Re: [OE-core] [PATCH 36/36] xz: upgrade 5.4.6 -> 5.6.1 _WARNING_

2024-03-29 Thread Mark Hatle 

I know this request is a week or so old..

But do NOT upgrade to 'xz' 5.6.0 or 5.6.1.  It has been compromised:

https://www.openwall.com/lists/oss-security/2024/03/29/4

--Mark

On 3/14/24 8:40 AM, Richard Purdie wrote:

On Wed, 2024-03-13 at 15:08 +0800, wangmy via lists.openembedded.org
wrote:

From: Wang Mingyu 

License-Update:

*COPYING:
  Add the license for the XZ logo.
  Change most public domain parts to 0BSD.
  Update COPYING about the man pages of the scripts.
*getopt.c
  MSVC: Don't #include .
  lib/getopt*.c: Include  only HAVE_CONFIG_H is defined.
  lib: Update getopt.c from Gnulib with modifications.
  lib: Silence -Wsign-conversion in getopt.c.
  Add SPDX license identifiers to GPL, LGPL, and FSFULLR files.

Changelog:
=
* liblzma: Fixed two bugs relating to GNU indirect function (IFUNC)
   with GCC.
* xz: Changed the messages for thread reduction due to memory
   constraints to only appear under the highest verbosity level.
* Build:
     - Fixed a build issue when the header file 
   was present on the system but the Landlock system calls were
   not defined in .
     - The CMake build now warns and disables NLS if both gettext
   tools and pre-created .gmo files are missing. Previously,
   this caused the CMake build to fail.
* Minor improvements to man pages.
* Minor improvements to tests.



https://autobuilder.yoctoproject.org/typhoon/#/builders/48/builds/8737

Cheers,

Richard






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197643): 
https://lists.openembedded.org/g/openembedded-core/message/197643
Mute This Topic: https://lists.openembedded.org/mt/105226831/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/3] util-linux: Add fcntl-lock

2024-03-29 Thread Richard Purdie 
Add a version of flock that uses the fnctl based lockf locking instead of
flock based locks. This allows us to take the same lock that opkg would
use from a shell script. The two different locking mechanisms operate
independently of each other.

Inserting this C file into the util-linux build seems like the easiest/best
place to insert the code. At this point it hasn't been discussed with upstream.

Signed-off-by: Richard Purdie 
---
 meta/recipes-core/util-linux/util-linux.inc   |   1 +
 .../util-linux/util-linux/fcntl-lock.c| 332 ++
 .../util-linux/util-linux_2.39.3.bb   |   7 +
 3 files changed, 340 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/fcntl-lock.c

diff --git a/meta/recipes-core/util-linux/util-linux.inc 
b/meta/recipes-core/util-linux/util-linux.inc
index d96f00fbab5..f4b547215e8 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -38,6 +38,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
file://0001-login-utils-include-libgen.h-for-basename-API.patch \
+   file://fcntl-lock.c \
"
 
 SRC_URI[sha256sum] = 
"7b6605e48d1a49f43cc4b4cfc59f313d0dd5402fa40b96810bd572e167dfed0f"
diff --git a/meta/recipes-core/util-linux/util-linux/fcntl-lock.c 
b/meta/recipes-core/util-linux/util-linux/fcntl-lock.c
new file mode 100644
index 000..966d8c5ecb6
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/fcntl-lock.c
@@ -0,0 +1,332 @@
+// From https://github.com/magnumripper/fcntl-lock
+// SPDX-License-Identifier: MIT
+/* --- *
+ *
+ *   Copyright 2003-2005 H. Peter Anvin - All Rights Reserved
+ *   Copyright 2015 magnum (fcntl version)
+ *
+ *   Permission is hereby granted, free of charge, to any person
+ *   obtaining a copy of this software and associated documentation
+ *   files (the "Software"), to deal in the Software without
+ *   restriction, including without limitation the rights to use,
+ *   copy, modify, merge, publish, distribute, sublicense, and/or
+ *   sell copies of the Software, and to permit persons to whom
+ *   the Software is furnished to do so, subject to the following
+ *   conditions:
+ *
+ *   The above copyright notice and this permission notice shall
+ *   be included in all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ *   OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * --- */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define PACKAGE_STRING "magnum"
+#define _(x) (x)
+
+static const struct option long_options[] = {
+  { "shared",   0, NULL, 's' },
+  { "exclusive",0, NULL, 'x' },
+  { "unlock",   0, NULL, 'u' },
+  { "nonblocking",  0, NULL, 'n' },
+  { "nb",   0, NULL, 'n' },
+  { "timeout",  1, NULL, 'w' },
+  { "wait", 1, NULL, 'w' },
+  { "close",0, NULL, 'o' },
+  { "help", 0, NULL, 'h' },
+  { "version",  0, NULL, 'V' },
+  { 0, 0, 0, 0 }
+};
+
+const char *program;
+
+static void usage(int ex)
+{
+  fputs("fcntl-lock (" PACKAGE_STRING ")\n", stderr);
+  fprintf(stderr,
+   _("Usage: %1$s [-sxun][-w #] fd#\n"
+ "   %1$s [-sxon][-w #] file [-c] command...\n"
+ "   %1$s [-sxon][-w #] directory [-c] command...\n"
+ "  -s  --shared Get a shared lock\n"
+ "  -x  --exclusive  Get an exclusive lock\n"
+ "  -u  --unlock Remove a lock\n"
+ "  -n  --nonblock   Fail rather than wait\n"
+ "  -w  --timeoutWait for a limited amount of time\n"
+ "  -o  --close  Close file descriptor before running command\n"
+ "  -c  --commandRun a single command string through the shell\n"
+ "  -h  --help   Display this text\n"
+ "  -V  --versionDisplay version\n"),
+ program);
+  exit(ex);
+}
+
+
+static sig_atomic_t timeout_expired = 0;
+
+static void timeout_handler(int sig)
+{
+  (void)sig;
+
+  timeout_expired = 1;
+}
+
+
+static char * strtotimeval(const char *str, struct timeval *tv)
+{
+  char *s;
+  long fs; /* Fractional seconds */
+  int i;
+
+  tv->tv_sec =

[OE-core] [PATCH 3/3] run-postinsts: Add workaround for locking deadlock issue

2024-03-29 Thread Richard Purdie 
When run-postinsts is installed, a service is added for system which can run
while the package is still being installed. This calls "opkg configure" and if
package management is still running, it can deadlock and error.

