usr/local/bin/ccache/gcc, but what we need is # /usr/bin/gcc, this code can check and fix that. - if "ccache" in srctool: + if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache': srctool = bb.utils.which(path, tool, executable=True, direction=1) if srctool: os.symlink(srctool, desttool) From patchwork Wed Jan 11 14:34:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18003 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDF8BC678D5 for ; Wed, 11 Jan 2023 14:34:50 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.web10.25135.1673447689505116491 for ; Wed, 11 Jan 2023 06:34:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=6etnRIsg; spf=softfail (domain: sakoman.com, ip: 209.85.215.178, mailfrom: steve@sakoman.com) Received: by mail-pg1-f178.google.com with SMTP id g68so9553969pgc.11 for ; Wed, 11 Jan 2023 06:34:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=y/oY9w/8bEMBsicRL8GiUKpYdrbXFWq5J1yMuZbPbmY=; b=6etnRIsgum625kF1ur/FJ2oOga+KNwgrySMIc+IGhD0rPsrzslCvfgXel60UnRqHlK lAOutZurXMHWqMFO+eSv/d13L55KadvKvUDn+E1kjBVtIUdi7sKmh4N12esF5Pyuoh3V b0S41wGXDyEiH0J+SINrraHXaNRyMKgkjzN93WrjsCwfdYnAFOKaZaLwHWqaT1C7Flmn luWEYS6SYZYucbGfCggKjjL7nHGA9EILfLcwo64dcVF/GFGvgxzw325ucy8S2LqpWHSV YYKOPnGDtWh4NfX+SicJ8DBYg+21qlz2vZ9PWPHv+YXmiMdFl7SpTM8/3tagFQUeYNsW 71gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y/oY9w/8bEMBsicRL8GiUKpYdrbXFWq5J1yMuZbPbmY=; b=Hq/ZnEhYPcfrpnnl2FVvs4Vn2l1wgglgyzc+vg/iJ7VVALfEd+7/lsYKjA9FPx+hLP r5f1o6+OHyF5r7iP5EVSp1Fn7zlqjPsiaKjp/KFSp7eGVj5uadydBOUvnecmi0WCNPYF azIvxdC7wDasMxDrJHbSRBKLgH4x6zdpC4pxffCpGla8Hy/zMjsBTWW9dv/uF1J/QLJs cZvrBKMc/Urd0mxmeY+k0qKN/uELPtSRALCowkBfZJCeCJINci3K0rlAfI80oyGc7VPp eQbmEJpmJIWyIHP9R9z5RilTE88MOirYVvfEtnmuVVak0+perlERbfvE0/Bs7JgKvhFq yrEw== X-Gm-Message-State: AFqh2kpKzUD7oUFeW/A7un73fy47Qby1nTsy9HGn+UZqhWnMG+ryJAC2 YtRkvEWktwdLxzWA+9/v+EBkPyYxti6LcRaLXrE= X-Google-Smtp-Source: AMrXdXtPqSa0GKm4nq8nARF6ekI0b3NOTc1xZpNrZ0aua0ffaPcdEm012gO9iH2b2Uvfl1RkO0xDgw== X-Received: by 2002:aa7:8eda:0:b0:58b:7db6:da48 with SMTP id b26-20020aa78eda000000b0058b7db6da48mr2529874pfr.20.1673447688340; Wed, 11 Jan 2023 06:34:48 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 4/8] rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Date: Wed, 11 Jan 2023 04:34:26 -1000 Message-Id: <75b7e86c9d9931c9e4e114af026b51710f1920a2.1673447528.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:34:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175745 From: Luis The do_rm_work() task is using the first available 'rm' binary available in PATH to remove files and folders. However, depending on the PATH setup and RECIPE_SYSROOT_NATIVE contents, the function can be using the 'rm' binary available in RECIPE_SYSROOT_NATIVE, a folder that will get removed. This causes a sporadic race-condition when trying to access the 'rm' binary of a folder already deleted. Solve this by exclusively using the HOSTTOOLS 'rm' binary, as this folder will not get removed. Signed-off-by: Luis Martins Signed-off-by: Richard Purdie (cherry picked from commit edcd9ad333bc4e504594e8af83e8cb7007d2e35c) Signed-off-by: Steve Sakoman --- meta/classes/rm_work.bbclass | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass index 2d5a56c238..24051aa378 100644 --- a/meta/classes/rm_work.bbclass +++ b/meta/classes/rm_work.bbclass @@ -27,6 +27,13 @@ BB_SCHEDULER ?