Re: [OE-core] [PATCH v2 2/2] pip_install_wheel: improved wheel filename guess

[Konrad Weihmann]

On 25.02.22 05:03, Tim Orling wrote:

From: Tim Orling 

Rather than only use PYPI_PACKAGE as a guess, fall back on PN for cases
where a recipe does not inherit pypi.

Wheels can only have alphanumeric characters in the 'distribution'
name [1]. Any other characters are replaced with an underscore. Provide a
function to replace dash with underscore.

[1] https://www.python.org/dev/peps/pep-0491/#escaping-and-unicode

Signed-off-by: Tim Orling 
---
Changes in v2:
address review comments

  meta/classes/pip_install_wheel.bbclass | 6 +-
  1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/classes/pip_install_wheel.bbclass 
b/meta/classes/pip_install_wheel.bbclass
index 8a848c0ebab..9f9feda6ee0 100644
--- a/meta/classes/pip_install_wheel.bbclass
+++ b/meta/classes/pip_install_wheel.bbclass
@@ -1,6 +1,10 @@
  DEPENDS:append = " python3-pip-native"
  
-PIP_INSTALL_PACKAGE ?= "${PYPI_PACKAGE}"

+def guess_pip_install_package_name(d):
+'''https://www.python.org/dev/peps/pep-0491/#escaping-and-unicode'''
+return (d.getVar('PYPI_PACKAGE') or d.getVar('PN')).replace('-', '_')


In my opinion this needs to be BPN not PN - as if you will build 
python3-foo-native (for native only recipes) it will result in 
foo_native-1.2.3-*.whl, that just doesn't exit.
What disappoints me the most is that none of this comes with unit tests 
- it broke for a bunch of stuff I maintain this morning, making my 
morning coffee taste bitter :-(



+
+PIP_INSTALL_PACKAGE ?= "${@guess_pip_install_package_name(d)}"
  PIP_INSTALL_DIST_PATH ?= "${B}/dist"
  PYPA_WHEEL ??= "${PIP_INSTALL_DIST_PATH}/${PIP_INSTALL_PACKAGE}-${PV}-*.whl"
  







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162422): 
https://lists.openembedded.org/g/openembedded-core/message/162422
Mute This Topic: https://lists.openembedded.org/mt/89382270/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v3] setuptools3.bbclass: add check for pyproject.toml

[Richard Purdie]

On Fri, 2022-02-25 at 15:43 -0800, Tim Orling wrote:
> From: Tim Orling 
> 
> With help from Peter Kjellerstedt  via IRC.
> 
> Add a check for pyproject.toml in ${S} and if so check if it has a
> [build-system] build-backend. Give the user a helpful warning that
> the recipe should be changed to one of the PEP-517 classes (instead of
> setuptools3.bbclass).
> 
> Add SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK variable to skip this check (and
> avoid the warning). This is needed for e.g.
> python3-setuptools-rust-native which does not build cleanly with
> setuptools_build_meta.bbclass
> 
> Because some sources have a pyproject.toml but no [build-sytem] or no
> properly defined (or accurate) build-backend, add a try: except: clause
> to avoid KeyError.
> 
> [YOCTO #14736]
> 
> Signed-off-by: Tim Orling 
> ---
>  meta/classes/setuptools3.bbclass | 41 
>  1 file changed, 41 insertions(+)
> 
> diff --git a/meta/classes/setuptools3.bbclass 
> b/meta/classes/setuptools3.bbclass
> index 12561340b07..d80a91d3296 100644
> --- a/meta/classes/setuptools3.bbclass
> +++ b/meta/classes/setuptools3.bbclass
> @@ -18,6 +18,47 @@ setuptools3_do_configure() {
>  :
>  }
>  
> +SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK ?= "0"
> +
> +python check_for_pyprojecttoml_build_backend() {
> +import os
> +import tomli

https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/4833/steps/12/logs/stdio

Exception: ModuleNotFoundError: No module named 'tomli'

Cheers,

Richard

> +from pathlib import Path
> +
> +if d.getVar('SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK') == "1":
> +bb.debug(3, "Skipping check for build-backend in pyproject.toml")
> +return 0
> +warn_string = "The source has a pyproject.toml which declares '%s' as a 
> build backend, please consider 'inherit %s' instead of inheriting 
> setuptools3."
> +warn_layer_string = "The source has a pyproject.toml which declares '%s' 
> as a build backend, please consider 'inherit %s' from %s instead of 
> inheriting setuptools3."
> +pyprojecttoml_file = Path(d.getVar('S'), 'pyproject.toml')
> +if pyprojecttoml_file.exists():
> +bb.debug(3, "pyproject.toml found: %s" % pyprojecttoml_file)
> +with open(pyprojecttoml_file, "rb") as f:
> +pyprojecttoml_dict = tomli.load(f)
> +try:
> +build_system = pyprojecttoml_dict["build-system"]
> +if build_system:
> +bb.debug(3, "[build-system] found in pyproject.toml")
> +backend = build_system.get('build-backend')
> +if backend:
> +bb.debug(3, "build-backend found: %s" % backend)
> +if backend == "flit_core.buildapi":
> +bb.warn(warn_string % ('flit_core.buildapi', 
> +   'flit_core'))
> +elif backend == "setuptools.build_meta":
> +bb.warn(warn_string % ('setuptools.build_meta',
> +  'setuptools_build_meta'))
> +elif backend == "poetry.core.masonry.api":
> +bb.warn(warn_layer_string % 
> ('poetry.core.masonry.api',
> + 'poetry_core', 
> 'meta-python'))
> +else:
> +bb.warn("The source has a pyproject.toml which 
> declares '%s' as a build backend, but this is not currently supported in 
> oe-core." % backend)
> +except KeyError:
> +bb.warn("The source has a pyproject.toml, but either no 
> [build-system] or it is malformed. If the recipe is still buildable with 
> setuptools3, you can skip this check 
> with:\nSETUPTOOLS_SKIP_BUILD_BACKEND_CHECK= \"1\"")
> +pass
> +}
> +do_configure[prefuncs] += "check_for_pyprojecttoml_build_backend"
> +
>  setuptools3_do_compile() {
>  cd ${SETUPTOOLS_SETUP_PATH}
>  NO_FETCH_BUILD=1 \
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162421): 
https://lists.openembedded.org/g/openembedded-core/message/162421
Mute This Topic: https://lists.openembedded.org/mt/89401217/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] bitbake.conf: add ssh-keygen to HOSTTOOLS_NONFATAL

[Markus Volk]

Am 25.02.22 um 16:47 schrieb Richard Purdie:

On Fri, 2022-02-18 at 08:35 +0100, Markus Volk wrote:

Gnome Seahorse needs an external ssh-keygen to build and there is no provider
for it in yocto/oe. openssh-native is not allowed to build and if allowed there
are problems building it with '--enable-pam'.

'ssh' is already set to be added as a HOSTTOOL when it is found.
This commit also adds ssh-keygen.

Signed-off-by: Markus Volk 
---
  meta/conf/bitbake.conf | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index fba99e8f0c..15ea0bc29e 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -499,7 +499,7 @@ HOSTTOOLS += " \
  HOSTTOOLS += "${@'ip ping ps scp ssh stty' if (bb.utils.contains_any('IMAGE_CLASSES', 'testimage testsdk', True, False, d) 
or any(x in (d.getVar("BBINCLUDED") or "") for x in ["testimage.bbclass", 
"testsdk.bbclass"])) else ''}"
  
  # Link to these if present

-HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp socat 
ssh sudo"
+HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp socat 
ssh ssh-keygen sudo"
  

Does it actually need to generate keys or is it just checking for the presence
of the tool? I'm not a big fan of adding new tools like this, particularly as
this could still cause a deterministic build issue...


It looks like there is no need to generate keys. ssh-keygen is only 
looked for to get SSH_KEYGEN_PATH.


https://gitlab.gnome.org/GNOME/seahorse/-/blob/master/meson.build#L48

https://gitlab.gnome.org/GNOME/seahorse/-/blob/master/meson.build#L126

If that Path isn't set compile fails like this:

d -o ssh/libseahorse-ssh.a.p/meson-generated_operation.c.o -c 
ssh/libseahorse-ssh.a.p/operation.c
| ssh/libseahorse-ssh.a.p/operation.c: In function 
'seahorse_ssh_change_passphrase_operation_change_passphrase_async_co':
| ssh/libseahorse-ssh.a.p/operation.c:1834:61: error: 'SSH_KEYGEN_PATH' 
undeclared (first use in this function)
|  1834 | _data_->_tmp15_ = g_strdup_printf ("%s -p -f '%s'", 
SSH_KEYGEN_PATH, _data_->_tmp14_);

| | ^~~
| ssh/libseahorse-ssh.a.p/operation.c:1834:61: note: each undeclared 
identifier is reported only once for each function it appears in
| ssh/libseahorse-ssh.a.p/operation.c: In function 
'seahorse_ssh_generate_operation_generate_async_co':
| ssh/libseahorse-ssh.a.p/operation.c:2032:75: error: 'SSH_KEYGEN_PATH' 
undeclared (first use in this function)
|  2032 | _data_->_tmp12_ = g_strdup_printf ("%s %s -t '%s' -C 
%s -f '%s'", SSH_KEYGEN_PATH, _data_->bits_str, _data_->_tmp11_, 
_data_->comment, _data_->filename);

| | ^~~
| ssh/libseahorse-ssh.a.p/operation.c: In function 
'seahorse_ssh_private_import_operation_import_private_async_co':
| ssh/libseahorse-ssh.a.p/operation.c:2299:61: error: 'SSH_KEYGEN_PATH' 
undeclared (first use in this function)
|  2299 | _data_->_tmp25_ = g_strdup_printf ("%s -y -f '%s'", 
SSH_KEYGEN_PATH, _data_->_tmp24_);


Actually it is not really ideal to derive that  from hosts path. But 
what would be best to do here?


Hack it like this in seahorse.bb?

do_configure:prepend() {
    sed -i "s|ssh_keygen = find_program('ssh-keygen')|#ssh_keygen = 
find_program('ssh-keygen')|" ${S}/meson.build

    sed -i "s|ssh_keygen.path()|'${bindir}/ssh-keygen'|" ${S}/meson.build
}


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162420): 
https://lists.openembedded.org/g/openembedded-core/message/162420
Mute This Topic: https://lists.openembedded.org/mt/89228328/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3 2/2] license.py: rename variales

[Saul Wold]

Signed-off-by: Saul Wold 
---
 meta/lib/oe/license.py | 28 +++-
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py
index b5d378a549b..4cd382b4fd7 100644
--- a/meta/lib/oe/license.py
+++ b/meta/lib/oe/license.py
@@ -99,20 +99,22 @@ def flattened_licenses(licensestr, choose_licenses):
 raise LicenseSyntaxError(licensestr, exc)
 return flatten.licenses
 
-def is_included(licensestr, whitelist=None, blacklist=None):
-"""Given a license string and whitelist and blacklist, determine if the
-license string matches the whitelist and does not match the blacklist.
-
-Returns a tuple holding the boolean state and a list of the applicable
-licenses that were excluded if state is False, or the licenses that were
-included if the state is True.
+def is_included(licensestr, include=None, exclude=None):
+"""Given a license string and include list and exclude list,
+determine if the license string matches the an included
+license and does dont match an excluded license.
+
+Returns a tuple holding the boolean state and a list of
+the applicable licenses that were excluded if state is
+False, or the licenses that were included if the state
+is True.
 """
 
 def include_license(license):
-return any(fnmatch(license, pattern) for pattern in whitelist)
+return any(fnmatch(license, pattern) for pattern in include)
 
 def exclude_license(license):
-return any(fnmatch(license, pattern) for pattern in blacklist)
+return any(fnmatch(license, pattern) for pattern in exclude)
 
 def choose_licenses(alpha, beta):
 """Select the option in an OR which is the 'best' (has the most
@@ -131,11 +133,11 @@ def is_included(licensestr, whitelist=None, 
blacklist=None):
 else:
 return beta
 
-if not whitelist:
-whitelist = ['*']
+if not include:
+include = ['*']
 
-if not blacklist:
-blacklist = []
+if not exclude:
+exclude = []
 
 licenses = flattened_licenses(licensestr, choose_licenses)
 excluded = [lic for lic in licenses if exclude_license(lic)]
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162417): 
https://lists.openembedded.org/g/openembedded-core/message/162417
Mute This Topic: https://lists.openembedded.org/mt/89402861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3 1/2] INCOMPATIBLE_LICENSE re-work

[Saul Wold]

From: Saul Wold 

This re-writes the INCOMPATIBLE_LICENSE checking code to replace
the WHITELIST_ with
INCOMPATIBLE_LICENSE_EXCEPTIONS = ': : ...'

This initial set of changes leaves most of the code structure in
place, but the code in base.bbclass needs to be re-written to make
the check more consistent around packages (PKGS) and not recipe
names (PN). This also is taking into account the changes for SPDX
licenses.

Signed-off-by: Saul Wold 
Signed-off-by: Richard Purdie 
---
 meta/classes/base.bbclass | 26 +-
 meta/classes/license_image.bbclass| 27 +++
 meta/classes/multilib.bbclass |  6 ++---
 meta/conf/bitbake.conf| 10 +++
 .../distro/include/default-distrovars.inc |  2 +-
 .../oeqa/selftest/cases/incompatible_lic.py   | 10 +++
 6 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 55f654d37d0..ddca87d4a8c 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -595,21 +595,23 @@ python () {
 if check_license and bad_licenses:
 bad_licenses = expand_wildcard_licenses(d, bad_licenses)
 
-whitelist = []
-for lic in bad_licenses:
-spdx_license = return_spdx(d, lic)
-whitelist.extend((d.getVar("WHITELIST_" + lic) or "").split())
-if spdx_license:
-whitelist.extend((d.getVar("WHITELIST_" + spdx_license) or 
"").split())
-
-if pn in whitelist:
+exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or 
"").split()
+
+pkg_exceptions = {}
+for exception in exceptions:
+pkg_lic = exception.split(':')
+pkg_exceptions[pkg_lic[0]] = pkg_lic[1]
+
+#if any((pn in execption and incompatible_lic in exception) for 
execption in exceptions):
+if any(execption.startswith(pn + ':') for execption in exceptions):
 '''
-We need to track what we are whitelisting and why. If pn is
-incompatible we need to be able to note that the image that
-is created may infact contain incompatible licenses despite
+We need to track which recipes are in the exception
+list and why. If pn is incompatible we need to be
+able to note that the image that is created may
+infact contain incompatible licenses despite
 INCOMPATIBLE_LICENSE being set.
 '''
-bb.note("Including %s as buildable despite it having an 
incompatible license because it has been whitelisted" % pn)
+bb.note("Including %s as a buildable recipe despite it having 
an incompatible license because it was found in the exception list" % pn)
 else:
 pkgs = d.getVar('PACKAGES').split()
 skipped_pkgs = {}
diff --git a/meta/classes/license_image.bbclass 
b/meta/classes/license_image.bbclass
index bf70bee99bb..c6f04d30733 100644
--- a/meta/classes/license_image.bbclass
+++ b/meta/classes/license_image.bbclass
@@ -54,28 +54,21 @@ def write_license_files(d, license_manifest, pkg_dic, 
rootfs=True):
 bad_licenses = (d.getVar("INCOMPATIBLE_LICENSE") or "").split()
 bad_licenses = expand_wildcard_licenses(d, bad_licenses)
 
-whitelist = []
-for lic in bad_licenses:
-whitelist.extend((d.getVar("WHITELIST_" + lic) or "").split())
-
+exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or "").split()
 with open(license_manifest, "w") as license_file:
 for pkg in sorted(pkg_dic):
-if bad_licenses and pkg not in whitelist:
-try:
+if bad_licenses and not any((pkg + ":") in execption for execption 
in exceptions):
 licenses = incompatible_pkg_license(d, bad_licenses, 
pkg_dic[pkg]["LICENSE"])
 if licenses:
 bb.fatal("Package %s cannot be installed into the 
image because it has incompatible license(s): %s" %(pkg, ' '.join(licenses)))
-(pkg_dic[pkg]["LICENSE"], pkg_dic[pkg]["LICENSES"]) = \
-oe.license.manifest_licenses(pkg_dic[pkg]["LICENSE"],
-bad_licenses, canonical_license, d)
-except oe.license.LicenseError as exc:
-bb.fatal('%s: %s' % (d.getVar('P'), exc))
-else:
-pkg_dic[pkg]["LICENSES"] = re.sub(r'[|&()*]', ' ', 
pkg_dic[pkg]["LICENSE"])
-pkg_dic[pkg]["LICENSES"] = re.sub(r'  *', ' ', 
pkg_dic[pkg]["LICENSES"])
-pkg_dic[pkg]["LICENSES"] = pkg_dic[pkg]["LICENSES"].split()
-if pkg in whitelist:
-oe.qa.handle_error('license-incompatible', "Including %s 
with an incompatible license %s into the image, 

[OE-core] [PATCH v3 2/2] INCOMPATIBLE_LICENSE: add has_pkg_license_exception()

[Saul Wold]

This adds in the new function to check for both package and
license are in the new INCOMPATIBLE_LICENSE_EXCEPTION list.

This has been tested by changing the skeleton/hello to MIT-X
and using that license to verify it will be skipped or not
installed.  oe-selftest was also used.

Signed-off-by: Saul Wold 
Signed-off-by: Richard Purdie 
---
 meta/classes/base.bbclass  | 66 --
 meta/classes/license_image.bbclass |  5 ++-
 meta/lib/oe/license.py | 10 +
 3 files changed, 40 insertions(+), 41 deletions(-)

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index ddca87d4a8c..fccf3df17ff 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -597,46 +597,34 @@ python () {
 
 exceptions = (d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") or 
"").split()
 
-pkg_exceptions = {}
-for exception in exceptions:
-pkg_lic = exception.split(':')
-pkg_exceptions[pkg_lic[0]] = pkg_lic[1]
-
-#if any((pn in execption and incompatible_lic in exception) for 
execption in exceptions):
-if any(execption.startswith(pn + ':') for execption in exceptions):
-'''
-We need to track which recipes are in the exception
-list and why. If pn is incompatible we need to be
-able to note that the image that is created may
-infact contain incompatible licenses despite
-INCOMPATIBLE_LICENSE being set.
-'''
-bb.note("Including %s as a buildable recipe despite it having 
an incompatible license because it was found in the exception list" % pn)
-else:
-pkgs = d.getVar('PACKAGES').split()
-skipped_pkgs = {}
-unskipped_pkgs = []
-for pkg in pkgs:
-incompatible_lic = incompatible_license(d, bad_licenses, 
pkg)
-if incompatible_lic:
-skipped_pkgs[pkg] = incompatible_lic
-else:
-unskipped_pkgs.append(pkg)
-if unskipped_pkgs:
-for pkg in skipped_pkgs:
-bb.debug(1, "Skipping the package %s at do_rootfs 
because of incompatible license(s): %s" % (pkg, ' '.join(skipped_pkgs[pkg])))
-d.setVar('_exclude_incompatible-' + pkg, ' 
'.join(skipped_pkgs[pkg]))
-for pkg in unskipped_pkgs:
-bb.debug(1, "Including the package %s" % pkg)
+pkgs = d.getVar('PACKAGES').split()
+skipped_pkgs = {}
+unskipped_pkgs = []
+for pkg in pkgs:
+pkg_exception = oe.license.has_pkg_license_exception(pkg, 
bad_licenses, exceptions)
+
+incompatible_lic = incompatible_license(d, bad_licenses, pkg)
+if incompatible_lic and not pkg_exception:
+skipped_pkgs[pkg] = incompatible_lic
 else:
-incompatible_lic = incompatible_license(d, bad_licenses)
-for pkg in skipped_pkgs:
-incompatible_lic += skipped_pkgs[pkg]
-incompatible_lic = sorted(list(set(incompatible_lic)))
-
-if incompatible_lic:
-bb.debug(1, "Skipping recipe %s because of 
incompatible license(s): %s" % (pn, ' '.join(incompatible_lic)))
-raise bb.parse.SkipRecipe("it has incompatible 
license(s): %s" % ' '.join(incompatible_lic))
+unskipped_pkgs.append(pkg)
+
+if unskipped_pkgs:
+for pkg in skipped_pkgs:
+bb.warn( "Skipping the package %s at do_rootfs because of 
incompatible license(s): %s" % (pkg, ' '.join(skipped_pkgs[pkg])))
+bb.debug(1, "Skipping the package %s at do_rootfs because 
of incompatible license(s): %s" % (pkg, ' '.join(skipped_pkgs[pkg])))
+d.setVar('_exclude_incompatible-' + pkg, ' 
'.join(skipped_pkgs[pkg]))
+for pkg in unskipped_pkgs:
+bb.debug(1, "Including the package %s" % pkg)
+else:
+incompatible_lic = incompatible_license(d, bad_licenses)
+for pkg in skipped_pkgs:
+incompatible_lic += skipped_pkgs[pkg]
+incompatible_lic = sorted(list(set(incompatible_lic)))
+
+if incompatible_lic:
+bb.warn( "Skipping recipe %s because of incompatible 
license(s): %s" % (pn, ' '.join(incompatible_lic)))
+raise bb.parse.SkipRecipe("it has incompatible license(s): 
%s" % ' '.join(incompatible_lic))
 
 needsrcrev = False
 srcuri = d.getVar('SRC_URI')
diff --git a/meta/classes/license_image.bbclass 
b/meta/classes/license_image.bbclass
index 

Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests

[Richard Purdie]

On Fri, 2022-02-25 at 23:24 +0100, Alexander Kanavin wrote:
> I’m… confused :) Do I need to change something? This particular combination of
> arches is only used for cross manifests, so it shouldn’t touch other things?

Yes, this needs a tweak. Imagine you have a TMPDIR where you build with two
different machines, an x86 one and an arm one.

Your patch as it stands removes the current cross toolchain but not the other
one. The ABI of TMPDIR changes only once so you need to cover all cross recipes
here, not just the current one.

I do worry that globing will uninstall other things too, but I think (I'm not
100% sure) it will then just reinstall them from sstate.

Cheers,

Richard






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162416): 
https://lists.openembedded.org/g/openembedded-core/message/162416
Mute This Topic: https://lists.openembedded.org/mt/89396617/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] flit_core: inherit setuptools3-base

[Tim Orling]

This helps bridge the old setuptools3 behavior.