To work around this, call fcntl-lock on the opkg lock file and if the lock
was held, it would wait to obtain it. This wait gives the package management
time to finish the install before the configure can then take the lock and run.

Note the dependency in SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS otherwise we'd see
sstate selftest failures.

Also ensure that if the configure fails, the scripts returns an error. This
applies to opkg and dpkg.

Signed-off-by: Richard Purdie 
---
 meta/conf/layer.conf  |  1 +
 .../run-postinsts/run-postinsts/run-postinsts | 11 +--
 .../run-postinsts/run-postinsts_1.0.bb|  2 ++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index 62f86f361ad..efbf2610f99 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -87,6 +87,7 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   sato-icon-theme->gtk+3 \
   adwaita-icon-theme->gdk-pixbuf \
   adwaita-icon-theme->gtk+3 \
+  run-postinsts->util-linux \
 "
 
 # Avoid adding bison-native to the sysroot without a specific
diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts 
b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts
index 95dccb9cae1..1f3e692029c 100755
--- a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts
+++ b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts
@@ -81,11 +81,18 @@ remove_rcsd_link=1
 if $pm_installed; then
case $pm in
"ipk")
-   eval opkg configure $append_log
+   if ! `fcntl-lock --wait 30 /run/opkg.lock true`; then
+   eval echo "Unable to obtain the opkg lock, 
deadlock?" $append_log
+   fi
+   if ! eval "opkg configure $append_log"; then
+   exit 1
+   fi
;;
 
"deb")
-   eval dpkg --configure -a $append_log
+   if ! eval "eval dpkg --configure -a $append_log"; then
+   exit 1
+   fi
;;
esac
 else
diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb 
b/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb
index 72ba8c02270..e977942de87 100644
--- a/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb
+++ b/meta/recipes-devtools/run-postinsts/run-postinsts_1.0.bb
@@ -12,6 +12,8 @@ S = "${WORKDIR}"
 
 inherit allarch systemd update-rc.d
 
+RDEPENDS:${PN} = "util-linux-fcntl-lock"
+
 INITSCRIPT_NAME = "run-postinsts"
 INITSCRIPT_PARAMS = "start 99 S ."
 
-- 
2.40.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197642): 
https://lists.openembedded.org/g/openembedded-core/message/197642
Mute This Topic: https://lists.openembedded.org/mt/105218620/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/3] util-linux: Add missing MIT license

2024-03-29 Thread Richard Purdie 
The MIT license was missing from the license list for util-linux. Add
a patch, submitted to upstream which adds the missing license mentions.

Signed-off-by: Richard Purdie 
---
 meta/recipes-core/util-linux/util-linux.inc   |  5 ++-
 .../util-linux/util-linux/mit-license.patch   | 45 +++
 2 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/util-linux/util-linux/mit-license.patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc 
b/meta/recipes-core/util-linux/util-linux.inc
index 4e9d22f2690..d96f00fbab5 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -6,14 +6,14 @@ disk partitioning, kernel message management, filesystem 
creation, and system lo
 
 SECTION = "base"
 
-LICENSE = "GPL-1.0-or-later & GPL-2.0-or-later & LGPL-2.1-or-later & 
BSD-2-Clause & BSD-3-Clause & BSD-4-Clause"
+LICENSE = "GPL-1.0-or-later & GPL-2.0-or-later & LGPL-2.1-or-later & 
BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & MIT"
 LICENSE:${PN}-fdisk = "GPL-1.0-or-later"
 LICENSE:${PN}-libblkid = "LGPL-2.1-or-later"
 LICENSE:${PN}-libfdisk = "LGPL-2.1-or-later"
 LICENSE:${PN}-libmount = "LGPL-2.1-or-later"
 LICENSE:${PN}-libsmartcols = "LGPL-2.1-or-later"
 
-LIC_FILES_CHKSUM = 
"file://README.licensing;md5=6b0e0a2320e66e62eef9b8149a6faec4 \
+LIC_FILES_CHKSUM = 
"file://README.licensing;md5=cc80239f106687ab39ef0271ff5cf4ba \
 file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
file://Documentation/licenses/COPYING.GPL-2.0-or-later;md5=b234ee4d69f5fce4486a80fdaf4a4263
 \
 
