From patchwork Sun Jan 29 21:00:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5532BC61DA4 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oa1-f42.google.com (mail-oa1-f42.google.com [209.85.160.42]) by mx.groups.io with SMTP id smtpd.web10.25478.1675026043912398509 for ; Sun, 29 Jan 2023 13:00:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=lDuA/eaG; spf=pass (domain: gmail.com, ip: 209.85.160.42, mailfrom: akuster808@gmail.com) Received: by mail-oa1-f42.google.com with SMTP id 586e51a60fabf-15eec491b40so12846437fac.12 for ; Sun, 29 Jan 2023 13:00:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7yKBNffEUwes97jXhMAflr7O/sy3++vsJc9ncN2yJLw=; b=lDuA/eaGD+6hicj/gwlKbocQMpp5rjvYoFqH2rkAS6UzRJkqNoVWC1sgeWsExF+x9M JkcrFITrun/ea20biToAiQXPL/Jzn9X76kSfgf6/dpHTi8Ht/MW6P1xS80u3p+6fndp5 ce9HHrhhqDpzF3CW/m3yTj0GMpOE+qagVUd0DB4ndIQlfk4B6MnmQYRzquVElXkvNkT7 n2NAz6Ej9nN/YBOTU0RFIi8JhjX5ViFZLGaULufj1A5Aps/rEnAwyXWKDAe+9RGUdsQq oGNBnbxpx9K8f+irgV1ImyHir6kn8faRWVzPCfukk60kRs1zgiGkqa/pYllC6+JEGXwe GiaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7yKBNffEUwes97jXhMAflr7O/sy3++vsJc9ncN2yJLw=; b=yGMktPVMY/FI2fcBaEsUFtFPRMNcxPZbnIpnPZLzu7UjAcZr3FgqiJpKazlU8MqaQK /Khm/A+mWWqdse6lg+mdUJePpCQagc6KfHjjvVhCS9OAdHblgeNNDy4Fk3nypJ8XkjjP RNhwTwgKxo4ZneP5/vj4+gATaG80TxGiTpCyKH3mCGQN7zeTqGfwiYRSciV+QKtdNtrj x/a5WIZN2/D1UCWftt8cubld9XWmgiLCpZzKyDKYH0GHGvWSDVjg3piwXaOHOwMRdN/i E52gBH4rtuwYQy15kFv2RYbqLlFpAQcTFBhoU9rpA05OpWJeC05r2lK0wYetGJkJBL+0 +bpw== X-Gm-Message-State: AO0yUKWT9SRoYEaCJjHrcOINzVHfjnPA/+5fcFVmHKNHAxbIKcbTonFb diNmPw1HKfiTQU9ll0vHtUSGvxygFh8= X-Google-Smtp-Source: AK7set9dAVNluy9ta2bBQFoo5tLtgWO+YTvj8CoYx2fzAb4T0k+6tMolmLD+j2hnKDxjb8zFPl0mFg== X-Received: by 2002:a05:6870:c209:b0:15f:a326:3c46 with SMTP id z9-20020a056870c20900b0015fa3263c46mr3073040oae.33.1675026042666; Sun, 29 Jan 2023 13:00:42 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:42 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 01/10] zsh: Fix CVE-2021-45444 Date: Sun, 29 Jan 2023 16:00:29 -0500 Message-Id: <69be9c715147d30b5f272c7e319cf105a8ab5f59.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100835 From: Chee Yang Lee backport patch from debian Signed-off-by: Chee Yang Lee Signed-off-by: Armin Kuster --- .../zsh/zsh/CVE-2021-45444_1.patch | 60 ++++++++ .../zsh/zsh/CVE-2021-45444_2.patch | 140 ++++++++++++++++++ .../zsh/zsh/CVE-2021-45444_3.patch | 77 ++++++++++ meta-oe/recipes-shells/zsh/zsh_5.8.bb | 6 +- 4 files changed, 282 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch create mode 100644 meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch create mode 100644 meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch new file mode 100644 index 0000000000..fb8fa3427f --- /dev/null +++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch @@ -0,0 +1,60 @@ +Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1 +From: Oliver Kiddle +Date: Wed, 15 Dec 2021 01:56:40 +0100 +Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on + %F/%K arguments + +Mitigates CVE-2021-45444 + +https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee +--- + ChangeLog | 5 +++++ + Src/prompt.c | 10 ++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 8d7dfc169..eb248ec06 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2022-01-27 dana ++ ++ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive ++ PROMPT_SUBST ++ + 2020-02-14 dana + + * unposted: Config/version.mk: Update for 5.8 +diff --git a/Src/prompt.c b/Src/prompt.c +index b65bfb86b..91e21c8e9 100644 +--- a/Src/prompt.c ++++ b/Src/prompt.c +@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg) + bv->fm += 2; /* skip over F{ */ + if ((ep = strchr(bv->fm, '}'))) { + char oc = *ep, *col, *coll; ++ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG]; ++ int opp = opts[PROMPTPERCENT]; ++ ++ opts[PROMPTPERCENT] = 1; ++ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0; ++ + *ep = '\0'; + /* expand the contents of the argument so you can use + * %v for example */ +@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg) + arg = match_colour((const char **)&coll, is_fg, 0); + free(col); + bv->fm = ep; ++ ++ opts[PROMPTSUBST] = ops; ++ opts[PROMPTBANG] = opb; ++ opts[PROMPTPERCENT] = opp; + } else { + arg = match_colour((const char **)&bv->fm, is_fg, 0); + if (*bv->fm != '}') +-- +2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch new file mode 100644 index 0000000000..e5b6d7cdc9 --- /dev/null +++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch @@ -0,0 +1,140 @@ +From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001 +From: Marc Cornellà +Date: Mon, 24 Jan 2022 09:43:28 +0100 +Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to + work around CVE-2021-45444 in VCS_Info +Comment: Updated to use the same file name without blanks as actually + used in the final 5.8.1 release. + + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee +--- + ChangeLog | 5 + + Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++ + 2 files changed, 103 insertions(+) + create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch + +diff --git a/ChangeLog b/ChangeLog +index eb248ec06..9a05a09e1 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,10 @@ + 2022-01-27 dana + ++ * Marc Cornellà: security/89: ++ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which ++ can optionally be used to work around recursive PROMPT_SUBST ++ issue in VCS_Info ++ + * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive + PROMPT_SUBST + +diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +new file mode 100644 +index 000000000..13e54be77 +--- /dev/null ++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +@@ -0,0 +1,98 @@ ++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001 ++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= ++Date: Mon, 24 Jan 2022 09:43:28 +0100 ++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444, ++which is mitigated in the shell itself in 5.8.1 and later versions. It is ++offered for users who are concerned about an exploit