From patchwork Wed Jan 25 14:41:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18633 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33BDBC27C76 for ; Wed, 25 Jan 2023 14:42:17 +0000 (UTC) Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by mx.groups.io with SMTP id smtpd.web10.46637.1674657728352168468 for ; Wed, 25 Jan 2023 06:42:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=EF4KzdEu; spf=softfail (domain: sakoman.com, ip: 209.85.215.169, mailfrom: steve@sakoman.com) Received: by mail-pg1-f169.google.com with SMTP id 78so13521195pgb.8 for ; Wed, 25 Jan 2023 06:42:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eJLhPxiwMRQKbV+ODKRAHwAw5tlFWpuqnImEEV7T8QI=; b=EF4KzdEuMvndnM3F2J72+lWPh2WPjRr9MI5rgvw/Gl97lWLMTgchIp9tXnhxvywfra +CWK9L99we2CfSliobAAK85P93bUURj5YBZH5qeINNYLXS7TQ9uPDub/OwsjxTAMBsTq KRC9fXrmUr4DUq3WE/ttK9PbPlqT163mgR6l8BzMA+kgamWNvEG/HEHLdRu+EL8QksJk 2OYzrDl4ssMz+KqH67AXLZqdKEK7f7tyF2DUKEm/2hVrHpN96olLaZWnLsGapPcF+fvY 2YUJxavW2jlM6YYPFJRJAaxt2zxCUFn3+J1c2qloTDkTGIQDrZxBzXk5DtOcEfMxrd2s dOfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eJLhPxiwMRQKbV+ODKRAHwAw5tlFWpuqnImEEV7T8QI=; b=k+pcbsfIPcF6mlkKZw2TUkvBCSpj+dt2XWZzHKBZEvTMI8q9FeP6t3C+sU8AHTgWUq clmy/nh6XwVHkL1XcopBoNFpvH2K//Ni+ZmZDIDzUonW3nkLqs/ZoKu9Z60EP+1ZnkhD zB0+LGuhMgb/Qo5IjrBLz+Y0a6TeXlHGK7BDwQ4Ro9wcUPVgiDzmBarYR3RlFxuqOmHe Dz1pfUB6cQO6rYIGdV+9FvAko6lo1tiyKX7MaREkZAx4EFq35/XZuYqxy05V0qjJfyOS WVj0UwaiKwaYdsvTiWiQUgCYI5quIJlY0Ok/ZaZbXxT8EOop1QUh+F0gfbyXbTYl1kGa OltA== X-Gm-Message-State: AO0yUKXo55GpHEGKRQe3foAo5m33Sq1YSOOzY3MGq0EcVzZ/ayLobLZd +JfRG9jbCXAw/nnwrVQr8HuRD6d1K317EjuSdyE= X-Google-Smtp-Source: AK7set+6qo4/C55Wu9V7z1gNeERbRDoYklCrlqAbuXfwse2k90W1e5bXkBDkN//qWxDIA/uLle1cFg== X-Received: by 2002:a62:db01:0:b0:590:630d:a8e1 with SMTP id f1-20020a62db01000000b00590630da8e1mr1424177pfg.11.1674657727397; Wed, 25 Jan 2023 06:42:07 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:06 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/16] cve-update-db-native: Allow to overrule the URL in a bbappend. Date: Wed, 25 Jan 2023 04:41:44 -1000 Message-Id: <7290b3217c31cec7dd9985cbf5a003a9c368fa54.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176352 From: jan With this small patch, it's possible to overrule the public URL with a local mirror for those without Internet access. Signed-off-by: Jan Vermaete Signed-off-by: Richard Purdie (cherry picked from commit 2d903126e8bbece3a5171c3488c3deae1f0aa3ee) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 59e7d7dc2c..355ee2a2a3 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -19,6 +19,7 @@ CVE_DB_UPDATE_INTERVAL ?= "86400" # Timeout for blocking socket operations, such as the connection attempt. CVE_SOCKET_TIMEOUT ?= "60" +NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" python () { if not bb.data.inherits_class("cve-check", d): @@ -36,7 +37,6 @@ python do_fetch() { bb.utils.export_proxies(d) - BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" YEAR_START = 2002 db_file = d.getVar("CVE_CHECK_DB_FILE") @@ -76,7 +76,7 @@ python do_fetch() { total_years = date.today().year + 1 - YEAR_START for i, year in enumerate(range(YEAR_START, date.today().year + 1)): ph.update((float(i + 1) / total_years) * 100) - year_url = BASE_URL + str(year) + year_url = (d.getVar('NVDCVE_URL')) + str(year) meta_url = year_url + ".meta" json_url = year_url + ".json.gz" From patchwork Wed Jan 25 14:41:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18630 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40C80C61D9D for ; Wed, 25 Jan 2023 14:42:17 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web11.46700.1674657730495147498 for ; Wed, 25 Jan 2023 06:42:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=KCy1Kx7/; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id 36so13503905pgp.10 for ; Wed, 25 Jan 2023 06:42:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Urs+MdjWSoG/sVGpyHZfZbyUUD3zDh3ZXk9qq7crb5o=; b=KCy1Kx7/qFZOQnmMMWE+5ra7tzFcV4fcFCpbi35sNpx9+EQ1B2ytaILbn1JwyS02PO qjjJT1k545CRJuoKDAZlQ6QDtF6YPyPvwI3mqwn7g5vUiAzA8Rptx0erInFbBCfGuXcH CxqlgxgrC0aoV2LPwhuX25kRsX3VzgMnZOncd8aCsz+rHwAhVOlbiY5t7981hxNMqkt7 cZubnp9R55eDOBAHwjSzR+P7Ir9PCkjbhNCyVSA1hGNkq+NmRdEGrFCNPw+zb8cXCZKu 9G+vegrly7bHUSmZzm5hf3RP9K62KGqoMYAv/XD85B3l3bnBn/3BGafLfZ28jFGRKuev DP7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Urs+MdjWSoG/sVGpyHZfZbyUUD3zDh3ZXk9qq7crb5o=; b=0PWfO0LZrlJsnm9/aEh6Edfhk/NwKC3QCiFpDeUZtx2v+AqFOSrD668SwH2lm1HgaG yH0+PkU/WOqZdIRc0xCHblQ/r9ahCg5Im4FqedKyAyKlRnvNsqDCZ29kKwS2i903IF8M rfod2zk/EuawEbUJ0v6Xv36byLMyIETqUo8V/torBjWLyOU8dv3XWC3hmjIeO9Hb5pgB Jmtlsj+OD8POLbd6Cs1pBe/JdskkOZxmgBotQojxdkWjXzNm6kqKlUtlPLDZKZFtIchk /KMlF9615F4Aubka4oz7jtVA4Si3ijAlCv2Ui3FVbJSITAqN2hSZf2L++/SCiFeTsHut Mqbg== X-Gm-Message-State: AFqh2kqkncTspDISOiPV+YjHOI1KoGXyB5L6vmD2m3PzEWEvWZEDAqm5 MbVJcwfqBmY/moCan6STylqI5nvh6ETKnVnmEPI= X-Google-Smtp-Source: AMrXdXuJshgOMCxp37i/bcb9s70+DLnI3taD4XLc8wgLsKZJPvDm5ZiwP0XBYhCx59PPajP3TRnjjg== X-Received: by 2002:aa7:9634:0:b0:57d:56f1:6ae7 with SMTP id r20-20020aa79634000000b0057d56f16ae7mr32201470pfg.33.1674657729537; Wed, 25 Jan 2023 06:42:09 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/16] cve-update-db-native: add more logging when fetching Date: Wed, 25 Jan 2023 04:41:45 -1000 Message-Id: <60fa8135437ab1e2bc7cead5f838ac787c8dab26.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176353 From: Ross Burton Add some debug logging when fetching the CVE data. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 9b230584664873af2ab453b8153b1ad276d3b0af) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 355ee2a2a3..e267671628 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -75,6 +75,7 @@ python do_fetch() { with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: total_years = date.today().year + 1 - YEAR_START for i, year in enumerate(range(YEAR_START, date.today().year + 1)): + bb.debug(2, "Updating %d" % year) ph.update((float(i + 1) / total_years) * 100) year_url = (d.getVar('NVDCVE_URL')) + str(year) meta_url = year_url + ".meta" @@ -104,6 +105,7 @@ python do_fetch() { cursor.close() if not meta or meta[0] != last_modified: + bb.debug(2, "Updating entries") # Clear products table entries corresponding to current year conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close() @@ -117,7 +119,8 @@ python do_fetch() { cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) return - + else: + bb.debug(2, "Already up to date (last modified %s)" % last_modified) # Update success, set the date to cve_check file. if year == date.today().year: cve_f.write('CVE database update : %s\n\n' % date.today()) From patchwork Wed Jan 25 14:41:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18631 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BCF2C54EAA for ; Wed, 25 Jan 2023 14:42:17 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web10.46639.1674657732410551900 for ; Wed, 25 Jan 2023 06:42:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=AO44pLn/; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id c124so4977910pfb.8 for ; Wed, 25 Jan 2023 06:42:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Dt6snABrVebGXOhTc9frZnq/CLjaLlQ6lJk6nUjhgjA=; b=AO44pLn/LGXuHXDjL4p5gaegtrtMcxpPG9j81RPbTG04UR+Ja9dnnOG1kFxxYvWTg+ kUmsjWU4Pgrpz9oCOXgNuVGfNWovwosAr0lPjD2fns+T0S5Wu2TFSzf02r1sULGVf46m qVal/wHywszX0BUUdIDDcnWJi4JnufRodro+f+1HkFDLNxi66AkM/BMuXnnoC1obkBxv q1Uu1xW51bK6xyif45taoINzKTovbnglq/4yCngP0XTrboWSwg/hE4ArpF7uSJWGk/2f zDyyO8Gi+TFfrix0FQ+0QdbBlkJQfhzNgxlGwhJV1q1SNG0cmqDaKN2Vv/c8l+NyxIhl M6UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dt6snABrVebGXOhTc9frZnq/CLjaLlQ6lJk6nUjhgjA=; b=IGhEqedUteBbcqoV0+7suj++vZhl68qg9BpzWEQbp+APtHcqymQMB5CCOuWFc/nF9y iz4PcdzU1gO67IsNEJHkjeppMcrVfRRPb0mhax5HlI5H7fQ94T3q6Yv16cmhrWbKV9sv Fy3Iko/DyCJFl0aJ4MamV+NpIXqUoWUtfJsFeV2xmLWU0x1Ntpv9fifrMaUo+wmJxGYj JEKHg71oJu+J0NwIApu7aOqgGUMYrXAzGWT4r7MIqX7YDmZLfAHiqn85yIAmveQSxRk4 Ad5ftAcMdf7qqnMYoyxgn84+CRmlP3whh0UBB1IfWwO72c4dRw+pO44kHkpWdXyqOYQ5 s1Jg== X-Gm-Message-State: AFqh2koGl1aRLCIQCdyYt+p22KgAng893BIT8fsLn0Sj5znwzbupp9MM lafDmxXhkqqBJHTUnGFSU4YPhekoO+Yhunhjt14= X-Google-Smtp-Source: AMrXdXv/R/M4ak12gbzVAa0pTPo4kCgFLAyCi4HQAahBIZ9h3eLaE7wQiT21miiWNxFpB7S1jZM5EA== X-Received: by 2002:a05:6a00:24d4:b0:57e:866d:c095 with SMTP id d20-20020a056a0024d400b0057e866dc095mr42202650pfv.25.1674657731356; Wed, 25 Jan 2023 06:42:11 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:10 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/16] cve-update-db-native: avoid incomplete updates Date: Wed, 25 Jan 2023 04:41:46 -1000 Message-Id: <6a219c50ee12b7fb584e2db3e4dde171903acfb7.