[OE-core] [kirkstone][PATCH v2] tiff: fix CVE-2023-52356 CVE-2023-6277
From: Lee Chee Yang
import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277
import from
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
Signed-off-by: Lee Chee Yang
---
v2: fix Upstream-Status format
.../libtiff/tiff/CVE-2023-52356.patch | 54 ++
.../libtiff/tiff/CVE-2023-6277-1.patch| 178 ++
.../libtiff/tiff/CVE-2023-6277-2.patch| 151 +++
.../libtiff/tiff/CVE-2023-6277-3.patch| 46 +
.../libtiff/tiff/CVE-2023-6277-4.patch| 93 +
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 5 +
6 files changed, 527 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-4.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
new file mode 100644
index 00..4eb7d79c8f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
@@ -0,0 +1,54 @@
+CVE: CVE-2023-52356
+Upstream-Status: Backport [upstream :
https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
+ubuntu :
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
]
+Signed-off-by: Lee Chee Yang
+
+[Ubuntu note: Backport of the following patch from upstream, with a few changes
+to match the current version of the file in the present Ubuntu release:
+ . using TIFFErrorExt instead of TIFFErrorExtR (the latter did not exist yet);
+-- Rodrigo Figueiredo Zaiden]
+
+Backport of:
+
+From 51558511bdbbcffdce534db21dbaf5d54b31638a Mon Sep 17 00:00:00 2001
+From: Even Rouault
+Date: Tue, 31 Oct 2023 15:58:41 +0100
+Subject: [PATCH] TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of
+ col/row (fixes #622)
+
+---
+ libtiff/tif_getimage.c | 15 +++
+ 1 file changed, 15 insertions(+)
+
+
+--- tiff-4.3.0.orig/libtiff/tif_getimage.c
tiff-4.3.0/libtiff/tif_getimage.c
+@@ -2942,6 +2942,13 @@ TIFFReadRGBAStripExt(TIFF* tif, uint32_t
+ }
+
+ if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(, tif,
stop_on_error, emsg)) {
++if (row >= img.height)
++{
++TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif),
++ "Invalid row passed to TIFFReadRGBAStrip().");
++TIFFRGBAImageEnd();
++return (0);
++}
+
+ img.row_offset = row;
+ img.col_offset = 0;
+@@ -3018,6 +3025,14 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t
+ return( 0 );
+ }
+
++if (col >= img.width || row >= img.height)
++{
++TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif),
++ "Invalid row/col passed to TIFFReadRGBATile().");
++TIFFRGBAImageEnd();
++return (0);
++}
++
+ /*
+ * The TIFFRGBAImageGet() function doesn't allow us to get off the
+ * edge of the image, even to fill an otherwise valid tile. So we
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
new file mode 100644
index 00..453df897ac
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
@@ -0,0 +1,178 @@
+CVE: CVE-2023-6277
+Upstream-Status: Backport [upstream :
https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a
+ubuntu :
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
]
+Signed-off-by: Lee Chee Yang
+
+[Ubuntu note: Backport of the following patch from upstream, with a few changes
+to match the current version of the file in the present Ubuntu release:
+ . using TIFFWarningExt instead of TIFFWarningExtR (the latter did not exist
yet);
+ . calling _TIFFfree(data) instead of _TIFFfreeExt(tif, data) (the latter did
not exist yet);
+-- Rodrigo Figueiredo Zaiden]
+
+Backport of:
+
+From 5320c9d89c054fa805d037d84c57da874470b01a Mon Sep 17 00:00:00 2001
+From: Su Laus
+Date: Tue, 31 Oct 2023 15:43:29 +
+Subject: [PATCH] Prevent some out-of-memory attacks
+
+Some small fuzzer files fake large amounts of data and provoke out-of-memory
situations. For non-compressed data content / tags, out-of-memory can be
prevented by comparing with the file size.
+
+At image reading, data size of some tags / data structures (StripByteCounts,
StripOffsets, StripArray, TIFF directory) is compared with file size to prevent
provoked out-of-memory attacks.
+
+See issue https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857
+---
+ libtiff/tif_dirread.c | 92 +
[OE-core] [kirkstone][PATCH 2/3] tiff: fix CVE-2023-52356 CVE-2023-6277
From: Lee Chee Yang
import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277
import from
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
Signed-off-by: Lee Chee Yang
---
.../libtiff/tiff/CVE-2023-52356.patch | 55 ++
.../libtiff/tiff/CVE-2023-6277-1.patch| 179 ++
.../libtiff/tiff/CVE-2023-6277-2.patch| 152 +++
.../libtiff/tiff/CVE-2023-6277-3.patch| 47 +
.../libtiff/tiff/CVE-2023-6277-4.patch| 94 +
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 5 +
6 files changed, 532 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-4.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
new file mode 100644
index 00..6c3c5adc52
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
@@ -0,0 +1,55 @@
+CVE: CVE-2023-52356
+Upstream-Status: Backport
+[ upstream :
https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
+ubuntu :
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
]
+Signed-off-by: Lee Chee Yang
+
+[Ubuntu note: Backport of the following patch from upstream, with a few changes
+to match the current version of the file in the present Ubuntu release:
+ . using TIFFErrorExt instead of TIFFErrorExtR (the latter did not exist yet);
+-- Rodrigo Figueiredo Zaiden]
+
+Backport of:
+
+From 51558511bdbbcffdce534db21dbaf5d54b31638a Mon Sep 17 00:00:00 2001
+From: Even Rouault
+Date: Tue, 31 Oct 2023 15:58:41 +0100
+Subject: [PATCH] TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of
+ col/row (fixes #622)
+
+---
+ libtiff/tif_getimage.c | 15 +++
+ 1 file changed, 15 insertions(+)
+
+
+--- tiff-4.3.0.orig/libtiff/tif_getimage.c
tiff-4.3.0/libtiff/tif_getimage.c
+@@ -2942,6 +2942,13 @@ TIFFReadRGBAStripExt(TIFF* tif, uint32_t
+ }
+
+ if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(, tif,
stop_on_error, emsg)) {
++if (row >= img.height)
++{
++TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif),
++ "Invalid row passed to TIFFReadRGBAStrip().");
++TIFFRGBAImageEnd();
++return (0);
++}
+
+ img.row_offset = row;
+ img.col_offset = 0;