FILES:${PN} has sane defaults in setuptools3-base

Signed-off-by: Tim Orling 
---
Change in v2:
  minor grammar correction in git commit log

 meta/classes/flit_core.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/flit_core.bbclass b/meta/classes/flit_core.bbclass
index 0f2eec85d0b..8edbd654ff2 100644
--- a/meta/classes/flit_core.bbclass
+++ b/meta/classes/flit_core.bbclass
@@ -1,4 +1,4 @@
-inherit pip_install_wheel python3native python3-dir
+inherit pip_install_wheel python3native python3-dir setuptools3-base
 
 DEPENDS += "python3 python3-flit-core-native python3-pip-native"
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162415): 
https://lists.openembedded.org/g/openembedded-core/message/162415
Mute This Topic: https://lists.openembedded.org/mt/89401476/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3] setuptools3.bbclass: add check for pyproject.toml

[Tim Orling]

From: Tim Orling 

With help from Peter Kjellerstedt  via IRC.

Add a check for pyproject.toml in ${S} and if so check if it has a
[build-system] build-backend. Give the user a helpful warning that
the recipe should be changed to one of the PEP-517 classes (instead of
setuptools3.bbclass).

Add SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK variable to skip this check (and
avoid the warning). This is needed for e.g.
python3-setuptools-rust-native which does not build cleanly with
setuptools_build_meta.bbclass

Because some sources have a pyproject.toml but no [build-sytem] or no
properly defined (or accurate) build-backend, add a try: except: clause
to avoid KeyError.

[YOCTO #14736]

Signed-off-by: Tim Orling 
---
 meta/classes/setuptools3.bbclass | 41 
 1 file changed, 41 insertions(+)

diff --git a/meta/classes/setuptools3.bbclass b/meta/classes/setuptools3.bbclass
index 12561340b07..d80a91d3296 100644
--- a/meta/classes/setuptools3.bbclass
+++ b/meta/classes/setuptools3.bbclass
@@ -18,6 +18,47 @@ setuptools3_do_configure() {
 :
 }
 
+SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK ?= "0"
+
+python check_for_pyprojecttoml_build_backend() {
+import os
+import tomli
+from pathlib import Path
+
+if d.getVar('SETUPTOOLS_SKIP_BUILD_BACKEND_CHECK') == "1":
+bb.debug(3, "Skipping check for build-backend in pyproject.toml")
+return 0
+warn_string = "The source has a pyproject.toml which declares '%s' as a 
build backend, please consider 'inherit %s' instead of inheriting setuptools3."
+warn_layer_string = "The source has a pyproject.toml which declares '%s' 
as a build backend, please consider 'inherit %s' from %s instead of inheriting 
setuptools3."
+pyprojecttoml_file = Path(d.getVar('S'), 'pyproject.toml')
+if pyprojecttoml_file.exists():
+bb.debug(3, "pyproject.toml found: %s" % pyprojecttoml_file)
+with open(pyprojecttoml_file, "rb") as f:
+pyprojecttoml_dict = tomli.load(f)
+try:
+build_system = pyprojecttoml_dict["build-system"]
+if build_system:
+bb.debug(3, "[build-system] found in pyproject.toml")
+backend = build_system.get('build-backend')
+if backend:
+bb.debug(3, "build-backend found: %s" % backend)
+if backend == "flit_core.buildapi":
+bb.warn(warn_string % ('flit_core.buildapi', 
+   'flit_core'))
+elif backend == "setuptools.build_meta":
+bb.warn(warn_string % ('setuptools.build_meta',
+  'setuptools_build_meta'))
+elif backend == "poetry.core.masonry.api":
+bb.warn(warn_layer_string % ('poetry.core.masonry.api',
+ 'poetry_core', 
'meta-python'))
+else:
+bb.warn("The source has a pyproject.toml which 
declares '%s' as a build backend, but this is not currently supported in 
oe-core." % backend)
+except KeyError:
+bb.warn("The source has a pyproject.toml, but either no 
[build-system] or it is malformed. If the recipe is still buildable with 
setuptools3, you can skip this check 
with:\nSETUPTOOLS_SKIP_BUILD_BACKEND_CHECK= \"1\"")
+pass
+}
+do_configure[prefuncs] += "check_for_pyprojecttoml_build_backend"
+
 setuptools3_do_compile() {
 cd ${SETUPTOOLS_SETUP_PATH}
 NO_FETCH_BUILD=1 \
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162414): 
https://lists.openembedded.org/g/openembedded-core/message/162414
Mute This Topic: https://lists.openembedded.org/mt/89401217/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] flit_core: inherit setuptools3-base

[Tim Orling]

This is helps bridge the old setuptools3 behavior.

FILES:${PN} has sane defaults in setuptools3-base

Signed-off-by: Tim Orling 
---
 meta/classes/flit_core.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/flit_core.bbclass b/meta/classes/flit_core.bbclass
index 0f2eec85d0b..8edbd654ff2 100644
--- a/meta/classes/flit_core.bbclass
+++ b/meta/classes/flit_core.bbclass
@@ -1,4 +1,4 @@
-inherit pip_install_wheel python3native python3-dir
+inherit pip_install_wheel python3native python3-dir setuptools3-base
 
 DEPENDS += "python3 python3-flit-core-native python3-pip-native"
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162413): 
https://lists.openembedded.org/g/openembedded-core/message/162413
Mute This Topic: https://lists.openembedded.org/mt/89401200/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests

[Alexander Kanavin]

I’m… confused :) Do I need to change something? This particular combination
of arches is only used for cross manifests, so it shouldn’t touch other
things?

Ale

On Fri 25. Feb 2022 at 22.19, Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:

> On Fri, 2022-02-25 at 20:52 +0100, Alexander Kanavin wrote:
> > Signed-off-by: Alexander Kanavin 
> > ---
> >  meta/classes/sanity.bbclass | 22 +-
> >  meta/conf/abi_version.conf  |  2 +-
> >  2 files changed, 22 insertions(+), 2 deletions(-)
> >
> > diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
> > index 773902e619..9dd829512a 100644
> > --- a/meta/classes/sanity.bbclass
> > +++ b/meta/classes/sanity.bbclass
> > @@ -559,6 +559,23 @@ def sanity_check_conffiles(d):
> >  bb.fatal(str(e))
> >  d.setVar("BB_INVALIDCONF", True)
> >
> > +def drop_v14_cross_builds(d):
> > +i =
> d.expand("${SSTATE_MANIFESTS}/index-${BUILD_ARCH}_${TARGET_ARCH}")
>
> This is nearly there but there is one further small tweak needed.
>
> This will convert the current TARGET_ARCH but we probably need to glob the
> other
> possible options in case there are other things in the TMPDIR. I'm a bit
> worried
> that might match some other things (such as crosssdk) however if it
> removes too
> much, it would restore it from sstate so it might not matter.
>
> Cheers,
>
> Richard
>
>
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162412): 
https://lists.openembedded.org/g/openembedded-core/message/162412
Mute This Topic: https://lists.openembedded.org/mt/89396617/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests

[Richard Purdie]

On Fri, 2022-02-25 at 20:52 +0100, Alexander Kanavin wrote:
> Signed-off-by: Alexander Kanavin 
> ---
>  meta/classes/sanity.bbclass | 22 +-
>  meta/conf/abi_version.conf  |  2 +-
>  2 files changed, 22 insertions(+), 2 deletions(-)
> 
> diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
> index 773902e619..9dd829512a 100644
> --- a/meta/classes/sanity.bbclass
> +++ b/meta/classes/sanity.bbclass
> @@ -559,6 +559,23 @@ def sanity_check_conffiles(d):
>  bb.fatal(str(e))
>  d.setVar("BB_INVALIDCONF", True)
>  
> +def drop_v14_cross_builds(d):
> +i = d.expand("${SSTATE_MANIFESTS}/index-${BUILD_ARCH}_${TARGET_ARCH}")

This is nearly there but there is one further small tweak needed.

This will convert the current TARGET_ARCH but we probably need to glob the other
possible options in case there are other things in the TMPDIR. I'm a bit worried
that might match some other things (such as crosssdk) however if it removes too
much, it would restore it from sstate so it might not matter.

Cheers,

Richard




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162411): 
https://lists.openembedded.org/g/openembedded-core/message/162411
Mute This Topic: https://lists.openembedded.org/mt/89396617/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin 
---
 meta/classes/sanity.bbclass | 22 +-
 meta/conf/abi_version.conf  |  2 +-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 773902e619..9dd829512a 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -559,6 +559,23 @@ def sanity_check_conffiles(d):
 bb.fatal(str(e))
 d.setVar("BB_INVALIDCONF", True)
 
+def drop_v14_cross_builds(d):
+i = d.expand("${SSTATE_MANIFESTS}/index-${BUILD_ARCH}_${TARGET_ARCH}")
+with open(i, "r") as f:
+lines = f.readlines()
+for l in reversed(lines):
+try:
+(stamp, manifest, workdir) = l.split()
+except ValueError:
+bb.fatal("Invalid line '%s' in sstate manifest '%s'" % (l, i))
+import glob
+for m in glob.glob(manifest + ".*"):
+if m.endswith(".postrm"):
+continue
+sstate_clean_manifest(m, d)
+bb.utils.remove(stamp + "*")
+bb.utils.remove(workdir, recurse = True)
+
 def sanity_handle_abichanges(status, d):
 #
 # Check the 'ABI' of TMPDIR
@@ -577,7 +594,10 @@ def sanity_handle_abichanges(status, d):
 status.addresult("The layout of TMPDIR changed for Recipe Specific 
Sysroots.\nConversion doesn't make sense and this change will rebuild 
everything so please delete TMPDIR (%s).\n" % d.getVar("TMPDIR"))
 elif int(abi) <= 13 and current_abi == "14":
 status.addresult("TMPDIR changed to include path filtering from 
the pseudo database.\nIt is recommended to use a clean TMPDIR with the new 
pseudo path filtering so TMPDIR (%s) would need to be removed to continue.\n" % 
d.getVar("TMPDIR"))
-
+elif int(abi) == 14 and current_abi == "15":
+drop_v14_cross_builds(d)
+with open(abifile, "w") as f:
+f.write(current_abi)
 elif (abi != current_abi):
 # Code to convert from one ABI to another could go here if 
possible.
 status.addresult("Error, TMPDIR has changed its layout version 
number (%s to %s) and you need to either rebuild, revert or adjust it at your 
own risk.\n" % (abi, current_abi))
diff --git a/meta/conf/abi_version.conf b/meta/conf/abi_version.conf
index 66df69bb8d..2a08b1208b 100644
--- a/meta/conf/abi_version.conf
+++ b/meta/conf/abi_version.conf
@@ -4,7 +4,7 @@
 # that breaks the format and have been previously discussed on the mailing 
list 
 # with general agreement from the core team.
 #
-OELAYOUT_ABI = "14"
+OELAYOUT_ABI = "15"
 
 #
 # HASHEQUIV_HASH_VERSION is injected into the output hash calculation used by
-- 
2.20.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162410): 
https://lists.openembedded.org/g/openembedded-core/message/162410
Mute This Topic: https://lists.openembedded.org/mt/89396617/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] sstate: do not add TARGET_ARCH to pkgarch for cross recipes.

[Alexander Kanavin]

This is redundant (target arch is already in PN), and breaks
compiling a cross-canadian toolchain, as that needs populating the
sysroot with two different native-hosted toolchains built from
cross recipes. Inserting TARGET_ARCH allows only one or the other.

Signed-off-by: Alexander Kanavin 
---
 meta/classes/sstate.bbclass | 3 +--
 meta/lib/oe/sstatesig.py| 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 787172b408..dc9a2c085b 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -83,7 +83,6 @@ SSTATE_ARCHS = " \
 ${BUILD_ARCH} \
 ${BUILD_ARCH}_${ORIGNATIVELSBSTRING} \
 ${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS} \
-${BUILD_ARCH}_${TARGET_ARCH} \
 ${SDK_ARCH}_${SDK_OS} \
 ${SDK_ARCH}_${PACKAGE_ARCH} \
 allarch \
@@ -138,7 +137,7 @@ python () {
 elif bb.data.inherits_class('crosssdk', d):
 d.setVar('SSTATE_PKGARCH', 
d.expand("${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS}"))
 elif bb.data.inherits_class('cross', d):
-d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}_${TARGET_ARCH}"))
+d.setVar('SSTATE_PKGARCH', d.expand("${BUILD_ARCH}"))
 elif bb.data.inherits_class('nativesdk', d):
 d.setVar('SSTATE_PKGARCH', d.expand("${SDK_ARCH}_${SDK_OS}"))
 elif bb.data.inherits_class('cross-canadian', d):
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index abcd96231e..2cf858e201 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -443,7 +443,7 @@ def find_sstate_manifest(taskdata, taskdata2, taskname, d, 
multilibcache):
 elif "-cross-canadian" in taskdata:
 pkgarchs = ["${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}"]
 elif "-cross-" in taskdata:
-pkgarchs = ["${BUILD_ARCH}_${TARGET_ARCH}"]
+pkgarchs = ["${BUILD_ARCH}"]
 elif "-crosssdk" in taskdata:
 pkgarchs = ["${BUILD_ARCH}_${SDK_ARCH}_${SDK_OS}"]
 else:
-- 
2.20.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162409): 
https://lists.openembedded.org/g/openembedded-core/message/162409
Mute This Topic: https://lists.openembedded.org/mt/89396615/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] musl: Update to latest master

[Khem Raj]

brings in these fixes

  * f8bdc304 fix spurious failures by fgetws when buffer ends with partial 
character
  * 5690668a add missing strerror text for key management
  * 3b7b4155 fix out-of-bound read processing time zone data with distant-past 
dates
  * 75b3412f fix potentially wrong-sign zero in cproj functions at infinity
  * 52f0deb9 make fseek detect and produce an error for invalid whence arguments
  * cbacd638 add SEEK_DATA and SEEK_HOLE to unistd.h

Signed-off-by: Khem Raj 
---
 meta/recipes-core/musl/musl_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/musl/musl_git.bb 
b/meta/recipes-core/musl/musl_git.bb
index 1e33ad5317b..04752f40c45 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -4,7 +4,7 @@
 require musl.inc
 inherit linuxloader
 
-SRCREV = "c4d4028dde90562f631edf559fbc42d8ec1b29de"
+SRCREV = "f8bdc3048216f41eaaf655524fa286cfb1184a70"
 
 BASEVER = "1.2.2"
 
-- 
2.35.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162408): 
https://lists.openembedded.org/g/openembedded-core/message/162408
Mute This Topic: https://lists.openembedded.org/mt/89394318/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] license.py: Correct a comment

[Peter Kjellerstedt]

Signed-off-by: Peter Kjellerstedt 
---
 meta/lib/oe/license.py | 17 +++--
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py
index 79800c2b8f..8955cbdeb2 100644
--- a/meta/lib/oe/license.py
+++ b/meta/lib/oe/license.py
@@ -100,16 +100,13 @@ def flattened_licenses(licensestr, choose_licenses):
 return flatten.licenses
 
 def is_included(licensestr, include_licenses=None, exclude_licenses=None):
-"""Given a license a list of list to include and a list of
-licenses to exclude, determine if the license string
-matches the an include list and does not match the 
-exclude list.
-
-Returns a tuple holding the boolean state and a list of
-the applicable licenses that were excluded if state is
-False, or the licenses that were included if the state
-is True.
-"""
+"""Given a license string, a list of licenses to include and a list of
+licenses to exclude, determine if the license string matches the include
+list and does not match the exclude list.
+
+Returns a tuple holding the boolean state and a list of the applicable
+licenses that were excluded if state is False, or the licenses that were
+included if the state is True."""
 
 def include_license(license):
 return any(fnmatch(license, pattern) for pattern in include_licenses)

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162407): 
https://lists.openembedded.org/g/openembedded-core/message/162407
Mute This Topic: https://lists.openembedded.org/mt/89392672/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3] systemd: move systemd shared library into its own package

[Stefan Herbrechtsmeier]

From: Stefan Herbrechtsmeier 

Move the systemd shared library (libsystemd-shared.so) into its own
package to prevent a runtime dependency from udev package to systemd
package and thereby to a second init manager.

Signed-off-by: Stefan Herbrechtsmeier 

---

Changes in v3:
- Add libdir to INSANE_SKIP for libsystemd-shared package

Changes in v2:
- Fix SUMMARY override

 meta/recipes-core/systemd/systemd_250.3.bb | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd_250.3.bb 
b/meta/recipes-core/systemd/systemd_250.3.bb
index 9121333f56..31c5c55c3f 100644
--- a/meta/recipes-core/systemd/systemd_250.3.bb
+++ b/meta/recipes-core/systemd/systemd_250.3.bb
@@ -371,6 +371,7 @@ PACKAGE_BEFORE_PN = "\
 ${PN}-journal-remote \
 ${PN}-extra-utils \
 ${PN}-udev-rules \
+libsystemd-shared \
 udev \
 udev-hwdb \
 "
@@ -387,6 +388,8 @@ DESCRIPTION:${PN}-journal-upload = "systemd-journal-upload 
uploads journal entri
 SUMMARY:${PN}-journal-remote = "Receive journal messages over the network"
 DESCRIPTION:${PN}-journal-remote = "systemd-journal-remote is a command to 
receive serialized journal events and store them to journal files."
 
+SUMMARY:libsystemd-shared = "Systemd shared library"
+
 SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 
'${PN}-binfmt', '', d)} \
 ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', 
'${PN}-journal-gatewayd', '', d)} \
 ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', 
'${PN}-journal-remote', '', d)} \
@@ -653,6 +656,9 @@ RRECOMMENDS:${PN} += "systemd-extra-utils \
 INSANE_SKIP:${PN} += "dev-so libdir"
 INSANE_SKIP:${PN}-dbg += "libdir"
 INSANE_SKIP:${PN}-doc += " libdir"
+INSANE_SKIP:libsystemd-shared += "libdir"
+
+FILES:libsystemd-shared = "${rootlibexecdir}/systemd/libsystemd-shared*.so"
 
 RPROVIDES:udev = "hotplug"
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162406): 
https://lists.openembedded.org/g/openembedded-core/message/162406
Mute This Topic: https://lists.openembedded.org/mt/89391009/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[v2][oe-core][PATCH 1/1] zip: modify when match.S is built

[Joe Slater]

Use the correct $CPP to test if *.S are buildable,
but do not build match.S because it is not PIC code.

Signed-off-by: Joe Slater 
---
 .../0001-configure-use-correct-CPP.patch  | 47 +++
 ...002-configure-support-PIC-code-build.patch | 34 ++
 meta/recipes-extended/zip/zip_3.0.bb  |  2 +
 3 files changed, 83 insertions(+)
 create mode 100644 
meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
 create mode 100644 
meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch

diff --git 
a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch 
b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
new file mode 100644
index 00..02253f968c
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
@@ -0,0 +1,47 @@
+From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001
+From: Joe Slater 
+Date: Thu, 24 Feb 2022 17:36:59 -0800
+Subject: [PATCH 1/2] configure: use correct CPP
+
+configure uses CPP to test that two assembler routines
+can be built. Unfortunately, it will use /usr/bin/cpp
+if it exists, invalidating the tests.  We use the $CC
+passed to configure.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater 
+---
+ unix/configure | 15 +--
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 73ba803..7e21070 100644
+--- a/unix/configure
 b/unix/configure
+@@ -220,13 +220,16 @@ fi
+ echo Check for the C preprocessor
+ # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
+ CPP="${CC} -E"
++
++# We should not change CPP for yocto builds.
++#
+ # solaris as(1) needs -P, maybe others as well ?
+-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
+-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
+-[ -f /lib/cpp ] && CPP=/lib/cpp
+-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
+-[ -f /xenix ] && CPP="${CC} -E"
+-[ -f /lynx.os ] && CPP="${CC} -E"
++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
++# [ -f /lib/cpp ] && CPP=/lib/cpp
++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
++# [ -f /xenix ] && CPP="${CC} -E"
++# [ -f /lynx.os ] && CPP="${CC} -E"
+ 
+ echo "#include " > conftest.c
+ $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
+-- 
+2.24.1
+
diff --git 
a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch 
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
new file mode 100644
index 00..6e0879616a
--- /dev/null
+++ 
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
@@ -0,0 +1,34 @@
+From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001
+From: Joe Slater 
+Date: Thu, 24 Feb 2022 17:46:03 -0800
+Subject: [PATCH 2/2] configure: support PIC code build
+
+Disable building match.S. The code requires
+relocation in .text.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater 
+---
+ unix/configure | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 7e21070..1bc698b 100644
+--- a/unix/configure
 b/unix/configure
+@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then
+   if test ! -s _match.s || grep error < _match.s > /dev/null; then
+ :
+   elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then
+-CFLAGS="${CFLAGS} -DASMV"
+-OBJA="match.o"
++# disable match.S for PIC code
++# CFLAGS="${CFLAGS} -DASMV"
++# OBJA="match.o"
+ echo "int foo() { return 0;}" > conftest.c
+ $CC -c conftest.c >/dev/null 2>/dev/null
+ echo Check if compiler generates underlines
+-- 
+2.24.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb 
b/meta/recipes-extended/zip/zip_3.0.bb
index 18b5d8648e..f8e0b6e259 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -14,6 +14,8 @@ SRC_URI = 
"${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://fix-security-format.patch \
file://10-remove-build-date.patch \
file://zipnote-crashes-with-segfault.patch \
+   file://0001-configure-use-correct-CPP.patch \
+   file://0002-configure-support-PIC-code-build.patch \
"
 UPSTREAM_VERSION_UNKNOWN = "1"
 
-- 
2.24.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162405): 
https://lists.openembedded.org/g/openembedded-core/message/162405
Mute This Topic: https://lists.openembedded.org/mt/89390793/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] bitbake.conf: add ssh-keygen to HOSTTOOLS_NONFATAL

[Richard Purdie]

On Fri, 2022-02-18 at 08:35 +0100, Markus Volk wrote:
> Gnome Seahorse needs an external ssh-keygen to build and there is no provider
> for it in yocto/oe. openssh-native is not allowed to build and if allowed 
> there
> are problems building it with '--enable-pam'.
> 
> 'ssh' is already set to be added as a HOSTTOOL when it is found.
> This commit also adds ssh-keygen.
> 
> Signed-off-by: Markus Volk 
> ---
>  meta/conf/bitbake.conf | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
> index fba99e8f0c..15ea0bc29e 100644
> --- a/meta/conf/bitbake.conf
> +++ b/meta/conf/bitbake.conf
> @@ -499,7 +499,7 @@ HOSTTOOLS += " \
>  HOSTTOOLS += "${@'ip ping ps scp ssh stty' if 
> (bb.utils.contains_any('IMAGE_CLASSES', 'testimage testsdk', True, False, d) 
> or any(x in (d.getVar("BBINCLUDED") or "") for x in ["testimage.bbclass", 
> "testsdk.bbclass"])) else ''}"
>  
>  # Link to these if present
> -HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp 
> socat ssh sudo"
> +HOSTTOOLS_NONFATAL += "aws gcc-ar gpg gpg-agent ld.bfd ld.gold nc pigz sftp 
> socat ssh ssh-keygen sudo"
>  

Does it actually need to generate keys or is it just checking for the presence
of the tool? I'm not a big fan of adding new tools like this, particularly as
this could still cause a deterministic build issue...