file://Documentation/licenses/COPYING.LGPL-2.1-or-later;md5=4fbd65380cdd255951079008b364516c
 \
@@ -29,6 +29,7 @@ LIC_FILES_CHKSUM = 
"file://README.licensing;md5=6b0e0a2320e66e62eef9b8149a6faec4
 FILESEXTRAPATHS:prepend := "${THISDIR}/util-linux:"
 MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
 SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-linux-${PV}.tar.xz
 \
+   file://mit-license.patch \
file://configure-sbindir.patch \
file://runuser.pamd \
file://runuser-l.pamd \
diff --git a/meta/recipes-core/util-linux/util-linux/mit-license.patch 
b/meta/recipes-core/util-linux/util-linux/mit-license.patch
new file mode 100644
index 000..afbec98f189
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/mit-license.patch
@@ -0,0 +1,45 @@
+From 5b8fab1584017d9d9be008c23b90128bba41a7b5 Mon Sep 17 00:00:00 2001
+From: Richard Purdie 
+Date: Thu, 28 Mar 2024 12:16:57 +
+Subject: [PATCH] README.licensing/flock: Add MIT license mention
+
+Looking at the license text, flock.c is under the MIT license (see
+https://spdx.org/licenses/MIT).
+
+Add an SPDX license identifier header and add to the list of licenses the
+source so everything is correctly listed/identified.
+
+Signed-off-by: Richard Purdie 
+
+Upstream-Status: Submitted [https://github.com/util-linux/util-linux/pull/2870]
+
+---
+ README.licensing  | 2 ++
+ sys-utils/flock.c | 4 +++-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/README.licensing b/README.licensing
+index 4454f8392a..535ad34813 100644
+--- a/README.licensing
 b/README.licensing
+@@ -12,6 +12,8 @@ There is code under:
+ 
+* LGPL-2.1-or-later  - GNU Lesser General Public License 2.1 or any later 
version
+ 
++   * MIT- MIT License
++
+* BSD-2-Clause   - Simplified BSD License
+ 
+* BSD-3-Clause   - BSD 3-Clause "New" or "Revised" License
+diff --git a/sys-utils/flock.c b/sys-utils/flock.c
+index fed29d7270..7d878ff810 100644
+--- a/sys-utils/flock.c
 b/sys-utils/flock.c
+@@ -1,4 +1,6 @@
+-/*   Copyright 2003-2005 H. Peter Anvin - All Rights Reserved
++/*   SPDX-License-Identifier: MIT
++ *
++ *   Copyright 2003-2005 H. Peter Anvin - All Rights Reserved
+  *
+  *   Permission is hereby granted, free of charge, to any person
+  *   obtaining a copy of this software and associated documentation
-- 
2.40.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197640): 
https://lists.openembedded.org/g/openembedded-core/message/197640
Mute This Topic: https://lists.openembedded.org/mt/105218618/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] mesa: Drop LLVM-17 patch

2024-03-29 Thread Khem Raj 
This patch is no longer needed with llvm/clang 18+

Signed-off-by: Khem Raj 
---
 .../0001-gallium-Fix-build-with-llvm-17.patch | 40 ---
 meta/recipes-graphics/mesa/mesa.inc   |  1 -
 2 files changed, 41 deletions(-)
 delete mode 100644 
meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch

diff --git 
a/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch 
b/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
deleted file mode 100644
index ceb0153f8d3..000
--- a/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 3e1e5c475b52651657c906e6b03ee13567cccdd7 Mon Sep 17 00:00:00 2001
-From: Khem Raj 
-Date: Fri, 23 Jun 2023 01:20:38 -0700
-Subject: [PATCH] gallium: Fix build with llvm 17
-
-These headers are not available for C files in llvm 17+
-and they seem to be not needed to compile after all with llvm 17
-so add conditions to exclude them for llvm >= 17
-
-Upstream-Status: Submitted 
[https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/23827]
-Signed-off-by: Khem Raj 

- src/gallium/auxiliary/gallivm/lp_bld_init.c | 6 +-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/gallium/auxiliary/gallivm/lp_bld_init.c 
b/src/gallium/auxiliary/gallivm/lp_bld_init.c
-index cd2108f..b1a4d03 100644
 a/src/gallium/auxiliary/gallivm/lp_bld_init.c
-+++ b/src/gallium/auxiliary/gallivm/lp_bld_init.c
-@@ -46,15 +46,19 @@
- #if GALLIVM_USE_NEW_PASS == 1
- #include 
- #elif GALLIVM_HAVE_CORO == 1
-+#if LLVM_VERSION_MAJOR < 17
- #include 
--#if LLVM_VERSION_MAJOR >= 7
-+#endif
-+#if LLVM_VERSION_MAJOR >= 7 && LLVM_VERSION_MAJOR < 17
- #include 
- #endif
- #if LLVM_VERSION_MAJOR <= 8 && (DETECT_ARCH_AARCH64 || DETECT_ARCH_ARM || 
DETECT_ARCH_S390 || DETECT_ARCH_MIPS64)
- #include 
- #endif
-+#if LLVM_VERSION_MAJOR < 17
- #include 
- #endif
-+#endif
- 
- unsigned gallivm_perf = 0;
- 
diff --git a/meta/recipes-graphics/mesa/mesa.inc 
b/meta/recipes-graphics/mesa/mesa.inc
index a8088e6fb6a..6e961900845 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -17,7 +17,6 @@ PE = "2"
 SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \

file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
-   file://0001-gallium-Fix-build-with-llvm-17.patch \
file://0001-drisw-fix-build-without-dri3.patch \
file://0002-glxext-don-t-try-zink-if-not-enabled-in-mesa.patch \
file://0001-Revert-meson-do-not-pull-in-clc-for-clover.patch \
-- 
2.44.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197639): 
https://lists.openembedded.org/g/openembedded-core/message/197639
Mute This Topic: https://lists.openembedded.org/mt/105218381/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

2024-03-29 Thread Vijay Anusuri via lists.openembedded.org 
Hi Steve,

Please ignore this patch.