but are unable to update ++their binaries to receive the complete fix. ++ ++The patch works around the vulnerability by pre-escaping values substituted ++into format strings in VCS_Info. Please note that this may break some user ++configurations that rely on those values being un-escaped (which is why it was ++not included directly in 5.8.1). It may be possible to limit this breakage by ++adjusting exactly which ones are pre-escaped, but of course this may leave ++them vulnerable again. ++ ++If applying the patch to the file system is inconvenient or not possible, the ++following script can be used to idempotently patch the relevant function ++running in memory (and thus must be re-run when the shell is restarted): ++ ++ ++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version) ++autoload -Uz is-at-least ++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then ++ return ++fi ++ ++# Quote necessary $hook_com[] items just before they are used ++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats ++# function, where is: ++# ++# base: the full path of the repository's root directory. ++# base-name: the name of the repository's root directory. ++# branch: the name of the currently checked out branch. ++# revision: an identifier of the currently checked out revision. ++# subdir: the path of the current directory relative to the ++# repository's root directory. ++# misc: a string that may contain anything the vcs_info backend wants. ++# ++# This patch %-quotes these fields previous to their use in vcs_info hooks and ++# the zformat call and, eventually, when they get expanded in the prompt. ++# It's important to quote these here, and not later after hooks have modified the ++# fields, because then we could be quoting % characters from valid prompt sequences, ++# like %F{color}, %B, etc. ++# ++# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}" ++# 34 │ ++# 35 + │ for tmp in base base-name branch misc revision subdir; do ++# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" ++# 37 + │ done ++# 38 + │ ++# 39 │ VCS_INFO_hook 'post-backend' ++# ++# This is especially important so that no command substitution is performed ++# due to malicious input as a consequence of CVE-2021-45444, which affects ++# zsh versions from 5.0.3 to 5.8. ++# ++autoload -Uz +X regexp-replace VCS_INFO_formats ++ ++# We use $tmp here because it's already a local variable in VCS_INFO_formats ++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"' ++# Unique string to avoid reapplying the patch if this code gets called twice ++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b ++# Only patch the VCS_INFO_formats function if not already patched ++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then ++ regexp-replace 'functions[VCS_INFO_formats]' \ ++ "VCS_INFO_hook 'post-backend'" \ ++ ': ${PATCH_ID}; ${PATCH}; ${MATCH}' ++fi ++unset PATCH PATCH_ID ++ ++ ++--- ++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++ ++ 1 file changed, 4 insertions(+) ++ ++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats ++index e0e1dc738..4d88e28b6 100644 ++--- a/Functions/VCS_Info/VCS_INFO_formats +++++ b/Functions/VCS_Info/VCS_INFO_formats ++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}" ++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++ hook_com[subdir_orig]="${hook_com[subdir]}" ++ +++for tmp in base base-name branch misc revision subdir; do +++ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" +++done +++ ++ VCS_INFO_hook 'post-backend' ++ ++ ## description (for backend authors): ++-- ++2.34.1 +-- +2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch new file mode 100644 index 0000000000..adfc00ae57 --- /dev/null +++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch @@ -0,0 +1,77 @@ +From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001 +From: dana +Date: Tue, 21 Dec 2021 13:13:33 -0600 +Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee +--- + ChangeLog | 2 ++ + NEWS | 20 ++++++++++++++++++++ + README | 6 ++++++ + 3 files changed, 28 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 9a05a09e1..93b0bc337 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,7 @@ + 2022-01-27 dana + ++ * CVE-2021-45444: NEWS, README: Document preceding two changes ++ + * Marc Cornellà: security/89: + Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which + can optionally be used to work around recursive PROMPT_SUBST +diff --git a/NEWS b/NEWS +index 964e1633f..d34b3f79e 100644 +--- a/NEWS ++++ b/NEWS +@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH + + Note also the list of incompatibilities in the README file. + ++Changes since 5.8 ++----------------- ++ ++CVE-2021-45444: Some prompt expansion sequences, such as %F, support ++'arguments' which are themselves expanded in case they contain colour ++values, etc. This additional expansion would trigger PROMPT_SUBST ++evaluation, if enabled. This could be abused to execute code the user ++didn't expect. e.g., given a certain prompt configuration, an attacker ++could trick a user into executing arbitrary code by having them check ++out a Git branch with a specially crafted name. ++ ++This is fixed in the shell itself by no longer performing PROMPT_SUBST ++evaluation on these prompt-expansion arguments. ++ ++Users who are concerned about an exploit but unable to update their ++binaries may apply the partial work-around described in the file ++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell ++source. [ Reported by RyotaK . Additional thanks to ++Marc Cornellà . ] ++ + Changes since 5.7.1-test-3 + -------------------------- + +diff --git a/README b/README +index 7f1dd5f92..c9e994ab3 100644 +--- a/README ++++ b/README +@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the + file FEATURES, and for the latest changes see NEWS. For more + details, see the documentation. + ++Incompatibilities since 5.8 ++--------------------------- ++ ++PROMPT_SUBST expansion is no longer performed on arguments to prompt- ++expansion sequences such