Re: [OE-core] [PATCH v2 2/2] pip_install_wheel: improved wheel filename guess
On 25.02.22 05:03, Tim Orling wrote: From: Tim Orling Rather than only use PYPI_PACKAGE as a guess, fall back on PN for cases where a recipe does not inherit pypi. Wheels can only have alphanumeric characters in the 'distribution' name [1]. Any other characters are replaced with an underscore. Provide a function to replace dash with underscore. [1] https://www.python.org/dev/peps/pep-0491/#escaping-and-unicode Signed-off-by: Tim Orling --- Changes in v2: address review comments meta/classes/pip_install_wheel.bbclass | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meta/classes/pip_install_wheel.bbclass b/meta/classes/pip_install_wheel.bbclass index 8a848c0ebab..9f9feda6ee0 100644 --- a/meta/classes/pip_install_wheel.bbclass +++ b/meta/classes/pip_install_wheel.bbclass @@ -1,6 +1,10 @@ DEPENDS:append = " python3-pip-native" -PIP_INSTALL_PACKAGE ?= "${PYPI_PACKAGE}" +def guess_pip_install_package_name(d): +'''https://www.python.org/dev/peps/pep-0491/#escaping-and-unicode''' +return (d.getVar('PYPI_PACKAGE') or d.getVar('PN')).replace('-', '_') In my opinion this needs to be BPN not PN - as if you will build python3-foo-native (for native only recipes) it will result in foo_native-1.2.3-*.whl, that just doesn't exit. What disappoints me the most is that none of this comes with unit tests - it broke for a bunch of stuff I maintain this morning, making my morning coffee taste bitter :-( + +PIP_INSTALL_PACKAGE ?= "${@guess_pip_install_package_name(d)}" PIP_INSTALL_DIST_PATH ?= "${B}/dist" PYPA_WHEEL ??= "${PIP_INSTALL_DIST_PATH}/${PIP_INSTALL_PACKAGE}-${PV}-*.whl" -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162422): https://lists.openembedded.org/g/openembedded-core/message/162422 Mute This Topic: https://lists.openembedded.org/mt/89382270/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v3] setuptools3.bbclass: add check for pyproject.toml
On Fri, 2022-02-25 at 15:43 -0800, Tim Orling wrote: > From: Tim Orling > > With help from Peter Kjellerstedt via IRC. > > Add a check for pyproject.toml in ${S} and if so check if it has a > [build-system] build-backend. Give the user a helpful warning that > the recipe should be changed to one of the PEP-517 classes (instead of > setuptools3.bbclass). > > Add SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK variable to skip this check (and > avoid the warning). This is needed for e.g. > python3-setuptools-rust-native which does not build cleanly with > setuptools_build_meta.bbclass > > Because some sources have a pyproject.toml but no [build-sytem] or no > properly defined (or accurate) build-backend, add a try: except: clause > to avoid KeyError. > > [YOCTO #14736] > > Signed-off-by: Tim Orling > --- > meta/classes/setuptools3.bbclass | 41 > 1 file changed, 41 insertions(+) > > diff --git a/meta/classes/setuptools3.bbclass > b/meta/classes/setuptools3.bbclass > index 12561340b07..d80a91d3296 100644 > --- a/meta/classes/setuptools3.bbclass > +++ b/meta/classes/setuptools3.bbclass > @@ -18,6 +18,47 @@ setuptools3_do_configure() { > : > } > > +SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK ?= "0" > + > +python check_for_pyprojecttoml_build_backend() { > +import os > +import tomli https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/4833/steps/12/logs/stdio Exception: ModuleNotFoundError: No module named 'tomli' Cheers, Richard > +from pathlib import Path > + > +if d.getVar('SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK') == "1": > +bb.debug(3, "Skipping check for build-backend in pyproject.toml") > +return 0 > +warn_string = "The source has a pyproject.toml which declares '%s' as a > build backend, please consider 'inherit %s' instead of inheriting > setuptools3." > +warn_layer_string = "The source has a pyproject.toml which declares '%s' > as a build backend, please consider 'inherit %s' from %s instead of > inheriting setuptools3." > +pyprojecttoml_file = Path(d.getVar('S'), 'pyproject.toml') > +if pyprojecttoml_file.exists(): > +bb.debug(3, "pyproject.toml found: %s" % pyprojecttoml_file) > +with open(pyprojecttoml_file, "rb") as f: > +pyprojecttoml_dict = tomli.load(f) > +try: > +build_system = pyprojecttoml_dict["build-system"] > +if build_system: > +bb.debug(3, "[build-system] found in pyproject.toml") > +backend = build_system.get('build-backend') > +if backend: > +bb.debug(3, "build-backend found: %s" % backend) > +if backend == "flit_core.buildapi": > +bb.warn(warn_string % ('flit_core.buildapi', > + 'flit_core')) > +elif backend == "setuptools.build_meta": > +bb.warn(warn_string % ('setuptools.build_meta', > + 'setuptools_build_meta')) > +elif backend == "poetry.core.masonry.api": > +bb.warn(warn_layer_string % > ('poetry.core.masonry.api', > + 'poetry_core', > 'meta-python')) > +else: > +bb.warn("The source has a pyproject.toml which > declares '%s' as a build backend, but this is not currently supported in > oe-core." % backend) > +except KeyError: > +bb.warn("The source has a pyproject.toml, but either no > [build-system] or it is malformed. If the recipe is still buildable with > setuptools3, you can skip this check > with:\nSETUPTOOLS_SKIP_BUILD_BACKEND_CHECK= \"1\"") > +pass > +} > +do_configure[prefuncs] += "check_for_pyprojecttoml_build_backend" > + > setuptools3_do_compile() { > cd ${SETUPTOOLS_SETUP_PATH} > NO_FETCH_BUILD=1 \ > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162421): https://lists.openembedded.org/g/openembedded-core/message/162421 Mute This Topic: https://lists.openembedded.org/mt/89401217/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] bitbake.conf: add ssh-keygen to HOSTTOOLS_NONFATAL
Am 25.02.22 um 16:47 schrieb Richard Purdie: On Fri, 2022-02-18 at 08:35 +0100, Markus Volk wrote: Gnome Seahorse needs an external ssh-keygen to build and there is no provider for it in yocto/oe. openssh-native is not allowed to build and if allowed there are problems building it with '--enable-pam'. 'ssh' is already set to be added as a HOSTTOOL when it is found. This commit also adds ssh-keygen. Signed-off-by: Markus Volk --- meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index fba99e8f0c..15ea0bc29e 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -499,7 +499,7 @@ HOSTTOOLS += " \ HOSTTOOLS += "${@'ip ping ps scp ssh stty' if (bb.utils.contains_any('IMAGE_CLASSES', 'testimage testsdk', True, False, d) or any(x in (d.getVar("BBINCLUDED") or "") for x in ["testimage.bbclass", "testsdk.bbclass"])) else ''}" # Link to these if present -HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp socat ssh sudo" +HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp socat ssh ssh-keygen sudo" Does it actually need to generate keys or is it just checking for the presence of the tool? I'm not a big fan of adding new tools like this, particularly as this could still cause a deterministic build issue... It looks like there is no need to generate keys. ssh-keygen is only looked for to get SSH_KEYGEN_PATH. https://gitlab.gnome.org/GNOME/seahorse/-/blob/master/meson.build#L48 https://gitlab.gnome.org/GNOME/seahorse/-/blob/master/meson.build#L126 If that Path isn't set compile fails like this: d -o ssh/libseahorse-ssh.a.p/meson-generated_operation.c.o -c ssh/libseahorse-ssh.a.p/operation.c | ssh/libseahorse-ssh.a.p/operation.c: In function 'seahorse_ssh_change_passphrase_operation_change_passphrase_async_co': | ssh/libseahorse-ssh.a.p/operation.c:1834:61: error: 'SSH_KEYGEN_PATH' undeclared (first use in this function) | 1834 | _data_->_tmp15_ = g_strdup_printf ("%s -p -f '%s'", SSH_KEYGEN_PATH, _data_->_tmp14_); | | ^~~ | ssh/libseahorse-ssh.a.p/operation.c:1834:61: note: each undeclared identifier is reported only once for each function it appears in | ssh/libseahorse-ssh.a.p/operation.c: In function 'seahorse_ssh_generate_operation_generate_async_co': | ssh/libseahorse-ssh.a.p/operation.c:2032:75: error: 'SSH_KEYGEN_PATH' undeclared (first use in this function) | 2032 | _data_->_tmp12_ = g_strdup_printf ("%s %s -t '%s' -C %s -f '%s'", SSH_KEYGEN_PATH, _data_->bits_str, _data_->_tmp11_, _data_->comment, _data_->filename); | | ^~~ | ssh/libseahorse-ssh.a.p/operation.c: In function 'seahorse_ssh_private_import_operation_import_private_async_co': | ssh/libseahorse-ssh.a.p/operation.c:2299:61: error: 'SSH_KEYGEN_PATH' undeclared (first use in this function) | 2299 | _data_->_tmp25_ = g_strdup_printf ("%s -y -f '%s'", SSH_KEYGEN_PATH, _data_->_tmp24_); Actually it is not really ideal to derive that from hosts path. But what would be best to do here? Hack it like this in seahorse.bb? do_configure:prepend() { sed -i "s|ssh_keygen = find_program('ssh-keygen')|#ssh_keygen = find_program('ssh-keygen')|" ${S}/meson.build sed -i "s|ssh_keygen.path()|'${bindir}/ssh-keygen'|" ${S}/meson.build } -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162420): https://lists.openembedded.org/g/openembedded-core/message/162420 Mute This Topic: https://lists.openembedded.org/mt/89228328/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 2/2] license.py: rename variales
Signed-off-by: Saul Wold --- meta/lib/oe/license.py | 28 +++- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py index b5d378a549b..4cd382b4fd7 100644 --- a/meta/lib/oe/license.py +++ b/meta/lib/oe/license.py @@ -99,20 +99,22 @@ def flattened_licenses(licensestr, choose_licenses): raise LicenseSyntaxError(licensestr, exc) return flatten.licenses -def is_included(licensestr, whitelist=None, blacklist=None): -"""Given a license string and whitelist and blacklist, determine if the -license string matches the whitelist and does not match the blacklist. - -Returns a tuple holding the boolean state and a list of the applicable -licenses that were excluded if state is False, or the licenses that were -included if the state is True. +def is_included(licensestr, include=None, exclude=None): +"""Given a license string and include list and exclude list, +determine if the license string matches the an included +license and does dont match an excluded license. + +Returns a tuple holding the boolean state and a list of +the applicable licenses that were excluded if state is +False, or the licenses that were included if the state +is True. """ def include_license(license): -return any(fnmatch(license, pattern) for pattern in whitelist) +return any(fnmatch(license, pattern) for pattern in include) def exclude_license(license): -return any(fnmatch(license, pattern) for pattern in blacklist) +return any(fnmatch(license, pattern) for pattern in exclude) def choose_licenses(alpha, beta): """Select the option in an OR which is the 'best' (has the most @@ -131,11 +133,11 @@ def is_included(licensestr, whitelist=None, blacklist=None): else: return beta -if not whitelist: -whitelist = ['*'] +if not include: +include = ['*'] -if not blacklist: -blacklist = [] +if not exclude: +exclude = [] licenses = flattened_licenses(licensestr, choose_licenses) excluded = [lic for lic in licenses if exclude_license(lic)] -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162417): https://lists.openembedded.org/g/openembedded-core/message/162417 Mute This Topic: https://lists.openembedded.org/mt/89402861/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 1/2] INCOMPATIBLE_LICENSE re-work
From: Saul Wold This re-writes the INCOMPATIBLE_LICENSE checking code to replace the WHITELIST_ with INCOMPATIBLE_LICENSE_EXCEPTIONS = ': : ...' This initial set of changes leaves most of the code structure in place, but the code in base.bbclass needs to be re-written to make the check more consistent around packages (PKGS) and not recipe names (PN). This also is taking into account the changes for SPDX licenses. Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- meta/classes/base.bbclass | 26 +- meta/classes/license_image.bbclass| 27 +++ meta/classes/multilib.bbclass | 6 ++--- meta/conf/bitbake.conf| 10 +++ .../distro/include/default-distrovars.inc | 2 +- .../oeqa/selftest/cases/incompatible_lic.py | 10 +++ 6 files changed, 43 insertions(+), 38 deletions(-) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 55f654d37d0..ddca87d4a8c 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -595,21 +595,23 @@ python () { if check_license and bad_licenses: bad_licenses = expand_wildcard_licenses(d, bad_licenses) -whitelist = [] -for lic in bad_licenses: -spdx_license = return_spdx(d, lic) -whitelist.extend((d.getVar("WHITELIST_" + lic) or "").split()) -if spdx_license: -whitelist.extend((d.getVar("WHITELIST_" + spdx_license) or "").split()) - -if pn in whitelist: +exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or "").split() + +pkg_exceptions = {} +for exception in exceptions: +pkg_lic = exception.split(':') +pkg_exceptions[pkg_lic[0]] = pkg_lic[1] + +#if any((pn in execption and incompatible_lic in exception) for execption in exceptions): +if any(execption.startswith(pn + ':') for execption in exceptions): ''' -We need to track what we are whitelisting and why. If pn is -incompatible we need to be able to note that the image that -is created may infact contain incompatible licenses despite +We need to track which recipes are in the exception +list and why. If pn is incompatible we need to be +able to note that the image that is created may +infact contain incompatible licenses despite INCOMPATIBLE_LICENSE being set. ''' -bb.note("Including %s as buildable despite it having an incompatible license because it has been whitelisted" % pn) +bb.note("Including %s as a buildable recipe despite it having an incompatible license because it was found in the exception list" % pn) else: pkgs = d.getVar('PACKAGES').split() skipped_pkgs = {} diff --git a/meta/classes/license_image.bbclass b/meta/classes/license_image.bbclass index bf70bee99bb..c6f04d30733 100644 --- a/meta/classes/license_image.bbclass +++ b/meta/classes/license_image.bbclass @@ -54,28 +54,21 @@ def write_license_files(d, license_manifest, pkg_dic, rootfs=True): bad_licenses = (d.getVar("INCOMPATIBLE_LICENSE") or "").split() bad_licenses = expand_wildcard_licenses(d, bad_licenses) -whitelist = [] -for lic in bad_licenses: -whitelist.extend((d.getVar("WHITELIST_" + lic) or "").split()) - +exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or "").split() with open(license_manifest, "w") as license_file: for pkg in sorted(pkg_dic): -if bad_licenses and pkg not in whitelist: -try: +if bad_licenses and not any((pkg + ":") in execption for execption in exceptions): licenses = incompatible_pkg_license(d, bad_licenses, pkg_dic[pkg]["LICENSE"]) if licenses: bb.fatal("Package %s cannot be installed into the image because it has incompatible license(s): %s" %(pkg, ' '.join(licenses))) -(pkg_dic[pkg]["LICENSE"], pkg_dic[pkg]["LICENSES"]) = \ -oe.license.manifest_licenses(pkg_dic[pkg]["LICENSE"], -bad_licenses, canonical_license, d) -except oe.license.LicenseError as exc: -bb.fatal('%s: %s' % (d.getVar('P'), exc)) -else: -pkg_dic[pkg]["LICENSES"] = re.sub(r'[|&()*]', ' ', pkg_dic[pkg]["LICENSE"]) -pkg_dic[pkg]["LICENSES"] = re.sub(r' *', ' ', pkg_dic[pkg]["LICENSES"]) -pkg_dic[pkg]["LICENSES"] = pkg_dic[pkg]["LICENSES"].split() -if pkg in whitelist: -oe.qa.handle_error('license-incompatible', "Including %s with an incompatible license %s into the image,
[OE-core] [PATCH v3 2/2] INCOMPATIBLE_LICENSE: add has_pkg_license_exception()
This adds in the new function to check for both package and license are in the new INCOMPATIBLE_LICENSE_EXCEPTION list. This has been tested by changing the skeleton/hello to MIT-X and using that license to verify it will be skipped or not installed. oe-selftest was also used. Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- meta/classes/base.bbclass | 66 -- meta/classes/license_image.bbclass | 5 ++- meta/lib/oe/license.py | 10 + 3 files changed, 40 insertions(+), 41 deletions(-) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index ddca87d4a8c..fccf3df17ff 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -597,46 +597,34 @@ python () { exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or "").split() -pkg_exceptions = {} -for exception in exceptions: -pkg_lic = exception.split(':') -pkg_exceptions[pkg_lic[0]] = pkg_lic[1] - -#if any((pn in execption and incompatible_lic in exception) for execption in exceptions): -if any(execption.startswith(pn + ':') for execption in exceptions): -''' -We need to track which recipes are in the exception -list and why. If pn is incompatible we need to be -able to note that the image that is created may -infact contain incompatible licenses despite -INCOMPATIBLE_LICENSE being set. -''' -bb.note("Including %s as a buildable recipe despite it having an incompatible license because it was found in the exception list" % pn) -else: -pkgs = d.getVar('PACKAGES').split() -skipped_pkgs = {} -unskipped_pkgs = [] -for pkg in pkgs: -incompatible_lic = incompatible_license(d, bad_licenses, pkg) -if incompatible_lic: -skipped_pkgs[pkg] = incompatible_lic -else: -unskipped_pkgs.append(pkg) -if unskipped_pkgs: -for pkg in skipped_pkgs: -bb.debug(1, "Skipping the package %s at do_rootfs because of incompatible license(s): %s" % (pkg, ' '.join(skipped_pkgs[pkg]))) -d.setVar('_exclude_incompatible-' + pkg, ' '.join(skipped_pkgs[pkg])) -for pkg in unskipped_pkgs: -bb.debug(1, "Including the package %s" % pkg) +pkgs = d.getVar('PACKAGES').split() +skipped_pkgs = {} +unskipped_pkgs = [] +for pkg in pkgs: +pkg_exception = oe.license.has_pkg_license_exception(pkg, bad_licenses, exceptions) + +incompatible_lic = incompatible_license(d, bad_licenses, pkg) +if incompatible_lic and not pkg_exception: +skipped_pkgs[pkg] = incompatible_lic else: -incompatible_lic = incompatible_license(d, bad_licenses) -for pkg in skipped_pkgs: -incompatible_lic += skipped_pkgs[pkg] -incompatible_lic = sorted(list(set(incompatible_lic))) - -if incompatible_lic: -bb.debug(1, "Skipping recipe %s because of incompatible license(s): %s" % (pn, ' '.join(incompatible_lic))) -raise bb.parse.SkipRecipe("it has incompatible license(s): %s" % ' '.join(incompatible_lic)) +unskipped_pkgs.append(pkg) + +if unskipped_pkgs: +for pkg in skipped_pkgs: +bb.warn( "Skipping the package %s at do_rootfs because of incompatible license(s): %s" % (pkg, ' '.join(skipped_pkgs[pkg]))) +bb.debug(1, "Skipping the package %s at do_rootfs because of incompatible license(s): %s" % (pkg, ' '.join(skipped_pkgs[pkg]))) +d.setVar('_exclude_incompatible-' + pkg, ' '.join(skipped_pkgs[pkg])) +for pkg in unskipped_pkgs: +bb.debug(1, "Including the package %s" % pkg) +else: +incompatible_lic = incompatible_license(d, bad_licenses) +for pkg in skipped_pkgs: +incompatible_lic += skipped_pkgs[pkg] +incompatible_lic = sorted(list(set(incompatible_lic))) + +if incompatible_lic: +bb.warn( "Skipping recipe %s because of incompatible license(s): %s" % (pn, ' '.join(incompatible_lic))) +raise bb.parse.SkipRecipe("it has incompatible license(s): %s" % ' '.join(incompatible_lic)) needsrcrev = False srcuri = d.getVar('SRC_URI') diff --git a/meta/classes/license_image.bbclass b/meta/classes/license_image.bbclass index
Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests
On Fri, 2022-02-25 at 23:24 +0100, Alexander Kanavin wrote: > I’m… confused :) Do I need to change something? This particular combination of > arches is only used for cross manifests, so it shouldn’t touch other things? Yes, this needs a tweak. Imagine you have a TMPDIR where you build with two different machines, an x86 one and an arm one. Your patch as it stands removes the current cross toolchain but not the other one. The ABI of TMPDIR changes only once so you need to cover all cross recipes here, not just the current one. I do worry that globing will uninstall other things too, but I think (I'm not 100% sure) it will then just reinstall them from sstate. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162416): https://lists.openembedded.org/g/openembedded-core/message/162416 Mute This Topic: https://lists.openembedded.org/mt/89396617/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] flit_core: inherit setuptools3-base
This helps bridge the old setuptools3 behavior. FILES:${PN} has sane defaults in setuptools3-base Signed-off-by: Tim Orling --- Change in v2: minor grammar correction in git commit log meta/classes/flit_core.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/flit_core.bbclass b/meta/classes/flit_core.bbclass index 0f2eec85d0b..8edbd654ff2 100644 --- a/meta/classes/flit_core.bbclass +++ b/meta/classes/flit_core.bbclass @@ -1,4 +1,4 @@ -inherit pip_install_wheel python3native python3-dir +inherit pip_install_wheel python3native python3-dir setuptools3-base DEPENDS += "python3 python3-flit-core-native python3-pip-native" -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162415): https://lists.openembedded.org/g/openembedded-core/message/162415 Mute This Topic: https://lists.openembedded.org/mt/89401476/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3] setuptools3.bbclass: add check for pyproject.toml
From: Tim Orling With help from Peter Kjellerstedt via IRC. Add a check for pyproject.toml in ${S} and if so check if it has a [build-system] build-backend. Give the user a helpful warning that the recipe should be changed to one of the PEP-517 classes (instead of setuptools3.bbclass). Add SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK variable to skip this check (and avoid the warning). This is needed for e.g. python3-setuptools-rust-native which does not build cleanly with setuptools_build_meta.bbclass Because some sources have a pyproject.toml but no [build-sytem] or no properly defined (or accurate) build-backend, add a try: except: clause to avoid KeyError. [YOCTO #14736] Signed-off-by: Tim Orling --- meta/classes/setuptools3.bbclass | 41 1 file changed, 41 insertions(+) diff --git a/meta/classes/setuptools3.bbclass b/meta/classes/setuptools3.bbclass index 12561340b07..d80a91d3296 100644 --- a/meta/classes/setuptools3.bbclass +++ b/meta/classes/setuptools3.bbclass @@ -18,6 +18,47 @@ setuptools3_do_configure() { : } +SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK ?= "0" + +python check_for_pyprojecttoml_build_backend() { +import os +import tomli +from pathlib import Path + +if d.getVar('SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK') == "1": +bb.debug(3, "Skipping check for build-backend in pyproject.toml") +return 0 +warn_string = "The source has a pyproject.toml which declares '%s' as a build backend, please consider 'inherit %s' instead of inheriting setuptools3." +warn_layer_string = "The source has a pyproject.toml which declares '%s' as a build backend, please consider 'inherit %s' from %s instead of inheriting setuptools3." +pyprojecttoml_file = Path(d.getVar('S'), 'pyproject.toml') +if pyprojecttoml_file.exists(): +bb.debug(3, "pyproject.toml found: %s" % pyprojecttoml_file) +with open(pyprojecttoml_file, "rb") as f: +pyprojecttoml_dict = tomli.load(f) +try: +build_system = pyprojecttoml_dict["build-system"] +if build_system: +bb.debug(3, "[build-system] found in pyproject.toml") +backend = build_system.get('build-backend') +if backend: +bb.debug(3, "build-backend found: %s" % backend) +if backend == "flit_core.buildapi": +bb.warn(warn_string % ('flit_core.buildapi', + 'flit_core')) +elif backend == "setuptools.build_meta": +bb.warn(warn_string % ('setuptools.build_meta', + 'setuptools_build_meta')) +elif backend == "poetry.core.masonry.api": +bb.warn(warn_layer_string % ('poetry.core.masonry.api', + 'poetry_core', 'meta-python')) +else: +bb.warn("The source has a pyproject.toml which declares '%s' as a build backend, but this is not currently supported in oe-core." % backend) +except KeyError: +bb.warn("The source has a pyproject.toml, but either no [build-system] or it is malformed. If the recipe is still buildable with setuptools3, you can skip this check with:\nSETUPTOOLS_SKIP_BUILD_BACKEND_CHECK= \"1\"") +pass +} +do_configure[prefuncs] += "check_for_pyprojecttoml_build_backend" + setuptools3_do_compile() { cd ${SETUPTOOLS_SETUP_PATH} NO_FETCH_BUILD=1 \ -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162414): https://lists.openembedded.org/g/openembedded-core/message/162414 Mute This Topic: https://lists.openembedded.org/mt/89401217/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] flit_core: inherit setuptools3-base