+@@ -3018,6 +3025,14 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t
+ return( 0 );
+ }
+
++if (col >= img.width || row >= img.height)
++{
++TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif),
++ "Invalid row/col passed to TIFFReadRGBATile().");
++TIFFRGBAImageEnd();
++return (0);
++}
++
+ /*
+ * The TIFFRGBAImageGet() function doesn't allow us to get off the
+ * edge of the image, even to fill an otherwise valid tile. So we
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
new file mode 100644
index 00..6882529cfb
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
@@ -0,0 +1,179 @@
+CVE: CVE-2023-6277
+Upstream-Status: Backport
+[ upstream :
https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a
+ubuntu :
http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz
]
+Signed-off-by: Lee Chee Yang
+
+[Ubuntu note: Backport of the following patch from upstream, with a few changes
+to match the current version of the file in the present Ubuntu release:
+ . using TIFFWarningExt instead of TIFFWarningExtR (the latter did not exist
yet);
+ . calling _TIFFfree(data) instead of _TIFFfreeExt(tif, data) (the latter did
not exist yet);
+-- Rodrigo Figueiredo Zaiden]
+
+Backport of:
+
+From 5320c9d89c054fa805d037d84c57da874470b01a Mon Sep 17 00:00:00 2001
+From: Su Laus
+Date: Tue, 31 Oct 2023 15:43:29 +
+Subject: [PATCH] Prevent some out-of-memory attacks
+
+Some small fuzzer files fake large amounts of data and provoke out-of-memory
situations. For non-compressed data content / tags, out-of-memory can be
prevented by comparing with the file size.
+
+At image reading, data size of some tags / data structures (StripByteCounts,
StripOffsets, StripArray, TIFF directory) is compared with file size to prevent
provoked out-of-memory attacks.
+
+See issue https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857
+---
+ libtiff/tif_dirread.c | 92 ++
[OE-core] [kirkstone][PATCH 3/3] python3-urllib3: update to v1.26.18
From: Tan Wen Yan
https://github.com/urllib3/urllib3/releases/tag/1.26.18
Major changes in python3-urllib3 1.26.18:
- Made body stripped from HTTP requests changing the request method to GET
after HTTP 303 "See Other" redirect responses. (CVE-2023-45803)
(cherry picked from OE-Core rev: 74da05b63634c248910594456dae286947f33da5)
Signed-off-by: Tan Wen Yan
Signed-off-by: Steve Sakoman
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.17.bb =>
python3-urllib3_1.26.18.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
index 57b166870a..d384b5eb2f 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"
+SRC_URI[sha256sum] =
"f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197572):
https://lists.openembedded.org/g/openembedded-core/message/197572
Mute This Topic: https://lists.openembedded.org/mt/105192938/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 1/3] xwayland: fix CVE-2023-6816 CVE-2024-0408/0409
From: Lee Chee Yang
fix CVE-2023-6816 CVE-2024-0408 CVE-2024-0409
Signed-off-by: Lee Chee Yang
---
.../xwayland/xwayland/CVE-2023-6816.patch | 57
.../xwayland/xwayland/CVE-2024-0408.patch | 65 +++
.../xwayland/xwayland/CVE-2024-0409.patch | 47 ++
.../xwayland/xwayland_22.1.8.bb | 3 +
4 files changed, 172 insertions(+)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0409.patch
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
new file mode 100644
index 00..5c68bfb3c1
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2023-6816
+Upstream-Status: Backport [
https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5cb27032d3e486ba84a491e1420e85171c4c0a3
]
+Signed-off-by: Lee Chee Yang
+
+From b5cb27032d3e486ba84a491e1420e85171c4c0a3 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Thu, 14 Dec 2023 11:29:49 +1000
+Subject: [PATCH] dix: allocate enough space for logical button maps
+
+Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for
+each logical button currently down. Since buttons can be arbitrarily mapped
+to anything up to 255 make sure we have enough bits for the maximum mapping.
+
+CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+(cherry picked from commit 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3)
+---
+ Xi/xiquerypointer.c | 3 +--
+ dix/enterleave.c| 5 +++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c
+index 5b77b1a444..2b05ac5f39 100644
+--- a/Xi/xiquerypointer.c
b/Xi/xiquerypointer.c
+@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client)
+ if (pDev->button) {
+ int i;
+
+-rep.buttons_len =
+-bytes_to_int32(bits_to_bytes(pDev->button->numButtons));
++rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map
up to 255 */
+ rep.length += rep.buttons_len;
+ buttons = calloc(rep.buttons_len, 4);
+ if (!buttons)
+diff --git a/dix/enterleave.c b/dix/enterleave.c
+index 867ec74363..ded8679d76 100644
+--- a/dix/enterleave.c
b/dix/enterleave.c
+@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int
detail,
+
+ mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER);
+
+-/* XI 2 event */
+-btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
++/* XI 2 event contains the logical button map - maps are CARD8
++ * so we need 256 bits for the possibly maximum mapping */
++btlen = (mouse->button) ? bits_to_bytes(256) : 0;
+ btlen = bytes_to_int32(btlen);
+ len = sizeof(xXIFocusInEvent) + btlen * 4;
+
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
b/meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
new file mode 100644
index 00..9063cd00b2
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
@@ -0,0 +1,65 @@
+CVE: CVE-2024-0408
+Upstream-Status: Backport [
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4093057b98bc5a178f130c9ba6b0b28385e24ae5
]
+Signed-off-by: Lee Chee Yang
+
+From 4093057b98bc5a178f130c9ba6b0b28385e24ae5 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan
+Date: Wed, 6 Dec 2023 12:09:41 +0100
+Subject: [PATCH] glx: Call XACE hooks on the GLX buffer
+
+The XSELINUX code will label resources at creation by checking the
+access mode. When the access mode is DixCreateAccess, it will call the
+function to label the new resource SELinuxLabelResource().