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162404): 
https://lists.openembedded.org/g/openembedded-core/message/162404
Mute This Topic: https://lists.openembedded.org/mt/89228328/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] kernel-devsrc: do not copy Module.symvers file during install

[Oleksandr Ocheretnyi via lists.openembedded.org]

When CONFIG_MODULES is not enabled in kernel config - Module.symvers
generation is not done, which causes the file not to be created.

This fails later in do_install() due to the fact that copy
command in executed for non-existing Module.symvers file.

Check for Module.symvers existence before copy command in executed.

Change-Id: Ie7c0ca5d139d49e1cf8f3cb343aef7905389a761
Signed-off-by: Oleksandr Ocheretnyi 
---
 meta/recipes-kernel/linux/kernel-devsrc.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb 
b/meta/recipes-kernel/linux/kernel-devsrc.bb
index cccf06e12c..8d360ed3f3 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -72,7 +72,9 @@ do_install() {
 (
cd ${B}
 
-   cp Module.symvers $kerneldir/build
+   if [ -s Module.symvers ]; then
+   cp Module.symvers $kerneldir/build
+   fi
cp System.map* $kerneldir/build
if [ -s Module.markers ]; then
cp Module.markers $kerneldir/build
-- 
2.26.2.Cisco


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162403): 
https://lists.openembedded.org/g/openembedded-core/message/162403
Mute This Topic: https://lists.openembedded.org/mt/89390164/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v3 00/32] Python PEP-517: build wheels and install with pip

[Richard Purdie]

On Fri, 2022-02-25 at 14:27 +0100, Konrad Weihmann wrote:
> 
> On 25.02.22 14:16, Richard Purdie wrote:
> > On Thu, 2022-02-24 at 16:52 +0100, Konrad Weihmann wrote:
> > > I got a kind of general question about this patch series and all the
> > > followups: is this still considered to go into the next release?
> > 
> > It is still being considered, yes.
> > 
> > > I'm a bit worried about the fallout of this pretty invasive change -
> > > even though I see that at some point it needs to be done.
> > > 
> > > My understanding is that the "classic" way will stop with Python 3.12,
> > > which doesn't apply to next LTS release - as this will likely remain on
> > > 3.10.
> > > Only downside will be that manual helper files for updates of packages
> > > that are lacking a setup.py needs to be provided (there are already a
> > > few examples how to do it) - not a big deal if you'd ask me.
> > > 
> > > So what's the stand of the project regarding this issue - also keeping
> > > in mind that I think it's already past feature freeze?
> > 
> > This is a tough one to make a decision on and I am conflicted. The change 
> > was
> > flagged up a while ago and has been regularly talked about. It is also 
> > something
> > we all agree will have to happen at some point.
> > 
> > The change is late and has issues but there was a base patchset sent before 
> > the
> > freeze deadline.
> > 
> > This isn't the final release point, it is the point where we stop taking new
> > invasive changes and stabilise and I think it important to keep that in 
> > mind.
> > 
> > Stepping back and thinking about the big picture (and e.g. the ability to 
> > take
> > security fixes into the LTS), I'm leaning towards trying to get it in. One 
> > other
> > consideration is having large delta between the LTS and onging development 
> > and
> > I'd prefer to minimise this particular difference if it is practical to do 
> > so.
> 
> Your argumentation does make sense, but I have to disagree on this 
> particular point.
> The using pip as the default installer and therefore wheels is something 
> that will never (hopefully) get backported, so bringing this change in 
> automatically builds up a huge delta to any other branch - thus here you 
> would create a situation that (I agree) should be avoided.
> 
> Also moving around a few classes and recipe between core and 
> meta-python, will either bind users to including meta-python in every 
> setup or will create situation were people will try to work around these 
> changes.
> 
> I see that this feature has been promised - and it might be bad for the 
> project's reputation to drop it - still if one would ask me, I would 
> prefer to delay it to the next release.
> One potential option would be to offer that one (once mature and tested 
> will a broad set of layers) as a mixin-layer, which then could be used 
> with kirkstone LTS

It is a tough call without a right answer and one I ultimately have to make
based on experience and judgement weighing up the pros and cons.

I did just merge the series as I do think it is now about as ready as things get
without merging and exposing to the wider userbase. We do have time before
release.

FWIW the distutils classes have been showing warnings for a while now so it
shouldn't surprise anyone that they've been removed, that was planned regardless
of the other changes.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162402): 
https://lists.openembedded.org/g/openembedded-core/message/162402
Mute This Topic: https://lists.openembedded.org/mt/89324642/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/3] python3-numpy: Fix pyc determinism issue

[Richard Purdie]

Using frozenset causes problems for pyc file determinism. For now remove
the problematic pyc file as we do in the main python3 recipe.

Signed-off-by: Richard Purdie 
---
 meta/recipes-devtools/python/python3-numpy_1.22.2.bb | 9 +
 1 file changed, 9 insertions(+)

diff --git a/meta/recipes-devtools/python/python3-numpy_1.22.2.bb 
b/meta/recipes-devtools/python/python3-numpy_1.22.2.bb
index d2b2f3e38d5..43e7427eab5 100644
--- a/meta/recipes-devtools/python/python3-numpy_1.22.2.bb
+++ b/meta/recipes-devtools/python/python3-numpy_1.22.2.bb
@@ -30,6 +30,15 @@ do_compile:prepend() {
 export NPY_DISABLE_SVML=1
 }
 
+# Unfortunately the following pyc files are non-deterministc due to 'frozenset'
+# being written without strict ordering, even with PYTHONHASHSEED = 0
+# Upstream is discussing ways to solve the issue properly, until then let's
+# just not install the problematic files.
+# More info: http://benno.id.au/blog/2013/01/15/python-determinism
+do_install:append() {
+   rm 
${D}${PYTHON_SITEPACKAGES_DIR}/numpy/typing/tests/data/pass/__pycache__/literal.cpython*
+}
+
 FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/numpy/core/lib/*.a 
${PYTHON_SITEPACKAGES_DIR}/numpy/random/lib/*.a"
 
 # install what is needed for numpy.test()
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162401): 
https://lists.openembedded.org/g/openembedded-core/message/162401
Mute This Topic: https://lists.openembedded.org/mt/89389652/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/3] python-pip: Improve reproducibility

[Richard Purdie]

Pip installed wheels are not reproducible currently. The direct_url
files encode an installation path and the installed wheels compile
the python files at their location, not their final install location
which is incorrect.

To fix this, simply disable the direct_urls and pass the "root" to
the python compile function to strip that path out of the compiled
files.

Signed-off-by: Richard Purdie 
---
 .../python/python3-pip/reproducible.patch | 74 +++
 .../python/python3-pip_22.0.3.bb  |  1 +
 2 files changed, 75 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-pip/reproducible.patch

diff --git a/meta/recipes-devtools/python/python3-pip/reproducible.patch 
b/meta/recipes-devtools/python/python3-pip/reproducible.patch
new file mode 100644
index 000..538bb94f7ad
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pip/reproducible.patch
@@ -0,0 +1,74 @@
+Pip installed wheels are not reproducible currently. The direct_url
+files encode an installation path and the installed wheels compile
+the python files at their location, not their final install location
+which is incorrect.
+
+To fix this, simply disable the direct_urls and pass the "root" to
+the python compile function to strip that path out of the compiled
+files.
+
+A version of this patch, perhaps stripping root from the direct_urls
+may be something that could be considered by upstream.
+
+Signed-off-by: Richard Purdie 
+
+Upstream-Status: Pending
+
+Index: pip-22.0.3/src/pip/_internal/req/req_install.py
+===
+--- pip-22.0.3.orig/src/pip/_internal/req/req_install.py
 pip-22.0.3/src/pip/_internal/req/req_install.py
+@@ -758,7 +758,9 @@ class InstallRequirement:
+ if self.is_wheel:
+ assert self.local_file_path
+ direct_url = None
+-if self.editable:
++if '_PYTHON_SYSCONFIGDATA_NAME' in os.environ:
++direct_url = None
++elif self.editable:
+ direct_url = 
direct_url_for_editable(self.unpacked_source_directory)
+ elif self.original_link:
+ direct_url = direct_url_from_link(
+@@ -775,6 +777,7 @@ class InstallRequirement:
+ warn_script_location=warn_script_location,
+ direct_url=direct_url,
+ requested=self.user_supplied,
++root=root,
+ )
+ self.install_succeeded = True
+ return
+Index: pip-22.0.3/src/pip/_internal/operations/install/wheel.py
+===
+--- pip-22.0.3.orig/src/pip/_internal/operations/install/wheel.py
 pip-22.0.3/src/pip/_internal/operations/install/wheel.py
+@@ -436,6 +436,7 @@ def _install_wheel(
+ warn_script_location: bool = True,
+ direct_url: Optional[DirectUrl] = None,
+ requested: bool = False,
++root: str = None,
+ ) -> None:
+ """Install a wheel.
+ 
+@@ -612,7 +613,7 @@ def _install_wheel(
+ with warnings.catch_warnings():
+ warnings.filterwarnings("ignore")
+ for path in pyc_source_file_paths():
+-success = compileall.compile_file(path, force=True, 
quiet=True)
++success = compileall.compile_file(path, force=True, 
quiet=True, stripdir=root)
+ if success:
+ pyc_path = pyc_output_path(path)
+ assert os.path.exists(pyc_path)
+@@ -723,6 +724,7 @@ def install_wheel(
+ warn_script_location: bool = True,
+ direct_url: Optional[DirectUrl] = None,
+ requested: bool = False,
++root: str = None,
+ ) -> None:
+ with ZipFile(wheel_path, allowZip64=True) as z:
+ with req_error_context(req_description):
+@@ -735,4 +737,5 @@ def install_wheel(
+ warn_script_location=warn_script_location,
+ direct_url=direct_url,
+ requested=requested,
++root=root,
+ )
diff --git a/meta/recipes-devtools/python/python3-pip_22.0.3.bb 
b/meta/recipes-devtools/python/python3-pip_22.0.3.bb
index e02ea5bd3d2..7eb9fb69ba4 100644
--- a/meta/recipes-devtools/python/python3-pip_22.0.3.bb
+++ b/meta/recipes-devtools/python/python3-pip_22.0.3.bb
@@ -14,6 +14,7 @@ DEPENDS:append:class-native = " unzip-native"
 
 SRC_URI += "file://0001-change-shebang-to-python3.patch"
 SRC_URI += "file://no_shebang_mangling.patch"
+SRC_URI += "file://reproducible.patch"
 
 SRC_URI[sha256sum] = 
"f29d589df8c8ab99c060e68ad294c4a9ed896624f6368c5349d70aa581b333d0"
 
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162399): 
https://lists.openembedded.org/g/openembedded-core/message/162399
Mute This Topic: https://lists.openembedded.org/mt/89389650/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: 

[OE-core] [PATCH 2/3] pip_install_wheel: Recompile modified files

[Richard Purdie]

If we modify the file, we need to recompile the pyc files since the file
hash has changed. This would otherwise result in reproducibility failrues.

Signed-off-by: Richard Purdie 
---
 meta/classes/pip_install_wheel.bbclass | 5 +
 1 file changed, 5 insertions(+)

diff --git a/meta/classes/pip_install_wheel.bbclass 
b/meta/classes/pip_install_wheel.bbclass
index f0312e0b1eb..8a848c0ebab 100644
--- a/meta/classes/pip_install_wheel.bbclass
+++ b/meta/classes/pip_install_wheel.bbclass
@@ -32,6 +32,11 @@ pip_install_wheel_do_install () {
 sed -i -e "1s,#!.*nativepython3,#!${USRBINPATH}/env 
${PIP_INSTALL_PYTHON}," $i
 sed -i -e "s:${PYTHON}:${USRBINPATH}/env\ ${PIP_INSTALL_PYTHON}:g" 
$i
 sed -i -e "s:${STAGING_BINDIR_NATIVE}:${bindir}:g" $i
+# Recompile after modifying it
+cd ${D}
+file=`echo $i | sed 's:^${D}/::'`
+${STAGING_BINDIR_NATIVE}/python3-native/python3 -c "from 
py_compile import compile; compile('$file')"
+cd -
 fi
 done
 }
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162400): 
https://lists.openembedded.org/g/openembedded-core/message/162400
Mute This Topic: https://lists.openembedded.org/mt/89389651/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 3/3] insane: use HOST_ variables, not TARGET_ to determine the cross system

[Alexander Kanavin]

On Fri, 25 Feb 2022 at 15:30, Ross Burton  wrote:
> > -target_os   = d.getVar('TARGET_OS')
> > -target_arch = d.getVar('TARGET_ARCH')
> > +target_os   = d.getVar('HOST_OS')
> > +target_arch = d.getVar('HOST_ARCH')
> >  provides = d.getVar('PROVIDES')
> >  bpn = d.getVar('BPN')
>
> Interestingly I was just looking at this code.  Does this change mean
> we can remove the skipping of nativesdk recipes in the arch check?

I don't know, the only answer I have is 'patches welcome' :)

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162398): 
https://lists.openembedded.org/g/openembedded-core/message/162398
Mute This Topic: https://lists.openembedded.org/mt/89366545/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 3/3] insane: use HOST_ variables, not TARGET_ to determine the cross system

[Ross Burton]

On Thu, 24 Feb 2022 at 15:03, Alexander Kanavin  wrote:
> Almost everywhere those are the same, except when making a cross toolchain
> where HOST_ is where it's going to run, and TARGET_ is what it's going to
> produce.
>
> Signed-off-by: Alexander Kanavin 
> ---
>  meta/classes/insane.bbclass | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
> index 4fc3c06c64..890e865a8f 100644
> --- a/meta/classes/insane.bbclass
> +++ b/meta/classes/insane.bbclass
> @@ -325,8 +325,8 @@ def package_qa_check_arch(path,name,d, elf, messages):
>  if not elf:
>  return
>
> -target_os   = d.getVar('TARGET_OS')
> -target_arch = d.getVar('TARGET_ARCH')
> +target_os   = d.getVar('HOST_OS')
> +target_arch = d.getVar('HOST_ARCH')
>  provides = d.getVar('PROVIDES')
>  bpn = d.getVar('BPN')

Interestingly I was just looking at this code.  Does this change mean
we can remove the skipping of nativesdk recipes in the arch check?

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162397): 
https://lists.openembedded.org/g/openembedded-core/message/162397
Mute This Topic: https://lists.openembedded.org/mt/89366545/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 50/50] grub: add a fix for a crash in scripts

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a crash in grub's script handling. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...void-crash-when-using-outside-a-func.patch | 37 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch

diff --git 
a/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch
 
b/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch
new file mode 100644
index 00..84117a9073
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0046-script-execute-Avoid-crash-when-using-outside-a-func.patch
@@ -0,0 +1,37 @@
+From df2505c4c3cf42b0c419c99a5f9e1ce63e5a5938 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens 
+Date: Mon, 11 Jan 2021 17:30:42 +1100
+Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a
+ function scope
+
+"$#" represents the number of arguments to a function. It is only
+defined in a function scope, where "scope" is non-NULL. Currently,
+if we attempt to evaluate "$#" outside a function scope, "scope" will
+be NULL and we will crash with a NULL pointer dereference.
+
+Do not attempt to count arguments for "$#" if "scope" is NULL. This
+will result in "$#" being interpreted as an empty string if evaluated
+outside a function scope.
+
+Signed-off-by: Daniel Axtens 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fe0586347ee46f927ae27bb9673532da9f5dead5]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/script/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 5ea2aef..23d34bd 100644
+--- a/grub-core/script/execute.c
 b/grub-core/script/execute.c
+@@ -485,7 +485,7 @@ gettext_putvar (const char *str, grub_size_t len,
+ return 0;
+ 
+   /* Enough for any number.  */
+-  if (len == 1 && str[0] == '#')
++  if (len == 1 && str[0] == '#' && scope != NULL)
+ {
+   grub_snprintf (*ptr, 30, "%u", scope->argv.argc);
+   *ptr += grub_strlen (*ptr);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 0454b09d52..75ef31f249 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -92,6 +92,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \

file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \

file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
+   
file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162396): 
https://lists.openembedded.org/g/openembedded-core/message/162396
Mute This Topic: https://lists.openembedded.org/mt/89389068/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 47/50] grub: fix incorrect use of a negative value

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...x-incorrect-use-of-a-possibly-negati.patch | 50 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch

diff --git 
a/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
 
b/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
new file mode 100644
index 00..66d7c0aa42
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch
@@ -0,0 +1,50 @@
+From e301a0f38a2130eb80f346c31e43bf5089af583c Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 4 Dec 2020 15:04:28 +
+Subject: [PATCH] util/glue-efi: Fix incorrect use of a possibly negative value
+
+It is possible for the ftell() function to return a negative value,
+although it is fairly unlikely here, we should be checking for
+a negative value before we assign it to an unsigned value.
+
+Fixes: CID 73744
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72]
+Signed-off-by: Marta Rybczynska 
+---
+ util/glue-efi.c | 14 --
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/util/glue-efi.c b/util/glue-efi.c
+index 68f5316..de0fa6d 100644
+--- a/util/glue-efi.c
 b/util/glue-efi.c
+@@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char 
*out_filename,
+   struct grub_macho_fat_header head;
+   struct grub_macho_fat_arch arch32, arch64;
+   grub_uint32_t size32, size64;
++  long size;
+   char *buf;
+ 
+   fseek (in32, 0, SEEK_END);
+-  size32 = ftell (in32);
++  size = ftell (in32);
++  if (size < 0)
++grub_util_error ("cannot get end of input file '%s': %s",
++   name32, strerror (errno));
++  size32 = (grub_uint32_t) size;
+   fseek (in32, 0, SEEK_SET);
++
+   fseek (in64, 0, SEEK_END);
+-  size64 = ftell (in64);
++  size = ftell (in64);
++  if (size < 0)
++grub_util_error ("cannot get end of input file '%s': %s",
++   name64, strerror (errno));
++  size64 = (grub_uint64_t) size;
+   fseek (in64, 0, SEEK_SET);
+ 
+   head.magic = grub_cpu_to_le32_compile_time (GRUB_MACHO_FAT_EFI_MAGIC);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a1fbc5e644..2f230065b2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -89,6 +89,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \

file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
+   
file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162393): 
https://lists.openembedded.org/g/openembedded-core/message/162393
Mute This Topic: https://lists.openembedded.org/mt/89389064/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 49/50] grub: avoid a NULL pointer dereference

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ire-device_name-is-not-NULL-before-p.patch | 33 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch

diff --git 
a/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
 
b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
new file mode 100644
index 00..5a327fe1d2
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch
@@ -0,0 +1,33 @@
+From dd82f98fa642907817f59aeaf3761b786898df85 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens 
+Date: Mon, 11 Jan 2021 16:57:37 +1100
+Subject: [PATCH] commands/ls: Require device_name is not NULL before printing
+
+This can be triggered with:
+  ls -l (0 0*)
+and causes a NULL deref in grub_normal_print_device_info().
+
+I'm not sure if there's any implication with the IEEE 1275 platform.
+
+Signed-off-by: Daniel Axtens 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6afbe6063c95b827372f9ec310c9fc7461311eb1]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/commands/ls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c
+index 5b7491a..326d2d6 100644
+--- a/grub-core/commands/ls.c
 b/grub-core/commands/ls.c
+@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, 
int human)
+   goto fail;
+ }
+ 
+-  if (! *path)
++  if (! *path && device_name)
+ {
+   if (grub_errno == GRUB_ERR_UNKNOWN_FS)
+   grub_errno = GRUB_ERR_NONE;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 84b8b8d1be..0454b09d52 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -91,6 +91,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \

file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \

file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
+   
file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162395): 
https://lists.openembedded.org/g/openembedded-core/message/162395
Mute This Topic: https://lists.openembedded.org/mt/89389067/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 48/50] grub: add a fix for a NULL pointer dereference

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ix-NULL-dereference-in-grub_script_e.patch | 28 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch

diff --git 
a/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
 
b/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
new file mode 100644
index 00..b279222fff
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch
@@ -0,0 +1,28 @@
+From f5fb56954e5926ced42a980c3e0842ffd5fea2aa Mon Sep 17 00:00:00 2001
+From: Daniel Axtens 
+Date: Fri, 3 Apr 2020 23:05:13 +1100
+Subject: [PATCH] script/execute: Fix NULL dereference in
+ grub_script_execute_cmdline()
+
+Signed-off-by: Daniel Axtens 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=41ae93b2e6c75453514629bcfe684300e3aec0ce]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/script/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 7e028e1..5ea2aef 100644
+--- a/grub-core/script/execute.c
 b/grub-core/script/execute.c
+@@ -940,7 +940,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
+   struct grub_script_argv argv = { 0, 0, 0 };
+ 
+   /* Lookup the command.  */
+-  if (grub_script_arglist_to_argv (cmdline->arglist, ) || ! argv.args[0])
++  if (grub_script_arglist_to_argv (cmdline->arglist, ) || ! argv.args || 
! argv.args[0])
+ return grub_errno;
+ 
+   for (i = 0; i < argv.argc; i++)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2f230065b2..84b8b8d1be 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -90,6 +90,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \

file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \

file://0043-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch \
+   
file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162394): 
https://lists.openembedded.org/g/openembedded-core/message/162394
Mute This Topic: https://lists.openembedded.org/mt/89389066/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 46/50] grub: add a fix for an incorrect cast

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...v-Fix-incorrect-casting-of-a-signed-.patch | 46 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch

diff --git 
a/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
 
b/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
new file mode 100644
index 00..0cd8ec3611
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch
@@ -0,0 +1,46 @@
+From 3d68daf2567aace4b52bd238cfd4a8111af3bc04 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 5 Nov 2020 14:33:50 +
+Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value
+
+The return value of ftell() may be negative (-1) on error. While it is
+probably unlikely to occur, we should not blindly cast to an unsigned
+value without first testing that it is not negative.
+
+Fixes: CID 73856
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5dc41edc4eba259c6043ae7698c245ec1baaacc6]
+Signed-off-by: Marta Rybczynska 
+---
+ util/grub-editenv.c | 8 +++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-editenv.c b/util/grub-editenv.c
+index f3662c9..db6f187 100644
+--- a/util/grub-editenv.c
 b/util/grub-editenv.c
+@@ -125,6 +125,7 @@ open_envblk_file (const char *name)
+ {
+   FILE *fp;
+   char *buf;
++  long loc;
+   size_t size;
+   grub_envblk_t envblk;
+ 
+@@ -143,7 +144,12 @@ open_envblk_file (const char *name)
+ grub_util_error (_("cannot seek `%s': %s"), name,
+strerror (errno));
+ 
+-  size = (size_t) ftell (fp);
++  loc = ftell (fp);
++  if (loc < 0)
++grub_util_error (_("cannot get file location `%s': %s"), name,
++   strerror (errno));
++
++  size = (size_t) loc;
+ 
+   if (fseek (fp, 0, SEEK_SET) < 0)
+ grub_util_error (_("cannot seek `%s': %s"), name,
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7ca0b469e9..a1fbc5e644 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -88,6 +88,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \

file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \
+   
file://0042-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162392): 
https://lists.openembedded.org/g/openembedded-core/message/162392
Mute This Topic: https://lists.openembedded.org/mt/89389061/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 45/50] grub: add a fix for NULL pointer dereference