This is helps bridge the old setuptools3 behavior. FILES:${PN} has sane defaults in setuptools3-base Signed-off-by: Tim Orling --- meta/classes/flit_core.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/flit_core.bbclass b/meta/classes/flit_core.bbclass index 0f2eec85d0b..8edbd654ff2 100644 --- a/meta/classes/flit_core.bbclass +++ b/meta/classes/flit_core.bbclass @@ -1,4 +1,4 @@ -inherit pip_install_wheel python3native python3-dir +inherit pip_install_wheel python3native python3-dir setuptools3-base DEPENDS += "python3 python3-flit-core-native python3-pip-native" -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162413): https://lists.openembedded.org/g/openembedded-core/message/162413 Mute This Topic: https://lists.openembedded.org/mt/89401200/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests
I’m… confused :) Do I need to change something? This particular combination of arches is only used for cross manifests, so it shouldn’t touch other things? Ale On Fri 25. Feb 2022 at 22.19, Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Fri, 2022-02-25 at 20:52 +0100, Alexander Kanavin wrote: > > Signed-off-by: Alexander Kanavin > > --- > > meta/classes/sanity.bbclass | 22 +- > > meta/conf/abi_version.conf | 2 +- > > 2 files changed, 22 insertions(+), 2 deletions(-) > > > > diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass > > index 773902e619..9dd829512a 100644 > > --- a/meta/classes/sanity.bbclass > > +++ b/meta/classes/sanity.bbclass > > @@ -559,6 +559,23 @@ def sanity_check_conffiles(d): > > bb.fatal(str(e)) > > d.setVar("BB_INVALIDCONF", True) > > > > +def drop_v14_cross_builds(d): > > +i = > d.expand("${SSTATE_MANIFESTS}/index-${BUILD_ARCH}_${TARGET_ARCH}") > > This is nearly there but there is one further small tweak needed. > > This will convert the current TARGET_ARCH but we probably need to glob the > other > possible options in case there are other things in the TMPDIR. I'm a bit > worried > that might match some other things (such as crosssdk) however if it > removes too > much, it would restore it from sstate so it might not matter. > > Cheers, > > Richard > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162412): https://lists.openembedded.org/g/openembedded-core/message/162412 Mute This Topic: https://lists.openembedded.org/mt/89396617/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests
On Fri, 2022-02-25 at 20:52 +0100, Alexander Kanavin wrote: > Signed-off-by: Alexander Kanavin > --- > meta/classes/sanity.bbclass | 22 +- > meta/conf/abi_version.conf | 2 +- > 2 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass > index 773902e619..9dd829512a 100644 > --- a/meta/classes/sanity.bbclass > +++ b/meta/classes/sanity.bbclass > @@ -559,6 +559,23 @@ def sanity_check_conffiles(d): > bb.fatal(str(e)) > d.setVar("BB_INVALIDCONF", True) > > +def drop_v14_cross_builds(d): > +i = d.expand("${SSTATE_MANIFESTS}/index-${BUILD_ARCH}_${TARGET_ARCH}") This is nearly there but there is one further small tweak needed. This will convert the current TARGET_ARCH but we probably need to glob the other possible options in case there are other things in the TMPDIR. I'm a bit worried that might match some other things (such as crosssdk) however if it removes too much, it would restore it from sstate so it might not matter. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162411): https://lists.openembedded.org/g/openembedded-core/message/162411 Mute This Topic: https://lists.openembedded.org/mt/89396617/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests
Signed-off-by: Alexander Kanavin --- meta/classes/sanity.bbclass | 22 +- meta/conf/abi_version.conf | 2 +- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 773902e619..9dd829512a 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -559,6 +559,23 @@ def sanity_check_conffiles(d): bb.fatal(str(e)) d.setVar("BB_INVALIDCONF", True) +def drop_v14_cross_builds(d): +i = d.expand("${SSTATE_MANIFESTS}/index-${BUILD_ARCH}_${TARGET_ARCH}") +with open(i, "r") as f: +lines = f.readlines() +for l in reversed(lines): +try: +(stamp, manifest, workdir) = l.split() +except ValueError: +bb.fatal("Invalid line '%s' in sstate manifest '%s'" % (l, i)) +import glob +for m in glob.glob(manifest + ".*"): +if m.endswith(".postrm"): +continue +sstate_clean_manifest(m, d) +bb.utils.remove(stamp + "*") +bb.utils.remove(workdir, recurse = True) + def sanity_handle_abichanges(status, d): # # Check the 'ABI' of TMPDIR @@ -577,7 +594,10 @@ def sanity_handle_abichanges(status, d): status.addresult("The layout of TMPDIR changed for Recipe Specific Sysroots.\nConversion doesn't make sense and this change will rebuild everything so please delete TMPDIR (%s).\n" % d.getVar("TMPDIR")) elif int(abi) <= 13 and current_abi == "14": status.addresult("TMPDIR changed to include path filtering from the pseudo database.\nIt is recommended to use a clean TMPDIR with the new pseudo path filtering so TMPDIR (%s) would need to be removed to continue.\n" % d.getVar("TMPDIR")) - +elif int(abi) == 14 and current_abi == "15": +drop_v14_cross_builds(d) +with open(abifile, "w") as f: +f.write(current_abi) elif (abi != current_abi): # Code to convert from one ABI to another could go here if possible. status.addresult("Error, TMPDIR has changed its layout version number (%s to %s) and you need to either rebuild, revert or adjust it at your own risk.\n" % (abi, current_abi)) diff --git a/meta/conf/abi_version.conf b/meta/conf/abi_version.conf index 66df69bb8d..2a08b1208b 100644 --- a/meta/conf/abi_version.conf +++ b/meta/conf/abi_version.conf @@ -4,7 +4,7 @@ # that breaks the format and have been previously discussed on the mailing list # with general agreement from the core team. # -OELAYOUT_ABI = "14" +OELAYOUT_ABI = "15" # # HASHEQUIV_HASH_VERSION is injected into the output hash calculation used by -- 2.20.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162410): https://lists.openembedded.org/g/openembedded-core/message/162410 Mute This Topic: https://lists.openembedded.org/mt/89396617/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] sstate: do not add TARGET_ARCH to pkgarch for cross recipes.
This is redundant (target arch is already in PN), and breaks compiling a cross-canadian toolchain, as that needs populating the sysroot with two different native-hosted toolchains built from cross recipes. Inserting TARGET_ARCH allows only one or the other. Signed-off-by: Alexander Kanavin --- meta/classes/sstate.bbclass | 3 +-- meta/lib/oe/sstatesig.py| 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 787172b408..dc9a2c085b 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -83,7 +83,6 @@ SSTATE_ARCHS = " \ ${BUILD_ARCH} \ ${BUILD_ARCH}_${ORIGNATIVELSBSTRING} \ ${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS} \ -${BUILD_ARCH}_${TARGET_ARCH} \ ${SDK_ARCH}_${SDK_OS} \ ${SDK_ARCH}_${PACKAGE_ARCH} \ allarch \ @@ -138,7 +137,7 @@ python () { elif bb.data.inherits_class('crosssdk', d): d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS}")) elif bb.data.inherits_class('cross', d): -d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}_${TARGET_ARCH}")) +d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}")) elif bb.data.inherits_class('nativesdk', d): d.setVar('SSTATE_PKGARCH', d.expand("${SDK_ARCH}_${SDK_OS}")) elif bb.data.inherits_class('cross-canadian', d): diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index abcd96231e..2cf858e201 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -443,7 +443,7 @@ def find_sstate_manifest(taskdata, taskdata2, taskname, d, multilibcache): elif "-cross-canadian" in taskdata: pkgarchs = ["${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}"] elif "-cross-" in taskdata: -pkgarchs = ["${BUILD_ARCH}_${TARGET_ARCH}"] +pkgarchs = ["${BUILD_ARCH}"] elif "-crosssdk" in taskdata: pkgarchs = ["${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS}"] else: -- 2.20.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162409): https://lists.openembedded.org/g/openembedded-core/message/162409 Mute This Topic: https://lists.openembedded.org/mt/89396615/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] musl: Update to latest master
brings in these fixes * f8bdc304 fix spurious failures by fgetws when buffer ends with partial character * 5690668a add missing strerror text for key management * 3b7b4155 fix out-of-bound read processing time zone data with distant-past dates * 75b3412f fix potentially wrong-sign zero in cproj functions at infinity * 52f0deb9 make fseek detect and produce an error for invalid whence arguments * cbacd638 add SEEK_DATA and SEEK_HOLE to unistd.h Signed-off-by: Khem Raj --- meta/recipes-core/musl/musl_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb index 1e33ad5317b..04752f40c45 100644 --- a/meta/recipes-core/musl/musl_git.bb +++ b/meta/recipes-core/musl/musl_git.bb @@ -4,7 +4,7 @@ require musl.inc inherit linuxloader -SRCREV = "c4d4028dde90562f631edf559fbc42d8ec1b29de" +SRCREV = "f8bdc3048216f41eaaf655524fa286cfb1184a70" BASEVER = "1.2.2" -- 2.35.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162408): https://lists.openembedded.org/g/openembedded-core/message/162408 Mute This Topic: https://lists.openembedded.org/mt/89394318/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] license.py: Correct a comment
Signed-off-by: Peter Kjellerstedt --- meta/lib/oe/license.py | 17 +++-- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py index 79800c2b8f..8955cbdeb2 100644 --- a/meta/lib/oe/license.py +++ b/meta/lib/oe/license.py @@ -100,16 +100,13 @@ def flattened_licenses(licensestr, choose_licenses): return flatten.licenses def is_included(licensestr, include_licenses=None, exclude_licenses=None): -"""Given a license a list of list to include and a list of -licenses to exclude, determine if the license string -matches the an include list and does not match the -exclude list. - -Returns a tuple holding the boolean state and a list of -the applicable licenses that were excluded if state is -False, or the licenses that were included if the state -is True. -""" +"""Given a license string, a list of licenses to include and a list of +licenses to exclude, determine if the license string matches the include +list and does not match the exclude list. + +Returns a tuple holding the boolean state and a list of the applicable +licenses that were excluded if state is False, or the licenses that were +included if the state is True.""" def include_license(license): return any(fnmatch(license, pattern) for pattern in include_licenses) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162407): https://lists.openembedded.org/g/openembedded-core/message/162407 Mute This Topic: https://lists.openembedded.org/mt/89392672/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3] systemd: move systemd shared library into its own package
From: Stefan Herbrechtsmeier Move the systemd shared library (libsystemd-shared.so) into its own package to prevent a runtime dependency from udev package to systemd package and thereby to a second init manager. Signed-off-by: Stefan Herbrechtsmeier --- Changes in v3: - Add libdir to INSANE_SKIP for libsystemd-shared package Changes in v2: - Fix SUMMARY override meta/recipes-core/systemd/systemd_250.3.bb | 6 ++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-core/systemd/systemd_250.3.bb b/meta/recipes-core/systemd/systemd_250.3.bb index 9121333f56..31c5c55c3f 100644 --- a/meta/recipes-core/systemd/systemd_250.3.bb +++ b/meta/recipes-core/systemd/systemd_250.3.bb @@ -371,6 +371,7 @@ PACKAGE_BEFORE_PN = "\ ${PN}-journal-remote \ ${PN}-extra-utils \ ${PN}-udev-rules \ +libsystemd-shared \ udev \ udev-hwdb \ " @@ -387,6 +388,8 @@ DESCRIPTION:${PN}-journal-upload = "systemd-journal-upload uploads journal entri SUMMARY:${PN}-journal-remote = "Receive journal messages over the network" DESCRIPTION:${PN}-journal-remote = "systemd-journal-remote is a command to receive serialized journal events and store them to journal files." +SUMMARY:libsystemd-shared = "Systemd shared library" + SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfmt', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ @@ -653,6 +656,9 @@ RRECOMMENDS:${PN} += "systemd-extra-utils \ INSANE_SKIP:${PN} += "dev-so libdir" INSANE_SKIP:${PN}-dbg += "libdir" INSANE_SKIP:${PN}-doc += " libdir" +INSANE_SKIP:libsystemd-shared += "libdir" + +FILES:libsystemd-shared = "${rootlibexecdir}/systemd/libsystemd-shared*.so" RPROVIDES:udev = "hotplug" -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162406): https://lists.openembedded.org/g/openembedded-core/message/162406 Mute This Topic: https://lists.openembedded.org/mt/89391009/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] zip: modify when match.S is built
Use the correct $CPP to test if *.S are buildable, but do not build match.S because it is not PIC code. Signed-off-by: Joe Slater --- .../0001-configure-use-correct-CPP.patch | 47 +++ ...002-configure-support-PIC-code-build.patch | 34 ++ meta/recipes-extended/zip/zip_3.0.bb | 2 + 3 files changed, 83 insertions(+) create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch create mode 100644 meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch new file mode 100644 index 00..02253f968c --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch @@ -0,0 +1,47 @@ +From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001 +From: Joe Slater +Date: Thu, 24 Feb 2022 17:36:59 -0800 +Subject: [PATCH 1/2] configure: use correct CPP + +configure uses CPP to test that two assembler routines +can be built. Unfortunately, it will use /usr/bin/cpp +if it exists, invalidating the tests. We use the $CC +passed to configure. + +Upstream-Status: Inappropriate [openembedded specific] + +Signed-off-by: Joe Slater +--- + unix/configure | 15 +-- + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 73ba803..7e21070 100644 +--- a/unix/configure b/unix/configure +@@ -220,13 +220,16 @@ fi + echo Check for the C preprocessor + # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp. + CPP="${CC} -E" ++ ++# We should not change CPP for yocto builds. ++# + # solaris as(1) needs -P, maybe others as well ? +-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P" +-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp +-[ -f /lib/cpp ] && CPP=/lib/cpp +-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp +-[ -f /xenix ] && CPP="${CC} -E" +-[ -f /lynx.os ] && CPP="${CC} -E" ++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P" ++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp ++# [ -f /lib/cpp ] && CPP=/lib/cpp ++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp ++# [ -f /xenix ] && CPP="${CC} -E" ++# [ -f /lynx.os ] && CPP="${CC} -E" + + echo "#include " > conftest.c + $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E" +-- +2.24.1 + diff --git a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch new file mode 100644 index 00..6e0879616a --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch @@ -0,0 +1,34 @@ +From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001 +From: Joe Slater +Date: Thu, 24 Feb 2022 17:46:03 -0800 +Subject: [PATCH 2/2] configure: support PIC code build + +Disable building match.S. The code requires +relocation in .text. + +Upstream-Status: Inappropriate [openembedded specific] + +Signed-off-by: Joe Slater +--- + unix/configure | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 7e21070..1bc698b 100644 +--- a/unix/configure b/unix/configure +@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then + if test ! -s _match.s || grep error < _match.s > /dev/null; then + : + elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then +-CFLAGS="${CFLAGS} -DASMV" +-OBJA="match.o" ++# disable match.S for PIC code ++# CFLAGS="${CFLAGS} -DASMV" ++# OBJA="match.o" + echo "int foo() { return 0;}" > conftest.c + $CC -c conftest.c >/dev/null 2>/dev/null + echo Check if compiler generates underlines +-- +2.24.1 + diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index 18b5d8648e..f8e0b6e259 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -14,6 +14,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://fix-security-format.patch \ file://10-remove-build-date.patch \ file://zipnote-crashes-with-segfault.patch \ + file://0001-configure-use-correct-CPP.patch \ + file://0002-configure-support-PIC-code-build.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" -- 2.24.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162405): https://lists.openembedded.org/g/openembedded-core/message/162405 Mute This Topic: https://lists.openembedded.org/mt/89390793/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] bitbake.conf: add ssh-keygen to HOSTTOOLS_NONFATAL
On Fri, 2022-02-18 at 08:35 +0100, Markus Volk wrote: > Gnome Seahorse needs an external ssh-keygen to build and there is no provider > for it in yocto/oe. openssh-native is not allowed to build and if allowed > there > are problems building it with '--enable-pam'. > > 'ssh' is already set to be added as a HOSTTOOL when it is found. > This commit also adds ssh-keygen. > > Signed-off-by: Markus Volk > --- > meta/conf/bitbake.conf | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf > index fba99e8f0c..15ea0bc29e 100644 > --- a/meta/conf/bitbake.conf > +++ b/meta/conf/bitbake.conf > @@ -499,7 +499,7 @@ HOSTTOOLS += " \ > HOSTTOOLS += "${@'ip ping ps scp ssh stty' if > (bb.utils.contains_any('IMAGE_CLASSES', 'testimage testsdk', True, False, d) > or any(x in (d.getVar("BBINCLUDED") or "") for x in ["testimage.bbclass", > "testsdk.bbclass"])) else ''}" > > # Link to these if present > -HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp > socat ssh sudo" > +HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp > socat ssh ssh-keygen sudo" > Does it actually need to generate keys or is it just checking for the presence of the tool? I'm not a big fan of adding new tools like this, particularly as this could still cause a deterministic build issue... Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162404): https://lists.openembedded.org/g/openembedded-core/message/162404 Mute This Topic: https://lists.openembedded.org/mt/89228328/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] kernel-devsrc: do not copy Module.symvers file during install
When CONFIG_MODULES is not enabled in kernel config - Module.symvers generation is not done, which causes the file not to be created. This fails later in do_install() due to the fact that copy command in executed for non-existing Module.symvers file. Check for Module.symvers existence before copy command in executed. Change-Id: Ie7c0ca5d139d49e1cf8f3cb343aef7905389a761 Signed-off-by: Oleksandr Ocheretnyi --- meta/recipes-kernel/linux/kernel-devsrc.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index cccf06e12c..8d360ed3f3 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -72,7 +72,9 @@ do_install() { ( cd ${B} - cp Module.symvers $kerneldir/build + if [ -s Module.symvers ]; then + cp Module.symvers $kerneldir/build + fi cp System.map* $kerneldir/build if [ -s Module.markers ]; then cp Module.markers $kerneldir/build -- 2.26.2.Cisco -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162403): https://lists.openembedded.org/g/openembedded-core/message/162403 Mute This Topic: https://lists.openembedded.org/mt/89390164/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v3 00/32] Python PEP-517: build wheels and install with pip
On Fri, 2022-02-25 at 14:27 +0100, Konrad Weihmann wrote: > > On 25.02.22 14:16, Richard Purdie wrote: > > On Thu, 2022-02-24 at 16:52 +0100, Konrad Weihmann wrote: > > > I got a kind of general question about this patch series and all the > > > followups: is this still considered to go into the next release? > > > > It is still being considered, yes. > > > > > I'm a bit worried about the fallout of this pretty invasive change - > > > even though I see that at some point it needs to be done. > > > > > > My understanding is that the "classic" way will stop with Python 3.12, > > > which doesn't apply to next LTS release - as this will likely remain on > > > 3.10. > > > Only downside will be that manual helper files for updates of packages > > > that are lacking a setup.py needs to be provided (there are already a > > > few examples how to do it) - not a big deal if you'd ask me. > > > > > > So what's the stand of the project regarding this issue - also keeping > > > in mind that I think it's already past feature freeze? > > > > This is a tough one to make a decision on and I am conflicted. The change > > was > > flagged up a while ago and has been regularly talked about. It is also > > something > > we all agree will have to happen at some point. > > > > The change is late and has issues but there was a base patchset sent before > > the > > freeze deadline. > > > > This isn't the final release point, it is the point where we stop taking new > > invasive changes and stabilise and I think it important to keep that in > > mind. > > > > Stepping back and thinking about the big picture (and e.g. the ability to > > take > > security fixes into the LTS), I'm leaning towards trying to get it in. One > > other > > consideration is having large delta between the LTS and onging development > > and > > I'd prefer to minimise this particular difference if it is practical to do > > so. > > Your argumentation does make sense, but I have to disagree on this > particular point. > The using pip as the default installer and therefore wheels is something > that will never (hopefully) get backported, so bringing this change in > automatically builds up a huge delta to any other branch - thus here you > would create a situation that (I agree) should be avoided. > > Also moving around a few classes and recipe between core and > meta-python, will either bind users to including meta-python in every > setup or will create situation were people will try to work around these > changes. > > I see that this feature has been promised - and it might be bad for the > project's reputation to drop it - still if one would ask me, I would > prefer to delay it to the next release. > One potential option would be to offer that one (once mature and tested > will a broad set of layers) as a mixin-layer, which then could be used > with kirkstone LTS It is a tough call without a right answer and one I ultimately have to make based on experience and judgement weighing up the pros and cons. I did just merge the series as I do think it is now about as ready as things get without merging and exposing to the wider userbase. We do have time before release. FWIW the distutils classes have been showing warnings for a while now so it shouldn't surprise anyone that they've been removed, that was planned regardless of the other changes. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162402): https://lists.openembedded.org/g/openembedded-core/message/162402 Mute This Topic: https://lists.openembedded.org/mt/89324642/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/3] python3-numpy: Fix pyc determinism issue
Using frozenset causes problems for pyc file determinism. For now remove the problematic pyc file as we do in the main python3 recipe. Signed-off-by: Richard Purdie --- meta/recipes-devtools/python/python3-numpy_1.22.2.bb | 9 + 1 file changed, 9 insertions(+) diff --git a/meta/recipes-devtools/python/python3-numpy_1.22.2.bb b/meta/recipes-devtools/python/python3-numpy_1.22.2.bb index d2b2f3e38d5..43e7427eab5 100644 --- a/meta/recipes-devtools/python/python3-numpy_1.22.2.bb +++ b/meta/recipes-devtools/python/python3-numpy_1.22.2.bb @@ -30,6 +30,15 @@ do_compile:prepend() { export NPY_DISABLE_SVML=1 } +# Unfortunately the following pyc files are non-deterministc due to 'frozenset' +# being written without strict ordering, even with PYTHONHASHSEED = 0 +# Upstream is discussing ways to solve the issue properly, until then let's +# just not install the problematic files. +# More info: http://benno.id.au/blog/2013/01/15/python-determinism +do_install:append() { + rm ${D}${PYTHON_SITEPACKAGES_DIR}/numpy/typing/tests/data/pass/__pycache__/literal.cpython* +} + FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/numpy/core/lib/*.a ${PYTHON_SITEPACKAGES_DIR}/numpy/random/lib/*.a" # install what is needed for numpy.test() -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162401): https://lists.openembedded.org/g/openembedded-core/message/162401 Mute This Topic: https://lists.openembedded.org/mt/89389652/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/3] python-pip: Improve reproducibility