+
+However, GLX buffers do not go through the XACE hooks when created,
+hence leaving the resource actually unlabeled.
+
+When, later, the client tries to create another resource using that
+drawable (like a GC for example), the XSELINUX code would try to use
+the security ID of that object which has never been labeled, get a NULL
+pointer and crash when checking whether the requested permissions are
+granted for subject security ID.
+
+To avoid the issue, make sure to call the XACE hooks when creating the
+GLX buffers.
+
+Credit goes to Donn Seeley for providing the patch.
+
+CVE-2024-0408
+
+Signed-off-by: Olivier Fourdan
+Acked-by: Peter Hutterer
+(cherry picked from commit e5e8586a12a3ec915673edffa10dc8fe5e15dac3)
+---
+ glx/glxcmds.c | 8
+ 1 file changed, 8 insertions(+)
+
+diff --git a/glx/glxcmds.c b/glx/glxcmds.c
+index fc26a2e345..1e46d0c723 100644
+--- a/glx/glxcmds.c
b/glx/glxcmds.c
+@@ -48,6 +48,7 @@
+ #include "indirect_util.h"
+ #include &
[OE-core] [nanbield][PATCH v2] openssl: upgrade to 3.1.5
From: Lee Chee Yang
Changes between 3.1.4 and 3.1.5 [30 Jan 2024]
* A file in PKCS12 format can contain certificates and keys and may
come from
an untrusted source. The PKCS12 specification allows certain fields
to be
NULL, but OpenSSL did not correctly check for this case. A fix has
been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted
source
using the OpenSSL APIs then that application will be vulnerable to
this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),
PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However
since this
function is related to writing data we do not consider it security
significant.
([CVE-2024-0727])
https://www.openssl.org/news/cl31.txt
drop fix_random_labels.patch as fixed in
https://github.com/openssl/openssl/commit/99630a1b08fd6464d95052dee4a3500afeb95867
Signed-off-by: Lee Chee Yang
---
v2: install p_minimal.so for ptest package
.../openssl/openssl/fix_random_labels.patch | 22 ---
.../{openssl_3.1.4.bb => openssl_3.1.5.bb}| 4 ++--
2 files changed, 2 insertions(+), 24 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
rename meta/recipes-connectivity/openssl/{openssl_3.1.4.bb =>
openssl_3.1.5.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
deleted file mode 100644
index 78dcd81685..00
--- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-The perl script adds random suffixes to the local function names to ensure
-it doesn't clash with other parts of openssl. Set the random number seed
-to something predictable so the assembler files are generated consistently
-and our own reproducible builds tests pass.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Purdie
-
-Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-===
openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
-+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable= (16 * 6);
- # ;;; Helper functions
- # ;
-
-+# Ensure the local labels are reproduicble
-+srand(1);
-+
- # ; Generates "random" local labels
- sub random_string() {
- my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.1.4.bb
rename to meta/recipes-connectivity/openssl/openssl_3.1.5.bb
index 0fe4e76808..05bfeac45e 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
@@ -11,7 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz
\
file://run-ptest \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://fix_random_labels.patch \
file://0001-Added-handshake-history-reporting-when-test-fails.patch
\
"
@@ -19,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
+SRC_URI[sha256sum] =
"6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262"
inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -187,6 +186,7 @@ PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
install -d ${D}${PTEST_PATH}/test
install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
install -m755 ${B}/test/provider_internal_test.cnf
${D}${PTEST_PATH}/test
# Prune the build tree
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197095):
https://lists.openembedded.org/g/openembedded-core/message/197095
Mute This Topic: https://lists.openembedded.org/mt/104919768/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 7/7] gnutls: Upgrade 3.8.2 -> 3.8.3
From: Simone Weiß
Upgrade version to adress recent CVE findings.
Changelog
=
** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
[GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]
** libgnutls: Fix assertion failure when verifying a certificate chain with a
cycle of cross signatures
[GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567]
** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token
certtool was unable to handle Ed25519 keys generated on PKCS#11
with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.
(cherry-pick from Oe-Core rev 705d2972b38efc9f331e3635c07ca92f8812b365)
Signed-off-by: Simone Weiß
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} (97%)
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.2.bb
b/meta/recipes-support/gnutls/gnutls_3.8.3.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.2.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.3.bb
index 43fb5c4c4e..27d6753be0 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.2.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.3.bb
@@ -25,7 +25,7 @@ SRC_URI =
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://Add-ptest-support.patch \
"
-SRC_URI[sha256sum] =
"e765e5016ffa9b9dd243e363a0460d57707ee2491267db2e96c9c2adef77"
+SRC_URI[sha256sum] =
"f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196926):
https://lists.openembedded.org/g/openembedded-core/message/196926
Mute This Topic: https://lists.openembedded.org/mt/104859416/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 6/7] gnutls: upgrade 3.8.1 -> 3.8.2
From: Wang Mingyu
Changelog:
** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
** libgnutls: Add API functions to perform ECDH and DH key agreement
** libgnutls: Added support for AES-GCM-SIV ciphers
** libgnutls: transparent KTLS support is extended to FreeBSD kernel
** gnutls-cli: New option --starttls-name
(cherry-pick from Oe-Core rev 3c01bb0be8ddafa0aa1ad996ec524b51fd28f512)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
.../recipes-support/gnutls/{gnutls_3.8.1.bb => gnutls_3.8.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/gnutls/{gnutls_3.8.1.bb => gnutls_3.8.2.bb} (97%)
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.1.bb
b/meta/recipes-support/gnutls/gnutls_3.8.2.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.1.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.2.bb
index 455031dd47..43fb5c4c4e 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.2.bb
@@ -25,7 +25,7 @@ SRC_URI =
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://Add-ptest-support.patch \
"
-SRC_URI[sha256sum] =
"ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c"
+SRC_URI[sha256sum] =
"e765e5016ffa9b9dd243e363a0460d57707ee2491267db2e96c9c2adef77"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196925):
https://lists.openembedded.org/g/openembedded-core/message/196925
Mute This Topic: https://lists.openembedded.org/mt/104859415/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 5/7] bind: Upgrade 9.18.21 -> 9.18.24
From: Soumya Sambu
Changelog:
=
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
- Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
- Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
9.18.22:
- Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
- Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
- Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
- Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
- Address race conditions in dns_tsigkey_find().