Thanks & Regards,
Vijay

On Fri, Mar 29, 2024 at 4:44 PM Vijay Anusuri via lists.openembedded.org
 wrote:

> From: Vijay Anusuri 
>
> Upstream-Status: Backport from
>
> https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7ca557d1ac31f638986704757f
> &
> 
>
> https://github.com/util-linux/util-linux/commit/27ee6446503af7ec0c2647704ca47ac4de3852ef
> &
> 
>
> https://github.com/util-linux/util-linux/commit/aa13246a1bf1be9e4f6eb331f4d4d2dbc875e22f
> &
> 
> https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
>
> Signed-off-by: Vijay Anusuri 
> ---
>  meta/recipes-core/util-linux/util-linux.inc   |   4 +
>  .../util-linux/CVE-2024-28085-pre1.patch  | 200 
>  .../util-linux/CVE-2024-28085-pre2.patch  | 171 ++
>  .../util-linux/CVE-2024-28085-pre3.patch  | 219 ++
>  .../util-linux/CVE-2024-28085.patch   |  30 +++
>  5 files changed, 624 insertions(+)
>  create mode 100644
> meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
>  create mode 100644
> meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre2.patch
>  create mode 100644
> meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre3.patch
>  create mode 100644
> meta/recipes-core/util-linux/util-linux/CVE-2024-28085.patch
>
> diff --git a/meta/recipes-core/util-linux/util-linux.inc
> b/meta/recipes-core/util-linux/util-linux.inc
> index 982ec669a2..079359c55c 100644
> --- a/meta/recipes-core/util-linux/util-linux.inc
> +++ b/meta/recipes-core/util-linux/util-linux.inc
> @@ -35,6 +35,10 @@ SRC_URI =
> "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
> file://run-ptest \
> file://display_testname_for_subtest.patch \
> file://avoid_parallel_tests.patch \
> +   file://CVE-2024-28085-pre1.patch \
> +   file://CVE-2024-28085-pre2.patch \
> +   file://CVE-2024-28085-pre3.patch \
> +   file://CVE-2024-28085.patch \
> "
>
>  SRC_URI[sha256sum] =
> "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83"
> diff --git
> a/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
> b/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
> new file mode 100644
> index 00..ce3056eabe
> --- /dev/null
> +++ b/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
> @@ -0,0 +1,200 @@
> +From 8a7b8456d1dc0e7ca557d1ac31f638986704757f Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= 
> +Date: Wed, 15 Mar 2023 16:16:31 +0100
> +Subject: [PATCH] write: correctly handle wide characters
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Do this by replacing fputc_careful() (notice that the description said
> +it's locale-aware ‒ it very much is /not/), with a fputs_careful() which
> +does the same thing, but if it were to output a byte in the \123 format,
> +first it checks whether this byte starts a valid multibyte character.
> +
> +If it does, and that character is printable, write it verbatim.
> +This means that
> +  echo 'foo åäö ąęćźżń bar' | write nabijaczleweli pts/4
> +instead of
> +  foo \303\245\303\244\303\266
> +  \304\205\304\231\304\207\305\272\305\274\305\204 bar
> +yields
> +  foo åäö ąęćźżń bar
> +or, more realistically, from a message I got earlier today,
> +  Filip powiedzia\305\202 \305\274e zap\305\202aci jutro
> +becomes
> +  Filip powiedział że zapłaci jutro
> +
> +Invalid/non-printable sequences get processed as before.
> +
> +Line reading in write must become getline() to avoid dealing with
> +partial characters: for example on input consisting solely of
> +ąęćźżń, where every {1} is an instance, the output would be
> +  {42}ąęć\305\272żń{84}ąęćź\305\274ń{84}ąęćźż\305\204{39}
> +with just fixed-512 fgets()
> +
> +Bug-Debian: https://bugs.debian.org/826596
> +
> +Upstream-Status: Backport [
> https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7ca557d1ac31f638986704757f
> ]
> +CVE: CVE-2024-28085 #Dependency Patch1
> +Signed-off-by: Vijay Anusuri 
> +---
> + include/carefulputc.h | 60 +++
> + login-utils/last.c|  4 +--
> + term-utils/write.c| 25 +-
> + 3 files changed, 52 insertions(+), 37 deletions(-)
> +
> +diff --git a/include/carefulputc.h b/include/carefulputc.h
> +index 8860b12340..740add68e8 100644
> +--- a/include/carefulputc.h
>  b/include/carefulputc.h
> +@@ -1,31 +1,59 @@
> + #ifndef UTIL_LINUX_CAREFULPUTC_H
> + #define UTIL_LINUX_CAREFULPUTC_H
> +
> +-/*
> +- * A putc() for use in write and wall (that sometimes are

[oe-core][PATCH] systemd: disable mdns feature in resolved for zeroconf

2024-03-29 Thread Markus Volk 
DISTRO_FEATURE zeroconf installs avahi. If additionally resolved mdns
implementation is running they will fight each other:

Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected 
another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is 
thus not recommended. ***
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected 
another IPv6 mDNS stack running on this host. This makes mDNS unreliable and is 
thus not recommended. ***

Signed-off-by: Markus Volk 
---
 meta/recipes-core/systemd/systemd_255.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/systemd/systemd_255.4.bb 
b/meta/recipes-core/systemd/systemd_255.4.bb
index b02e44d9c0..8a816c4bc1 100644
--- a/meta/recipes-core/systemd/systemd_255.4.bb
+++ b/meta/recipes-core/systemd/systemd_255.4.bb
@@ -249,6 +249,7 @@ EXTRA_OEMESON += "-Dnobody-user=nobody \
   -Dsystem-alloc-gid-min=101 \
   -Dsystem-gid-max=999 \
   -Dcreate-log-dirs=false \
+  ${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 
'-Ddefault-mdns=no -Ddefault-llmnr=no', '', d)} \
   "
 
 # Hardcode target binary paths to avoid using paths from sysroot or worse
-- 
2.44.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197637): 
https://lists.openembedded.org/g/openembedded-core/message/197637
Mute This Topic: https://lists.openembedded.org/mt/105217580/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/3] autoconf: Add missing perl modules to RDEPENDS

2024-03-29 Thread Sadineni, Harish via lists.openembedded.org 
This dependency is from autoconf itself, not from binutils.