as %F. ++ + Incompatibilities since 5.7.1 + ----------------------------- + +-- +2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-oe/recipes-shells/zsh/zsh_5.8.bb index 0429cb9cc7..b023e8d297 100644 --- a/meta-oe/recipes-shells/zsh/zsh_5.8.bb +++ b/meta-oe/recipes-shells/zsh/zsh_5.8.bb @@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec" DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \ + file://CVE-2021-45444_1.patch \ + file://CVE-2021-45444_2.patch \ + file://CVE-2021-45444_3.patch \ + " SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27" inherit autotools-brokensep gettext update-alternatives manpages From patchwork Sun Jan 29 21:00:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94218C63797 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) by mx.groups.io with SMTP id smtpd.web10.25477.1675026042996005470 for ; Sun, 29 Jan 2023 13:00:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HbYI1kr8; spf=pass (domain: gmail.com, ip: 209.85.167.182, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f182.google.com with SMTP id i9so8574463oif.4 for ; Sun, 29 Jan 2023 13:00:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6D+uecJlv2w95gPcAkZGJIBQy/ByYG8l//+q9WNZ3tA=; b=HbYI1kr8vtmRKYL8zLpl8PQB4eDXeujWqeUWyakbRehpfjIyf7PX1MhWozl+fhev1Q 28r9xqCEbTDuGLxidPD6whkWjHcngWmfK7HLnc5+OwihUhS4ZRV4gEvKrzFoRQL486ZK gSJd0itgTi47QcIWd7BP9N3bXdNWq5sTJZUB7iKAqeQV9ykBAfJYYuVuElZLICz9SFye CVn1JECaEHgdLfm9rkzTF77Td641b6AB/faU+r1QYDJ+VfaGQttAfafzEi9CI+Si6nFP UgZe3EZV6pveUqdY50aONGym/oEt83ZbL93rJGTwqDc/1qSDL6xSoYuA5X99vt8LM+7V eksA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6D+uecJlv2w95gPcAkZGJIBQy/ByYG8l//+q9WNZ3tA=; b=uQJYxRxZ4uyEsPw+JazGDExPFEzjkrXZXJiM+RhM8Cpf5rq827Sd+EkARAdQQXiMo1 rFF5y6TuHoWDE6vL6mL29Men4AbWA9ZPUBWvacuwEBlLmCv2tIPSdDlfTmCl5s6CmCZb E1K+cu0BPNXBuZqIWkTPE2e8e3sfZriErWqY8i/QeQI/vbi0RY5uhmJ8E7hIziBIYbpf DzzL6Z+kv58VI0cyWqUsucmdOkH8gDJc8vz+d4Y9vPXTDG2pXTSW+A+pZu25dxojvjla erru7ot4FTRlXNfOzAgtS6XwPymxlNG+7FSQBr+FkOfRwomOk9nMZm3UaU5G2bt+a0ym 0Phw== X-Gm-Message-State: AO0yUKWKOKdQPsFwv5EBCWZBgUWq2FnUplbBIb30oN6LzD+rSFDbyzw/ NyTvbNLlvlnbvvTfXn9m/R4LWCQSThU= X-Google-Smtp-Source: AK7set/4AnkRxYx9dRWKsRVivcnG0zWCJFNLC2xzV6Hm5KzhvG3X5JYb4eFS/uFMHxYEnVKoqPjp5g== X-Received: by 2002:a05:6808:158:b0:378:3756:10a7 with SMTP id h24-20020a056808015800b00378375610a7mr1197584oie.7.1675026043630; Sun, 29 Jan 2023 13:00:43 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:43 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 02/10] kernel_add_regdb: Change the task order Date: Sun, 29 Jan 2023 16:00:30 -0500 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100836 From: Hermes Zhang The kernel_add_regdb should run before do_compile to make it take effect. Signed-off-by: Peter Kjellerstedt Signed-off-by: Armin Kuster --- meta-networking/classes/kernel_wireless_regdb.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-networking/classes/kernel_wireless_regdb.bbclass index 1238172bd4..9ad566c837 100644 --- a/meta-networking/classes/kernel_wireless_regdb.bbclass +++ b/meta-networking/classes/kernel_wireless_regdb.bbclass @@ -17,4 +17,4 @@ do_kernel_add_regdb() { cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt } do_kernel_add_regdb[dirs] = "${S}" -addtask kernel_add_regdb before do_build after do_configure +addtask kernel_add_regdb before do_compile after do_configure From patchwork Sun Jan 29 21:00:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18786 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78E57C636D3 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com [209.85.167.176]) by mx.groups.io with SMTP id smtpd.web11.25725.1675026045420040873 for ; Sun, 29 Jan 2023 13:00:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Mi1IBkxK; spf=pass (domain: gmail.com, ip: 209.85.167.176, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f176.google.com with SMTP id s66so8559578oib.7 for ; Sun, 29 Jan 2023 13:00:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UbChMfugD+5lXPTj857swDpIncH/h78jxpmDV+kczPc=; b=Mi1IBkxKcDqn7GPx5Q4hftMtTQpp/pd1PMeYxl04M37lhWy0DjYwsTj86vn+4uKeyg 9449QF0aFYsqk6/mM0vN2GgHs/Bex2xPR2tujzPwWDGeVK77N9ihxudWjjMVnpMt+5FQ R3QggBdgLz6K8SXoSirrue65QQIv9/pynPE98/fz9uh68x9Q9OmiSYqbJk178dQWxVsE eo6OWDdfeWRzWYADxapZ8e+G56TdfFiSq8vabko6+D8PRqRY/dm2BeIleHhY3EodgtZK zH65N7zvlObL5iKYmKXZ5ppc0/EDfRt3xfgQrU6L1h5FkR1BOY+rUltr3S0ArWy6uM1m 7Wng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UbChMfugD+5lXPTj857swDpIncH/h78jxpmDV+kczPc=; b=wi5EWU2LFsYG1FLk+Pcw3pO7jd/nPvCadNns0m1jsy51KzWDlRCuhsVIOozrREx3ft obKyK+mrxf2BcpJqX7lzaLhHT5/QK5volE0Lbed0zZz9kOJAMg10Ab/FyywXvw8EttO8 hhamk6EQFrmkvGIbhmTJr+3+b32E57VKH6LgICK7zSWzc7KGoImjh59PzfRcWlWiTouD GmsEeeCIPtfytMYS3Ykd+i3mBSopQEA7H7xaBAixPDWEKAOXzzdYjzNOza8HrqXpMH6t ra2lLFPuX6zxiTDiJzMR57QvWFT5Y7w8oO0rzsm0XZhF9xTe0edUK2QMTJ0g4XQ+zZKt nn0A== X-Gm-Message-State: AO0yUKX4e1duOVZCXBTFR2andKo0c+6zKVyC6PzvFEemv8ITNXRHX5GK l/lToA+4cxsok7tcFpgUlsyW6+2+TP4= X-Google-Smtp-Source: AK7set94OS7uiQVF/mob5ZT/7hQTQa5rF9nNuxuNkWes0G6mq835TdFMNQpBO/ITn5sHk2BMSclFEQ== X-Received: by 2002:a05:6808:1385:b0:364:8f2c:186c with SMTP id c5-20020a056808138500b003648f2c186cmr3664843oiw.7.1675026044568; Sun, 29 Jan 2023 13:00:44 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:44 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 03/10] redis: 6.2.7 -> 6.2.8 Date: Sun, 29 Jan 2023 16:00:31 -0500 Message-Id: <0287453b9cf4d1d104cffcbd98a434b00e537a71.