From patchwork Wed Sep 6 12:48:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30094 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3246AEB8FBF for ; Wed, 6 Sep 2023 12:48:42 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web11.7458.1694004512583096555 for ; Wed, 06 Sep 2023 05:48:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HCdQjCje; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-56a8794b5adso2496940a12.2 for ; Wed, 06 Sep 2023 05:48:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004511; x=1694609311; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2gg+WgO+PNx7UeO+acZbzLUHXdPc1wr0evDRSPh+YXU=; b=HCdQjCje1didQVlVVpA5UnC1O29DJJpdAv1SwhotEkDJ9Dd6O4pjsK0shngltFpYNP ohddNXqf9U6Frqz6FDoifkP1bsByff0zSo6Ae+C8VoRklirjQbaHcHjAK3ehCnLqSHcS GCQ3LxhDxo82cRONONO5XWieU7Dkh/0cdRTjHUghjpslqyBTit4B8osi9Ntgu+5H16+m taaPrlQ/qn2RJYJtVcdnyFIcmJXghUxCVHuOF84ybF4moquf+fOmJdSLqwkTVRvHr48G CMJaGcWZ33GYTL/45FwtuI8D49Sla9gpCX1e5SqXeJRg240SOPw/kcakdqZrJhvM0OUz oF8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004511; x=1694609311; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2gg+WgO+PNx7UeO+acZbzLUHXdPc1wr0evDRSPh+YXU=; b=JL/22kbdtmCfyVsPKOewYZHdzKPu/0iGg8vyYVsjzRIEbgVO3g/K05VbkFCRdfty21 l1pD7EppfIaYcz6DAEtZsi0JcCn7PXFyKwj9zO5Kt19e0dBoVMWo3bMTetgbuCVpDtOY wceRhw6dM2irzA4wGOPNKlnsRMyztfxQVaPvbvS8KAXBtHe/N8MtjUHHv4NiFOEd0y5u Z9PDwig5KL5BUQLVUEdxtrhwFcqn7tmpMZdueMBXl+sm4MyYq8vage6qmI1SIFnQdX/r p5Y/RbanljJsQ3SuGcioWhEufm635dwlLNSKOmYIKUXtofBad3PTP40oOnBDHYN0OyTp /tRg== X-Gm-Message-State: AOJu0YwGpRAPo8OKN8J+ID/EkktxRfXpRs89bB3GiJOJxWrHk4h7skXh mP4XpZjfpLJAHjwRpRCRj+4uR2cpUToRVi50ryw= X-Google-Smtp-Source: AGHT+IH0XhOvRdH4MTM4VG2Rjslz36WMq+8adzx7U79HGUvJ+knm3jENl00FtHVarjSOIFjEOxrtTQ== X-Received: by 2002:a17:90a:3e85:b0:271:9e59:df28 with SMTP id k5-20020a17090a3e8500b002719e59df28mr14547177pjc.29.1694004511401; Wed, 06 Sep 2023 05:48:31 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/14] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618 Date: Wed, 6 Sep 2023 02:48:08 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187297 From: Hitendra Prajapati Backport fixes for: * CVE-2023-2908 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f * CVE-2023-3316 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 * CVE-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2023-2908.patch | 33 +++++++++++ .../libtiff/tiff/CVE-2023-3316.patch | 59 +++++++++++++++++++ .../libtiff/tiff/CVE-2023-3618-1.patch | 34 +++++++++++ .../libtiff/tiff/CVE-2023-3618-2.patch | 47 +++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 ++ 5 files changed, 177 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch new file mode 100644 index 0000000000..cf94fd23d8 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch @@ -0,0 +1,33 @@ +From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001 +From: xiaoxiaoafeifei +Date: Fri, 21 Apr 2023 13:01:34 +0000 +Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`: + applying zero offset to null pointer + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f] +CVE: CVE-2023-2908 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_dir.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 349dfe4..1402c8e 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -145,10 +145,10 @@ static uint16_t + countInkNamesString(TIFF *tif, uint32_t slen, const char *s) + { + uint16_t i = 0; +- const char *ep = s + slen; +- const char *cp = s; + + if (slen > 0) { ++ const char *ep = s + slen; ++ const char *cp = s; + do { + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch new file mode 100644 index 0000000000..1aa4ba45ac --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch @@ -0,0 +1,59 @@ +From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Fri, 3 Feb 2023 17:38:55 +0100 +Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515 + +Closes #515 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536] +CVE: CVE-2023-3316 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_close.c | 11 +++++++---- + tools/tiffcrop.c | 5 ++++- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c +index 674518a..0fe7af4 100644 +--- a/libtiff/tif_close.c ++++ b/libtiff/tif_close.c +@@ -118,13 +118,16 @@ TIFFCleanup(TIFF* tif) + */ + + void +-TIFFClose(TIFF* tif) ++TIFFClose(TIFF *tif) + { +- TIFFCloseProc closeproc = tif->tif_closeproc; +- thandle_t fd = tif->tif_clientdata; ++ if (tif != NULL) ++ { ++ TIFFCloseProc closeproc = tif->tif_closeproc; ++ thandle_t fd = tif->tif_clientdata; + + TIFFCleanup(tif); +- (void) (*closeproc)(fd); ++ (void)(*closeproc)(fd); ++ } + } + + /* vim: set ts=8 sts=8 sw=8 noet: */ +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index ce77c74..cd49660 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2548,7 +2548,10 @@ main(int argc, char* argv[]) + } + } + +- TIFFClose(out); ++ if (out != NULL) ++ { ++ TIFFClose(out); ++ } + + return (0); + } /* end main */ +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch new file mode 100644 index 0000000000..8f55d2b496 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch @@ -0,0 +1,34 @@ +From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001 +From: zhailiangliang +Date: Tue, 7 Mar 2023 15:02:08 +0800 +Subject: [PATCH] Fix memory leak in tiffcrop.c + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37] +CVE: CVE-2023-3618 +Signed-off-by: Hitendra Prajapati +--- + tools/tiffcrop.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index cd49660..0d02f56 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -7839,8 +7839,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + + read_buff = *read_buff_ptr; + ++ /* Memory is freed before crop_buff_ptr is overwritten */ ++ if (*crop_buff_ptr != NULL) ++ { ++ _TIFFfree(*crop_buff_ptr); ++ } ++ + /* process full image, no crop buffer needed */ +- crop_buff = read_buff; + *crop_buff_ptr = read_buff; + crop->combined_width = image->width; + crop->combined_length = image->length; +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch new file mode 100644 index 0000000000..4179145722 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch @@ -0,0 +1,47 @@ +From b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Fri, 5 May 2023 19:43:46 +0200 +Subject: [PATCH] Consider error return of writeSelections(). Fixes #553 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8] +CVE: CVE-2023-3618 +Signed-off-by: Hitendra Prajapati +--- + tools/tiffcrop.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 0d02f56..8cbeb68 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2459,9 +2459,15 @@ main(int argc, char* argv[]) + { /* Whole image or sections not based on output page size */ + if (crop.selections > 0) + { +- writeSelections(in, &out, &crop, &image, &dump, seg_buffs, +- mp, argv[argc - 1], &next_page, total_pages); +- } ++ if (writeSelections(in, &out, &crop, &image, &dump, ++ seg_buffs, mp, argv[argc - 1], ++ &next_page, total_pages)) ++ { ++ TIFFError("main", ++ "Unable to write new image selections"); ++ exit(EXIT_FAILURE); ++ } ++ } + else /* One file all images and sections */ + { + if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1], +@@ -7842,7 +7848,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + /* Memory is freed before crop_buff_ptr is overwritten */ + if (*crop_buff_ptr != NULL) + { +- _TIFFfree(*crop_buff_ptr); ++ _TIFFfree(*crop_buff_ptr); + } + + /* process full image, no crop buffer needed */ +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 4796dfde24..8e69621afb 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -38,6 +38,10 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-25433.patch \ file://CVE-2023-25434-CVE-2023-25435.patch \ file://CVE-2023-26965.patch \ + file://CVE-2023-2908.patch \ + file://CVE-2023-3316.patch \ + file://CVE-2023-3618-1.patch \ + file://CVE-2023-3618-2.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" From patchwork Wed Sep 6 12:48:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30095 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F763EB8FC2 for ; Wed, 6 Sep 2023 12:48:42 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web11.7462.1694004516538576212 for ; Wed, 06 Sep 2023 05:48:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vmXQJfSD; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-573e67cc6eeso1053193a12.2 for ; Wed, 06 Sep 2023 05:48:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004515; x=1694609315; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=h12FwZpIaburPlO7r/zXqlz30l/XfCpNcRH5PiYPgGE=; b=vmXQJfSDqtk2sr7E++fSKfMa0ks55Z6Jbbao1vX4M2yKPreZZzpUZNsU6npUrnZjDa rn5p6zcp7DeRasRimRNfa3LuCF/A5/Y/bfIpRywag3AXUaGcFHrVkLzBtZOcrlWUJpMs zTCE8UlFEnHHUyJlHGExiY6Z4EircBwW0PRG0MVag8GTnJpUFZj6tRl50a+PwMU3uQ0K WTn6Jn5oyLSvPEM97ZNHYQzzk4JeQ65TfNXT8mIvbh4C7wCSbg7jwUHMRnCRyvfzgXbz YRKDllUlhypoerpvya0vtKmWKuIwAQ2yVLXJdJWurrb7oCvVfN7mPUnDcAq6utT5B99M 182w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004515; x=1694609315; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h12FwZpIaburPlO7r/zXqlz30l/XfCpNcRH5PiYPgGE=; b=GxXupBYUlR3Ft8MU6P7d3i0XHKHEpGi5CWVlTuhMQqxOttv4FM6B6zU/DJzb1ywbx/ ssIlQGQcC3H0CIORULU1RIv9MFssI9iWiR44ecbLArI90CADEwcPXiRSiYzJYTaOm+qD n3dmaAQJl6NUR1lWLhu8uJHl2h6BV4IL/UyNNV9MuQBj0ICTNaF+zHYFmuU5O3khei7H e0Rn0RplC2ETERfejeOVJMB3ZaHU6NxJfXdcN/ljJLZAuFMPwwD22AY5MytapaulqSDN x64BiRLbJvOkDbANkMgBsV9sRFXjgtEwpMQwKsWZ2A7AMtK/zR6K6XWaQZolxoo66PN4 23UQ== X-Gm-Message-State: AOJu0Yyq6KaNwjEcZ1a+vWXrbfjYKSskhozUHO8wBpYIyw2fNTovBnr2 N6PerAinmwIfA3DGs9cKQWkNTgNwdmEbwYfjiuc= X-Google-Smtp-Source: AGHT+IHbwAjPfZybDnDvOCvVF9J1a5UpYPN0hgxaNRuClM9w/56cWaLG1cqKKfNGPxAV9DVeaXbTeg== X-Received: by 2002:a17:90a:ca87:b0:263:1f1c:ef4d with SMTP id y7-20020a17090aca8700b002631f1cef4dmr11817297pjt.10.1694004513662; Wed, 06 Sep 2023 05:48:33 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/14] inetutils: Backport fix for CVE-2023-40303 Date: Wed, 6 Sep 2023 02:48:09 -1000 Message-Id: <2d2fc8e2b0eaa20f6bf8cfc0d1acd908f3dac2ec.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187299 From: Vijay Anusuri Upstream-commit: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 & https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- ...tpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 280 ++++++++++++++++++ ...03-Indent-changes-in-previous-commit.patch | 254 ++++++++++++++++ .../inetutils/inetutils_2.2.bb | 2 + 3 files changed, 536 insertions(+) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch new file mode 100644 index 0000000000..7f5baf3637 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch @@ -0,0 +1,280 @@ +From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux +Date: Fri, 30 Jun 2023 19:02:45 +0200 +Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check + set*id() return values + +Several setuid(), setgid(), seteuid() and setguid() return values +were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially +leading to potential security issues. + +CVE: CVE-2023-40303 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6] +Signed-off-by: Jeffrey Bencteux +Signed-off-by: Simon Josefsson +Signed-off-by: Khem Raj +Signed-off-by: Vijay Anusuri +--- + ftpd/ftpd.c | 10 +++++++--- + src/rcp.c | 39 +++++++++++++++++++++++++++++++++------ + src/rlogin.c | 11 +++++++++-- + src/rsh.c | 25 +++++++++++++++++++++---- + src/rshd.c | 20 +++++++++++++++++--- + src/uucpd.c | 15 +++++++++++++-- + 6 files changed, 100 insertions(+), 20 deletions(-) + +diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c +index 92b2cca5..28dd523f 100644 +--- a/ftpd/ftpd.c ++++ b/ftpd/ftpd.c +@@ -862,7 +862,9 @@ end_login (struct credentials *pcred) + char *remotehost = pcred->remotehost; + int atype = pcred->auth_type; + +- seteuid ((uid_t) 0); ++ if (seteuid ((uid_t) 0) == -1) ++ _exit (EXIT_FAILURE); ++ + if (pcred->logged_in) + { + logwtmp_keep_open (ttyline, "", ""); +@@ -1151,7 +1153,8 @@ getdatasock (const char *mode) + + if (data >= 0) + return fdopen (data, mode); +- seteuid ((uid_t) 0); ++ if (seteuid ((uid_t) 0) == -1) ++ _exit (EXIT_FAILURE); + s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0); + if (s < 0) + goto bad; +@@ -1978,7 +1981,8 @@ passive (int epsv, int af) + else /* !AF_INET6 */ + ((struct sockaddr_in *) &pasv_addr)->sin_port = 0; + +- seteuid ((uid_t) 0); ++ if (seteuid ((uid_t) 0) == -1) ++ _exit (EXIT_FAILURE); + if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0) + { + if (seteuid ((uid_t) cred.uid)) +diff --git a/src/rcp.c b/src/rcp.c +index 75adb253..cdcf8500 100644 +--- a/src/rcp.c ++++ b/src/rcp.c +@@ -345,14 +345,23 @@ main (int argc, char *argv[]) + if (from_option) + { /* Follow "protocol", send data. */ + response (); +- setuid (userid); ++ ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } ++ + source (argc, argv); + exit (errs); + } + + if (to_option) + { /* Receive data. */ +- setuid (userid); ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } ++ + sink (argc, argv); + exit (errs); + } +@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[]) + if (response () < 0) + exit (EXIT_FAILURE); + free (bp); +- setuid (userid); ++ ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } + } + source (1, argv + i); + close (rem); +@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[]) + ++errs; + continue; + } +- seteuid (userid); ++ ++ if (seteuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } ++ + #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT + sslen = sizeof (ss); + (void) getpeername (rem, (struct sockaddr *) &ss, &sslen); +@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[]) + #endif + vect[0] = target; + sink (1, vect); +- seteuid (effuid); ++ ++ if (seteuid (effuid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } ++ + close (rem); + rem = -1; + #ifdef SHISHI +@@ -1441,7 +1464,11 @@ susystem (char *s, int userid) + return (127); + + case 0: +- setuid (userid); ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } ++ + execl (PATH_BSHELL, "sh", "-c", s, NULL); + _exit (127); + } +diff --git a/src/rlogin.c b/src/rlogin.c +index aa6426fb..c543de0c 100644 +--- a/src/rlogin.c ++++ b/src/rlogin.c +@@ -647,8 +647,15 @@ try_connect: + /* Now change to the real user ID. We have to be set-user-ID root + to get the privileged port that rcmd () uses. We now want, however, + to run as the real user who invoked us. */ +- seteuid (uid); +- setuid (uid); ++ if (seteuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } ++ ++ if (setuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } + + doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ + +diff --git a/src/rsh.c b/src/rsh.c +index 2d622ca4..6f60667d 100644 +--- a/src/rsh.c ++++ b/src/rsh.c +@@ -276,8 +276,17 @@ main (int argc, char **argv) + { + if (asrsh) + *argv = (char *) "rlogin"; +- seteuid (getuid ()); +- setuid (getuid ()); ++ ++ if (seteuid (getuid ()) == -1) ++ { ++ error (EXIT_FAILURE, errno, "seteuid() failed"); ++ } ++ ++ if (setuid (getuid ()) == -1) ++ { ++ error (EXIT_FAILURE, errno, "setuid() failed"); ++ } ++ + execv (PATH_RLOGIN, argv); + error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); + } +@@ -541,8 +550,16 @@ try_connect: + error (0, errno, "setsockopt DEBUG (ignored)"); + } + +- seteuid (uid); +- setuid (uid); ++ if (seteuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, errno, "seteuid() failed"); ++ } ++ ++ if (setuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, errno, "setuid() failed"); ++ } ++ + #ifdef HAVE_SIGACTION + sigemptyset (&sigs); + sigaddset (&sigs, SIGINT); +diff --git a/src/rshd.c b/src/rshd.c +index d1c0d0cd..707790e7 100644 +--- a/src/rshd.c ++++ b/src/rshd.c +@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) + pwd->pw_shell = PATH_BSHELL; + + /* Set the gid, then uid to become the user specified by "locuser" */ +- setegid ((gid_t) pwd->pw_gid); +- setgid ((gid_t) pwd->pw_gid); ++ if (setegid ((gid_t) pwd->pw_gid) == -1) ++ { ++ rshd_error ("Cannot drop privileges (setegid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } ++ ++ if (setgid ((gid_t) pwd->pw_gid) == -1) ++ { ++ rshd_error ("Cannot drop privileges (setgid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } ++ + #ifdef HAVE_INITGROUPS + initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ + #endif +@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) + } + #endif /* WITH_PAM */ + +- setuid ((uid_t) pwd->pw_uid); ++ if (setuid ((uid_t) pwd->pw_uid) == -1) ++ { ++ rshd_error ("Cannot drop privileges (setuid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } + + /* We'll execute the client's command in the home directory + * of locuser. Note, that the chdir must be executed after +diff --git a/src/uucpd.c b/src/uucpd.c +index 107589e1..29cfce35 100644 +--- a/src/uucpd.c ++++ b/src/uucpd.c +@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen) + snprintf (Username, sizeof (Username), "USER=%s", user); + snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user); + dologin (pw, sap, salen); +- setgid (pw->pw_gid); ++ ++ if (setgid (pw->pw_gid) == -1) ++ { ++ fprintf (stderr, "setgid() failed"); ++ return; ++ } + #ifdef HAVE_INITGROUPS + initgroups (pw->pw_name, pw->pw_gid); + #endif +@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen) + fprintf (stderr, "Login incorrect."); + return; + } +- setuid (pw->pw_uid); ++ ++ if (setuid (pw->pw_uid) == -1) ++ { ++ fprintf (stderr, "setuid() failed"); ++ return; ++ } ++ + execl (uucico_location, "uucico", NULL); + perror ("uucico server: execl"); + } diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch new file mode 100644 index 0000000000..4bc354d256 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch @@ -0,0 +1,254 @@ +From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson +Date: Mon, 31 Jul 2023 13:59:05 +0200 +Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit. + +CVE: CVE-2023-40303 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d] +Signed-off-by: Khem Raj +Signed-off-by: Vijay Anusuri +--- + src/rcp.c | 42 ++++++++++++++++++++++++------------------ + src/rlogin.c | 12 ++++++------ + src/rsh.c | 24 ++++++++++++------------ + src/rshd.c | 24 ++++++++++++------------ + src/uucpd.c | 16 ++++++++-------- + 5 files changed, 62 insertions(+), 56 deletions(-) + +diff --git a/src/rcp.c b/src/rcp.c +index cdcf8500..652f22e6 100644 +--- a/src/rcp.c ++++ b/src/rcp.c +@@ -347,9 +347,10 @@ main (int argc, char *argv[]) + response (); + + if (setuid (userid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, ++ "Could not drop privileges (setuid() failed)"); ++ } + + source (argc, argv); + exit (errs); +@@ -358,9 +359,10 @@ main (int argc, char *argv[]) + if (to_option) + { /* Receive data. */ + if (setuid (userid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, ++ "Could not drop privileges (setuid() failed)"); ++ } + + sink (argc, argv); + exit (errs); +@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[]) + free (bp); + + if (setuid (userid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, ++ "Could not drop privileges (setuid() failed)"); ++ } + } + source (1, argv + i); + close (rem); +@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[]) + } + + if (seteuid (userid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, ++ "Could not drop privileges (seteuid() failed)"); ++ } + + #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT + sslen = sizeof (ss); +@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[]) + sink (1, vect); + + if (seteuid (effuid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, ++ "Could not drop privileges (seteuid() failed)"); ++ } + + close (rem); + rem = -1; +@@ -1465,9 +1470,10 @@ susystem (char *s, int userid) + + case 0: + if (setuid (userid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, ++ "Could not drop privileges (setuid() failed)"); ++ } + + execl (PATH_BSHELL, "sh", "-c", s, NULL); + _exit (127); +diff --git a/src/rlogin.c b/src/rlogin.c +index c543de0c..4360202f 100644 +--- a/src/rlogin.c ++++ b/src/rlogin.c +@@ -648,14 +648,14 @@ try_connect: + to get the privileged port that rcmd () uses. We now want, however, + to run as the real user who invoked us. */ + if (seteuid (uid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } + + if (setuid (uid) == -1) +- { +- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); +- } ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } + + doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ + +diff --git a/src/rsh.c b/src/rsh.c +index 6f60667d..179b47cd 100644 +--- a/src/rsh.c ++++ b/src/rsh.c +@@ -278,14 +278,14 @@ main (int argc, char **argv) + *argv = (char *) "rlogin"; + + if (seteuid (getuid ()) == -1) +- { +- error (EXIT_FAILURE, errno, "seteuid() failed"); +- } ++ { ++ error (EXIT_FAILURE, errno, "seteuid() failed"); ++ } + + if (setuid (getuid ()) == -1) +- { +- error (EXIT_FAILURE, errno, "setuid() failed"); +- } ++ { ++ error (EXIT_FAILURE, errno, "setuid() failed"); ++ } + + execv (PATH_RLOGIN, argv); + error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); +@@ -551,14 +551,14 @@ try_connect: + } + + if (seteuid (uid) == -1) +- { +- error (EXIT_FAILURE, errno, "seteuid() failed"); +- } ++ { ++ error (EXIT_FAILURE, errno, "seteuid() failed"); ++ } + + if (setuid (uid) == -1) +- { +- error (EXIT_FAILURE, errno, "setuid() failed"); +- } ++ { ++ error (EXIT_FAILURE, errno, "setuid() failed"); ++ } + + #ifdef HAVE_SIGACTION + sigemptyset (&sigs); +diff --git a/src/rshd.c b/src/rshd.c +index 707790e7..3a153a18 100644 +--- a/src/rshd.c ++++ b/src/rshd.c +@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) + + /* Set the gid, then uid to become the user specified by "locuser" */ + if (setegid ((gid_t) pwd->pw_gid) == -1) +- { +- rshd_error ("Cannot drop privileges (setegid() failed)\n"); +- exit (EXIT_FAILURE); +- } ++ { ++ rshd_error ("Cannot drop privileges (setegid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } + + if (setgid ((gid_t) pwd->pw_gid) == -1) +- { +- rshd_error ("Cannot drop privileges (setgid() failed)\n"); +- exit (EXIT_FAILURE); +- } ++ { ++ rshd_error ("Cannot drop privileges (setgid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } + + #ifdef HAVE_INITGROUPS + initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ +@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) + #endif /* WITH_PAM */ + + if (setuid ((uid_t) pwd->pw_uid) == -1) +- { +- rshd_error ("Cannot drop privileges (setuid() failed)\n"); +- exit (EXIT_FAILURE); +- } ++ { ++ rshd_error ("Cannot drop privileges (setuid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } + + /* We'll execute the client's command in the home directory + * of locuser. Note, that the chdir must be executed after +diff --git a/src/uucpd.c b/src/uucpd.c +index 29cfce35..fde7b9c9 100644 +--- a/src/uucpd.c ++++ b/src/uucpd.c +@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen) + dologin (pw, sap, salen); + + if (setgid (pw->pw_gid) == -1) +- { +- fprintf (stderr, "setgid() failed"); +- return; +- } ++ { ++ fprintf (stderr, "setgid() failed"); ++ return; ++ } + #ifdef HAVE_INITGROUPS + initgroups (pw->pw_name, pw->pw_gid); + #endif +@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen) + } + + if (setuid (pw->pw_uid) == -1) +- { +- fprintf (stderr, "setuid() failed"); +- return; +- } ++ { ++ fprintf (stderr, "setuid() failed"); ++ return; ++ } + + execl (uucico_location, "uucico", NULL); + perror ("uucico server: execl"); diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index d8062e2b21..6f9173dbc1 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb @@ -22,6 +22,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ file://CVE-2022-39028.patch \ + file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \ + file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \ " inherit autotools gettext update-alternatives texinfo From patchwork Wed Sep 6 12:48:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30096 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33A71EB8FC0 for ; Wed, 6 Sep 2023 12:48:42 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web11.7461.1694004516281455723 for ; Wed, 06 Sep 2023 05:48:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nRRaQff5; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-26fc9e49859so2354862a91.0 for ; Wed, 06 Sep 2023 05:48:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004515; x=1694609315; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WmdWaHoaL7p2SOubT49UylIqXbHt/Tnh1KMw0CuOc4k=; b=nRRaQff576pbnkkfqxdFrA5PV3Nr86AjhnQRHhjhXG5Pc1jGcZA69UG78q1PMus1gg Al0wfBvDOBkGF1C0QTCK3vNxjZ9QiUtISfCkyepKNjGjukdJRIB9vpKSxMs5f3cTE02H YBHAycLWS6joo2ni6fyMOobxs6bDS0qKR4kOW/2BCHSJ7XIZQnqjRac1sdaIfCHToY9a TaD4+/FJcaxS/1G0NYrlJp2hmHNQVxyEmICYXasZbaO55d/X6WH3NuxK/g6fmYOHa+HR mc4mMUuHPTs8IlWDmm8jZX+ET8VALj6bYxb6zQpQjAjF0Yzy4hGcoaK1zMlLXqs3kR4C L/BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004515; x=1694609315; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WmdWaHoaL7p2SOubT49UylIqXbHt/Tnh1KMw0CuOc4k=; b=QwRYr1YXq1L1oqbiaTLjamhS4mAP62uRHYbTOWyS/TSxHSOV7NOL1yfju2UkLJpGqD a+5gR9xlFzSH/xF3/UE2VaKbi0BC3PRd84QybqAa73v1+3O0NUHIG0UeoLgDPxQynGBV fyQCikVkNU/nuU9bn/E0n882LChYfqPpdRtz1MjdT6BWfQbBtGKdoG1P3iUE/ISRItTS 5rMS20VqWGgEKD0VtwQIwh+ywJcJ/Uyvl61XPNe95wB0RuXvFG5JW33w7plMCtc4v/1F tYWEqNUBGQe7GFe6/957nMIx97+vEHDUXxZo78LH+7vpcShc/dD8/4MWYG5t7ZwewfR9 29Sw== X-Gm-Message-State: AOJu0YxfsPb3MgCoJYPHBd44dpxbtNK7/aEgu9OvwEbxutNqm2UxQedm YI/+kMlgWQ5dNecOBqmOCVskFSdFPIQCqWfxQLY= X-Google-Smtp-Source: AGHT+IFeIyhpSz8GdJXOPHTkXPBpPZlP6w5A5yVHma/YZrn7tKlWpc2Mydpv2zxIiytvQ0D1XSLlhg== X-Received: by 2002:a17:90a:138e:b0:268:3f6d:9751 with SMTP id i14-20020a17090a138e00b002683f6d9751mr13016938pja.23.1694004515387; Wed, 06 Sep 2023 05:48:35 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/14] libtiff: fix CVE-2023-26966 Buffer Overflow Date: Wed, 6 Sep 2023 02:48:10 -1000 Message-Id: <0619953c9d87ec2dd670dc50f15170e5c42f95c7.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187298 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2023-26966.patch | 35 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch new file mode 100644 index 0000000000..85764304f9 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch @@ -0,0 +1,35 @@ +From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Thu, 16 Feb 2023 12:03:16 +0100 +Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode(). + +Closes #530 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9] +CVE: CVE-2023-26966 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_luv.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c +index 13765ea..40b2719 100644 +--- a/libtiff/tif_luv.c ++++ b/libtiff/tif_luv.c +@@ -908,6 +908,13 @@ uv_encode(double u, double v, int em) /* encode (u',v') coordinates */ + { + register int vi, ui; + ++ /* check for NaN */ ++ if (u != u || v != v) ++ { ++ u = U_NEU; ++ v = V_NEU; ++ } ++ + if (v < UV_VSTART) + return oog_encode(u, v); + vi = tiff_itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em); +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 8e69621afb..61d8142e41 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -42,6 +42,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-3316.patch \ file://CVE-2023-3618-1.patch \ file://CVE-2023-3618-2.patch \ + file://CVE-2023-26966.