[GL #4182]
- Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
- Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
- Log more details about the cause of "not exact" errors.
[GL #4500]
- The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
- The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
- Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
- NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
(cherry-pick from Oe-Core rev d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)
Signed-off-by: Soumya Sambu
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../bind/{bind_9.18.21.bb => bind_9.18.24.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.21.bb => bind_9.18.24.bb}
(97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.21.bb
b/meta/recipes-connectivity/bind/bind_9.18.24.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.21.bb
rename to meta/recipes-connectivity/bind/bind_9.18.24.bb
index f5fb4bd1e5..2874990320 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.21.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb
@@ -20,7 +20,7 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] =
"a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5"
+SRC_URI[sha256sum] =
"709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
# follow the ESV versions divisible by 2
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196924):
https://lists.openembedded.org/g/openembedded-core/message/196924
Mute This Topic: https://lists.openembedded.org/mt/104859414/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 4/7] bind: upgrade 9.18.20 -> 9.18.21
From: Wang Mingyu
bind-ensure-searching-for-json-headers-searches-sysr.patch
refreshed for 9.18.21
Changelog:
==
-Improve LRU cleaning behaviour.
-The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are
deprecated; a warning will be logged if they are used.
-BIND might sometimes crash after startup or re-configuration when one 'tls'
entry is used multiple times to connect to remote servers due to initialisation
attempts from contexts of multiple threads. That has been fixed.
-Dig +yaml will now report "no servers could be reached" also for UDP setup
failure when no other servers or tries are left.
-Recognize escapes when reading the public key from file.
-Dig +yaml will now report "no servers could be reached" on TCP connection
failure as well as for UDP timeouts.
-Deprecate AES-based DNS cookies.
(cherry-pick from Oe-core rev b750d54622a0fa0a35d83ddc59f07661e903360b)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
...nd-ensure-searching-for-json-headers-searches-sysr.patch | 6 +++---
.../bind/{bind_9.18.20.bb => bind_9.18.21.bb} | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.18.20.bb => bind_9.18.21.bb}
(97%)
diff --git
a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
index f1abd179e8..38d07cae39 100644
---
a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++
b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
-From 246087f89e9434b726c7884e4c0964f71084f091 Mon Sep 17 00:00:00 2001
+From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001
From: Paul Gortmaker
Date: Tue, 9 Jun 2015 11:22:00 -0400
Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -33,10 +33,10 @@ Signed-off-by: Paul Gortmaker
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 10e8bf6..bf20690 100644
+index 2ab8ddd..92fe983 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -814,7 +814,7 @@ AS_CASE([$with_lmdb],
+@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb],
[no],[],
[auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb],
[ac_lib_lmdb_found=yes],
diff --git a/meta/recipes-connectivity/bind/bind_9.18.20.bb
b/meta/recipes-connectivity/bind/bind_9.18.21.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.20.bb
rename to meta/recipes-connectivity/bind/bind_9.18.21.bb
index 187685eef5..f5fb4bd1e5 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.20.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.21.bb
@@ -20,7 +20,7 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] =
"4b891ebf58d3f2a7ac3dd2682990f528a3448eaa1c992ddc5c141b8587a98ec5"
+SRC_URI[sha256sum] =
"a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
# follow the ESV versions divisible by 2
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196923):
https://lists.openembedded.org/g/openembedded-core/message/196923
Mute This Topic: https://lists.openembedded.org/mt/104859413/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 2/7] openssl: upgrade to 3.1.5
From: Lee Chee Yang
Changes between 3.1.4 and 3.1.5 [30 Jan 2024]
* A file in PKCS12 format can contain certificates and keys and may
come from
an untrusted source. The PKCS12 specification allows certain fields
to be
NULL, but OpenSSL did not correctly check for this case. A fix has
been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted
source
using the OpenSSL APIs then that application will be vulnerable to
this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),
PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However
since this
function is related to writing data we do not consider it security
significant.
([CVE-2024-0727])
https://www.openssl.org/news/cl31.txt
drop fix_random_labels.patch as fixed in
https://github.com/openssl/openssl/commit/99630a1b08fd6464d95052dee4a3500afeb95867
Signed-off-by: Lee Chee Yang
---
.../openssl/openssl/fix_random_labels.patch | 22 ---
.../{openssl_3.1.4.bb => openssl_3.1.5.bb}| 3 +--
2 files changed, 1 insertion(+), 24 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
rename meta/recipes-connectivity/openssl/{openssl_3.1.4.bb =>
openssl_3.1.5.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
deleted file mode 100644
index 78dcd81685..00
--- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-The perl script adds random suffixes to the local function names to ensure
-it doesn't clash with other parts of openssl. Set the random number seed
-to something predictable so the assembler files are generated consistently
-and our own reproducible builds tests pass.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Purdie
-
-Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-===
openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
-+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable= (16 * 6);
- # ;;; Helper functions
- # ;
-
-+# Ensure the local labels are reproduicble
-+srand(1);
-+
- # ; Generates "random" local labels
- sub random_string() {
- my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.1.4.bb
rename to meta/recipes-connectivity/openssl/openssl_3.1.5.bb
index 0fe4e76808..9c1d4e31be 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
@@ -11,7 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz
\
file://run-ptest \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://fix_random_labels.patch \
file://0001-Added-handshake-history-reporting-when-test-fails.patch
\
"
@@ -19,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
+SRC_URI[sha256sum] =
"6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262"
inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196921):
https://lists.openembedded.org/g/openembedded-core/message/196921
Mute This Topic: https://lists.openembedded.org/mt/104859411/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 3/7] python3-jinja2: upgrade 3.1.2 -> 3.1.3
From: Wang Mingyu
Changelog:
==
-Fix compiler error when checking if required blocks in parent templates are
empty.