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176354 From: Marta Rybczynska The database update has been done on the original file. In case of network connection issues, temporary outage of the NVD server or a similar situation, the function could exit with incomplete data in the database. This patch solves the issue by performing the update on a copy of the database. It replaces the main one only if the whole update was successful. See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14929 Reported-by: Alberto Pianon Signed-off-by: Marta Rybczynska Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 8efe99214d8b005f0ecac690ce5ba17b31758f92) Signed-off-by: Steve Sakoman --- .../recipes-core/meta/cve-update-db-native.bb | 83 ++++++++++++++----- 1 file changed, 61 insertions(+), 22 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index e267671628..28605bc13b 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -21,6 +21,8 @@ CVE_DB_UPDATE_INTERVAL ?= "86400" CVE_SOCKET_TIMEOUT ?= "60" NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" +CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -32,25 +34,15 @@ python do_fetch() { """ import bb.utils import bb.progress - import sqlite3, urllib, urllib.parse, shutil, gzip - from datetime import date + import shutil bb.utils.export_proxies(d) - YEAR_START = 2002 - db_file = d.getVar("CVE_CHECK_DB_FILE") db_dir = os.path.dirname(db_file) + db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") - cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - - if os.path.exists("{0}-journal".format(db_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_file)) - - if os.path.exists(db_file): - os.remove(db_file) + cleanup_db_download(db_file, db_tmp_file) # The NVD database changes once a day, so no need to update more frequently # Allow the user to force-update @@ -67,9 +59,60 @@ python do_fetch() { pass bb.utils.mkdirhier(db_dir) + if os.path.exists(db_file): + shutil.copy2(db_file, db_tmp_file) + + if update_db_file(db_tmp_file, d) == True: + # Update downloaded correctly, can swap files + shutil.move(db_tmp_file, db_file) + else: + # Update failed, do not modify the database + bb.note("CVE database update failed") + os.remove(db_tmp_file) +} + +do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_fetch[file-checksums] = "" +do_fetch[vardeps] = "" + +def cleanup_db_download(db_file, db_tmp_file): + """ + Cleanup the download space from possible failed downloads + """ + + # Clean up the updates done on the main file + # Remove it only if a journal file exists - it means a complete re-download + if os.path.exists("{0}-journal".format(db_file)): + # If a journal is present the last update might have been interrupted. In that case, + # just wipe any leftovers and force the DB to be recreated. + os.remove("{0}-journal".format(db_file)) + + if os.path.exists(db_file): + os.remove(db_file) + + # Clean-up the temporary file downloads, we can remove both journal + # and the temporary database + if os.path.exists("{0}-journal".format(db_tmp_file)): + # If a journal is present the last update might have been interrupted. In that case, + # just wipe any leftovers and force the DB to be recreated. + os.remove("{0}-journal".format(db_tmp_file)) + + if os.path.exists(db_tmp_file): + os.remove(db_tmp_file) + +def update_db_file(db_tmp_file, d): + """ + Update the given database file + """ + import bb.utils, bb.progress + from datetime import date + import urllib, gzip, sqlite3 + + YEAR_START = 2002 + cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) # Connect to database - conn = sqlite3.connect(db_file) + conn = sqlite3.connect(db_tmp_file) initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: @@ -87,7 +130,7 @@ python do_fetch() { except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') bb.warn("Failed to fetch CVE data (%s)" % e.reason) - return + return False if response: for l in response.read().decode("utf-8").splitlines(): @@ -97,7 +140,7 @@ python do_fetch() { break else: bb.warn("Cannot parse CVE metadata, update failed") - return + return False # Compare with current db last modified date cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) @@ -118,7 +161,7 @@ python do_fetch() { except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) - return + return False else: bb.debug(2, "Already up to date (last modified %s)" % last_modified) # Update success, set the date to cve_check file. @@ -127,11 +170,7 @@ python do_fetch() { conn.commit() conn.close() -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" + return True def initialize_db(conn): with conn: From patchwork Wed Jan 25 14:41:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18632 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E240C54E94 for ; Wed, 25 Jan 2023 14:42:17 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.46705.1674657734301697325 for ; Wed, 25 Jan 2023 06:42:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=Hw1h2/Bt; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id c26so13548201pfp.10 for ; Wed, 25 Jan 2023 06:42:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lQ74lyvlbBq7LFMJCU/zSOEkF8SHlCjuiNHxLudWJIY=; b=Hw1h2/BtTN8KUNs3Ly/a5owp8oZBxt6EDkyAOOfYYewQFsSzB0EvROGFSUJLGOK/G4 J3x7nV4MupMk9z0gMgJgJDOVQOyBSEPjBEYTqAtoVkEB+Wx7OFVjlqzBVnRsE5g8NT4I KKTcGM4fxMdjUJERYUx9anez6fCYW8E6yXSWcFtMrhlBLxe/8+ZzP0vrhM9usw2hdm31 XLxH0OccwrepVenXrWtVYVoAzJM9Cls7F4gZQmRjC8wRQ3xYUiXKcwXajjUDqpTklTur gPO6QedUewy229aXmIaJgou4KHXxMvC+ekcLRP0iyrsoEP2JjaM9vw/WSe+ebkWHpInI uAwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lQ74lyvlbBq7LFMJCU/zSOEkF8SHlCjuiNHxLudWJIY=; b=Qv98lqoUI7ikP9Kn18g/8uWBzE5MNqPFhiuRvIQFf0j0gW6v/Vp9RjFoyNYmOCUp/y lOKQXmvEO6iyIzVxtRM1sdxrPYpSJ0Y2j0l9IYA8VKGfNv/NVzIdSGjTiPaGSJryJ+tT HqKvsXRJwPI07jGX1QWyx+eJmhnjvowfbn2wcrHdHXWpakXg006YqVG61RycKgFHv4f0 PIkDVAOs9J+WfSJPwFwYkswAVQcKloyBbb3+pP3s5DPdMuHWW5p57IHcdcJsVQdtODdU ixJtA7+eqrbnuZYxdA847FD0mApxtnUAadBNIvZDeAK5LYkbLwq0R7SeS5R8JU4vLdj4 EuEw== X-Gm-Message-State: AFqh2kpRQdewEfhhncWUeEz58sbsxhlhf+plH3EAgqAi4+6rzIdJi2Q3 sXpeL1YPyKtKSscUfBAI5yWCry7EIfRzEpyuCow= X-Google-Smtp-Source: AMrXdXsXePqniEjU1sn13Lc4cBMnKalVB2SdKVFPhZJY+Ya/b91YncY0jPZdQ0rSAAapwVzZcJk38A== X-Received: by 2002:a05:6a00:d68:b0:576:dc40:6db9 with SMTP id n40-20020a056a000d6800b00576dc406db9mr27037140pfv.13.1674657733243; Wed, 25 Jan 2023 06:42:13 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/16] cve-update-db-native: show IP on failure Date: Wed, 25 Jan 2023 04:41:47 -1000 Message-Id: <48c0e427675f4c99c395cc0a75743ac70eb64802.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176355 From: Ross Burton We get random SSL failures when fetching the CVE database, and it's notable that the NVD server is behind a DNS round-robin or geographically diverse servers. On a hunch that there is one misconfigured server, dump the IP that we connected to. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 28605bc13b..efc32470d3 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -129,7 +129,10 @@ def update_db_file(db_tmp_file, d): response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') - bb.warn("Failed to fetch CVE data (%s)" % e.reason) + bb.warn("Failed to fetch CVE data (%s)" % e) + import socket + result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP) + bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) return False if response: From patchwork Wed Jan 25 14:41:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18629 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 342AAC61D97 for ; Wed, 25 Jan 2023 14:42:17 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.46643.1674657736048551622 for ; Wed, 25 Jan 2023 06:42:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=cOJIKyLp; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id f11so950501pfc.1 for ; Wed, 25 Jan 2023 06:42:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ke0vkRgtkG4au6LjK8pJ7AbFg9pyBAoM9wSWmTf22LU=; b=cOJIKyLpNeRxZJGvD8jiVfij0LJ0MgCv1ef+NbVQlGqYtcdoz9cJWnPvufei01JEA3 zhJaIbdAhSOjPOQnK56CKIyTBnpq9Q4M5tbAUT7iAIFSRubJ/nYq2x01crvPcAUm49V6 isZE21KO4sYm8n7Mcl4aU18N2Ne/adNrSjPFqBDUes0QlmjK8LJd1c5/MXddV5opuIly 1OC+FzEP6OCs2KxUUXc0qw03QuyT0dpfh8JfadpZUom+LP/m14fREpGXuPb7m+K38h5v pCllioOPc7tglg248cxA2WyRr/WAckab4MgcxV+VbEhanC2UQWCHlvGzaSPkIbVr18At u6Zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ke0vkRgtkG4au6LjK8pJ7AbFg9pyBAoM9wSWmTf22LU=; b=BBVqrY+6bVE0IFb266MXudxYFyQXs18pvXzpBAERLLfQ4StxvBDW57WlTlzoSKoSZb wBLSOKTJjZ1+IeA9u8R+h0FFlX7ZBuxfsNLk+kChcaU9wZaqOEqUSRtcFrHk5NRKINXR Dtb2wkXLl8nbXHw2/9m0VV4cLqH7GzGBgUjsQUiXlvuLudB4YDGIELFWmLU8xde6nbLk 46icgGkALhbEmFgac3M/3y9ltuGTKQCIwXzibasOnCML1yv1A1gOonhFj55ey7pNuVj4 MBW2DqJgOuP49VKOMhAxrkqcUWrfYjJXbGSTfrclKCM7PLCg43X4OBcihPCkyEpzacNu z/xQ== X-Gm-Message-State: AO0yUKWKUudGsflx0ShXlkhZKAOhRFS2puS6qjGEvZeREoPOLIrrQvC0 dYChJ+5LaiG1kFwut07tvx5qfkd2OxmuK0iFxoo= X-Google-Smtp-Source: AK7set8y8sihXK/lxl3DsNS4mXWlk1Jw0nCgqN0OlZ4G0Ufjjbri6s5I/Qys8pVJbZgE0CqevNBk8Q== X-Received: by 2002:a62:1790:0:b0:590:67e8:f2f5 with SMTP id 138-20020a621790000000b0059067e8f2f5mr1352074pfx.23.1674657735127; Wed, 25 Jan 2023 06:42:15 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:14 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/16] cve-check: write the cve manifest to IMGDEPLOYDIR Date: Wed, 25 Jan 2023 04:41:48 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176356 From: Jermain Horsman When building an image cve_check_write_rootfs_manifest() would sometimes fail with a