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" From patchwork Wed Sep 6 12:48:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30098 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55BDDEB8FC5 for ; Wed, 6 Sep 2023 12:48:42 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web11.7464.1694004518097829659 for ; Wed, 06 Sep 2023 05:48:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=BUyXUDKT; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1c364fb8a4cso3267215ad.1 for ; Wed, 06 Sep 2023 05:48:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004517; x=1694609317; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LP2pLOuCvFHoZLA6YF+BJtWSjfkhl8varVM9Ga9LTXo=; b=BUyXUDKT1zCIsrQxTwE1jKdE8rvTiKkyyQshhFLn1O1ITZ+bMJv+UEHVR6Cd1YVTH8 BvpnbSfuWFEJJf2M4QW7Oh/y6LfdtmiEDdJ7y3thALzi0tjq6cDRF25ed8aOP2+tT3Oa 3AgcQBLg5e5iCVSabRHM5uCqPEavmlWeuJAwG9Y4saXk0G65I0Ph3cjaeGveJ9aIb/XA RsdkMXzqVWTjdQi6oNhMZnfgNdD2DnEIKVP1yf/SxnV/Tx+Re23VtJgtIGIfgmVoKZ0S OzLl3BGWQpAY0NPIdFc5+h8PNmgXFNktS2V8IcKB/wY9RKnOFCHYMNoeXZru12vwBmBE L+TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004517; x=1694609317; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LP2pLOuCvFHoZLA6YF+BJtWSjfkhl8varVM9Ga9LTXo=; b=P4cid2VKEist7GWjZ0zFclIlmc4QgsmkwjHfUuPjQ7EYy1gorplVwGmNLtRAd1mrN7 bGJtkhPkFksCqCIrzDL/fu4zyC/pf2FVRYFQbhBKTSCVyfOLOR48R6Y0kNtv0/xVWCrS q30Zr5UUaVcnXW7EFsMFFeBt4vqnCkXPfi1ACMwkxDgiu+gFBWyQx3Ztu3ujDpzpcuVe aLbGbLI+O4Sz46SqLWlrsmn+Sntk858M/2aeJNCrXa/3rNbc1oWA6X8avwDFYmzrIFTm j07sdjjU5ugYWe/cqCWuyUgzjGeHfu6pfAwi0QVgmMGFya0+I/MDgOIq69YnAaGTX3Lk XROg== X-Gm-Message-State: AOJu0YwCauN+a+FsMPLe4HcQKjxmUMMtkpmHUptqA2VYmttC/F3Urffo K8ffXFD1/efOEFImQ+WttmFpQxsfUgzz8gABoms= X-Google-Smtp-Source: AGHT+IHnCwa1G9QlpFaxU0ENDKF7OYW2zmoyygBreLcozx/ezRy1MiOp73RHWvRUFrHjpUeMnBil+Q== X-Received: by 2002:a17:90b:1e4e:b0:268:46fb:df32 with SMTP id pi14-20020a17090b1e4e00b0026846fbdf32mr14841896pjb.34.1694004517051; Wed, 06 Sep 2023 05:48:37 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/14] json-c: fix CVE-2021-32292 Date: Wed, 6 Sep 2023 02:48:11 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187300 From: Adrian Freihofer This is a read past end of buffer issue in the json_parse test app, which can happened with malformed json data. It's not an issue with the library itself. For what ever reason this CVE has a base score of 9.8. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-32292 Upstream issue: https://github.com/json-c/json-c/issues/654 The CVE is fixed with version 0.16 (which is already in all active branches of poky). Signed-off-by: Adrian Freihofer Signed-off-by: Steve Sakoman --- .../json-c/json-c/CVE-2021-32292.patch | 30 +++++++++++++++++++ meta/recipes-devtools/json-c/json-c_0.15.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch new file mode 100644 index 0000000000..28da522115 --- /dev/null +++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch @@ -0,0 +1,30 @@ +From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001 +From: Marc <34656315+MarcT512@users.noreply.github.com> +Date: Fri, 7 Aug 2020 10:49:45 +0100 +Subject: [PATCH] Fix read past end of buffer + +Fixes: CVE-2021-32292 +Issue: https://github.com/json-c/json-c/issues/654 + +Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec] +CVE: CVE-2021-32292 + +Signed-off-by: Adrian Freihofer +--- + apps/json_parse.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/apps/json_parse.c b/apps/json_parse.c +index bba4622..72b31a8 100644 +--- a/apps/json_parse.c ++++ b/apps/json_parse.c +@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *)) + int parse_end = json_tokener_get_parse_end(tok); + if (obj == NULL && jerr != json_tokener_continue) + { +- char *aterr = &buf[start_pos + parse_end]; ++ char *aterr = (start_pos + parse_end < sizeof(buf)) ? ++ &buf[start_pos + parse_end] : ""; + fflush(stdout); + int fail_offset = total_read - ret + start_pos + parse_end; + fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset, diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb index 7cbed55b3b..4da30bc50c 100644 --- a/meta/recipes-devtools/json-c/json-c_0.15.bb +++ b/meta/recipes-devtools/json-c/json-c_0.15.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2" SRC_URI = " \ https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \ file://run-ptest \ + file://CVE-2021-32292.patch \ " SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6" From patchwork Wed Sep 6 12:48:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30099 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56A17EB8FC6 for ; Wed, 6 Sep 2023 12:48:42 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web10.7683.1694004519899094177 for ; Wed, 06 Sep 2023 05:48:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=sa2dirnw; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-269304c135aso2535414a91.3 for ; Wed, 06 Sep 2023 05:48:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004519; x=1694609319; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ToKjzNrlASTVP4JSCFJlwuC9trD0ITKCpu1E6htVoRc=; b=sa2dirnwsrNcFGFWpjgivV+YCjNtTIW0P8j3AqHLmCDwfOhQuABRqveD+C8k7UVMlY JPu0uawDw1q+5pP4Ty2i62Bs+8PYkmUCDfr1xXOEaXqHEgN3nmTN6PHI5TmXYp5j8IIf 5xsXAwP3DANUu/CMp8EDP092B22Dvaoc0WleDCQg1eO3FoX4mUJboGxvY5gBHzNpQfIS zxli9on2CxZbGQ8XXs0660M4+oMyBD5ZISyvQruzol3wl7vFEA9SpgLrlMohHV9H+wci kUVyFWSFq9xf6oHpBb03BnSFG0H1gYo+qxfbJ6zAt+OHRVYuNV2fey34SCPo8i60Vjv8 e+3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004519; x=1694609319; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ToKjzNrlASTVP4JSCFJlwuC9trD0ITKCpu1E6htVoRc=; b=Xx7gYhwVLRTDFp7GVPk+gO1/4zkyzTHtPtFxL0abktkmHfTWZLSzgtherFzAYRvIgy ObZuoFIo/uQTfpjK9T6t7p2mBG+7b0r1eXjd3VF4CQrDpCCordZXLpNDg5Thi8FacIvn sMx3m5jiU84R1qLmH48YgPSb7NiE+jZ4bYRy9IIfh4gkavboFBnU1YrmdfnKotBmdx89 wwRdAMdwQwgkyb34hECKcnT+B53JjAobvfiFuaJscejaKysLiD2U8cEk9Y4b+dduXfvo vdGyPgnny/x1gbO7fwzX6AipBjwoD8gOM1YVW155rcGoY9l2XgArmMi1ZeeZOn3xas7b rg+w== X-Gm-Message-State: AOJu0Ywu+lbisSOVS+PQjcp8GFFWmzrhE4saffSeAxeQMht49yuirodI Z9lBmXA4iJsRFHM/X/dCH3B4k+QXwe+1auhscL4= X-Google-Smtp-Source: AGHT+IFd9RJUGNz0jYnKAyzpPWyD/52eXEUAZyYozDgSN9lUh6sU333k7SWIk41JSiJg9K+cljbAjw== X-Received: by 2002:a17:90a:a790:b0:262:e6d2:2d6 with SMTP id f16-20020a17090aa79000b00262e6d202d6mr15455609pjq.47.1694004518739; Wed, 06 Sep 2023 05:48:38 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:38 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/14] ncurses: fix CVE-2023-29491 Date: Wed, 6 Sep 2023 02:48:12 -1000 Message-Id: <4d79b1cc4178ba88830bab59a45163bbddf586ce.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187301 From: Soumya Sambu Backport patch to fix CVE-2023-29491. Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- .../ncurses/files/CVE-2023-29491.patch | 464 ++++++++++++++++++ .../ncurses/ncurses_6.3+20220423.bb | 1 + 2 files changed, 465 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2023-29491.patch b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch new file mode 100644 index 0000000000..0116959bbf --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch @@ -0,0 +1,464 @@ +From eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 Mon Sep 17 00:00:00 2001 +From: Thomas E. Dickey +Date: Sun, 9 Apr 2023 05:38:25 +0530 +Subject: [PATCH] Fix CVE-2023-29491 + +CVE: CVE-2023-29491 + +Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56] + +Signed-off-by: Chen Qi + +Signed-off-by: Soumya Sambu +--- + ncurses/tinfo/lib_tgoto.c | 10 +++- + ncurses/tinfo/lib_tparm.c | 116 ++++++++++++++++++++++++++++++++----- + ncurses/tinfo/read_entry.c | 3 + + progs/tic.c | 6 ++ + progs/tparm_type.c | 9 +++ + progs/tparm_type.h | 2 + + progs/tput.c | 61 ++++++++++++++++--- + 7 files changed, 185 insertions(+), 22 deletions(-) + +diff --git a/ncurses/tinfo/lib_tgoto.c b/ncurses/tinfo/lib_tgoto.c +index 9cf5e100..c50ed4df 100644 +--- a/ncurses/tinfo/lib_tgoto.c ++++ b/ncurses/tinfo/lib_tgoto.c +@@ -207,6 +207,14 @@ tgoto(const char *string, int x, int y) + result = tgoto_internal(string, x, y); + else + #endif +- result = TIPARM_2(string, y, x); ++ if ((result = TIPARM_2(string, y, x)) == NULL) { ++ /* ++ * Because termcap did not provide a more general solution such as ++ * tparm(), it was necessary to handle single-parameter capabilities ++ * using tgoto(). The internal _nc_tiparm() function returns a NULL ++ * for that case; retry for the single-parameter case. ++ */ ++ result = TIPARM_1(string, y); ++ } + returnPtr(result); + } +diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c +index d9bdfd8f..a10a3877 100644 +--- a/ncurses/tinfo/lib_tparm.c ++++ b/ncurses/tinfo/lib_tparm.c +@@ -1086,6 +1086,64 @@ tparam_internal(TPARM_STATE *tps, const char *string, TPARM_DATA *data) + return (TPS(out_buff)); + } + ++#ifdef CUR ++/* ++ * Only a few standard capabilities accept string parameters. The others that ++ * are parameterized accept only numeric parameters. ++ */ ++static bool ++check_string_caps(TPARM_DATA *data, const char *string) ++{ ++ bool result = FALSE; ++ ++#define CHECK_CAP(name) (VALID_STRING(name) && !strcmp(name, string)) ++ ++ /* ++ * Disallow string parameters unless we can check them against a terminal ++ * description. ++ */ ++ if (cur_term != NULL) { ++ int want_type = 0; ++ ++ if (CHECK_CAP(pkey_key)) ++ want_type = 2; /* function key #1, type string #2 */ ++ else if (CHECK_CAP(pkey_local)) ++ want_type = 2; /* function key #1, execute string #2 */ ++ else if (CHECK_CAP(pkey_xmit)) ++ want_type = 2; /* function key #1, transmit string #2 */ ++ else if (CHECK_CAP(plab_norm)) ++ want_type = 2; /* label #1, show string #2 */ ++ else if (CHECK_CAP(pkey_plab)) ++ want_type = 6; /* function key #1, type string #2, show string #3 */ ++#if NCURSES_XNAMES ++ else { ++ char *check; ++ ++ check = tigetstr("Cs"); ++ if (CHECK_CAP(check)) ++ want_type = 1; /* style #1 */ ++ ++ check = tigetstr("Ms"); ++ if (CHECK_CAP(check)) ++ want_type = 3; /* storage unit #1, content #2 */ ++ } ++#endif ++ ++ if (want_type == data->tparm_type) { ++ result = TRUE; ++ } else { ++ T(("unexpected string-parameter")); ++ } ++ } ++ return result; ++} ++ ++#define ValidCap() (myData.tparm_type == 0 || \ ++ check_string_caps(&myData, string)) ++#else ++#define ValidCap() 1 ++#endif ++ + #if NCURSES_TPARM_VARARGS + + NCURSES_EXPORT(char *) +@@ -1100,7 +1158,7 @@ tparm(const char *string, ...) + tps->tname = "tparm"; + #endif /* TRACE */ + +- if (tparm_setup(cur_term, string, &myData) == OK) { ++ if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) { + va_list ap; + + va_start(ap, string); +@@ -1135,7 +1193,7 @@ tparm(const char *string, + tps->tname = "tparm"; + #endif /* TRACE */ + +- if (tparm_setup(cur_term, string, &myData) == OK) { ++ if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) { + + myData.param[0] = a1; + myData.param[1] = a2; +@@ -1166,7 +1224,7 @@ tiparm(const char *string, ...) + tps->tname = "tiparm"; + #endif /* TRACE */ + +- if (tparm_setup(cur_term, string, &myData) == OK) { ++ if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) { + va_list ap; + + va_start(ap, string); +@@ -1179,7 +1237,25 @@ tiparm(const char *string, ...) + } + + /* +- * The internal-use flavor ensures that the parameters are numbers, not strings ++ * The internal-use flavor ensures that parameters are numbers, not strings. ++ * In addition to ensuring that they are numbers, it ensures that the parameter ++ * count is consistent with intended usage. ++ * ++ * Unlike the general-purpose tparm/tiparm, these internal calls are fairly ++ * well defined: ++ * ++ * expected == 0 - not applicable ++ * expected == 1 - set color, or vertical/horizontal addressing ++ * expected == 2 - cursor addressing ++ * expected == 4 - initialize color or color pair ++ * expected == 9 - set attributes ++ * ++ * Only for the last case (set attributes) should a parameter be optional. ++ * Also, a capability which calls for more parameters than expected should be ++ * ignored. ++ * ++ * Return a null if the parameter-checks fail. Otherwise, return a pointer to ++ * the formatted capability string. + */ + NCURSES_EXPORT(char *) + _nc_tiparm(int expected, const char *string, ...) +@@ -1189,22 +1265,36 @@ _nc_tiparm(int expected, const char *string, ...) + char *result = NULL; + + _nc_tparm_err = 0; ++ T((T_CALLED("_nc_tiparm(%d, %s, ...)"), expected, _nc_visbuf(string))); + #ifdef TRACE + tps->tname = "_nc_tiparm"; + #endif /* TRACE */ + +- if (tparm_setup(cur_term, string, &myData) == OK +- && myData.num_actual <= expected +- && myData.tparm_type == 0) { +- va_list ap; ++ if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) { ++ if (myData.num_actual == 0) { ++ T(("missing parameter%s, expected %s%d", ++ expected > 1 ? "s" : "", ++ expected == 9 ? "up to " : "", ++ expected)); ++ } else if (myData.num_actual > expected) { ++ T(("too many parameters, have %d, expected %d", ++ myData.num_actual, ++ expected)); ++ } else if (expected != 9 && myData.num_actual != expected) { ++ T(("expected %d parameters, have %d", ++ myData.num_actual, ++ expected)); ++ } else { ++ va_list ap; + +- va_start(ap, string); +- tparm_copy_valist(&myData, FALSE, ap); +- va_end(ap); ++ va_start(ap, string); ++ tparm_copy_valist(&myData, FALSE, ap); ++ va_end(ap); + +- result = tparam_internal(tps, string, &myData); ++ result = tparam_internal(tps, string, &myData); ++ } + } +- return result; ++ returnPtr(result); + } + + /* +diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c +index 66e3d31e..8ccb1570 100644 +--- a/ncurses/tinfo/read_entry.c ++++ b/ncurses/tinfo/read_entry.c +@@ -321,6 +321,9 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) + || bool_count < 0 + || num_count < 0 + || str_count < 0 ++ || bool_count > BOOLCOUNT ++ || num_count > NUMCOUNT ++ || str_count > STRCOUNT + || str_size < 0) { + returnDB(TGETENT_NO); + } +diff --git a/progs/tic.c b/progs/tic.c +index 152010d2..92d551c8 100644 +--- a/progs/tic.c ++++ b/progs/tic.c +@@ -2255,9 +2255,15 @@ check_1_infotocap(const char *name, NCURSES_CONST char *value, int count) + + _nc_reset_tparm(NULL); + switch (actual) { ++ case Str: ++ result = TPARM_1(value, strings[1]); ++ break; + case Num_Str: + result = TPARM_2(value, numbers[1], strings[2]); + break; ++ case Str_Str: ++ result = TPARM_2(value, strings[1], strings[2]); ++ break; + case Num_Str_Str: + result = TPARM_3(value, numbers[1], strings[2], strings[3]); + break; +diff --git a/progs/tparm_type.c b/progs/tparm_type.c +index 3da4a077..644aa62a 100644 +--- a/progs/tparm_type.c ++++ b/progs/tparm_type.c +@@ -47,6 +47,7 @@ tparm_type(const char *name) + {code, {longname} }, \ + {code, {ti} }, \ + {code, {tc} } ++#define