-xmlattr filter does not allow keys with spaces.
-Make error messages stemming from invalid nesting of {% trans %} blocks more
helpful
upgrade include fix for CVE-2024-22195.
(cherry-pick from Oe-Core rev 8a0524464583d69df7746253f5020c2c125a8e1f)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../python/{python3-jinja2_3.1.2.bb => python3-jinja2_3.1.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-jinja2_3.1.2.bb =>
python3-jinja2_3.1.3.bb} (92%)
diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
b/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
similarity index 92%
rename from meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
rename to meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
index fa6d930a9c..18057809c8 100644
--- a/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
+++ b/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/Jinja2/;
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
-SRC_URI[sha256sum] =
"31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"
+SRC_URI[sha256sum] =
"ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"
PYPI_PACKAGE = "Jinja2"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196922):
https://lists.openembedded.org/g/openembedded-core/message/196922
Mute This Topic: https://lists.openembedded.org/mt/104859412/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 1/7] libxml2: upgrade to 2.11.7
From: Lee Chee Yang
libxml2 2.11.7
Security
[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
libxml2 2.11.6
Regressions
threads: Fix --with-thread-alloc
xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
Bug fixes
parser: Fix potential use-after-free in xmlParseCharDataInternal
Signed-off-by: Lee Chee Yang
---
.../libxml/{libxml2_2.11.5.bb => libxml2_2.11.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/libxml/{libxml2_2.11.5.bb => libxml2_2.11.7.bb} (97%)
diff --git a/meta/recipes-core/libxml/libxml2_2.11.5.bb
b/meta/recipes-core/libxml/libxml2_2.11.7.bb
similarity index 97%
rename from meta/recipes-core/libxml/libxml2_2.11.5.bb
rename to meta/recipes-core/libxml/libxml2_2.11.7.bb
index fc82912df2..482ce9042d 100644
--- a/meta/recipes-core/libxml/libxml2_2.11.5.bb
+++ b/meta/recipes-core/libxml/libxml2_2.11.7.bb
@@ -18,7 +18,7 @@ SRC_URI +=
"http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
file://install-tests.patch \
"
-SRC_URI[archive.sha256sum] =
"3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6"
+SRC_URI[archive.sha256sum] =
"fb27720e25eaf457f94fd3d7189bcf2626c6dccf4201553bc8874d50e3560162"
SRC_URI[testtar.sha256sum] =
"c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
# Disputed as a security issue, but fixed in d39f780
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196920):
https://lists.openembedded.org/g/openembedded-core/message/196920
Mute This Topic: https://lists.openembedded.org/mt/104859410/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][patch 3/3] xwayland: Fix CVE-2023-6377 CVE-2023-6478
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../xwayland/xwayland/CVE-2023-6377.patch | 82 +++
.../xwayland/xwayland/CVE-2023-6478.patch | 66 +++
.../xwayland/xwayland_22.1.8.bb | 2 +
3 files changed, 150 insertions(+)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6377.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6478.patch
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6377.patch
b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6377.patch
new file mode 100644
index 00..f650f495a3
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6377.patch
@@ -0,0 +1,82 @@
+CVE: CVE-2023-6377
+Upstream-Status: Backport [
https://gitlab.freedesktop.org/xorg/xserver/-/commit/19e9f199950aaa4b9b7696936d1b067475da999c
]
+Signed-off-by: Lee Chee Yang
+
+
+From 19e9f199950aaa4b9b7696936d1b067475da999c Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Tue, 28 Nov 2023 15:19:04 +1000
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
+
+button->xkb_acts is supposed to be an array sufficiently large for all
+our buttons, not just a single XkbActions struct. Allocating
+insufficient memory here means when we memcpy() later in
+XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
+leading to the usual security ooopsiedaisies.