FileNotFoundError when writing the manifest.cve due to the parent directory (DEPLOY_DIR_IMAGE) not (yet) existing. The image task will provide the manifest in the deploy directory afterwards, so other recipes depending on the manifest being in DEPLOY_DIR_IMAGE should continue to function properly. Signed-off-by: Jermain Horsman Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 00fb2aae22ce0d7ff5f3f8766fa770eeb4e73483) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 4fc4e545e4..87a59d5c6d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -42,8 +42,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" -CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" -CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" +CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" +CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" @@ -195,7 +195,7 @@ python cve_check_write_rootfs_manifest () { recipies.add(pkg_data["PN"]) bb.note("Writing rootfs CVE manifest") - deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") + deploy_dir = d.getVar("IMGDEPLOYDIR") link_name = d.getVar("IMAGE_LINK_NAME") json_data = {"version":"1", "package": []} From patchwork Wed Jan 25 14:41:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18635 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 341DEC54E94 for ; Wed, 25 Jan 2023 14:42:27 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.46708.1674657738208683198 for ; Wed, 25 Jan 2023 06:42:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=H8sqTfTe; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id n2so198470pfo.3 for ; Wed, 25 Jan 2023 06:42:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fu2jxwjnbBNvjgssPJZykZk5DYyM7ZeC8PG8LR+LcrU=; b=H8sqTfTev8OEdidzlfRlRKjt10vLDiw/KhW1Y7ITQJZ2olis9OCildOq+av9m2k1Hr 3KJK3icYwjlQSaofZP+edXSwTT94Ajw62rnSUX6wc5uwrjHUEBz79nD+bpjuL1niavjd WrmhgCHKYiAdqp+74g/DKqH1fOEUOojRQo1BIagHSkJfUuWnW1DgSCLC6vGGpC7hpwcp zzCfIeAopJsAebvdYEuKexI837Y+O8TcejWYA/LdJFmrJX2Yk2l7NYGLhg6AKCdtoyIB Rc0Y9jRIUCIC52LYRWyQFa7pSOfH1ByVA9dqXcVGBcc5o22E5DrXjj5+zszWu0HyYujW S2Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fu2jxwjnbBNvjgssPJZykZk5DYyM7ZeC8PG8LR+LcrU=; b=wULyVJKFShNCzmDZqMEgK5MieUuS2ZJMkKeSpuPNBHSl5a3poAv1IsbOMFIhuok/MS npMvMGDK+1OzcWtzG+s0FsWRGLzE4R/3EJlcIq7h/KBaKBMUIsY7aRc2Wg0/EX3CovHz 9Ts6CHRvUvpMpdsMMrUL9p7YzPV7HNsOgGIzsZRZv4ThsKtzQsHfRFWysCwbawCPHGHz BBd2lsLt/8fNugfSUa1Ld2alGfzCfLjHMH9JZ21kIfVRR3l/IV6WAvRqqo7hTmuuyJ70 l8CDI64QrH9TkzfM7gfbl1dEGLNL19SMWVuE/nEEn4SbNnGrlS6qLIKcftr2gTsFuxqj 46wQ== X-Gm-Message-State: AO0yUKVKhdp65CghHQ6jcpuCyaguksNQhjl6t+g07+wPKx2rlHd0Qns/ 0xgG2U5nIKQe6RMqroYhqwt/DCmtug5saHBS5Vg= X-Google-Smtp-Source: AK7set91PHD8eufRfhhfsuBwEh7rxMadMYLhsGnvieNy58cn7OU2hM7txaDShjVr6z50NkO2O7gnFw== X-Received: by 2002:aa7:95b9:0:b0:590:63d3:260 with SMTP id a25-20020aa795b9000000b0059063d30260mr1469111pfk.19.1674657737123; Wed, 25 Jan 2023 06:42:17 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:16 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/16] cairo: fix CVE patches assigned wrong CVE number Date: Wed, 25 Jan 2023 04:41:49 -1000 Message-Id: <8b1f40639c16286937f04b9b50cef3d759bf442e.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176357 From: Quentin Schulz CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 and vice-versa. This swaps both files and edit the CVE field to report the correct identifier. Cc: Quentin Schulz Signed-off-by: Quentin Schulz Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit f12c2a5ac94cb29f473f3c7e335463c7fb6d8a6e) Signed-off-by: Steve Sakoman --- .../cairo/cairo/CVE-2019-6461.patch | 46 ++++++------------- .../cairo/cairo/CVE-2019-6462.patch | 46 +++++++++++++------ 2 files changed, 46 insertions(+), 46 deletions(-) diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 0b7d9a0c36..a2dba6cb20 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch @@ -1,40 +1,20 @@ -CVE: CVE-2019-6461 -Upstream-Status: Backport -Signed-off-by: Quentin Schulz - -From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 -From: Heiko Lewin -Date: Sun, 1 Aug 2021 11:16:03 +0000 -Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop +There is an assertion in function _cairo_arc_in_direction(). ---- - src/cairo-arc.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) +CVE: CVE-2019-6461 +Upstream-Status: Pending +Signed-off-by: Ross Burton diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1c891d1a0 100644 +index 390397bae..1bde774a4 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) - { M_PI / 11.0, 9.81410988043554039085e-09 }, - }; - int table_size = ARRAY_LENGTH (table); -+ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; - for (i = 0; i < table_size; i++) - if (table[i].error < tolerance) - return table[i].angle; +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; - ++i; -+ - do { - angle = M_PI / i++; - error = _arc_error_normalized (angle); -- } while (error > tolerance); -+ } while (error > tolerance && i < max_segments); - - return angle; - } --- -2.38.1 - + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch index 4e4598c5b5..7c3209291b 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch @@ -1,20 +1,40 @@ -There is an assertion in function _cairo_arc_in_direction(). - CVE: CVE-2019-6462 -Upstream-Status: Pending -Signed-off-by: Ross Burton +Upstream-Status: Backport +Signed-off-by: Quentin Schulz + +From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 +From: Heiko Lewin +Date: Sun, 1 Aug 2021 11:16:03 +0000 +Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop + +--- + src/cairo-arc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 +index 390397bae..1c891d1a0 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; +@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + { M_PI / 11.0, 9.81410988043554039085e-09 }, + }; + int table_size = ARRAY_LENGTH (table); ++ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ -- assert (angle_max >= angle_min); -+ if (angle_max < angle_min) -+ return; + for (i = 0; i < table_size; i++) + if (table[i].error < tolerance) + return table[i].angle; - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); + ++i; ++ + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && i < max_segments); + + return angle; + } +-- +2.38.1 + From patchwork Wed Jan 25 14:41:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18637 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41939C54EAA for ; Wed, 25 Jan 2023 14:42:27 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.46712.1674657740409012310 for ; Wed, 25 Jan 2023 06:42:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=havbPQ14; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id 200so13552780pfx.7 for ; Wed, 25 Jan 2023 06:42:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tCoPAtCYlpT1qI7FmQ0hpotWUtxpJl2GlxLIG7e9c3A=; b=havbPQ14TP1wHPlSyF9fbY9sQH1yaHc5ugF67I+LgW/7rF0bxzy0bxF3sdgvwVxxx1 C3lnSsXpJpr9UOzKmfZL3MR/ogaf7WRhdY9y3hS9tJsBeui/xmK2RX4l8U7f9ri8e+UY D9hULWhoJo/d/L3oHkBgbSRXF2HggopliT0GPclWssGw94zc2BSC2wWvA2VADj2JWXM9 tdnm8JouiDSXiszbrRACuRVQOHKNkH0MmFdFTeFfienjjJMXJkrq+V3iqPrrjEaMtg20 o/z45hRdx9LvrG96YHZHk1GWmtgWDkC+2VeLYOQT712LgvcLNgiT3/iKMGx87AFvqzjt YzjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tCoPAtCYlpT1qI7FmQ0hpotWUtxpJl2GlxLIG7e9c3A=; b=ZMzWpcz1j9yeCDXK3yFXgzrhxLtOGE9fMSbJQy2sVwxu1HGHQ9PS0kTCIJM7OCa3kw U37OARSzRxa9QtBz5XXBDPli17zLLw4+GNX62T2zlySMLik1ZfTikaiAzkA17h1l+msY WRXdEA6Q7zfKnNwvQh6di/c7AuL6vD8wOv+UdQGwWemxspiVDymza2gXmJUf1sd4Z2S0 F930vgp96v6BRcyJLSKABKr0V7X4dLJwHJJNPtbW13PNlKrJb0wmkyI2J3PJyPicpROL l137COlnrB1PuJG2iJjJJfRoB2B4UutVl8RRHz2vtNO4yObVC535uuljqLCEtnJfQZEb o4GQ== X-Gm-Message-State: AFqh2koPz/pjmj/ZV4Y0jHVOq14AyzROsCPG5O8AMxnLuaUNmeu9Qqto ReRlZwyZXv3jOVav53UvEdPOUH4EkHyQDJ0RUA4= X-Google-Smtp-Source: AMrXdXsK2aaXdSfzgOnaRwim6EsQuJHHZl59eoIteR2KhZGi0IOBf9IBINFYqG2rErjvepzBUTlRiA== X-Received: by 2002:a05:6a00:4291:b0:573:f869:2115 with SMTP id bx17-20020a056a00429100b00573f8692115mr32985646pfb.9.1674657739334; Wed, 25 Jan 2023 06:42:19 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/16] QEMU: CVE-2022-4144 QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read Date: Wed, 25 Jan 2023 04:41:50 -1000 Message-Id: <7fdb46a83e117459780d5cd0997b0666b7b1a081.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176358 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2022-4144.patch | 103 ++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index fff2c87780..898fa1a8d8 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -115,6 +115,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3638.patch \ file://CVE-2021-20196.patch \ file://CVE-2021-3507.patch \ + file://CVE-2022-4144.