= "completion" BB_TASK_IONICE_LEVEL_task-rm_work = "3.0" do_rm_work () { + # Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH + # Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function + RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)" + if [ -z "${RM_BIN}" ]; then + bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data." + fi + # If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe. for p in ${RM_WORK_EXCLUDE}; do if [ "$p" = "${PN}" ]; then @@ -73,7 +80,7 @@ do_rm_work () { # sstate version since otherwise we'd need to leave 'plaindirs' around # such as 'packages' and 'packages-split' and these can be large. No end # of chain tasks depend directly on do_package anymore. - rm -f -- $i; + "${RM_BIN}" -f -- $i; ;; *_setscene*) # Skip stamps which are already setscene versions @@ -90,7 +97,7 @@ do_rm_work () { ;; esac done - rm -f -- $i + "${RM_BIN}" -f -- $i esac done @@ -100,9 +107,9 @@ do_rm_work () { # Retain only logs and other files in temp, safely ignore # failures of removing pseudo folers on NFS2/3 server. if [ $dir = 'pseudo' ]; then - rm -rf -- $dir 2> /dev/null || true + "${RM_BIN}" -rf -- $dir 2> /dev/null || true elif ! echo "$excludes" | grep -q -w "$dir"; then - rm -rf -- $dir + "${RM_BIN}" -rf -- $dir fi done } From patchwork Wed Jan 11 14:34:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18007 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9058C5479D for ; Wed, 11 Jan 2023 14:35:00 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.25216.1673447691305246476 for ; Wed, 11 Jan 2023 06:34:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=YwgUcHeh; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id 200so5373056pfx.7 for ; Wed, 11 Jan 2023 06:34:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mX1H2uMdo39097YTW9nt9z2JNKEtp4KV8FMoLhng3HY=; b=YwgUcHeh8jjmmcUGuW6WOSKBjSQs3t5Yk6FOrWW8NrWYVzCw/VzCorEOSeXv82TBXc plXo7BvxFmtf5YCzb0Rbx2fclyS1xi/rDpZAQ9o+H6wjksmchs+iF1rP9PpIaJbvyQDz SYOubSz/Nn2iXon5n99laZqCGFNprfj9ish71WLNFcOCVTmg6p3zv+LFJIK6E8Fri56g 8ItqNzYgDnphEtF47eA3Q47Qqqeu90BDb5PvkZcVlsSic5gh2Exz5iGoUzSmFtQC06pj 44dl+wNLJFhcTYJTSDkcyxKxMV3q4iY/G3Nd/dtvUVDuX9SMLUAWfsz+AoURPymCX0rW 8VYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mX1H2uMdo39097YTW9nt9z2JNKEtp4KV8FMoLhng3HY=; b=T7cclMGhxikHlNoY5UF3156dbBhFLSm+jJCJwX2cd/tVxswwJLHOQodF63zZGOZoSA lgFlzCipvqv4EnzxN8EfHb61b+MJLBIkiH+ISkswKEoUsr7EAyJCWA3+Vo0J5CpGrO1I GOzMh5B2u/N3wvy70LTei808tPM1i1AdpF1CnNXt+tpBiz8x2woUE/cGWp2QjRB40KbO 2b1V3jmB+a0Cd3TUo+6XPyzDLZfwyLtASvGzaq/2DRB5grqrZW9TctedUlj5vizxI3Bw Dv0bOZPFOxj8oTfTRmgWda/EHYUf170eL3nMAe0Y/ddvFI3ZGN0z7E6teuaxI7ECQWrE zHrA== X-Gm-Message-State: AFqh2kpCYM0WSR1/gIilWTb9mMTCbi8j+c8z7AlG7naxo0Ydzi4ZBfb8 tE+XMfD/qfw+xIaEp67FmSLDs566oIt6sEYQ4UE= X-Google-Smtp-Source: AMrXdXtW6WSAsHY2urtubBpqEUYNmWPjOPrv7o5+NuFq+49JI+gkGPBtsLqFm9NfcR8xq7hGyg+rdw== X-Received: by 2002:aa7:8a41:0:b0:585:fc75:c544 with SMTP id n1-20020aa78a41000000b00585fc75c544mr2679550pfa.15.1673447690310; Wed, 