XD(code, onlyname) TD(code, onlyname, onlyname, onlyname) + TParams result = Numbers; + /* *INDENT-OFF* */ + static const struct { +@@ -58,6 +59,10 @@ tparm_type(const char *name) + TD(Num_Str, "pkey_xmit", "pfx", "px"), + TD(Num_Str, "plab_norm", "pln", "pn"), + TD(Num_Str_Str, "pkey_plab", "pfxl", "xl"), ++#if NCURSES_XNAMES ++ XD(Str, "Cs"), ++ XD(Str_Str, "Ms"), ++#endif + }; + /* *INDENT-ON* */ + +@@ -80,12 +85,16 @@ guess_tparm_type(int nparam, char **p_is_s) + case 1: + if (!p_is_s[0]) + result = Numbers; ++ if (p_is_s[0]) ++ result = Str; + break; + case 2: + if (!p_is_s[0] && !p_is_s[1]) + result = Numbers; + if (!p_is_s[0] && p_is_s[1]) + result = Num_Str; ++ if (p_is_s[0] && p_is_s[1]) ++ result = Str_Str; + break; + case 3: + if (!p_is_s[0] && !p_is_s[1] && !p_is_s[2]) +diff --git a/progs/tparm_type.h b/progs/tparm_type.h +index 7c102a30..af5bcf0f 100644 +--- a/progs/tparm_type.h ++++ b/progs/tparm_type.h +@@ -45,8 +45,10 @@ + typedef enum { + Other = -1 + ,Numbers = 0 ++ ,Str + ,Num_Str + ,Num_Str_Str ++ ,Str_Str + } TParams; + + extern TParams tparm_type(const char *name); +diff --git a/progs/tput.c b/progs/tput.c +index 4cd0c5ba..41508b72 100644 +--- a/progs/tput.c ++++ b/progs/tput.c +@@ -1,5 +1,5 @@ + /**************************************************************************** +- * Copyright 2018-2021,2022 Thomas E. Dickey * ++ * Copyright 2018-2022,2023 Thomas E. Dickey * + * Copyright 1998-2016,2017 Free Software Foundation, Inc. * + * * + * Permission is hereby granted, free of charge, to any person obtaining a * +@@ -47,12 +47,15 @@ + #include + #include + +-MODULE_ID("$Id: tput.c,v 1.99 2022/02/26 23:19:31 tom Exp $") ++MODULE_ID("$Id: tput.c,v 1.102 2023/04/08 16:26:36 tom Exp $") + + #define PUTS(s) fputs(s, stdout) + + const char *_nc_progname = "tput"; + ++static bool opt_v = FALSE; /* quiet, do not show warnings */ ++static bool opt_x = FALSE; /* clear scrollback if possible */ ++ + static bool is_init = FALSE; + static bool is_reset = FALSE; + static bool is_clear = FALSE; +@@ -81,6 +84,7 @@ usage(const char *optstring) + KEEP(" -S << read commands from standard input") + KEEP(" -T TERM use this instead of $TERM") + KEEP(" -V print curses-version") ++ KEEP(" -v verbose, show warnings") + KEEP(" -x do not try to clear scrollback") + KEEP("") + KEEP("Commands:") +@@ -148,7 +152,7 @@ exit_code(int token, int value) + * Returns nonzero on error. + */ + static int +-tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used) ++tput_cmd(int fd, TTY * settings, int argc, char **argv, int *used) + { + NCURSES_CONST char *name; + char *s; +@@ -231,7 +235,9 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used) + } else if (VALID_STRING(s)) { + if (argc > 1) { + int k; ++ int narg; + int analyzed; ++ int provided; + int popcount; + long numbers[1 + NUM_PARM]; + char *strings[1 + NUM_PARM]; +@@ -271,14 +277,45 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used) + + popcount = 0; + _nc_reset_tparm(NULL); ++ /* ++ * Count the number of numeric parameters which are provided. ++ */ ++ provided = 0; ++ for (narg = 1; narg < argc; ++narg) { ++ char *ending = NULL; ++ long check = strtol(argv[narg], &ending, 10); ++ if (check < 0 || ending == argv[narg] || *ending != '\0') ++ break; ++ provided = narg; ++ } + switch (paramType) { ++ case Str: ++ s = TPARM_1(s, strings[1]); ++ analyzed = 1; ++ if (provided == 0 && argc >= 1) ++ provided++; ++ break; ++ case Str_Str: ++ s = TPARM_2(s, strings[1], strings[2]); ++ analyzed = 2; ++ if (provided == 0 && argc >= 1) ++ provided++; ++ if (provided == 1 && argc >= 2) ++ provided++; ++ break; + case Num_Str: + s = TPARM_2(s, numbers[1], strings[2]); + analyzed = 2; ++ if (provided == 1 && argc >= 2) ++ provided++; + break; + case Num_Str_Str: + s = TPARM_3(s, numbers[1], strings[2], strings[3]); + analyzed = 3; ++ if (provided == 1 && argc >= 2) ++ provided++; ++ if (provided == 2 && argc >= 3) ++ provided++; + break; + case Numbers: + analyzed = _nc_tparm_analyze(NULL, s, p_is_s, &popcount); +@@ -316,7 +353,13 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used) + if (analyzed < popcount) { + analyzed = popcount; + } +- *used += analyzed; ++ if (opt_v && (analyzed != provided)) { ++ fprintf(stderr, "%s: %s parameters for \"%s\"\n", ++ _nc_progname, ++ (analyzed < provided ? "extra" : "missing"), ++ argv[0]); ++ } ++ *used += provided; + } + + /* use putp() in order to perform padding */ +@@ -339,7 +382,6 @@ main(int argc, char **argv) + int used; + TTY old_settings; + TTY tty_settings; +- bool opt_x = FALSE; /* clear scrollback if possible */ + bool is_alias; + bool need_tty; + +@@ -348,7 +390,7 @@ main(int argc, char **argv) + + term = getenv("TERM"); + +- while ((c = getopt(argc, argv, is_alias ? "T:Vx" : "ST:Vx")) != -1) { ++ while ((c = getopt(argc, argv, is_alias ? "T:Vvx" : "ST:Vvx")) != -1) { + switch (c) { + case 'S': + cmdline = FALSE; +@@ -361,6 +403,9 @@ main(int argc, char **argv) + case 'V': + puts(curses_version()); + ExitProgram(EXIT_SUCCESS); ++ case 'v': /* verbose */ ++ opt_v = TRUE; ++ break; + case 'x': /* do not try to clear scrollback */ + opt_x = TRUE; + break; +@@ -404,7 +449,7 @@ main(int argc, char **argv) + usage(NULL); + while (argc > 0) { + tty_settings = old_settings; +- code = tput_cmd(fd, &tty_settings, opt_x, argc, argv, &used); ++ code = tput_cmd(fd, &tty_settings, argc, argv, &used); + if (code != 0) + break; + argc -= used; +@@ -439,7 +484,7 @@ main(int argc, char **argv) + while (argnum > 0) { + int code; + tty_settings = old_settings; +- code = tput_cmd(fd, &tty_settings, opt_x, argnum, argnow, &used); ++ code = tput_cmd(fd, &tty_settings, argnum, argnow, &used); + if (code != 0) { + if (result == 0) + result = ErrSystem(0); /* will return value >4 */ +-- +2.40.0 + diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb index f67a3f5bf4..a34a7bdfdc 100644 --- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb @@ -3,6 +3,7 @@ require ncurses.inc SRC_URI += "file://0001-tic-hang.patch \ file://0002-configure-reproducible.patch \ file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ + file://CVE-2023-29491.patch \ " # commit id corresponds to the revision in package version SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260" From patchwork Wed Sep 6 12:48:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30097 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 632AFEB8FC8 for ; Wed, 6 Sep 2023 12:48:42 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web10.7686.1694004521539950947 for ; Wed, 06 Sep 2023 05:48:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=D7AOtGx8; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-56b2e689968so2024454a12.0 for ; Wed, 06 Sep 2023 05:48:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004520; x=1694609320; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HbcrS/mwo2Uc39q6vncKJQQdupiRUFyKq/ytjFifDj8=; b=D7AOtGx8ZsWQWU9Qbc/YLVXCDejfZ6w44/9E0eaq4ocCnJR9p8l3knhPgtx8ww7E9/ /ugInl6su9wkq+dR+1Jgmsu3fSxaW6qZ7hTOXI84+xh3Cvogr8iK6UVr4oGUxG3IACHN QI+nnfHtJ4b9+0ccVWnoQ71IdPUo4Nvsn/nwjvQy3Z1Dho0JET1z5mpEcKf3AYr3C4ur aH9uutLkK7AbKzOCE+GznghyiHRSAGLfFwvvSEcTjSYNdtN/TUJ+pKNM/Dj3VxM1Ecue cH4ecybT1/J7ra1BcK6MdSemPV3fYVSCmQkZC+mCgNOm+NyZNv3qJAobJyaAkf8TtJ3T VRvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004520; x=1694609320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HbcrS/mwo2Uc39q6vncKJQQdupiRUFyKq/ytjFifDj8=; b=AxxHj5rITF+8/ghpA/4f3oEj00w/4dBtSOd/3wtxDjJSXonF3DocmKAev/AVwkYzOl aOG/TUp1uKLS2QYmJEi7VqDYMCmC7v/d7sd+wdNzdPCFdfzGPoErJH9RexkCvrcbplYQ ySnSsODnEQFj2N73AyZIwdV9tcziKjlh8HWJPOLhf9nYjlA2zIVfDqkBDWz5Ax76pQOZ AZpvG5MY93zkXNn5XJ2L30QcUZ9NZQ4F+wqgL5aGDRW3pba6A+wgTFdG9SHvWMHvq/AX BGpLYqeLu7W5u5jeDqJRUj8X4xxfhKNLy+vOyaZLSW49qYfRzQvopUV1Y1dt+lfzouPG W6oA== X-Gm-Message-State: AOJu0YzK0+Kv7gcLaa9mOac6+SLaMkw7oxkai02g+A+EKC66/Q1UMttg cKnJ9uoRD7zdufEi5sKKoIX+9DIs/DhHXDJH4Is= X-Google-Smtp-Source: AGHT+IHGCA1bqoXrDOdVGCgGMLVhqO+QnkCa6LlxjLBMRHSMxoTtdOChCnCvcSLJic7AvbvaOEO+nA== X-Received: by 2002:a17:90a:6649:b0:259:10a8:2389 with SMTP id f9-20020a17090a664900b0025910a82389mr11488939pjm.35.1694004520542; Wed, 06 Sep 2023 05:48:40 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/14] busybox: fix CVE-2022-48174 Date: Wed, 6 Sep 2023 02:48:13 -1000 Message-Id: <56b90b5f2da661bfac3f2d751fc09e918429ec87.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187302 From: Meenali Gupta There is a stack overflow vulnerability in ash.c:6030 in busybox vbefore 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Signed-off-by: Meenali Gupta Signed-off-by: Steve Sakoman --- .../busybox/busybox/CVE-2022-48174.patch | 80 +++++++++++++++++++ meta/recipes-core/busybox/busybox_1.35.0.bb | 1 + 2 files changed, 81 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-48174.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch new file mode 100644 index 0000000000..dd0ea19f02 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch @@ -0,0 +1,80 @@ +From cf5d0889262e1b04ec2aa4caff2f5da2d602c665 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Mon, 12 Jun 2023 17:48:47 +0200 +Subject: [PATCH] busybox: shell: avoid segfault on ${0::0/0~09J}. Closes 15216 +function old new delta evaluate_string 1011 1053 +42 + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209] +CVE: CVE-2022-48174 + +Signed-off-by: Meenali Gupta +--- + shell/math.c | 39 +++++++++++++++++++++++++++++++++++---- + 1 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/shell/math.c b/shell/math.c +index 76d22c9..727c294 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr) + # endif + #endif + ++//TODO: much better estimation than expr_len/2? Such as: ++//static unsigned estimate_nums_and_names(const char *expr) ++//{ ++// unsigned count = 0; ++// while (*(expr = skip_whitespace(expr)) != '\0') { ++// const char *p; ++// if (isdigit(*expr)) { ++// while (isdigit(*++expr)) ++// continue; ++// count++; ++// continue; ++// } ++// p = endofname(expr); ++// if (p != expr) { ++// expr = p; ++// count++; ++// continue; ++// } ++// } ++// return count; ++//} ++ + static arith_t + evaluate_string(arith_state_t *math_state, const char *expr) + { +@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr) + const char *errmsg; + const char *start_expr = expr = skip_whitespace(expr); + unsigned expr_len = strlen(expr) + 2; +- /* Stack of integers */ +- /* The proof that there can be no more than strlen(startbuf)/2+1 +- * integers in any given correct or incorrect expression +- * is left as an exercise to the reader. */ ++ /* Stack of integers/names */ ++ /* There can be no more than strlen(startbuf)/2+1 ++ * integers/names in any given correct or incorrect expression. ++ * (modulo "09v09v09v09v09v" case, ++ * but we have code to detect that early) ++ */ + var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ +@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr) + numstackptr->var = NULL; + errno = 0; + numstackptr->val = strto_arith_t(expr, (char**) &expr); ++ /* A number can't be followed by another number, or a variable name. ++ * We'd catch this later anyway, but this would require numstack[] ++ * to be twice as deep to handle strings where _every_ char is ++ * a new number or name. Example: 09v09v09v09v09v09v09v09v09v ++ */ ++ if (isalnum(*expr) || *expr == '_') ++ goto err; + //bb_error_msg("val:%lld", numstackptr->val); + if (errno) + numstackptr->val = 0; /* bash compat */ +-- +2.40.0 diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb index e9ca6fdb1a..07a5137d2a 100644 --- a/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/meta/recipes-core/busybox/busybox_1.35.0.bb @@ -51,6 +51,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ file://CVE-2022-30065.patch \ file://0001-devmem-add-128-bit-width.patch \ + file://CVE-2022-48174.patch \ " SRC_URI:append:libc-musl = " file://musl.cfg " From patchwork Wed Sep 6 12:48:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30103 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 683CCEB8FC6 for ; Wed, 6 Sep 2023 12:48:52 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web10.7688.1694004523249207616 for ; Wed, 06 Sep 2023 05:48:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TBegSGSW; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1bdbf10333bso28353015ad.1 for ; Wed, 06 Sep 2023 05:48:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004522; x=1694609322; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DLrNyeroIPqi3KD61BRFY8WqL1PbUMYKdvP2jWqyqmM=; b=TBegSGSW//ErxO8tiQz9QGsEyo7o0MI3BdGbSGrVZrWxt1oGOnNhtqKsiVNr4oKFE7 Q14DADFo7vtNQpJmdglXV+8RuM4EJOhHzGoZYWFWDWzDwlf0l6oDzImHx1T36qG5m+di 6RkZU+UTBM/XycHSGktOH1JJ2FqEAy2JoLeICZLwLZWU63kkZ66vWyHaTrR8olGmKUAr cHlWCQX7i618sTKw3H5C7wEzk2TkpU8eJQ5j6JpUPmDZYAqTLKMJ+bE3WF/tE5K/OLkn rxinz18yjqFoOOsIv5MNedzUdZuGRVZWOup7aHy67M8q43JsTWjKiqmF9ABh1teTFnNE iW3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004522; x=1694609322; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DLrNyeroIPqi3KD61BRFY8WqL1PbUMYKdvP2jWqyqmM=; b=O3OuhWN4ELFsKv3buUcD5Io6V05amloJ5KAYOCd1+hM4cs9vM9UCVHWmq7GF1/oN10 KHPmqBwvv3rUKELGP8uB66wzDucrxOl7k3csXSJrg3/EE7zxV5h9+QjNPgF1jbP/XVgG egHYgJUPia/dGBR8UVfFW+rHYgP2z75ofXmgJjRAwmOc6HVBUxXh0H3ZhgVWf1s4XMJi PtS0H2dTOuuPCR5kOuowzjYHUrx8qYdPa7KAld60neUu4x5SwA7Grp8kiF3PkTYe3bBj DO41xSc33wD8ugJfYnZQ7auEg3xk7qiWrsth/D3tGDLgyTg/j0c3FdNeymfSZj9OMLZR DeFQ== X-Gm-Message-State: AOJu0YzttvYbYY5eTGhOVfzRIAj+PqxdsR/LJWiWI5DCnhqgNiI8QJrq rtjNsIEkeYe/sKKJ2eFDj4BRq4GQ8pS2cOnQ8GA= X-Google-Smtp-Source: AGHT+IET264M94CcCkVXkm7YohUBI7eDDDxjg7g7/ZSL5mub2ge+HH7Po0XAOOpe44us+BG8oynX3g== X-Received: by 2002:a17:90b:17cd:b0:26f:6400:d699 with SMTP id me13-20020a17090b17cd00b0026f6400d699mr14533434pjb.42.1694004522221; Wed, 06 Sep 2023 05:48:42 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:41 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/14] webkitgtk: fix CVE-2023-23529 Date: Wed, 6 Sep 2023 02:48:14 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187303 From: Kai Kang Backport and rebase patch to fix CVE-2023-23529. CVE: CVE-2023-23529 Signed-off-by: Kai Kang Signed-off-by: Steve Sakoman --- .../webkit/webkitgtk/CVE-2023-23529.patch | 65 +++++++++++++++++++ meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch new file mode 100644 index 0000000000..f2e9808ab4 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch @@ -0,0 +1,65 @@ +CVE: CVE-2023-23529 +Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/6cc943c] + +With the help from webkit maillist, backport and rebase patch to fix +CVE-2023-23529. + +https://lists.webkit.org/pipermail/webkit-gtk/2023-August/003931.html + +Signed-off-by: Kai Kang + +From 6cc943c3323a1a1368934c812e5e8ec08f54dcd4 Mon Sep 17 00:00:00 2001 +From: Yusuke Suzuki +Date: Fri, 17 Feb 2023 10:39:19 -0800 +Subject: [PATCH] Cherry-pick 259548.63@safari-7615-branch (1b2eb138ef92). + rdar://105598149 + + [JSC] ToThis object folding should check if AbstractValue is always an object + https://bugs.webkit.org/show_bug.cgi?id=251944 + rdar://105175786 + + Reviewed by Geoffrey Garen and Mark Lam. + + ToThis can become Identity for strict mode if it is just primitive values or its object does not have toThis function overriding. + This is correct, but folding ToThis to Undefined etc. (not Identity) needs to check that an input only contains objects. + This patch adds appropriate checks to prevent from converting ToThis(GlobalObject | Int32) to Undefined for example. + + * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h: + (JSC::DFG::isToThisAnIdentity): + + Canonical link: https://commits.webkit.org/259548.63@safari-7615-branch + +Canonical link: https://commits.webkit.org/260455@main +--- + .../JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h +index 928328ffab826..82481455e651d 100644 +--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h ++++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h +@@ -209,7 +209,8 @@ inline ToThisResult isToThisAnIdentity(VM& vm, ECMAMode ecmaMode, AbstractValue& + } + } + +- if ((ecmaMode.isStrict() || (valueForNode.m_type && !