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch new file mode 100644 index 0000000000..3f0d5fbd5c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch @@ -0,0 +1,103 @@ +From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Mon, 28 Nov 2022 21:27:40 +0100 +Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt + (CVE-2022-4144) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Have qxl_get_check_slot_offset() return false if the requested +buffer size does not fit within the slot memory region. + +Similarly qxl_phys2virt() now returns NULL in such case, and +qxl_dirty_one_surface() aborts. + +This avoids buffer overrun in the host pointer returned by +memory_region_get_ram_ptr(). + +Fixes: CVE-2022-4144 (out-of-bounds read) +Reported-by: Wenxu Yin (@awxylitol) +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336 + +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Stefan Hajnoczi +Message-Id: <20221128202741.4945-5-philmd@linaro.org> + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622] +CVE: CVE-2022-4144 +Comments: Deleted patch hunk in qxl.h,as it contains change +in comments which is not present in current version of qemu. + +Signed-off-by: Hitendra Prajapati +--- + hw/display/qxl.c | 27 +++++++++++++++++++++++---- + 1 file changed, 23 insertions(+), 4 deletions(-) + +diff --git a/hw/display/qxl.c b/hw/display/qxl.c +index cd7eb39d..6bc8385b 100644 +--- a/hw/display/qxl.c ++++ b/hw/display/qxl.c +@@ -1440,11 +1440,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) + + /* can be also called from spice server thread context */ + static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, +- uint32_t *s, uint64_t *o) ++ uint32_t *s, uint64_t *o, ++ size_t size_requested) + { + uint64_t phys = le64_to_cpu(pqxl); + uint32_t slot = (phys >> (64 - 8)) & 0xff; + uint64_t offset = phys & 0xffffffffffff; ++ uint64_t size_available; + + if (slot >= NUM_MEMSLOTS) { + qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, +@@ -1468,6 +1470,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + slot, offset, qxl->guest_slots[slot].size); + return false; + } ++ size_available = memory_region_size(qxl->guest_slots[slot].mr); ++ if (qxl->guest_slots[slot].offset + offset >= size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n", ++ slot, qxl->guest_slots[slot].offset + offset, ++ size_available); ++ return false; ++ } ++ size_available -= qxl->guest_slots[slot].offset + offset; ++ if (size_requested > size_available) { ++ qxl_set_guest_bug(qxl, ++ "slot %d offset %"PRIu64" size %zu: " ++ "overrun by %"PRIu64" bytes\n", ++ slot, offset, size_requested, ++ size_requested - size_available); ++ return false; ++ } + + *s = slot; + *o = offset; +@@ -1486,7 +1505,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) + offset = le64_to_cpu(pqxl) & 0xffffffffffff; + return (void *)(intptr_t)offset; + case MEMSLOT_GROUP_GUEST: +- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { ++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) { + return NULL; + } + ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr); +@@ -1944,9 +1963,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + uint32_t slot; + bool rc; + +- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset); +- assert(rc == true); + size = (uint64_t)height * abs(stride); ++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size); ++ assert(rc == true); + trace_qxl_surfaces_dirty(qxl->id, offset, size); + qxl_set_dirty(qxl->guest_slots[slot].mr, + qxl->guest_slots[slot].offset + offset, +-- +2.25.1 + From patchwork Wed Jan 25 14:41:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18636 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42349C61D9D for ; Wed, 25 Jan 2023 14:42:27 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web10.46648.1674657742295117794 for ; Wed, 25 Jan 2023 06:42:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=tW3facUc; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id r18so13505429pgr.12 for ; Wed, 25 Jan 2023 06:42:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jh+SmlUbXGGq7Ay5wurrHigFEShalXtI2xtEz33QvYs=; b=tW3facUcx0s7qKShkMnUc1bWc8+1C7k54vtut/+YuyaNAAewJprYQR07t+68hDTkRU /zFX4Buz5tkdKmUKkHjHXY17Ag2T8NPLFd0E/a9nAwxOm5bxdUuFtKhKO73urxpCCGd4 E7pKZhxOqSuup8RtpCfl1VV8E7vfa9OjpP4J3VsIHr6zc/80HfwxKDcVBY5mOI7VgKCB i+ZOzKmEsI+RVxnvkPWxoXYjS2qusUA/rnOHm/M5rsf0/6FGhsklaxEL+edsx6go18+b 9axmSbIRD3Ldi/ZCFaioSsgmZk3q4hoZBVW2Wbk/jzGbNYDpkgVsCsj6hkgLxpY3NUn+ oFDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jh+SmlUbXGGq7Ay5wurrHigFEShalXtI2xtEz33QvYs=; b=Gr9uvi3imh8jGk5srgFTeGylzftMDTHjFZcl4G/Jy7OA/tHhKIJxtGQpH4UYv+oq9r qdJsJvcN8c9FcCEBe8mBxMukuaFFJyuKGA3ZUBqy/na1uOG5SbPouDcEJ0fsrPx5TgGs ebOfL0acFFddqWfR7jtytAI6gTGQtmXB+qccwH2x8va11Y78asVbTvEiv05tjrwl0uC3 H+hQp/MHD8ys2RfK5WQRnDh8WKS76OAwsMsy1zolBT/PEX+7KRRWU7FmkKubzmVgWo7a NlnP7dbjFX8BWjF7GHFtoUrqcG/X8k/8UTPgKvQTH3Rrs59xQt4O06WLJIIenAh6+q3+ Wa7Q== X-Gm-Message-State: AO0yUKWPF84NlbQ7HLShvKZCD3vJChJhxReuACI0jE1iaKGRa+O5ZYSV I+md1qz3x3zTPmWpqogfg0WgWoorc2ig06zdQqM= X-Google-Smtp-Source: AK7set9sKhpaCm0o2scZsAc/GL70QWZJjoTf+1MoAV/v+P5SBwa3AbPQzNUwyQN1YluYXuqGdEyfew== X-Received: by 2002:a05:6a00:21d2:b0:590:752f:3c54 with SMTP id t18-20020a056a0021d200b00590752f3c54mr574482pfj.14.1674657741332; Wed, 25 Jan 2023 06:42:21 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:20 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/16] ffmpeg: Fix CVE-2022-3109 Date: Wed, 25 Jan 2023 04:41:51 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176359 From: Bhabu Bindu Add patch to fix CVE-2022-3109 Link: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- .../ffmpeg/ffmpeg/CVE-2022-3109.patch | 41 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch new file mode 100644 index 0000000000..febf49cff2 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch @@ -0,0 +1,41 @@ +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Tue, 15 Feb 2022 17:58:08 +0800 +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc + +Since the av_malloc() may fail and return NULL pointer, +it is needed that the 's->edge_emu_buffer' should be checked +whether the new allocation is success. + +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048") + +CVE: CVE-2022-3109 +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568] +Comments: Refreshed hunk + +Reviewed-by: Peter Ross +Signed-off-by: Jiasheng Jiang +Signed-off-by: Bhabu Bindu +--- + libavcodec/vp3.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c +index e9ab54d73677..e2418eb6fa04 100644 +--- a/libavcodec/vp3.c ++++ b/libavcodec/vp3.c +@@ -2740,8 +2740,13 @@ + if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0) + goto error; + +- if (!s->edge_emu_buffer) ++ if (!s->edge_emu_buffer) { + s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0])); ++ if (!s->edge_emu_buffer) { ++ ret = AVERROR(ENOMEM); ++ goto error; ++ } ++ } + + if (s->keyframe) { + if (!s->theora) { diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index cbfdbf0563..ffeec92e0e 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb @@ -30,6 +30,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2021-3566.patch \ file://CVE-2021-38291.patch \ file://CVE-2022-1475.patch \ + file://CVE-2022-3109.patch \ " SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" From patchwork Wed Jan 25 14:41:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18638 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A38EC61D97 for ; Wed, 25 Jan 2023 14:42:27 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.46712.1674657740409012310 for ; Wed, 25 Jan 2023 06:42:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=XVVIjane; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id 200so13552926pfx.7 for ; Wed, 25 Jan 2023 06:42:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Q3nNfs9oM+rdMp0S6N+y7uJXt5LpQJSdF0hTXcO4hRs=; b=XVVIjanef/MerFznUEDGIaFRmfbv0dQFYgiLeUmRZqGa0uW05oH/Fp8JuVFHmVFW/g WD4wS/m9G9MbEF2JpsShwSM+wfk0ej/ORsJCD8nj6MdhRgxca1+/u/PDM8EZHNv1i9mT 2QFGmBkIO6+f9SrIAsCGAPZtltg9ORSDVpHCEOIQ3NcDFLAUMIR2qA0eypUlI85k3NhU 5Oy6xOK/6rVqy1zvqgkq1yAnb/6XSp59YJoXX6bCQJv465KVa97h01FoKRT1SKVFyM2D NxnahTZktuUkO/290KfCufVlcIszkprTBoPAkF/Mc1YxHsBZAb/gHQGmE7GDw+XZBoqz T85g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q3nNfs9oM+rdMp0S6N+y7uJXt5LpQJSdF0hTXcO4hRs=; b=bYQv8OkpADcNIrl0H0KYulQHiydh+N4YxmVp/qUwfE+TIGWah2RvBxiZmA9uBWwgkV TRjnWJpZdmIXuxnttOJSOopjG0a8ypYN3xn+GhRNaLLPU0O9hs2f3H5oZl8AqPfARS8i p9TB2GatScSbIkuJY64YsWcUbtCmXo9c7gpf7gDWtXZUQDDZH10s1NQkG7dX3Yh0P63o O+MeSuw2KWwMN1LEORYo/vQc/RRoi59tPu3NqgVpBk6NoibYxyam0ALXDcs8h2w8BLBZ eX9M1ilcYvaosEC1GMShVUUKqOGme7hwj4BxaG+UXsxeUsNA0oQmEGGs2X+9zkSBDqIR XWZg== X-Gm-Message-State: AO0yUKVAslTHbyzpvum0P5uqPn7N0F8Cc5V/iu/rK5gA0wIN/MCB7Ixf DCxCPKhr2+Y+utx+3u0sqYOJSbjBl1IrA2K3Fec= X-Google-Smtp-Source: AK7set/qVEU6ZrgapeGNGZIRAo32rWOSwqlb39RsBV8LO327tkwisDakJhugdyHM1qS+DaViocmj9A== X-Received: by 2002:a05:6a00:3014:b0:590:644c:ed52 with SMTP id ay20-20020a056a00301400b00590644ced52mr1504971pfb.19.1674657743257; Wed, 25 Jan 2023 06:42:23 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:22 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/16] xserver-xorg: Fix Multiple CVEs Date: Wed, 25 Jan 2023 04:41:52 -1000 Message-Id: <41035c7b55200b488b21d062fe05326cd8dde3a3.