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...nstall-Fix-NULL-pointer-dereferences.patch | 41 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch

diff --git 
a/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch
 
b/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch
new file mode 100644
index 00..ea563a41a0
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0041-util-grub-install-Fix-NULL-pointer-dereferences.patch
@@ -0,0 +1,41 @@
+From 5d2dd0052474a882a22e47cc8c3ed87a01819f6b Mon Sep 17 00:00:00 2001
+From: Daniel Kiper 
+Date: Thu, 25 Feb 2021 18:35:01 +0100
+Subject: [PATCH] util/grub-install: Fix NULL pointer dereferences
+
+Two grub_device_open() calls does not have associated NULL checks
+for returned values. Fix that and appease the Coverity.
+
+Fixes: CID 314583
+
+Signed-off-by: Daniel Kiper 
+Reviewed-by: Javier Martinez Canillas 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b3a95655b4391122e7b0315d8cc6f876caf8183]
+Signed-off-by: Marta Rybczynska 
+---
+ util/grub-install.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/util/grub-install.c b/util/grub-install.c
+index a82725f..367350f 100644
+--- a/util/grub-install.c
 b/util/grub-install.c
+@@ -1775,6 +1775,8 @@ main (int argc, char *argv[])
+ fill_core_services (core_services);
+ 
+ ins_dev = grub_device_open (install_drive);
++if (ins_dev == NULL)
++  grub_util_error ("%s", grub_errmsg);
+ 
+ bless (ins_dev, core_services, 0);
+ 
+@@ -1875,6 +1877,8 @@ main (int argc, char *argv[])
+ fill_core_services(core_services);
+ 
+ ins_dev = grub_device_open (install_drive);
++if (ins_dev == NULL)
++  grub_util_error ("%s", grub_errmsg);
+ 
+ bless (ins_dev, boot_efi, 1);
+ if (!removable && update_nvram)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index fad7415e0d..7ca0b469e9 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -87,6 +87,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0038-loader-xnu-Fix-memory-leak.patch \

file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \

file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
+   file://0041-util-grub-install-Fix-NULL-pointer-dereferences.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162391): 
https://lists.openembedded.org/g/openembedded-core/message/162391
Mute This Topic: https://lists.openembedded.org/mt/89389060/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 44/50] grub: add a check for a NULL pointer

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...k-if-pointer-is-NULL-before-using-it.patch | 42 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch

diff --git 
a/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
 
b/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
new file mode 100644
index 00..8081f7763a
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch
@@ -0,0 +1,42 @@
+From 778a3fffd19229e5650a1abfb06c974949991cd4 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo 
+Date: Mon, 30 Nov 2020 10:36:00 -0300
+Subject: [PATCH] loader/xnu: Check if pointer is NULL before using it
+
+Fixes: CID 73654
+
+Signed-off-by: Paulo Flabiano Smorigo 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7c8a2b5d1421a0f2a33d33531f7561f3da93b844]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/loader/xnu.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 39ceff8..adc048c 100644
+--- a/grub-core/loader/xnu.c
 b/grub-core/loader/xnu.c
+@@ -667,6 +667,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t 
binaryfile,
+   char *name, *nameend;
+   int namelen;
+ 
++  if (infoplistname == NULL)
++return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing p-list filename"));
++
+   name = get_name_ptr (infoplistname);
+   nameend = grub_strchr (name, '/');
+ 
+@@ -698,10 +701,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t 
binaryfile,
+   else
+ macho = 0;
+ 
+-  if (infoplistname)
+-infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST);
+-  else
+-infoplist = 0;
++  infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST);
+   grub_errno = GRUB_ERR_NONE;
+   if (infoplist)
+ {
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index eebe9a7233..fad7415e0d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -86,6 +86,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
file://0038-loader-xnu-Fix-memory-leak.patch \

file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
+   
file://0040-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162390): 
https://lists.openembedded.org/g/openembedded-core/message/162390
Mute This Topic: https://lists.openembedded.org/mt/89389059/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 43/50] grub: avoid a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...driverkey-data-when-an-error-is-dete.patch | 77 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 78 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch

diff --git 
a/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
 
b/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
new file mode 100644
index 00..f9ad0fc34c
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch
@@ -0,0 +1,77 @@
+From 81117a77a9e945ee5e7c1f12bd5667e2a16cbe32 Mon Sep 17 00:00:00 2001
+From: Marco A Benatto 
+Date: Mon, 30 Nov 2020 12:18:24 -0300
+Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
+ grub_xnu_writetree_toheap()
+
+... to avoid memory leaks.
+
+Fixes: CID 96640
+
+Signed-off-by: Marco A Benatto 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4b4027b6b1c877d7ab467896b04c7bd1aadcfa15]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/loader/xnu.c | 24 
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index b3029a8..39ceff8 100644
+--- a/grub-core/loader/xnu.c
 b/grub-core/loader/xnu.c
+@@ -224,26 +224,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, 
grub_size_t *size)
+   if (! memorymap)
+ return grub_errno;
+ 
+-  driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof 
(*driverkey));
++  driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof 
(*driverkey));
+   if (! driverkey)
+ return grub_errno;
+   driverkey->name = grub_strdup ("DeviceTree");
+   if (! driverkey->name)
+-return grub_errno;
++{
++  err = grub_errno;
++  goto fail;
++}
++
+   driverkey->datasize = sizeof (*extdesc);
+   driverkey->next = memorymap->first_child;
+   memorymap->first_child = driverkey;
+   driverkey->data = extdesc
+ = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
+   if (! driverkey->data)
+-return grub_errno;
++{
++  err = grub_errno;
++  goto fail;
++}
+ 
+   /* Allocate the space based on the size with dummy value. */
+   *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
+   err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
+ , target);
+   if (err)
+-return err;
++goto fail;
+ 
+   /* Put real data in the dummy. */
+   extdesc->addr = *target;
+@@ -252,6 +259,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, 
grub_size_t *size)
+   /* Write the tree to heap. */
+   grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
+   return GRUB_ERR_NONE;
++
++ fail:
++  memorymap->first_child = NULL;
++
++  grub_free (driverkey->data);
++  grub_free (driverkey->name);
++  grub_free (driverkey);
++
++  return err;
+ }
+ 
+ /* Find a key or value in parent key. */
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c9e7a06a3f..eebe9a7233 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -85,6 +85,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
file://0038-loader-xnu-Fix-memory-leak.patch \
+   
file://0039-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162389): 
https://lists.openembedded.org/g/openembedded-core/message/162389
Mute This Topic: https://lists.openembedded.org/mt/89389058/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 42/50] grub: add a fix for a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 .../0038-loader-xnu-Fix-memory-leak.patch | 38 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch

diff --git a/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch 
b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch
new file mode 100644
index 00..41f09a22fc
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0038-loader-xnu-Fix-memory-leak.patch
@@ -0,0 +1,38 @@
+From 0a4aa7c16f65cdfaa1013f0796afa929f8d6dc1a Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 26 Nov 2020 12:53:10 +
+Subject: [PATCH] loader/xnu: Fix memory leak
+
+The code here is finished with the memory stored in name, but it only
+frees it if there curvalue is valid, while it could actually free it
+regardless.
+
+The fix is a simple relocation of the grub_free() to before the test
+of curvalue.
+
+Fixes: CID 96646
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bcb59ece3263d118510c4440c4da0950f224bb7f]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/loader/xnu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 07232d2..b3029a8 100644
+--- a/grub-core/loader/xnu.c
 b/grub-core/loader/xnu.c
+@@ -1388,9 +1388,9 @@ grub_xnu_fill_devicetree (void)
+ name[len] = 0;
+ 
+ curvalue = grub_xnu_create_value (curkey, name);
++grub_free (name);
+ if (!curvalue)
+   return grub_errno;
+-grub_free (name);
+
+ data = grub_malloc (grub_strlen (var->value) + 1);
+ if (!data)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 8b55afccbb..c9e7a06a3f 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -84,6 +84,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \

file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
+   file://0038-loader-xnu-Fix-memory-leak.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162388): 
https://lists.openembedded.org/g/openembedded-core/message/162388
Mute This Topic: https://lists.openembedded.org/mt/89389056/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 41/50] grub: fix checking for NULL

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ader-bsd-Check-for-NULL-arg-up-front.patch | 47 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch

diff --git 
a/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch 
b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch
new file mode 100644
index 00..34643e10ab
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0037-loader-bsd-Check-for-NULL-arg-up-front.patch
@@ -0,0 +1,47 @@
+From 7899384c8fdf9ed96566978c49b0c6e40e70703d Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 8 Dec 2020 21:47:13 +
+Subject: [PATCH] loader/bsd: Check for NULL arg up-front
+
+The code in the next block suggests that it is possible for .set to be
+true but .arg may still be NULL.
+
+This code assumes that it is never NULL, yet later is testing if it is
+NULL - that is inconsistent.
+
+So we should check first if .arg is not NULL, and remove this check that
+is being flagged by Coverity since it is no longer required.
+
+Fixes: CID 292471
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/loader/i386/bsd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
+index b92cbe9..8432283 100644
+--- a/grub-core/loader/i386/bsd.c
 b/grub-core/loader/i386/bsd.c
+@@ -1605,7 +1605,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, 
char *argv[])
+   kernel_type = KERNEL_TYPE_OPENBSD;
+   bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags);
+ 
+-  if (ctxt->state[OPENBSD_ROOT_ARG].set)
++  if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg 
!= NULL)
+ {
+   const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg;
+   unsigned type, unit, part;
+@@ -1622,7 +1622,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, 
char *argv[])
+  "unknown disk type name");
+ 
+   unit = grub_strtoul (arg, (char **) , 10);
+-  if (! (arg && *arg >= 'a' && *arg <= 'z'))
++  if (! (*arg >= 'a' && *arg <= 'z'))
+   return grub_error (GRUB_ERR_BAD_ARGUMENT,
+  "only device specifications of form "
+  " are supported");
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1a4be33fca..8b55afccbb 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -83,6 +83,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \

file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \

file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
+   file://0037-loader-bsd-Check-for-NULL-arg-up-front.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162387): 
https://lists.openembedded.org/g/openembedded-core/message/162387
Mute This Topic: https://lists.openembedded.org/mt/89389055/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 40/50] grub: remove dead code

[Steve Sakoman]

From: Marta Rybczynska 

This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...-Remove-code-that-coverity-is-flaggi.patch | 34 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch

diff --git 
a/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
 
b/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
new file mode 100644
index 00..61e5e5797d
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch
@@ -0,0 +1,34 @@
+From 9433cb3a37c03f22c2fa769121f1f509fd031ae9 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Mon, 7 Dec 2020 14:44:47 +
+Subject: [PATCH] gfxmenu/gui_list: Remove code that coverity is flagging as
+ dead
+
+The test of value for NULL before calling grub_strdup() is not required,
+since the if condition prior to this has already tested for value being
+NULL and cannot reach this code if it is.
+
+Fixes: CID 73659
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=4a1aa5917595650efbd46b581368c470ebee42ab]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/gfxmenu/gui_list.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c
+index 01477cd..df334a6 100644
+--- a/grub-core/gfxmenu/gui_list.c
 b/grub-core/gfxmenu/gui_list.c
+@@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const 
char *value)
+ {
+   self->need_to_recreate_boxes = 1;
+   grub_free (self->selected_item_box_pattern);
+-  self->selected_item_box_pattern = value ? grub_strdup (value) : 0;
++  self->selected_item_box_pattern = grub_strdup (value);
+   self->selected_item_box_pattern_inherit = 0;
+ }
+ }
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 75782b7eb2..1a4be33fca 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -82,6 +82,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \

file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \
+   
file://0036-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162386): 
https://lists.openembedded.org/g/openembedded-core/message/162386
Mute This Topic: https://lists.openembedded.org/mt/89389053/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 39/50] grub: test for malformed jpeg files

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...eg-Test-for-an-invalid-next-marker-r.patch | 38 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch

diff --git 
a/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
 
b/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
new file mode 100644
index 00..3fca2aecb5
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
@@ -0,0 +1,38 @@
+From 88361a7fd4e481a76e1159a63c9014fa997ef29c Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 4 Dec 2020 15:39:00 +
+Subject: [PATCH] video/readers/jpeg: Test for an invalid next marker reference
+ from a jpeg file
+
+While it may never happen, and potentially could be caught at the end of
+the function, it is worth checking up front for a bad reference to the
+next marker just in case of a maliciously crafted file being provided.
+
+Fixes: CID 73694
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5f5eb7ca8e971227e95745abe541df3e1509360e]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/video/readers/jpeg.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 31359a4..0b6ce3c 100644
+--- a/grub-core/video/readers/jpeg.c
 b/grub-core/video/readers/jpeg.c
+@@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
+   next_marker = data->file->offset;
+   next_marker += grub_jpeg_get_word (data);
+ 
++  if (next_marker > data->file->size)
++{
++  /* Should never be set beyond the size of the file. */
++  return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid next 
reference");
++}
++
+   while (data->file->offset + sizeof (data->quan_table[id]) + 1
+<= next_marker)
+ {
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 04c9b4c092..75782b7eb2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -81,6 +81,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \
+   
file://0035-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162385): 
https://lists.openembedded.org/g/openembedded-core/message/162385
Mute This Topic: https://lists.openembedded.org/mt/89389051/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 38/50] grub: fix a possible integer overflow

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...deo_fb-Fix-possible-integer-overflow.patch | 39 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch

diff --git 
a/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch
 
b/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch
new file mode 100644
index 00..c82b2c7df0
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0034-video-fb-video_fb-Fix-possible-integer-overflow.patch
@@ -0,0 +1,39 @@
+From aac5574ff340a665ccc78d4c3d61596ac67acbbe Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 4 Dec 2020 14:51:30 +
+Subject: [PATCH] video/fb/video_fb: Fix possible integer overflow
+
+It is minimal possibility that the values being used here will overflow.
+So, change the code to use the safemath function grub_mul() to ensure
+that doesn't happen.
+
+Fixes: CID 73761
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/video/fb/video_fb.c | 8 +++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index 1c9a138..ae6b89f 100644
+--- a/grub-core/video/fb/video_fb.c
 b/grub-core/video/fb/video_fb.c
+@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct 
grub_video_mode_info *mode_info,
+volatile void *page1_ptr)
+ {
+   grub_err_t err;
+-  grub_size_t page_size = mode_info->pitch * mode_info->height;
++  grub_size_t page_size = 0;
++
++  if (grub_mul (mode_info->pitch, mode_info->height, _size))
++{
++  /* Shouldn't happen, but if it does we've a bug. */
++  return GRUB_ERR_BUG;
++}
+ 
+   framebuffer.offscreen_buffer = grub_malloc (page_size);
+   if (! framebuffer.offscreen_buffer)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 8b5b9e3b3e..04c9b4c092 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -80,6 +80,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
file://0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch \
+   file://0034-video-fb-video_fb-Fix-possible-integer-overflow.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162384): 
https://lists.openembedded.org/g/openembedded-core/message/162384
Mute This Topic: https://lists.openembedded.org/mt/89389049/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 37/50] grub: fix multiple integer overflows

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...eo_fb-Fix-multiple-integer-overflows.patch | 104 ++
 meta/recipes-bsp/grub/grub2.inc   |   1 +
 2 files changed, 105 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch

diff --git 
a/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch
 
b/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch
new file mode 100644
index 00..544e7f31ae
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0033-video-fb-video_fb-Fix-multiple-integer-overflows.patch
@@ -0,0 +1,104 @@
+From 69b91f7466a5ad5fb85039a5b4118efb77ad6347 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Wed, 4 Nov 2020 14:43:44 +
+Subject: [PATCH] video/fb/video_fb: Fix multiple integer overflows
+
+The calculation of the unsigned 64-bit value is being generated by
+multiplying 2, signed or unsigned, 32-bit integers which may overflow
+before promotion to unsigned 64-bit. Fix all of them.
+
+Fixes: CID 73703, CID 73767, CID 73833
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=08e098b1dbf01e96376f594b337491bc4cfa48dd]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/video/fb/video_fb.c | 52 ---
+ 1 file changed, 36 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index 1a602c8..1c9a138 100644
+--- a/grub-core/video/fb/video_fb.c
 b/grub-core/video/fb/video_fb.c
+@@ -25,6 +25,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1417,15 +1418,23 @@ doublebuf_blit_update_screen (void)
+ {
+   if (framebuffer.current_dirty.first_line
+   <= framebuffer.current_dirty.last_line)
+-grub_memcpy ((char *) framebuffer.pages[0]
+-   + framebuffer.current_dirty.first_line
+-   * framebuffer.back_target->mode_info.pitch,
+-   (char *) framebuffer.back_target->data
+-   + framebuffer.current_dirty.first_line
+-   * framebuffer.back_target->mode_info.pitch,
+-   framebuffer.back_target->mode_info.pitch
+-   * (framebuffer.current_dirty.last_line
+-  - framebuffer.current_dirty.first_line));
++{
++  grub_size_t copy_size;
++
++  if (grub_sub (framebuffer.current_dirty.last_line,
++  framebuffer.current_dirty.first_line, _size) ||
++grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, 
_size))
++  {
++/* Shouldn't happen, but if it does we've a bug. */
++return GRUB_ERR_BUG;
++  }
++
++  grub_memcpy ((char *) framebuffer.pages[0] + 
framebuffer.current_dirty.first_line *
++ framebuffer.back_target->mode_info.pitch,
++ (char *) framebuffer.back_target->data + 
framebuffer.current_dirty.first_line *
++ framebuffer.back_target->mode_info.pitch,
++ copy_size);
++}
+   framebuffer.current_dirty.first_line
+ = framebuffer.back_target->mode_info.height;
+   framebuffer.current_dirty.last_line = 0;
+@@ -1439,7 +1448,7 @@ grub_video_fb_doublebuf_blit_init (struct 
grub_video_fbrender_target **back,
+  volatile void *framebuf)
+ {
+   grub_err_t err;
+-  grub_size_t page_size = mode_info.pitch * mode_info.height;
++  grub_size_t page_size = (grub_size_t) mode_info.pitch * mode_info.height;
+ 
+   framebuffer.offscreen_buffer = grub_zalloc (page_size);
+   if (! framebuffer.offscreen_buffer)
+@@ -1482,12 +1491,23 @@ doublebuf_pageflipping_update_screen (void)
+ last_line = framebuffer.previous_dirty.last_line;
+ 
+   if (first_line <= last_line)
+-grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page]
+-   + first_line * framebuffer.back_target->mode_info.pitch,
+-   (char *) framebuffer.back_target->data
+-   + first_line * framebuffer.back_target->mode_info.pitch,
+-   framebuffer.back_target->mode_info.pitch
+-   * (last_line - first_line));
++{
++  grub_size_t copy_size;
++
++  if (grub_sub (last_line, first_line, _size) ||
++grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, 
_size))
++  {
++/* Shouldn't happen, but if it does we've a bug. */
++return GRUB_ERR_BUG;
++  }
++
++  grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] + 
first_line *
++ framebuffer.back_target->mode_info.pitch,
++ (char *) 

[OE-core][dunfell 36/50] grub: fix an integer overflow

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...bfill-Fix-potential-integer-overflow.patch | 78 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch

diff --git 
a/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch
 
b/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch
new file mode 100644
index 00..8165ea3f71
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0032-video-fb-fbfill-Fix-potential-integer-overflow.patch
@@ -0,0 +1,78 @@
+From 99ecf5a44b99d529a6405fe276bedcefa3657a0a Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Wed, 4 Nov 2020 15:10:51 +
+Subject: [PATCH] video/fb/fbfill: Fix potential integer overflow
+
+The multiplication of 2 unsigned 32-bit integers may overflow before
+promotion to unsigned 64-bit. We should ensure that the multiplication
+is done with overflow detection. Additionally, use grub_sub() for
+subtraction.
+
+Fixes: CID 73640, CID 73697, CID 73702, CID 73823
+
+Signed-off-by: Darren Kenny 
+Signed-off-by: Marco A Benatto 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/video/fb/fbfill.c | 17 +
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c
+index 11816d0..a37acd1 100644
+--- a/grub-core/video/fb/fbfill.c
 b/grub-core/video/fb/fbfill.c
+@@ -31,6 +31,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ #include 
+ 
+ /* Generic filler that works for every supported mode.  */
+@@ -61,7 +62,9 @@ grub_video_fbfill_direct32 (struct grub_video_fbblit_info 
*dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+  to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) ||
++  grub_sub (dst->mode_info->pitch, rowskip, ))
++return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -98,7 +101,9 @@ grub_video_fbfill_direct24 (struct grub_video_fbblit_info 
*dst,
+ #endif
+   /* Calculate the number of bytes to advance from the end of one line
+  to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) ||
++  grub_sub (dst->mode_info->pitch, rowskip, ))
++return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -131,7 +136,9 @@ grub_video_fbfill_direct16 (struct grub_video_fbblit_info 
*dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+  to the beginning of the next line.  */
+-  rowskip = (dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width);
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) ||
++  grub_sub (dst->mode_info->pitch, rowskip, ))
++return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -161,7 +168,9 @@ grub_video_fbfill_direct8 (struct grub_video_fbblit_info 
*dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+  to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, ) ||
++  grub_sub (dst->mode_info->pitch, rowskip, ))
++return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 24a269d90d..710ab5e361 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -78,6 +78,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
file://0030-commands-hashsum-Fix-a-memory-leak.patch \

file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
+   file://0032-video-fb-fbfill-Fix-potential-integer-overflow.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162382): 

[OE-core][dunfell 35/50] grub: remove unneeded return value

[Steve Sakoman]