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100837 From: Changqing Li This upgrade include fix for CVE-2022-3647 Signed-off-by: Changqing Li Signed-off-by: Armin Kuster --- .../0006-Define-correct-gregs-for-RISCV32.patch | 15 +++++++++------ .../redis/{redis_6.2.7.bb => redis_6.2.8.bb} | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) rename meta-oe/recipes-extended/redis/{redis_6.2.7.bb => redis_6.2.8.bb} (96%) diff --git a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch index b2d1a32eda..9d7e502717 100644 --- a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001 +From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -13,10 +13,10 @@ Signed-off-by: Yi Fan Yu 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index e7fec29..5abb404 100644 +index 5318c14..8c21b47 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -24,10 +24,10 @@ index e7fec29..5abb404 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -57,3 +57,6 @@ index e7fec29..5abb404 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-oe/recipes-extended/redis/redis_6.2.7.bb b/meta-oe/recipes-extended/redis/redis_6.2.8.bb similarity index 96% rename from meta-oe/recipes-extended/redis/redis_6.2.7.bb rename to meta-oe/recipes-extended/redis/redis_6.2.8.bb index 7f922a4e0f..02ee19fb7d 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.7.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.8.bb @@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319" +SRC_URI[sha256sum] = "f91ab24bcb42673cb853292eb5d43c2017d11d659854808ed6a529c97297fdfe" inherit autotools-brokensep update-rc.d systemd useradd From patchwork Sun Jan 29 21:00:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71E5FC636D7 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) by mx.groups.io with SMTP id smtpd.web10.25481.1675026046207711246 for ; Sun, 29 Jan 2023 13:00:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=FhuhpMoi; spf=pass (domain: gmail.com, ip: 209.85.167.174, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f174.google.com with SMTP id p185so8577509oif.2 for ; Sun, 29 Jan 2023 13:00:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8lYfbVAp2hYzyBq/FOqARuAlMcAIJyZ9/x4grdir4K4=; b=FhuhpMoiMD/HTmuk2++Y4k4LpdDoieTTle8ERGUWv2n1V9ul96wVJJmtp2tBdYOMTP KIk1zeapmbdRc2Ky+U7P115YvAaleGlnCcou+TikDdWZzMr4U34jM9+vXxHwQc+N2Y+o 7MMxDYo8tTojwthJN2dG2+4KxV+BE+pr6P3/3WY0MZp+RmqsbAvfgNxSk7ei+G1POgj6 9936wDyFn2EPpJPXzvtwU4Ut5sun7mk2Dsxn1lddDBgUCa/zd/Krm7zlyDthbR9ltANd n8/KEToPG2b5nucAM8OxB5+fkQlo8zqMWG0iYlu4Pm/e5LJcutd5XD1Xkxx2jNY6ahoE 8Y3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8lYfbVAp2hYzyBq/FOqARuAlMcAIJyZ9/x4grdir4K4=; b=Swt8T+SVW4BOMnlt2xFUSl+FGsfAyWd6yVOPvnwnbRJiwt9DxBh4zzBy245s1OnLM4 rAqXdvdH0mKeekRa+7AELH4ZPejFu50cUAGC5b/lqC0mwHE9jZDFJ0PIVGds8fo4W1JO tb9kC8EswY1FPp1MwB2qZjPq5kbP2HCvcqymLh51I+44lPSFaF9/5z6YGsR4ekbDN2mZ j1MVsQPqBL0RT/+f14qsk5BHGy4B0RiFJ5cnVrI6apKZU3I9bpTO+o7Xk0Oqmc0cCgIe vhsvei95/bM3Y9om39kr4+/q8mIb/rLyddZY4UnZFzaBuRRkYAVBtjqNQ+oTkPPq6pxM EzMQ== X-Gm-Message-State: AFqh2kqNIWAYgiQeE/CxZ3ktKfnXce/xNAxghfPQvk/XUDGemjnUhgHn QZNNRaBcOtPJBoy5VKpLI2aLtYee/CY= X-Google-Smtp-Source: AMrXdXszh3qD461Cp8ehoGGtccyjt89Z6PGTlMmuZrmHTXlq0PJX6X85zxmvR/KWhaOgz6ihQEWQ1w== X-Received: by 2002:aca:1c09:0:b0:367:18f4:dbef with SMTP id c9-20020aca1c09000000b0036718f4dbefmr21590574oic.0.1675026045304; Sun, 29 Jan 2023 13:00:45 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:44 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 04/10] net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception Date: Sun, 29 Jan 2023 16:00:32 -0500 Message-Id: <99f4d05002aad159690568579a913bf33ad4772e.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100838 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 Signed-off-by: Hitendra Prajapati Signed-off-by: Armin Kuster --- .../CVE-2022-44792-CVE-2022-44793.patch | 116 ++++++++++++++++++ .../net-snmp/net-snmp_5.9.3.bb | 1 + 2 files changed, 117 insertions(+) create mode 100644 meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch new file mode 100644 index 0000000000..ce7e3422ed --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch @@ -0,0 +1,116 @@ +From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001 +From: Bill Fenner +Date: Fri, 25 Nov 2022 08:41:24 -0800 +Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57] +CVE: CVE-2022-44792 & CVE-2022-44793 +Signed-off-by: Hitendra Prajapati +--- + agent/snmp_agent.c | 32 +++++++++++++++++++ + apps/snmpset.c | 1 + + .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 3376357..f51c252 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) + return 1; + } + ++static int ++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) ++{ ++ int i; ++ netsnmp_variable_list *v = NULL; ++ ++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { ++ if (v->type == ASN_NULL) { ++ /* ++ * Protect SET implementations that do not protect themselves ++ * against wrong type. ++ */ ++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); ++ asp->index = i; ++ return SNMP_ERR_WRONGTYPE; ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + int + handle_pdu(netsnmp_agent_session *asp) + { + int status, inclusives = 0; + netsnmp_variable_list *v = NULL; + ++#ifndef NETSNMP_NO_WRITE_SUPPORT ++ /* ++ * Check for ASN_NULL in SET request ++ */ ++ if (asp->pdu->command == SNMP_MSG_SET) { ++ status = check_set_pdu_for_null_varbind(asp); ++ if (status != SNMP_ERR_NOERROR) { ++ return status; ++ } ++ } ++#endif /* NETSNMP_NO_WRITE_SUPPORT */ ++ + /* + * for illegal requests, mark all nodes as ASN_NULL + */ +diff --git a/apps/snmpset.c b/apps/snmpset.c +index 50f33db..387a51d 100644 +--- a/apps/snmpset.c ++++ b/apps/snmpset.c +@@ -182,6 +182,7 @@ main(int argc, char *argv[]) + case 'x': + case 'd': + case 'b': ++ case 'n': /* undocumented */ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case 'I': + case 'U': +diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple +new file mode 100644 +index 0000000..0f1b8f3 +--- /dev/null ++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple +@@ -0,0 +1,31 @@ ++#!