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176360 From: Hitendra Prajapati CVE-2022-4283: xkb: reset the radio_groups pointer to NULL after freeing it Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c CVE-2022-46340: Xtest: disallow GenericEvents in XTestSwapFakeInput Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63 CVE-2022-46341: Xi: disallow passive grabs with a detail > 255 Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b CVE-2022-46342: Xext: free the XvRTVideoNotify when turning off from the same client Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b CVE-2022-46343: Xext: free the screen saver resource when replacing it Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900 CVE-2022-46344: Xi: avoid integer truncation in length check of ProcXIChangeProperty Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../xserver-xorg/CVE-2022-4283.patch | 39 +++++++++ .../xserver-xorg/CVE-2022-46340.patch | 55 ++++++++++++ .../xserver-xorg/CVE-2022-46341.patch | 86 +++++++++++++++++++ .../xserver-xorg/CVE-2022-46342.patch | 78 +++++++++++++++++ .../xserver-xorg/CVE-2022-46343.patch | 51 +++++++++++ .../xserver-xorg/CVE-2022-46344.patch | 75 ++++++++++++++++ .../xorg-xserver/xserver-xorg_1.20.14.bb | 8 +- 7 files changed, 391 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-4283.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46340.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46341.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46342.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46343.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46344.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-4283.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-4283.patch new file mode 100644 index 0000000000..3f6b68fea8 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-4283.patch @@ -0,0 +1,39 @@ +From ccdd431cd8f1cabae9d744f0514b6533c438908c Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Mon, 5 Dec 2022 15:55:54 +1000 +Subject: [PATCH] xkb: reset the radio_groups pointer to NULL after freeing it + +Unlike other elements of the keymap, this pointer was freed but not +reset. On a subsequent XkbGetKbdByName request, the server may access +already freed memory. + +CVE-2022-4283, ZDI-CAN-19530 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Acked-by: Olivier Fourdan + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c] +CVE: CVE-2022-4283 +Signed-off-by: Hitendra Prajapati +--- + xkb/xkbUtils.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c +index 8975ade..9bc51fc 100644 +--- a/xkb/xkbUtils.c ++++ b/xkb/xkbUtils.c +@@ -1327,6 +1327,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr dst) + } + else { + free(dst->names->radio_groups); ++ dst->names->radio_groups = NULL; + } + dst->names->num_rg = src->names->num_rg; + +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46340.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46340.patch new file mode 100644 index 0000000000..a6c97485cd --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46340.patch @@ -0,0 +1,55 @@ +From b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 29 Nov 2022 12:55:45 +1000 +Subject: [PATCH] Xtest: disallow GenericEvents in XTestSwapFakeInput + +XTestSwapFakeInput assumes all events in this request are +sizeof(xEvent) and iterates through these in 32-byte increments. +However, a GenericEvent may be of arbitrary length longer than 32 bytes, +so any GenericEvent in this list would result in subsequent events to be +misparsed. + +Additional, the swapped event is written into a stack-allocated struct +xEvent (size 32 bytes). For any GenericEvent longer than 32 bytes, +swapping the event may thus smash the stack like an avocado on toast. + +Catch this case early and return BadValue for any GenericEvent. +Which is what would happen in unswapped setups anyway since XTest +doesn't support GenericEvent. + +CVE-2022-46340, ZDI-CAN 19265 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Acked-by: Olivier Fourdan + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63] +CVE: CVE-2022-46340 +Signed-off-by: Hitendra Prajapati +--- + Xext/xtest.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/Xext/xtest.c b/Xext/xtest.c +index 38b8012..bf11789 100644 +--- a/Xext/xtest.c ++++ b/Xext/xtest.c +@@ -501,10 +501,11 @@ XTestSwapFakeInput(ClientPtr client, xReq * req) + + nev = ((req->length << 2) - sizeof(xReq)) / sizeof(xEvent); + for (ev = (xEvent *) &req[1]; --nev >= 0; ev++) { ++ int evtype = ev->u.u.type & 0x177; + /* Swap event */ +- proc = EventSwapVector[ev->u.u.type & 0177]; ++ proc = EventSwapVector[evtype]; + /* no swapping proc; invalid event type? */ +- if (!proc || proc == NotImplemented) { ++ if (!proc || proc == NotImplemented || evtype == GenericEvent) { + client->errorValue = ev->u.u.type; + return BadValue; + } +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46341.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46341.patch new file mode 100644 index 0000000000..0ef6e5fc9f --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46341.patch @@ -0,0 +1,86 @@ +From 51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 29 Nov 2022 13:55:32 +1000 +Subject: [PATCH] Xi: disallow passive grabs with a detail > 255 + +The XKB protocol effectively prevents us from ever using keycodes above +255. For buttons it's theoretically possible but realistically too niche +to worry about. For all other passive grabs, the detail must be zero +anyway. + +This fixes an OOB write: + +ProcXIPassiveUngrabDevice() calls DeletePassiveGrabFromList with a +temporary grab struct which contains tempGrab->detail.exact = stuff->detail. +For matching existing grabs, DeleteDetailFromMask is called with the +stuff->detail value. This function creates a new mask with the one bit +representing stuff->detail cleared. + +However, the array size for the new mask is 8 * sizeof(CARD32) bits, +thus any detail above 255 results in an OOB array write. + +CVE-2022-46341, ZDI-CAN 19381 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Acked-by: Olivier Fourdan + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b] +CVE: CVE-2022-46341 +Signed-off-by: Hitendra Prajapati +--- + Xi/xipassivegrab.c | 22 ++++++++++++++-------- + 1 file changed, 14 insertions(+), 8 deletions(-) + +diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c +index d30f51f..89a5910 100644 +--- a/Xi/xipassivegrab.c ++++ b/Xi/xipassivegrab.c +@@ -133,6 +133,12 @@ ProcXIPassiveGrabDevice(ClientPtr client) + return BadValue; + } + ++ /* XI2 allows 32-bit keycodes but thanks to XKB we can never ++ * implement this. Just return an error for all keycodes that ++ * cannot work anyway, same for buttons > 255. */ ++ if (stuff->detail > 255) ++ return XIAlreadyGrabbed; ++ + if (XICheckInvalidMaskBits(client, (unsigned char *) &stuff[1], + stuff->mask_len * 4) != Success) + return BadValue; +@@ -203,14 +209,8 @@ ProcXIPassiveGrabDevice(ClientPtr client) + ¶m, XI2, &mask); + break; + case XIGrabtypeKeycode: +- /* XI2 allows 32-bit keycodes but thanks to XKB we can never +- * implement this. Just return an error for all keycodes that +- * cannot work anyway */ +- if (stuff->detail > 255) +- status = XIAlreadyGrabbed; +- else +- status = GrabKey(client, dev, mod_dev, stuff->detail, +- ¶m, XI2, &mask); ++ status = GrabKey(client, dev, mod_dev, stuff->detail, ++ ¶m, XI2, &mask); + break; + case XIGrabtypeEnter: + case XIGrabtypeFocusIn: +@@ -319,6 +319,12 @@ ProcXIPassiveUngrabDevice(ClientPtr client) + return BadValue; + } + ++ /* We don't allow passive grabs for details > 255 anyway */ ++ if (stuff->detail > 255) { ++ client->errorValue = stuff->detail; ++ return BadValue; ++ } ++ + rc = dixLookupWindow(&win, stuff->grab_window, client, DixSetAttrAccess); + if (rc != Success) + return rc; +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46342.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46342.patch new file mode 100644 index 0000000000..23fef3f321 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46342.patch @@ -0,0 +1,78 @@ +From b79f32b57cc0c1186b2899bce7cf89f7b325161b Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Wed, 30 Nov 2022 11:20:40 +1000 +Subject: [PATCH] Xext: free the XvRTVideoNotify when turning off from the same + client + +This fixes a use-after-free bug: + +When a client first calls XvdiSelectVideoNotify() on a drawable with a +TRUE onoff argument, a struct XvVideoNotifyRec is allocated. This struct +is added twice to the resources: + - as the drawable's XvRTVideoNotifyList. This happens only once per + drawable, subsequent calls append to this list. + - as the client's XvRTVideoNotify. This happens for every client. + +The struct keeps the ClientPtr around once it has been added for a +client. The idea, presumably, is that if the client disconnects we can remove +all structs from the drawable's list that match the client (by resetting +the ClientPtr to NULL), but if the drawable is destroyed we can remove +and free the whole list. + +However, if the same client then calls XvdiSelectVideoNotify() on the +same drawable with a FALSE onoff argument, only the ClientPtr on the +existing struct was set to NULL. The struct itself remained in the +client's resources. + +If the drawable is now destroyed, the resource system invokes +XvdiDestroyVideoNotifyList which frees the whole list for this drawable +- including our struct. This function however does not free the resource +for the client since our ClientPtr is NULL. + +Later, when the client is destroyed and the resource system invokes +XvdiDestroyVideoNotify, we unconditionally set the ClientPtr to NULL. On +a struct that has been freed previously. This is generally frowned upon. + +Fix this by calling FreeResource() on the second call instead of merely +setting the ClientPtr to NULL. This removes the struct from the client +resources (but not from the list), ensuring that it won't be accessed +again when the client quits. + +Note that the assignment tpn->client = NULL; is superfluous since the +XvdiDestroyVideoNotify function will do this anyway. But it's left for +clarity and to match a similar invocation in XvdiSelectPortNotify. + +CVE-2022-46342, ZDI-CAN 19400 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Acked-by: Olivier Fourdan + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b] +CVE: CVE-2022-46342 +Signed-off-by: Hitendra Prajapati +--- + Xext/xvmain.