From: Marta Rybczynska 

This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...move-unnecessary-return-value-of-gru.patch | 94 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 95 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch

diff --git 
a/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
 
b/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
new file mode 100644
index 00..7e4e951245
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch
@@ -0,0 +1,94 @@
+From 2a1e5659763790201a342f8a897c8c9d8d91b1cc Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 8 Dec 2020 21:14:31 +
+Subject: [PATCH] video/efi_gop: Remove unnecessary return value of
+ grub_video_gop_fill_mode_info()
+
+The return value of grub_video_gop_fill_mode_info() is never able to be
+anything other than GRUB_ERR_NONE. So, rather than continue to return
+a value and checking it each time, it is more correct to redefine the
+function to not return anything and remove checks of its return value
+altogether.
+
+Fixes: CID 96701
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=fc5951d3b1616055ef81a019a5affc09d13344d0]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/video/efi_gop.c | 25 ++---
+ 1 file changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
+index 7f9d1c2..db2ee98 100644
+--- a/grub-core/video/efi_gop.c
 b/grub-core/video/efi_gop.c
+@@ -227,7 +227,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode,
+   return GRUB_ERR_NONE;
+ }
+ 
+-static grub_err_t
++static void
+ grub_video_gop_fill_mode_info (unsigned mode,
+  struct grub_efi_gop_mode_info *in,
+  struct grub_video_mode_info *out)
+@@ -252,8 +252,6 @@ grub_video_gop_fill_mode_info (unsigned mode,
+   out->blit_format = GRUB_VIDEO_BLIT_FORMAT_BGRA_;
+   out->mode_type |= (GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
+| GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
+-
+-  return GRUB_ERR_NONE;
+ }
+ 
+ static int
+@@ -266,7 +264,6 @@ grub_video_gop_iterate (int (*hook) (const struct 
grub_video_mode_info *info, vo
+   grub_efi_uintn_t size;
+   grub_efi_status_t status;
+   struct grub_efi_gop_mode_info *info = NULL;
+-  grub_err_t err;
+   struct grub_video_mode_info mode_info;
+
+   status = efi_call_4 (gop->query_mode, gop, mode, , );
+@@ -277,12 +274,7 @@ grub_video_gop_iterate (int (*hook) (const struct 
grub_video_mode_info *info, vo
+ continue;
+   }
+ 
+-  err = grub_video_gop_fill_mode_info (mode, info, _info);
+-  if (err)
+-  {
+-grub_errno = GRUB_ERR_NONE;
+-continue;
+-  }
++  grub_video_gop_fill_mode_info (mode, info, _info);
+   if (hook (_info, hook_arg))
+   return 1;
+ }
+@@ -466,13 +458,8 @@ grub_video_gop_setup (unsigned int width, unsigned int 
height,
+ 
+   info = gop->mode->info;
+ 
+-  err = grub_video_gop_fill_mode_info (gop->mode->mode, info,
+- _info);
+-  if (err)
+-{
+-  grub_dprintf ("video", "GOP: couldn't fill mode info\n");
+-  return err;
+-}
++  grub_video_gop_fill_mode_info (gop->mode->mode, info,
++   _info);
+ 
+   framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
+   framebuffer.offscreen
+@@ -486,8 +473,8 @@ grub_video_gop_setup (unsigned int width, unsigned int 
height,
+ {
+   grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
+   grub_errno = 0;
+-  err = grub_video_gop_fill_mode_info (gop->mode->mode, info,
+- _info);
++  grub_video_gop_fill_mode_info (gop->mode->mode, info,
++   _info);
+   buffer = framebuffer.ptr;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index d18e329b96..24a269d90d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -77,6 +77,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0028-syslinux-Fix-memory-leak-while-parsing.patch \

file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
file://0030-commands-hashsum-Fix-a-memory-leak.patch \
+   
file://0031-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch \
"
 

[OE-core][dunfell 34/50] grub: fix a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...0-commands-hashsum-Fix-a-memory-leak.patch | 56 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch

diff --git 
a/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch 
b/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch
new file mode 100644
index 00..e34a19e12c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0030-commands-hashsum-Fix-a-memory-leak.patch
@@ -0,0 +1,56 @@
+From b136fa14d26d1833ffcb852f86e65da5960cfb99 Mon Sep 17 00:00:00 2001
+From: Chris Coulson 
+Date: Tue, 1 Dec 2020 23:41:24 +
+Subject: [PATCH] commands/hashsum: Fix a memory leak
+
+check_list() uses grub_file_getline(), which allocates a buffer.
+If the hash list file contains invalid lines, the function leaks
+this buffer when it returns an error.
+
+Fixes: CID 176635
+
+Signed-off-by: Chris Coulson 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/commands/hashsum.c | 15 ---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c
+index 456ba90..b8a22b0 100644
+--- a/grub-core/commands/hashsum.c
 b/grub-core/commands/hashsum.c
+@@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char 
*hashfilename,
+ high = hextoval (*p++);
+ low = hextoval (*p++);
+ if (high < 0 || low < 0)
+-  return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++  {
++grub_free (buf);
++return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++  }
+ expected[i] = (high << 4) | low;
+   }
+   if ((p[0] != ' ' && p[0] != '\t') || (p[1] != ' ' && p[1] != '\t'))
+-  return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++  {
++grub_free (buf);
++return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++  }
+   p += 2;
+   if (prefix)
+   {
+@@ -140,7 +146,10 @@ check_list (const gcry_md_spec_t *hash, const char 
*hashfilename,
+ 
+ filename = grub_xasprintf ("%s/%s", prefix, p);
+ if (!filename)
+-  return grub_errno;
++  {
++grub_free (buf);
++return grub_errno;
++  }
+ file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH
+| (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS
+   : GRUB_FILE_TYPE_NONE));
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1460e559b9..d18e329b96 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -76,6 +76,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
file://0028-syslinux-Fix-memory-leak-while-parsing.patch \

file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
+   file://0030-commands-hashsum-Fix-a-memory-leak.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162380): 
https://lists.openembedded.org/g/openembedded-core/message/162380
Mute This Topic: https://lists.openembedded.org/mt/89389042/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 33/50] grub: add a fix for a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...n-Fix-leaking-of-memory-when-process.patch | 52 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch

diff --git 
a/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch
 
b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch
new file mode 100644
index 00..8a26e5bc5b
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0029-normal-completion-Fix-leaking-of-memory-when-process.patch
@@ -0,0 +1,52 @@
+From 2367049d2021e00d82d19cee923e06a4b04ebc30 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 4 Dec 2020 18:56:48 +
+Subject: [PATCH] normal/completion: Fix leaking of memory when processing a
+ completion
+
+It is possible for the code to reach the end of the function without
+freeing the memory allocated to argv and argc still to be 0.
+
+We should always call grub_free(argv). The grub_free() will handle
+a NULL argument correctly if it reaches that code without the memory
+being allocated.
+
+Fixes: CID 96672
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9213575b7a95b514bce80be5964a28d407d7d56d]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/normal/completion.c | 10 --
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c
+index 5961028..46e473c 100644
+--- a/grub-core/normal/completion.c
 b/grub-core/normal/completion.c
+@@ -400,8 +400,8 @@ char *
+ grub_normal_do_completion (char *buf, int *restore,
+  void (*hook) (const char *, grub_completion_type_t, 
int))
+ {
+-  int argc;
+-  char **argv;
++  int argc = 0;
++  char **argv = NULL;
+ 
+   /* Initialize variables.  */
+   match = 0;
+@@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore,
+ 
+  fail:
+   if (argc != 0)
+-{
+-  grub_free (argv[0]);
+-  grub_free (argv);
+-}
++grub_free (argv[0]);
++  grub_free (argv);
+   grub_free (match);
+   grub_errno = GRUB_ERR_NONE;
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c965f0fd15..1460e559b9 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -75,6 +75,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
file://0028-syslinux-Fix-memory-leak-while-parsing.patch \
+   
file://0029-normal-completion-Fix-leaking-of-memory-when-process.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162379): 
https://lists.openembedded.org/g/openembedded-core/message/162379
Mute This Topic: https://lists.openembedded.org/mt/89389041/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 32/50] grub: add a fix for a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...slinux-Fix-memory-leak-while-parsing.patch | 43 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch

diff --git 
a/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch 
b/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch
new file mode 100644
index 00..d8c21d88f7
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0028-syslinux-Fix-memory-leak-while-parsing.patch
@@ -0,0 +1,43 @@
+From ea12feb69b6af93c7e2fa03df7ac3bd1f4edd599 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 26 Nov 2020 15:31:53 +
+Subject: [PATCH] syslinux: Fix memory leak while parsing
+
+In syslinux_parse_real() the 2 points where return is being called
+didn't release the memory stored in buf which is no longer required.
+
+Fixes: CID 176634
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=95bc016dba94cab3d398dd74160665915cd08ad6]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/lib/syslinux_parse.c | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c
+index 4afa992..3acc6b4 100644
+--- a/grub-core/lib/syslinux_parse.c
 b/grub-core/lib/syslinux_parse.c
+@@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu)
+ && grub_strncasecmp ("help", ptr3, ptr4 - ptr3) == 0))
+   {
+ if (helptext (ptr5, file, menu))
+-  return 1;
++  {
++grub_free (buf);
++return 1;
++  }
+ continue;
+   }
+ 
+@@ -757,6 +760,7 @@ syslinux_parse_real (struct syslinux_menu *menu)
+ }
+  fail:
+   grub_file_close (file);
++  grub_free (buf);
+   return err;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ef409bdd6a..c965f0fd15 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -74,6 +74,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0025-affs-Fix-memory-leaks.patch \

file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
+   file://0028-syslinux-Fix-memory-leak-while-parsing.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162378): 
https://lists.openembedded.org/g/openembedded-core/message/162378
Mute This Topic: https://lists.openembedded.org/mt/89389037/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 31/50] grub: add a fix for a possible NULL dereference

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...pt-mpi-Fix-possible-NULL-dereference.patch | 33 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch

diff --git 
a/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
 
b/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
new file mode 100644
index 00..08299d021e
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch
@@ -0,0 +1,33 @@
+From d26c8771293637b0465f2cb67d97cb58bacc62da Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 26 Nov 2020 10:41:54 +
+Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference
+
+The code in gcry_mpi_scan() assumes that buffer is not NULL, but there
+is no explicit check for that, so we add one.
+
+Fixes: CID 73757
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ae0f3fabeba7b393113d5dc185b6aff9b728136d]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/lib/libgcrypt/mpi/mpicoder.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c 
b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+index 7ecad27..6fe3891 100644
+--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
 b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum 
gcry_mpi_format format,
+   unsigned int len;
+   int secure = (buffer && gcry_is_secure (buffer));
+ 
++  if (!buffer)
++return gcry_error (GPG_ERR_INV_ARG);
++
+   if (format == GCRYMPI_FMT_SSH)
+ len = 0;
+   else
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index be35ac04ef..ef409bdd6a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -73,6 +73,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
file://0025-affs-Fix-memory-leaks.patch \

file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
+   file://0027-libgcrypt-mpi-Fix-possible-NULL-dereference.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162377): 
https://lists.openembedded.org/g/openembedded-core/message/162377
Mute This Topic: https://lists.openembedded.org/mt/89389036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 30/50] grub: add a fix for a possible unintended sign extension

[Steve Sakoman]

From: Marta Rybczynska 

This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...x-possible-unintended-sign-extension.patch | 36 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch

diff --git 
a/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
 
b/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
new file mode 100644
index 00..f500f1a296
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch
@@ -0,0 +1,36 @@
+From 9b16d7bcad1c7fea7f26eb2fb3af1a5ca70ba34e Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 3 Nov 2020 16:43:37 +
+Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension
+
+The array of unsigned char gets promoted to a signed 32-bit int before
+it is finally promoted to a size_t. There is the possibility that this
+may result in the signed-bit being set for the intermediate signed
+32-bit int. We should ensure that the promotion is to the correct type
+before we bitwise-OR the values.
+
+Fixes: CID 96697
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e8814c811132a70f9b55418f7567378a34ad3883]
+Signed-off-by: Marta Rybczynska 
+
+---
+ grub-core/lib/libgcrypt/mpi/mpicoder.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c 
b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+index a3435ed..7ecad27 100644
+--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
 b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum 
gcry_mpi_format format,
+   if (len && len < 4)
+ return gcry_error (GPG_ERR_TOO_SHORT);
+ 
+-  n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
++  n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | 
(size_t)s[3]);
+   s += 4;
+   if (len)
+ len -= 4;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 13e2b1600d..be35ac04ef 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -72,6 +72,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0023-zfs-Fix-possible-integer-overflows.patch \

file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
file://0025-affs-Fix-memory-leaks.patch \
+   
file://0026-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162376): 
https://lists.openembedded.org/g/openembedded-core/message/162376
Mute This Topic: https://lists.openembedded.org/mt/89389035/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 29/50] grub: add a fix for a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 .../files/0025-affs-Fix-memory-leaks.patch| 82 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 83 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch

diff --git a/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch 
b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
new file mode 100644
index 00..435130516c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
@@ -0,0 +1,82 @@
+From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 26 Nov 2020 12:48:07 +
+Subject: [PATCH] affs: Fix memory leaks
+
+The node structure reference is being allocated but not freed if it
+reaches the end of the function. If any of the hooks had returned
+a non-zero value, then node would have been copied in to the context
+reference, but otherwise node is not stored and should be freed.
+
+Similarly, the call to grub_affs_create_node() replaces the allocated
+memory in node with a newly allocated structure, leaking the existing
+memory pointed by node.
+
+Finally, when dir->parent is set, then we again replace node with newly
+allocated memory, which seems unnecessary when we copy in the values
+from dir->parent immediately after.
+
+Fixes: CID 73759
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/fs/affs.c | 18 --
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 220b371..230e26a 100644
+--- a/grub-core/fs/affs.c
 b/grub-core/fs/affs.c
+@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ {
+   unsigned int i;
+   struct grub_affs_file file;
+-  struct grub_fshelp_node *node = 0;
++  struct grub_fshelp_node *node, *orig_node;
+   struct grub_affs_data *data = dir->data;
+   grub_uint32_t *hashtable;
+ 
+   /* Create the directory entries for `.' and `..'.  */
+-  node = grub_zalloc (sizeof (*node));
++  node = orig_node = grub_zalloc (sizeof (*node));
+   if (!node)
+ return 1;
+ 
+@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ return 1;
+   if (dir->parent)
+ {
+-  node = grub_zalloc (sizeof (*node));
+-  if (!node)
+-  return 1;
+   *node = *dir->parent;
+   if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
+   return 1;
+@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ 
+ if (grub_affs_create_node (dir, hook, hook_data, , ,
+next, ))
+-  return 1;
++  {
++/* Node has been replaced in function. */
++grub_free (orig_node);
++return 1;
++  }
+ 
+ next = grub_be_to_cpu32 (file.next);
+   }
+ }
+ 
+-  grub_free (hashtable);
+-  return 0;
+-
+  fail:
+-  grub_free (node);
++  grub_free (orig_node);
+   grub_free (hashtable);
+   return 0;
+ }
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a660c069db..13e2b1600d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -71,6 +71,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
file://0023-zfs-Fix-possible-integer-overflows.patch \

file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
+   file://0025-affs-Fix-memory-leaks.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162375): 
https://lists.openembedded.org/g/openembedded-core/message/162375
Mute This Topic: https://lists.openembedded.org/mt/89389034/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 28/50] grub: fix an error check

[Steve Sakoman]

From: Marta Rybczynska 

This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...-a-check-for-error-allocating-memory.patch | 35 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch

diff --git 
a/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
 
b/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
new file mode 100644
index 00..555dc19168
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch
@@ -0,0 +1,35 @@
+From b085da8efda9b81f94aa197ee045226563554fdf Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 26 Nov 2020 10:56:45 +
+Subject: [PATCH] zfsinfo: Correct a check for error allocating memory
+
+While arguably the check for grub_errno is correct, we should really be
+checking the return value from the function since it is always possible
+that grub_errno was set elsewhere, making this code behave incorrectly.
+
+Fixes: CID 73668
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7aab03418ec6a9b991aa44416cb2585aff4e7972]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/fs/zfs/zfsinfo.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c
+index c8a28ac..bf29180 100644
+--- a/grub-core/fs/zfs/zfsinfo.c
 b/grub-core/fs/zfs/zfsinfo.c
+@@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ 
((unused)), int argc,
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+ 
+   devname = grub_file_get_device_name (args[0]);
+-  if (grub_errno)
+-return grub_errno;
++  if (devname == NULL)
++return GRUB_ERR_OUT_OF_MEMORY;
+ 
+   dev = grub_device_open (devname);
+   grub_free (devname);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 9158fc7f50..a660c069db 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -70,6 +70,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0021-zfs-Fix-possible-negative-shift-operation.patch \
file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
file://0023-zfs-Fix-possible-integer-overflows.patch \
+   
file://0024-zfsinfo-Correct-a-check-for-error-allocating-memory.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162374): 
https://lists.openembedded.org/g/openembedded-core/message/162374
Mute This Topic: https://lists.openembedded.org/mt/89389033/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 17/50] grub: add a fix for unnecessary assignements

[Steve Sakoman]

From: Marta Rybczynska 

Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...e-unnecessary-self-assignment-errors.patch | 41 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch

diff --git 
a/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
 
b/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
new file mode 100644
index 00..1190b0d090
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch
@@ -0,0 +1,41 @@
+From c529ca446424f1a9c64f0007dfe31fa7645d13ac Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Wed, 21 Oct 2020 14:44:10 +
+Subject: [PATCH] io/lzopio: Resolve unnecessary self-assignment errors
+
+These 2 assignments are unnecessary since they are just assigning
+to themselves.
+
+Fixes: CID 73643
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=59666e520f44177c97b82a44c169b3b315d63b42]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/io/lzopio.c | 4 
+ 1 file changed, 4 deletions(-)
+
+diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c
+index 3014485..a7d4425 100644
+--- a/grub-core/io/lzopio.c
 b/grub-core/io/lzopio.c
+@@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio)
+ sizeof (lzopio->block.ucheck)) !=
+ sizeof (lzopio->block.ucheck))
+   return -1;
+-
+-  lzopio->block.ucheck = lzopio->block.ucheck;
+ }
+ 
+   /* Read checksum of compressed data.  */
+@@ -143,8 +141,6 @@ read_block_header (struct grub_lzopio *lzopio)
+ sizeof (lzopio->block.ccheck)) !=
+ sizeof (lzopio->block.ccheck))
+   return -1;
+-
+-lzopio->block.ccheck = lzopio->block.ccheck;
+   }
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 4ddb9fc4f1..1906a28f30 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -59,6 +59,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \
+   
file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162363): 
https://lists.openembedded.org/g/openembedded-core/message/162363
Mute This Topic: https://lists.openembedded.org/mt/89389013/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 27/50] grub: add a fix for possible integer overflows

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...3-zfs-Fix-possible-integer-overflows.patch | 56 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch

diff --git 
a/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch 
b/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch
new file mode 100644
index 00..8df758b41f
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0023-zfs-Fix-possible-integer-overflows.patch
@@ -0,0 +1,56 @@
+From ec35d862f3567671048aa0d0d8ad1ded1fd25336 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 8 Dec 2020 22:17:04 +
+Subject: [PATCH] zfs: Fix possible integer overflows
+
+In all cases the problem is that the value being acted upon by
+a left-shift is a 32-bit number which is then being used in the
+context of a 64-bit number.
+
+To avoid overflow we ensure that the number being shifted is 64-bit
+before the shift is done.
+
+Fixes: CID 73684, CID 73695, CID 73764
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=302c12ff5714bc455949117c1c9548ccb324d55b]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/fs/zfs/zfs.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 9087a72..b078ccc 100644
+--- a/grub-core/fs/zfs/zfs.c
 b/grub-core/fs/zfs/zfs.c
+@@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array,
+   ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array
+   + ((i << ub_shift)
+  / sizeof (grub_properly_aligned_t)));
+-  err = uberblock_verify (ubptr, offset, 1 << ub_shift);
++  err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift);
+   if (err)
+   {
+ grub_errno = GRUB_ERR_NONE;
+@@ -1543,7 +1543,7 @@ read_device (grub_uint64_t offset, struct 
grub_zfs_device_desc *desc,
+ 
+   high = grub_divmod64 ((offset >> desc->ashift) + c,
+ desc->n_children, );
+-  csize = bsize << desc->ashift;
++  csize = (grub_size_t) bsize << desc->ashift;
+   if (csize > len)
+ csize = len;
+ 
+@@ -1635,8 +1635,8 @@ read_device (grub_uint64_t offset, struct 
grub_zfs_device_desc *desc,
+ 
+   while (len > 0)
+ {
+-  grub_size_t csize;
+-  csize = ((s / (desc->n_children - desc->nparity))
++  grub_size_t csize = s;
++  csize = ((csize / (desc->n_children - desc->nparity))
+<< desc->ashift);
+   if (csize > len)
+ csize = len;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1630235edd..9158fc7f50 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -69,6 +69,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
file://0021-zfs-Fix-possible-negative-shift-operation.patch \
file://0022-zfs-Fix-resource-leaks-while-constructing-path.patch \
+   file://0023-zfs-Fix-possible-integer-overflows.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162373): 
https://lists.openembedded.org/g/openembedded-core/message/162373
Mute This Topic: https://lists.openembedded.org/mt/89389032/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 26/50] grub: add a fix for a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...source-leaks-while-constructing-path.patch | 121 ++
 meta/recipes-bsp/grub/grub2.inc   |   1 +
 2 files changed, 122 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch

diff --git 
a/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch
 
b/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch
new file mode 100644
index 00..5ded5520e9
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0022-zfs-Fix-resource-leaks-while-constructing-path.patch
@@ -0,0 +1,121 @@
+From 83fdffc07ec4586b375ab36189f255ffbd8f99c2 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo 
+Date: Mon, 14 Dec 2020 18:54:49 -0300
+Subject: [PATCH] zfs: Fix resource leaks while constructing path
+
+There are several exit points in dnode_get_path() that are causing possible
+memory leaks.
+
+In the while(1) the correct exit mechanism should not be to do a direct return,
+but to instead break out of the loop, setting err first if it is not already 
set.
+
+The reason behind this is that the dnode_path is a linked list, and while doing
+through this loop, it is being allocated and built up - the only way to
+correctly unravel it is to traverse it, which is what is being done at the end
+of the function outside of the loop.
+
+Several of the existing exit points correctly did a break, but not all so this
+change makes that more consistent and should resolve the leaking of memory as
+found by Coverity.
+
+Fixes: CID 73741
+
+Signed-off-by: Paulo Flabiano Smorigo 
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=89bdab965805e8d54d7f75349024e1a11cbe2eb8]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/fs/zfs/zfs.c | 30 +-
+ 1 file changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 0c42cba..9087a72 100644
+--- a/grub-core/fs/zfs/zfs.c
 b/grub-core/fs/zfs/zfs.c
+@@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char 
*path_in, dnode_end_t *dn,
+ 
+   if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS)
+   {
+-grub_free (path_buf);
+-return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
++err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
++break;
+   }
+   err = zap_lookup (&(dnode_path->dn), cname, ,
+   data, subvol->case_insensitive);
+@@ -2879,11 +2879,18 @@ dnode_get_path (struct subvolume *subvol, const char 
*path_in, dnode_end_t *dn,
+  << SPA_MINBLOCKSHIFT);
+ 
+ if (blksz == 0)
+-  return grub_error(GRUB_ERR_BAD_FS, "0-sized block");
++{
++  err = grub_error (GRUB_ERR_BAD_FS, "0-sized block");
++  break;
++}
+ 
+ sym_value = grub_malloc (sym_sz);
+ if (!sym_value)
+-  return grub_errno;
++  {
++err = grub_errno;
++break;
++  }
++
+ for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++)
+   {
+ void *t;
+@@ -2893,7 +2900,7 @@ dnode_get_path (struct subvolume *subvol, const char 
*path_in, dnode_end_t *dn,
+ if (err)
+   {
+ grub_free (sym_value);
+-return err;
++break;
+   }
+ 
+ movesize = sym_sz - block * blksz;
+@@ -2903,6 +2910,8 @@ dnode_get_path (struct subvolume *subvol, const char 
*path_in, dnode_end_t *dn,
+ grub_memcpy (sym_value + block * blksz, t, movesize);
+ grub_free (t);
+   }
++  if (err)
++break;
+ free_symval = 1;
+   }   
+ path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1);
+@@ -2911,7 +2920,8 @@ dnode_get_path (struct subvolume *subvol, const char 
*path_in, dnode_end_t *dn,
+ grub_free (oldpathbuf);
+ if (free_symval)
+   grub_free (sym_value);
+-return grub_errno;
++err = grub_errno;
++break;
+   }
+ grub_memcpy (path, sym_value, sym_sz);
+ if (free_symval)
+@@ -2949,11 +2959,12 @@ dnode_get_path (struct subvolume *subvol, const char 
*path_in, dnode_end_t *dn,
+ 
+ err = zio_read (bp, dnode_path->dn.endian, , NULL, data);
+ if (err)
+- 