11 Jan 2023 06:34:50 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 5/8] oeqa/rpm.py: Increase timeout and add debug output Date: Wed, 11 Jan 2023 04:34:27 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:35:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175746 From: Pavel Zhukov [Yocto #14346] Systemd may be slow in killing pam session sometimes [1][2]. It may cause rpm test to fail because there's process (sd_pam) running and own by "test1" user after timeout. Increasing timeout to 2 mins and assert earlier with debug output if there's such process(es). If increasing of timeout doesn't help we may want to force deletion of the user as [2] suggests. [1] https://github.com/systemd/systemd/issues/8598 [2] https://access.redhat.com/solutions/6969188 Signed-off-by: Pavel Zhukov Signed-off-by: Richard Purdie (cherry picked from commit 972fcc0ed1e0d36c3470071a9c667c5327c1ef78) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/runtime/cases/rpm.py | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/meta/lib/oeqa/runtime/cases/rpm.py b/meta/lib/oeqa/runtime/cases/rpm.py index 7a9d62c003..2b6cfe5ff2 100644 --- a/meta/lib/oeqa/runtime/cases/rpm.py +++ b/meta/lib/oeqa/runtime/cases/rpm.py @@ -49,21 +49,20 @@ class RpmBasicTest(OERuntimeTestCase): msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output) self.assertEqual(status, 0, msg=msg) - def check_no_process_for_user(u): - _, output = self.target.run(self.tc.target_cmds['ps']) - if u + ' ' in output: - return False - else: - return True + def wait_for_no_process_for_user(u, timeout = 120): + timeout_at = time.time() + timeout + while time.time() < timeout_at: + _, output = self.target.run(self.tc.target_cmds['ps']) + if u + ' ' not in output: + return + time.sleep(1) + user_pss = [ps for ps in output.split("\n") if u + ' ' in ps] + msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss)) + assertTrue(True, msg=msg) def unset_up_test_user(u): # ensure no test1 process in running - timeout = time.time() + 30 - while time.time() < timeout: - if check_no_process_for_user(u): - break - else: - time.sleep(1) + wait_for_no_process_for_user(u) status, output = self.target.run('userdel -r %s' % u) msg = 'Failed to erase user: %s' % output self.assertTrue(status == 0, msg=msg) From patchwork Wed Jan 11 14:34:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18008 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E803CC63797 for ; Wed, 11 Jan 2023 14:35:00 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.25138.1673447693496741171 for ; Wed, 11 Jan 2023 06:34:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=fRYxv6l6; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id a184so11532568pfa.9 for ; Wed, 11 Jan 2023 06:34:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=g26rYqhDozrJtr22jevH56kjggA77oSVogbWVVRTjm0=; b=fRYxv6l6xnnUNs1+N5hxZceht0mow8Ww2Me/rbwBPqHI6lPoA8gVhUMBQ8J0QYNaze NrgLX4LpiCD4puQqPDsfibM8p2cn9hILc9b/pRi0CGugQIj7+fKeGefzUA3kN1rjNKCT 6gPV3v/LCX13NL1vRz9IR1PMpx14BdT9k5BM1A7p2TdoQsCluC2gqylre60ZUuwveicb XBQ7K31dPFtXrWmJDpHbDLNrtcz8ZcEt6rVptS8cRXzSUo+DpFInA+uBapxxXWeQo2cy aiH4UacIKkQHgkcF/E9wBZcfJNnueDOrDkbdGZBIRDf6jQUkipm+93OzA8DtH6ONKKK7 