+
+CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+(cherry picked from commit 0c1a93d319558fe3ab2d94f51d174b4f93810afd)
+---
+ Xi/exevents.c | 12 ++--
+ dix/devices.c | 10 ++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index dcd4efb3bc..54ea11a938 100644
+--- a/Xi/exevents.c
b/Xi/exevents.c
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr
to)
+ }
+
+ if (from->button->xkb_acts) {
+-if (!to->button->xkb_acts) {
+-to->button->xkb_acts = calloc(1, sizeof(XkbAction));
+-if (!to->button->xkb_acts)
+-FatalError("[Xi] not enough memory for xkb_acts.\n");
+-}
++size_t maxbuttons = max(to->button->numButtons,
from->button->numButtons);
++to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++ maxbuttons,
++ sizeof(XkbAction));
++memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
+ memcpy(to->button->xkb_acts, from->button->xkb_acts,
+- sizeof(XkbAction));
++ from->button->numButtons * sizeof(XkbAction));
+ }
+ else {
+ free(to->button->xkb_acts);
+diff --git a/dix/devices.c b/dix/devices.c
+index 7150734a58..20fef16923 100644
+--- a/dix/devices.c
b/dix/devices.c
+@@ -2530,6 +2530,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+
+ if (master->button && master->button->numButtons != maxbuttons) {
+ int i;
++int last_num_buttons = master->button->numButtons;
++
+ DeviceChangedEvent event = {
+ .header = ET_Internal,
+ .type = ET_DeviceChanged,
+@@ -2540,6 +2542,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+ };
+
+ master->button->numButtons = maxbuttons;
++if (last_num_buttons < maxbuttons) {
++master->button->xkb_acts =
xnfreallocarray(master->button->xkb_acts,
++ maxbuttons,
++ sizeof(XkbAction));
++memset(>button->xkb_acts[last_num_buttons],
++ 0,
++ (maxbuttons - last_num_buttons) * sizeof(XkbAction));
++}
+
+ memcpy(, master->button->labels, maxbuttons *
+sizeof(Atom));
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6478.patch
b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6478.patch
new file mode 100644
index 00..23fbc0e9e2
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-6478.patch
@@ -0,0 +1,66 @@
+CVE: CVE-2023-6478
+Upstream-Status: Backport [
https://gitlab.freedesktop.org/xorg/xserver/-/commit/aaf854fb25541380cc38a221c15f0e8372f48872
]
+Signed-off-by: Lee Chee Yang
+
+
+From aaf854fb25541380cc38a221c15f0e8372f48872 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Mon, 27 Nov 2023 16:27:49 +1000
+Subject: [PATCH] randr: avoid integer truncation in length check of
+ ProcRRChange*Property
+
+Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
+See also xserver@
[OE-core] [kirkstone][patch 2/3] python3-jinja2: upgrade 3.1.2 -> 3.1.3
From: Wang Mingyu
Changelog:
==
-Fix compiler error when checking if required blocks in parent templates are
empty.
-xmlattr filter does not allow keys with spaces.
-Make error messages stemming from invalid nesting of {% trans %} blocks more
helpful
(cherry picked from OE-Core rev: 8a0524464583d69df7746253f5020c2c125a8e1f)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../python/{python3-jinja2_3.1.2.bb => python3-jinja2_3.1.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-jinja2_3.1.2.bb =>
python3-jinja2_3.1.3.bb} (92%)
diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
b/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
similarity index 92%
rename from meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
rename to meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
index 80e0b85670..068e21bf5f 100644
--- a/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
+++ b/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/Jinja2/;
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
-SRC_URI[sha256sum] =
"31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"
+SRC_URI[sha256sum] =
"ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"
PYPI_PACKAGE = "Jinja2"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194342):
https://lists.openembedded.org/g/openembedded-core/message/194342
Mute This Topic: https://lists.openembedded.org/mt/103969589/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][patch 1/3] python3-jinja2: upgrade 3.1.1 -> 3.1.2
From: Alexander Kanavin
(cherry picked from OE-Core rev: 1e58fa1fff649a4ab07290d2b0e5a8d69d51ef16)
Signed-off-by: Alexander Kanavin
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../python/{python3-jinja2_3.1.1.bb => python3-jinja2_3.1.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-jinja2_3.1.1.bb =>
python3-jinja2_3.1.2.bb} (92%)
diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.1.bb
b/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
similarity index 92%
rename from meta/recipes-devtools/python/python3-jinja2_3.1.1.bb
rename to meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
index c38686a5c2..80e0b85670 100644
--- a/meta/recipes-devtools/python/python3-jinja2_3.1.1.bb
+++ b/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/Jinja2/;
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
-SRC_URI[sha256sum] =
"640bed4bb501cbd17194b3cace1dc2126f5b619cf068a726b98192a0fde74ae9"
+SRC_URI[sha256sum] =
"31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852"
PYPI_PACKAGE = "Jinja2"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194341):
https://lists.openembedded.org/g/openembedded-core/message/194341
Mute This Topic: https://lists.openembedded.org/mt/103969588/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 1/2] sudo: upgrade 1.9.14p3 -> 1.9.15p2
From: Xiangyu Chen
Changelog:
===
1.9.15p2:
- Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
1.9.15p1:
- Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
1.9.15:
- Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
- Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
- Fixed the warning message for "sudo -l command" when the command
is not permitted. There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
- Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal. Bug #1056.
- The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes. GitHub issue #294.
- The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries. Previously, they only worked when running binaries
with the same word size as the sudo binary. GitHub issue #289.
- The sudoers source is now logged in the JSON event log. This
makes it possible to tell which rule resulted in a match.
Running "sudo -ll command" now produces verbose output that
includes matching rule as well as the path to the sudoers file
the matching rule came from. For LDAP sudoers, the name of the
matching sudoRole is printed instead.
- The embedded copy of zlib has been updated to version 1.3.
- The sudoers plugin has been modified to make it more resilient
to ROWHAMMER attacks on authentication and policy matching.
This addresses CVE-2023-42465.
- The sudoers plugin now constructs the user time stamp file path
name using the user-ID instead of the user name. This avoids a
potential problem with user names that contain a path separator
('/') being interpreted as part of the path name. A similar
issue in sudo-rs has been assigned CVE-2023-42456.
- A path separator ('/') in a user, group or host name is now
replaced with an underbar character ('_') when expanding escapes
in @include and @includedir directives as well as the "iolog_file"
and "iolog_dir" sudoers Default settings.
- The "intercept_verify" sudoers option is now only applied when
the "intercept" option is set in sudoers. Previously, it was
also applied when "log_subcmds" was enabled. Sudo 1.9.14
contained an incorrect fix for this. Bug #1058.
- Changes to terminal settings are now performed atomically, where
possible. If the command is being run in a pseudo-terminal and
the user's terminal is already in raw mode, sudo will not change
the user's terminal settings. This prevents concurrent sudo
processes from restoring the terminal settings to the wrong values.
GitHub issue #312.