Pip installed wheels are not reproducible currently. The direct_url files encode an installation path and the installed wheels compile the python files at their location, not their final install location which is incorrect. To fix this, simply disable the direct_urls and pass the "root" to the python compile function to strip that path out of the compiled files. Signed-off-by: Richard Purdie --- .../python/python3-pip/reproducible.patch | 74 +++ .../python/python3-pip_22.0.3.bb | 1 + 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pip/reproducible.patch diff --git a/meta/recipes-devtools/python/python3-pip/reproducible.patch b/meta/recipes-devtools/python/python3-pip/reproducible.patch new file mode 100644 index 000..538bb94f7ad --- /dev/null +++ b/meta/recipes-devtools/python/python3-pip/reproducible.patch @@ -0,0 +1,74 @@ +Pip installed wheels are not reproducible currently. The direct_url +files encode an installation path and the installed wheels compile +the python files at their location, not their final install location +which is incorrect. + +To fix this, simply disable the direct_urls and pass the "root" to +the python compile function to strip that path out of the compiled +files. + +A version of this patch, perhaps stripping root from the direct_urls +may be something that could be considered by upstream. + +Signed-off-by: Richard Purdie + +Upstream-Status: Pending + +Index: pip-22.0.3/src/pip/_internal/req/req_install.py +=== +--- pip-22.0.3.orig/src/pip/_internal/req/req_install.py pip-22.0.3/src/pip/_internal/req/req_install.py +@@ -758,7 +758,9 @@ class InstallRequirement: + if self.is_wheel: + assert self.local_file_path + direct_url = None +-if self.editable: ++if '_PYTHON_SYSCONFIGDATA_NAME' in os.environ: ++direct_url = None ++elif self.editable: + direct_url = direct_url_for_editable(self.unpacked_source_directory) + elif self.original_link: + direct_url = direct_url_from_link( +@@ -775,6 +777,7 @@ class InstallRequirement: + warn_script_location=warn_script_location, + direct_url=direct_url, + requested=self.user_supplied, ++root=root, + ) + self.install_succeeded = True + return +Index: pip-22.0.3/src/pip/_internal/operations/install/wheel.py +=== +--- pip-22.0.3.orig/src/pip/_internal/operations/install/wheel.py pip-22.0.3/src/pip/_internal/operations/install/wheel.py +@@ -436,6 +436,7 @@ def _install_wheel( + warn_script_location: bool = True, + direct_url: Optional[DirectUrl] = None, + requested: bool = False, ++root: str = None, + ) -> None: + """Install a wheel. + +@@ -612,7 +613,7 @@ def _install_wheel( + with warnings.catch_warnings(): + warnings.filterwarnings("ignore") + for path in pyc_source_file_paths(): +-success = compileall.compile_file(path, force=True, quiet=True) ++success = compileall.compile_file(path, force=True, quiet=True, stripdir=root) + if success: + pyc_path = pyc_output_path(path) + assert os.path.exists(pyc_path) +@@ -723,6 +724,7 @@ def install_wheel( + warn_script_location: bool = True, + direct_url: Optional[DirectUrl] = None, + requested: bool = False, ++root: str = None, + ) -> None: + with ZipFile(wheel_path, allowZip64=True) as z: + with req_error_context(req_description): +@@ -735,4 +737,5 @@ def install_wheel( + warn_script_location=warn_script_location, + direct_url=direct_url, + requested=requested, ++root=root, + ) diff --git a/meta/recipes-devtools/python/python3-pip_22.0.3.bb b/meta/recipes-devtools/python/python3-pip_22.0.3.bb index e02ea5bd3d2..7eb9fb69ba4 100644 --- a/meta/recipes-devtools/python/python3-pip_22.0.3.bb +++ b/meta/recipes-devtools/python/python3-pip_22.0.3.bb @@ -14,6 +14,7 @@ DEPENDS:append:class-native = " unzip-native" SRC_URI += "file://0001-change-shebang-to-python3.patch" SRC_URI += "file://no_shebang_mangling.patch" +SRC_URI += "file://reproducible.patch" SRC_URI[sha256sum] = "f29d589df8c8ab99c060e68ad294c4a9ed896624f6368c5349d70aa581b333d0" -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162399): https://lists.openembedded.org/g/openembedded-core/message/162399 Mute This Topic: https://lists.openembedded.org/mt/89389650/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe:
[OE-core] [PATCH 2/3] pip_install_wheel: Recompile modified files
If we modify the file, we need to recompile the pyc files since the file hash has changed. This would otherwise result in reproducibility failrues. Signed-off-by: Richard Purdie --- meta/classes/pip_install_wheel.bbclass | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/classes/pip_install_wheel.bbclass b/meta/classes/pip_install_wheel.bbclass index f0312e0b1eb..8a848c0ebab 100644 --- a/meta/classes/pip_install_wheel.bbclass +++ b/meta/classes/pip_install_wheel.bbclass @@ -32,6 +32,11 @@ pip_install_wheel_do_install () { sed -i -e "1s,#!.*nativepython3,#!${USRBINPATH}/env ${PIP_INSTALL_PYTHON}," $i sed -i -e "s:${PYTHON}:${USRBINPATH}/env\ ${PIP_INSTALL_PYTHON}:g" $i sed -i -e "s:${STAGING_BINDIR_NATIVE}:${bindir}:g" $i +# Recompile after modifying it +cd ${D} +file=`echo $i | sed 's:^${D}/::'` +${STAGING_BINDIR_NATIVE}/python3-native/python3 -c "from py_compile import compile; compile('$file')" +cd - fi done } -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162400): https://lists.openembedded.org/g/openembedded-core/message/162400 Mute This Topic: https://lists.openembedded.org/mt/89389651/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/3] insane: use HOST_ variables, not TARGET_ to determine the cross system
On Fri, 25 Feb 2022 at 15:30, Ross Burton wrote: > > -target_os = d.getVar('TARGET_OS') > > -target_arch = d.getVar('TARGET_ARCH') > > +target_os = d.getVar('HOST_OS') > > +target_arch = d.getVar('HOST_ARCH') > > provides = d.getVar('PROVIDES') > > bpn = d.getVar('BPN') > > Interestingly I was just looking at this code. Does this change mean > we can remove the skipping of nativesdk recipes in the arch check? I don't know, the only answer I have is 'patches welcome' :) Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162398): https://lists.openembedded.org/g/openembedded-core/message/162398 Mute This Topic: https://lists.openembedded.org/mt/89366545/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/3] insane: use HOST_ variables, not TARGET_ to determine the cross system
On Thu, 24 Feb 2022 at 15:03, Alexander Kanavin wrote: > Almost everywhere those are the same, except when making a cross toolchain > where HOST_ is where it's going to run, and TARGET_ is what it's going to > produce. > > Signed-off-by: Alexander Kanavin > --- > meta/classes/insane.bbclass | 8 > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass > index 4fc3c06c64..890e865a8f 100644 > --- a/meta/classes/insane.bbclass > +++ b/meta/classes/insane.bbclass > @@ -325,8 +325,8 @@ def package_qa_check_arch(path,name,d, elf, messages): > if not elf: > return > > -target_os = d.getVar('TARGET_OS') > -target_arch = d.getVar('TARGET_ARCH') > +target_os = d.getVar('HOST_OS') > +target_arch = d.getVar('HOST_ARCH') > provides = d.getVar('PROVIDES') > bpn = d.getVar('BPN') Interestingly I was just looking at this code. Does this change mean we can remove the skipping of nativesdk recipes in the arch check? Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162397): https://lists.openembedded.org/g/openembedded-core/message/162397 Mute This Topic: https://lists.openembedded.org/mt/89366545/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 50/50] grub: add a fix for a crash in scripts
From: Marta Rybczynska This patch adds a fix for a crash in grub's script handling. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...void-crash-when-using-outside-a-func.patch | 37 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch diff --git a/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch b/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch new file mode 100644 index 00..84117a9073 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch @@ -0,0 +1,37 @@ +From df2505c4c3cf42b0c419c99a5f9e1ce63e5a5938 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 11 Jan 2021 17:30:42 +1100 +Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a + function scope + +"$#" represents the number of arguments to a function. It is only +defined in a function scope, where "scope" is non-NULL. Currently, +if we attempt to evaluate "$#" outside a function scope, "scope" will +be NULL and we will crash with a NULL pointer dereference. + +Do not attempt to count arguments for "$#" if "scope" is NULL. This +will result in "$#" being interpreted as an empty string if evaluated +outside a function scope. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fe0586347ee46f927ae27bb9673532da9f5dead5] +Signed-off-by: Marta Rybczynska +--- + grub-core/script/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 5ea2aef..23d34bd 100644 +--- a/grub-core/script/execute.c b/grub-core/script/execute.c +@@ -485,7 +485,7 @@ gettext_putvar (const char *str, grub_size_t len, + return 0; + + /* Enough for any number. */ +- if (len == 1 && str[0] == '#') ++ if (len == 1 && str[0] == '#' && scope != NULL) + { + grub_snprintf (*ptr, 30, "%u", scope->argv.argc); + *ptr += grub_strlen (*ptr); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 0454b09d52..75ef31f249 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -92,6 +92,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \ file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \ file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \ + file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162396): https://lists.openembedded.org/g/openembedded-core/message/162396 Mute This Topic: https://lists.openembedded.org/mt/89389068/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 47/50] grub: fix incorrect use of a negative value
From: Marta Rybczynska This patch adds a fix for an incorrect use of a negative value in grub's util/glue-efi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...x-incorrect-use-of-a-possibly-negati.patch | 50 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch diff --git a/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch b/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch new file mode 100644 index 00..66d7c0aa42 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch @@ -0,0 +1,50 @@ +From e301a0f38a2130eb80f346c31e43bf5089af583c Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 15:04:28 + +Subject: [PATCH] util/glue-efi: Fix incorrect use of a possibly negative value + +It is possible for the ftell() function to return a negative value, +although it is fairly unlikely here, we should be checking for +a negative value before we assign it to an unsigned value. + +Fixes: CID 73744 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72] +Signed-off-by: Marta Rybczynska +--- + util/glue-efi.c | 14 -- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/util/glue-efi.c b/util/glue-efi.c +index 68f5316..de0fa6d 100644 +--- a/util/glue-efi.c b/util/glue-efi.c +@@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char *out_filename, + struct grub_macho_fat_header head; + struct grub_macho_fat_arch arch32, arch64; + grub_uint32_t size32, size64; ++ long size; + char *buf; + + fseek (in32, 0, SEEK_END); +- size32 = ftell (in32); ++ size = ftell (in32); ++ if (size < 0) ++grub_util_error ("cannot get end of input file '%s': %s", ++ name32, strerror (errno)); ++ size32 = (grub_uint32_t) size; + fseek (in32, 0, SEEK_SET); ++ + fseek (in64, 0, SEEK_END); +- size64 = ftell (in64); ++ size = ftell (in64); ++ if (size < 0) ++grub_util_error ("cannot get end of input file '%s': %s", ++ name64, strerror (errno)); ++ size64 = (grub_uint64_t) size; + fseek (in64, 0, SEEK_SET); + + head.magic = grub_cpu_to_le32_compile_time (GRUB_MACHO_FAT_EFI_MAGIC); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index a1fbc5e644..2f230065b2 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -89,6 +89,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \ file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \ file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \ + file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162393): https://lists.openembedded.org/g/openembedded-core/message/162393 Mute This Topic: https://lists.openembedded.org/mt/89389064/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 49/50] grub: avoid a NULL pointer dereference
From: Marta Rybczynska This patch adds a fix for a NULL pointer dereference in grub's commands/ls. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ire-device_name-is-not-NULL-before-p.patch | 33 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch diff --git a/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch new file mode 100644 index 00..5a327fe1d2 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch @@ -0,0 +1,33 @@ +From dd82f98fa642907817f59aeaf3761b786898df85 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 11 Jan 2021 16:57:37 +1100 +Subject: [PATCH] commands/ls: Require device_name is not NULL before printing + +This can be triggered with: + ls -l (0 0*) +and causes a NULL deref in grub_normal_print_device_info(). + +I'm not sure if there's any implication with the IEEE 1275 platform. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6afbe6063c95b827372f9ec310c9fc7461311eb1] +Signed-off-by: Marta Rybczynska +--- + grub-core/commands/ls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c +index 5b7491a..326d2d6 100644 +--- a/grub-core/commands/ls.c b/grub-core/commands/ls.c +@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human) + goto fail; + } + +- if (! *path) ++ if (! *path && device_name) + { + if (grub_errno == GRUB_ERR_UNKNOWN_FS) + grub_errno = GRUB_ERR_NONE; diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 84b8b8d1be..0454b09d52 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -91,6 +91,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \ file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \ file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \ + file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162395): https://lists.openembedded.org/g/openembedded-core/message/162395 Mute This Topic: https://lists.openembedded.org/mt/89389067/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 48/50] grub: add a fix for a NULL pointer dereference
From: Marta Rybczynska This patch adds a fix for a NULL pointer dereference in grub's script/execute. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ix-NULL-dereference-in-grub_script_e.patch | 28 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch diff --git a/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch b/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch new file mode 100644 index 00..b279222fff --- /dev/null +++ b/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch @@ -0,0 +1,28 @@ +From f5fb56954e5926ced42a980c3e0842ffd5fea2aa Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 3 Apr 2020 23:05:13 +1100 +Subject: [PATCH] script/execute: Fix NULL dereference in + grub_script_execute_cmdline() + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=41ae93b2e6c75453514629bcfe684300e3aec0ce] +Signed-off-by: Marta Rybczynska +--- + grub-core/script/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index 7e028e1..5ea2aef 100644 +--- a/grub-core/script/execute.c b/grub-core/script/execute.c +@@ -940,7 +940,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) + struct grub_script_argv argv = { 0, 0, 0 }; + + /* Lookup the command. */ +- if (grub_script_arglist_to_argv (cmdline->arglist, ) || ! argv.args[0]) ++ if (grub_script_arglist_to_argv (cmdline->arglist, ) || ! argv.args || ! argv.args[0]) + return grub_errno; + + for (i = 0; i < argv.argc; i++) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 2f230065b2..84b8b8d1be 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -90,6 +90,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \ file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \ file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \ + file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162394): https://lists.openembedded.org/g/openembedded-core/message/162394 Mute This Topic: https://lists.openembedded.org/mt/89389066/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 46/50] grub: add a fix for an incorrect cast
From: Marta Rybczynska This patch adds a fix for incorrect casting from signed to unsigned in grub's util/grub-editenv. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...v-Fix-incorrect-casting-of-a-signed-.patch | 46 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch diff --git a/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch b/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch new file mode 100644 index 00..0cd8ec3611 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch @@ -0,0 +1,46 @@ +From 3d68daf2567aace4b52bd238cfd4a8111af3bc04 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 14:33:50 + +Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value + +The return value of ftell() may be negative (-1) on error. While it is +probably unlikely to occur, we should not blindly cast to an unsigned +value without first testing that it is not negative. + +Fixes: CID 73856 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5dc41edc4eba259c6043ae7698c245ec1baaacc6] +Signed-off-by: Marta Rybczynska +--- + util/grub-editenv.c | 8 +++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/util/grub-editenv.c b/util/grub-editenv.c +index f3662c9..db6f187 100644 +--- a/util/grub-editenv.c b/util/grub-editenv.c +@@ -125,6 +125,7 @@ open_envblk_file (const char *name) + { + FILE *fp; + char *buf; ++ long loc; + size_t size; + grub_envblk_t envblk; + +@@ -143,7 +144,12 @@ open_envblk_file (const char *name) + grub_util_error (_("cannot seek `%s': %s"), name, +strerror (errno)); + +- size = (size_t) ftell (fp); ++ loc = ftell (fp); ++ if (loc < 0) ++grub_util_error (_("cannot get file location `%s': %s"), name, ++ strerror (errno)); ++ ++ size = (size_t) loc; + + if (fseek (fp, 0, SEEK_SET) < 0) + grub_util_error (_("cannot seek `%s': %s"), name, diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 7ca0b469e9..a1fbc5e644 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -88,6 +88,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \ file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \ file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \ + file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162392): https://lists.openembedded.org/g/openembedded-core/message/162392 Mute This Topic: https://lists.openembedded.org/mt/89389061/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 45/50] grub: add a fix for NULL pointer dereference
From: Marta Rybczynska This patch adds a fix for a NULL pointer dereference in grub's util/grub-install. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...nstall-Fix-NULL-pointer-dereferences.patch | 41 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch diff --git a/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch b/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch new file mode 100644 index 00..ea563a41a0 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch @@ -0,0 +1,41 @@ +From 5d2dd0052474a882a22e47cc8c3ed87a01819f6b Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Thu, 25 Feb 2021 18:35:01 +0100 +Subject: [PATCH] util/grub-install: Fix NULL pointer dereferences + +Two grub_device_open() calls does not have associated NULL checks +for returned values. Fix that and appease the Coverity. + +Fixes: CID 314583 + +Signed-off-by: Daniel Kiper +Reviewed-by: Javier Martinez Canillas + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b3a95655b4391122e7b0315d8cc6f876caf8183] +Signed-off-by: Marta Rybczynska +--- + util/grub-install.c | 4 + 1 file changed, 4 insertions(+) + +diff --git a/util/grub-install.c b/util/grub-install.c +index a82725f..367350f 100644 +--- a/util/grub-install.c b/util/grub-install.c +@@ -1775,6 +1775,8 @@ main (int argc, char *argv[]) + fill_core_services (core_services); + + ins_dev = grub_device_open (install_drive); ++if (ins_dev == NULL) ++ grub_util_error ("%s", grub_errmsg); + + bless (ins_dev, core_services, 0); + +@@ -1875,6 +1877,8 @@ main (int argc, char *argv[]) + fill_core_services(core_services); + + ins_dev = grub_device_open (install_drive); ++if (ins_dev == NULL) ++ grub_util_error ("%s", grub_errmsg); + + bless (ins_dev, boot_efi, 1); + if (!removable && update_nvram) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index fad7415e0d..7ca0b469e9 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -87,6 +87,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0038-loader-xnu-Fix-memory-leak.patch \ file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \ file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \ + file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162391): https://lists.openembedded.org/g/openembedded-core/message/162391 Mute This Topic: https://lists.openembedded.org/mt/89389060/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 44/50] grub: add a check for a NULL pointer
From: Marta Rybczynska This patch adds a check for a NULL pointer before use in grub's loader/xnu. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...k-if-pointer-is-NULL-before-using-it.patch | 42 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch diff --git a/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch b/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch new file mode 100644 index 00..8081f7763a --- /dev/null +++ b/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch @@ -0,0 +1,42 @@ +From 778a3fffd19229e5650a1abfb06c974949991cd4 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 30 Nov 2020 10:36:00 -0300 +Subject: [PATCH] loader/xnu: Check if pointer is NULL before using it + +Fixes: CID 73654 + +Signed-off-by: Paulo Flabiano Smorigo +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7c8a2b5d1421a0f2a33d33531f7561f3da93b844] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/xnu.c | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 39ceff8..adc048c 100644 +--- a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +@@ -667,6 +667,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + char *name, *nameend; + int namelen; + ++ if (infoplistname == NULL) ++return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing p-list filename")); ++ + name = get_name_ptr (infoplistname); + nameend = grub_strchr (name, '/'); + +@@ -698,10 +701,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile, + else + macho = 0; + +- if (infoplistname) +-infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); +- else +-infoplist = 0; ++ infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST); + grub_errno = GRUB_ERR_NONE; + if (infoplist) + { diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index eebe9a7233..fad7415e0d 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -86,6 +86,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ file://0038-loader-xnu-Fix-memory-leak.patch \ file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \ + file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162390): https://lists.openembedded.org/g/openembedded-core/message/162390 Mute This Topic: https://lists.openembedded.org/mt/89389059/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 43/50] grub: avoid a memory leak