fD7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g26rYqhDozrJtr22jevH56kjggA77oSVogbWVVRTjm0=; b=QhcbmuQdEcPcCEGMG5OeTQMcb1btKAAjrL27cTR4LSfK7KTqXUXtU3ywbke8bXjb74 GcEAlLvZ0E9e7M7Vwao7fkFhAm7aPQfHGsWhoHlQBsZRMYjQbWiUbw4QyKNGRvmE9Mpa 0OJymVVdRNRqz0XXwctS576+KD9CT9LmwWdCFRLRJDvrw1Wa5eb/4mhiv0Lo7ncmV9a/ bM2ul/esCme4IokKiN2d5QnNgKQYtTLxYhmU3dljLiOPbMWMQN7vgjp3f1OeuLihS8lW IO1wJ7FnuGVl2giXfB/ko6vMYb9l6fVPabYtD+NASgs2m9TDaP/wPql0loRrgSSgwv0O MyBg== X-Gm-Message-State: AFqh2kqUGEy00ZgyH1F0p0b+qoN5Xjv3anzhjsJmucZd3SM6/1i1M4Ra 05EncMmvYLx/Z7ZhgJw5Tf/vIr36h1hW9QvUQIo= X-Google-Smtp-Source: AMrXdXvPUV+GAMv+MGu+HM9jOkK8ELPMTxTED3eFss+1mmwyqVT2Mtd7DWtxPQg9gDx15oXasN0fqg== X-Received: by 2002:a05:6a00:3387:b0:581:fc19:4aa3 with SMTP id cm7-20020a056a00338700b00581fc194aa3mr2405976pfb.0.1673447692469; Wed, 11 Jan 2023 06:34:52 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:52 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 6/8] ovmf: fix gcc12 warning in GenFfs Date: Wed, 11 Jan 2023 04:34:28 -1000 Message-Id: <19da9603f4e7e64d4ffcb6d1e927965dcd161079.1673447528.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:35:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175747 Backport [https://github.com/tianocore/edk2/commit/7b005f344e533cd913c3ca05b266f9872df886d1] Fixes: GenFfs.c:545:5: error: pointer ?InFileHandle? used after ?fclose? [-Werror=use-after-free] 545 | Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GenFfs.c:544:5: note: call to ?fclose? here 544 | fclose (InFileHandle); | ^~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Steve Sakoman --- ...1-Basetools-genffs-fix-gcc12-warning.patch | 49 +++++++++++++++++++ meta/recipes-core/ovmf/ovmf_git.bb | 1 + 2 files changed, 50 insertions(+) create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Basetools-genffs-fix-gcc12-warning.patch diff --git a/meta/recipes-core/ovmf/ovmf/0001-Basetools-genffs-fix-gcc12-warning.patch b/meta/recipes-core/ovmf/ovmf/0001-Basetools-genffs-fix-gcc12-warning.patch new file mode 100644 index 0000000000..4418d52898 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-Basetools-genffs-fix-gcc12-warning.patch @@ -0,0 +1,49 @@ +From 7b005f344e533cd913c3ca05b266f9872df886d1 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 24 Mar 2022 20:04:34 +0800 +Subject: [PATCH] BaseTools: fix gcc12 warning + +GenFfs.c:545:5: error: pointer ?InFileHandle? used after ?fclose? [-Werror=use-after-free] + 545 | Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +GenFfs.c:544:5: note: call to ?fclose? here + 544 | fclose (InFileHandle); + | ^~~~~~~~~~~~~~~~~~~~~ + +Signed-off-by: Gerd Hoffmann +Reviewed-by: Bob Feng + +Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/7b005f344e533cd913c3ca05b266f9872df886d1] +Signed-off-by: Steve Sakoman + +--- + BaseTools/Source/C/GenFfs/GenFfs.c | 2 +- + BaseTools/Source/C/GenSec/GenSec.