- Reverted a change from sudo 1.9.4 that resulted in PAM session
modules being called with the environment of the command to be
run instead of the environment of the invoking user.
GitHub issue #318.
- New Indonesian translation from translationproject.org.
- The sudo_logsrvd server will now raise its open file descriptor
limit to the maximum allowed value when it starts up. Each
connection can require up to nine open file descriptors so the
default soft limit may be too low.
- Better log message when rejecting a command if the "intercept"
option is enabled and the "intercept_allow_setid" option is
disabled. Previously, "command not allowed" would be logged and
the user had no way of knowing what the actual problem was.
- Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs. The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.
(cherry picked from OE-Core rev 5ea298680a8f17d3b808a2c43b0182e9c391f663)
Signed-off-by: Xiangyu Chen
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
.../sudo/{sudo_1.9.14p3.bb => sudo_1.9.15p2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/sudo/{sudo_1.9.14p3.bb => sudo_1.9.15p2.bb} (96%)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.14p3.bb
b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.14p3.bb
rename to meta/recipes-extended/sudo/sudo_1.9.15p2.bb
index d5c5718ea5..431dfba3c2 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.14p3.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
[OE-core] [nanbield][patch 2/2] sudo: upgrade from 1.9.15p2 to 1.9.15p5
From: Chen Qi
(cherry picked from OE-Core rev 4b2eccc0ee3f2906f9b04de194b9df6e24c2cdf4)
Signed-off-by: Chen Qi
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} (96%)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.15p2.bb
rename to meta/recipes-extended/sudo/sudo_1.9.15p5.bb
index 431dfba3c2..8e542015ad 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] =
"199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
+SRC_URI[sha256sum] =
"558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194132):
https://lists.openembedded.org/g/openembedded-core/message/194132
Mute This Topic: https://lists.openembedded.org/mt/103883287/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 1/2] xwayland: upgrade 23.2.2 -> 23.2.3
From: Wang Mingyu
upgrade include fix for CVE-2023-6377 CVE-2023-6478
(Cherry-pick from OE-Core rev: bf0bb7b94ed4930145af5f1fb3836157daceb6bb)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../xwayland/{xwayland_23.2.2.bb => xwayland_23.2.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xwayland/{xwayland_23.2.2.bb =>
xwayland_23.2.3.bb} (95%)
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
b/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
rename to meta/recipes-graphics/xwayland/xwayland_23.2.3.bb
index 9feac147db..9aa7b4dfcd 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz;
-SRC_URI[sha256sum] =
"9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8"
+SRC_URI[sha256sum] =
"eb9d9aa7232c47412c8835ec15a97c575f03563726c787754ff0c019bd07e302"
UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193822):
https://lists.openembedded.org/g/openembedded-core/message/193822
Mute This Topic: https://lists.openembedded.org/mt/103758105/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 2/2] curl: Fix CVE-2023-46219
From: Lee Chee Yang
Upstream docs for CVE-2023-46219:
https://curl.se/docs/CVE-2023-46219.html
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-46219.patch| 131 ++
meta/recipes-support/curl/curl_8.4.0.bb | 1 +
2 files changed, 132 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219.patch
b/meta/recipes-support/curl/curl/CVE-2023-46219.patch
new file mode 100644
index 00..d6c8925218
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46219.patch
@@ -0,0 +1,131 @@
+CVE: CVE-2023-46219
+Upstream-Status: Backport [
https://github.com/curl/curl/commit/73b65e94f3531179de45 ]
+Signed-off-by: Lee Chee Yang
+
+From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Thu, 23 Nov 2023 08:23:17 +0100
+Subject: [PATCH] fopen: create short(er) temporary file name
+
+Only using random letters in the name plus a ".tmp" extension. Not by
+appending characters to the final file name.
+
+Reported-by: Maksymilian Arciemowicz
+
+Closes #12388
+---
+ lib/fopen.c | 65 -
+ 1 file changed, 60 insertions(+), 5 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 75b8a7aa534085..a73ac068ea3016 100644
+--- a/lib/fopen.c
b/lib/fopen.c
+@@ -39,6 +39,51 @@
+ #include "curl_memory.h"
+ #include "memdebug.h"
+
++/*
++ The dirslash() function breaks a null-terminated pathname string into
++ directory and filename components then returns the directory component up
++ to, *AND INCLUDING*, a final '/'. If there is no directory in the path,
++ this instead returns a "" string.
++
++ This function returns a pointer to malloc'ed memory.
++
++ The input path to this function is expected to have a file name part.