(valueForNode.m_type & ~SpecObject))) && valueForNode.m_structure.isFinite()) { ++ bool onlyObjects = valueForNode.m_type && !(valueForNode.m_type & ~SpecObject); ++ if ((ecmaMode.isStrict() || onlyObjects) && valueForNode.m_structure.isFinite()) { + bool allStructuresAreJSScope = !valueForNode.m_structure.isClear(); + bool overridesToThis = false; + valueForNode.m_structure.forEach([&](RegisteredStructure structure) { +@@ -226,9 +227,13 @@ inline ToThisResult isToThisAnIdentity(VM& vm, ECMAMode ecmaMode, AbstractValue& + // If all the structures are JSScope's ones, we know the details of JSScope::toThis() operation. + allStructuresAreJSScope &= structure->classInfo()->methodTable.toThis == JSScope::info()->methodTable.toThis; + }); ++ ++ // This is correct for strict mode even if this can have non objects, since the right semantics is Identity. + if (!overridesToThis) + return ToThisResult::Identity; +- if (allStructuresAreJSScope) { ++ ++ // But this folding is available only if input is always an object. ++ if (onlyObjects && allStructuresAreJSScope) { + if (ecmaMode.isStrict()) + return ToThisResult::Undefined; + return ToThisResult::GlobalThis; diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb index edd64b7b11..20f475bebd 100644 --- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb +++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb @@ -21,6 +21,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \ file://CVE-2022-46699.patch \ file://CVE-2022-42867.patch \ file://CVE-2022-46700.patch \ + file://CVE-2023-23529.patch \ " SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437" From patchwork Wed Sep 6 12:48:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30100 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68414EB8FC7 for ; Wed, 6 Sep 2023 12:48:52 +0000 (UTC) Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by mx.groups.io with SMTP id smtpd.web11.7471.1694004524833577668 for ; Wed, 06 Sep 2023 05:48:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ozQKn0oN; spf=softfail (domain: sakoman.com, ip: 209.85.216.47, mailfrom: steve@sakoman.com) Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-269304c135aso2535465a91.3 for ; Wed, 06 Sep 2023 05:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004524; x=1694609324; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PuySdMYXD3bxekEucAQ9gqAvKWUolmqMEB7eH5A5ejs=; b=ozQKn0oNnu/2COFBwvnCgK6egnYDYtogCRyQdTJMS6QghKIHz+eyRAiLRWHRB5y4xQ 22CD2VyzByCU1bU+kmAUzLOjG4Z1a7Ispj/ZVrKLw8e6KvNXN+kh5GZ669EGAYmLJCj0 ei3/bQWHCudglPZjA4mAwHi6DSU06A4UMwr8lbssiymIlSU1Po00pXL/DO+UmNfNgf/V 6mRXv2rZcOPiLdDnqHVPw10hx0KO7eqyqjlgPivrdxdrlNb5valPZnWa4LufxJERj+BH NJjbcGruHvoP5KVaOQdXhBx4fEy1AcacrO6FXTFF/+d9Jl0A4jUJlEff+6ybLH+fuN9e /A8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004524; x=1694609324; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PuySdMYXD3bxekEucAQ9gqAvKWUolmqMEB7eH5A5ejs=; b=aVa8Xh7THUxlVU1HS5S3okRhgc6dWVhCjLjR8i1XwW83ccFXMbQLsvzM29JjudyOIE ukU5n/rItFMMHhU19atoW6ozsDxJA4xswbA+7L28GxZ4G4p0reRNWOwHnU5JKddJiCkB Y2RnZbnLzguW2xxaZm/9wg/58Y5spu8DUTcuqYLbOzjQDMWy+dR3lQ8nf0SBtpBJIJD/ 0C337WBdc3hR9QZxPst8eRgpfpWD/xTu4gfCOHJggkXido04Dlx0NfnpREiW2auDcwiA pGYdoI916aFp/oJntg873xFEpoEPf6dLrkvYzqO3+2+hOm5Ju+fsIXKH0WwGlFLwuTSl zxCw== X-Gm-Message-State: AOJu0Ywszp4AFPdm6g1XZAw2iarYMaO8I0JIZ8EQTI2DSy53eSAZOfMK d3W70BW6UHYer04aA5P6ubU4DV2vYMlaE1OpseA= X-Google-Smtp-Source: AGHT+IHf5BHlRjSl2zQk7hoiS9KlrmSBJMQ4gEzuqRDZ7sn/lsVLYXNRKA5uG2pYtz3jvMGfZdHAeQ== X-Received: by 2002:a17:90a:784e:b0:268:1e51:3496 with SMTP id y14-20020a17090a784e00b002681e513496mr15267238pjl.21.1694004523947; Wed, 06 Sep 2023 05:48:43 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:43 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/14] libssh2: fix CVE-2020-22218 Date: Wed, 6 Sep 2023 02:48:15 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187304 From: Chee Yang Lee Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- .../libssh2/libssh2/CVE-2020-22218.patch | 34 +++++++++++++++++++ .../recipes-support/libssh2/libssh2_1.10.0.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch new file mode 100644 index 0000000000..066233fcae --- /dev/null +++ b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch @@ -0,0 +1,34 @@ +CVE: CVE-2020-22218 +Upstream-Status: Backport [ https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 ] +Signed-off-by: Lee Chee Yang + + +From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001 +From: lutianxiong +Date: Fri, 29 May 2020 01:25:40 +0800 +Subject: [PATCH] transport.c: fix use-of-uninitialized-value (#476) + +file:transport.c + +notes: +return error if malloc(0) + +credit: +lutianxiong +--- + src/transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/transport.c b/src/transport.c +index 96fca6b8cc..adf96c2437 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) + /* Get a packet handle put data into. We get one to + hold all data, including padding and MAC. */ + p->payload = LIBSSH2_ALLOC(session, total_num); +- if(!p->payload) { ++ if(total_num == 0 || !p->payload) { + return LIBSSH2_ERROR_ALLOC; + } + p->total_num = total_num; diff --git a/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/meta/recipes-support/libssh2/libssh2_1.10.0.bb index d5513373b0..8483a292c2 100644 --- a/meta/recipes-support/libssh2/libssh2_1.10.0.bb +++ b/meta/recipes-support/libssh2/libssh2_1.10.0.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://fix-ssh2-test.patch \ file://run-ptest \ + file://CVE-2020-22218.patch \ " SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51" From patchwork Wed Sep 6 12:48:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30101 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75266EB8FCB for ; Wed, 6 Sep 2023 12:48:52 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web11.7473.1694004526793048909 for ; Wed, 06 Sep 2023 05:48:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ermLrpR5; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-51b4ef5378bso2701337a12.1 for ; Wed, 06 Sep 2023 05:48:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004526; x=1694609326; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=STEgofbZAG/ifb84uV+OUEzNkEcqDjiOyuy/e9qdUf8=; b=ermLrpR5UhTmamp/2Cqsus10p9rkXA6fdWtKlPIWG6yaMmqZNNBf2tbE0uFU+taG97 i5ZWoUCS6ZuZxiyfHzTv3wF5F5PMJoQkPeg4+fz3LBTQvL6iAP7a3KhSrb6DH2Wr55/u 9KoPM5BnRcPBBrBoqloIXPaY7Bqk90TaP5GhXtu/Gmnm5GGtRgqEEYQVlB/+qu2qcLI7 obvttCkFaLSwnckrTezW5PYs0/J/oi334hiU/bEf/Duq/VTwguk1HVpQ0cyIIknygS4N OMq67X1beWJ59vH+lrUrhQ5t5aE/MC3c+3k6iTNUVeqDK2okHIgMAhONr/bltFe9+LnZ YIvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004526; x=1694609326; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=STEgofbZAG/ifb84uV+OUEzNkEcqDjiOyuy/e9qdUf8=; b=OkGtz7v0ljenM9nwtOYODYSdPkDkqjhIX7nPd8ztqdiFKn1QwOvyxldY80RsQYwE15 wr1aWjXAbAvMiGEuULkqxN2IfxS9w70d5U6h2Mp13vYII1shfhHwC+hwd1HMVEA6GsLX jrbpyKkDAa0lhyKiCuTnQW3mHlgefep9bThmKqSo3BymNtPqi+q/XlgGs7MqW3YEQoBI hkqWZuSZPCsNPIpv+pcyK6ElU0FR2Kv6TH7d9fd4p06Wv8/DZ7NXxOs9SvplqRlxb6Ai WvwlYJ1iGgQlMrFaafpW88lNRC2xW8/79+zF8dCSDm7m+1b1myALl6Xj7KaWZO+zqfBX HpMg== X-Gm-Message-State: AOJu0YwSxsbeEvLwfkTeCVtVw6cw/rJ3gd5Vcf4niU2d/d38mIjDrTMt 89qcoGjElSwCPkKg71TRJy8Z0O8OGpYmOGj1Uao= X-Google-Smtp-Source: AGHT+IH9BIOKhWqD3kobbk3Bj/DOur/SrCyP0m+nFnBIOcoYaizW6dIN7vWoWKilrgyO6uMelBaWTw== X-Received: by 2002:a17:90a:6e45:b0:263:2335:594e with SMTP id s5-20020a17090a6e4500b002632335594emr15481433pjm.38.1694004525893; Wed, 06 Sep 2023 05:48:45 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/14] file: fix CVE-2022-48554 Date: Wed, 6 Sep 2023 02:48:16 -1000 Message-Id: <20b5ead99d4904e70ea22f573bfefec8c6e862a2.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187305 From: Chee Yang Lee ignore changes to FILE_RCSID part. Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- .../file/file/CVE-2022-48554.patch | 35 +++++++++++++++++++ meta/recipes-devtools/file/file_5.41.bb | 4 ++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/file/file/CVE-2022-48554.patch diff --git a/meta/recipes-devtools/file/file/CVE-2022-48554.patch b/meta/recipes-devtools/file/file/CVE-2022-48554.patch new file mode 100644 index 0000000000..c285bd2c23 --- /dev/null +++ b/meta/recipes-devtools/file/file/CVE-2022-48554.patch @@ -0,0 +1,35 @@ +CVE: CVE-2022-48554 +Upstream-Status: Backport [ https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ] +Signed-off-by: Lee Chee Yang + +From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 14 Feb 2022 16:26:10 +0000 +Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it + will try to scan the source string to find out how much space is needed the + source string might not be NUL terminated. + +--- + src/funcs.c | 11 +++++++---- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/funcs.c b/src/funcs.c +index 89e1da597..dcfd352d2 100644 +--- a/src/funcs.c ++++ b/src/funcs.c +@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 christos Exp $") + protected char * + file_copystr(char *buf, size_t blen, size_t width, const char *str) + { +- if (++width > blen) +- width = blen; +- strlcpy(buf, str, width); ++ if (blen == 0) ++ return buf; ++ if (width >= blen) ++ width = blen - 1; ++ memcpy(buf, str, width); ++ buf[width] = '\0'; + return buf; + } + diff --git a/meta/recipes-devtools/file/file_5.41.bb b/meta/recipes-devtools/file/file_5.41.bb index 653887e97a..6fd4f2c746 100644 --- a/meta/recipes-devtools/file/file_5.41.bb +++ b/meta/recipes-devtools/file/file_5.41.bb @@ -11,7 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd DEPENDS = "file-replacement-native" DEPENDS:class-native = "bzip2-replacement-native" -SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https" +SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \ + file://CVE-2022-48554.patch \ +" SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1" S = "${WORKDIR}/git" From patchwork Wed Sep 6 12:48:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30102 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75073EB8FCA for ; Wed, 6 Sep 2023 12:48:52 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web11.7474.1694004528753981181 for ; Wed, 06 Sep 2023 05:48:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=NLpQbGC4; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1c1ff5b741cso28224765ad.2 for ; Wed, 06 Sep 2023 05:48:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004528; x=1694609328; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MuhZhSZyoTy/OotBaoOoUTFJd+juR6EFOGJWKH64Rvg=; b=NLpQbGC41BUnvgbZja3GrLky2gzYoQi26g3cH2E/4rUS+ZiQCeyBW3cWCpb0vQhvZ4 JZE/SUuUE2RLXi3hHasxYpufHJeSRE9M8IEEoYVVwbL01XRTSePHhGxpZKeKMwvTfh38 DlUf7GJe4VaStPOMBN8ZmyQRkmEFJ+NOmyaZBXzLpBg2BOYkPUfqYmWdAYaBeONdWjHY PnaS5t+82WWxDgClJW3q45QIOSwIaypOmQzW7ZWGXlh/4QJE600e2cuJ3be4AwM3G/Qf hgMdkRjshDFUoJOZX8VQ/rVYHg3o6fNjZxyTxgKAth9A16dmUBU1T69AtmD1b6Wf/4tZ FFMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004528; x=1694609328; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MuhZhSZyoTy/OotBaoOoUTFJd+juR6EFOGJWKH64Rvg=; b=CnLwppigyLXl63NvPdWvmMI3rFQLR8U8s44R95jKNvHlkmBLHIfTWhQLa2vxXkTlXF 1ZBG6UFThMXfCb6NxA6Hei7ww6bCbUJFZ/jY/5J4aem0QIbrZFZWawlSZhVfaIkGqJ+0 OGshcK+rSx3Q4PgviHmR+46ZDy9BJWqTGJXXd6Erj47sQxxbYxQmuUv1/evAQM/v6AgY WyIzWTzrTk/W/cKtq3kqn6MyNz/24oOknMgzIuIoG5JurnPuGfvTVRqGWCl8AvvfrUl6 OcbcxU62uTCbOYc5qg+B6kCYHkOLh6eUE5cck4P//mW81WPIxvl6iP1hcmCQLWZoD3Qy qb5g== X-Gm-Message-State: AOJu0YwHBfN7eTPZKBiGqJDkk1NtTQnleKF1RrrE/lLTN6k//gZ/Avwn PCFa4VThUhcsx6Z2n7b5JaMWtUMgfov9URwprls= X-Google-Smtp-Source: AGHT+IE8vSMlyUAHA8Au5LY2xL3ojaPOTYteZiBU8esNJcKXNoJBT4ofkbhEYa439lIz1VsQw8Ws8w== X-Received: by 2002:a17:90a:c095:b0:26b:c5b:bb44 with SMTP id o21-20020a17090ac09500b0026b0c5bbb44mr14749457pjs.13.1694004527790; Wed, 06 Sep 2023 05:48:47 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/14] nasm: fix CVE-2020-21528 Date: Wed, 6 Sep 2023 02:48:17 -1000 Message-Id: <87c4ec2d73ac2e52005e16e38a9a12affb8d51bd.