/bin/sh ++ ++. ../support/simple_eval_tools.sh ++ ++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind ++ ++SKIPIF NETSNMP_DISABLE_SET_SUPPORT ++SKIPIF NETSNMP_NO_WRITE_SUPPORT ++SKIPIF NETSNMP_DISABLE_SNMPV2C ++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE ++ ++# ++# Begin test ++# ++ ++# standard V2C configuration: testcomunnity ++snmp_write_access='all' ++. ./Sv2cconfig ++STARTAGENT ++ ++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" ++ ++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" ++ ++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" ++ ++CHECK "Reason: wrongType" ++ ++STOPAGENT ++ ++FINISHED +-- +2.25.1 + diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 7af5147566..eb8e1599fb 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -26,6 +26,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + file://CVE-2022-44792-CVE-2022-44793.patch \ " SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" From patchwork Sun Jan 29 21:00:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71D13C636D6 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com [209.85.167.176]) by mx.groups.io with SMTP id smtpd.web11.25727.1675026046995950153 for ; Sun, 29 Jan 2023 13:00:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=EZcFFqg1; spf=pass (domain: gmail.com, ip: 209.85.167.176, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f176.google.com with SMTP id bx13so2776984oib.13 for ; Sun, 29 Jan 2023 13:00:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IoTWEVP5cTSbFsQ6vVOg3ihl2GdzsnlJRAs+JIPRJYs=; b=EZcFFqg1tI3E+uUPkZ3cllmLnKAiYt5cjiOpmhuj8uRfZPQfLtuoxtqfOecxUPKGax MrOvv6QPybNI4Z+CHhcAnrpbc/gSifWls+OYGEl6M8KE4FSAvMZXn0wPEIi9ZImbfCoO K+N4RH/1QElXGTZb4vsKTX0vhY9Uoai1a951XKyLMpwKmaB7VzSi0kVWE7JCnEl1/QXJ 55Zcxw8k1Glg/3EaDLAc1mbNHyyeHMHQ+454QQdocK/oxvTX9ieHMGV7lHAuGXUyHB92 y+HjcjBVU2FYr7YTfWQisXRvtEyGT5HUkEMXHuriBBU9pp24YZz1Wqb0Pa3NP+ZsorYY JonQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IoTWEVP5cTSbFsQ6vVOg3ihl2GdzsnlJRAs+JIPRJYs=; b=Wl97HcxJF2Lt3FvWRSIA1TvBjtiwOy1epzqJSEmsl1kStvkSz5HwHPsuslyadZBDKF zvPg3zyb80ztTVEJcEmhMbB36T5fR9uOf++gZWBNeHE1zvXSdwwUEjFqWqHf+8xQujMe A9DaejbiimvnABdIXntNW7ctJOr9V1nTkSd4w3z4+0s9lKCfDRcm8f/AEx3qyWZY3LDJ 5Qk0623jxsVHNO9PnW/vOWuaG8tU4BqOMynbTTqW0ZoH5JF7WQSnAcpqDl0M+pN5cpe5 2ZWvMZVHRczekZjrcD6m3+vQKHDBnCBKcWS8tGZZ+PeYj6otStsBuHJ4I03eGW9VoGLv Q8BQ== X-Gm-Message-State: AFqh2kpucWoykqptI2IHz/bDQbj159PUAuyotQ8vhVoNESk+Pac3Tejt JNJ2532fnjkhBoq1XuRFnPP95+bq52s= X-Google-Smtp-Source: AMrXdXsWay8+3aZbwGEzobOyzPbf7T5d8v0DdegcmJFEHe+dK38ExQWBVcoi02DlBJ/vwcKLsenhig== X-Received: by 2002:a05:6808:3a95:b0:35e:de13:2dea with SMTP id fb21-20020a0568083a9500b0035ede132deamr20347114oib.7.1675026046119; Sun, 29 Jan 2023 13:00:46 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:45 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 05/10] krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsing Date: Sun, 29 Jan 2023 16:00:33 -0500 Message-Id: <682c7c7a7bbe04927d3425895accf537c3ca994a.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100839 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 Signed-off-by: Hitendra Prajapati Signed-off-by: Armin Kuster --- .../krb5/krb5/CVE-2022-42898.patch | 110 ++++++++++++++++++ .../recipes-connectivity/krb5/krb5_1.17.2.bb | 1 + 2 files changed, 111 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch new file mode 100644 index 0000000000..6d04bf8980 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch @@ -0,0 +1,110 @@ +From 4e661f0085ec5f969c76c0896a34322c6c432de4 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 17 Oct 2022 20:25:11 -0400 +Subject: [PATCH] Fix integer overflows in PAC parsing + +In krb5_parse_pac(), check for buffer counts large enough to threaten +integer overflow in the header length and memory length calculations. +Avoid potential integer overflows when checking the length of each +buffer. Credit to OSS-Fuzz for discovering one of the issues. + +CVE-2022-42898: + +In MIT krb5 releases 1.8 and later, an authenticated attacker may be +able to cause a KDC or kadmind process to crash by reading beyond the +bounds of allocated memory, creating a denial of service. A +privileged attacker may similarly be able to cause a Kerberos or GSS +application service to crash. On 32-bit platforms, an attacker can +also cause insufficient memory to be allocated for the result, +potentially leading to remote code execution in a KDC, kadmind, or GSS +or Kerberos application server process. An attacker with the +privileges of a cross-realm KDC may be able to extract secrets from a +KDC process's memory by having them copied into the PAC of a new +ticket. + +(cherry picked from commit ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583) + +ticket: 9074 +version_fixed: 1.19.4 + +Upstream-Status: Backport [https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4] +CVE: CVE-2022-42898 +Signed-off-by: Hitendra Prajapati +--- + src/lib/krb5/krb/pac.c | 9 +++++++-- + src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++ + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c +index cc74f37..70428a1 100644 +--- a/src/lib/krb5/krb/pac.c ++++ b/src/lib/krb5/krb/pac.c +@@ -27,6 +27,8 @@ + #include "k5-int.h" + #include "authdata.h" + ++#define MAX_BUFFERS 4096 ++ + /* draft-brezak-win2k-krb-authz-00 */ + + /* +@@ -316,6 +318,9 @@ krb5_pac_parse(krb5_context context, + if (version != 0) + return EINVAL; + ++ if (cbuffers < 1 || cbuffers > MAX_BUFFERS) ++ return ERANGE; ++ + header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); + if (len < header_len) + return ERANGE; +@@ -348,8 +353,8 @@ krb5_pac_parse(krb5_context context, + krb5_pac_free(context, pac); + return EINVAL; + } +- if (buffer->Offset < header_len || +- buffer->Offset + buffer->cbBufferSize > len) { ++ if (buffer->Offset < header_len || buffer->Offset > len || ++ buffer->cbBufferSize > len - buffer->Offset) { + krb5_pac_free(context, pac); + return ERANGE; + } +diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c +index 7b756a2..2353e9f 100644 +--- a/src/lib/krb5/krb/t_pac.c ++++ b/src/lib/krb5/krb/t_pac.c +@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = { + 0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00 + }; + ++static const unsigned char fuzz1[] = { ++ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, ++ 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5 ++}; ++ ++static const unsigned char fuzz2[] = { ++ 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, ++ 0x20, 0x20 ++}; ++ + static const