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Xext/xvmain.c b/Xext/xvmain.c +index c520c7d..5f4c174 100644 +--- a/Xext/xvmain.c ++++ b/Xext/xvmain.c +@@ -811,8 +811,10 @@ XvdiSelectVideoNotify(ClientPtr client, DrawablePtr pDraw, BOOL onoff) + tpn = pn; + while (tpn) { + if (tpn->client == client) { +- if (!onoff) ++ if (!onoff) { + tpn->client = NULL; ++ FreeResource(tpn->id, XvRTVideoNotify); ++ } + return Success; + } + if (!tpn->client) +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46343.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46343.patch new file mode 100644 index 0000000000..838f7d3726 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46343.patch @@ -0,0 +1,51 @@ +From 842ca3ccef100ce010d1d8f5f6d6cc1915055900 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 29 Nov 2022 14:53:07 +1000 +Subject: [PATCH] Xext: free the screen saver resource when replacing it + +This fixes a use-after-free bug: + +When a client first calls ScreenSaverSetAttributes(), a struct +ScreenSaverAttrRec is allocated and added to the client's +resources. + +When the same client calls ScreenSaverSetAttributes() again, a new +struct ScreenSaverAttrRec is allocated, replacing the old struct. The +old struct was freed but not removed from the clients resources. + +Later, when the client is destroyed the resource system invokes +ScreenSaverFreeAttr and attempts to clean up the already freed struct. + +Fix this by letting the resource system free the old attrs instead. + +CVE-2022-46343, ZDI-CAN 19404 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Acked-by: Olivier Fourdan + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900] +CVE: CVE-2022-46343 +Signed-off-by: Hitendra Prajapati +--- + Xext/saver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Xext/saver.c b/Xext/saver.c +index c23907d..05b9ca3 100644 +--- a/Xext/saver.c ++++ b/Xext/saver.c +@@ -1051,7 +1051,7 @@ ScreenSaverSetAttributes(ClientPtr client) + pVlist++; + } + if (pPriv->attr) +- FreeScreenAttr(pPriv->attr); ++ FreeResource(pPriv->attr->resource, AttrType); + pPriv->attr = pAttr; + pAttr->resource = FakeClientID(client->index); + if (!AddResource(pAttr->resource, AttrType, (void *) pAttr)) +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46344.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46344.patch new file mode 100644 index 0000000000..e25afa0d16 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46344.patch @@ -0,0 +1,75 @@ +From 8f454b793e1f13c99872c15f0eed1d7f3b823fe8 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 29 Nov 2022 13:26:57 +1000 +Subject: [PATCH] Xi: avoid integer truncation in length check of + ProcXIChangeProperty + +This fixes an OOB read and the resulting information disclosure. + +Length calculation for the request was clipped to a 32-bit integer. With +the correct stuff->num_items value the expected request size was +truncated, passing the REQUEST_FIXED_SIZE check. + +The server then proceeded with reading at least stuff->num_items bytes +(depending on stuff->format) from the request and stuffing whatever it +finds into the property. In the process it would also allocate at least +stuff->num_items bytes, i.e. 4GB. + +The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty, +so let's fix that too. + +CVE-2022-46344, ZDI-CAN 19405 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Acked-by: Olivier Fourdan + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8] +CVE: CVE-2022-46344 +Signed-off-by: Hitendra Prajapati +--- + Xi/xiproperty.c | 4 ++-- + dix/property.c | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c +index 6ec419e..0cfa6e3 100644 +--- a/Xi/xiproperty.c ++++ b/Xi/xiproperty.c +@@ -890,7 +890,7 @@ ProcXChangeDeviceProperty(ClientPtr client) + REQUEST(xChangeDevicePropertyReq); + DeviceIntPtr dev; + unsigned long len; +- int totalSize; ++ uint64_t totalSize; + int rc; + + REQUEST_AT_LEAST_SIZE(xChangeDevicePropertyReq); +@@ -1128,7 +1128,7 @@ ProcXIChangeProperty(ClientPtr client) + { + int rc; + DeviceIntPtr dev; +- int totalSize; ++ uint64_t totalSize; + unsigned long len; + + REQUEST(xXIChangePropertyReq); +diff --git a/dix/property.c b/dix/property.c +index ff1d669..6fdb74a 100644 +--- a/dix/property.c ++++ b/dix/property.c +@@ -205,7 +205,8 @@ ProcChangeProperty(ClientPtr client) + WindowPtr pWin; + char format, mode; + unsigned long len; +- int sizeInBytes, totalSize, err; ++ int sizeInBytes, err; ++ uint64_t totalSize; + + REQUEST(xChangePropertyReq); + +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb index 4f5528f78b..ab18a87a3d 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb @@ -8,7 +8,13 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2022-3550.patch \ file://CVE-2022-3551.patch \ file://CVE-2022-3553.patch \ - " + file://CVE-2022-4283.patch \ + file://CVE-2022-46340.patch \ + file://CVE-2022-46341.patch \ + file://CVE-2022-46342.patch \ + file://CVE-2022-46343.patch \ + file://CVE-2022-46344.patch \ +" SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf" SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066" From patchwork Wed Jan 25 14:41:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18634 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 341ABC27C76 for ; Wed, 25 Jan 2023 14:42:27 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web10.46654.1674657746634631299 for ; Wed, 25 Jan 2023 06:42:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=3LrWU6as; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id x2-20020a17090a46c200b002295ca9855aso2249898pjg.2 for ; Wed, 25 Jan 2023 06:42:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zAHIIOldCcvGfY4edpHBaLZ+nINO/yg5dj0XGcQ245M=; b=3LrWU6asWXy5NbQ/VL4d8IqoTWe+dv01dqPqzMXk/2s6iwz4CorOXQX9ctNxiQCHau aNmprciJ8gIpzbw4QXBx0JXOK1kw3AzlDbQkFm2W5lkThPdmPLIwoKTbZkLam6DFU5jz o4mWcv40IV4vPfKin4oPAqfYXCrpi6M/bFwvUUOVZTnWMvt+HLzDRSZTyNlpu/aJeLjG Xn12bKrgO7Ia542c3ZLud0Z7BsQKeGD5f8HxLPigiNsJhAu4Y1gEr3SF3++Wnogyy7Ys kLMMAhOfndwoOKXCh1fk2lUyQaxHnLwjUjn18S5pZ5iZYyyTsRQbYryEjFem8zPPzLbu IYRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zAHIIOldCcvGfY4edpHBaLZ+nINO/yg5dj0XGcQ245M=; b=IDiJ/81jFwcm3Ob2jZW07/HLJtKKJDFTyNU3TSogNMoDym7iyAJvE1vhFA/HYqTi2s Jh72o8eeJXGTAQk0hj3v/dYNjFJcrHfqXuFCHauxw2Idmh1VRSKFaoSTSgGiH9Trsm2l WLAf4pYB6yfkC38T+2zcJwqDw0oZPwymBoj/uXtKJEVmGNSqiXsWCi/bP4fqfnAMc3po a43cZLezE3qMDVXDo3mKOXGf2lEgCrM8Y8siHP7wYhyANPxI4hSj02ZNeWkcY8/R4AT4 fF8fJA3LmbBB81WM/9+jfHkFkB2Ej3+rSSPdtC4xcWH3edItrT00VC2ICyByQzO3Fvv6 GAxQ== X-Gm-Message-State: AFqh2kozRjTCoYlrzJIqA0/5tis+4dUUqFX4THlDIuybNkABfkPhHVVI uVff/pOzBg7mfUUk4qlwUjzIaH2kqEqkCVaV0sE= X-Google-Smtp-Source: AMrXdXtHIvgXGGATcx7P1mCxiDNO9Ub+yIzLeMo2hblDtrRtvPX5XBDOUugjUpBSac0m0+UMU/+Mww== X-Received: by 2002:a05:6a20:1b28:b0:b8:ca34:fd5a with SMTP id ch40-20020a056a201b2800b000b8ca34fd5amr31112175pzb.47.1674657745481; Wed, 25 Jan 2023 06:42:25 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:24 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/16] linux-firmware: upgrade 20221109 -> 20221214 Date: Wed, 25 Jan 2023 04:41:53 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176361 From: Alexander Kanavin License-Update: additional files Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 15f3a9f6c4406ddc00f7dc0ca7e1beafe9c71a9f) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20221109.bb => linux-firmware_20221214.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221109.bb => linux-firmware_20221214.