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/BaseTools/Source/C/GenFfs/GenFfs.c b/BaseTools/Source/C/GenFfs/GenFfs.c +index 949025c33325..d78d62ab3689 100644 +--- a/BaseTools/Source/C/GenFfs/GenFfs.c ++++ b/BaseTools/Source/C/GenFfs/GenFfs.c +@@ -542,7 +542,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment) + PeFileBuffer = (UINT8 *) malloc (PeFileSize); + if (PeFileBuffer == NULL) { + fclose (InFileHandle); +- Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle); ++ Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile); + return EFI_OUT_OF_RESOURCES; + } + fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle); +diff --git a/BaseTools/Source/C/GenSec/GenSec.c b/BaseTools/Source/C/GenSec/GenSec.c +index d54a4f9e0a7d..b1d05367ec0b 100644 +--- a/BaseTools/Source/C/GenSec/GenSec.c ++++ b/BaseTools/Source/C/GenSec/GenSec.c +@@ -1062,7 +1062,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment) + PeFileBuffer = (UINT8 *) malloc (PeFileSize); + if (PeFileBuffer == NULL) { + fclose (InFileHandle); +- Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle); ++ Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile); + return EFI_OUT_OF_RESOURCES; + } + fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle); diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index b00119313b..63e857737a 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -18,6 +18,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0003-ovmf-enable-long-path-file.patch \ file://0004-ovmf-Update-to-latest.patch \ file://0001-Fix-VLA-parameter-warning.patch \ + file://0001-Basetools-genffs-fix-gcc12-warning.patch \ " PV = "edk2-stable202008" From patchwork Wed Jan 11 14:34:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18005 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8FD6C46467 for ; Wed, 11 Jan 2023 14:35:00 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.25217.1673447695666956102 for ; Wed, 11 Jan 2023 06:34:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=jNQYHBcb; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id f3so10656886pgc.2 for ; Wed, 11 Jan 2023 06:34:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BZfVzqYRngS0aOKURB1dKUvxRA/mpe5jW55aJbtP4ek=; b=jNQYHBcbStq3GETlgV0jqZEhyWXV9XuAax3v8LFFbfwQ37Q6SgwNzsp3HbUKUQMzOV bC+dMc9FxhWum6zqWSzuqVa6ILC/PjOMliQ0+vR4v4spaM0Wjfn7wZ3qkxK2gc9xW8o9 V7iBXkmFm5/w0wvcO2G88mn756dwzfhJ2n4Z611eBda+QEWhWcrsFc3cmoIojLt45Xqh wg69H0r/tLprJnQnDJA158cPxUMH32+5QTauY/IusLA3hdBCD9BzLTtNpWVd6jzEoByk 9G3zv/G7e6PuwQn2FOfgGQtNDpVsvyex33NVQQpx3PNyKyMyQD+Ej1zOVs+2ZV1Ww7N0 i9xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BZfVzqYRngS0aOKURB1dKUvxRA/mpe5jW55aJbtP4ek=; b=kWSzIrxI732AOX3Pd2chQ0bgmCdGsL3kuMgssblACmRsseQaIlrjz6BddjGolBE3+C cSRswxOSrCAZ2los5TnU3F+vy7xA7rmeXIzy8tb74QsCpCZ/Mp2B3OgOcvIP5JeCKFu1 jvTsLqMswOB0+oEf+BBymy7jwKVhUeeAtWnruTwIyfi/7uc+LEilTvcBTKsGc6baVPy2 2zZ5WEfFWFdagPgB5WkVJa29+FeNDzNC3RsVeLDSOqFKLfp7rpDomdr0ZsrPWlDU3QV6 g2AODKnluk00yOaGnejTsOj+B514WEwwaCGtHcZdSryE+uetfYYJzPHpP/XXK0lBRZHV jt9A== X-Gm-Message-State: AFqh2krTDBx6ybSg3g81JbN3m7g1KPHFNn5Qu3BfwudeQv0oCMVh1Php s28jgvqHvIIVMELld8tYf0GKIVNM32X20XLM+qs= X-Google-Smtp-Source: AMrXdXvgMCVcb9gj0m5OXzRBRFlZ5KCfmlH03w4UJEH9E+AfZpF1qXI6BAyUFqTJ8ptQy0binKCDsg== X-Received: by 2002:a05:6a00:2a9:b0:588:89bc:7f75 with SMTP id q9-20020a056a0002a900b0058889bc7f75mr10659727pfs.1.1673447694564; Wed, 11 Jan 2023 06:34:54 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:54 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 7/8] ovmf: fix gcc12 warning in LzmaEnc Date: Wed, 11 Jan 2023 04:34:29 -1000 Message-Id: <25cc13c1016c2565694d0e0959a69c8b91054309.1673447528.