From: Marta Rybczynska This patch fixes a memory leak in grub's loader/xnu when an error is detected in grub_xnu_writetree_toheap(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...driverkey-data-when-an-error-is-dete.patch | 77 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 78 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch diff --git a/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch b/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch new file mode 100644 index 00..f9ad0fc34c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch @@ -0,0 +1,77 @@ +From 81117a77a9e945ee5e7c1f12bd5667e2a16cbe32 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Mon, 30 Nov 2020 12:18:24 -0300 +Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in + grub_xnu_writetree_toheap() + +... to avoid memory leaks. + +Fixes: CID 96640 + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4b4027b6b1c877d7ab467896b04c7bd1aadcfa15] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/xnu.c | 24 + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index b3029a8..39ceff8 100644 +--- a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +@@ -224,26 +224,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) + if (! memorymap) + return grub_errno; + +- driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey)); ++ driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey)); + if (! driverkey) + return grub_errno; + driverkey->name = grub_strdup ("DeviceTree"); + if (! driverkey->name) +-return grub_errno; ++{ ++ err = grub_errno; ++ goto fail; ++} ++ + driverkey->datasize = sizeof (*extdesc); + driverkey->next = memorymap->first_child; + memorymap->first_child = driverkey; + driverkey->data = extdesc + = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc)); + if (! driverkey->data) +-return grub_errno; ++{ ++ err = grub_errno; ++ goto fail; ++} + + /* Allocate the space based on the size with dummy value. */ + *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/"); + err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE), + , target); + if (err) +-return err; ++goto fail; + + /* Put real data in the dummy. */ + extdesc->addr = *target; +@@ -252,6 +259,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size) + /* Write the tree to heap. */ + grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/"); + return GRUB_ERR_NONE; ++ ++ fail: ++ memorymap->first_child = NULL; ++ ++ grub_free (driverkey->data); ++ grub_free (driverkey->name); ++ grub_free (driverkey); ++ ++ return err; + } + + /* Find a key or value in parent key. */ diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index c9e7a06a3f..eebe9a7233 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -85,6 +85,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ file://0038-loader-xnu-Fix-memory-leak.patch \ + file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162389): https://lists.openembedded.org/g/openembedded-core/message/162389 Mute This Topic: https://lists.openembedded.org/mt/89389058/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 42/50] grub: add a fix for a memory leak
From: Marta Rybczynska This patch adds a fix for a memory leak in grub's loader/xnu. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- .../0038-loader-xnu-Fix-memory-leak.patch | 38 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch diff --git a/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch new file mode 100644 index 00..41f09a22fc --- /dev/null +++ b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch @@ -0,0 +1,38 @@ +From 0a4aa7c16f65cdfaa1013f0796afa929f8d6dc1a Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 12:53:10 + +Subject: [PATCH] loader/xnu: Fix memory leak + +The code here is finished with the memory stored in name, but it only +frees it if there curvalue is valid, while it could actually free it +regardless. + +The fix is a simple relocation of the grub_free() to before the test +of curvalue. + +Fixes: CID 96646 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bcb59ece3263d118510c4440c4da0950f224bb7f] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/xnu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 07232d2..b3029a8 100644 +--- a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +@@ -1388,9 +1388,9 @@ grub_xnu_fill_devicetree (void) + name[len] = 0; + + curvalue = grub_xnu_create_value (curkey, name); ++grub_free (name); + if (!curvalue) + return grub_errno; +-grub_free (name); + + data = grub_malloc (grub_strlen (var->value) + 1); + if (!data) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 8b55afccbb..c9e7a06a3f 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -84,6 +84,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ + file://0038-loader-xnu-Fix-memory-leak.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162388): https://lists.openembedded.org/g/openembedded-core/message/162388 Mute This Topic: https://lists.openembedded.org/mt/89389056/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 41/50] grub: fix checking for NULL
From: Marta Rybczynska This patch adds a fix for checking for NULL in grub's loader/bsd. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ader-bsd-Check-for-NULL-arg-up-front.patch | 47 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch diff --git a/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch new file mode 100644 index 00..34643e10ab --- /dev/null +++ b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch @@ -0,0 +1,47 @@ +From 7899384c8fdf9ed96566978c49b0c6e40e70703d Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 21:47:13 + +Subject: [PATCH] loader/bsd: Check for NULL arg up-front + +The code in the next block suggests that it is possible for .set to be +true but .arg may still be NULL. + +This code assumes that it is never NULL, yet later is testing if it is +NULL - that is inconsistent. + +So we should check first if .arg is not NULL, and remove this check that +is being flagged by Coverity since it is no longer required. + +Fixes: CID 292471 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a] +Signed-off-by: Marta Rybczynska +--- + grub-core/loader/i386/bsd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index b92cbe9..8432283 100644 +--- a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +@@ -1605,7 +1605,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + kernel_type = KERNEL_TYPE_OPENBSD; + bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags); + +- if (ctxt->state[OPENBSD_ROOT_ARG].set) ++ if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg != NULL) + { + const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg; + unsigned type, unit, part; +@@ -1622,7 +1622,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[]) + "unknown disk type name"); + + unit = grub_strtoul (arg, (char **) , 10); +- if (! (arg && *arg >= 'a' && *arg <= 'z')) ++ if (! (*arg >= 'a' && *arg <= 'z')) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + "only device specifications of form " + " are supported"); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 1a4be33fca..8b55afccbb 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -83,6 +83,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \ file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ + file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162387): https://lists.openembedded.org/g/openembedded-core/message/162387 Mute This Topic: https://lists.openembedded.org/mt/89389055/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 40/50] grub: remove dead code
From: Marta Rybczynska This patch removes dead code from grub's gfxmenu/gui_list. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...-Remove-code-that-coverity-is-flaggi.patch | 34 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch diff --git a/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch b/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch new file mode 100644 index 00..61e5e5797d --- /dev/null +++ b/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch @@ -0,0 +1,34 @@ +From 9433cb3a37c03f22c2fa769121f1f509fd031ae9 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Mon, 7 Dec 2020 14:44:47 + +Subject: [PATCH] gfxmenu/gui_list: Remove code that coverity is flagging as + dead + +The test of value for NULL before calling grub_strdup() is not required, +since the if condition prior to this has already tested for value being +NULL and cannot reach this code if it is. + +Fixes: CID 73659 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4a1aa5917595650efbd46b581368c470ebee42ab] +Signed-off-by: Marta Rybczynska +--- + grub-core/gfxmenu/gui_list.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c +index 01477cd..df334a6 100644 +--- a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c +@@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const char *value) + { + self->need_to_recreate_boxes = 1; + grub_free (self->selected_item_box_pattern); +- self->selected_item_box_pattern = value ? grub_strdup (value) : 0; ++ self->selected_item_box_pattern = grub_strdup (value); + self->selected_item_box_pattern_inherit = 0; + } + } diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 75782b7eb2..1a4be33fca 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -82,6 +82,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \ file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \ file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ + file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162386): https://lists.openembedded.org/g/openembedded-core/message/162386 Mute This Topic: https://lists.openembedded.org/mt/89389053/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 39/50] grub: test for malformed jpeg files
From: Marta Rybczynska This patch adds a fix for handling malformed JPEG files in grub's video/readers/jpeg. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...eg-Test-for-an-invalid-next-marker-r.patch | 38 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch diff --git a/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch b/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch new file mode 100644 index 00..3fca2aecb5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch @@ -0,0 +1,38 @@ +From 88361a7fd4e481a76e1159a63c9014fa997ef29c Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 15:39:00 + +Subject: [PATCH] video/readers/jpeg: Test for an invalid next marker reference + from a jpeg file + +While it may never happen, and potentially could be caught at the end of +the function, it is worth checking up front for a bad reference to the +next marker just in case of a maliciously crafted file being provided. + +Fixes: CID 73694 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5f5eb7ca8e971227e95745abe541df3e1509360e] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/readers/jpeg.c | 6 ++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 31359a4..0b6ce3c 100644 +--- a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +@@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (next_marker > data->file->size) ++{ ++ /* Should never be set beyond the size of the file. */ ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid next reference"); ++} ++ + while (data->file->offset + sizeof (data->quan_table[id]) + 1 +<= next_marker) + { diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 04c9b4c092..75782b7eb2 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -81,6 +81,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \ file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \ file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \ + file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162385): https://lists.openembedded.org/g/openembedded-core/message/162385 Mute This Topic: https://lists.openembedded.org/mt/89389051/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 38/50] grub: fix a possible integer overflow
From: Marta Rybczynska This patch adds a fix for a possible integer overflow in grub's video/fb/video_fb. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...deo_fb-Fix-possible-integer-overflow.patch | 39 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch diff --git a/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch b/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch new file mode 100644 index 00..c82b2c7df0 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch @@ -0,0 +1,39 @@ +From aac5574ff340a665ccc78d4c3d61596ac67acbbe Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 14:51:30 + +Subject: [PATCH] video/fb/video_fb: Fix possible integer overflow + +It is minimal possibility that the values being used here will overflow. +So, change the code to use the safemath function grub_mul() to ensure +that doesn't happen. + +Fixes: CID 73761 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/fb/video_fb.c | 8 +++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index 1c9a138..ae6b89f 100644 +--- a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info *mode_info, +volatile void *page1_ptr) + { + grub_err_t err; +- grub_size_t page_size = mode_info->pitch * mode_info->height; ++ grub_size_t page_size = 0; ++ ++ if (grub_mul (mode_info->pitch, mode_info->height, _size)) ++{ ++ /* Shouldn't happen, but if it does we've a bug. */ ++ return GRUB_ERR_BUG; ++} + + framebuffer.offscreen_buffer = grub_malloc (page_size); + if (! framebuffer.offscreen_buffer) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 8b5b9e3b3e..04c9b4c092 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -80,6 +80,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \ file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \ file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \ + file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162384): https://lists.openembedded.org/g/openembedded-core/message/162384 Mute This Topic: https://lists.openembedded.org/mt/89389049/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 37/50] grub: fix multiple integer overflows
From: Marta Rybczynska This patch adds a fix for multiple integer overflows in grub's video/fb/video_fb. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...eo_fb-Fix-multiple-integer-overflows.patch | 104 ++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 105 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch diff --git a/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch b/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch new file mode 100644 index 00..544e7f31ae --- /dev/null +++ b/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch @@ -0,0 +1,104 @@ +From 69b91f7466a5ad5fb85039a5b4118efb77ad6347 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 4 Nov 2020 14:43:44 + +Subject: [PATCH] video/fb/video_fb: Fix multiple integer overflows + +The calculation of the unsigned 64-bit value is being generated by +multiplying 2, signed or unsigned, 32-bit integers which may overflow +before promotion to unsigned 64-bit. Fix all of them. + +Fixes: CID 73703, CID 73767, CID 73833 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08e098b1dbf01e96376f594b337491bc4cfa48dd] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/fb/video_fb.c | 52 --- + 1 file changed, 36 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index 1a602c8..1c9a138 100644 +--- a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1417,15 +1418,23 @@ doublebuf_blit_update_screen (void) + { + if (framebuffer.current_dirty.first_line + <= framebuffer.current_dirty.last_line) +-grub_memcpy ((char *) framebuffer.pages[0] +- + framebuffer.current_dirty.first_line +- * framebuffer.back_target->mode_info.pitch, +- (char *) framebuffer.back_target->data +- + framebuffer.current_dirty.first_line +- * framebuffer.back_target->mode_info.pitch, +- framebuffer.back_target->mode_info.pitch +- * (framebuffer.current_dirty.last_line +- - framebuffer.current_dirty.first_line)); ++{ ++ grub_size_t copy_size; ++ ++ if (grub_sub (framebuffer.current_dirty.last_line, ++ framebuffer.current_dirty.first_line, _size) || ++grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, _size)) ++ { ++/* Shouldn't happen, but if it does we've a bug. */ ++return GRUB_ERR_BUG; ++ } ++ ++ grub_memcpy ((char *) framebuffer.pages[0] + framebuffer.current_dirty.first_line * ++ framebuffer.back_target->mode_info.pitch, ++ (char *) framebuffer.back_target->data + framebuffer.current_dirty.first_line * ++ framebuffer.back_target->mode_info.pitch, ++ copy_size); ++} + framebuffer.current_dirty.first_line + = framebuffer.back_target->mode_info.height; + framebuffer.current_dirty.last_line = 0; +@@ -1439,7 +1448,7 @@ grub_video_fb_doublebuf_blit_init (struct grub_video_fbrender_target **back, + volatile void *framebuf) + { + grub_err_t err; +- grub_size_t page_size = mode_info.pitch * mode_info.height; ++ grub_size_t page_size = (grub_size_t) mode_info.pitch * mode_info.height; + + framebuffer.offscreen_buffer = grub_zalloc (page_size); + if (! framebuffer.offscreen_buffer) +@@ -1482,12 +1491,23 @@ doublebuf_pageflipping_update_screen (void) + last_line = framebuffer.previous_dirty.last_line; + + if (first_line <= last_line) +-grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] +- + first_line * framebuffer.back_target->mode_info.pitch, +- (char *) framebuffer.back_target->data +- + first_line * framebuffer.back_target->mode_info.pitch, +- framebuffer.back_target->mode_info.pitch +- * (last_line - first_line)); ++{ ++ grub_size_t copy_size; ++ ++ if (grub_sub (last_line, first_line, _size) || ++grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, _size)) ++ { ++/* Shouldn't happen, but if it does we've a bug. */ ++return GRUB_ERR_BUG; ++ } ++ ++ grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] + first_line * ++ framebuffer.back_target->mode_info.pitch, ++ (char *)
[OE-core][dunfell 36/50] grub: fix an integer overflow
From: Marta Rybczynska This patch adds a fix for a potential integer overflow in grub's video/fb/fbfill. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...bfill-Fix-potential-integer-overflow.patch | 78 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch diff --git a/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch b/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch new file mode 100644 index 00..8165ea3f71 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch @@ -0,0 +1,78 @@ +From 99ecf5a44b99d529a6405fe276bedcefa3657a0a Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 4 Nov 2020 15:10:51 + +Subject: [PATCH] video/fb/fbfill: Fix potential integer overflow + +The multiplication of 2 unsigned 32-bit integers may overflow before +promotion to unsigned 64-bit. We should ensure that the multiplication +is done with overflow detection. Additionally, use grub_sub() for +subtraction. + +Fixes: CID 73640, CID 73697, CID 73702, CID 73823 + +Signed-off-by: Darren Kenny +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/fb/fbfill.c | 17 + + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c +index 11816d0..a37acd1 100644 +--- a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + #include + + /* Generic filler that works for every supported mode. */ +@@ -61,7 +62,9 @@ grub_video_fbfill_direct32 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) || ++ grub_sub (dst->mode_info->pitch, rowskip, )) ++return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -98,7 +101,9 @@ grub_video_fbfill_direct24 (struct grub_video_fbblit_info *dst, + #endif + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) || ++ grub_sub (dst->mode_info->pitch, rowskip, )) ++return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -131,7 +136,9 @@ grub_video_fbfill_direct16 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = (dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width); ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) || ++ grub_sub (dst->mode_info->pitch, rowskip, )) ++return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); +@@ -161,7 +168,9 @@ grub_video_fbfill_direct8 (struct grub_video_fbblit_info *dst, + + /* Calculate the number of bytes to advance from the end of one line + to the beginning of the next line. */ +- rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width; ++ if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) || ++ grub_sub (dst->mode_info->pitch, rowskip, )) ++return; + + /* Get the start address. */ + dstptr = grub_video_fb_get_video_ptr (dst, x, y); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 24a269d90d..710ab5e361 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -78,6 +78,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \ file://0030-commands-hashsum-Fix-a-memory-leak.patch \ file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \ + file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162382):
[OE-core][dunfell 35/50] grub: remove unneeded return value
From: Marta Rybczynska This patch removes an uneeded return value in grub's (static) grub_video_gop_fill_mode_info(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...move-unnecessary-return-value-of-gru.patch | 94 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 95 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch diff --git a/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch b/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch new file mode 100644 index 00..7e4e951245 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch @@ -0,0 +1,94 @@ +From 2a1e5659763790201a342f8a897c8c9d8d91b1cc Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 21:14:31 + +Subject: [PATCH] video/efi_gop: Remove unnecessary return value of + grub_video_gop_fill_mode_info() + +The return value of grub_video_gop_fill_mode_info() is never able to be +anything other than GRUB_ERR_NONE. So, rather than continue to return +a value and checking it each time, it is more correct to redefine the +function to not return anything and remove checks of its return value +altogether. + +Fixes: CID 96701 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fc5951d3b1616055ef81a019a5affc09d13344d0] +Signed-off-by: Marta Rybczynska +--- + grub-core/video/efi_gop.c | 25 ++--- + 1 file changed, 6 insertions(+), 19 deletions(-) + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index 7f9d1c2..db2ee98 100644 +--- a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +@@ -227,7 +227,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode, + return GRUB_ERR_NONE; + } + +-static grub_err_t ++static void + grub_video_gop_fill_mode_info (unsigned mode, + struct grub_efi_gop_mode_info *in, + struct grub_video_mode_info *out) +@@ -252,8 +252,6 @@ grub_video_gop_fill_mode_info (unsigned mode, + out->blit_format = GRUB_VIDEO_BLIT_FORMAT_BGRA_; + out->mode_type |= (GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED +| GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); +- +- return GRUB_ERR_NONE; + } + + static int +@@ -266,7 +264,6 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + grub_efi_uintn_t size; + grub_efi_status_t status; + struct grub_efi_gop_mode_info *info = NULL; +- grub_err_t err; + struct grub_video_mode_info mode_info; + + status = efi_call_4 (gop->query_mode, gop, mode, , ); +@@ -277,12 +274,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + continue; + } + +- err = grub_video_gop_fill_mode_info (mode, info, _info); +- if (err) +- { +-grub_errno = GRUB_ERR_NONE; +-continue; +- } ++ grub_video_gop_fill_mode_info (mode, info, _info); + if (hook (_info, hook_arg)) + return 1; + } +@@ -466,13 +458,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + + info = gop->mode->info; + +- err = grub_video_gop_fill_mode_info (gop->mode->mode, info, +- _info); +- if (err) +-{ +- grub_dprintf ("video", "GOP: couldn't fill mode info\n"); +- return err; +-} ++ grub_video_gop_fill_mode_info (gop->mode->mode, info, ++ _info); + + framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; + framebuffer.offscreen +@@ -486,8 +473,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + { + grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); + grub_errno = 0; +- err = grub_video_gop_fill_mode_info (gop->mode->mode, info, +- _info); ++ grub_video_gop_fill_mode_info (gop->mode->mode, info, ++ _info); + buffer = framebuffer.ptr; + } + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index d18e329b96..24a269d90d 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -77,6 +77,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \ file://0030-commands-hashsum-Fix-a-memory-leak.patch \ + file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \ "
[OE-core][dunfell 34/50] grub: fix a memory leak