Thanks,
Harish sadineni

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197636): 
https://lists.openembedded.org/g/openembedded-core/message/197636
Mute This Topic: https://lists.openembedded.org/mt/105082440/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/3] nativesdk-packagegroup-sdk-host: add gprofng package to RDEPENDS

2024-03-29 Thread Sadineni, Harish via lists.openembedded.org 
gprofng belongs to binutils module, i tried a build by adding it in 
binutils-cross-canadian.inc and the build is sucessfully generating gprofng.rc 
in sysconf directory as expected.
we have sent a v2 patch by adding it in binutils 
(https://lists.openembedded.org/g/openembedded-core/message/197632).

Thanks,
Harish sadineni

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197635): 
https://lists.openembedded.org/g/openembedded-core/message/197635
Mute This Topic: https://lists.openembedded.org/mt/105082439/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 3/3] binutils: gprofng - change use of bignum to use of bignint

2024-03-29 Thread Sadineni, Harish via lists.openembedded.org 
From: Harish Sadineni 

In SDK, The "x86_64-pokysdk-linux-gp-display-html" fails with below error while 
genearting profiling html reports from test experiment file (eg., test.1.er)
Error: Undefined subroutine ::hex called at 
.../sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-pokysdk-linux-gp-display-html 
line 4059,  line 1.

Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=3243d790ee32aa8eda69226d81b1e79dbd1dcd87]

Signed-off-by: Harish Sadineni 
---
 .../binutils/binutils-2.42.inc|  1 +
 ...rofng-change-use-of-bignum-to-bigint.patch | 27 +++
 2 files changed, 28 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0015-gprofng-change-use-of-bignum-to-bigint.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc 
b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 5fcb4292b3..3b6f47d4ce 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -35,5 +35,6 @@ SRC_URI = "\
  file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
  file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
  file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
+ file://0015-gprofng-change-use-of-bignum-to-bigint.patch \
 "
 S  = "${WORKDIR}/git"
diff --git 
a/meta/recipes-devtools/binutils/binutils/0015-gprofng-change-use-of-bignum-to-bigint.patch
 
b/meta/recipes-devtools/binutils/binutils/0015-gprofng-change-use-of-bignum-to-bigint.patch
new file mode 100644
index 00..c23d697537
--- /dev/null
+++ 
b/meta/recipes-devtools/binutils/binutils/0015-gprofng-change-use-of-bignum-to-bigint.patch
@@ -0,0 +1,27 @@
+From: Ruud van der Pas 
+Date: Tue, 27 Feb 2024 18:29:55 + (+)
+Subject: gprofng: change use of bignum to use of bigint
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=3243d790ee32aa8eda69226d81b1e79dbd1dcd87
+
+gprofng: change use of bignum to use of bigint
+
+Change the statement "use bignum" to "use bigint".  This is sufficient
+for gp-display-html to work and removes the dependency on bignum.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=3243d790ee32aa8eda69226d81b1e79dbd1dcd87]
+
+Signed-off-by: Harish Sadineni 
+
+diff --git a/gprofng/gp-display-html/gp-display-html.in 
b/gprofng/gp-display-html/gp-display-html.in
+index 6f37ca282e7..306c99a0ec3 100644
+--- a/gprofng/gp-display-html/gp-display-html.in
 b/gprofng/gp-display-html/gp-display-html.in
+@@ -25,7 +25,7 @@ use warnings;
+ # Disable before release
+ # use Perl::Critic;
+ 
+-use bignum;
++use bigint;
+ use List::Util qw (max);
+ use Cwd qw (abs_path cwd);
+ use File::Basename;
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197634): 
https://lists.openembedded.org/g/openembedded-core/message/197634
Mute This Topic: https://lists.openembedded.org/mt/105216933/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 2/3] autoconf: Add missing perl modules to RDEPENDS

2024-03-29 Thread Sadineni, Harish via lists.openembedded.org 
From: Harish Sadineni 

In SDK, missing perl modules causes 'x86_64-wrlinuxsdk-linux-gp-display-html 
--help' to abort with below errors..
 - Can't locate bignum.pm in @INC (you may need to install the feature module).
 - Can't locate Math/BigInt.pm in @INC (you may need to install the 
Math::BigInt module)

Signed-off-by: Harish Sadineni 
---
 meta/recipes-devtools/autoconf/autoconf_2.72e.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/autoconf/autoconf_2.72e.bb 
b/meta/recipes-devtools/autoconf/autoconf_2.72e.bb
index db374373cf..2a459b7cb6 100644
--- a/meta/recipes-devtools/autoconf/autoconf_2.72e.bb
+++ b/meta/recipes-devtools/autoconf/autoconf_2.72e.bb
@@ -52,6 +52,9 @@ RDEPENDS:${PN} = "m4 gnu-config \
  perl-module-thread-queue \
  perl-module-threads \
  perl-module-feature \
+  perl-module-bignum \
+  perl-module-bigint \
+  perl-module-math-bigint \
 "
 RDEPENDS:${PN}:class-native = "m4-native gnu-config-native 
hostperl-runtime-native"
 
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197633): 
https://lists.openembedded.org/g/openembedded-core/message/197633
Mute This Topic: https://lists.openembedded.org/mt/105216926/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 1/3] binutils-cross-canadian: add gprofng package as runtime dependency

2024-03-29 Thread Sadineni, Harish via lists.openembedded.org 
From: Harish Sadineni 

In SDK, while running "x86_64-poky-linux-gp-collect-app ./exe" fails to create 
'test.1.er' due to missing gprofng configure file in sysconfdir and aborting 
with below error while generating the profiling data.
- configuration error: can not find libgp-collector.so. run aborted