[OE-core][dunfell 16/50] grub: fix an unitialized re_token in gnulib

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...b-regcomp-Fix-uninitialized-re_token.patch | 55 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch

diff --git 
a/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch
 
b/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch
new file mode 100644
index 00..0507e0cd66
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0012-gnulib-regcomp-Fix-uninitialized-re_token.patch
@@ -0,0 +1,55 @@
+From 512b6bb380a77233b88c84b7a712896c70281d2f Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 24 Nov 2020 18:04:22 +
+Subject: [PATCH] gnulib/regcomp: Fix uninitialized re_token
+
+This issue has been fixed in the latest version of gnulib, so to
+maintain consistency, I've backported that change rather than doing
+something different.
+
+Fixes: CID 73828
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03477085f9a33789ba6cca7cd49ab9326a1baa0e]
+Signed-off-by: Marta Rybczynska 
+---
+ conf/Makefile.extra-dist  |  1 +
+ .../gnulib-patches/fix-regcomp-uninit-token.patch | 15 +++
+ 2 files changed, 16 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index d27d3a9..ffe6829 100644
+--- a/conf/Makefile.extra-dist
 b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch 
b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+new file mode 100644
+index 000..02e0631
+--- /dev/null
 b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+@@ -0,0 +1,15 @@
++--- a/lib/regcomp.c   2020-11-24 17:06:08.159223858 +
+ b/lib/regcomp.c   2020-11-24 17:06:15.630253923 +
++@@ -3808,11 +3808,7 @@
++ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
++   re_token_type_t type)
++ {
++-  re_token_t t;
++-#if defined GCC_LINT || defined lint
++-  memset (, 0, sizeof t);
++-#endif
++-  t.type = type;
+++  re_token_t t = { .type = type };
++   return create_token_tree (dfa, left, right, );
++ }
++ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index e7168e75ea..4ddb9fc4f1 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -58,6 +58,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \

file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
+   file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162362): 
https://lists.openembedded.org/g/openembedded-core/message/162362
Mute This Topic: https://lists.openembedded.org/mt/89389012/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 25/50] grub: add a fix for a possible negative shift

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ix-possible-negative-shift-operation.patch | 42 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch

diff --git 
a/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch
 
b/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch
new file mode 100644
index 00..12418858f9
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0021-zfs-Fix-possible-negative-shift-operation.patch
@@ -0,0 +1,42 @@
+From c757779e5d09719666c3b155afd2421978a107bd Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 24 Nov 2020 16:41:49 +
+Subject: [PATCH] zfs: Fix possible negative shift operation
+
+While it is possible for the return value from zfs_log2() to be zero
+(0), it is quite unlikely, given that the previous assignment to blksz
+is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the
+assignment to epbs.
+
+But, while unlikely during a normal operation, it may be that a carefully
+crafted ZFS filesystem could result in a zero (0) value to the
+dn_datalbkszsec field, which means that the shift left does nothing
+and assigns zero (0) to blksz, resulting in a negative epbs value.
+
+Fixes: CID 73608
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a02091834d3e167320d8a262ff04b8e83c5e616d]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/fs/zfs/zfs.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 36d0373..0c42cba 100644
+--- a/grub-core/fs/zfs/zfs.c
 b/grub-core/fs/zfs/zfs.c
+@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, 
grub_uint8_t type,
+   blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec, 
+mdn->endian) << SPA_MINBLOCKSHIFT;
+   epbs = zfs_log2 (blksz) - DNODE_SHIFT;
++
++  /* While this should never happen, we should check that epbs is not 
negative. */
++  if (epbs < 0)
++epbs = 0;
++
+   blkid = objnum >> epbs;
+   idx = objnum & ((1 << epbs) - 1);
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 3c5274fd96..360e86685b 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -67,6 +67,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \

file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
+   file://0021-zfs-Fix-possible-negative-shift-operation.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162371): 
https://lists.openembedded.org/g/openembedded-core/message/162371
Mute This Topic: https://lists.openembedded.org/mt/89389030/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 15/50] grub: add a fix for NULL pointer dereference

[Steve Sakoman]

From: Marta Rybczynska 

Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...egexec-Fix-possible-null-dereference.patch | 53 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch

diff --git 
a/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
 
b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
new file mode 100644
index 00..4f43fcf7d5
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0011-gnulib-regexec-Fix-possible-null-dereference.patch
@@ -0,0 +1,53 @@
+From 244dc2b1f518635069a556c424b2e7627f0cf036 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 5 Nov 2020 10:57:14 +
+Subject: [PATCH] gnulib/regexec: Fix possible null-dereference
+
+It appears to be possible that the mctx->state_log field may be NULL,
+and the name of this function, clean_state_log_if_needed(), suggests
+that it should be checking that it is valid to be cleaned before
+assuming that it does.
+
+Fixes: CID 86720
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0b7f347638153e403ee2dd518af3ce26f4f99647]
+Signed-off-by: Marta Rybczynska 
+---
+ conf/Makefile.extra-dist |  1 +
+ .../lib/gnulib-patches/fix-regexec-null-deref.patch  | 12 
+ 2 files changed, 13 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 96d7e69..d27d3a9 100644
+--- a/conf/Makefile.extra-dist
 b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch 
b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+new file mode 100644
+index 000..db6dac9
+--- /dev/null
 b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+@@ -0,0 +1,12 @@
++--- a/lib/regexec.c   2020-10-21 14:25:35.310195912 +
+ b/lib/regexec.c   2020-11-05 10:55:09.621542984 +
++@@ -1692,6 +1692,9 @@
++ {
++   Idx top = mctx->state_log_top;
++
+++  if (mctx->state_log == NULL)
+++return REG_NOERROR;
+++
++   if ((next_state_log_idx >= mctx->input.bufs_len
++&& mctx->input.bufs_len < mctx->input.len)
++   || (next_state_log_idx >= mctx->input.valid_len
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 94873475c1..e7168e75ea 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -57,6 +57,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0008-gnulib-regexec-Resolve-unused-variable.patch \
file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \

file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
+   file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162361): 
https://lists.openembedded.org/g/openembedded-core/message/162361
Mute This Topic: https://lists.openembedded.org/mt/89389010/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 24/50] grub: add a fix for a length check

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...that-the-volume-name-length-is-valid.patch | 43 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch

diff --git 
a/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch
 
b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch
new file mode 100644
index 00..eb459c547f
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch
@@ -0,0 +1,43 @@
+From 7c1813eeec78892fa651046cc224ae4e80d0c94d Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 23 Oct 2020 17:09:31 +
+Subject: [PATCH] hfsplus: Check that the volume name length is valid
+
+HFS+ documentation suggests that the maximum filename and volume name is
+255 Unicode characters in length.
+
+So, when converting from big-endian to little-endian, we should ensure
+that the name of the volume has a length that is between 0 and 255,
+inclusive.
+
+Fixes: CID 73641
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2298f6e0d951251bb9ca97d891d1bc8b74515f8c]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/fs/hfsplus.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index dae43be..03c3c4c 100644
+--- a/grub-core/fs/hfsplus.c
 b/grub-core/fs/hfsplus.c
+@@ -1007,6 +1007,15 @@ grub_hfsplus_label (grub_device_t device, char **label)
+ grub_hfsplus_btree_recptr (>catalog_tree, node, ptr);
+ 
+   label_len = grub_be_to_cpu16 (catkey->namelen);
++
++  /* Ensure that the length is >= 0. */
++  if (label_len < 0)
++label_len = 0;
++
++  /* Ensure label length is at most 255 Unicode characters. */
++  if (label_len > 255)
++label_len = 255;
++
+   label_name = grub_calloc (label_len, sizeof (*label_name));
+   if (!label_name)
+ {
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 130f32551b..3c5274fd96 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -66,6 +66,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \

file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \
+   
file://0020-hfsplus-Check-that-the-volume-name-length-is-valid.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162370): 
https://lists.openembedded.org/g/openembedded-core/message/162370
Mute This Topic: https://lists.openembedded.org/mt/89389027/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 14/50] grub: add a fix a NULL pointer dereference in gnulib

[Steve Sakoman]

From: Marta Rybczynska 

This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...-Fix-dereference-of-a-possibly-NULL-.patch | 52 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch

diff --git 
a/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
 
b/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
new file mode 100644
index 00..102a494561
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch
@@ -0,0 +1,52 @@
+From eaf9da8b5f8349c51cfc89dd8e39a1a61f89790a Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Wed, 28 Oct 2020 14:43:01 +
+Subject: [PATCH] gnulib/argp-help: Fix dereference of a possibly NULL state
+
+All other instances of call to __argp_failure() where there is
+a dgettext() call is first checking whether state is NULL before
+attempting to dereference it to get the root_argp->argp_domain.
+
+Fixes: CID 292436
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3a37bf120a9194c373257c70175cdb5b337bc107]
+Signed-off-by: Marta Rybczynska 
+---
+ conf/Makefile.extra-dist |  1 +
+ .../lib/gnulib-patches/fix-null-state-deref.patch| 12 
+ 2 files changed, 13 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 9e55458..96d7e69 100644
+--- a/conf/Makefile.extra-dist
 b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch 
b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+new file mode 100644
+index 000..813ec09
+--- /dev/null
 b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+@@ -0,0 +1,12 @@
++--- a/lib/argp-help.c 2020-10-28 14:32:19.189215988 +
+ b/lib/argp-help.c 2020-10-28 14:38:21.204673940 +
++@@ -145,7 +145,8 @@
++   if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
++ {
++   __argp_failure (state, 0, 0,
++-  dgettext (state->root_argp->argp_domain,
+++  dgettext (state == NULL ? NULL
+++: state->root_argp->argp_domain,
++ "\
++ ARGP_HELP_FMT: %s value is less than or equal to %s"),
++   "rmargin", up->name);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index df2c8b8a16..94873475c1 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -56,6 +56,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch 
\
file://0008-gnulib-regexec-Resolve-unused-variable.patch \
file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
+   
file://0010-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162360): 
https://lists.openembedded.org/g/openembedded-core/message/162360
Mute This Topic: https://lists.openembedded.org/mt/89389009/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 13/50] grub: fix an unitialized token in gnulib

[Steve Sakoman]

From: Marta Rybczynska 

This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...mp-Fix-uninitialized-token-structure.patch | 53 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch

diff --git 
a/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch
 
b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch
new file mode 100644
index 00..b6e3c7edbe
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch
@@ -0,0 +1,53 @@
+From 2af8df02cca7fd4b584575eac304cd03fa23f5cc Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 22 Oct 2020 13:54:06 +
+Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure
+
+The code is assuming that the value of br_token.constraint was
+initialized to zero when it wasn't.
+
+While some compilers will ensure that, not all do, so it is better to
+fix this explicitly than leave it to chance.
+
+Fixes: CID 73749
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=75c3d3cec4f408848f575d6d5e30a95bd6313db0]
+Signed-off-by: Marta Rybczynska 
+---
+ conf/Makefile.extra-dist  |  1 +
+ .../lib/gnulib-patches/fix-uninit-structure.patch | 11 +++
+ 2 files changed, 12 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 9b01152..9e55458 100644
+--- a/conf/Makefile.extra-dist
 b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch 
b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+new file mode 100644
+index 000..7b4d9f6
+--- /dev/null
 b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+@@ -0,0 +1,11 @@
++--- a/lib/regcomp.c   2020-10-22 13:49:06.770168928 +
+ b/lib/regcomp.c   2020-10-22 13:50:37.026528298 +
++@@ -3662,7 +3662,7 @@
++   Idx alloc = 0;
++ #endif /* not RE_ENABLE_I18N */
++   reg_errcode_t ret;
++-  re_token_t br_token;
+++  re_token_t br_token = {0};
++   bin_tree_t *tree;
++ 
++   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index d2a1502d56..df2c8b8a16 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -55,6 +55,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch 
\
file://0008-gnulib-regexec-Resolve-unused-variable.patch \
+   file://0009-gnulib-regcomp-Fix-uninitialized-token-structure.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162359): 
https://lists.openembedded.org/g/openembedded-core/message/162359
Mute This Topic: https://lists.openembedded.org/mt/89389007/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 23/50] grub: fix an integer overflow

[Steve Sakoman]

From: Marta Rybczynska 

This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...odisk-Fix-potential-integer-overflow.patch | 50 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch

diff --git 
a/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch
 
b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch
new file mode 100644
index 00..dd7fda357d
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0019-disk-cryptodisk-Fix-potential-integer-overflow.patch
@@ -0,0 +1,50 @@
+From 2550aaa0c23fdf8b6c54e00c6b838f2e3aa81fe2 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 21 Jan 2021 11:38:31 +
+Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow
+
+The encrypt and decrypt functions expect a grub_size_t. So, we need to
+ensure that the constant bit shift is using grub_size_t rather than
+unsigned int when it is performing the shift.
+
+Fixes: CID 307788
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a201ad17caa430aa710654fdf2e6ab4c8166f031]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/disk/cryptodisk.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5037768..6883f48 100644
+--- a/grub-core/disk/cryptodisk.c
 b/grub-core/disk/cryptodisk.c
+@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
+   case GRUB_CRYPTODISK_MODE_CBC:
+ if (do_encrypt)
+   err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,
+- (1U << dev->log_sector_size), iv);
++ ((grub_size_t) 1 << 
dev->log_sector_size), iv);
+ else
+   err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
+- (1U << dev->log_sector_size), iv);
++ ((grub_size_t) 1 << 
dev->log_sector_size), iv);
+ if (err)
+   return err;
+ break;
+@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
+   case GRUB_CRYPTODISK_MODE_PCBC:
+ if (do_encrypt)
+   err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i,
+-  (1U << dev->log_sector_size), iv);
++  ((grub_size_t) 1 << 
dev->log_sector_size), iv);
+ else
+   err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
+-  (1U << dev->log_sector_size), iv);
++  ((grub_size_t) 1 << 
dev->log_sector_size), iv);
+ if (err)
+   return err;
+ break;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2fccdc2d62..130f32551b 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -65,6 +65,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \

file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
+   file://0019-disk-cryptodisk-Fix-potential-integer-overflow.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162369): 
https://lists.openembedded.org/g/openembedded-core/message/162369
Mute This Topic: https://lists.openembedded.org/mt/89389025/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 12/50] grub: add a fix for unused variable in gnulib

[Steve Sakoman]

From: Marta Rybczynska 

This changes adds a fix for an unused variable issue in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ulib-regexec-Resolve-unused-variable.patch | 59 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 60 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch

diff --git 
a/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch 
b/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch
new file mode 100644
index 00..74ffb559e9
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0008-gnulib-regexec-Resolve-unused-variable.patch
@@ -0,0 +1,59 @@
+From 9d36bce5d516b6379ba3a0dd1a94a9c035838827 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Wed, 21 Oct 2020 14:41:27 +
+Subject: [PATCH] gnulib/regexec: Resolve unused variable
+
+This is a really minor issue where a variable is being assigned to but
+not checked before it is overwritten again.
+
+The reason for this issue is that we are not building with DEBUG set and
+this in turn means that the assert() that reads the value of the
+variable match_last is being processed out.
+
+The solution, move the assignment to match_last in to an ifdef DEBUG too.
+
+Fixes: CID 292459
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a983d36bd9178d377d2072fd4b11c635fdc404b4]
+Signed-off-by: Marta Rybczynska 
+---
+ conf/Makefile.extra-dist   |  1 +
+ .../lib/gnulib-patches/fix-unused-value.patch  | 14 ++
+ 2 files changed, 15 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch
+
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 46c4e95..9b01152 100644
+--- a/conf/Makefile.extra-dist
 b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
+ 
+diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch 
b/grub-core/lib/gnulib-patches/fix-unused-value.patch
+new file mode 100644
+index 000..ba51f1b
+--- /dev/null
 b/grub-core/lib/gnulib-patches/fix-unused-value.patch
+@@ -0,0 +1,14 @@
++--- a/lib/regexec.c   2020-10-21 14:25:35.310195912 +
+ b/lib/regexec.c   2020-10-21 14:32:07.961765604 +
++@@ -828,7 +828,11 @@
++  break;
++if (__glibc_unlikely (err != REG_NOMATCH))
++  goto free_return;
+++#ifdef DEBUG
+++   /* Only used for assertion below when DEBUG is set, otherwise
+++  it will be over-written when we loop around.  */
++match_last = -1;
+++#endif
++  }
++else
++  break; /* We found a match.  */
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 46d65d8609..d2a1502d56 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -54,6 +54,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch 
\
+   file://0008-gnulib-regexec-Resolve-unused-variable.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162358): 
https://lists.openembedded.org/g/openembedded-core/message/162358
Mute This Topic: https://lists.openembedded.org/mt/89389006/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 22/50] grub: fix a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ory-leak-on-uninserted-lv-references.patch | 50 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch

diff --git 
a/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
 
b/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
new file mode 100644
index 00..26932f674c
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch
@@ -0,0 +1,50 @@
+From 3e1d2f1959acbe5152cdd5818d495f6455d1a158 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Tue, 8 Dec 2020 10:00:51 +
+Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references
+
+The problem here is that the memory allocated to the variable lv is not
+yet inserted into the list that is being processed at the label fail2.
+
+As we can already see at line 342, which correctly frees lv before going
+to fail2, we should also be doing that at these earlier jumps to fail2.
+
+Fixes: CID 73824
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=156c281a1625dc73fd350530630c6f2d5673d4f6]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/disk/ldm.c | 10 --
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 54713f4..e82e989 100644
+--- a/grub-core/disk/ldm.c
 b/grub-core/disk/ldm.c
+@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk,
+ lv->visible = 1;
+ lv->segments = grub_zalloc (sizeof (*lv->segments));
+ if (!lv->segments)
+-  goto fail2;
++  {
++grub_free (lv);
++goto fail2;
++  }
+ lv->segments->start_extent = 0;
+ lv->segments->type = GRUB_DISKFILTER_MIRROR;
+ lv->segments->node_count = 0;
+@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk,
+ lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
+sizeof (*lv->segments->nodes));
+ if (!lv->segments->nodes)
+-  goto fail2;
++  {
++grub_free (lv);
++goto fail2;
++  }
+ ptr = vblk[i].dynamic;
+ if (ptr + *ptr + 1 >= vblk[i].dynamic
+ + sizeof (vblk[i].dynamic))
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a8ee0dd68a..2fccdc2d62 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -64,6 +64,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \

file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \
+   
file://0018-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162368): 
https://lists.openembedded.org/g/openembedded-core/message/162368
Mute This Topic: https://lists.openembedded.org/mt/89389023/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 21/50] grub: fix a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...-If-failed-then-free-vg-variable-too.patch | 28 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch

diff --git 
a/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch
 
b/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch
new file mode 100644
index 00..ecdb230f76
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0017-disk-ldm-If-failed-then-free-vg-variable-too.patch
@@ -0,0 +1,28 @@
+From 253485e8df3c9dedac848567e638157530184295 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo 
+Date: Mon, 7 Dec 2020 10:07:47 -0300
+Subject: [PATCH] disk/ldm: If failed then free vg variable too
+
+Fixes: CID 73809
+
+Signed-off-by: Paulo Flabiano Smorigo 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e0b83df5da538d2a38f770e60817b3a4b9d5b4d7]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/disk/ldm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 428415f..54713f4 100644
+--- a/grub-core/disk/ldm.c
 b/grub-core/disk/ldm.c
+@@ -199,6 +199,7 @@ make_vg (grub_disk_t disk,
+ {
+   grub_free (vg->uuid);
+   grub_free (vg->name);
++  grub_free (vg);
+   return NULL;
+ }
+   grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 479e2f71f2..a8ee0dd68a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -63,6 +63,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0014-zstd-Initialize-seq_t-structure-fully.patch \

file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \

file://0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch \
+   file://0017-disk-ldm-If-failed-then-free-vg-variable-too.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162367): 
https://lists.openembedded.org/g/openembedded-core/message/162367
Mute This Topic: https://lists.openembedded.org/mt/89389021/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 20/50] grub: fix a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...re-comp-data-is-freed-before-exiting.patch | 128 ++
 meta/recipes-bsp/grub/grub2.inc   |   1 +
 2 files changed, 129 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

diff --git 
a/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
 
b/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
new file mode 100644
index 00..c1687c75d0
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0016-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch
@@ -0,0 +1,128 @@
+From 0c5d0fd796e6cafba179321de396681a493c4158 Mon Sep 17 00:00:00 2001
+From: Marco A Benatto 
+Date: Mon, 7 Dec 2020 11:53:03 -0300
+Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
+ make_vg()
+
+Several error handling paths in make_vg() do not free comp data before
+jumping to fail2 label and returning from the function. This will leak
+memory. So, let's fix all issues of that kind.
+
+Fixes: CID 73804
+
+Signed-off-by: Marco A Benatto 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=23e39f50ca7a107f6b66396ed4d177a914dee035]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/disk/ldm.c | 51 ++--
+ 1 file changed, 44 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 58f8a53..428415f 100644
+--- a/grub-core/disk/ldm.c
 b/grub-core/disk/ldm.c
+@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
+ comp->segments = grub_calloc (comp->segment_alloc,
+   sizeof (*comp->segments));
+ if (!comp->segments)
+-  goto fail2;
++  {
++grub_free (comp->internal_id);
++grub_free (comp);
++goto fail2;
++  }
+   }
+ else
+   {
+@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
+ comp->segment_count = 1;
+ comp->segments = grub_malloc (sizeof (*comp->segments));
+ if (!comp->segments)
+-  goto fail2;
++  {
++grub_free (comp->internal_id);
++grub_free (comp);
++goto fail2;
++  }
+ comp->segments->start_extent = 0;
+ comp->segments->extent_count = lv->size;
+ comp->segments->layout = 0;
+@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
+ comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
+   }
+ else
+-  goto fail2;
++  {
++grub_free (comp->segments);
++grub_free (comp->internal_id);
++grub_free (comp);
++goto fail2;
++  }
+ ptr += *ptr + 1;
+ ptr++;
+ if (!(vblk[i].flags & 0x10))
+-  goto fail2;
++  {
++grub_free (comp->segments);
++grub_free (comp->internal_id);
++grub_free (comp);
++goto fail2;
++  }
+ if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
+ || ptr + *ptr + 1 >= vblk[i].dynamic
+ + sizeof (vblk[i].dynamic))
+   {
++grub_free (comp->segments);
+ grub_free (comp->internal_id);
+ grub_free (comp);
+ goto fail2;
+@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
+ if (ptr + *ptr + 1 >= vblk[i].dynamic
+ + sizeof (vblk[i].dynamic))
+   {
++grub_free (comp->segments);
+ grub_free (comp->internal_id);
+ grub_free (comp);
+ goto fail2;
+@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
+ comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
+  sizeof 
(*comp->segments->nodes));
+ if (!lv->segments->nodes)
+-  goto fail2;
++  {
++grub_free (comp->segments);
++grub_free (comp->internal_id);
++grub_free (comp);
++goto fail2;
++  }
+   }
+ 
+ if (lv->segments->node_alloc == lv->segments->node_count)
+@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
+ 
+ if (grub_mul (lv->segments->node_alloc, 2, 
>segments->node_alloc) ||
+ grub_mul (lv->segments->node_alloc, sizeof 
(*lv->segments->nodes), ))
+-  