From: Marta Rybczynska Add a fix of a memory leak in grub's commands/hashsum. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...0-commands-hashsum-Fix-a-memory-leak.patch | 56 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 57 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch diff --git a/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch b/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch new file mode 100644 index 00..e34a19e12c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch @@ -0,0 +1,56 @@ +From b136fa14d26d1833ffcb852f86e65da5960cfb99 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 1 Dec 2020 23:41:24 + +Subject: [PATCH] commands/hashsum: Fix a memory leak + +check_list() uses grub_file_getline(), which allocates a buffer. +If the hash list file contains invalid lines, the function leaks +this buffer when it returns an error. + +Fixes: CID 176635 + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3] +Signed-off-by: Marta Rybczynska +--- + grub-core/commands/hashsum.c | 15 --- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c +index 456ba90..b8a22b0 100644 +--- a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c +@@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + high = hextoval (*p++); + low = hextoval (*p++); + if (high < 0 || low < 0) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ { ++grub_free (buf); ++return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ } + expected[i] = (high << 4) | low; + } + if ((p[0] != ' ' && p[0] != '\t') || (p[1] != ' ' && p[1] != '\t')) +- return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ { ++grub_free (buf); ++return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list"); ++ } + p += 2; + if (prefix) + { +@@ -140,7 +146,10 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename, + + filename = grub_xasprintf ("%s/%s", prefix, p); + if (!filename) +- return grub_errno; ++ { ++grub_free (buf); ++return grub_errno; ++ } + file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH +| (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS + : GRUB_FILE_TYPE_NONE)); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 1460e559b9..d18e329b96 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -76,6 +76,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \ + file://0030-commands-hashsum-Fix-a-memory-leak.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162380): https://lists.openembedded.org/g/openembedded-core/message/162380 Mute This Topic: https://lists.openembedded.org/mt/89389042/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 33/50] grub: add a fix for a memory leak
From: Marta Rybczynska This patch adds a fix for a memory leak in grub's normal/completion. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...n-Fix-leaking-of-memory-when-process.patch | 52 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch diff --git a/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch new file mode 100644 index 00..8a26e5bc5b --- /dev/null +++ b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch @@ -0,0 +1,52 @@ +From 2367049d2021e00d82d19cee923e06a4b04ebc30 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 4 Dec 2020 18:56:48 + +Subject: [PATCH] normal/completion: Fix leaking of memory when processing a + completion + +It is possible for the code to reach the end of the function without +freeing the memory allocated to argv and argc still to be 0. + +We should always call grub_free(argv). The grub_free() will handle +a NULL argument correctly if it reaches that code without the memory +being allocated. + +Fixes: CID 96672 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9213575b7a95b514bce80be5964a28d407d7d56d] +Signed-off-by: Marta Rybczynska +--- + grub-core/normal/completion.c | 10 -- + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c +index 5961028..46e473c 100644 +--- a/grub-core/normal/completion.c b/grub-core/normal/completion.c +@@ -400,8 +400,8 @@ char * + grub_normal_do_completion (char *buf, int *restore, + void (*hook) (const char *, grub_completion_type_t, int)) + { +- int argc; +- char **argv; ++ int argc = 0; ++ char **argv = NULL; + + /* Initialize variables. */ + match = 0; +@@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore, + + fail: + if (argc != 0) +-{ +- grub_free (argv[0]); +- grub_free (argv); +-} ++grub_free (argv[0]); ++ grub_free (argv); + grub_free (match); + grub_errno = GRUB_ERR_NONE; + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index c965f0fd15..1460e559b9 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -75,6 +75,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ + file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162379): https://lists.openembedded.org/g/openembedded-core/message/162379 Mute This Topic: https://lists.openembedded.org/mt/89389041/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 32/50] grub: add a fix for a memory leak
From: Marta Rybczynska This patch fixes a memory leak in grub's syslinux parsing. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...slinux-Fix-memory-leak-while-parsing.patch | 43 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch diff --git a/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch b/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch new file mode 100644 index 00..d8c21d88f7 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch @@ -0,0 +1,43 @@ +From ea12feb69b6af93c7e2fa03df7ac3bd1f4edd599 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 15:31:53 + +Subject: [PATCH] syslinux: Fix memory leak while parsing + +In syslinux_parse_real() the 2 points where return is being called +didn't release the memory stored in buf which is no longer required. + +Fixes: CID 176634 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=95bc016dba94cab3d398dd74160665915cd08ad6] +Signed-off-by: Marta Rybczynska +--- + grub-core/lib/syslinux_parse.c | 6 +- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +index 4afa992..3acc6b4 100644 +--- a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c +@@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu) + && grub_strncasecmp ("help", ptr3, ptr4 - ptr3) == 0)) + { + if (helptext (ptr5, file, menu)) +- return 1; ++ { ++grub_free (buf); ++return 1; ++ } + continue; + } + +@@ -757,6 +760,7 @@ syslinux_parse_real (struct syslinux_menu *menu) + } + fail: + grub_file_close (file); ++ grub_free (buf); + return err; + } + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index ef409bdd6a..c965f0fd15 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -74,6 +74,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0025-affs-Fix-memory-leaks.patch \ file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ + file://0028-syslinux-Fix-memory-leak-while-parsing.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162378): https://lists.openembedded.org/g/openembedded-core/message/162378 Mute This Topic: https://lists.openembedded.org/mt/89389037/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 31/50] grub: add a fix for a possible NULL dereference
From: Marta Rybczynska This patch adds a fix for a possible NULL dereference in grub's libgcrypt/mpi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...pt-mpi-Fix-possible-NULL-dereference.patch | 33 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch diff --git a/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch b/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch new file mode 100644 index 00..08299d021e --- /dev/null +++ b/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch @@ -0,0 +1,33 @@ +From d26c8771293637b0465f2cb67d97cb58bacc62da Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 10:41:54 + +Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference + +The code in gcry_mpi_scan() assumes that buffer is not NULL, but there +is no explicit check for that, so we add one. + +Fixes: CID 73757 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ae0f3fabeba7b393113d5dc185b6aff9b728136d] +Signed-off-by: Marta Rybczynska +--- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +index 7ecad27..6fe3891 100644 +--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, + unsigned int len; + int secure = (buffer && gcry_is_secure (buffer)); + ++ if (!buffer) ++return gcry_error (GPG_ERR_INV_ARG); ++ + if (format == GCRYMPI_FMT_SSH) + len = 0; + else diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index be35ac04ef..ef409bdd6a 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -73,6 +73,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \ file://0025-affs-Fix-memory-leaks.patch \ file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ + file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162377): https://lists.openembedded.org/g/openembedded-core/message/162377 Mute This Topic: https://lists.openembedded.org/mt/89389036/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 30/50] grub: add a fix for a possible unintended sign extension
From: Marta Rybczynska This patch fixes a possible unintended sign extension in grub's libgcrypt/mpi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...x-possible-unintended-sign-extension.patch | 36 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch diff --git a/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch b/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch new file mode 100644 index 00..f500f1a296 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch @@ -0,0 +1,36 @@ +From 9b16d7bcad1c7fea7f26eb2fb3af1a5ca70ba34e Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 3 Nov 2020 16:43:37 + +Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension + +The array of unsigned char gets promoted to a signed 32-bit int before +it is finally promoted to a size_t. There is the possibility that this +may result in the signed-bit being set for the intermediate signed +32-bit int. We should ensure that the promotion is to the correct type +before we bitwise-OR the values. + +Fixes: CID 96697 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e8814c811132a70f9b55418f7567378a34ad3883] +Signed-off-by: Marta Rybczynska + +--- + grub-core/lib/libgcrypt/mpi/mpicoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +index a3435ed..7ecad27 100644 +--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c +@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, + if (len && len < 4) + return gcry_error (GPG_ERR_TOO_SHORT); + +- n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]); ++ n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]); + s += 4; + if (len) + len -= 4; diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 13e2b1600d..be35ac04ef 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -72,6 +72,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0023-zfs-Fix-possible-integer-overflows.patch \ file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \ file://0025-affs-Fix-memory-leaks.patch \ + file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162376): https://lists.openembedded.org/g/openembedded-core/message/162376 Mute This Topic: https://lists.openembedded.org/mt/89389035/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 29/50] grub: add a fix for a memory leak
From: Marta Rybczynska This patch fixes a memory leak in grub's affs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- .../files/0025-affs-Fix-memory-leaks.patch| 82 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch diff --git a/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch new file mode 100644 index 00..435130516c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch @@ -0,0 +1,82 @@ +From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 12:48:07 + +Subject: [PATCH] affs: Fix memory leaks + +The node structure reference is being allocated but not freed if it +reaches the end of the function. If any of the hooks had returned +a non-zero value, then node would have been copied in to the context +reference, but otherwise node is not stored and should be freed. + +Similarly, the call to grub_affs_create_node() replaces the allocated +memory in node with a newly allocated structure, leaking the existing +memory pointed by node. + +Finally, when dir->parent is set, then we again replace node with newly +allocated memory, which seems unnecessary when we copy in the values +from dir->parent immediately after. + +Fixes: CID 73759 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/affs.c | 18 -- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index 220b371..230e26a 100644 +--- a/grub-core/fs/affs.c b/grub-core/fs/affs.c +@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + { + unsigned int i; + struct grub_affs_file file; +- struct grub_fshelp_node *node = 0; ++ struct grub_fshelp_node *node, *orig_node; + struct grub_affs_data *data = dir->data; + grub_uint32_t *hashtable; + + /* Create the directory entries for `.' and `..'. */ +- node = grub_zalloc (sizeof (*node)); ++ node = orig_node = grub_zalloc (sizeof (*node)); + if (!node) + return 1; + +@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + if (dir->parent) + { +- node = grub_zalloc (sizeof (*node)); +- if (!node) +- return 1; + *node = *dir->parent; + if (hook ("..", GRUB_FSHELP_DIR, node, hook_data)) + return 1; +@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + + if (grub_affs_create_node (dir, hook, hook_data, , , +next, )) +- return 1; ++ { ++/* Node has been replaced in function. */ ++grub_free (orig_node); ++return 1; ++ } + + next = grub_be_to_cpu32 (file.next); + } + } + +- grub_free (hashtable); +- return 0; +- + fail: +- grub_free (node); ++ grub_free (orig_node); + grub_free (hashtable); + return 0; + } diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index a660c069db..13e2b1600d 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -71,6 +71,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \ file://0023-zfs-Fix-possible-integer-overflows.patch \ file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \ + file://0025-affs-Fix-memory-leaks.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162375): https://lists.openembedded.org/g/openembedded-core/message/162375 Mute This Topic: https://lists.openembedded.org/mt/89389034/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 28/50] grub: fix an error check
From: Marta Rybczynska This patch fixes an error check in grub's zfsinfo. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...-a-check-for-error-allocating-memory.patch | 35 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch diff --git a/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch b/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch new file mode 100644 index 00..555dc19168 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch @@ -0,0 +1,35 @@ +From b085da8efda9b81f94aa197ee045226563554fdf Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 26 Nov 2020 10:56:45 + +Subject: [PATCH] zfsinfo: Correct a check for error allocating memory + +While arguably the check for grub_errno is correct, we should really be +checking the return value from the function since it is always possible +that grub_errno was set elsewhere, making this code behave incorrectly. + +Fixes: CID 73668 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7aab03418ec6a9b991aa44416cb2585aff4e7972] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfsinfo.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c +index c8a28ac..bf29180 100644 +--- a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c +@@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ ((unused)), int argc, + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + + devname = grub_file_get_device_name (args[0]); +- if (grub_errno) +-return grub_errno; ++ if (devname == NULL) ++return GRUB_ERR_OUT_OF_MEMORY; + + dev = grub_device_open (devname); + grub_free (devname); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 9158fc7f50..a660c069db 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -70,6 +70,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0021-zfs-Fix-possible-negative-shift-operation.patch \ file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \ file://0023-zfs-Fix-possible-integer-overflows.patch \ + file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162374): https://lists.openembedded.org/g/openembedded-core/message/162374 Mute This Topic: https://lists.openembedded.org/mt/89389033/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 17/50] grub: add a fix for unnecessary assignements
From: Marta Rybczynska Add a fix for unnecessary assignements grub's io/lzopio. This patch is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...e-unnecessary-self-assignment-errors.patch | 41 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch diff --git a/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch b/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch new file mode 100644 index 00..1190b0d090 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch @@ -0,0 +1,41 @@ +From c529ca446424f1a9c64f0007dfe31fa7645d13ac Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 21 Oct 2020 14:44:10 + +Subject: [PATCH] io/lzopio: Resolve unnecessary self-assignment errors + +These 2 assignments are unnecessary since they are just assigning +to themselves. + +Fixes: CID 73643 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=59666e520f44177c97b82a44c169b3b315d63b42] +Signed-off-by: Marta Rybczynska +--- + grub-core/io/lzopio.c | 4 + 1 file changed, 4 deletions(-) + +diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c +index 3014485..a7d4425 100644 +--- a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c +@@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio) + sizeof (lzopio->block.ucheck)) != + sizeof (lzopio->block.ucheck)) + return -1; +- +- lzopio->block.ucheck = lzopio->block.ucheck; + } + + /* Read checksum of compressed data. */ +@@ -143,8 +141,6 @@ read_block_header (struct grub_lzopio *lzopio) + sizeof (lzopio->block.ccheck)) != + sizeof (lzopio->block.ccheck)) + return -1; +- +-lzopio->block.ccheck = lzopio->block.ccheck; + } + } + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 4ddb9fc4f1..1906a28f30 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -59,6 +59,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \ file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \ + file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162363): https://lists.openembedded.org/g/openembedded-core/message/162363 Mute This Topic: https://lists.openembedded.org/mt/89389013/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 27/50] grub: add a fix for possible integer overflows
From: Marta Rybczynska This patch adds a fix for a possible integer overflows in grub's zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...3-zfs-Fix-possible-integer-overflows.patch | 56 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 57 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch diff --git a/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch b/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch new file mode 100644 index 00..8df758b41f --- /dev/null +++ b/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch @@ -0,0 +1,56 @@ +From ec35d862f3567671048aa0d0d8ad1ded1fd25336 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 22:17:04 + +Subject: [PATCH] zfs: Fix possible integer overflows + +In all cases the problem is that the value being acted upon by +a left-shift is a 32-bit number which is then being used in the +context of a 64-bit number. + +To avoid overflow we ensure that the number being shifted is 64-bit +before the shift is done. + +Fixes: CID 73684, CID 73695, CID 73764 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=302c12ff5714bc455949117c1c9548ccb324d55b] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfs.c | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 9087a72..b078ccc 100644 +--- a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +@@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array, + ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array + + ((i << ub_shift) + / sizeof (grub_properly_aligned_t))); +- err = uberblock_verify (ubptr, offset, 1 << ub_shift); ++ err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift); + if (err) + { + grub_errno = GRUB_ERR_NONE; +@@ -1543,7 +1543,7 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc, + + high = grub_divmod64 ((offset >> desc->ashift) + c, + desc->n_children, ); +- csize = bsize << desc->ashift; ++ csize = (grub_size_t) bsize << desc->ashift; + if (csize > len) + csize = len; + +@@ -1635,8 +1635,8 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc, + + while (len > 0) + { +- grub_size_t csize; +- csize = ((s / (desc->n_children - desc->nparity)) ++ grub_size_t csize = s; ++ csize = ((csize / (desc->n_children - desc->nparity)) +<< desc->ashift); + if (csize > len) + csize = len; diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 1630235edd..9158fc7f50 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -69,6 +69,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \ file://0021-zfs-Fix-possible-negative-shift-operation.patch \ file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \ + file://0023-zfs-Fix-possible-integer-overflows.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162373): https://lists.openembedded.org/g/openembedded-core/message/162373 Mute This Topic: https://lists.openembedded.org/mt/89389032/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 26/50] grub: add a fix for a memory leak
From: Marta Rybczynska This patch adds a fix for a memory leak in grub's path construction in zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...source-leaks-while-constructing-path.patch | 121 ++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 122 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch diff --git a/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch b/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch new file mode 100644 index 00..5ded5520e9 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch @@ -0,0 +1,121 @@ +From 83fdffc07ec4586b375ab36189f255ffbd8f99c2 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 14 Dec 2020 18:54:49 -0300 +Subject: [PATCH] zfs: Fix resource leaks while constructing path + +There are several exit points in dnode_get_path() that are causing possible +memory leaks. + +In the while(1) the correct exit mechanism should not be to do a direct return, +but to instead break out of the loop, setting err first if it is not already set. + +The reason behind this is that the dnode_path is a linked list, and while doing +through this loop, it is being allocated and built up - the only way to +correctly unravel it is to traverse it, which is what is being done at the end +of the function outside of the loop. + +Several of the existing exit points correctly did a break, but not all so this +change makes that more consistent and should resolve the leaking of memory as +found by Coverity. + +Fixes: CID 73741 + +Signed-off-by: Paulo Flabiano Smorigo +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=89bdab965805e8d54d7f75349024e1a11cbe2eb8] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfs.c | 30 +- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 0c42cba..9087a72 100644 +--- a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +@@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + + if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS) + { +-grub_free (path_buf); +-return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); ++break; + } + err = zap_lookup (&(dnode_path->dn), cname, , + data, subvol->case_insensitive); +@@ -2879,11 +2879,18 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + << SPA_MINBLOCKSHIFT); + + if (blksz == 0) +- return grub_error(GRUB_ERR_BAD_FS, "0-sized block"); ++{ ++ err = grub_error (GRUB_ERR_BAD_FS, "0-sized block"); ++ break; ++} + + sym_value = grub_malloc (sym_sz); + if (!sym_value) +- return grub_errno; ++ { ++err = grub_errno; ++break; ++ } ++ + for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++) + { + void *t; +@@ -2893,7 +2900,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + if (err) + { + grub_free (sym_value); +-return err; ++break; + } + + movesize = sym_sz - block * blksz; +@@ -2903,6 +2910,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + grub_memcpy (sym_value + block * blksz, t, movesize); + grub_free (t); + } ++ if (err) ++break; + free_symval = 1; + } + path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1); +@@ -2911,7 +2920,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + grub_free (oldpathbuf); + if (free_symval) + grub_free (sym_value); +-return grub_errno; ++err = grub_errno; ++break; + } + grub_memcpy (path, sym_value, sym_sz); + if (free_symval) +@@ -2949,11 +2959,12 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn, + + err = zio_read (bp, dnode_path->dn.endian, , NULL, data); + if (err) +-