Signed-off-by: Harish Sadineni 
---
 meta/recipes-devtools/binutils/binutils-cross-canadian.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc 
b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
index 62ebb3f5bc..7f2699089e 100644
--- a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
+++ b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
@@ -30,3 +30,4 @@ do_install () {
 }
 
 BBCLASSEXTEND = ""
+RDEPENDS:${PN} = "nativesdk-gprofng"
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197632): 
https://lists.openembedded.org/g/openembedded-core/message/197632
Mute This Topic: https://lists.openembedded.org/mt/105216924/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] python3: dont disable readline module for editline

2024-03-29 Thread Khem Raj 

unfortunately this change regresses ptests on musl based systems. Similar to 
https://github.com/python/cpython/issues/87338
but that issue is fixed so enabling both must be triggering it again in some 
way. 

 ==
   FAIL: test_write_read_append 
(test.test_readline.TestHistoryManipulation.test_write_read_append)
   --
   Traceback (most recent call last):
 File "/usr/lib/python3.12/test/test_readline.py", line 96, in 
test_write_read_append
   self.assertEqual(readline.get_current_history_length(), 3)
   AssertionError: 4 != 3

   --
   Ran 9 tests in 0.178s

   FAILED (failures=1, skipped=1)
   test test_readline failed

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197631): 
https://lists.openembedded.org/g/openembedded-core/message/197631
Mute This Topic: https://lists.openembedded.org/mt/104612497/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH][kirkstone] openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions

2024-03-29 Thread Steve Sakoman 
Sorry for the delayed response, but I found the same issue with the
kirkstone version that Vivek did.

Awaiting a V2 :-)

Steve

On Thu, Mar 28, 2024 at 5:51 PM Vivek Kumbhar via
lists.openembedded.org 
wrote:
>
> Kirkstone-nut openssl compile error:
>
> Error Log:
>
> ERROR: openssl-3.0.13-r0 do_patch: Applying patch 'bti.patch' on target 
> directory 
> '/home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/openssl-3.0.13'
> CmdError('quilt --quiltrc 
> /home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/recipe-sysroot-native/etc/quiltrc
>  push', 0, "stdout: Applying patch bti.patch
> can't find file to patch at input line 23
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --
> |From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
> |From: Tom Cosgrove 
> |Date: Tue, 26 Mar 2024 13:18:00 +
> |Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
> |
> |In Arm systems where BTI is enabled but the Crypto extensions are not (more
> |likely in FVPs than in real hardware), the bit-sliced assembler code will
> |be used. However, this wasn't annotated with BTI instructions when BTI was
> |enabled, so the moment libssl jumps into this code it (correctly) aborts.
> |
> |Solve this by adding the missing BTI landing pads.
> |
> |Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
> |Signed-off-by: Ross Burton 
> |---
> | crypto/aes/asm/bsaes-armv8.pl | 5 -
> | 1 file changed, 4 insertions(+), 1 deletion(-)
> |
> |diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
> |index b3c97e439f..c3c5ff3e05 100644
> |--- a/crypto/aes/asm/bsaes-armv8.pl
> |+++ b/crypto/aes/asm/bsaes-armv8.pl
> --
> No file to patch.  Skipping patch.
> 4 out of 4 hunks ignored
> Patch bti.patch does not apply (enforce with -f)
>
> stderr: ")
> ERROR: Logfile of failure stored in: 
> /home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/temp/log.do_patch.152571
> ERROR: Task 
> (/home/vkumbhar/kirkstone-nut/meta/recipes-connectivity/openssl/openssl_3.0.13.bb:do_patch)
>  failed with exit code '1'
>
>
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197630): 
https://lists.openembedded.org/g/openembedded-core/message/197630
Mute This Topic: https://lists.openembedded.org/mt/105174962/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

2024-03-29 Thread Vijay Anusuri via lists.openembedded.org 
From: Vijay Anusuri 

Upstream-Status: Backport from
https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7ca557d1ac31f638986704757f
&
https://github.com/util-linux/util-linux/commit/27ee6446503af7ec0c2647704ca47ac4de3852ef
&
https://github.com/util-linux/util-linux/commit/aa13246a1bf1be9e4f6eb331f4d4d2dbc875e22f
& 
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253

Signed-off-by: Vijay Anusuri 
---
 meta/recipes-core/util-linux/util-linux.inc   |   4 +
 .../util-linux/CVE-2024-28085-pre1.patch  | 200 
 .../util-linux/CVE-2024-28085-pre2.patch  | 171 ++
 .../util-linux/CVE-2024-28085-pre3.patch  | 219 ++
 .../util-linux/CVE-2024-28085.patch   |  30 +++
 5 files changed, 624 insertions(+)
 create mode 100644 
meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
 create mode 100644 
meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre2.patch
 create mode 100644 
meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre3.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085.patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc 
b/meta/recipes-core/util-linux/util-linux.inc
index 982ec669a2..079359c55c 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -35,6 +35,10 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://run-ptest \
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
+   file://CVE-2024-28085-pre1.patch \
+   file://CVE-2024-28085-pre2.patch \
+   file://CVE-2024-28085-pre3.patch \
+   file://CVE-2024-28085.patch \
"
 