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:35:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175748 Backport [https://github.com/tianocore/edk2/commit/85021f8cf22d1bd4114803c6c610dea5ef0059f1] Fixes: Sdk/C/LzmaEnc.c: In function ?LzmaEnc_CodeOneMemBlock?: Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*p.rc.outStream? [-Werror=dangling-pointer=] 2828 | p->rc.outStream = &outStream.vt; | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here 2811 | CLzmaEnc_SeqOutStreamBuf outStream; | ^~~~~~~~~ Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*(CLzmaEnc *)pp.rc.outStream? [-Werror=dangling-pointer=] 2828 | p->rc.outStream = &outStream.vt; | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here 2811 | CLzmaEnc_SeqOutStreamBuf outStream; | ^~~~~~~~~ Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here cc1: all warnings being treated as errors Signed-off-by: Steve Sakoman --- ...-Basetools-lzmaenc-fix-gcc12-warning.patch | 53 +++++++++++++++++++ meta/recipes-core/ovmf/ovmf_git.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Basetools-lzmaenc-fix-gcc12-warning.patch diff --git a/meta/recipes-core/ovmf/ovmf/0001-Basetools-lzmaenc-fix-gcc12-warning.patch b/meta/recipes-core/ovmf/ovmf/0001-Basetools-lzmaenc-fix-gcc12-warning.patch new file mode 100644 index 0000000000..a6ef87aa79 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-Basetools-lzmaenc-fix-gcc12-warning.patch @@ -0,0 +1,53 @@ +From 24551a99d1f765c891a4dc21a36f18ccbf56e612 Mon Sep 17 00:00:00 2001 +From: Steve Sakoman +Date: Tue, 10 Jan 2023 06:15:00 -1000 +Subject: [PATCH] BaseTools: fix gcc12 warning + +Sdk/C/LzmaEnc.c: In function ?LzmaEnc_CodeOneMemBlock?: +Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*p.rc.outStream? [-Werror=dangling-pointer=] + 2828 | p->rc.outStream = &outStream.vt; + | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ +Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here + 2811 | CLzmaEnc_SeqOutStreamBuf outStream; + | ^~~~~~~~~ +Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here +Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*(CLzmaEnc *)pp.rc.outStream? [-Werror=dangling-pointer=] + 2828 | p->rc.outStream = &outStream.vt; + | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ +Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here + 2811 | CLzmaEnc_SeqOutStreamBuf outStream; + | ^~~~~~~~~ +Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here +cc1: all warnings being treated as errors + +Signed-off-by: Gerd Hoffmann +Reviewed-by: Bob Feng + +Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/85021f8cf22d1bd4114803c6c610dea5ef0059f1] +Signed-off-by: Steve Sakoman +--- + BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c +index e281716fee..b575c4f888 100644 +--- a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c ++++ b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c +@@ -2638,12 +2638,13 @@ SRes