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb index 8c132c8f34..e3105053c7 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "ab4ba608dc4b757716871f9be033f0f1" +WHENCE_CHKSUM = "bf7c716d16e48fe118c6209f99b13253" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "c0ddffbbcf30f2e015bddd5c6d3ce1f13976b906aceabda4a57e3c41a3190701" +SRC_URI[sha256sum] = "e793783e92acbde549965521462d1d1327827360664cf242dbda08f075654331" inherit allarch From patchwork Wed Jan 25 14:41:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18641 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34E36C61D97 for ; Wed, 25 Jan 2023 14:42:37 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.46723.1674657751581814107 for ; Wed, 25 Jan 2023 06:42:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=dTya12Ef; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id 144so558729pfv.11 for ; Wed, 25 Jan 2023 06:42:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DBmGOtLfYdQvl6sEqJzGwC7u2QsE1XnHAupM+oGygMQ=; b=dTya12Efw7vbCXCd1PdwKI6kIKYrr9uCcBRnFQiknsDlY3kJ1ko9tHS6rIWCVKzmod ULfBPPBV64i60F0S+zxWYWhviXLPuYfZ9hq/qKx0lpESjpJMAH+XzTicZKdaoJiXyBoL WBs0U0aDuJWHNT7EvXvtQ8hT1LZ0LmWlrbMIiQ0HXWpbtBjuGV1WBK8+yhdARTDkPFux KvewFVeGlGaN3XtRZF2f0pJfsrtP5ptt28vNe4f47LLMiN+5P75fZBI7LeUXB2idDjtl PSPcB9ZRkom89PtOHtZrqfxhGK890+7HSN7x4C7pVaxL3P5FhZRmEvgaQv8AZSxbwyq4 lrWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DBmGOtLfYdQvl6sEqJzGwC7u2QsE1XnHAupM+oGygMQ=; b=zTdAJXLAkIj7by6inV0Jwv+dPBH0n+fikkxGJxD7hZPXx2xwQ0rLBHpqh+DemsByaY ngfDGRF183phYcJ4zvEEb68jvnk7GdhP7wQBgnohD9xrVLxxcwzSenRcEFNo+W1FF264 KV1ifQ9Fge7kGJQjDUEWir9ORKuWN35yLyAA+lVoXPa1NAja2Ta3XOVIAq7HPx5kokCj DUt8rLAdiRj/C5poRuUHxxnJFZfFbBeLGYz46NZd5QTXhjVZhOn9UJKCkDTlDU7YQHaS POzRXzi0/y6yMSXRe7nPF7H7Dg2gF5Rn7tc3zhhMi8TPfGjkxFi6q14u+PynDjby6BUu wKlA== X-Gm-Message-State: AFqh2koyzO4yEzdTY61RZWZVPcRgKoYmW9zJ2vMZWny0oiVjTEv+9Y84 EdNKgIW8ofrqCaaHZJ94RV2A+1G2taBr31GYlW0= X-Google-Smtp-Source: AMrXdXt4O4YecNuhAuZ57XkgrS2jXaBucSvmQzZYupH+274COuNpayGA3Mzsa3MlHiUvmDLbMJUH4g== X-Received: by 2002:a05:6a00:181f:b0:58b:d244:b525 with SMTP id y31-20020a056a00181f00b0058bd244b525mr46605124pfa.17.1674657750440; Wed, 25 Jan 2023 06:42:30 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/16] vim: upgrade 9.0.0947 -> 9.0.1211 Date: Wed, 25 Jan 2023 04:41:54 -1000 Message-Id: <2ae1a6f8fcf02ede94b4f8ae696b6015e2be513c.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176362 From: Randy MacLeod Includes fixes for: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 Signed-off-by: Randy MacLeod Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 1c51068c78d12ee02789a6dbecf5e7e91d141af5) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 1e5ef1c811..46250c0d37 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0947" -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5" +PV .= ".1211" +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Wed Jan 25 14:41:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18639 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34D9AC54E94 for ; Wed, 25 Jan 2023 14:42:37 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web11.46700.1674657730495147498 for ; Wed, 25 Jan 2023 06:42:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=kwaxgbjm; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id 36so13504618pgp.10 for ; Wed, 25 Jan 2023 06:42:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3hOiD74BldmN405RufQryjuMCtfru5NghY/Y0bC0jHo=; b=kwaxgbjmyDe+GjhKc9Bg8clDhXo9DVfkkQlGEbahN7m2b5SoxGDYV3GOETd+omFOj3 Xf25Iob3Z67gtWQ5IYJAIcuym0JDeF8RXhXy+odU70U81iowPKoePPsI6xZ8CoTpJ0Js 3rkAsqhUogUZX91dEBGt00eqNi+9hEHehOPbWL7XAh+9v31oInH2vgkUKzcQOm9HFdM5 VlNhMmlWtcwdomKj96+xEvrpUmyUD5ZMZUfoGggxLN/L4MILiU+AbIYb2+mBpnWgAw7T Y8NvquwjRTRS+uCnTABgtS0brju2UrVazIP77o7XllhRj/9mPb1vnSQjh6DP2Svt6x8S wjnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3hOiD74BldmN405RufQryjuMCtfru5NghY/Y0bC0jHo=; b=T5MoVJfLU1CPhWSFqrMC0B+DI/z1lKUTl5pxlxcaZcHsqN5kEqDmG/y0OHg4qHNvD4 gF6Yoi41eBVNMFfjyzorLjJm0jApLwo5r3kYpzzZXNASqkaznfXOK6vD/zLSeFHPTZ1B MUvbeMsQR1KEwK1G8OMwcLCzy6DKParUwkXTdubqeIgf0OJzX5UWiBQIjFODOuNAKdoM puOzDkrLJuv5oYrIEK4+iKT3C31yCSUfyWhOOGtZLt6PK20kN6k5epBCnDz3mEuQ/M3f pmirG8M9paJS/6uTWEQbj+WYqNnGUqfSUgBVgSWZP/K88nuVzr2rNwQbMYHwOv+SulrE y/CA== X-Gm-Message-State: AFqh2krZpeju5SfrpTO8blGxNLSZoEtuZOMq05g4V0NMyTxKPYv55jqn D8ENDKbE2k+J8PPFEi3oCIx77xI6w8v/1vkqbU0= X-Google-Smtp-Source: AMrXdXviJe67z8IsFaI1NgYJSzzS4JxQHaL+M8rW3pt/r0zhn5C1rUyvTQph0XndY7WTQQH+5dQeCw== X-Received: by 2002:a05:6a00:2ba:b0:576:7fb9:85cc with SMTP id q26-20020a056a0002ba00b005767fb985ccmr30204159pfs.14.1674657752530; Wed, 25 Jan 2023 06:42:32 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:31 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/16] systemd: Consider PACKAGECONFIG in RRECOMMENDS Date: Wed, 25 Jan 2023 04:41:55 -1000 Message-Id: <5a2522c7dd74350d0554e550bc5764794c289422.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176363 From: Niko Mauno Since RRECOMMENDS declaration implictly induces building the recipes that provide the runtime recommended packages, conditionalize adding such values according to associated PACKAGECONFIG settings in order to avoid redundant building. (From OE-Core rev: a1989add927f7805378fe4d5afbde780b747ba77) Signed-off-by: Niko Mauno Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-core/systemd/systemd_244.5.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index 77ef2bc42f..2bca1fbc82 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -404,9 +404,9 @@ FILES_${PN}-binfmt = "${sysconfdir}/binfmt.d/ \ ${rootlibexecdir}/systemd/systemd-binfmt \ ${systemd_unitdir}/system/proc-sys-fs-binfmt_misc.* \ ${systemd_unitdir}/system/systemd-binfmt.service" -RRECOMMENDS_${PN}-binfmt = "kernel-module-binfmt-misc" +RRECOMMENDS_${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}" -RRECOMMENDS_${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps" +RRECOMMENDS_${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}" FILES_${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \ From patchwork Wed Jan 25 14:41:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18640 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 323B4C27C76 for ; Wed, 25 Jan 2023 14:42:37 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web10.46664.1674657755630056628 for ; Wed, 25 Jan 2023 06:42:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=J0AsriL3; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id d10so13497003pgm.13 for ; Wed, 25 Jan 2023 06:42:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WTKkzQg7q4a6DLzIWAC7Yec47qBOSSmJ2RIyAK49Ynk=; b=J0AsriL3q0HCg0lR3Q/Iz9SLT/OpB4Y+DIAJw4zHCKcRnIRkrpNqM5susAlVrezh2W shVN9S89dL34uXwyN51j7fb6ddnK5urA+jTtCtCQsZFyqQQJBYoJgxW/JRutykAzttZE cie00+OyrCufm3r8Rcm2nkkN6g2uYBJNsrVZ3PEPDlTZqfwuFYL7o5AccaQQcTkTmNwE Q5b/PtSGhmNjPWFAK5GgAib847/fuXWKo2MN/1qrhYKqvw0Vx+qn9Wu8pjC7W6esMrbd LcvfAUhpF70kiJLbNV/eYlOY/4Rhflh4GlIYIJDyhQU1+RZzevJBfx1YiEb0tWWO7CUY OmNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WTKkzQg7q4a6DLzIWAC7Yec47qBOSSmJ2RIyAK49Ynk=; b=uTaMuYsQqAk2GmDwwk82L+L0G8f651Ob3C3Ka/5Feyd314+5Jg/xvr3rUV91xgwfOS aUeg9/sU5v3r7Cy1uR8lYBOOUJ6cwwpYoqRTrTq8Zuy1EhaOm8Llz31KB7m6lo/s3qKg uKrKcqQMwKe/cO4u7nuLX1FaUuiwmQuPkmGkWfUk+oIhUMRZW+qyOSQmZIyO9rSIWblJ tr+PEEo3pmuAORAZ2Ontv295tYLHOnTfX9U9xaZOjypCaJGoYDyE1lcmXfzZaOhPyvb9 Fgez34AQNtjZMbw7Xe8OEf/7yQs8mDz2OinD4PAZr85kCwyjJsxMou/oy9aytmjFDzkz tviw== X-Gm-Message-State: AFqh2kq111Nqq7VWqWqcV5eSjRRUZGRZC9vd72gvXxYfVVR6tunXivD+ dsLBwYLFaqJ3h5jqetsSo16ovdMZlYH5w51ksjg= X-Google-Smtp-Source: AMrXdXtTTUNmefq5IYYqU7FcocoGRWzDHm9wyYVoiMrHJPy/DOiUtdSEbtP1YEQMOuVsZTPCZozt1w== X-Received: by 2002:a62:384e:0:b0:58b:c66e:1ca8 with SMTP id f75-20020a62384e000000b0058bc66e1ca8mr30281901pfa.11.1674657754631; Wed, 25 Jan 2023 06:42:34 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:34 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/16] toolchain-scripts: compatibility with unbound variable protection Date: Wed, 25 Jan 2023 04:41:56 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176364 From: Jan Kircher Fixed an error when Bash's unbound variable protection is enabled (set -u) and variable "LD_LIBRARY_PATH" does not exist. Signed-off-by: Jan Kircher Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 85685370b0ad93291cda59fb091a15eeecf5e0d5) Signed-off-by: Steve Sakoman --- meta/classes/toolchain-scripts.