[OE-core][dunfell 16/50] grub: fix an unitialized re_token in gnulib
From: Marta Rybczynska This patch adds a fix for an unitialized re_token in grub's gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...b-regcomp-Fix-uninitialized-re_token.patch | 55 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 56 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch diff --git a/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch b/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch new file mode 100644 index 00..0507e0cd66 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch @@ -0,0 +1,55 @@ +From 512b6bb380a77233b88c84b7a712896c70281d2f Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 24 Nov 2020 18:04:22 + +Subject: [PATCH] gnulib/regcomp: Fix uninitialized re_token + +This issue has been fixed in the latest version of gnulib, so to +maintain consistency, I've backported that change rather than doing +something different. + +Fixes: CID 73828 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03477085f9a33789ba6cca7cd49ab9326a1baa0e] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../gnulib-patches/fix-regcomp-uninit-token.patch | 15 +++ + 2 files changed, 16 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index d27d3a9..ffe6829 100644 +--- a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch +diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch +new file mode 100644 +index 000..02e0631 +--- /dev/null b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch +@@ -0,0 +1,15 @@ ++--- a/lib/regcomp.c 2020-11-24 17:06:08.159223858 + + b/lib/regcomp.c 2020-11-24 17:06:15.630253923 + ++@@ -3808,11 +3808,7 @@ ++ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right, ++ re_token_type_t type) ++ { ++- re_token_t t; ++-#if defined GCC_LINT || defined lint ++- memset (, 0, sizeof t); ++-#endif ++- t.type = type; +++ re_token_t t = { .type = type }; ++ return create_token_tree (dfa, left, right, ); ++ } ++ diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index e7168e75ea..4ddb9fc4f1 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -58,6 +58,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \ + file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162362): https://lists.openembedded.org/g/openembedded-core/message/162362 Mute This Topic: https://lists.openembedded.org/mt/89389012/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 25/50] grub: add a fix for a possible negative shift
From: Marta Rybczynska This patch adds a fix for a possible negative shift in grub's zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ix-possible-negative-shift-operation.patch | 42 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch diff --git a/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch b/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch new file mode 100644 index 00..12418858f9 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch @@ -0,0 +1,42 @@ +From c757779e5d09719666c3b155afd2421978a107bd Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 24 Nov 2020 16:41:49 + +Subject: [PATCH] zfs: Fix possible negative shift operation + +While it is possible for the return value from zfs_log2() to be zero +(0), it is quite unlikely, given that the previous assignment to blksz +is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the +assignment to epbs. + +But, while unlikely during a normal operation, it may be that a carefully +crafted ZFS filesystem could result in a zero (0) value to the +dn_datalbkszsec field, which means that the shift left does nothing +and assigns zero (0) to blksz, resulting in a negative epbs value. + +Fixes: CID 73608 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a02091834d3e167320d8a262ff04b8e83c5e616d] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/zfs/zfs.c | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 36d0373..0c42cba 100644 +--- a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type, + blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec, +mdn->endian) << SPA_MINBLOCKSHIFT; + epbs = zfs_log2 (blksz) - DNODE_SHIFT; ++ ++ /* While this should never happen, we should check that epbs is not negative. */ ++ if (epbs < 0) ++epbs = 0; ++ + blkid = objnum >> epbs; + idx = objnum & ((1 << epbs) - 1); + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 3c5274fd96..360e86685b 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -67,6 +67,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \ + file://0021-zfs-Fix-possible-negative-shift-operation.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162371): https://lists.openembedded.org/g/openembedded-core/message/162371 Mute This Topic: https://lists.openembedded.org/mt/89389030/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 15/50] grub: add a fix for NULL pointer dereference
From: Marta Rybczynska Add a fix for gnulib's regexec NULL pointer dereference. This patch a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...egexec-Fix-possible-null-dereference.patch | 53 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch diff --git a/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch new file mode 100644 index 00..4f43fcf7d5 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch @@ -0,0 +1,53 @@ +From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:57:14 + +Subject: [PATCH] gnulib/regexec: Fix possible null-dereference + +It appears to be possible that the mctx->state_log field may be NULL, +and the name of this function, clean_state_log_if_needed(), suggests +that it should be checking that it is valid to be cleaned before +assuming that it does. + +Fixes: CID 86720 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-regexec-null-deref.patch | 12 + 2 files changed, 13 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 96d7e69..d27d3a9 100644 +--- a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch +diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch +new file mode 100644 +index 000..db6dac9 +--- /dev/null b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch +@@ -0,0 +1,12 @@ ++--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 + + b/lib/regexec.c 2020-11-05 10:55:09.621542984 + ++@@ -1692,6 +1692,9 @@ ++ { ++ Idx top = mctx->state_log_top; ++ +++ if (mctx->state_log == NULL) +++return REG_NOERROR; +++ ++ if ((next_state_log_idx >= mctx->input.bufs_len ++&& mctx->input.bufs_len < mctx->input.len) ++ || (next_state_log_idx >= mctx->input.valid_len diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 94873475c1..e7168e75ea 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -57,6 +57,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0008-gnulib-regexec-Resolve-unused-variable.patch \ file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ + file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162361): https://lists.openembedded.org/g/openembedded-core/message/162361 Mute This Topic: https://lists.openembedded.org/mt/89389010/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 24/50] grub: add a fix for a length check
From: Marta Rybczynska This patch adds a fix for a volume name length check in grub's hfsplus. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...that-the-volume-name-length-is-valid.patch | 43 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch diff --git a/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch new file mode 100644 index 00..eb459c547f --- /dev/null +++ b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch @@ -0,0 +1,43 @@ +From 7c1813eeec78892fa651046cc224ae4e80d0c94d Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 23 Oct 2020 17:09:31 + +Subject: [PATCH] hfsplus: Check that the volume name length is valid + +HFS+ documentation suggests that the maximum filename and volume name is +255 Unicode characters in length. + +So, when converting from big-endian to little-endian, we should ensure +that the name of the volume has a length that is between 0 and 255, +inclusive. + +Fixes: CID 73641 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2298f6e0d951251bb9ca97d891d1bc8b74515f8c] +Signed-off-by: Marta Rybczynska +--- + grub-core/fs/hfsplus.c | 9 + + 1 file changed, 9 insertions(+) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index dae43be..03c3c4c 100644 +--- a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +@@ -1007,6 +1007,15 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (>catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); ++ ++ /* Ensure that the length is >= 0. */ ++ if (label_len < 0) ++label_len = 0; ++ ++ /* Ensure label length is at most 255 Unicode characters. */ ++ if (label_len > 255) ++label_len = 255; ++ + label_name = grub_calloc (label_len, sizeof (*label_name)); + if (!label_name) + { diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 130f32551b..3c5274fd96 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -66,6 +66,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ + file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162370): https://lists.openembedded.org/g/openembedded-core/message/162370 Mute This Topic: https://lists.openembedded.org/mt/89389027/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 14/50] grub: add a fix a NULL pointer dereference in gnulib
From: Marta Rybczynska This change adds a fix for a NULL pointer dereference of state in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...-Fix-dereference-of-a-possibly-NULL-.patch | 52 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch diff --git a/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch b/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch new file mode 100644 index 00..102a494561 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch @@ -0,0 +1,52 @@ +From eaf9da8b5f8349c51cfc89dd8e39a1a61f89790a Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 28 Oct 2020 14:43:01 + +Subject: [PATCH] gnulib/argp-help: Fix dereference of a possibly NULL state + +All other instances of call to __argp_failure() where there is +a dgettext() call is first checking whether state is NULL before +attempting to dereference it to get the root_argp->argp_domain. + +Fixes: CID 292436 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3a37bf120a9194c373257c70175cdb5b337bc107] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-null-state-deref.patch| 12 + 2 files changed, 13 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 9e55458..96d7e69 100644 +--- a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch +diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch +new file mode 100644 +index 000..813ec09 +--- /dev/null b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch +@@ -0,0 +1,12 @@ ++--- a/lib/argp-help.c 2020-10-28 14:32:19.189215988 + + b/lib/argp-help.c 2020-10-28 14:38:21.204673940 + ++@@ -145,7 +145,8 @@ ++ if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin) ++ { ++ __argp_failure (state, 0, 0, ++- dgettext (state->root_argp->argp_domain, +++ dgettext (state == NULL ? NULL +++: state->root_argp->argp_domain, ++ "\ ++ ARGP_HELP_FMT: %s value is less than or equal to %s"), ++ "rmargin", up->name); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index df2c8b8a16..94873475c1 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -56,6 +56,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \ file://0008-gnulib-regexec-Resolve-unused-variable.patch \ file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ + file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162360): https://lists.openembedded.org/g/openembedded-core/message/162360 Mute This Topic: https://lists.openembedded.org/mt/89389009/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 13/50] grub: fix an unitialized token in gnulib
From: Marta Rybczynska This change adds a fix for an unitialized token structure in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...mp-Fix-uninitialized-token-structure.patch | 53 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch diff --git a/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch new file mode 100644 index 00..b6e3c7edbe --- /dev/null +++ b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch @@ -0,0 +1,53 @@ +From 2af8df02cca7fd4b584575eac304cd03fa23f5cc Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 22 Oct 2020 13:54:06 + +Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure + +The code is assuming that the value of br_token.constraint was +initialized to zero when it wasn't. + +While some compilers will ensure that, not all do, so it is better to +fix this explicitly than leave it to chance. + +Fixes: CID 73749 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=75c3d3cec4f408848f575d6d5e30a95bd6313db0] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-uninit-structure.patch | 11 +++ + 2 files changed, 12 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 9b01152..9e55458 100644 +--- a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch +diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +new file mode 100644 +index 000..7b4d9f6 +--- /dev/null b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch +@@ -0,0 +1,11 @@ ++--- a/lib/regcomp.c 2020-10-22 13:49:06.770168928 + + b/lib/regcomp.c 2020-10-22 13:50:37.026528298 + ++@@ -3662,7 +3662,7 @@ ++ Idx alloc = 0; ++ #endif /* not RE_ENABLE_I18N */ ++ reg_errcode_t ret; ++- re_token_t br_token; +++ re_token_t br_token = {0}; ++ bin_tree_t *tree; ++ ++ sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index d2a1502d56..df2c8b8a16 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -55,6 +55,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0006-kern-efi-Fix-memory-leak-on-failure.patch \ file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \ file://0008-gnulib-regexec-Resolve-unused-variable.patch \ + file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162359): https://lists.openembedded.org/g/openembedded-core/message/162359 Mute This Topic: https://lists.openembedded.org/mt/89389007/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 23/50] grub: fix an integer overflow
From: Marta Rybczynska This patch fixes a potential overflow in grub's disk/cryptodisk. It is a part of a security series [1] [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...odisk-Fix-potential-integer-overflow.patch | 50 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch diff --git a/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch new file mode 100644 index 00..dd7fda357d --- /dev/null +++ b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch @@ -0,0 +1,50 @@ +From 2550aaa0c23fdf8b6c54e00c6b838f2e3aa81fe2 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 21 Jan 2021 11:38:31 + +Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow + +The encrypt and decrypt functions expect a grub_size_t. So, we need to +ensure that the constant bit shift is using grub_size_t rather than +unsigned int when it is performing the shift. + +Fixes: CID 307788 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a201ad17caa430aa710654fdf2e6ab4c8166f031] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/cryptodisk.c | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index 5037768..6883f48 100644 +--- a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, + case GRUB_CRYPTODISK_MODE_CBC: + if (do_encrypt) + err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + else + err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + if (err) + return err; + break; +@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev, + case GRUB_CRYPTODISK_MODE_PCBC: + if (do_encrypt) + err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + else + err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i, +- (1U << dev->log_sector_size), iv); ++ ((grub_size_t) 1 << dev->log_sector_size), iv); + if (err) + return err; + break; diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 2fccdc2d62..130f32551b 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -65,6 +65,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \ file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ + file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162369): https://lists.openembedded.org/g/openembedded-core/message/162369 Mute This Topic: https://lists.openembedded.org/mt/89389025/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 12/50] grub: add a fix for unused variable in gnulib
From: Marta Rybczynska This changes adds a fix for an unused variable issue in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ulib-regexec-Resolve-unused-variable.patch | 59 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch diff --git a/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch b/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch new file mode 100644 index 00..74ffb559e9 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch @@ -0,0 +1,59 @@ +From 9d36bce5d516b6379ba3a0dd1a94a9c035838827 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Wed, 21 Oct 2020 14:41:27 + +Subject: [PATCH] gnulib/regexec: Resolve unused variable + +This is a really minor issue where a variable is being assigned to but +not checked before it is overwritten again. + +The reason for this issue is that we are not building with DEBUG set and +this in turn means that the assert() that reads the value of the +variable match_last is being processed out. + +The solution, move the assignment to match_last in to an ifdef DEBUG too. + +Fixes: CID 292459 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a983d36bd9178d377d2072fd4b11c635fdc404b4] +Signed-off-by: Marta Rybczynska +--- + conf/Makefile.extra-dist | 1 + + .../lib/gnulib-patches/fix-unused-value.patch | 14 ++ + 2 files changed, 15 insertions(+) + create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch + +diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +index 46c4e95..9b01152 100644 +--- a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist +@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh + EXTRA_DIST += grub-core/genemuinitheader.sh + + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch ++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch + EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch + +diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch +new file mode 100644 +index 000..ba51f1b +--- /dev/null b/grub-core/lib/gnulib-patches/fix-unused-value.patch +@@ -0,0 +1,14 @@ ++--- a/lib/regexec.c 2020-10-21 14:25:35.310195912 + + b/lib/regexec.c 2020-10-21 14:32:07.961765604 + ++@@ -828,7 +828,11 @@ ++ break; ++if (__glibc_unlikely (err != REG_NOMATCH)) ++ goto free_return; +++#ifdef DEBUG +++ /* Only used for assertion below when DEBUG is set, otherwise +++ it will be over-written when we loop around. */ ++match_last = -1; +++#endif ++ } ++else ++ break; /* We found a match. */ diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 46d65d8609..d2a1502d56 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -54,6 +54,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \ file://0006-kern-efi-Fix-memory-leak-on-failure.patch \ file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \ + file://0008-gnulib-regexec-Resolve-unused-variable.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162358): https://lists.openembedded.org/g/openembedded-core/message/162358 Mute This Topic: https://lists.openembedded.org/mt/89389006/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 22/50] grub: fix a memory leak
From: Marta Rybczynska Add a fix for a memory leak in grub'd disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ory-leak-on-uninserted-lv-references.patch | 50 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch diff --git a/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch b/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch new file mode 100644 index 00..26932f674c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch @@ -0,0 +1,50 @@ +From 3e1d2f1959acbe5152cdd5818d495f6455d1a158 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Tue, 8 Dec 2020 10:00:51 + +Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references + +The problem here is that the memory allocated to the variable lv is not +yet inserted into the list that is being processed at the label fail2. + +As we can already see at line 342, which correctly frees lv before going +to fail2, we should also be doing that at these earlier jumps to fail2. + +Fixes: CID 73824 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=156c281a1625dc73fd350530630c6f2d5673d4f6] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/ldm.c | 10 -- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 54713f4..e82e989 100644 +--- a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk, + lv->visible = 1; + lv->segments = grub_zalloc (sizeof (*lv->segments)); + if (!lv->segments) +- goto fail2; ++ { ++grub_free (lv); ++goto fail2; ++ } + lv->segments->start_extent = 0; + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; +@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk, + lv->segments->nodes = grub_calloc (lv->segments->node_alloc, +sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) +- goto fail2; ++ { ++grub_free (lv); ++goto fail2; ++ } + ptr = vblk[i].dynamic; + if (ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index a8ee0dd68a..2fccdc2d62 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -64,6 +64,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \ file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \ file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ + file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162368): https://lists.openembedded.org/g/openembedded-core/message/162368 Mute This Topic: https://lists.openembedded.org/mt/89389023/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 21/50] grub: fix a memory leak
From: Marta Rybczynska This patch adds a fix for a memory leak in grub's disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...-If-failed-then-free-vg-variable-too.patch | 28 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch diff --git a/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch b/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch new file mode 100644 index 00..ecdb230f76 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch @@ -0,0 +1,28 @@ +From 253485e8df3c9dedac848567e638157530184295 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Mon, 7 Dec 2020 10:07:47 -0300 +Subject: [PATCH] disk/ldm: If failed then free vg variable too + +Fixes: CID 73809 + +Signed-off-by: Paulo Flabiano Smorigo +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e0b83df5da538d2a38f770e60817b3a4b9d5b4d7] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/ldm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 428415f..54713f4 100644 +--- a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +@@ -199,6 +199,7 @@ make_vg (grub_disk_t disk, + { + grub_free (vg->uuid); + grub_free (vg->name); ++ grub_free (vg); + return NULL; + } + grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 479e2f71f2..a8ee0dd68a 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -63,6 +63,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0014-zstd-Initialize-seq_t-structure-fully.patch \ file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \ file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \ + file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162367): https://lists.openembedded.org/g/openembedded-core/message/162367 Mute This Topic: https://lists.openembedded.org/mt/89389021/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 20/50] grub: fix a memory leak