 SRC_URI[sha256sum] = 
"634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83"
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch 
b/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
new file mode 100644
index 00..ce3056eabe
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2024-28085-pre1.patch
@@ -0,0 +1,200 @@
+From 8a7b8456d1dc0e7ca557d1ac31f638986704757f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= 
+Date: Wed, 15 Mar 2023 16:16:31 +0100
+Subject: [PATCH] write: correctly handle wide characters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do this by replacing fputc_careful() (notice that the description said
+it's locale-aware ‒ it very much is /not/), with a fputs_careful() which
+does the same thing, but if it were to output a byte in the \123 format,
+first it checks whether this byte starts a valid multibyte character.
+
+If it does, and that character is printable, write it verbatim.
+This means that
+  echo 'foo åäö ąęćźżń bar' | write nabijaczleweli pts/4
+instead of
+  foo \303\245\303\244\303\266
+  \304\205\304\231\304\207\305\272\305\274\305\204 bar
+yields
+  foo åäö ąęćźżń bar
+or, more realistically, from a message I got earlier today,
+  Filip powiedzia\305\202 \305\274e zap\305\202aci jutro
+becomes
+  Filip powiedział że zapłaci jutro
+
+Invalid/non-printable sequences get processed as before.
+
+Line reading in write must become getline() to avoid dealing with
+partial characters: for example on input consisting solely of
+ąęćźżń, where every {1} is an instance, the output would be
+  {42}ąęć\305\272żń{84}ąęćź\305\274ń{84}ąęćźż\305\204{39}
+with just fixed-512 fgets()
+
+Bug-Debian: https://bugs.debian.org/826596
+
+Upstream-Status: Backport 
[https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7ca557d1ac31f638986704757f]
+CVE: CVE-2024-28085 #Dependency Patch1
+Signed-off-by: Vijay Anusuri 
+---
+ include/carefulputc.h | 60 +++
+ login-utils/last.c|  4 +--
+ term-utils/write.c| 25 +-
+ 3 files changed, 52 insertions(+), 37 deletions(-)
+
+diff --git a/include/carefulputc.h b/include/carefulputc.h
+index 8860b12340..740add68e8 100644
+--- a/include/carefulputc.h
 b/include/carefulputc.h
+@@ -1,31 +1,59 @@
+ #ifndef UTIL_LINUX_CAREFULPUTC_H
+ #define UTIL_LINUX_CAREFULPUTC_H
+ 
+-/*
+- * A putc() for use in write and wall (that sometimes are sgid tty).
+- * It avoids control characters in our locale, and also ASCII control
+- * characters.   Note that the locale of the recipient is unknown.
+-*/
+ #include 
+ #include 
+ #include 
++#ifdef HAVE_WIDECHAR
++#include 
++#endif
++#include 
+ 
+ #include "cctype.h"
+ 
+-static inline int fputc_careful(int c, FILE *fp, const char fail)
++/*
++ * A puts() for use in write and wall (that sometimes are sgid tty).
++ * It avoids control and invalid characters.
++ * The locale of the recipient is nominally unknown,
++ * but it's a solid bet that the encoding is compatible with the author's.
++ */
++static inline int

[oe-core][kirkstone][PATCH v2 1/1] expat: fix CVE-2023-52425

2024-03-29 Thread Meenali Gupta via lists.openembedded.org 
From: Meenali Gupta 

libexpat through 2.5.0 allows a denial of service (resource consumption) because
many full reparsings are required in the case of a large token for which 
multiple
buffer fills are needed.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52425

Changes related to test directory are not included as most of the files are not 
present
and are introduced in the later version.

Signed-off-by: Meenali Gupta 
---
 .../expat/expat/CVE-2023-52425-0001.patch |  40 
 .../expat/expat/CVE-2023-52425-0002.patch |  87 +++
 .../expat/expat/CVE-2023-52425-0003.patch | 222 ++
 .../expat/expat/CVE-2023-52425-0004.patch |  42 
 .../expat/expat/CVE-2023-52425-0005.patch |  69 ++
 .../expat/expat/CVE-2023-52425-0006.patch |  67 ++
 .../expat/expat/CVE-2023-52425-0007.patch | 159 +
 .../expat/expat/CVE-2023-52425-0008.patch |  95 
 .../expat/expat/CVE-2023-52425-0009.patch |  52 
 .../expat/expat/CVE-2023-52425-0010.patch | 111 +
 .../expat/expat/CVE-2023-52425-0011.patch |  89 +++
 .../expat/expat/CVE-2023-52425-0012.patch |  87 +++
 meta/recipes-core/expat/expat_2.5.0.bb|  12 +
 13 files changed, 1132 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch 
b/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
new file mode 100644
index 00..4e21ade018
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
@@ -0,0 +1,40 @@
+From d5b02e96ab95d2a7ae0aea72d00054b9d036d76d Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping 
+Date: Thu, 9 Nov 2023 19:28:05 +0100
+Subject: [PATCH] xmlwf: Document argument "-q"
+
+Rebased-and-adapted-by: Snild Dolkow 
+
+CVE: CVE-2023-52425
+
+Upstream-Status: Backport 
[https://github.com/libexpat/libexpat/commit/d5b02e96ab95d2a7ae0aea72d00054b9d036d76d]
+
+Signed-off-by: Meenali Gupta 
+---
+ doc/xmlwf.xml | 10 ++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/doc/xmlwf.xml b/doc/xmlwf.xml
+index 9603abf..3d35393 100644
+--- a/doc/xmlwf.xml
 b/doc/xmlwf.xml
+@@ -313,6 +313,16 @@ supports both.
+ 
+   
+ 
++  
++-q
++
++  
++Disable reparse deferral, and allow quadratic parse runtime
++on large tokens (default: reparse deferral enabled).
++  
++
++  
++
+   
+ -r
+ 
+-- 
+2.40.0
+
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch 
b/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
new file mode 100644
index 00..8376727778
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
@@ -0,0 +1,87 @@
+From 09fdf998e7cf3f8f9327e6602077791095aedd4d Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping 
+Date: Thu, 9 Nov 2023 19:14:14 +0100
+Subject: [PATCH] xmlwf: Support disabling reparse deferral
+
+Rebased-and-adapted-by: Snild Dolkow 
+
+CVE: CVE-2023-52425
+
+Upstream-Status: Backport 
[https://github.com/libexpat/libexpat/commit/09fdf998e7cf3f8f9327e6602077791095aedd4d]
+
+Signed-off-by: Meenali Gupta 
+---
+ xmlwf/xmlwf.c  | 20 
+ xmlwf/xmlwf_helpgen.py |  4 
+ 2 files changed, 24 insertions(+)
+
+diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c
+index dd023a9..9a5441c 100644
+--- a/xmlwf/xmlwf.c
 b/xmlwf/xmlwf.c
+@@ -911,6 +911,9 @@ usage(const XML_Char *prog, int rc) {
+   T("billion laughs attack protection:\n")
+   T("  NOTE: If you ever need to increase these values for non-attack 
payload, please file a bug report.\n")
+   T("\n")
++  T("reparse deferral:\n")
++  T("  -q disable reparse deferral, and allow [q]uadratic 
parse runtime with large tokens\n")
++  T("\n")
+   T("  -a FACTOR set maximum tolerated [a]mplification factor 
(default: 100.0)\n")
+   T("  -b BYTES  set number of output [b]ytes needed to activate 
(default: 8 MiB)\n")
+   T("\n")
+@@ -967,6 +970,8 @@ tmain(int argc, XML_Char **argv) {
+   unsigned long long