LzmaEnc_CodeOneMemBlock(CLzmaEncHandle pp, Bool reInit, + + nowPos64 = p->nowPos64; + RangeEnc_Init(&p->rc); +- p->rc.outStream = &outStream.vt; + + if (desiredPackSize == 0) + return SZ_ERROR_OUTPUT_EOF; + ++ p->rc.outStream = &outStream.vt; + res = LzmaEnc_CodeOneBlock(p, desiredPackSize, *unpackSize); ++ p->rc.outStream = NULL; + + *unpackSize = (UInt32)(p->nowPos64 - nowPos64); + *destLen -= outStream.rem; +-- +2.25.1 + diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 63e857737a..ddadbac4b7 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -19,6 +19,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0004-ovmf-Update-to-latest.patch \ file://0001-Fix-VLA-parameter-warning.patch \ file://0001-Basetools-genffs-fix-gcc12-warning.patch \ + file://0001-Basetools-lzmaenc-fix-gcc12-warning.patch \ " PV = "edk2-stable202008" From patchwork Wed Jan 11 14:34:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18006 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE349C54EBC for ; Wed, 11 Jan 2023 14:35:00 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.25217.1673447695666956102 for ; Wed, 11 Jan 2023 06:34:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=m3sZjveu; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id f3so10656938pgc.2 for ; Wed, 11 Jan 2023 06:34:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MxgZTgRaSAEmTMrT/iiYlM8Eb0B63+ebDmavKd5pLGY=; b=m3sZjveuFUBMFdbgi3vqilJ+KunKJU/aTuVidzga87bralqeAi9EnecSXnPAWOmzJP 6Sxn93fy+TbxY2aBwGdrPYusGRBrRU58gY4rBsKxYnqBSpTfXdCBxgFFlp02YxIrZVRn H2gTGMXSLM37iXk062sRMFrtACY6cw1w+CLuRRpze2NpthoMjq19hnvJ5HVv312IBw6k OEZEqXbNGm+N2c+b2zhNjQejFn4F28M4e008mtEm/RNRoOSTFXf3EluwwXffPOSdihlR sb7eb26XVGlCXOpFEwOML6geXoncAsqdWZgdm5ejjddLq6fHRd4CxBTCDfAv+0MmXld9 cCKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MxgZTgRaSAEmTMrT/iiYlM8Eb0B63+ebDmavKd5pLGY=; b=sfrDSwbDL/2otDjnL/nxJfDytvrA3+rk1RfovWdRmSx8FAp/wDcQAgAoqYDNxrKgCM TCr9UkPj+vrMhowLnDpJZRgKJwaTgumQFfsvwGqxbjVAULFntm9IFQBw8cGX+V3rTYvq WmitlA9dsxJawG3UK20WhylXZWuO3qAoOinlYdLeHS0LCna8qgShqjSz5D3dmvpcEPCV Ln45ZwcSRk5KhXtpgB96zoRnvnMGw+liX3AjyHJJLgCMkufNS68cNcViVdhDr133IEb0 E7llG5SYM244TbVdw6EHOEzw1WtM3y5vjvgZpXzrhCO3r7eEebBvm0C8FY8Zd32AcelG o9Sw== X-Gm-Message-State: AFqh2ko0pedbJ9jYgUZpRwY7XoAowhmN26gnOTFDKj9x+qgXOwXIan1z 01C1u1AowANQkrUEbLIsiVgaO0OvbhOyqsrUgtM= X-Google-Smtp-Source: AMrXdXvoxLWPd/8Zj70ruuaztK3vH6vqujHABnZGfj7OWqv+YRkvsaDyxosH9D+lD0koZo0JqoTUbQ== X-Received: by 2002:a62:3883:0:b0:580:b942:e85 with SMTP id f125-20020a623883000000b00580b9420e85mr61325454pfa.16.1673447696541; Wed, 11 Jan 2023 06:34:56 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id y29-20020aa793dd000000b0056c2e497b02sm10381288pff.173.2023.01.11.06.34.