char *s4u_principal = "w2k8u@ACME.COM"; + static const char *s4u_enterprise = "w2k8u@abc@ACME.COM"; + +@@ -646,6 +656,14 @@ main(int argc, char **argv) + krb5_free_principal(context, sep); + } + ++ /* Check problematic PACs found by fuzzing. */ ++ ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ + /* + * Test empty free + */ +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb index 6e0b2fdacb..cabae374e1 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb @@ -32,6 +32,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://krb5-admin-server.service \ file://CVE-2021-36222.patch;striplevel=2 \ file://CVE-2021-37750.patch;striplevel=2 \ + file://CVE-2022-42898.patch;striplevel=2 \ " SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f" SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134" From patchwork Sun Jan 29 21:00:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 635DAC61D97 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) by mx.groups.io with SMTP id smtpd.web11.25728.1675026047623323710 for ; Sun, 29 Jan 2023 13:00:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=oBnWjCl4; spf=pass (domain: gmail.com, ip: 209.85.167.172, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f172.google.com with SMTP id bg12so1935139oib.5 for ; Sun, 29 Jan 2023 13:00:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hjOVi9DPk/fYQlxNq3TvZxw5kGNRksFLQGYRzNYMXz8=; b=oBnWjCl4mS9AEA23EBReVmD/whHcxNu9VSEXiedD1m2wNqvgnBbh4HdIhzj039E3uj xjv6xkcSvJ6nL2x6WbSwxirKGOYsVR0e89rP5HyUS5JfW8dS3nHJVSWDlh0b3qz2Jlp0 MMUcUvUgIjVNI6qTkvNi3+46AsifX/cKD4DWsIo+ENHtSmyX8OgXKUQieuymiVlYdm70 ciY+CurNoos8l5QNNTpVMrn8uIc7OFuLGNek3C6rDt/kI3vlaLNsgGjJ1f9cX2BjjT8w 5DW0wzKE2tCfpppcgjJtv/WwMeI7UPoPfnpKj10k/iibNBOUwO4tGCCvdfU2z2U4Nc4q HK7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hjOVi9DPk/fYQlxNq3TvZxw5kGNRksFLQGYRzNYMXz8=; b=7njgbPgZOiSGP5ogXjkeTevTviu5jUxprWVI0yP/8pCZiSp/WQpxBeZezuUJ71AYWU QW6UM/uZkBgItkDzZF+RQBcXhWPJZc4bk5ygRjeFW8SKW7d4poR5wbESc2UAVHp5iyLO W1ObDA1GQboIRCUa4ALMnw5HhHsq38zxM8ZUxM5JYEBk9Fc3fENeOgShL0gteNnhicrH hzmGZJH4Wzh0cDR5/eZROIcnh1uYvXgGguuCcajBX8zwqZxKKr3JbIYRsR05kSLoHnsg DpnfGOiLBWhMcyUt23ElZ2tGg0mGdABP5najE4gXv682rg+Cz4CpIUNd8RcpKgEp5KAH ykqA== X-Gm-Message-State: AO0yUKUW0+YbG2mcd1nJNet8r/A+uTfBQ1ZITlfDfCAi1CGThXa+GORW 26pPblvXLBvJPLSTVvulgSmKGtFLGas= X-Google-Smtp-Source: AK7set8Mo4LVHqXlkeinjxtgAXgJ7pKi7bmHAs+olLTqcrkYvCc+Ina4UnI5fqtSDi8kfV636+GZ0w== X-Received: by 2002:a05:6808:18aa:b0:378:bd9:b9ac with SMTP id bi42-20020a05680818aa00b003780bd9b9acmr3036441oib.57.1675026046740; Sun, 29 Jan 2023 13:00:46 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:46 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 06/10] redis: upgrade 7.0.4 to 7.0.5 Date: Sun, 29 Jan 2023 16:00:34 -0500 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100840 From: Changqing Li Signed-off-by: Changqing Li Signed-off-by: Khem Raj (cherry picked from commit c8d9407eec21e1eb3e34b66cac8d11fe13c6e63e) Signed-off-by: Armin Kuster --- .../recipes-extended/redis/{redis_7.0.4.bb => redis_7.0.5.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-extended/redis/{redis_7.0.4.bb => redis_7.0.5.bb} (96%) diff --git a/meta-oe/recipes-extended/redis/redis_7.0.4.bb b/meta-oe/recipes-extended/redis/redis_7.0.5.bb similarity index 96% rename from meta-oe/recipes-extended/redis/redis_7.0.4.bb rename to meta-oe/recipes-extended/redis/redis_7.0.5.bb index 6eb6573768..921f3282f9 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.4.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.5.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f" +SRC_URI[sha256sum] = "67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3" inherit autotools-brokensep update-rc.d systemd useradd From patchwork Sun Jan 29 21:00:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18782 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6673BC636D4 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com [209.85.167.176]) by mx.groups.io with SMTP id smtpd.web11.25725.1675026045420040873 for ; Sun, 29 Jan 2023 13:00:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Ti1saiH1; spf=pass (domain: gmail.com, ip: 209.85.167.176, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f176.google.com with SMTP id s66so8559650oib.7 for ; Sun, 29 Jan 2023 13:00:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/IS1L1TDiaRcUFhO137xqFetTsfoi16pvNbkv/FwOL0=; b=Ti1saiH1XpLQ+zeVXjjP/k2bOYbPZPDIVx+hU9nFbzi5iaXCS0tTbnjJjVywKpjJj6 3o0cU/KoykhhXXU50dfho6wJViu3tCvRTuhrY8fW3YsPfq4N+f0n8FR0NOvQ7xxQjm2S lsTBUySHbYSAly3IX6tRVYaBjJheLsLJpxp66xzr4K8cvZzyJkRBJNP66K4xC/911VA6 XlBcw8CLkRZHpbFfnLTybD1lEUMl3OxdansZmzkdh3I/VMLaQJLahU9YTJLw2huQFgPE HFy76/JX/Z7DSoqqSWKodFMzFCbQ2AoNZ6Hj7tzOCBjOnfc1kcvV332nZQWIGzgyO+HE A4Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/IS1L1TDiaRcUFhO137xqFetTsfoi16pvNbkv/FwOL0=; b=280ubh86u7aobQrRLa8Sw/MFrEiCCRfUATNm0ns/lRoimIVmqb2cM8kxL/NDzNgN+6 F9sNGZr6P2mieUnBHA31BHI2bP9sp/RMUXcHWSFSk2MCFR+eOW/XqVhX22++lQHNnLJ2 N8vuZ+Jv5MANBnFw/P/zuG0bwjUEhF97KEGRMMWYuhz8dQb3Lw8EZqstPcgOOxhZUKUT lPKAKFRyQaAsBd1sZAO1qF2oXcJHCIU2rfW/sDencnaaSAVbU/MRAtmjlYHD/ZNl03FE U5+GofHDwx6Ox2U+RdoPowDgxV5pwTimEyWDKH9V8H/H/FdOHqHHPq156z+9JM79lIrk 2fTg== X-Gm-Message-State: AO0yUKW1FpllOEEY3ExgpmaxIZUfbXZa4DMQLvrEt0ABE52LcVBXb6pt 0oFdxsnqcltVyMMWrBKVs8/0DFjV9xI= X-Google-Smtp-Source: AK7set9RggW9TIPZP7V71Wc/kalSxUpyIB7yGYgcPm5f2SRNWFHcyeNmHl521KXBULZBdRJO15+x0w== X-Received: by 2002:a05:6808:1148:b0:35e:2b7f:daa6 with SMTP id u8-20020a056808114800b0035e2b7fdaa6mr3510840oiu.28.1675026047439; Sun, 29 Jan 2023 13:00:47 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:47 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 07/10] redis: 7.0.5 -> 7.0.7 Date: Sun, 29 Jan 2023 16:00:35 -0500 Message-Id: <24870201060b2505dbb51983ff20d9ce743bb25d.