[OE-core][kirkstone][PATCH 1/1] qemu: fix CVE-2023-3019

2024-03-29 Thread Urade, Yogita via lists.openembedded.org 
From: Yogita Urade 

A DMA reentrancy issue leading to a use-after-free error was
found in the e1000e NIC emulation code in QEMU. This issue
could allow a privileged guest user to crash the QEMU process
on the host, resulting in a denial of service.

Fix indent issue in qemu.inc file

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3019

Signed-off-by: Yogita Urade 
---
 meta/recipes-devtools/qemu/qemu.inc   |  19 +-
 .../qemu/qemu/CVE-2023-3019-0001.patch| 135 
 .../qemu/qemu/CVE-2023-3019-0002.patch| 610 ++
 .../qemu/qemu/CVE-2023-3019-0003.patch|  88 +++
 4 files changed, 844 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0003.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index ad6b310137..08ce72546d 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -97,17 +97,20 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2023-3301.patch \
file://CVE-2023-3255.patch \
file://CVE-2023-2861.patch \
-  file://CVE-2020-14394.patch \
-  file://CVE-2023-3354.patch \
-  file://CVE-2023-3180.patch \
-  file://CVE-2021-3638.patch \
-  file://CVE-2023-1544.patch \
-  file://CVE-2023-5088.patch \
-  file://CVE-2024-24474.patch \
-  file://CVE-2023-6693.patch \
+   file://CVE-2020-14394.patch \
+   file://CVE-2023-3354.patch \
+   file://CVE-2023-3180.patch \
+   file://CVE-2021-3638.patch \
+   file://CVE-2023-1544.patch \
+   file://CVE-2023-5088.patch \
+   file://CVE-2024-24474.patch \
+   file://CVE-2023-6693.patch \

file://scsi-disk-allow-MODE-SELECT-block-desriptor-to-set-the-block-size.patch \

file://scsi-disk-ensure-block-size-is-non-zero-and-changes-limited-to-bits-8-15.patch
 \
file://CVE-2023-42467.patch \
+   file://CVE-2023-3019-0001.patch \
+   file://CVE-2023-3019-0002.patch \
+   file://CVE-2023-3019-0003.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
new file mode 100644
index 00..c1ef645eaf
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
@@ -0,0 +1,135 @@
+From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov 
+Date: Wed, 27 Mar 2024 09:41:44 +
+Subject: [PATCH] memory: prevent dma-reentracy issues
+
+Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
+This flag is set/checked prior to calling a device's MemoryRegion
+handlers, and set when device code initiates DMA.  The purpose of this
+flag is to prevent two types of DMA-based reentrancy issues:
+
+1.) mmio -> dma -> mmio case
+2.) bh -> dma write -> mmio case
+
+These issues have led to problems such as stack-exhaustion and
+use-after-frees.
+
+Summary of the problem from Peter Maydell:
+https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
+Resolves: CVE-2023-0330
+
+Signed-off-by: Alexander Bulekov 
+Reviewed-by: Thomas Huth 
+Message-Id: <20230427211013.2994127-2-alx...@bu.edu>
+[thuth: Replace warn_report() with warn_report_once()]
+Signed-off-by: Thomas Huth 
+
+CVE: CVE-2023-3019
+Upstream-Status: Backport 
[https://github.com/qemu/qemu/commit/a2e1753b8054344f32cf94f31c6399a58794a380]
+
+Signed-off-by: Yogita Urade 
+---
+ include/exec/memory.h  |  5 +
+ include/hw/qdev-core.h |  7 +++
+ softmmu/memory.c   | 16 
+ 3 files changed, 28 insertions(+)
+
+diff --git a/include/exec/memory.h b/include/exec/memory.h
+index 20f1b2737..e089f90f9 100644
+--- a/include/exec/memory.h
 b/include/exec/memory.h
+@@ -734,6 +734,8 @@ struct MemoryRegion {
+ bool is_iommu;
+ RAMBlock *ram_block;
+ Object *owner;
++/* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath 
*/
++DeviceState *dev;
+
+ const MemoryRegionOps *ops;
+ void *opaque;
+@@ -757,6 +759,9 @@ struct MemoryRegion {
+ unsigned ioeventfd_nb;
+ MemoryRegionIoeventfd *ioeventfds;
+