From: Marta Rybczynska Add a fix for a memory leak in grub's disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...re-comp-data-is-freed-before-exiting.patch | 128 ++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 129 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch diff --git a/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch b/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch new file mode 100644 index 00..c1687c75d0 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch @@ -0,0 +1,128 @@ +From 0c5d0fd796e6cafba179321de396681a493c4158 Mon Sep 17 00:00:00 2001 +From: Marco A Benatto +Date: Mon, 7 Dec 2020 11:53:03 -0300 +Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from + make_vg() + +Several error handling paths in make_vg() do not free comp data before +jumping to fail2 label and returning from the function. This will leak +memory. So, let's fix all issues of that kind. + +Fixes: CID 73804 + +Signed-off-by: Marco A Benatto +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=23e39f50ca7a107f6b66396ed4d177a914dee035] +Signed-off-by: Marta Rybczynska +--- + grub-core/disk/ldm.c | 51 ++-- + 1 file changed, 44 insertions(+), 7 deletions(-) + +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 58f8a53..428415f 100644 +--- a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk, + comp->segments = grub_calloc (comp->segment_alloc, + sizeof (*comp->segments)); + if (!comp->segments) +- goto fail2; ++ { ++grub_free (comp->internal_id); ++grub_free (comp); ++goto fail2; ++ } + } + else + { +@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk, + comp->segment_count = 1; + comp->segments = grub_malloc (sizeof (*comp->segments)); + if (!comp->segments) +- goto fail2; ++ { ++grub_free (comp->internal_id); ++grub_free (comp); ++goto fail2; ++ } + comp->segments->start_extent = 0; + comp->segments->extent_count = lv->size; + comp->segments->layout = 0; +@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk, + comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK; + } + else +- goto fail2; ++ { ++grub_free (comp->segments); ++grub_free (comp->internal_id); ++grub_free (comp); ++goto fail2; ++ } + ptr += *ptr + 1; + ptr++; + if (!(vblk[i].flags & 0x10)) +- goto fail2; ++ { ++grub_free (comp->segments); ++grub_free (comp->internal_id); ++grub_free (comp); ++goto fail2; ++ } + if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic) + || ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) + { ++grub_free (comp->segments); + grub_free (comp->internal_id); + grub_free (comp); + goto fail2; +@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk, + if (ptr + *ptr + 1 >= vblk[i].dynamic + + sizeof (vblk[i].dynamic)) + { ++grub_free (comp->segments); + grub_free (comp->internal_id); + grub_free (comp); + goto fail2; +@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk, + comp->segments->nodes = grub_calloc (comp->segments->node_alloc, + sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) +- goto fail2; ++ { ++grub_free (comp->segments); ++grub_free (comp->internal_id); ++grub_free (comp); ++goto fail2; ++ } + } + + if (lv->segments->node_alloc == lv->segments->node_count) +@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk, + + if (grub_mul (lv->segments->node_alloc, 2, >segments->node_alloc) || + grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), )) +-
[OE-core][dunfell 11/50] grub: add a fix for a possible NULL pointer dereference
From: Marta Rybczynska This change fixes a possible NULL pointer dereference in grub's EFI support. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ix-possible-NULL-pointer-dereference.patch | 65 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch diff --git a/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch b/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch new file mode 100644 index 00..d55709406b --- /dev/null +++ b/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch @@ -0,0 +1,65 @@ +From be03a18b8767be50f16a845c389fd5ed29aae055 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 11 Dec 2020 15:03:13 + +Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference + +The model of grub_efi_get_memory_map() is that if memory_map is NULL, +then the purpose is to discover how much memory should be allocated to +it for the subsequent call. + +The problem here is that with grub_efi_is_finished set to 1, there is no +check at all that the function is being called with a non-NULL memory_map. + +While this MAY be true, we shouldn't assume it. + +The solution to this is to behave as expected, and if memory_map is NULL, +then don't try to use it and allow memory_map_size to be filled in, and +return 0 as is done later in the code if the buffer is too small (or NULL). + +Additionally, drop unneeded ret = 1. + +Fixes: CID 96632 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6aee4bfd6973c714056fb7b56890b8d524e94ee1] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/efi/mm.c | 19 ++- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index b02fab1..5afcef7 100644 +--- a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +@@ -328,15 +328,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size, + if (grub_efi_is_finished) + { + int ret = 1; +- if (*memory_map_size < finish_mmap_size) ++ ++ if (memory_map != NULL) + { +-grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size); +-ret = 0; ++if (*memory_map_size < finish_mmap_size) ++ { ++grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size); ++ret = 0; ++ } ++ else ++ grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size); + } + else + { +-grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size); +-ret = 1; ++/* ++ * Incomplete, no buffer to copy into, same as ++ * GRUB_EFI_BUFFER_TOO_SMALL below. ++ */ ++ret = 0; + } + *memory_map_size = finish_mmap_size; + if (map_key) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 04ed8b7b23..46d65d8609 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -53,6 +53,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \ file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \ file://0006-kern-efi-Fix-memory-leak-on-failure.patch \ + file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162357): https://lists.openembedded.org/g/openembedded-core/message/162357 Mute This Topic: https://lists.openembedded.org/mt/89388999/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 19/50] grub: add a missing NULL check
From: Marta Rybczynska This fix adds a missing check for NULL pointer from an external source in grub's kern/partition. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...heck-for-NULL-before-dereferencing-i.patch | 43 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch diff --git a/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch b/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch new file mode 100644 index 00..af9fcd45cc --- /dev/null +++ b/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch @@ -0,0 +1,43 @@ +From 0da8ef2e03a8591586b53a29af92d2ace76a04e3 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 23 Oct 2020 09:49:59 + +Subject: [PATCH] kern/partition: Check for NULL before dereferencing input + string + +There is the possibility that the value of str comes from an external +source and continuing to use it before ever checking its validity is +wrong. So, needs fixing. + +Additionally, drop unneeded part initialization. + +Fixes: CID 292444 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bc9c468a2ce84bc767234eec888b71f1bc744fff] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/partition.c | 5 - + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c +index e499147..b10a184 100644 +--- a/grub-core/kern/partition.c b/grub-core/kern/partition.c +@@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t partmap, + grub_partition_t + grub_partition_probe (struct grub_disk *disk, const char *str) + { +- grub_partition_t part = 0; ++ grub_partition_t part; + grub_partition_t curpart = 0; + grub_partition_t tail; + const char *ptr; + ++ if (str == NULL) ++return 0; ++ + part = tail = disk->partition; + + for (ptr = str; *ptr;) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 7cf4d64149..94b89aa643 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -61,6 +61,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \ file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \ file://0014-zstd-Initialize-seq_t-structure-fully.patch \ + file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162365): https://lists.openembedded.org/g/openembedded-core/message/162365 Mute This Topic: https://lists.openembedded.org/mt/89389018/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 10/50] grub: fix memory leak at error in grub_efi_get_filename()
From: Marta Rybczynska This change fixes a memory leak on error in grub_efi_get_filename(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...-kern-efi-Fix-memory-leak-on-failure.patch | 30 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch diff --git a/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch b/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch new file mode 100644 index 00..9d7327cee6 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch @@ -0,0 +1,30 @@ +From d4fd0243920b71cc6e03cc0cadf23b4fe03c352f Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:15:25 + +Subject: [PATCH] kern/efi: Fix memory leak on failure + +Free the memory allocated to name before returning on failure. + +Fixes: CID 296222 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ed286ceba6015d37a9304f04602451c47bf195d7] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/efi/efi.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 6a38080..baeeef0 100644 +--- a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +@@ -415,6 +415,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); ++grub_free (name); + return NULL; + } + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index f7f2aa892f..04ed8b7b23 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -52,6 +52,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0003-net-tftp-Fix-dangling-memory-pointer.patch \ file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \ file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \ + file://0006-kern-efi-Fix-memory-leak-on-failure.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162356): https://lists.openembedded.org/g/openembedded-core/message/162356 Mute This Topic: https://lists.openembedded.org/mt/89388997/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 18/50] grub: add structure initialization in zstd
From: Marta Rybczynska This patch adds initialization of a structure in grub's zstd, which might be left uninitialized by the compiler. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...std-Initialize-seq_t-structure-fully.patch | 34 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch diff --git a/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch b/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch new file mode 100644 index 00..19d881c1ca --- /dev/null +++ b/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch @@ -0,0 +1,34 @@ +From f55ffe6bd8b844a8cd9956702f42ac2eb96ad56f Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 5 Nov 2020 10:29:59 + +Subject: [PATCH] zstd: Initialize seq_t structure fully + +While many compilers will initialize this to zero, not all will, so it +is better to be sure that fields not being explicitly set are at known +values, and there is code that checks this fields value elsewhere in the +code. + +Fixes: CID 292440 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2777cf4466719921dbe4b30af358a75e7d76f217] +Signed-off-by: Marta Rybczynska +--- + grub-core/lib/zstd/zstd_decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/lib/zstd/zstd_decompress.c b/grub-core/lib/zstd/zstd_decompress.c +index 711b5b6..e4b5670 100644 +--- a/grub-core/lib/zstd/zstd_decompress.c b/grub-core/lib/zstd/zstd_decompress.c +@@ -1325,7 +1325,7 @@ typedef enum { ZSTD_lo_isRegularOffset, ZSTD_lo_isLongOffset=1 } ZSTD_longOffset + FORCE_INLINE_TEMPLATE seq_t + ZSTD_decodeSequence(seqState_t* seqState, const ZSTD_longOffset_e longOffsets) + { +-seq_t seq; ++seq_t seq = {0}; + U32 const llBits = seqState->stateLL.table[seqState->stateLL.state].nbAdditionalBits; + U32 const mlBits = seqState->stateML.table[seqState->stateML.state].nbAdditionalBits; + U32 const ofBits = seqState->stateOffb.table[seqState->stateOffb.state].nbAdditionalBits; diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 1906a28f30..7cf4d64149 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -60,6 +60,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \ file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \ file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \ + file://0014-zstd-Initialize-seq_t-structure-fully.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162364): https://lists.openembedded.org/g/openembedded-core/message/162364 Mute This Topic: https://lists.openembedded.org/mt/89389017/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 08/50] grub: fix wrong handling of argc == 0
From: Marta Rybczynska This change fixes wrong handling of argc == 0 causing a memory leak. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...n-parser-Fix-resource-leak-if-argc-0.patch | 50 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch diff --git a/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch b/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch new file mode 100644 index 00..933416605c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch @@ -0,0 +1,50 @@ +From 8861fa6226f7229105722ba669465e879b56ee2b Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 22 Jan 2021 12:32:41 + +Subject: [PATCH] kern/parser: Fix resource leak if argc == 0 + +After processing the command-line yet arriving at the point where we are +setting argv, we are allocating memory, even if argc == 0, which makes +no sense since we never put anything into the allocated argv. + +The solution is to simply return that we've successfully processed the +arguments but that argc == 0, and also ensure that argv is NULL when +we're not allocating anything in it. + +There are only 2 callers of this function, and both are handling a zero +value in argc assuming nothing is allocated in argv. + +Fixes: CID 96680 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d06161b035dde4769199ad65aa0a587a5920012b] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/parser.c | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 619db31..d1cf061 100644 +--- a/grub-core/kern/parser.c b/grub-core/kern/parser.c +@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline, + int i; + + *argc = 0; ++ *argv = NULL; + do + { + if (!rd || !*rd) +@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline, + (*argc)++; + } + ++ /* If there are no args, then we're done. */ ++ if (!*argc) ++return 0; ++ + /* Reserve memory for the return values. */ + args = grub_malloc (bp - buffer); + if (!args) diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 678aa5c4e2..2e4e6d7ac2 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -50,6 +50,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \ file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \ file://0003-net-tftp-Fix-dangling-memory-pointer.patch \ + file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162354): https://lists.openembedded.org/g/openembedded-core/message/162354 Mute This Topic: https://lists.openembedded.org/mt/89388995/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 09/50] grub: add a fix for malformed device path handling
From: Marta Rybczynska This change fixes the malformed device paths in EFI handling. Device paths of length 4 or shorter could cause different kinds of unexpected behaviours. This patch is NOT a part of [1], but is a dependency of one of the patches included in the series. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...formed-device-path-arithmetic-errors.patch | 235 ++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 236 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch diff --git a/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch b/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch new file mode 100644 index 00..04748befc8 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch @@ -0,0 +1,235 @@ +From 16a4d739b19f8680cf93a3c8fa0ae9fc1b1c310b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: [PATCH] efi: Fix some malformed device path arithmetic errors + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d2cf823d0e31818d1b7a223daff6d5e006596543] +Signed-off-by: Marta Rybczynska +--- + grub-core/kern/efi/efi.c | 64 +- + grub-core/loader/efi/chainloader.c | 13 +- + grub-core/loader/i386/xnu.c| 9 +++-- + include/grub/efi/api.h | 14 --- + 4 files changed, 79 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index ad170c7..6a38080 100644 +--- a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +@@ -360,7 +360,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -370,9 +370,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +-grub_efi_uint16_t len; +-len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++if (len < 4) ++ { ++grub_error (GRUB_ERR_OUT_OF_RANGE, ++"malformed EFI Device Path node has length=%d", len); ++return NULL; ++ } ++len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -388,7 +394,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -404,8 +410,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + *p++ = '/'; + +-len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++if (len < 4) ++ { ++grub_error (GRUB_ERR_OUT_OF_RANGE, ++"malformed EFI Device Path node has length=%d", len); ++return NULL; ++ } ++ ++len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + /* According to EFI spec Path Name is NULL terminated */ + while (len > 0 && fp->path_name[len - 1] == 0) +@@ -480,7 +493,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) +; +p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if
[OE-core][dunfell 07/50] grub: fix a dangling memory pointer
From: Marta Rybczynska This change fixes a dangling memory pointer in the grub TFTP code. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...net-tftp-Fix-dangling-memory-pointer.patch | 33 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch diff --git a/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch b/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch new file mode 100644 index 00..3b4633507d --- /dev/null +++ b/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch @@ -0,0 +1,33 @@ +From 09cc0df477758b60f51fbc0da1dee2f5d54c333d Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 19 Feb 2021 17:12:23 + +Subject: [PATCH] net/tftp: Fix dangling memory pointer + +The static code analysis tool, Parfait, reported that the valid of +file->data was left referencing memory that was freed by the call to +grub_free(data) where data was initialized from file->data. + +To ensure that there is no unintentional access to this memory +referenced by file->data we should set the pointer to NULL. + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0cb838b281a68b536a09681f9557ea6a7ac5da7a] +Signed-off-by: Marta Rybczynska +--- + grub-core/net/tftp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index 7d90bf6..f76b19f 100644 +--- a/grub-core/net/tftp.c b/grub-core/net/tftp.c +@@ -468,6 +468,7 @@ tftp_close (struct grub_file *file) + } + destroy_pq (data); + grub_free (data); ++ file->data = NULL; + return GRUB_ERR_NONE; + } + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 2c0bff8fd0..678aa5c4e2 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -49,6 +49,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-25647.patch \ file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \ file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \ + file://0003-net-tftp-Fix-dangling-memory-pointer.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162353): https://lists.openembedded.org/g/openembedded-core/message/162353 Mute This Topic: https://lists.openembedded.org/mt/89388993/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 06/50] grub: add a fix for a possible NULL dereference
From: Marta Rybczynska This fix removes a possible NULL pointer dereference in grub networking code. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...ible-dereference-to-of-a-NULL-pointe.patch | 39 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch diff --git a/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch b/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch new file mode 100644 index 00..d00821f5c3 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch @@ -0,0 +1,39 @@ +From f216a75e884ed5e4e94bf86965000dde51148f94 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Fri, 27 Nov 2020 15:10:26 + +Subject: [PATCH] net/net: Fix possible dereference to of a NULL pointer + +It is always possible that grub_zalloc() could fail, so we should check for +a NULL return. Otherwise we run the risk of dereferencing a NULL pointer. + +Fixes: CID 296221 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03f2515ae0c503406f1a99a2178405049c6555db] +Signed-off-by: Marta Rybczynska +--- + grub-core/net/net.c | 9 +++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 38f19df..7c2cdf2 100644 +--- a/grub-core/net/net.c b/grub-core/net/net.c +@@ -86,8 +86,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card, + + /* Add sender to cache table. */ + if (card->link_layer_table == NULL) +-card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE +-* sizeof (card->link_layer_table[0])); ++{ ++ card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE ++ * sizeof (card->link_layer_table[0])); ++ if (card->link_layer_table == NULL) ++ return; ++} ++ + entry = &(card->link_layer_table[card->new_ll_entry]); + entry->avail = 1; + grub_memcpy (>ll_address, ll, sizeof (entry->ll_address)); diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index a06beac5ef..2c0bff8fd0 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -48,6 +48,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-25632.patch \ file://CVE-2020-25647.patch \ file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \ + file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162352): https://lists.openembedded.org/g/openembedded-core/message/162352 Mute This Topic: https://lists.openembedded.org/mt/89388992/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 05/50] grub: fix a memory leak
From: Marta Rybczynska Backport a fix for a memory leak in grub_mmap_iterate(). This patch is a part of a security series [1] [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- ...leak-when-iterating-over-mapped-memo.patch | 39 +++ meta/recipes-bsp/grub/grub2.inc | 3 +- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch diff --git a/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch b/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch new file mode 100644 index 00..eaaa7effae --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch @@ -0,0 +1,39 @@ +From 0900f11def2e7fbb4880efff0cd9c9b32f1cdb86 Mon Sep 17 00:00:00 2001 +From: Darren Kenny +Date: Thu, 3 Dec 2020 14:39:45 + +Subject: [PATCH] mmap: Fix memory leak when iterating over mapped memory + +When returning from grub_mmap_iterate() the memory allocated to present +is not being released causing it to leak. + +Fixes: CID 96655 + +Signed-off-by: Darren Kenny +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8cb2848f9699642a698af84b12ba187cab722031] +Signed-off-by: Marta Rybczynska +--- + grub-core/mmap/mmap.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 7ebf32e..8bf235f 100644 +--- a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +@@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + hook_data)) + { + grub_free (ctx.scanline_events); ++grub_free (present); + return GRUB_ERR_NONE; + } + +@@ -282,6 +283,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + } + + grub_free (ctx.scanline_events); ++ grub_free (present); + return GRUB_ERR_NONE; + } + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 9b20e1c09b..a06beac5ef 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -47,7 +47,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-27779_7.patch \ file://CVE-2020-25632.patch \ file://CVE-2020-25647.patch \ -" + file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \ + " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162351): https://lists.openembedded.org/g/openembedded-core/message/162351 Mute This Topic: https://lists.openembedded.org/mt/89388991/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 04/50] puzzles: Upstream changed to main branch for development