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/toolchain-scripts.bbclass b/meta/classes/toolchain-scripts.bbclass index db1d3215ef..9aa31dc6cd 100644 --- a/meta/classes/toolchain-scripts.bbclass +++ b/meta/classes/toolchain-scripts.bbclass @@ -29,7 +29,7 @@ toolchain_create_sdk_env_script () { echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script echo '# Only disable this check if you are absolutely know what you are doing!' >> $script - echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script + echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script echo " echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script echo " echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script echo ' echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script From patchwork Wed Jan 25 14:41:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18643 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34CB6C61D9D for ; Wed, 25 Jan 2023 14:42:47 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.46712.1674657740409012310 for ; Wed, 25 Jan 2023 06:42:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=7lzHhGle; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id 200so13553392pfx.7 for ; Wed, 25 Jan 2023 06:42:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zEoxtM+DdNEbqLV2r2OZpnUDzIT/junHs1NigHp0pFI=; b=7lzHhGle3XXJBkiF0yRjQG0UcYKPh3tz+831+ASdZzUOwc6FVemPM+ZMomJXdV+Tra BKLNwJJWqNqMlvW3t/uFKWW+nVuv/LVMIYn39bTf8d5B5fyzoKJmcyIjgDKomJhW4mJ5 K3qG/PIOuCt8HpIZk5gTSf9U63d2x14JZY68G6QoSeYCDER+wFPRUuIZDNuQEhfuV/ie cn6/t3C1rNFpjMEYnnAM66/RXBQfoWZBLutp+GhoqCbLI8jc3azVeUu77OOE3alMI4/0 ZEqmruTolNO2prqhSuUYPgoInQoLn90Q7oVSlzIJXzcKpI1y/IeoxIzFuSwp7E8yDPBv njQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zEoxtM+DdNEbqLV2r2OZpnUDzIT/junHs1NigHp0pFI=; b=wCno/nCT1dpFRE9KN7y/TEP4V9iliMAXovgFrRf5q9GOCqceSXLNrjcPxb2WROkcsz 21aJj6OqiaBYW6rZhpBiJLIxJPfJ5bkkdrTC00KBvUqvSh7s4/cKmCXmAsDblQSdVwmm v28A/N+VrBFB2s96242ut8HU8qydzzQdKT3kYB+9hqXQDntJN7VuOaVY6cek7D0CSt11 5xSGVrDfVg+CHQWryoj2zHhcidHnl6lOMa8fPZR7HvtJ4JWnnO76wbJ2g8Lsql/dSdJs awUo4MxCHGYtk7Wq/nEdJP+EMcvn6u/7q1VgvmNpwo15KjjuKNORo+LfmRBUSb0o5/t5 uZLw== X-Gm-Message-State: AO0yUKVM7tkCvK/CAPi+dvK9ug3qv0azM6LYYhjCkunG+Wg1XmCF3uvC SeLFUJHkvUi5susWXwI6BCHTwX2Rj2FMd7EKeC0= X-Google-Smtp-Source: AK7set9xoVbv6b5G+QCWDR+pdiDL7pPm0GNeYi3zyBuTs+im5PKI5nXy4rbVetEc+jSot+X88Kx3Sw== X-Received: by 2002:a05:6a00:1942:b0:590:64f1:8873 with SMTP id s2-20020a056a00194200b0059064f18873mr1791696pfk.5.1674657756687; Wed, 25 Jan 2023 06:42:36 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:36 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/16] lib/oe/reproducible: Use git log without gpg signature Date: Wed, 25 Jan 2023 04:41:57 -1000 Message-Id: <76272a00cb16b22f7dd942592cdc37ec3439b234.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176365 From: Benoît Mauduit Previously, if "showSignature" is present in user gitconfig, parsing of the timestamp will fail. Ideally we should replace this command with a git plumbing command. Signed-off-by: Benoît Mauduit Signed-off-by: Alexandre Belloni (cherry picked from commit 3bd6f78f79b3d3e87d8db1e11f58d8021f929843) Signed-off-by: Steve Sakoman --- meta/lib/oe/reproducible.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/lib/oe/reproducible.py b/meta/lib/oe/reproducible.py index 0938e4cb39..1ed79b18ca 100644 --- a/meta/lib/oe/reproducible.py +++ b/meta/lib/oe/reproducible.py @@ -62,7 +62,8 @@ def get_source_date_epoch_from_git(d, sourcedir): return None bb.debug(1, "git repository: %s" % gitpath) - p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE) + p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], + check=True, stdout=subprocess.PIPE) return int(p.stdout.decode('utf-8')) def get_source_date_epoch_from_youngest_file(d, sourcedir): From patchwork Wed Jan 25 14:41:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18642 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36D79C61D97 for ; Wed, 25 Jan 2023 14:42:47 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web10.46667.1674657759742666645 for ; Wed, 25 Jan 2023 06:42:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=b6nT4xai; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id s67so13525877pgs.3 for ; Wed, 25 Jan 2023 06:42:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lY40y7YXeEmR/vTdVWTLTY/+UpjtPXChcs4v+eOlkxg=; b=b6nT4xaiinPN9C3HnvZjhiwhjdkc+IlAcG3rDemaTI7Bq0MVTDYJLHrSL97kGw1L5N dja7SrdA/3Wxr4fABH9jlU0V8VBhhWU70EjwY7A/CLlIADKNTfEblPi0MNaLf+DslloA EMJNMbwqcucVXupOTS28r38sRp/gYx2yrJnjTATJYGwIT0YDd23VftqQ0spJyjlHR0AE gJfvCtC2XPWNNPfb/j940z81Z1CDckTLFHnA0mlfc3rDVbMdIaPf8PmF6uydEas4MnpK KCCN5uJTFYTAOM1Lc+4qmmQ7P1TXQcd+bF5rxp6jcimvp5KcBmriEF/81exnr13DIRAp Ja4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lY40y7YXeEmR/vTdVWTLTY/+UpjtPXChcs4v+eOlkxg=; b=TGK1jRY8WE+nldU/KR52s318lYsYefai0FV7UqQkxy9VHjdSCUqLJme26PvXfaODYC y/i7PWRerGgk63yU1A9Cleek/3jwdZUSOM3KxTghAwChc1415WkoBuoug1Fpe6xVRPpn pzkj1H538anDbHzLuh50fDTJ7e0RyGlEmMokavpcQb3OLGfWTRjII5rRG/3deDm+I05t 0VK7brqIVbsjGH4Fs9Il5Exk0ydMC6HGW5Sh7Fv8gxxzXgHu83w1GU8ws0Qf+jauhM5l gv+HkVeYzwMJcPK+VQNLh204knCSFcICTJNC060I1t477WfG69MWxvMxJ4GW3dN9SVek 7bFQ== X-Gm-Message-State: AFqh2krlBkSl8oHIGOFkjbJi0q1SK+U6WB/cZdUuU+AXYXI/r9yIai8M baLgk5829TaxaIt8i4nlRFaaapLLbHgpklBFjPI= X-Google-Smtp-Source: AMrXdXv7q7ZT5rjSz3HEaAJFOmthruQ3kBWLLlPIU4EQoYIhXsGnSEmwD7Mdvrm+/PsaZzphSHS5qQ== X-Received: by 2002:a62:4e0e:0:b0:588:94f3:f564 with SMTP id c14-20020a624e0e000000b0058894f3f564mr32907670pfb.30.1674657758731; Wed, 25 Jan 2023 06:42:38 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:38 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 15/16] selftest/virgl: use pkg-config from the host Date: Wed, 25 Jan 2023 04:41:58 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176366 From: Alexander Kanavin The check needs to report dri location on the host machine, so pkg-config binary needs to be capable of finding the needed dri.pc file on the host, and therefore needs to know where host .pc files are located. This may not be the case when using pkg-config from buildtools, so this forces usage of host pkg-config. runqemu already does the same PATH tweak, so this simply brings the two in sync. Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit f0521f8a3ba7e15482756529ee7b0a95b3d53e7d) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index aeda01848a..5439bd426b 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -236,7 +236,7 @@ class TestImage(OESelftestTestCase): except FileNotFoundError: self.skipTest("/dev/dri directory does not exist; no render nodes available on this machine.") try: - dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True) + dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True) except subprocess.CalledProcessError as e: self.skipTest("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.") qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native') From patchwork Wed Jan 25 14:41:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 18644 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3467EC54EAA for ; Wed, 25 Jan 2023 14:42:47 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.46705.1674657734301697325 for ; Wed, 25 Jan 2023 06:42:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=2bmU4Lwm; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id c26so13549202pfp.10 for ; Wed, 25 Jan 2023 06:42:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OWB/7vFiM+PggXop25Qk6A3cSApST0HCf+YjOHXV+VI=; b=2bmU4LwmR9MIfUBIx2jDo0dUVTE89Jof3rJTRqOYnbG6HSMHvNtiBSG8ITMtQtXtHe XivYvjZEP9PNWidsH6DgD+SNZQ0cz/sU5mfJJLHp0gt+K6ejPNkiHb6mn0msSSi2NO8z foyVUv+P5hKdgfqd1E2iRtOqR4p8i3vON4Dsfct4tc/uvm3pVT1pNdQzdd0xIMq2MESD XbGMayoKn3e13mx5bRz8pmMNdpfOdSIbzY1QvBf1kG/rH9BJGdCgTMyR0WwkLAaNfGtq 84zfAsJDIVfrBhWtYkWvt+4sQT+PPsf4PGw6RT3yCwGCQYwx/CzAobRPbcusm0eLg3oV cZHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OWB/7vFiM+PggXop25Qk6A3cSApST0HCf+YjOHXV+VI=; b=47lANZEMCdyXQVTkvmNqCRFLdg+GvqkmNud2WlDA8/PhtJ3ciia+UtiKlY7qA5foME PFmXcG/dmyGD+va2E00++Lah3MvkEX2b7zIwJJT7eVbo5ENnxvvqIqvG7tMyi9zwssv5 18YzntUTT3Z4IJkiNtnLcf9zNP010VYpQrnGMJhZqmwAP+v2zxTEBgHrH+TWqoZlbfgn r0YYNNqqYAMNUBzIbKeePm3zuf4sdTPmzbkQ8ixzE6YyJAxJqD5dF2Yl7fueEk4hqMd5 xSQaRwnYoyd/R/CkuNHDfEHFLj/A4WAGAs25sFrGBc9PRhoB6q/UbVwR9MR147cDMmCr nVdg== X-Gm-Message-State: AFqh2koZ5RMaaeWuvUSNn9d6fBKxoQRICMCl1X53RlKuGRpJZ9Y3+KsO elCNlWrIoapl4fTwN5NGbBBRUHiBlwFWlOj3cxs= X-Google-Smtp-Source: AMrXdXvtBLAG+RoKW8eFSwwYCUxfgpAYI7VTKQCX7Wa0sWbyFFdb/asRQ4pDWT5AYf+TyytYo2jndQ== X-Received: by 2002:a05:6a00:2a04:b0:575:fd73:fc94 with SMTP id ce4-20020a056a002a0400b00575fd73fc94mr36151115pfb.23.1674657760929; Wed, 25 Jan 2023 06:42:40 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-4-112.hawaiiantel.net. [72.253.4.112]) by smtp.gmail.com with ESMTPSA id d2-20020aa78142000000b005810c4286d6sm3723703pfn.0.2023.01.25.06.42.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:42:40 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 16/16] python3: fix packaging of Windows distutils installer stubs Date: Wed, 25 Jan 2023 04:41:59 -1000 Message-Id: <951b511b05d59867433c0c8e40162322a75be10a.1674657501.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Jan 2023 14:42:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/176367 The python3 Windows distutils installer stubs were split into a separate package in poky commit dc1ab6482cfb30c714e7cbb421920943439a3fd6. This has regressed during the upgrade to Python 3.8.2 in yocto-3.1 [YOCTO #13889] https://bugzilla.yoctoproject.org/show_bug.cgi?id=13889 Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3/python3-manifest.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json b/meta/recipes-devtools/python/python3/python3-manifest.json index 3bcc9b8662..0e87f91dd8 100644 --- a/meta/recipes-devtools/python/python3/python3-manifest.json +++ b/meta/recipes-devtools/python/python3/python3-manifest.json @@ -531,7 +531,9 @@ "rdepends": [ "core" ], - "files": [], + "files": [ + "${libdir}/python${PYTHON_MAJMIN}/distutils/command/wininst-*.exe" + ], "cached": [] }, "distutils": {