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187306 From: Archana Polampalli A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. References: https://nvd.nist.gov/vuln/detail/CVE-2020-21528 Upstream patches: https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../nasm/nasm/CVE-2020-21528.patch | 47 +++++++++++++++++++ meta/recipes-devtools/nasm/nasm_2.15.05.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch b/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch new file mode 100644 index 0000000000..2303744540 --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch @@ -0,0 +1,47 @@ +From 93c774d482694643cafbc82578ac8b729fb5bc8b Mon Sep 17 00:00:00 2001 +From: Cyrill Gorcunov +Date: Wed, 4 Nov 2020 13:08:06 +0300 +Subject: [PATCH] BR3392637: output/outieee: Fix nil dereference + +The handling been broken in commit 98578071. + +Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b] + +CVE: CVE-2020-21528 + +Signed-off-by: Cyrill Gorcunov +Signed-off-by: Archana Polampalli +--- + output/outieee.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/output/outieee.c b/output/outieee.c +index bff2f085..b3ccc5f6 100644 +--- a/output/outieee.c ++++ b/output/outieee.c +@@ -795,6 +795,23 @@ static int32_t ieee_segment(char *name, int *bits) + define_label(name, seg->index + 1, 0L, false); + ieee_seg_needs_update = NULL; + ++ /* ++ * In commit 98578071b9d71ecaa2344dd9c185237c1765041e ++ * we reworked labels significantly which in turn lead ++ * to the case where seg->name = NULL here and we get ++ * nil dereference in next segments definitions. ++ * ++ * Lets placate this case with explicit name setting ++ * if labels engine didn't set it yet. ++ * ++ * FIXME: Need to revisit this moment if such fix doesn't ++ * break anything but since IEEE 695 format is veeery ++ * old I don't expect there are many users left. In worst ++ * case this should only lead to a memory leak. ++ */ ++ if (!seg->name) ++ seg->name = nasm_strdup(name); ++ + if (seg->use32) + *bits = 32; + else +-- +2.40.0 diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/meta/recipes-devtools/nasm/nasm_2.15.05.bb index bcb7e071d6..aba061f56f 100644 --- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb +++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb @@ -10,6 +10,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ file://0002-Add-debug-prefix-map-option.patch \ file://CVE-2022-44370.patch \ file://CVE-2022-46457.patch \ + file://CVE-2020-21528.patch \ " SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0" From patchwork Wed Sep 6 12:48:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30104 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83264EB8FCD for ; Wed, 6 Sep 2023 12:48:52 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.7698.1694004530723811755 for ; Wed, 06 Sep 2023 05:48:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=knvwj9Bb; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1c06f6f98c0so28422725ad.3 for ; Wed, 06 Sep 2023 05:48:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004530; x=1694609330; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f8kk28tD3z5Uft0SDauK1drvzexz0cR5JeNYV9LpIgk=; b=knvwj9BbykKO2+o7axhsL0aAp7dCMNnr9gB20xer5yOgmdvyJMfPYh0m/kMYfzh12Q aSEqfDQcrqzB14meo9uVOhKV0ZmcQwXhtXSkl++t+kcXwHryr0TaxjJmdKxau44tmtkP nsmamAdDa6wqeZbPlsPb93GKK9Ir6PZc2Bfck6nQ221mwPgbQ3vRnT9jkcKGxMMVTc4Q Xb+y6yJ+qnsaKOs9PnGNpgBeK+kty3Rd1YVxOsVIWUH65vfEmkumGn+e+KGE6k8MmQRx xW0XvS7F+hw94CCCEngkt81G2q9a6RkFmtRKb/sQCuoVHu9iS0IuOxr6sWKnyN24xZJM 3ALA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004530; x=1694609330; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f8kk28tD3z5Uft0SDauK1drvzexz0cR5JeNYV9LpIgk=; b=lBhmyhr1zK2eCim/OWneSqmosAofmvsPlplQMOKfCEmtTw5Q992WylPvvkTSskHRE1 b414uZUrJzVRuN2sET0+ZVrlsyGYm3N3++sVUZUUcXBLCBNkVuCsP5l1Em0yFdCQHndb G1JG0B0L+0oYgy+rUcP3lvIxRLGa3Q0Ddy7z/cJRyTvogiqzdeXiqriYEG/JV65BKc1O QaxBhe5f4po1gAWBDt2NwgHJ0FdI3Jo7xStbFy7Qz3kMFKDBS5d2BfGOt5KVtDFlqYsL HgF0owOOQrmvmXqQUaG3YjSo+ekKBrR6eS3DvLJRqJTXCC3Q9RSxtateJSXSp25aSx0Y RWcA== X-Gm-Message-State: AOJu0YzRc9fSUV2jPqQToDJyAldDIpAy+wYM/83NzMKlitBcuu4poFHb lifJz4XzI4Greq1R1g+Y4mNsdCPUImUDbvlOuAc= X-Google-Smtp-Source: AGHT+IFnpqITbuzI4PD8MY7cJRoJNlI1j2SmFBNV2rayp0djuTZG85YmOv7Qf530kMYlGGZWoUIoKQ== X-Received: by 2002:a17:90b:1a8b:b0:25b:c454:a366 with SMTP id ng11-20020a17090b1a8b00b0025bc454a366mr15779445pjb.5.1694004529791; Wed, 06 Sep 2023 05:48:49 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:49 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/14] python3: upgrade to 3.10.13 Date: Wed, 6 Sep 2023 02:48:18 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:48:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187307 From: Chee Yang Lee Release date: 2023-08-24 Security gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. Library gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. Tools/Demos gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. C API gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set. Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- .../python/{python3_3.10.12.bb => python3_3.10.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3_3.10.12.bb => python3_3.10.13.bb} (99%) diff --git a/meta/recipes-devtools/python/python3_3.10.12.bb b/meta/recipes-devtools/python/python3_3.10.13.bb similarity index 99% rename from meta/recipes-devtools/python/python3_3.10.12.bb rename to meta/recipes-devtools/python/python3_3.10.13.bb index 74f1defc95..ba53a09ef5 100644 --- a/meta/recipes-devtools/python/python3_3.10.12.bb +++ b/meta/recipes-devtools/python/python3_3.10.13.bb @@ -43,7 +43,7 @@ SRC_URI:append:class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8" +SRC_URI[sha256sum] = "5c88848668640d3e152b35b4536ef1c23b2ca4bd2c957ef1ecbb053f571dd3f6" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Wed Sep 6 12:48:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30106 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A7C3EB8FC0 for ; Wed, 6 Sep 2023 12:49:02 +0000 (UTC) Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web11.7475.1694004533076646549 for ; Wed, 06 Sep 2023 05:48:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LIFBDACx; spf=softfail (domain: sakoman.com, ip: 209.85.216.48, mailfrom: steve@sakoman.com) Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-271c700efb2so2055572a91.0 for ; Wed, 06 Sep 2023 05:48:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004532; x=1694609332; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BqYWDq8lRFdOaKK9VpOz2x0LTf2pGn7d9zkgNrzid28=; b=LIFBDACxTSDq4IvwurRbm/h9sb0XcG/Hgqju2pLgSVQcAxQ+AlsZsrGE7nUlVmeaAY 1V+KmXaRLWx1RtbZ0yszyz6OeXguhcRe8y8D1xTBtPx+7FcYxofQgoOQZHXMMHziY0v/ NSPOQgvaVG3LV0RK7Sx7SwGDW58yZE0tA3C0QnkiJ+G+63t9peud8r0NhnGc7y2VFqZd MM6VdzY/ZttuBAs+UOwIhQ3Cbt3IncgwRadc6yhnhZlaKAVbd0lDcSwzdZ7Nocv3r8mN SFIL3louU2VdgPU85PeIEgodHcPtNXfrZgXaXtnN4xzbt58EXhLR+Ujx020MUnJ2TsVD 993Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004532; x=1694609332; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BqYWDq8lRFdOaKK9VpOz2x0LTf2pGn7d9zkgNrzid28=; b=CMdOuk81M/+fFEEkqN7sXbVBkNdz0p5GWVig8gwxZ1BHUJvoIzBfJi7KLFohtTNY78 ZKnY7Ujj5iXytGqrvJSVuj1ZcjLezAgoqHZlfx6KrRryQ4SJs6q88KBWSyIYYpsLcBkC awOIQqLW5b562VOnCmHcpsSheTCZaRTMrcGgRIzmlTd070/rTpi57F40OENtgYNe0LwB vxTMLrWYWuOY38rPiDMLIsSZA1g1046v2jtGwvzTNt9fb6HDUzStcroZmtGOnPH305vR 4OtoqLlGgPwl2GxRaCqlPGrM5M4k9kPakSdPQ2ftF16qVXkIvsopHp/2EGHJX0frYRHx eo6g== X-Gm-Message-State: AOJu0YwXI5JHmFFUIAM7diwdKQ7XBcCyX0ayMvDT9i9fbaIQ2Kdc1tdG A3fzp90qRSAXXwJVe9LTDH4bFODwbkGgRHKNEB8= X-Google-Smtp-Source: AGHT+IGUewi11ais4kcmVx6EQH3uagOkjQmMlid1EukiZhUche2D6ln9ZWK0/RMN0ToQEhQ+hdm2yA== X-Received: by 2002:a17:90a:4007:b0:26f:91b9:572f with SMTP id u7-20020a17090a400700b0026f91b9572fmr12603465pjc.43.1694004531464; Wed, 06 Sep 2023 05:48:51 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:51 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/14] efivar: backport 5 patches to fix build with gold Date: Wed, 6 Sep 2023 02:48:19 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:49:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187308 From: Martin Jansa * LDFLAGS += "-fuse-ld=bfd" in the recipe doesn't work and it still fails to build with ld-is-gold in DISTRO_FEATURES removal of this line sent to master in: https://lists.openembedded.org/g/openembedded-core/message/185167 * the most important ones are the 1st which removes --add-needed and the last which removes src/include/workarounds.mk completely while 2-4 patches just update src/include/workarounds.mk for the last one to apply cleanly * alternatively we can bump SRCREV to latest 38 as master did in: https://git.openembedded.org/openembedded-core/commit/?id=4df808c616f847d90203582fd950a49bb8360dd0 which brings 23 commits, but instead of adding 5 more patches allows to remove 5 Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...ve-deprecated-add-needed-linker-flag.patch | 45 +++ ...002-Add-T-workaround-for-GNU-ld-2.36.patch | 33 +++ ...LL-C-to-force-English-output-from-ld.patch | 33 +++ ...on-and-remove-not-needed-workarounds.patch | 45 +++ ...mp-efi_well_known_-variable-handling.patch | 262 ++++++++++++++++++ meta/recipes-bsp/efivar/efivar_38.bb | 9 +- 6 files changed, 423 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch create mode 100644 meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch create mode 100644 meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch create mode 100644 meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch create mode 100644 meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch diff --git a/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch b/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch new file mode 100644 index 0000000000..fb6d2e8580 --- /dev/null +++ b/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch @@ -0,0 +1,45 @@ +From b23aba1469de8bb7a115751f9cd294ad3aaa6680 Mon Sep 17 00:00:00 2001 +From: Ali Abdel-Qader +Date: Tue, 31 May 2022 11:53:32 -0400 +Subject: [PATCH] Remove deprecated --add-needed linker flag + +Resolves #204 +Signed-off-by: Ali Abdel-Qader +Signed-off-by: Martin Jansa +--- +Upstream-Status: Backport [https://github.com/rhboot/efivar/pull/218/commits/b23aba1469de8bb7a115751f9cd294ad3aaa6680] + + src/include/defaults.mk | 2 -- + src/include/gcc.specs | 2 +- + 2 files changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/include/defaults.mk b/src/include/defaults.mk +index b8cc590..42bd3d6 100644 +--- a/src/include/defaults.mk ++++ b/src/include/defaults.mk +@@ -51,7 +51,6 @@ LDFLAGS ?= + override _CCLDFLAGS := $(CCLDFLAGS) + override _LDFLAGS := $(LDFLAGS) + override LDFLAGS = $(CFLAGS) -L. $(_LDFLAGS) $(_CCLDFLAGS) \ +- -Wl,--add-needed \ + -Wl,--build-id \ + -Wl,--no-allow-shlib-undefined \ + -Wl,--no-undefined-version \ +@@ -98,7 +97,6 @@ override _HOST_LDFLAGS := $(HOST_LDFLAGS) + override _HOST_CCLDFLAGS := $(HOST_CCLDFLAGS) + override HOST_LDFLAGS = $(HOST_CFLAGS) -L. \ + $(_HOST_LDFLAGS) $(_HOST_CCLDFLAGS) \ +- -Wl,--add-needed \ + -Wl,--build-id \ + -Wl,--no-allow-shlib-undefined \ + -Wl,-z,now \ +diff --git a/src/include/gcc.specs b/src/include/gcc.specs +index ef28e2b..d85e865 100644 +--- a/src/include/gcc.specs ++++ b/src/include/gcc.specs +@@ -5,4 +5,4 @@ + + %{!shared:%{!static:%{!r:-pie}}} %{static:-Wl,-no-fatal-warnings -Wl,-static -static -Wl,-z,relro,-z,now} -grecord-gcc-switches + + *link: +-+ %{!static:--fatal-warnings} --no-undefined-version --no-allow-shlib-undefined --add-needed -z now --build-id %{!static:%{!shared:-pie}} %{shared:-z relro} %{static:% +Date: Mon, 17 Jan 2022 12:34:55 -0500 +Subject: [PATCH] Add -T workaround for GNU ld 2.36 + +Signed-off-by: Robbie Harwood +Resolves: #195 +Signed-off-by: Martin Jansa +--- +Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/197a0874ea4010061b98b4b55eff65b33b1cd741] + + src/include/workarounds.mk | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk +index 3118834..143e790 100644 +--- a/src/include/workarounds.mk ++++ b/src/include/workarounds.mk +@@ -4,12 +4,12 @@ + + LD_FLAVOR := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g') + LD_VERSION := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //') +-# I haven't tested 2.36 here; 2.35 is definitely broken and 2.37 seems to work ++# 2.35 is definitely broken and 2.36 seems to work + LD_DASH_T := $(shell \ + if [ "x${LD_FLAVOR}" = xLLD ] ; then \ + echo '-T' ; \ + elif [ "x${LD_FLAVOR}" = xGNU ] ; then \ +- if echo "${LD_VERSION}" | grep -q -E '^2\.3[789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \ ++ if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \ + echo '-T' ; \ + else \ + echo "" ; \ diff --git a/meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch b/meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch new file mode 100644 index 0000000000..e53c31a673 --- /dev/null +++ b/meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch @@ -0,0 +1,33 @@ +From 8ea2cf0ab6182f29ecd8568cdc674b2736f6ffba Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 24 Jun 2022 17:00:33 -0400 +Subject: [PATCH] Set LC_ALL=C to force English output from ld + +If the user has a different locale set, ld --version may not contain the +string "GNU ld". + +For example, in Italian, ld --version outputs "ld di GNU". + +Signed-off-by: Mike Gilbert +Signed-off-by: Martin Jansa +--- +Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/01de7438520868650bfaa1ef3e2bfaf00cacbcc6] + + src/include/workarounds.mk | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk +index 143e790..b72fbaf 100644 +--- a/src/include/workarounds.mk ++++ b/src/include/workarounds.mk +@@ -2,8 +2,8 @@ + # + # workarounds.mk - workarounds for weird stuff behavior + +-LD_FLAVOR := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g') +-LD_VERSION := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //') ++LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g') ++LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //') + # 2.35 is definitely broken and 2.36 seems to work + LD_DASH_T := $(shell \ + if [ "x${LD_FLAVOR}" = xLLD ] ; then \ diff --git a/meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch b/meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch new file mode 100644 index 0000000000..f1a545140a --- /dev/null +++ b/meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch @@ -0,0 +1,45 @@ +From 09b9ddc51cb83ce547872a82271d1af4d11325da Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tomasz=20Pawe=C5=82=20Gajc?