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 06:34:56 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 8/8] ovmf: fix gcc12 warning for device path handling Date: Wed, 11 Jan 2023 04:34:30 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Jan 2023 14:35:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175749 Backport [https://github.com/tianocore/edk2/commit/22130dcd98b4d4b76ac8d922adb4a2dbc86fa52c] Fixes: In function ?SetDevicePathEndNode?, inlined from ?FileDevicePath? at DevicePathUtilities.c:857:5: DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 [-Werror=stringop-overflow=] 321 | memcpy (Node, &mUefiDevicePathLibEndDevicePath, sizeof (mUefiDevicePathLibEndDevicePath)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from UefiDevicePathLib.h:22, from DevicePathUtilities.c:16: ../Include/Protocol/DevicePath.h: In function ?FileDevicePath?: ../Include/Protocol/DevicePath.h:51:9: note: destination object ?Type? of size 1 51 | UINT8 Type; ///< 0x01 Hardware Device Path. | ^~~~ Signed-off-by: Steve Sakoman --- ...001-Basetools-turn-off-gcc12-warning.patch | 41 +++++++++++++++++++ meta/recipes-core/ovmf/ovmf_git.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Basetools-turn-off-gcc12-warning.patch diff --git a/meta/recipes-core/ovmf/ovmf/0001-Basetools-turn-off-gcc12-warning.patch b/meta/recipes-core/ovmf/ovmf/0001-Basetools-turn-off-gcc12-warning.patch new file mode 100644 index 0000000000..73a432684c --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-Basetools-turn-off-gcc12-warning.patch @@ -0,0 +1,41 @@ +From 22130dcd98b4d4b76ac8d922adb4a2dbc86fa52c Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 24 Mar 2022 20:04:36 +0800 +Subject: [PATCH] Basetools: turn off gcc12 warning + +In function ?SetDevicePathEndNode?, + inlined from ?FileDevicePath? at DevicePathUtilities.c:857:5: +DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 [-Werror=stringop-overflow=] + 321 | memcpy (Node, &mUefiDevicePathLibEndDevicePath, sizeof (mUefiDevicePathLibEndDevicePath)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +In file included from UefiDevicePathLib.h:22, + from DevicePathUtilities.c:16: +../Include/Protocol/DevicePath.h: In function ?FileDevicePath?: +../Include/Protocol/DevicePath.h:51:9: note: destination object ?Type? of size 1 + 51 | UINT8 Type; ///< 0x01 Hardware Device Path. + | ^~~~ + +Signed-off-by: Gerd Hoffmann +Reviewed-by: Bob Feng + +Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/22130dcd98b4d4b76ac8d922adb4a2dbc86fa52c] +Signed-off-by: Steve Sakoman + +--- + BaseTools/Source/C/DevicePath/GNUmakefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/BaseTools/Source/C/DevicePath/GNUmakefile b/BaseTools/Source/C/DevicePath/GNUmakefile +index 7ca08af9662d..b05d2bddfa68 100644 +--- a/BaseTools/Source/C/DevicePath/GNUmakefile ++++ b/BaseTools/Source/C/DevicePath/GNUmakefile +@@ -13,6 +13,9 @@ OBJECTS = DevicePath.o UefiDevicePathLib.o DevicePathFromText.o DevicePathUtili + + include $(MAKEROOT)/Makefiles/app.makefile + ++# gcc 12 trips over device path handling ++BUILD_CFLAGS += -Wno-error=stringop-overflow ++ + LIBS = -lCommon + ifeq ($(CYGWIN), CYGWIN) + LIBS += -L/lib/e2fsprogs -luuid diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index ddadbac4b7..a487f77e3c 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -20,6 +20,7 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0001-Fix-VLA-parameter-warning.patch \ file://0001-Basetools-genffs-fix-gcc12-warning.patch \ file://0001-Basetools-lzmaenc-fix-gcc12-warning.patch \ + file://0001-Basetools-turn-off-gcc12-warning.patch \ " PV = "edk2-stable202008"