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100841 From: Changqing Li This upgrade include fix for CVE-2022-3647 Signed-off-by: Changqing Li Signed-off-by: Khem Raj (cherry picked from commit d869383b0f9848a07ab3d7fbb5b7f687dce7744a) Signed-off-by: Armin Kuster --- ...006-Define-correct-gregs-for-RISCV32.patch | 20 ++++++++++--------- .../redis/{redis_7.0.5.bb => redis_7.0.7.bb} | 2 +- 2 files changed, 12 insertions(+), 10 deletions(-) rename meta-oe/recipes-extended/redis/{redis_7.0.5.bb => redis_7.0.7.bb} (96%) diff --git a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch index 01f8421811..385b0aeed0 100644 --- a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001 +From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -6,18 +6,17 @@ Subject: [PATCH] Define correct gregs for RISCV32 Upstream-Status: Pending Signed-off-by: Khem Raj -Updated patch for 6.2.1 -Signed-off-by: Yi Fan Yu - +Updated patch for 6.2.8 +Signed-off-by: Changqing Li --- src/debug.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index 2da2c5d..1d778fa 100644 +index ebda858..90bc450 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -25,10 +24,10 @@ index 2da2c5d..1d778fa 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -58,3 +57,6 @@ index 2da2c5d..1d778fa 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-oe/recipes-extended/redis/redis_7.0.5.bb b/meta-oe/recipes-extended/redis/redis_7.0.7.bb similarity index 96% rename from meta-oe/recipes-extended/redis/redis_7.0.5.bb rename to meta-oe/recipes-extended/redis/redis_7.0.7.bb index 921f3282f9..83e617c716 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.5.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.7.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3" +SRC_URI[sha256sum] = "8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586" inherit autotools-brokensep update-rc.d systemd useradd From patchwork Sun Jan 29 21:00:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18780 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6405AC636D0 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) by mx.groups.io with SMTP id smtpd.web11.25729.1675026048864434218 for ; Sun, 29 Jan 2023 13:00:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=L/IMtIgM; spf=pass (domain: gmail.com, ip: 209.85.167.181, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f181.google.com with SMTP id s124so8583265oif.1 for ; Sun, 29 Jan 2023 13:00:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=K0Qiv1kf0m4keNLuYyk0LKoHP7v1UgrxJLkFOdlfJ4E=; b=L/IMtIgMXGwYY4JIj46tc9HG3XqYVTpOgEvoki09of0Ys3ICUQSd+fqfkSo/uDE7e5 QacLJz9K1ZDKNXrkPUT77BZ5DRJkNIb9po+Po3fBmFANuYghUNwU7XsuH05JopnarWVx 9nNtQQNAAKfrKWFwCoHUKo64L9sWFTxouszwrJ9lRA2guKpf0DpAYF7ayAZyxeKH02vf e2fQz7vm+oUuBxQzO/JEL1mOtc0+/JptRfUoyLmxGtM28XVhxapwEFcYKOb9OkLM/aKX Pto/nD0SgsTFm1zn6qjb3nkadH2sTSRonoAp68WPCQARb4+/xO0st7NqSm6JH+gar6ED fnUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K0Qiv1kf0m4keNLuYyk0LKoHP7v1UgrxJLkFOdlfJ4E=; b=R9PaVJjNEJtHe/ILv7c47a/lSgemCOR5+rddvmeWXXLTqogBY2D6oqdQrN02ZVsZwi 73g9LvFjaatNnEcurRwZjS89sjrxLo8txqU+zByHukUYRoDw0fBUAR0OEo/g1BDbI9tU wbP5oc2YZGPiwSoeAQdfV24SGmNcifBJi1A3He8uHiNpa58BLIwg2tC6cNDw3kuVkWty /WhSe5JFunUuxOxLywqaKlBuRDAZUY/fBnh749B/njwqAB+mxae1ZLZ4QLRDUChRo6q+ 7HY9m/zronHb45PFqZMa+T8zBhHDZLdwRKbexPySPPk1W/wbc6HnR2dHT8XZAfFpxa3i 8OQw== X-Gm-Message-State: AO0yUKV5GAE75mtnfIHWTvQzS7uP4E04LWzyk1uS+XtJRWCtoblS3Wfo ZY7hNoS1sND+q+rlXGUcPUrtfKnjLyE= X-Google-Smtp-Source: AK7set/ixzBZ9HdyMiw0/U8i+D5koRrvzi4Vcho84q3upoYS49CwgOA1luqAhDtfFshaZY0l9kLzqw== X-Received: by 2002:a05:6808:1b0d:b0:378:5999:ce8c with SMTP id bx13-20020a0568081b0d00b003785999ce8cmr236180oib.52.1675026048032; Sun, 29 Jan 2023 13:00:48 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:47 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 08/10] grpc: upgrade 1.45.2 -> 1.46.6 Date: Sun, 29 Jan 2023 16:00:36 -0500 Message-Id: <06fb36d33cb35e48c07532a868ddc5ffc2244743.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100842 From: Andrej Valek Backporting the version from master (1.50.1) would a big risk. So use the version 1.46.6 which also includes fixes of bundled z-lib library. Signed-off-by: Andrej Valek Signed-off-by: Armin Kuster --- .../recipes-devtools/grpc/{grpc_1.45.2.bb => grpc_1.46.6.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-devtools/grpc/{grpc_1.45.2.bb => grpc_1.46.6.bb} (97%) diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-oe/recipes-devtools/grpc/grpc_1.46.6.bb similarity index 97% rename from meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb rename to meta-oe/recipes-devtools/grpc/grpc_1.46.6.bb index c2f952fc64..7cf27d1e05 100644 --- a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb +++ b/meta-oe/recipes-devtools/grpc/grpc_1.46.6.bb @@ -20,8 +20,8 @@ RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler" # RDEPENDS:${PN}-dev += "${PN}-compiler" S = "${WORKDIR}/git" -SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7" -BRANCH = "v1.45.x" +SRCREV_grpc = "af855eb64eea02d2f7b68d49c3d4d7a263649104" +BRANCH = "v1.46.x" SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ file://0001-cmake-add-separate-export-for-plugin-targets.patch \ From patchwork Sun Jan 29 21:00:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18778 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56F03C636CD for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com [209.85.167.176]) by mx.groups.io with SMTP id smtpd.web11.25727.1675026046995950153 for ; Sun, 29 Jan 2023 13:00:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=fzSSP1c1; spf=pass (domain: gmail.com, ip: 209.85.167.176, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f176.google.com with SMTP id bx13so2777058oib.13 for ; Sun, 29 Jan 2023 13:00:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Od55+50zt5IIESPxV0PMFrXl9ljx9srODZZQTTBphzk=; b=fzSSP1c1pML3bER69OM7ueJlrVNDLjeQPfAT2KZK2VMAFuxAzXPdnF3Kbo3Cb5Amgh 7HE+7aBN5R5IMdpBVM/PB4tfTYoUK9mawuLZrsFNTFt+jnOHtlz3hs9jJTMu937YRe2G /KQpAkzteVFOofACL+NP1G3//FivCu4I1WYsZXZioSbRJAHjHrzEX5QFHNxHx9AdVal7 Qdyd2GAi0ggLJ/VLjl7tIaoyNRkZ+UmQ2px+qWRtDNVdYxIglTppOVCloGB+R+gYc76F StQV6r8pfuEHS/jjY4wJEIGk8+hVypHxKOa2RNH01hed//JazqWvy8gBR1DdZEQVA3oN