From: Kartikey Rameshbhai Parmar Signed-off-by: Kartikey Rameshbhai Parmar Signed-off-by: Steve Sakoman --- meta/recipes-sato/puzzles/puzzles_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-sato/puzzles/puzzles_git.bb b/meta/recipes-sato/puzzles/puzzles_git.bb index 2edc9ada2e..3ee441998d 100644 --- a/meta/recipes-sato/puzzles/puzzles_git.bb +++ b/meta/recipes-sato/puzzles/puzzles_git.bb @@ -9,7 +9,7 @@ DEPENDS = "libxt" # The libxt requires x11 in DISTRO_FEATURES REQUIRED_DISTRO_FEATURES = "x11" -SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=master \ +SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=main \ file://fix-compiling-failure-with-option-g-O.patch \ file://0001-palisade-Fix-warnings-with-clang-on-arm.patch \ file://0001-Use-Wno-error-format-overflow-if-the-compiler-suppor.patch \ -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162350): https://lists.openembedded.org/g/openembedded-core/message/162350 Mute This Topic: https://lists.openembedded.org/mt/89388989/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 03/50] ruby: 2.7.4 -> 2.7.5
From: Chee Yang Lee This release includes security fixes. CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods CVE-2021-41816: Buffer Overrun in CGI.escape_html CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman --- meta/recipes-devtools/ruby/{ruby_2.7.4.bb => ruby_2.7.5.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/ruby/{ruby_2.7.4.bb => ruby_2.7.5.bb} (95%) diff --git a/meta/recipes-devtools/ruby/ruby_2.7.4.bb b/meta/recipes-devtools/ruby/ruby_2.7.5.bb similarity index 95% rename from meta/recipes-devtools/ruby/ruby_2.7.4.bb rename to meta/recipes-devtools/ruby/ruby_2.7.5.bb index dafa7d2f6b..44a2527ee7 100644 --- a/meta/recipes-devtools/ruby/ruby_2.7.4.bb +++ b/meta/recipes-devtools/ruby/ruby_2.7.5.bb @@ -9,8 +9,8 @@ SRC_URI += " \ file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ " -SRC_URI[md5sum] = "823cd21d93c69e4168b03dd127369343" -SRC_URI[sha256sum] = "3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b" +SRC_URI[md5sum] = "ede247b56fb862f1f67f9471189b04d4" +SRC_URI[sha256sum] = "2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1" PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162349): https://lists.openembedded.org/g/openembedded-core/message/162349 Mute This Topic: https://lists.openembedded.org/mt/89388986/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 02/50] tiff: fix for CVE-2022-22844
From: Purushottam Choudhary Backport patch from: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64 Signed-off-by: Purushottam Choudhary Signed-off-by: Purushottam Choudhary Signed-off-by: Steve Sakoman --- ...al-buffer-overflow-for-ASCII-tags-wh.patch | 52 +++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch new file mode 100644 index 00..31f867e000 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch @@ -0,0 +1,52 @@ +From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001 +From: 4ugustus +Date: Tue, 25 Jan 2022 16:25:28 + +Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where + count is required (fixes #355) + +CVE: CVE-2022-22844 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64] +Signed-off-by: Purushottam Choudhary +Signed-off-by: Purushottam Choudhary +Comments: Add header stdint.h in tiffset.c explicitly for UINT16_MAX +--- + tools/tiffset.c | 17 ++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/tools/tiffset.c b/tools/tiffset.c +index 8c9e23c5..e7a88c09 100644 +--- a/tools/tiffset.c b/tools/tiffset.c +@@ -33,6 +33,7 @@ + #include + #include + ++#include + #include "tiffio.h" + + static char* usageMsg[] = { +@@ -146,9 +146,19 @@ main(int argc, char* argv[]) + + arg_index++; + if (TIFFFieldDataType(fip) == TIFF_ASCII) { +-if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) +-fprintf( stderr, "Failed to set %s=%s\n", +- TIFFFieldName(fip), argv[arg_index] ); ++if(TIFFFieldPassCount( fip )) { ++size_t len; ++len = strlen(argv[arg_index]) + 1; ++if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), ++(uint16_t)len, argv[arg_index]) != 1) ++fprintf( stderr, "Failed to set %s=%s\n", ++TIFFFieldName(fip), argv[arg_index] ); ++} else { ++if (TIFFSetField(tiff, TIFFFieldTag(fip), ++argv[arg_index]) != 1) ++fprintf( stderr, "Failed to set %s=%s\n", ++TIFFFieldName(fip), argv[arg_index] ); ++} + } else if (TIFFFieldWriteCount(fip) > 0 + || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { + int ret = 1; +-- +GitLab diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 43f210111d..0948bb4e2f 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -15,6 +15,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \ file://002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \ file://CVE-2020-35521_and_CVE-2020-35522.patch \ + file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162348): https://lists.openembedded.org/g/openembedded-core/message/162348 Mute This Topic: https://lists.openembedded.org/mt/89388984/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 01/50] openssl: Add fix for CVE-2021-4160
From: Ranjitsinh Rathod Add a patch to fix CVE-2021-4160 The issue only affects OpenSSL on MIPS platforms. Link: https://security-tracker.debian.org/tracker/CVE-2021-4160 Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../openssl/openssl/CVE-2021-4160.patch | 145 ++ .../openssl/openssl_1.1.1l.bb | 1 + 2 files changed, 146 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch new file mode 100644 index 00..ff1e807157 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch @@ -0,0 +1,145 @@ +From e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Sat, 11 Dec 2021 20:28:11 +0100 +Subject: [PATCH] Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit + targets + +bn_sqr_comba8 does for instance compute a wrong result for the value: +a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 + +The correct result is: +r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f +912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 + +but the actual result was: +r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f +912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 + +so the forth word of the result was 0x75be8e3c but should have been +0x75be8e3d instead. + +Likewise bn_sqr_comba4 has an identical bug for the same value as well: +a=0x022181ba fd3aa878 899b2346 ee210f45 + +correct result: +r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 + +wrong result: +r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 + +Fortunately the bn_mul_comba4/8 code paths are not affected. + +Also the mips64 target does in fact not handle the carry propagation +correctly. + +Example: +a=0x4aaac919 62056c84 fba7334e 1a6be678 +022181ba fd3aa878 899b234635dad283 ee210f450001 + +correct result: +r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 +0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d +3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 +2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 + +wrong result: +r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 +0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d +3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 +2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 + +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/17258) + +(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590) + +Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb] +CVE: CVE-2021-4160 +Signed-off-by: Ranjitsinh Rathod + +--- + crypto/bn/asm/mips.pl | 4 + test/bntest.c | 45 +++ + 2 files changed, 49 insertions(+) + +diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl +index 8ad715bda4..74101030f2 100644 +--- a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl +@@ -1984,6 +1984,8 @@ $code.=<<___; + sltu$at,$c_2,$t_1 + $ADDU $c_3,$t_2,$at + $ST $c_2,$BNSZ($a0) ++ sltu$at,$c_3,$t_2 ++ $ADDU $c_1,$at + mflo($t_1,$a_2,$a_0) + mfhi($t_2,$a_2,$a_0) + ___ +@@ -2194,6 +2196,8 @@ $code.=<<___; + sltu$at,$c_2,$t_1 + $ADDU $c_3,$t_2,$at + $ST $c_2,$BNSZ($a0) ++ sltu$at,$c_3,$t_2 ++ $ADDU $c_1,$at + mflo($t_1,$a_2,$a_0) + mfhi($t_2,$a_2,$a_0) + ___ +diff --git a/test/bntest.c b/test/bntest.c +index b58028a301..bab34ba54b 100644 +--- a/test/bntest.c b/test/bntest.c +@@ -627,6 +627,51 @@ static int test_modexp_mont5(void) + if (!TEST_BN_eq(c, d)) + goto err; + ++/* ++ * Regression test for overflow bug in bn_sqr_comba4/8 for ++ * mips-linux-gnu and mipsel-linux-gnu 32bit targets. ++ */ ++{ ++static const char *ehex[] = { ++ "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", ++ "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", ++ "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", ++ "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", ++ "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", ++ "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", ++
[OE-core][dunfell 00/50] Patch review
Please review this set of patches for dunfell and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3283 with the exception of a known autobuilder intermittent issue on qemuarm64 which passed on subsequent retest: https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/4780 The following changes since commit 9360b92f98222cb74a93690f53570cd62633c0cf: vim: Upgrade 8.2.4314 -> 8.2.4424 (2022-02-21 07:28:56 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Chee Yang Lee (1): ruby: 2.7.4 -> 2.7.5 Kartikey Rameshbhai Parmar (1): puzzles: Upstream changed to main branch for development Marta Rybczynska (46): grub: fix a memory leak grub: add a fix for a possible NULL dereference grub: fix a dangling memory pointer grub: fix wrong handling of argc == 0 grub: add a fix for malformed device path handling grub: fix memory leak at error in grub_efi_get_filename() grub: add a fix for a possible NULL pointer dereference grub: add a fix for unused variable in gnulib grub: fix an unitialized token in gnulib grub: add a fix a NULL pointer dereference in gnulib grub: add a fix for NULL pointer dereference grub: fix an unitialized re_token in gnulib grub: add a fix for unnecessary assignements grub: add structure initialization in zstd grub: add a missing NULL check grub: fix a memory leak grub: fix a memory leak grub: fix a memory leak grub: fix an integer overflow grub: add a fix for a length check grub: add a fix for a possible negative shift grub: add a fix for a memory leak grub: add a fix for possible integer overflows grub: fix an error check grub: add a fix for a memory leak grub: add a fix for a possible unintended sign extension grub: add a fix for a possible NULL dereference grub: add a fix for a memory leak grub: add a fix for a memory leak grub: fix a memory leak grub: remove unneeded return value grub: fix an integer overflow grub: fix multiple integer overflows grub: fix a possible integer overflow grub: test for malformed jpeg files grub: remove dead code grub: fix checking for NULL grub: add a fix for a memory leak grub: avoid a memory leak grub: add a check for a NULL pointer grub: add a fix for NULL pointer dereference grub: add a fix for an incorrect cast grub: fix incorrect use of a negative value grub: add a fix for a NULL pointer dereference grub: avoid a NULL pointer dereference grub: add a fix for a crash in scripts Purushottam Choudhary (1): tiff: fix for CVE-2022-22844 Ranjitsinh Rathod (1): openssl: Add fix for CVE-2021-4160 ...leak-when-iterating-over-mapped-memo.patch | 39 +++ ...ible-dereference-to-of-a-NULL-pointe.patch | 39 +++ ...net-tftp-Fix-dangling-memory-pointer.patch | 33 +++ ...n-parser-Fix-resource-leak-if-argc-0.patch | 50 ...formed-device-path-arithmetic-errors.patch | 235 ++ ...-kern-efi-Fix-memory-leak-on-failure.patch | 30 +++ ...ix-possible-NULL-pointer-dereference.patch | 65 + ...ulib-regexec-Resolve-unused-variable.patch | 59 + ...mp-Fix-uninitialized-token-structure.patch | 53 ...-Fix-dereference-of-a-possibly-NULL-.patch | 52 ...egexec-Fix-possible-null-dereference.patch | 53 ...b-regcomp-Fix-uninitialized-re_token.patch | 55 ...e-unnecessary-self-assignment-errors.patch | 41 +++ ...std-Initialize-seq_t-structure-fully.patch | 34 +++ ...heck-for-NULL-before-dereferencing-i.patch | 43 ...re-comp-data-is-freed-before-exiting.patch | 128 ++ ...-If-failed-then-free-vg-variable-too.patch | 28 +++ ...ory-leak-on-uninserted-lv-references.patch | 50 ...odisk-Fix-potential-integer-overflow.patch | 50 ...that-the-volume-name-length-is-valid.patch | 43 ...ix-possible-negative-shift-operation.patch | 42 ...source-leaks-while-constructing-path.patch | 121 + ...3-zfs-Fix-possible-integer-overflows.patch | 56 + ...-a-check-for-error-allocating-memory.patch | 35 +++ .../files/0025-affs-Fix-memory-leaks.patch| 82 ++ ...x-possible-unintended-sign-extension.patch | 36 +++ ...pt-mpi-Fix-possible-NULL-dereference.patch | 33 +++ ...slinux-Fix-memory-leak-while-parsing.patch | 43 ...n-Fix-leaking-of-memory-when-process.patch | 52 ...0-commands-hashsum-Fix-a-memory-leak.patch | 56 + ...move-unnecessary-return-value-of-gru.patch | 94 +++ ...bfill-Fix-potential-integer-overflow.patch | 78 ++ ...eo_fb-Fix-multiple-integer-overflows.patch | 104 ...deo_fb-Fix-possible-integer-overflow.patch | 39 +++ ...eg-Test-for-an-invalid-next-marker-r.patch | 38 +++ ...-Remove-code-that-coverity-is-flaggi.patch | 34 +++
Re: [OE-core] [PATCH v3 00/32] Python PEP-517: build wheels and install with pip
On 25.02.22 14:16, Richard Purdie wrote: On Thu, 2022-02-24 at 16:52 +0100, Konrad Weihmann wrote: I got a kind of general question about this patch series and all the followups: is this still considered to go into the next release? It is still being considered, yes. I'm a bit worried about the fallout of this pretty invasive change - even though I see that at some point it needs to be done. My understanding is that the "classic" way will stop with Python 3.12, which doesn't apply to next LTS release - as this will likely remain on 3.10. Only downside will be that manual helper files for updates of packages that are lacking a setup.py needs to be provided (there are already a few examples how to do it) - not a big deal if you'd ask me. So what's the stand of the project regarding this issue - also keeping in mind that I think it's already past feature freeze? This is a tough one to make a decision on and I am conflicted. The change was flagged up a while ago and has been regularly talked about. It is also something we all agree will have to happen at some point. The change is late and has issues but there was a base patchset sent before the freeze deadline. This isn't the final release point, it is the point where we stop taking new invasive changes and stabilise and I think it important to keep that in mind. Stepping back and thinking about the big picture (and e.g. the ability to take security fixes into the LTS), I'm leaning towards trying to get it in. One other consideration is having large delta between the LTS and onging development and I'd prefer to minimise this particular difference if it is practical to do so. Your argumentation does make sense, but I have to disagree on this particular point. The using pip as the default installer and therefore wheels is something that will never (hopefully) get backported, so bringing this change in automatically builds up a huge delta to any other branch - thus here you would create a situation that (I agree) should be avoided. Also moving around a few classes and recipe between core and meta-python, will either bind users to including meta-python in every setup or will create situation were people will try to work around these changes. I see that this feature has been promised - and it might be bad for the project's reputation to drop it - still if one would ask me, I would prefer to delay it to the next release. One potential option would be to offer that one (once mature and tested will a broad set of layers) as a mixin-layer, which then could be used with kirkstone LTS I believe we have identified and fixed the majority of the issues that have shown up in automated testing. I haven't made a final decision but I am keeping an open mind on it and would really prefer to get it merged. There are other issues being worked in parallel which also would block the M3 build which does give time to resolve this one. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162345): https://lists.openembedded.org/g/openembedded-core/message/162345 Mute This Topic: https://lists.openembedded.org/mt/89324642/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v3 00/32] Python PEP-517: build wheels and install with pip
On Thu, 2022-02-24 at 16:52 +0100, Konrad Weihmann wrote: > I got a kind of general question about this patch series and all the > followups: is this still considered to go into the next release? It is still being considered, yes. > I'm a bit worried about the fallout of this pretty invasive change - > even though I see that at some point it needs to be done. > > My understanding is that the "classic" way will stop with Python 3.12, > which doesn't apply to next LTS release - as this will likely remain on > 3.10. > Only downside will be that manual helper files for updates of packages > that are lacking a setup.py needs to be provided (there are already a > few examples how to do it) - not a big deal if you'd ask me. > > So what's the stand of the project regarding this issue - also keeping > in mind that I think it's already past feature freeze? This is a tough one to make a decision on and I am conflicted. The change was flagged up a while ago and has been regularly talked about. It is also something we all agree will have to happen at some point. The change is late and has issues but there was a base patchset sent before the freeze deadline. This isn't the final release point, it is the point where we stop taking new invasive changes and stabilise and I think it important to keep that in mind. Stepping back and thinking about the big picture (and e.g. the ability to take security fixes into the LTS), I'm leaning towards trying to get it in. One other consideration is having large delta between the LTS and onging development and I'd prefer to minimise this particular difference if it is practical to do so. I believe we have identified and fixed the majority of the issues that have shown up in automated testing. I haven't made a final decision but I am keeping an open mind on it and would really prefer to get it merged. There are other issues being worked in parallel which also would block the M3 build which does give time to resolve this one. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162344): https://lists.openembedded.org/g/openembedded-core/message/162344 Mute This Topic: https://lists.openembedded.org/mt/89324642/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] systemd: move systemd shared library into its own package
On Fri, 2022-02-25 at 09:05 +0100, Stefan Herbrechtsmeier wrote: > Am 24.02.2022 um 22:06 schrieb Richard Purdie: > > On Wed, 2022-02-23 at 17:17 +0100, Stefan Herbrechtsmeier wrote: > > > From: Stefan Herbrechtsmeier > > > > > > Move the systemd shared library (libsystemd-shared.so) into its own > > > package to prevent a runtime dependency from udev package to systemd > > > package and thereby to a second init manager. > > > > > > Signed-off-by: Stefan Herbrechtsmeier > > > > > > > > > --- > > > > > > Changes in v2: > > > - Fix SUMMARY override > > > > This did trigger a warning on the autobuilder tests: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/2657/steps/11/logs/warnings > > I will post a patch to add `INSANE_SKIP:libsystemd-shared += "libdir"` > to the recipe. > > At the moment I have a problem to reproduce the warning. I don't see it > on qemux86-64 and have to retest with qemux86. DISTRO = "poky-altcfg" should show it. It happens since it makes libdir /lib64 for x86_64 instead of /lib and only then do you see this error. It is also worth noting we already set that skip for other systemd packages. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162343): https://lists.openembedded.org/g/openembedded-core/message/162343 Mute This Topic: https://lists.openembedded.org/mt/89344344/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] license.py: rename variables
On Thu, 2022-02-24 at 13:55 -0800, Saul Wold wrote: > Update the comment to reflect new variable names > > Signed-off-by: Saul Wold > --- > v2: Update comment and change include -> include_licenses, > exclude -> exclude_licenses > meta/lib/oe/license.py | 31 +-- > 1 file changed, 17 insertions(+), 14 deletions(-) > > diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py > index b5d378a549b..b1105f6149c 100644 > --- a/meta/lib/oe/license.py > +++ b/meta/lib/oe/license.py > @@ -99,26 +99,29 @@ def flattened_licenses(licensestr, choose_licenses): > raise LicenseSyntaxError(licensestr, exc) > return flatten.licenses > > -def is_included(licensestr, whitelist=None, blacklist=None): > -"""Given a license string and whitelist and blacklist, determine if the > -license string matches the whitelist and does not match the blacklist. > - > -Returns a tuple holding the boolean state and a list of the applicable > -licenses that were excluded if state is False, or the licenses that were > -included if the state is True. > +def is_included(licensestr, include_licenses=None, exclude_licenses=None): > +"""Given a license a list of list to include and a list of > +licenses to exclude, determine if the license string > +matches the an include list and does not match the > +exclude list. > + > +Returns a tuple holding the boolean state and a list of > +the applicable licenses that were excluded if state is > +False, or the licenses that were included if the state > +is True. > """ > > def include_license(license): > -return any(fnmatch(license, pattern) for pattern in whitelist) > +return any(fnmatch(license, pattern) for pattern in include_licenses) > > def exclude_license(license): > -return any(fnmatch(license, pattern) for pattern in blacklist) > +return any(fnmatch(license, pattern) for pattern in exclude_licenses) > > def choose_licenses(alpha, beta): > """Select the option in an OR which is the 'best' (has the most > included licenses and no excluded licenses).""" > # The factor 1000 below is arbitrary, just expected to be much larger > -# that the number of licenses actually specified. That way the weight > +# than the number of licenses actually specified. That way the weight > # will be negative if the list of licenses contains an excluded > license, > # but still gives a higher weight to the list with the most included > # licenses. > @@ -131,11 +134,11 @@ def is_included(licensestr, whitelist=None, > blacklist=None): > else: > return beta > > -if not whitelist: > -whitelist = ['*'] > +if not include_licenses: > +include = ['*'] > > -if not blacklist: > -blacklist = [] > +if not exclude_licenses: > +exclude = [] > There is a bit of a logic error which causes the selftests to fail. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162342): https://lists.openembedded.org/g/openembedded-core/message/162342 Mute This Topic: https://lists.openembedded.org/mt/89376290/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] systemd: move systemd shared library into its own package
Am 24.02.2022 um 22:06 schrieb Richard Purdie: On Wed, 2022-02-23 at 17:17 +0100, Stefan Herbrechtsmeier wrote: From: Stefan Herbrechtsmeier Move the systemd shared library (libsystemd-shared.so) into its own package to prevent a runtime dependency from udev package to systemd package and thereby to a second init manager. Signed-off-by: Stefan Herbrechtsmeier --- Changes in v2: - Fix SUMMARY override This did trigger a warning on the autobuilder tests: https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/2657/steps/11/logs/warnings I will post a patch to add `INSANE_SKIP:libsystemd-shared += "libdir"` to the recipe. At the moment I have a problem to reproduce the warning. I don't see it on qemux86-64 and have to retest with qemux86. Regards Stefan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162341): https://lists.openembedded.org/g/openembedded-core/message/162341 Mute This Topic: https://lists.openembedded.org/mt/89344344/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-