= +Date: Wed, 29 Jun 2022 21:44:29 +0200 +Subject: [PATCH] LLD: fix detection and remove not needed workarounds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Tomasz Paweł Gajc +Signed-off-by: Martin Jansa +--- +Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/1f247260c9b4bd6fcda30f3e4cc358852aeb9e4d] + + src/include/workarounds.mk | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk +index b72fbaf..57394ed 100644 +--- a/src/include/workarounds.mk ++++ b/src/include/workarounds.mk +@@ -2,12 +2,12 @@ + # + # workarounds.mk - workarounds for weird stuff behavior + +-LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g') +-LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //') ++LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/ .*//g') ++LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/.* //') + # 2.35 is definitely broken and 2.36 seems to work + LD_DASH_T := $(shell \ + if [ "x${LD_FLAVOR}" = xLLD ] ; then \ +- echo '-T' ; \ ++ echo "" ; \ + elif [ "x${LD_FLAVOR}" = xGNU ] ; then \ + if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \ + echo '-T' ; \ +@@ -15,7 +15,7 @@ LD_DASH_T := $(shell \ + echo "" ; \ + fi ; \ + else \ +- echo "Your linker is not supported" ; \ ++ echo "Your linker ${LD_FLAVOR} version ${LD_VERSION} is not supported" ; \ + exit 1 ; \ + fi) + diff --git a/meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch b/meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch new file mode 100644 index 0000000000..758a151138 --- /dev/null +++ b/meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch @@ -0,0 +1,262 @@ +From 8c20b2242925616dfccc97b9be29f36afcf8034d Mon Sep 17 00:00:00 2001 +From: Nicholas Vinson +Date: Mon, 10 Oct 2022 14:22:36 -0400 +Subject: [PATCH] Revamp efi_well_known_* variable handling + +The current implementation attempts to use the linker to create aliases +for efi_well_known_guids and efi_well_known_names. It also tries to use +the linker to generate the variables efi_well_known_guids_end and +efi_well_known_names_end. + +When building with clang, the generated linker result results in a +broken libefivar.so that causes programs to segfault when linked against +it. This change does away with linker script hacker and instead +introduces pointers to store the locations of efi_well_known_guids_end +and efi_well_known_names_end. + +Additionally, efi_well_known_guids and efi_well_known_names are now +created as pointers that point to the beginning of their respective +arrays. + +Signed-off-by: Nicholas Vinson +Fixes: #234 +Signed-off-by: Martin Jansa +--- +Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/cfd686de51494d3e34be896a91835657ccab37d4] + + src/Makefile | 7 ++-- + src/include/rules.mk | 5 +-- + src/include/workarounds.mk | 24 ------------- + src/makeguids.c | 72 +++++++++++++------------------------- + 4 files changed, 27 insertions(+), 81 deletions(-) + delete mode 100644 src/include/workarounds.mk + +diff --git a/src/Makefile b/src/Makefile +index b10051b..c69caf4 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -4,7 +4,6 @@ include $(TOPDIR)/src/include/deprecated.mk + include $(TOPDIR)/src/include/version.mk + include $(TOPDIR)/src/include/rules.mk + include $(TOPDIR)/src/include/defaults.mk +-include $(TOPDIR)/src/include/workarounds.mk + + LIBTARGETS=libefivar.so libefiboot.so libefisec.so + STATICLIBTARGETS=libefivar.a libefiboot.a libefisec.a +@@ -30,7 +29,7 @@ EFISECDB_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(EFISECDB_SOURCES))) + GENERATED_SOURCES = include/efivar/efivar-guids.h guid-symbols.c + MAKEGUIDS_SOURCES = makeguids.c util-makeguids.c + MAKEGUIDS_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(MAKEGUIDS_SOURCES))) +-MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES) guids.lds ++MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES) + + util-makeguids.c : + cp util.c util-makeguids.c +@@ -84,7 +83,7 @@ $(MAKEGUIDS_OUTPUT) : guids.txt + if [ "$${missing}" != "no" ]; then \ + exit 1 ; \ + fi +- ./makeguids $(LD_DASH_T) guids.txt guid-symbols.c include/efivar/efivar-guids.h guids.lds ++ ./makeguids guids.txt guid-symbols.c include/efivar/efivar-guids.h + + prep : makeguids $(GENERATED_SOURCES) + +@@ -96,7 +95,6 @@ libefivar.a : $(patsubst %.o,%.static.o,$(LIBEFIVAR_OBJECTS)) + libefivar.so : $(LIBEFIVAR_OBJECTS) + libefivar.so : | $(GENERATED_SOURCES) libefivar.map + libefivar.so : LIBS=dl +-libefivar.so : LDSCRIPTS=guids.lds + libefivar.so : MAP=libefivar.map + + efivar : $(EFIVAR_OBJECTS) | libefivar.so +@@ -137,7 +135,6 @@ deps : $(ALL_SOURCES) + clean : + @rm -rfv *~ *.o *.a *.E *.so *.so.* *.pc *.bin .*.d *.map \ + makeguids guid-symbols.c include/efivar/efivar-guids.h \ +- guids.lds \ + $(TARGETS) $(STATICTARGETS) + @# remove the deps files we used to create, as well. + @rm -rfv .*.P .*.h.P *.S.P include/efivar/.*.h.P +diff --git a/src/include/rules.mk b/src/include/rules.mk +index f309f86..8d0b68a 100644 +--- a/src/include/rules.mk ++++ b/src/include/rules.mk +@@ -3,7 +3,6 @@ default : all + .PHONY: default all clean install test + + include $(TOPDIR)/src/include/version.mk +-include $(TOPDIR)/src/include/workarounds.mk + + comma:= , + empty:= +@@ -36,9 +35,7 @@ family = $(foreach FAMILY_SUFFIX,$(FAMILY_SUFFIXES),$($(1)_$(FAMILY_SUFFIX))) + $(CCLD) $(CCLDFLAGS) $(CPPFLAGS) -o $@ $(sort $^) $(LDLIBS) + + %.so : +- $(CCLD) $(CCLDFLAGS) $(CPPFLAGS) $(SOFLAGS) \ +- $(foreach LDS,$(LDSCRIPTS),$(LD_DASH_T) $(LDS)) \ +- -o $@ $^ $(LDLIBS) ++ $(CCLD) $(CCLDFLAGS) $(CPPFLAGS) $(SOFLAGS) -o $@ $^ $(LDLIBS) + ln -vfs $@ $@.1 + + %.abixml : %.so +diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk +deleted file mode 100644 +index 57394ed..0000000 +--- a/src/include/workarounds.mk ++++ /dev/null +@@ -1,24 +0,0 @@ +-# SPDX-License-Identifier: SPDX-License-Identifier: LGPL-2.1-or-later +-# +-# workarounds.mk - workarounds for weird stuff behavior +- +-LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/ .*//g') +-LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/.* //') +-# 2.35 is definitely broken and 2.36 seems to work +-LD_DASH_T := $(shell \ +- if [ "x${LD_FLAVOR}" = xLLD ] ; then \ +- echo "" ; \ +- elif [ "x${LD_FLAVOR}" = xGNU ] ; then \ +- if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \ +- echo '-T' ; \ +- else \ +- echo "" ; \ +- fi ; \ +- else \ +- echo "Your linker ${LD_FLAVOR} version ${LD_VERSION} is not supported" ; \ +- exit 1 ; \ +- fi) +- +-export LD_DASH_T +- +-# vim:ft=make +diff --git a/src/makeguids.c b/src/makeguids.c +index e4ff411..b9e9312 100644 +--- a/src/makeguids.c ++++ b/src/makeguids.c +@@ -107,51 +107,46 @@ write_guidnames(FILE *out, const char *listname, + gn->symbol, gn->name, gn->description); + } + fprintf(out, "};\n"); ++ fprintf(out, "const struct efivar_guidname\n" ++ "\t__attribute__((__visibility__ (\"default\")))\n" ++ "\t* const %s = %s_;\n", listname, listname); ++ fprintf(out, "const struct efivar_guidname\n" ++ "\t__attribute__((__visibility__ (\"default\")))\n" ++ "\t* const %s_end = %s_\n\t+ %zd;\n", ++ listname, listname, n - 1); + } + + int + main(int argc, char *argv[]) + { + int rc; +- int argstart = 0; +- FILE *symout, *header, *ldsout; +- int dash_t = 0; ++ FILE *symout, *header; + +- if (argc < 5) { ++ if (argc < 4) { + errx(1, "Not enough arguments.\n"); +- } else if (argc > 5 && !strcmp(argv[1],"-T")) { +- argstart = 1; +- dash_t = 1; +- } else if (argc > 5) { ++ } else if (argc > 4) { + errx(1, "Too many arguments.\n"); + } + +- symout = fopen(argv[argstart + 2], "w"); ++ symout = fopen(argv[2], "w"); + if (symout == NULL) +- err(1, "could not open \"%s\"", argv[argstart + 2]); +- rc = chmod(argv[argstart + 2], 0644); ++ err(1, "could not open \"%s\"", argv[2]); ++ rc = chmod(argv[2], 0644); + if (rc < 0) +- warn("chmod(%s, 0644)", argv[argstart + 2]); ++ warn("chmod(%s, 0644)", argv[2]); + +- header = fopen(argv[argstart + 3], "w"); ++ header = fopen(argv[3], "w"); + if (header == NULL) +- err(1, "could not open \"%s\"", argv[argstart + 3]); +- rc = chmod(argv[argstart + 3], 0644); +- if (rc < 0) +- warn("chmod(%s, 0644)", argv[argstart + 3]); +- +- ldsout = fopen(argv[argstart + 4], "w"); +- if (ldsout == NULL) +- err(1, "could not open \"%s\"", argv[argstart + 4]); +- rc = chmod(argv[argstart + 4], 0644); ++ err(1, "could not open \"%s\"", argv[3]); ++ rc = chmod(argv[3], 0644); + if (rc < 0) +- warn("chmod(%s, 0644)", argv[argstart + 4]); ++ warn("chmod(%s, 0644)", argv[3]); + + struct guidname_index *guidnames = NULL; + +- rc = read_guids_at(AT_FDCWD, argv[argstart + 1], &guidnames); ++ rc = read_guids_at(AT_FDCWD, argv[1], &guidnames); + if (rc < 0) +- err(1, "could not read \"%s\"", argv[argstart + 1]); ++ err(1, "could not read \"%s\"", argv[1]); + + struct efivar_guidname *outbuf; + +@@ -239,12 +234,11 @@ struct efivar_guidname {\n\ + fprintf(header, + "extern const struct efivar_guidname\n" + "\t__attribute__((__visibility__ (\"default\")))\n" +- "\tefi_well_known_guids[%d];\n", +- i); ++ "\t* const efi_well_known_guids;\n"); + fprintf(header, + "extern const struct efivar_guidname\n" + "\t__attribute__((__visibility__ (\"default\")))\n" +- "\tefi_well_known_guids_end;\n"); ++ "\t* const efi_well_known_guids_end;\n"); + fprintf(header, + "extern const uint64_t\n" + "\t__attribute__((__visibility__ (\"default\")))\n" +@@ -252,12 +246,11 @@ struct efivar_guidname {\n\ + fprintf(header, + "extern const struct efivar_guidname\n" + "\t__attribute__((__visibility__ (\"default\")))\n" +- "\tefi_well_known_names[%d];\n", +- i); ++ "\t* const efi_well_known_names;\n"); + fprintf(header, + "extern const struct efivar_guidname\n" + "\t__attribute__((__visibility__ (\"default\")))\n" +- "\tefi_well_known_names_end;\n"); ++ "\t* const efi_well_known_names_end;\n"); + fprintf(header, + "extern const uint64_t\n" + "\t__attribute__((__visibility__ (\"default\")))\n" +@@ -302,23 +295,6 @@ struct efivar_guidname {\n\ + + fclose(symout); + +- fprintf(ldsout, +- "SECTIONS\n" +- "{\n" +- " .data :\n" +- " {\n" +- " efi_well_known_guids = efi_well_known_guids_;\n" +- " efi_well_known_guids_end = efi_well_known_guids_ + %zd;\n" +- " efi_well_known_names = efi_well_known_names_;\n" +- " efi_well_known_names_end = efi_well_known_names_ + %zd;\n" +- " }\n" +- "}%s;\n", +- (line - 1) * sizeof(struct efivar_guidname), +- (line - 1) * sizeof(struct efivar_guidname), +- dash_t ? " INSERT AFTER .data" : ""); +- +- fclose(ldsout); +- + free(guidnames->strtab); + free(guidnames); + diff --git a/meta/recipes-bsp/efivar/efivar_38.bb b/meta/recipes-bsp/efivar/efivar_38.bb index 42625fa041..dc84b3732f 100644 --- a/meta/recipes-bsp/efivar/efivar_38.bb +++ b/meta/recipes-bsp/efivar/efivar_38.bb @@ -12,6 +12,11 @@ SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=main;protocol=https \ file://0001-src-Makefile-build-util.c-separately-for-makeguids.patch \ file://efisecdb-fix-build-with-musl-libc.patch \ file://0001-Fix-invalid-free-in-main.patch \ + file://0001-Remove-deprecated-add-needed-linker-flag.patch \ + file://0002-Add-T-workaround-for-GNU-ld-2.36.patch \ + file://0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch \ + file://0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch \ + file://0005-Revamp-efi_well_known_-variable-handling.patch \ " SRCREV = "1753149d4176ebfb2b135ac0aaf79340bf0e7a93" @@ -21,10 +26,6 @@ inherit pkgconfig export CCLD_FOR_BUILD = "${BUILD_CCLD}" -# Upstream uses --add-needed in gcc.specs which gold doesn't support, so -# enforce BFD. -LDFLAGS += "-fuse-ld=bfd" - do_compile() { oe_runmake ERRORS= HOST_CFLAGS="${BUILD_CFLAGS}" HOST_LDFLAGS="${BUILD_LDFLAGS}" } From patchwork Wed Sep 6 12:48:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30105 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 847DFEB8FC7 for ; Wed, 6 Sep 2023 12:49:02 +0000 (UTC) Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) by mx.groups.io with SMTP id smtpd.web10.7699.1694004534579815383 for ; Wed, 06 Sep 2023 05:48:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wKK3szCm; spf=softfail (domain: sakoman.com, ip: 209.85.166.53, mailfrom: steve@sakoman.com) Received: by mail-io1-f53.google.com with SMTP id ca18e2360f4ac-7927611c54bso141208239f.2 for ; Wed, 06 Sep 2023 05:48:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004533; x=1694609333; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xBtbyc6cKHRRtrfC7N8i/gwnFlEUU4cLIAtBckbW/vg=; b=wKK3szCmT4Wlw3NqAvMS4m+K+o+cOjTS5SfyhcMGHAHasrNhN23PoR+cTgVFD7ALLA dX2jNmepgezMlYhTN1ewATQNLimHwuggLZ3H/IkRoTkozrI69jTnPMDJ+YV4jMnJzrMb d7iO4MyZIPzDWyUcCinO49EKrTG3bd7E68Wv3Urs79wn5+NkCBp2QRfO77QbEe6e8H9u L5YstI47Cv8dJeg4S26AqVEnCsiVNxdMsOpcNoGxzGhlW3z044pETq0DO9auYPsIO/KT ZbFx31FuA5zvJclJxP8aat1RZXa9kQr2lw9dAt6dYEoFmvRb+uTCrv6gdoyJ8qnsNfrf 46lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004533; x=1694609333; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xBtbyc6cKHRRtrfC7N8i/gwnFlEUU4cLIAtBckbW/vg=; b=hS4o3Sc/ohTmCw2szwDdMF3VdF0EFd46pQgnPRDSqjSVfGfI/OlXmvldSrCFVSPnPA j0uexQ7taYSD15cKl1SaNRTslHIwmHNudkWHyR8PS32lFUJdJyUIV8W2cpndfDKAlWLi BqqA7Szc4icgHHEnqKg8rg5oh240AkiPfCsiCRz2Kom4GvHuBLEQHRVqhj0zL8V6Zn0I QifCc82ZnkByHwvoDD+8v1O/6CyUEpt3E7H0FdULpg7waJC/S/SKt7PEocB11OQ6vyXz rodha9RSZWnDD4ckzOjdyLhXWwx+YbiPcXnfRQhs+pMlo8N/u6DFNs+dGv5piyvJ4hnf nMkQ== X-Gm-Message-State: AOJu0YxiMo1Da7jfGNT2s7K1MmmzI58C9mzCPh8GWBfby/aenbPvHNmV PSrtv/kiOBSI59IEmjUzEPDCy29tCBc/bror65k= X-Google-Smtp-Source: AGHT+IHFpN2F4dbFE5Sst4E3DoyPFf5m1+h/w0cKZgIuhsnAY6+hoJQAbQKDb/Y3VN3bQPUc0CWVtg== X-Received: by 2002:a05:6e02:1b0a:b0:34b:af03:e2a with SMTP id i10-20020a056e021b0a00b0034baf030e2amr18649849ilv.31.1694004533425; Wed, 06 Sep 2023 05:48:53 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/14] libdnf: resolve cstdint inclusion for newer gcc versions Date: Wed, 6 Sep 2023 02:48:20 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:49:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187309 From: Abe Kohandel Depending on the host gcc version, libdnf fails to compile due to missing cstdint inclusions. These issue have already been addressed upstream, add the patches to resolve this for older versions of the library. These commits are taken directly from the libdnf project at https://github.com/rpm-software-management/libdnf Signed-off-by: Abe Kohandel Signed-off-by: Steve Sakoman --- ...58-Don-t-assume-inclusion-of-cstdint.patch | 56 +++++++++++++++++++ ...onNumber.hpp-add-missing-cstdint-inc.patch | 33 +++++++++++ ...ite3-Sqlite3.hpp-add-missing-cstdint.patch | 36 ++++++++++++ meta/recipes-devtools/libdnf/libdnf_0.66.0.bb | 3 + 4 files changed, 128 insertions(+) create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch diff --git a/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch b/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch new file mode 100644 index 0000000000..277fd9fbf6 --- /dev/null +++ b/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch @@ -0,0 +1,56 @@ +From 779ea105564b6d717300af2fcb02a399737a536f Mon Sep 17 00:00:00 2001 +From: ctxnop +Date: Mon, 15 May 2023 19:30:16 +0200 +Subject: [PATCH] Fix #1558: Don't assume inclusion of cstdint + +With last versions of gcc, some headers don't include cstdint anymore, +but some sources assume that it is. + +Upstream-Status: Backport [https://github.com/rpm-software-management/libdnf/commit/779ea105564b6d717300af2fcb02a399737a536f] +Signed-off-by: ctxnop +--- + libdnf/conf/ConfigMain.hpp | 1 + + libdnf/conf/ConfigRepo.hpp | 1 + + libdnf/conf/OptionSeconds.hpp | 2 ++ + 3 files changed, 4 insertions(+) + +diff --git a/libdnf/conf/ConfigMain.hpp b/libdnf/conf/ConfigMain.hpp +index 19395c71..59f65c48 100644 +--- a/libdnf/conf/ConfigMain.hpp ++++ b/libdnf/conf/ConfigMain.hpp +@@ -32,6 +32,7 @@ + #include "OptionString.hpp" + #include "OptionStringList.hpp" + ++#include + #include + + namespace libdnf { +diff --git a/libdnf/conf/ConfigRepo.hpp b/libdnf/conf/ConfigRepo.hpp +index 2b198441..84cafbad 100644 +--- a/libdnf/conf/ConfigRepo.hpp ++++ b/libdnf/conf/ConfigRepo.hpp +@@ -26,6 +26,7 @@ + #include "ConfigMain.hpp" + #include "OptionChild.hpp" + ++#include + #include + + namespace libdnf { +diff --git a/libdnf/conf/OptionSeconds.hpp b/libdnf/conf/OptionSeconds.hpp +index dc714b23..a80a973f 100644 +--- a/libdnf/conf/OptionSeconds.hpp ++++ b/libdnf/conf/OptionSeconds.hpp +@@ -25,6 +25,8 @@ + + #include "OptionNumber.hpp" + ++#include ++ + namespace libdnf { + + /** +-- +2.42.0 + diff --git a/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch new file mode 100644 index 0000000000..abb9504e6e --- /dev/null +++ b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch @@ -0,0 +1,33 @@ +From f8af6399c4f6a65a35d33ecc191bb14094dc9e18 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Fri, 27 May 2022 22:13:48 +0100 +Subject: [PATCH] libdnf/conf/OptionNumber.hpp: add missing include + +Without the change libdnf build fails on this week's gcc-13 snapshot as: + + In file included from /build/libdnf/libdnf/conf/ConfigMain.hpp:29, + from /build/libdnf/libdnf/conf/ConfigMain.cpp:21: + /build/libdnf/libdnf/conf/OptionNumber.hpp:94:41: error: 'int32_t' is not a member of 'std'; did you mean 'int32_t'? + 94 | extern template class OptionNumber; + | ^~~~~~~ + +Upstream-Status: Backport [https://github.com/rpm-software-management/libdnf/commit/f8af6399c4f6a65a35d33ecc191bb14094dc9e18] +--- + libdnf/conf/OptionNumber.hpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libdnf/conf/OptionNumber.hpp b/libdnf/conf/OptionNumber.hpp +index f7a7b3d6..a3a4dea6 100644 +--- a/libdnf/conf/OptionNumber.hpp ++++ b/libdnf/conf/OptionNumber.hpp +@@ -25,6 +25,7 @@ + + #include "Option.hpp" + ++#include + #include + + namespace libdnf { +-- +2.42.0 + diff --git a/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch new file mode 100644 index 0000000000..adde48ee46 --- /dev/null +++ b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch @@ -0,0 +1,36 @@ +From 24b5d7f154cac9e322dd3459f6d0a5016abbbb57 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Fri, 27 May 2022 22:12:07 +0100 +Subject: [PATCH] libdnf/utils/sqlite3/Sqlite3.hpp: add missing + include + +Without the change libdnf build fails on this week's gcc-13 snapshot as: + + In file included from /build/libdnf/libdnf/sack/../transaction/Swdb.hpp:38, + from /build/libdnf/libdnf/sack/query.hpp:32, + from /build/libdnf/libdnf/dnf-sack-private.hpp:31, + from /build/libdnf/libdnf/hy-iutil.cpp:60: + /build/libdnf/libdnf/sack/../transaction/../utils/sqlite3/Sqlite3.hpp:100:33: error: 'std::int64_t' has not been declared + 100 | void bind(int pos, std::int64_t val) + | ^~~~~~~ + +Upstream-Status: Backport [https://github.com/rpm-software-management/libdnf/commit/24b5d7f154cac9e322dd3459f6d0a5016abbbb57] +--- + libdnf/utils/sqlite3/Sqlite3.hpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libdnf/utils/sqlite3/Sqlite3.hpp b/libdnf/utils/sqlite3/Sqlite3.hpp +index 3a7da23c..0403bb33 100644 +--- a/libdnf/utils/sqlite3/Sqlite3.hpp ++++ b/libdnf/utils/sqlite3/Sqlite3.hpp +@@ -27,6 +27,7 @@ + + #include + ++#include + #include + #include + #include +-- +2.42.0 + diff --git a/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb b/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb index 2558f96851..bd06937ed8 100644 --- a/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb +++ b/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb @@ -11,6 +11,9 @@ SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;p file://enable_test_data_dir_set.patch \ file://0001-drop-FindPythonInstDir.cmake.patch \ file://0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch \ + file://0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch \ + file://0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch \ + file://0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch \ " SRCREV = "add5d5418b140a86d08667dd2b14793093984875" From patchwork Wed Sep 6 12:48:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 30107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91EEEEB8FCB for ; Wed, 6 Sep 2023 12:49:02 +0000 (UTC) Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web10.7702.1694004535994086965 for ; Wed, 06 Sep 2023 05:48:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=gKSG6HHc; spf=softfail (domain: sakoman.com, ip: 209.85.216.48, mailfrom: steve@sakoman.com) Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-26934bc3059so658316a91.1 for ; Wed, 06 Sep 2023 05:48:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1694004535; x=1694609335; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jicwWxyf3bqilpstwrxSZf09MjrwYst3XlEo19Re/KA=; b=gKSG6HHcGjU32uoRTYOagV4GDZX2IcApMjyQloysyT14U+QLzlQbYkNMBSP06oeBAk SPWB8LE8q9T9QwYSgUPWlaFolzvMvWRKgB/94vl2t9xv7GrZ0zXoOJsdBp8RFNAHLV90 1irSMSLiNzy/d6NkswjlKbajkwE199xMGtNHMh8pDBZBG37PfSTWGJ4uOmMrppG8dQFU zcWl4sP1F1lZ53qenvqK9O7hF1J1HCab2YvFKxeAiZNS7hoaQCCfIuP2aWhLwFyuZBWA XBjzhsahcZzafHagN6xWJzv1fRHOQuZoKTIdniHT7KJAe5YiCZLR4YrrKveXFfwcBhtT mKGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694004535; x=1694609335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jicwWxyf3bqilpstwrxSZf09MjrwYst3XlEo19Re/KA=; b=DV/ohnIbIMEDAmP/oji+ut4E/oOOcqHErKvOv7t+AyY1P8Qsp0M84APImc/Q79DdxZ gTH02khKqAkc/p5C8RG2LaVYbU/ZMkg0wqSaRXKjWrAGn/hGzwVPGIrYw8degLMurBC5 b3JgAzdZcQLGMAAiY0DIDeRR+0bl+Ry2NZIokRVB6BLg43utTiAXkVj3uekEBnY5BQyn 03JMD6zhqZl3GSop8GJN3zikgmOc2HNHOFCUKXs3zQKpLBvdJAuTBLi74HWH1XeGkII2 QEwZcMUOys+sSa6zSsINoHW0zVVc84CQSqj1Bm54DCN5G1r+ak+hwi+Gu65iIsv05RoK qtRw== X-Gm-Message-State: AOJu0YzQJwvKVFY4+GP9T9wtZnr7Uu6tr5c7bsNkWa0EvFoEnoDVU0PO udFxl9QjqsZS7DW1SSemfpRncXdXFTrHvI7sq8Q= X-Google-Smtp-Source: AGHT+IHVamwP9TsOsV0DXBVJgtwY247ojpzSuxV2LJckltnGlOSCK1jqG8a0ilXLUUwgdGQSSRBolw== X-Received: by 2002:a17:90b:38d0:b0:26b:2ba4:add8 with SMTP id nn16-20020a17090b38d000b0026b2ba4add8mr20478187pjb.21.1694004535072; Wed, 06 Sep 2023 05:48:55 -0700 (PDT) Received: from xps13.. ([65.154.164.134]) by smtp.gmail.com with ESMTPSA id n10-20020a17090a928a00b00267d9f4d340sm12495009pjo.44.2023.09.06.05.48.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 05:48:54 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/14] sysklogd: fix integration with systemd-journald Date: Wed, 6 Sep 2023 02:48:21 -1000 Message-Id: <47a1dd7f389e3cf4ac2dc5fc21dccc870aafab4a.1694004064.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 06 Sep 2023 12:49:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187310 From: Changqing Li Fix an issue with early log messages being lost when running in systemd. Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- ...KillMode-process-is-not-recommended-.patch | 33 ++++++++ ...-messages-lost-when-running-in-syste.patch | 75 +++++++++++++++++++ .../sysklogd/sysklogd_2.3.0.bb | 2 + 3 files changed, 110 insertions(+) create mode 100644 meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch create mode 100644 meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch diff --git a/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch new file mode 100644 index 0000000000..6c7e7cea44 --- /dev/null +++ b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch @@ -0,0 +1,33 @@ +From b732dd0001c66f3ff1e0aef919c84ca9f0f81252 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Sat, 22 Apr 2023 07:40:24 +0200 +Subject: [PATCH 1/2] syslogd.service: KillMode=process is not recommended, + drop + +The default 'control-group' ensures all processes started by sysklogd +are stopped when the service is stopped, this is what we want. + +Signed-off-by: Joachim Wiberg + +Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/c82c004de7e25e770039cba5d6a34c30dd548533] + +Signed-off-by: Changqing Li +--- + syslogd.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/syslogd.service.in b/syslogd.service.in +index 91e080a..d614c5f 100644 +--- a/syslogd.service.in ++++ b/syslogd.service.in +@@ -9,7 +9,6 @@ EnvironmentFile=-@SYSCONFDIR@/default/syslogd + ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS + StandardOutput=null + Restart=on-failure +-KillMode=process + + [Install] + WantedBy=multi-user.target +-- +2.25.1 + diff --git a/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch new file mode 100644 index 0000000000..78ae57eeeb --- /dev/null +++ b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch @@ -0,0 +1,75 @@ +From ba8156eab79784ef816958327e701923890e98f7 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Sat, 22 Apr 2023 08:27:57 +0200 +Subject: [PATCH 2/2] Fix #62: early log messages lost when running in systemd + +This is a follow-up to d7576c7 which initially added support for running +in systemd based systems. Since the unit file sources the syslog.socket +we have /run/systemd/journal/syslog open already on descriptor 3. All +we need to do is verify that's the mode syslogd runs in. + +Signed-off-by: Joachim Wiberg + +Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/7ec64e5f9c1bc284792d028647fb36ef3e64dff7] + +Signed-off-by: Changqing Li +--- + src/syslogd.c | 21 +++++++++++++++------ + syslogd.service.in | 2 +- + 2 files changed, 16 insertions(+), 7 deletions(-) + +diff --git a/src/syslogd.c b/src/syslogd.c +index fa4303f..e96ca9a 100644 +--- a/src/syslogd.c ++++ b/src/syslogd.c +@@ -162,6 +162,7 @@ void untty(void); + static void parsemsg(const char *from, char *msg); + static int opensys(const char *file); + static void printsys(char *msg); ++static void unix_cb(int sd, void *arg); + static void logmsg(struct buf_msg *buffer); + static void fprintlog_first(struct filed *f, struct buf_msg *buffer); + static void fprintlog_successive(struct filed *f, int flags); +@@ -436,12 +437,20 @@ int main(int argc, char *argv[]) + .pe_serv = "syslog", + }); + +- /* Default to _PATH_LOG for the UNIX domain socket */ +- if (!pflag) +- addpeer(&(struct peer) { +- .pe_name = _PATH_LOG, +- .pe_mode = 0666, +- }); ++ /* Figure out where to read system log messages from */ ++ if (!pflag) { ++ /* Do we run under systemd-journald (Requires=syslog.socket)? */ ++ if (fcntl(3, F_GETFD) != -1) { ++ if (socket_register(3, NULL, unix_cb, NULL) == -1) ++ err(1, "failed registering syslog.socket (3)"); ++ } else { ++ /* Default to _PATH_LOG for the UNIX domain socket */ ++ addpeer(&(struct peer) { ++ .pe_name = _PATH_LOG, ++ .pe_mode = 0666, ++ }); ++ } ++ } + + if (!Foreground && !Debug) { + ppid = waitdaemon(30); +diff --git a/syslogd.service.in b/syslogd.service.in +index d614c5f..bc82af9 100644 +--- a/syslogd.service.in ++++ b/syslogd.service.in +@@ -6,7 +6,7 @@ Requires=syslog.socket + + [Service] + EnvironmentFile=-@SYSCONFDIR@/default/syslogd +-ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS ++ExecStart=@SBINDIR@/syslogd -F $SYSLOGD_OPTS + StandardOutput=null + Restart=on-failure + +-- +2.25.1 + diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb b/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb index 7043f3d391..0dc5ef93e2 100644 --- a/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb +++ b/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb @@ -12,6 +12,8 @@ inherit update-rc.d update-alternatives systemd autotools SRC_URI = "git://github.com/troglobit/sysklogd.git;branch=master;protocol=https \ file://sysklogd \ + file://0001-syslogd.service-KillMode-process-is-not-recommended-.patch \ + file://0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch \ " SRCREV = "03c2c9c68d5d02675326527774e7e9cba3490ba0"