[OE-core][dunfell 11/50] grub: add a fix for a possible NULL pointer dereference

[Steve Sakoman]

From: Marta Rybczynska 

This change fixes a possible NULL pointer dereference in grub's
EFI support. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ix-possible-NULL-pointer-dereference.patch | 65 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch

diff --git 
a/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
 
b/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
new file mode 100644
index 00..d55709406b
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch
@@ -0,0 +1,65 @@
+From be03a18b8767be50f16a845c389fd5ed29aae055 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 11 Dec 2020 15:03:13 +
+Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference
+
+The model of grub_efi_get_memory_map() is that if memory_map is NULL,
+then the purpose is to discover how much memory should be allocated to
+it for the subsequent call.
+
+The problem here is that with grub_efi_is_finished set to 1, there is no
+check at all that the function is being called with a non-NULL memory_map.
+
+While this MAY be true, we shouldn't assume it.
+
+The solution to this is to behave as expected, and if memory_map is NULL,
+then don't try to use it and allow memory_map_size to be filled in, and
+return 0 as is done later in the code if the buffer is too small (or NULL).
+
+Additionally, drop unneeded ret = 1.
+
+Fixes: CID 96632
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6aee4bfd6973c714056fb7b56890b8d524e94ee1]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/kern/efi/mm.c | 19 ++-
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index b02fab1..5afcef7 100644
+--- a/grub-core/kern/efi/mm.c
 b/grub-core/kern/efi/mm.c
+@@ -328,15 +328,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t 
*memory_map_size,
+   if (grub_efi_is_finished)
+ {
+   int ret = 1;
+-  if (*memory_map_size < finish_mmap_size)
++
++  if (memory_map != NULL)
+   {
+-grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
+-ret = 0;
++if (*memory_map_size < finish_mmap_size)
++  {
++grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
++ret = 0;
++  }
++  else
++  grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+   }
+   else
+   {
+-grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+-ret = 1;
++/*
++ * Incomplete, no buffer to copy into, same as
++ * GRUB_EFI_BUFFER_TOO_SMALL below.
++ */
++ret = 0;
+   }
+   *memory_map_size = finish_mmap_size;
+   if (map_key)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 04ed8b7b23..46d65d8609 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -53,6 +53,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \

file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
+   file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch 
\
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162357): 
https://lists.openembedded.org/g/openembedded-core/message/162357
Mute This Topic: https://lists.openembedded.org/mt/89388999/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 19/50] grub: add a missing NULL check

[Steve Sakoman]

From: Marta Rybczynska 

This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...heck-for-NULL-before-dereferencing-i.patch | 43 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch

diff --git 
a/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch
 
b/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch
new file mode 100644
index 00..af9fcd45cc
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch
@@ -0,0 +1,43 @@
+From 0da8ef2e03a8591586b53a29af92d2ace76a04e3 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 23 Oct 2020 09:49:59 +
+Subject: [PATCH] kern/partition: Check for NULL before dereferencing input
+ string
+
+There is the possibility that the value of str comes from an external
+source and continuing to use it before ever checking its validity is
+wrong. So, needs fixing.
+
+Additionally, drop unneeded part initialization.
+
+Fixes: CID 292444
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=bc9c468a2ce84bc767234eec888b71f1bc744fff]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/kern/partition.c | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
+index e499147..b10a184 100644
+--- a/grub-core/kern/partition.c
 b/grub-core/kern/partition.c
+@@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t 
partmap,
+ grub_partition_t
+ grub_partition_probe (struct grub_disk *disk, const char *str)
+ {
+-  grub_partition_t part = 0;
++  grub_partition_t part;
+   grub_partition_t curpart = 0;
+   grub_partition_t tail;
+   const char *ptr;
+ 
++  if (str == NULL)
++return 0;
++
+   part = tail = disk->partition;
+ 
+   for (ptr = str; *ptr;)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7cf4d64149..94b89aa643 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -61,6 +61,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \

file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
file://0014-zstd-Initialize-seq_t-structure-fully.patch \
+   
file://0015-kern-partition-Check-for-NULL-before-dereferencing-i.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162365): 
https://lists.openembedded.org/g/openembedded-core/message/162365
Mute This Topic: https://lists.openembedded.org/mt/89389018/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 10/50] grub: fix memory leak at error in grub_efi_get_filename()

[Steve Sakoman]

From: Marta Rybczynska 

This change fixes a memory leak on error in grub_efi_get_filename().
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...-kern-efi-Fix-memory-leak-on-failure.patch | 30 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch

diff --git 
a/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch 
b/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch
new file mode 100644
index 00..9d7327cee6
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0006-kern-efi-Fix-memory-leak-on-failure.patch
@@ -0,0 +1,30 @@
+From d4fd0243920b71cc6e03cc0cadf23b4fe03c352f Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 5 Nov 2020 10:15:25 +
+Subject: [PATCH] kern/efi: Fix memory leak on failure
+
+Free the memory allocated to name before returning on failure.
+
+Fixes: CID 296222
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ed286ceba6015d37a9304f04602451c47bf195d7]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/kern/efi/efi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 6a38080..baeeef0 100644
+--- a/grub-core/kern/efi/efi.c
 b/grub-core/kern/efi/efi.c
+@@ -415,6 +415,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+   {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "malformed EFI Device Path node has length=%d", len);
++grub_free (name);
+ return NULL;
+   }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index f7f2aa892f..04ed8b7b23 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -52,6 +52,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \

file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
+   file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162356): 
https://lists.openembedded.org/g/openembedded-core/message/162356
Mute This Topic: https://lists.openembedded.org/mt/89388997/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 18/50] grub: add structure initialization in zstd

[Steve Sakoman]

From: Marta Rybczynska 

This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...std-Initialize-seq_t-structure-fully.patch | 34 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch

diff --git 
a/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch 
b/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch
new file mode 100644
index 00..19d881c1ca
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0014-zstd-Initialize-seq_t-structure-fully.patch
@@ -0,0 +1,34 @@
+From f55ffe6bd8b844a8cd9956702f42ac2eb96ad56f Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 5 Nov 2020 10:29:59 +
+Subject: [PATCH] zstd: Initialize seq_t structure fully
+
+While many compilers will initialize this to zero, not all will, so it
+is better to be sure that fields not being explicitly set are at known
+values, and there is code that checks this fields value elsewhere in the
+code.
+
+Fixes: CID 292440
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2777cf4466719921dbe4b30af358a75e7d76f217]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/lib/zstd/zstd_decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/zstd/zstd_decompress.c 
b/grub-core/lib/zstd/zstd_decompress.c
+index 711b5b6..e4b5670 100644
+--- a/grub-core/lib/zstd/zstd_decompress.c
 b/grub-core/lib/zstd/zstd_decompress.c
+@@ -1325,7 +1325,7 @@ typedef enum { ZSTD_lo_isRegularOffset, 
ZSTD_lo_isLongOffset=1 } ZSTD_longOffset
+ FORCE_INLINE_TEMPLATE seq_t
+ ZSTD_decodeSequence(seqState_t* seqState, const ZSTD_longOffset_e longOffsets)
+ {
+-seq_t seq;
++seq_t seq = {0};
+ U32 const llBits = 
seqState->stateLL.table[seqState->stateLL.state].nbAdditionalBits;
+ U32 const mlBits = 
seqState->stateML.table[seqState->stateML.state].nbAdditionalBits;
+ U32 const ofBits = 
seqState->stateOffb.table[seqState->stateOffb.state].nbAdditionalBits;
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 1906a28f30..7cf4d64149 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -60,6 +60,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0011-gnulib-regexec-Fix-possible-null-dereference.patch \
file://0012-gnulib-regcomp-Fix-uninitialized-re_token.patch \

file://0013-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch \
+   file://0014-zstd-Initialize-seq_t-structure-fully.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162364): 
https://lists.openembedded.org/g/openembedded-core/message/162364
Mute This Topic: https://lists.openembedded.org/mt/89389017/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 08/50] grub: fix wrong handling of argc == 0

[Steve Sakoman]

From: Marta Rybczynska 

This change fixes wrong handling of argc == 0 causing a memory leak.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...n-parser-Fix-resource-leak-if-argc-0.patch | 50 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch

diff --git 
a/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch
 
b/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch
new file mode 100644
index 00..933416605c
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0004-kern-parser-Fix-resource-leak-if-argc-0.patch
@@ -0,0 +1,50 @@
+From 8861fa6226f7229105722ba669465e879b56ee2b Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 22 Jan 2021 12:32:41 +
+Subject: [PATCH] kern/parser: Fix resource leak if argc == 0
+
+After processing the command-line yet arriving at the point where we are
+setting argv, we are allocating memory, even if argc == 0, which makes
+no sense since we never put anything into the allocated argv.
+
+The solution is to simply return that we've successfully processed the
+arguments but that argc == 0, and also ensure that argv is NULL when
+we're not allocating anything in it.
+
+There are only 2 callers of this function, and both are handling a zero
+value in argc assuming nothing is allocated in argv.
+
+Fixes: CID 96680
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d06161b035dde4769199ad65aa0a587a5920012b]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/kern/parser.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 619db31..d1cf061 100644
+--- a/grub-core/kern/parser.c
 b/grub-core/kern/parser.c
+@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline,
+   int i;
+ 
+   *argc = 0;
++  *argv = NULL;
+   do
+ {
+   if (!rd || !*rd)
+@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline,
+   (*argc)++;
+ }
+ 
++  /* If there are no args, then we're done. */
++  if (!*argc)
++return 0;
++
+   /* Reserve memory for the return values.  */
+   args = grub_malloc (bp - buffer);
+   if (!args)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 678aa5c4e2..2e4e6d7ac2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -50,6 +50,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \

file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \

file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
+   file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162354): 
https://lists.openembedded.org/g/openembedded-core/message/162354
Mute This Topic: https://lists.openembedded.org/mt/89388995/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 09/50] grub: add a fix for malformed device path handling

[Steve Sakoman]

From: Marta Rybczynska 

This change fixes the malformed device paths in EFI handling.
Device paths of length 4 or shorter could cause different
kinds of unexpected behaviours.

This patch is NOT a part of [1], but is a dependency of one
of the patches included in the series.

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...formed-device-path-arithmetic-errors.patch | 235 ++
 meta/recipes-bsp/grub/grub2.inc   |   1 +
 2 files changed, 236 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch

diff --git 
a/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
 
b/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
new file mode 100644
index 00..04748befc8
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch
@@ -0,0 +1,235 @@
+From 16a4d739b19f8680cf93a3c8fa0ae9fc1b1c310b Mon Sep 17 00:00:00 2001
+From: Peter Jones 
+Date: Sun, 19 Jul 2020 16:53:27 -0400
+Subject: [PATCH] efi: Fix some malformed device path arithmetic errors
+
+Several places we take the length of a device path and subtract 4 from
+it, without ever checking that it's >= 4. There are also cases where
+this kind of malformation will result in unpredictable iteration,
+including treating the length from one dp node as the type in the next
+node. These are all errors, no matter where the data comes from.
+
+This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
+can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
+return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
+the length is too small. Additionally, it makes several places in the
+code check for and return errors in these cases.
+
+Signed-off-by: Peter Jones 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d2cf823d0e31818d1b7a223daff6d5e006596543]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/kern/efi/efi.c   | 64 +-
+ grub-core/loader/efi/chainloader.c | 13 +-
+ grub-core/loader/i386/xnu.c|  9 +++--
+ include/grub/efi/api.h | 14 ---
+ 4 files changed, 79 insertions(+), 21 deletions(-)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index ad170c7..6a38080 100644
+--- a/grub-core/kern/efi/efi.c
 b/grub-core/kern/efi/efi.c
+@@ -360,7 +360,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 
+   dp = dp0;
+ 
+-  while (1)
++  while (dp)
+ {
+   grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+   grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -370,9 +370,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+   if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
+  && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
+   {
+-grub_efi_uint16_t len;
+-len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
+-   / sizeof (grub_efi_char16_t));
++grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++
++if (len < 4)
++  {
++grub_error (GRUB_ERR_OUT_OF_RANGE,
++"malformed EFI Device Path node has length=%d", len);
++return NULL;
++  }
++len = (len - 4) / sizeof (grub_efi_char16_t);
+ filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2;
+   }
+ 
+@@ -388,7 +394,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+   if (!name)
+ return NULL;
+ 
+-  while (1)
++  while (dp)
+ {
+   grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
+   grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
+@@ -404,8 +410,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 
+ *p++ = '/';
+ 
+-len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
+-   / sizeof (grub_efi_char16_t));
++len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
++if (len < 4)
++  {
++grub_error (GRUB_ERR_OUT_OF_RANGE,
++"malformed EFI Device Path node has length=%d", len);
++return NULL;
++  }
++
++len = (len - 4) / sizeof (grub_efi_char16_t);
+ fp = (grub_efi_file_path_device_path_t *) dp;
+ /* According to EFI spec Path Name is NULL terminated */
+ while (len > 0 && fp->path_name[len - 1] == 0)
+@@ -480,7 +493,26 @@ grub_efi_duplicate_device_path (const 
grub_efi_device_path_t *dp)
+;
+p = GRUB_EFI_NEXT_DEVICE_PATH (p))
+ {
+-  total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p);
++  grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p);
++
++  /*
++   * In the event that we find a node that's completely garbage, for
++   * example if 

[OE-core][dunfell 07/50] grub: fix a dangling memory pointer

[Steve Sakoman]

From: Marta Rybczynska 

This change fixes a dangling memory pointer in the grub TFTP code.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...net-tftp-Fix-dangling-memory-pointer.patch | 33 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch

diff --git 
a/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch 
b/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch
new file mode 100644
index 00..3b4633507d
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0003-net-tftp-Fix-dangling-memory-pointer.patch
@@ -0,0 +1,33 @@
+From 09cc0df477758b60f51fbc0da1dee2f5d54c333d Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 19 Feb 2021 17:12:23 +
+Subject: [PATCH] net/tftp: Fix dangling memory pointer
+
+The static code analysis tool, Parfait, reported that the valid of
+file->data was left referencing memory that was freed by the call to
+grub_free(data) where data was initialized from file->data.
+
+To ensure that there is no unintentional access to this memory
+referenced by file->data we should set the pointer to NULL.
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0cb838b281a68b536a09681f9557ea6a7ac5da7a]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/net/tftp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
+index 7d90bf6..f76b19f 100644
+--- a/grub-core/net/tftp.c
 b/grub-core/net/tftp.c
+@@ -468,6 +468,7 @@ tftp_close (struct grub_file *file)
+ }
+   destroy_pq (data);
+   grub_free (data);
++  file->data = NULL;
+   return GRUB_ERR_NONE;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2c0bff8fd0..678aa5c4e2 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -49,6 +49,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://CVE-2020-25647.patch \

file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \

file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
+   file://0003-net-tftp-Fix-dangling-memory-pointer.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162353): 
https://lists.openembedded.org/g/openembedded-core/message/162353
Mute This Topic: https://lists.openembedded.org/mt/89388993/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 06/50] grub: add a fix for a possible NULL dereference

[Steve Sakoman]

From: Marta Rybczynska 

This fix removes a possible NULL pointer dereference in grub
networking code. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...ible-dereference-to-of-a-NULL-pointe.patch | 39 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch

diff --git 
a/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
 
b/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
new file mode 100644
index 00..d00821f5c3
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch
@@ -0,0 +1,39 @@
+From f216a75e884ed5e4e94bf86965000dde51148f94 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Fri, 27 Nov 2020 15:10:26 +
+Subject: [PATCH] net/net: Fix possible dereference to of a NULL pointer
+
+It is always possible that grub_zalloc() could fail, so we should check for
+a NULL return. Otherwise we run the risk of dereferencing a NULL pointer.
+
+Fixes: CID 296221
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=03f2515ae0c503406f1a99a2178405049c6555db]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/net/net.c | 9 +++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 38f19df..7c2cdf2 100644
+--- a/grub-core/net/net.c
 b/grub-core/net/net.c
+@@ -86,8 +86,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card,
+ 
+   /* Add sender to cache table.  */
+   if (card->link_layer_table == NULL)
+-card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
+-* sizeof (card->link_layer_table[0]));
++{
++  card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
++  * sizeof 
(card->link_layer_table[0]));
++  if (card->link_layer_table == NULL)
++  return;
++}
++
+   entry = &(card->link_layer_table[card->new_ll_entry]);
+   entry->avail = 1;
+   grub_memcpy (>ll_address, ll, sizeof (entry->ll_address));
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a06beac5ef..2c0bff8fd0 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -48,6 +48,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://CVE-2020-25632.patch \
file://CVE-2020-25647.patch \

file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
+   
file://0002-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch \
"
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162352): 
https://lists.openembedded.org/g/openembedded-core/message/162352
Mute This Topic: https://lists.openembedded.org/mt/89388992/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 05/50] grub: fix a memory leak

[Steve Sakoman]

From: Marta Rybczynska 

Backport a fix for a memory leak in grub_mmap_iterate(). This patch
is a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg7.html

Signed-off-by: Marta Rybczynska 
Signed-off-by: Steve Sakoman 
---
 ...leak-when-iterating-over-mapped-memo.patch | 39 +++
 meta/recipes-bsp/grub/grub2.inc   |  3 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch

diff --git 
a/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
 
b/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
new file mode 100644
index 00..eaaa7effae
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch
@@ -0,0 +1,39 @@
+From 0900f11def2e7fbb4880efff0cd9c9b32f1cdb86 Mon Sep 17 00:00:00 2001
+From: Darren Kenny 
+Date: Thu, 3 Dec 2020 14:39:45 +
+Subject: [PATCH] mmap: Fix memory leak when iterating over mapped memory
+
+When returning from grub_mmap_iterate() the memory allocated to present
+is not being released causing it to leak.
+
+Fixes: CID 96655
+
+Signed-off-by: Darren Kenny 
+Reviewed-by: Daniel Kiper 
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8cb2848f9699642a698af84b12ba187cab722031]
+Signed-off-by: Marta Rybczynska 
+---
+ grub-core/mmap/mmap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 7ebf32e..8bf235f 100644
+--- a/grub-core/mmap/mmap.c
 b/grub-core/mmap/mmap.c
+@@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void 
*hook_data)
+  hook_data))
+   {
+ grub_free (ctx.scanline_events);
++grub_free (present);
+ return GRUB_ERR_NONE;
+   }
+ 
+@@ -282,6 +283,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void 
*hook_data)
+ }
+ 
+   grub_free (ctx.scanline_events);
++  grub_free (present);
+   return GRUB_ERR_NONE;
+ }
+ 
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 9b20e1c09b..a06beac5ef 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -47,7 +47,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://CVE-2020-27779_7.patch \
file://CVE-2020-25632.patch \
file://CVE-2020-25647.patch \
-"
+   
file://0001-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch \
+   "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = 
"f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162351): 
https://lists.openembedded.org/g/openembedded-core/message/162351
Mute This Topic: https://lists.openembedded.org/mt/89388991/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 04/50] puzzles: Upstream changed to main branch for development

[Steve Sakoman]

From: Kartikey Rameshbhai Parmar 

Signed-off-by: Kartikey Rameshbhai Parmar 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-sato/puzzles/puzzles_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-sato/puzzles/puzzles_git.bb 
b/meta/recipes-sato/puzzles/puzzles_git.bb
index 2edc9ada2e..3ee441998d 100644
--- a/meta/recipes-sato/puzzles/puzzles_git.bb
+++ b/meta/recipes-sato/puzzles/puzzles_git.bb
@@ -9,7 +9,7 @@ DEPENDS = "libxt"
 # The libxt requires x11 in DISTRO_FEATURES
 REQUIRED_DISTRO_FEATURES = "x11"
 
-SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=master \
+SRC_URI = "git://git.tartarus.org/simon/puzzles.git;branch=main \
file://fix-compiling-failure-with-option-g-O.patch \
file://0001-palisade-Fix-warnings-with-clang-on-arm.patch \

file://0001-Use-Wno-error-format-overflow-if-the-compiler-suppor.patch \
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162350): 
https://lists.openembedded.org/g/openembedded-core/message/162350
Mute This Topic: https://lists.openembedded.org/mt/89388989/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 03/50] ruby: 2.7.4 -> 2.7.5

[Steve Sakoman]

From: Chee Yang Lee 

This release includes security fixes.
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date 
Parsing Methods
CVE-2021-41816: Buffer Overrun in CGI.escape_html
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

Signed-off-by: Chee Yang Lee 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/ruby/{ruby_2.7.4.bb => ruby_2.7.5.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/ruby/{ruby_2.7.4.bb => ruby_2.7.5.bb} (95%)

diff --git a/meta/recipes-devtools/ruby/ruby_2.7.4.bb 
b/meta/recipes-devtools/ruby/ruby_2.7.5.bb
similarity index 95%
rename from meta/recipes-devtools/ruby/ruby_2.7.4.bb
rename to meta/recipes-devtools/ruby/ruby_2.7.5.bb
index dafa7d2f6b..44a2527ee7 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.4.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.5.bb
@@ -9,8 +9,8 @@ SRC_URI += " \

file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
"
 
-SRC_URI[md5sum] = "823cd21d93c69e4168b03dd127369343"
-SRC_URI[sha256sum] = 
"3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b"
+SRC_URI[md5sum] = "ede247b56fb862f1f67f9471189b04d4"
+SRC_URI[sha256sum] = 
"2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162349): 
https://lists.openembedded.org/g/openembedded-core/message/162349
Mute This Topic: https://lists.openembedded.org/mt/89388986/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 02/50] tiff: fix for CVE-2022-22844

[Steve Sakoman]

From: Purushottam Choudhary 

Backport patch from:
https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64

Signed-off-by: Purushottam Choudhary 
Signed-off-by: Purushottam Choudhary 
Signed-off-by: Steve Sakoman 
---
 ...al-buffer-overflow-for-ASCII-tags-wh.patch | 52 +++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch

diff --git 
a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
 
b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
new file mode 100644
index 00..31f867e000
--- /dev/null
+++ 
b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
@@ -0,0 +1,52 @@
+From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001
+From: 4ugustus 
+Date: Tue, 25 Jan 2022 16:25:28 +
+Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
+ count is required (fixes #355)
+
+CVE: CVE-2022-22844
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64]
+Signed-off-by: Purushottam Choudhary 
+Signed-off-by: Purushottam Choudhary 
+Comments: Add header stdint.h in tiffset.c explicitly for UINT16_MAX
+---
+ tools/tiffset.c | 17 ++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiffset.c b/tools/tiffset.c
+index 8c9e23c5..e7a88c09 100644
+--- a/tools/tiffset.c
 b/tools/tiffset.c
+@@ -33,6 +33,7 @@
+ #include 
+ #include 
+ 
++#include 
+ #include "tiffio.h"
+ 
+ static char* usageMsg[] = {
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+ arg_index++;
+ if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 
1)
+-fprintf( stderr, "Failed to set %s=%s\n",
+- TIFFFieldName(fip), argv[arg_index] );
++if(TIFFFieldPassCount( fip )) {
++size_t len;
++len = strlen(argv[arg_index]) + 1;
++if (len > UINT16_MAX || TIFFSetField(tiff, 
TIFFFieldTag(fip),
++(uint16_t)len, argv[arg_index]) != 1)
++fprintf( stderr, "Failed to set %s=%s\n",
++TIFFFieldName(fip), argv[arg_index] );
++} else {
++if (TIFFSetField(tiff, TIFFFieldTag(fip),
++argv[arg_index]) != 1)
++fprintf( stderr, "Failed to set %s=%s\n",
++TIFFFieldName(fip), argv[arg_index] );
++}
+ } else if (TIFFFieldWriteCount(fip) > 0
+  || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+ int ret = 1;
+-- 
+GitLab
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 43f210111d..0948bb4e2f 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -15,6 +15,7 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \

file://001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \

file://002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \
file://CVE-2020-35521_and_CVE-2020-35522.patch \
+   
file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \
   "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = 
"5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162348): 
https://lists.openembedded.org/g/openembedded-core/message/162348
Mute This Topic: https://lists.openembedded.org/mt/89388984/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 01/50] openssl: Add fix for CVE-2021-4160

[Steve Sakoman]

From: Ranjitsinh Rathod 

Add a patch to fix CVE-2021-4160
The issue only affects OpenSSL on MIPS platforms.
Link: https://security-tracker.debian.org/tracker/CVE-2021-4160

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Steve Sakoman 
---
 .../openssl/openssl/CVE-2021-4160.patch   | 145 ++
 .../openssl/openssl_1.1.1l.bb |   1 +
 2 files changed, 146 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch 
b/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch
new file mode 100644
index 00..ff1e807157
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch
@@ -0,0 +1,145 @@
+From e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger 
+Date: Sat, 11 Dec 2021 20:28:11 +0100
+Subject: [PATCH] Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit
+ targets
+
+bn_sqr_comba8 does for instance compute a wrong result for the value:
+a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
+
+The correct result is:
+r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
+912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
+
+but the actual result was:
+r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
+912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
+
+so the forth word of the result was 0x75be8e3c but should have been
+0x75be8e3d instead.
+
+Likewise bn_sqr_comba4 has an identical bug for the same value as well:
+a=0x022181ba fd3aa878 899b2346 ee210f45
+
+correct result:
+r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
+
+wrong result:
+r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
+
+Fortunately the bn_mul_comba4/8 code paths are not affected.
+
+Also the mips64 target does in fact not handle the carry propagation
+correctly.
+
+Example:
+a=0x4aaac919 62056c84 fba7334e 1a6be678
+022181ba fd3aa878 899b234635dad283 ee210f450001
+
+correct result:
+r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
+0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
+3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
+2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001
+
+wrong result:
+r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
+0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
+3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
+2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001
+
+Reviewed-by: Paul Dale 
+(Merged from https://github.com/openssl/openssl/pull/17258)
+
+(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
+
+Upstream-Status: Backport 
[https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb]
+CVE: CVE-2021-4160
+Signed-off-by: Ranjitsinh Rathod 
+
+---
+ crypto/bn/asm/mips.pl |  4 
+ test/bntest.c | 45 +++
+ 2 files changed, 49 insertions(+)
+
+diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
+index 8ad715bda4..74101030f2 100644
+--- a/crypto/bn/asm/mips.pl
 b/crypto/bn/asm/mips.pl
+@@ -1984,6 +1984,8 @@ $code.=<<___;
+   sltu$at,$c_2,$t_1
+   $ADDU   $c_3,$t_2,$at
+   $ST $c_2,$BNSZ($a0)
++  sltu$at,$c_3,$t_2
++  $ADDU   $c_1,$at
+   mflo($t_1,$a_2,$a_0)
+   mfhi($t_2,$a_2,$a_0)
+ ___
+@@ -2194,6 +2196,8 @@ $code.=<<___;
+   sltu$at,$c_2,$t_1
+   $ADDU   $c_3,$t_2,$at
+   $ST $c_2,$BNSZ($a0)
++  sltu$at,$c_3,$t_2
++  $ADDU   $c_1,$at
+   mflo($t_1,$a_2,$a_0)
+   mfhi($t_2,$a_2,$a_0)
+ ___
+diff --git a/test/bntest.c b/test/bntest.c
+index b58028a301..bab34ba54b 100644
+--- a/test/bntest.c
 b/test/bntest.c
+@@ -627,6 +627,51 @@ static int test_modexp_mont5(void)
+ if (!TEST_BN_eq(c, d))
+ goto err;
+ 
++/*
++ * Regression test for overflow bug in bn_sqr_comba4/8 for
++ * mips-linux-gnu and mipsel-linux-gnu 32bit targets.
++ */
++{
++static const char *ehex[] = {
++
"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee",
++
"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5",
++
"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a",
++
"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985",
++
"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1",
++
"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680",
++

[OE-core][dunfell 00/50] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3283

with the exception of a known autobuilder intermittent issue on qemuarm64
which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/4780

The following changes since commit 9360b92f98222cb74a93690f53570cd62633c0cf:

  vim: Upgrade 8.2.4314 -> 8.2.4424 (2022-02-21 07:28:56 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Chee Yang Lee (1):
  ruby: 2.7.4 -> 2.7.5

Kartikey Rameshbhai Parmar (1):
  puzzles: Upstream changed to main branch for development

Marta Rybczynska (46):
  grub: fix a memory leak
  grub: add a fix for a possible NULL dereference
  grub: fix a dangling memory pointer
  grub: fix wrong handling of argc == 0
  grub: add a fix for malformed device path handling
  grub: fix memory leak at error in grub_efi_get_filename()
  grub: add a fix for a possible NULL pointer dereference
  grub: add a fix for unused variable in gnulib
  grub: fix an unitialized token in gnulib
  grub: add a fix a NULL pointer dereference in gnulib
  grub: add a fix for NULL pointer dereference
  grub: fix an unitialized re_token in gnulib
  grub: add a fix for unnecessary assignements
  grub: add structure initialization in zstd
  grub: add a missing NULL check
  grub: fix a memory leak
  grub: fix a memory leak
  grub: fix a memory leak
  grub: fix an integer overflow
  grub: add a fix for a length check
  grub: add a fix for a possible negative shift
  grub: add a fix for a memory leak
  grub: add a fix for possible integer overflows
  grub: fix an error check
  grub: add a fix for a memory leak
  grub: add a fix for a possible unintended sign extension
  grub: add a fix for a possible NULL dereference
  grub: add a fix for a memory leak
  grub: add a fix for a memory leak
  grub: fix a memory leak
  grub: remove unneeded return value
  grub: fix an integer overflow
  grub: fix multiple integer overflows
  grub: fix a possible integer overflow
  grub: test for malformed jpeg files
  grub: remove dead code
  grub: fix checking for NULL
  grub: add a fix for a memory leak
  grub: avoid a memory leak
  grub: add a check for a NULL pointer
  grub: add a fix for NULL pointer dereference
  grub: add a fix for an incorrect cast
  grub: fix incorrect use of a negative value
  grub: add a fix for a NULL pointer dereference
  grub: avoid a NULL pointer dereference
  grub: add a fix for a crash in scripts

Purushottam Choudhary (1):
  tiff: fix for CVE-2022-22844

Ranjitsinh Rathod (1):
  openssl: Add fix for CVE-2021-4160

 ...leak-when-iterating-over-mapped-memo.patch |  39 +++
 ...ible-dereference-to-of-a-NULL-pointe.patch |  39 +++
 ...net-tftp-Fix-dangling-memory-pointer.patch |  33 +++
 ...n-parser-Fix-resource-leak-if-argc-0.patch |  50 
 ...formed-device-path-arithmetic-errors.patch | 235 ++
 ...-kern-efi-Fix-memory-leak-on-failure.patch |  30 +++
 ...ix-possible-NULL-pointer-dereference.patch |  65 +
 ...ulib-regexec-Resolve-unused-variable.patch |  59 +
 ...mp-Fix-uninitialized-token-structure.patch |  53 
 ...-Fix-dereference-of-a-possibly-NULL-.patch |  52 
 ...egexec-Fix-possible-null-dereference.patch |  53 
 ...b-regcomp-Fix-uninitialized-re_token.patch |  55 
 ...e-unnecessary-self-assignment-errors.patch |  41 +++
 ...std-Initialize-seq_t-structure-fully.patch |  34 +++
 ...heck-for-NULL-before-dereferencing-i.patch |  43 
 ...re-comp-data-is-freed-before-exiting.patch | 128 ++
 ...-If-failed-then-free-vg-variable-too.patch |  28 +++
 ...ory-leak-on-uninserted-lv-references.patch |  50 
 ...odisk-Fix-potential-integer-overflow.patch |  50 
 ...that-the-volume-name-length-is-valid.patch |  43 
 ...ix-possible-negative-shift-operation.patch |  42 
 ...source-leaks-while-constructing-path.patch | 121 +
 ...3-zfs-Fix-possible-integer-overflows.patch |  56 +
 ...-a-check-for-error-allocating-memory.patch |  35 +++
 .../files/0025-affs-Fix-memory-leaks.patch|  82 ++
 ...x-possible-unintended-sign-extension.patch |  36 +++
 ...pt-mpi-Fix-possible-NULL-dereference.patch |  33 +++
 ...slinux-Fix-memory-leak-while-parsing.patch |  43 
 ...n-Fix-leaking-of-memory-when-process.patch |  52 
 ...0-commands-hashsum-Fix-a-memory-leak.patch |  56 +
 ...move-unnecessary-return-value-of-gru.patch |  94 +++
 ...bfill-Fix-potential-integer-overflow.patch |  78 ++
 ...eo_fb-Fix-multiple-integer-overflows.patch | 104 
 ...deo_fb-Fix-possible-integer-overflow.patch |  39 +++
 ...eg-Test-for-an-invalid-next-marker-r.patch |  38 +++
 ...-Remove-code-that-coverity-is-flaggi.patch |  34 +++
 

Re: [OE-core] [PATCH v3 00/32] Python PEP-517: build wheels and install with pip

[Konrad Weihmann]

On 25.02.22 14:16, Richard Purdie wrote:

On Thu, 2022-02-24 at 16:52 +0100, Konrad Weihmann wrote:

I got a kind of general question about this patch series and all the
followups: is this still considered to go into the next release?


It is still being considered, yes.


I'm a bit worried about the fallout of this pretty invasive change -
even though I see that at some point it needs to be done.

My understanding is that the "classic" way will stop with Python 3.12,
which doesn't apply to next LTS release - as this will likely remain on
3.10.
Only downside will be that manual helper files for updates of packages
that are lacking a setup.py needs to be provided (there are already a
few examples how to do it) - not a big deal if you'd ask me.

So what's the stand of the project regarding this issue - also keeping
in mind that I think it's already past feature freeze?


This is a tough one to make a decision on and I am conflicted. The change was
flagged up a while ago and has been regularly talked about. It is also something
we all agree will have to happen at some point.

The change is late and has issues but there was a base patchset sent before the
freeze deadline.

This isn't the final release point, it is the point where we stop taking new
invasive changes and stabilise and I think it important to keep that in mind.

Stepping back and thinking about the big picture (and e.g. the ability to take
security fixes into the LTS), I'm leaning towards trying to get it in. One other
consideration is having large delta between the LTS and onging development and
I'd prefer to minimise this particular difference if it is practical to do so.


Your argumentation does make sense, but I have to disagree on this 
particular point.
The using pip as the default installer and therefore wheels is something 
that will never (hopefully) get backported, so bringing this change in 
automatically builds up a huge delta to any other branch - thus here you 
would create a situation that (I agree) should be avoided.


Also moving around a few classes and recipe between core and 
meta-python, will either bind users to including meta-python in every 
setup or will create situation were people will try to work around these 
changes.


I see that this feature has been promised - and it might be bad for the 
project's reputation to drop it - still if one would ask me, I would 
prefer to delay it to the next release.
One potential option would be to offer that one (once mature and tested 
will a broad set of layers) as a mixin-layer, which then could be used 
with kirkstone LTS




I believe we have identified and fixed the majority of the issues that have
shown up in automated testing.

I haven't made a final decision but I am keeping an open mind on it and would
really prefer to get it merged. There are other issues being worked in parallel
which also would block the M3 build which does give time to resolve this one.

Cheers,

Richard





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162345): 
https://lists.openembedded.org/g/openembedded-core/message/162345
Mute This Topic: https://lists.openembedded.org/mt/89324642/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v3 00/32] Python PEP-517: build wheels and install with pip

[Richard Purdie]

On Thu, 2022-02-24 at 16:52 +0100, Konrad Weihmann wrote:
> I got a kind of general question about this patch series and all the 
> followups: is this still considered to go into the next release?

It is still being considered, yes.

> I'm a bit worried about the fallout of this pretty invasive change - 
> even though I see that at some point it needs to be done.
> 
> My understanding is that the "classic" way will stop with Python 3.12, 
> which doesn't apply to next LTS release - as this will likely remain on 
> 3.10.
> Only downside will be that manual helper files for updates of packages 
> that are lacking a setup.py needs to be provided (there are already a 
> few examples how to do it) - not a big deal if you'd ask me.
> 
> So what's the stand of the project regarding this issue - also keeping 
> in mind that I think it's already past feature freeze?

This is a tough one to make a decision on and I am conflicted. The change was
flagged up a while ago and has been regularly talked about. It is also something
we all agree will have to happen at some point.

The change is late and has issues but there was a base patchset sent before the
freeze deadline.

This isn't the final release point, it is the point where we stop taking new
invasive changes and stabilise and I think it important to keep that in mind.

Stepping back and thinking about the big picture (and e.g. the ability to take
security fixes into the LTS), I'm leaning towards trying to get it in. One other
consideration is having large delta between the LTS and onging development and
I'd prefer to minimise this particular difference if it is practical to do so.

I believe we have identified and fixed the majority of the issues that have
shown up in automated testing.

I haven't made a final decision but I am keeping an open mind on it and would
really prefer to get it merged. There are other issues being worked in parallel
which also would block the M3 build which does give time to resolve this one.

Cheers,

Richard





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162344): 
https://lists.openembedded.org/g/openembedded-core/message/162344
Mute This Topic: https://lists.openembedded.org/mt/89324642/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] systemd: move systemd shared library into its own package

[Richard Purdie]

On Fri, 2022-02-25 at 09:05 +0100, Stefan Herbrechtsmeier wrote:
> Am 24.02.2022 um 22:06 schrieb Richard Purdie:
> > On Wed, 2022-02-23 at 17:17 +0100, Stefan Herbrechtsmeier wrote:
> > > From: Stefan Herbrechtsmeier 
> > > 
> > > Move the systemd shared library (libsystemd-shared.so) into its own
> > > package to prevent a runtime dependency from udev package to systemd
> > > package and thereby to a second init manager.
> > > 
> > > Signed-off-by: Stefan Herbrechtsmeier 
> > > 
> > > 
> > > ---
> > > 
> > > Changes in v2:
> > > - Fix SUMMARY override
> > 
> > This did trigger a warning on the autobuilder tests:
> > 
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/2657/steps/11/logs/warnings
> 
> I will post a patch to add `INSANE_SKIP:libsystemd-shared += "libdir"` 
> to the recipe.
> 
> At the moment I have a problem to reproduce the warning. I don't see it 
> on qemux86-64 and have to retest with qemux86.

DISTRO = "poky-altcfg"

should show it. It happens since it makes libdir /lib64 for x86_64 instead of
/lib and only then do you see this error.

It is also worth noting we already set that skip for other systemd packages.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162343): 
https://lists.openembedded.org/g/openembedded-core/message/162343
Mute This Topic: https://lists.openembedded.org/mt/89344344/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] license.py: rename variables

[Richard Purdie]

On Thu, 2022-02-24 at 13:55 -0800, Saul Wold wrote:
> Update the comment to reflect new variable names
> 
> Signed-off-by: Saul Wold 
> ---
> v2: Update comment and change include -> include_licenses,
> exclude -> exclude_licenses
>  meta/lib/oe/license.py | 31 +--
>  1 file changed, 17 insertions(+), 14 deletions(-)
> 
> diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py
> index b5d378a549b..b1105f6149c 100644
> --- a/meta/lib/oe/license.py
> +++ b/meta/lib/oe/license.py
> @@ -99,26 +99,29 @@ def flattened_licenses(licensestr, choose_licenses):
>  raise LicenseSyntaxError(licensestr, exc)
>  return flatten.licenses
>  
> -def is_included(licensestr, whitelist=None, blacklist=None):
> -"""Given a license string and whitelist and blacklist, determine if the
> -license string matches the whitelist and does not match the blacklist.
> -
> -Returns a tuple holding the boolean state and a list of the applicable
> -licenses that were excluded if state is False, or the licenses that were
> -included if the state is True.
> +def is_included(licensestr, include_licenses=None, exclude_licenses=None):
> +"""Given a license a list of list to include and a list of
> +licenses to exclude, determine if the license string
> +matches the an include list and does not match the 
> +exclude list.
> +
> +Returns a tuple holding the boolean state and a list of
> +the applicable licenses that were excluded if state is
> +False, or the licenses that were included if the state
> +is True.
>  """
>  
>  def include_license(license):
> -return any(fnmatch(license, pattern) for pattern in whitelist)
> +return any(fnmatch(license, pattern) for pattern in include_licenses)
>  
>  def exclude_license(license):
> -return any(fnmatch(license, pattern) for pattern in blacklist)
> +return any(fnmatch(license, pattern) for pattern in exclude_licenses)
>  
>  def choose_licenses(alpha, beta):
>  """Select the option in an OR which is the 'best' (has the most
>  included licenses and no excluded licenses)."""
>  # The factor 1000 below is arbitrary, just expected to be much larger
> -# that the number of licenses actually specified. That way the weight
> +# than the number of licenses actually specified. That way the weight
>  # will be negative if the list of licenses contains an excluded 
> license,
>  # but still gives a higher weight to the list with the most included
>  # licenses.
> @@ -131,11 +134,11 @@ def is_included(licensestr, whitelist=None, 
> blacklist=None):
>  else:
>  return beta
>  
> -if not whitelist:
> -whitelist = ['*']
> +if not include_licenses:
> +include = ['*']
>  
> -if not blacklist:
> -blacklist = []
> +if not exclude_licenses:
> +exclude = []
>  

There is a bit of a logic error which causes the selftests to fail.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162342): 
https://lists.openembedded.org/g/openembedded-core/message/162342
Mute This Topic: https://lists.openembedded.org/mt/89376290/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] systemd: move systemd shared library into its own package

[Stefan Herbrechtsmeier]

Am 24.02.2022 um 22:06 schrieb Richard Purdie:

On Wed, 2022-02-23 at 17:17 +0100, Stefan Herbrechtsmeier wrote:

From: Stefan Herbrechtsmeier 

Move the systemd shared library (libsystemd-shared.so) into its own
package to prevent a runtime dependency from udev package to systemd
package and thereby to a second init manager.

Signed-off-by: Stefan Herbrechtsmeier 

---

Changes in v2:
- Fix SUMMARY override


This did trigger a warning on the autobuilder tests:

https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/2657/steps/11/logs/warnings


I will post a patch to add `INSANE_SKIP:libsystemd-shared += "libdir"` 
to the recipe.


At the moment I have a problem to reproduce the warning. I don't see it 
on qemux86-64 and have to retest with qemux86.


Regards
  Stefan

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162341): 
https://lists.openembedded.org/g/openembedded-core/message/162341
Mute This Topic: https://lists.openembedded.org/mt/89344344/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-