YB/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Od55+50zt5IIESPxV0PMFrXl9ljx9srODZZQTTBphzk=; b=rffx+LY/88qjk5wySLNAGaqRIy/tffxNlh28fjX0FK7chVsmm1x8qX5rIHU9O1UL6r T16Nhsq8Z3bAIEO/OD4e73iyIHTSwVofsuAEnrZMi3wEexDSXcI/g8hq2rap9+kvOSZh AKCQ6mTijxCQmHQzRZAdD7dXL0wUT6GD383BZ0ZsRGiO1D6CPLq77DDHwOB0ciXj1kr3 cdIw9qmjxwJYae//8Bo32grvSXLhEH2VO18QEjGt9f52y0Ws3/RpTjwctv6nJKyNHWYT Un27lQw8CGluRmT4p80YdksaerhQEsYGEVl1RKpJtt8iTk4j+zhRDfdobz5ljQcktbka f55w== X-Gm-Message-State: AFqh2krPDpA/jFDkhmUunPhpER5zEifR9Xdu5xQYIF28KPjIRQ+8ZrTw 3IVMAAajYq1VpXIPaS/CuP9jGHhjhkQ= X-Google-Smtp-Source: AMrXdXuIGM40iP1gIVgQdw5rPhnKsAkqc20TIuE8kEfmOYDG7sJWSd6mV3SIuv9aEl1Rv6eCRRR9BA== X-Received: by 2002:a05:6808:1144:b0:364:ebf2:735f with SMTP id u4-20020a056808114400b00364ebf2735fmr29325871oiu.24.1675026048663; Sun, 29 Jan 2023 13:00:48 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:48 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 09/10] nftables: Fix missing leading whitespace with ':append' Date: Sun, 29 Jan 2023 16:00:37 -0500 Message-Id: <0e02dfbd1f9456a59cea5f8da383899f79128222.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100843 From: Niko Mauno Mitigate occurence where ':append' operator is used and leading whitespace character is obviously missing, risking inadvertent string concatenation. Signed-off-by: Niko Mauno Signed-off-by: Khem Raj (cherry picked from commit d25967208bc8c4b1e2099e34150a67508744e4b9) Signed-off-by: Niko Mauno Signed-off-by: Armin Kuster --- meta-networking/recipes-filter/nftables/nftables_1.0.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb index e078be79a1..080a0ed85c 100644 --- a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb +++ b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb @@ -38,7 +38,7 @@ RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json pyt TESTDIR = "tests" -PRIVATE_LIBS:${PN}-ptest:append = "libnftables.so.1" +PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" do_install_ptest() { cp -rf ${S}/build-aux ${D}${PTEST_PATH} From patchwork Sun Jan 29 21:00:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 18779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 546BDC05027 for ; Sun, 29 Jan 2023 21:00:53 +0000 (UTC) Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) by mx.groups.io with SMTP id smtpd.web11.25730.1675026050244231285 for ; Sun, 29 Jan 2023 13:00:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Yb4g0mBn; spf=pass (domain: gmail.com, ip: 209.85.167.177, mailfrom: akuster808@gmail.com) Received: by mail-oi1-f177.google.com with SMTP id o66so8569259oia.6 for ; Sun, 29 Jan 2023 13:00:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fOM153X1ZnnckDtbrpb7WoA3UdJoVvibL7kWDeCo5yk=; b=Yb4g0mBnLGJsmFKd3nU0wHBUPigaDm4o2l95BQaLvNzZbm7gIcyWPtpgtGHc4onjoD 4Sb6wiG/w3wMV5lMHcVA6Y2oeCNjyZyhV7A5JXBTkEYeuTXR8u82nVW44QwMP4NpnWQt hCzx6UUUSl159PTfF0OiNw7ikqeEufLa5boQQItha6wqCVAUU/kZdGAeCBA9z71c3ILx zsIKIOJa2FQqaa+ej0hmJ4WIuHvidu+S0AiHkX/kpGpXQgC2LNq7z5QOqGL1wSkUv/IP ueJLP9a9yZtBY+vAcQy1VsvF91+XeBZuC6Byy4qWTH5uryKgfS52KTbzEivmrVfT7eES pOrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fOM153X1ZnnckDtbrpb7WoA3UdJoVvibL7kWDeCo5yk=; b=pCa1aXWcILUk4n0dbJVMIYf/QGRtxRAHkjGua9SrSDBfmzTf1rv1coPDn68Z6CoQiy 4y353glbRons848c1n04TUBqetj5kwS8jrg0T41PKN++SHsAa5Gpve7OlqAcygZU1Xiu zlX3wlOG5hs++S21ZtdGTVisDd8TPsNu3Pu8l+sCUwi9fZCv4Bud3l4vY3Y7ob2qGJ3W fwtlkh2x0HTgCxDEXHupPtH7j1375x+t5e3sv5SHMy3kZM4BEc41wE14Eklp8jxsWsWK IQPHrU6XUTKTRQOiyjl1tykX4tVgAbHap3Bfm7Mcnul9jgFVfRFFsqbQ2H7cooZhc1ZZ qjaQ== X-Gm-Message-State: AFqh2kpaJXB+pAqDWoMyLrrCzQNHR17m4bGq+fv/QPBA3eNrS994xYW7 uSry3i9Pe2/wjwK7b1txjWq3uv1FMqI= X-Google-Smtp-Source: AMrXdXt/ChdQCyrPPopHmtuhJ9Lt/HmrcPlURu1ZHUck44JyNU7Ch/3u7+K1lpB2EOx60N4cmbq2sg== X-Received: by 2002:a05:6808:1982:b0:367:7633:30dc with SMTP id bj2-20020a056808198200b00367763330dcmr31162589oib.40.1675026049462; Sun, 29 Jan 2023 13:00:49 -0800 (PST) Received: from keaua.attlocal.net ([2600:1700:9190:ba10:9bdc:8bb4:6dc0:aa04]) by smtp.gmail.com with ESMTPSA id m17-20020a0568080f1100b0035028730c90sm4024065oiw.1.2023.01.29.13.00.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Jan 2023 13:00:48 -0800 (PST) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Subject: [kirkstone 10/10] Fix missing leading whitespace with ':append' Date: Sun, 29 Jan 2023 16:00:38 -0500 Message-Id: <16ae3ec7c33f9163feb075cd6727cc134e0d8c13.1675025970.git.akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 29 Jan 2023 21:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/100844 From: Niko Mauno Mitigate occurences where ':append' operator is used and leading whitespace character is obviously missing, risking inadvertent string concatenation. Signed-off-by: Niko Mauno Signed-off-by: Khem Raj (cherry picked from commit 6a87f2ba9cdd4b9689b0d1c86b2e99071d1e069b) Signed-off-by: Niko Mauno Signed-off-by: Armin Kuster --- meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb | 2 +- meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb index c8dabc5ead..44804545de 100644 --- a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb +++ b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master;protocol=https \ file://0001-Include-typeinfo-for-typeid.patch \ file://0001-include-utility-header.patch \ " -SRC_URI:append:libc-musl = "file://fix_build_musl.patch" +SRC_URI:append:libc-musl = " file://fix_build_musl.patch" SRCREV = "73532d6a5faae9c721c2cc9535b8ef32d4d18264" DEPENDS = "\ diff --git a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb index c95a5b2d32..1c2c6e21e0 100644 --- a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb +++ b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb @@ -16,7 +16,7 @@ S = "${WORKDIR}/git" DEPENDS = "openssl" -EXTRA_OEMAKE:append = "PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" +EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" # We want to statically link the binary to libfsverity on native Windows EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1" EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1"