++*/
++
++#ifdef _WIN32
++#define PATHSEP "\\"
++#define IS_SEP(x) (((x) == '/') || ((x) == '\\'))
++#elif defined(MSDOS) || defined(__EMX__) || defined(OS2)
++#define PATHSEP "\\"
++#define IS_SEP(x) ((x) == '\\')
++#else
++#define PATHSEP "/"
++#define IS_SEP(x) ((x) == '/')
++#endif
++
++static char *dirslash(const char *path)
++{
++ size_t n;
++ struct dynbuf out;
++ DEBUGASSERT(path);
++ Curl_dyn_init(, CURL_MAX_INPUT_LENGTH);
++ n = strlen(path);
++ if(n) {
++/* find the rightmost path separator, if any */
++while(n && !IS_SEP(path[n-1]))
++ --n;
++/* skip over all the path separators, if any */
++while(n && IS_SEP(path[n-1]))
++ --n;
++ }
++ if(Curl_dyn_addn(, path, n))
++return NULL;
++ /* if there was a directory, append a single trailing slash */
++ if(n && Curl_dyn_addn(, PATHSEP, 1))
++return NULL;
++ return Curl_dyn_ptr();
++}
++
+ /*
+ * Curl_fopen() opens a file for writing with a temp name, to be renamed
+ * to the final name when completed. If there is an existing file using this
+@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char
*filename,
+ FILE **fh, char **tempname)
+ {
+ CURLcode result = CURLE_WRITE_ERROR;
+- unsigned char randsuffix[9];
++ unsigned char randbuf[41];
+ char *tempstore = NULL;
+ struct_stat sb;
+ int fd = -1;
++ char *dir;
+ *tempname = NULL;
+
++ dir = dirslash(filename);
++ if(!dir)
++goto fail;
++
+ *fh = fopen(filename, FOPEN_WRITETEXT);
+ if(!*fh)
+ goto fail;
+- if(fstat(fileno(*fh), ) == -1 || !S_ISREG(sb.st_mode))
++ if(fstat(fileno(*fh), ) == -1 || !S_ISREG(sb.st_mode)) {
++free(dir);
+ return CURLE_OK;
++ }
+ fclose(*fh);
+ *fh = NULL;
+
+- result = Curl_rand_alnum(data, randsuffix, sizeof(randsuffix));
++ result = Curl_rand_alnum(data, randbuf, sizeof(randbuf));
+ if(result)
+ goto fail;
+
+- tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
++ /* The temp file name should not end up too long for the target file
++ system */
++ tempstore = aprintf("%s%s.tmp", dir, randbuf);
+ if(!tempstore) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
+@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char
*filename,
+ if(!*fh)
+ goto fail;
+
++ free(dir);
+ *tempname = tempstore;
+ return CURLE_OK;
+
+@@ -105,7 +160,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char
*filename,
+ }
+
+ free(tempstore);
+-
++ free(dir);
+ return result;
+ }
+
diff --git a/meta/recipes-support/curl/curl_8.4.0.bb
b/meta/recipes-support/curl/curl_8.4.0.bb
index 8f1ba52692..977404c963 100644
--- a/meta/recipes-support/curl/curl_8.4.0.bb
+++ b/meta/recipes-support/curl/curl_8.4.0.bb
@@ -14,6 +14,7 @@ SRC_URI = " \
file://run-ptest \
file://disable-tests \
file://CVE-2023-46218.patch \
+file://CVE-2023-46219.patch \
"
SRC_URI[sha256sum] =
"16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d7
[OE-core] [master][nanbield][patch] qemu: 8.1.2 -> 8.1.4
From: Lee Chee Yang
update include fix for CVE-2023-3019.
CVE-2023-3019 :
https://github.com/qemu/qemu/commit/88e79a2dfda319f9ebec2cc8a5c3c9733716d13f
Signed-off-by: Lee Chee Yang
---
.../qemu/{qemu-native_8.1.2.bb => qemu-native_8.1.4.bb} | 0
...{qemu-system-native_8.1.2.bb => qemu-system-native_8.1.4.bb} | 0
meta/recipes-devtools/qemu/qemu.inc | 2 +-
meta/recipes-devtools/qemu/{qemu_8.1.2.bb => qemu_8.1.4.bb} | 0
4 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/qemu/{qemu-native_8.1.2.bb =>
qemu-native_8.1.4.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_8.1.2.bb =>
qemu-system-native_8.1.4.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu_8.1.2.bb => qemu_8.1.4.bb} (100%)
diff --git a/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb
b/meta/recipes-devtools/qemu/qemu-native_8.1.4.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_8.1.2.bb
rename to meta/recipes-devtools/qemu/qemu-native_8.1.4.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb
b/meta/recipes-devtools/qemu/qemu-system-native_8.1.4.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_8.1.4.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 70515d980e..afa2915b1d 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -41,7 +41,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
-SRC_URI[sha256sum] =
"541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087"
+SRC_URI[sha256sum] =
"176dd6d0bdcc4c71a94172d12ddb7a3b2e8e20d638e5db26138165a382be2dbd"
SRC_URI:append:class-target = " file://cross.patch"
SRC_URI:append:class-nativesdk = " file://cross.patch"
diff --git a/meta/recipes-devtools/qemu/qemu_8.1.2.bb
b/meta/recipes-devtools/qemu/qemu_8.1.4.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu_8.1.2.bb
rename to meta/recipes-devtools/qemu/qemu_8.1.4.bb
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193637):
https://lists.openembedded.org/g/openembedded-core/message/193637
Mute This Topic: https://lists.openembedded.org/mt/103734889/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][patch] curl: fix CVE-2023-46218
From: Lee Chee Yang
import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz
upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-46218.patch| 52 +++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46218.patch
b/meta/recipes-support/curl/curl/CVE-2023-46218.patch
new file mode 100644
index 00..c9677b6a84
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46218.patch
@@ -0,0 +1,52 @@
+CVE: CVE-2023-46218
+Upstream-Status: Backport [ import from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz
upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57 ]
+Signed-off-by: Lee Chee Yang
+
+Backport of:
+
+From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Thu, 23 Nov 2023 08:15:47 +0100
+Subject: [PATCH] cookie: lowercase the domain names before PSL checks
+
+Reported-by: Harry Sintonen
+
+Closes #12387
+---
+ lib/cookie.c | 24
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+--- a/lib/cookie.c
b/lib/cookie.c
+@@ -967,15 +967,23 @@ Curl_cookie_add(struct Curl_easy *data,
+ #ifdef USE_LIBPSL
+ /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
+ if(domain && co->domain && !isip(co->domain)) {
+-const psl_ctx_t *psl = Curl_psl_use(data);
+-int acceptable;
+-
+-if(psl) {
+- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
+- Curl_psl_release(data);
++bool acceptable = FALSE;
++char lcase[256];
++char lcookie[256];
++size_t dlen = strlen(domain);
++size_t clen = strlen(co->domain);
++if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
++ const psl_ctx_t *psl = Curl_psl_use(data);
++ if(psl) {
++/* the PSL check requires lowercase domain name and pattern */
++Curl_strntolower(lcase, domain, dlen + 1);
++Curl_strntolower(lcookie, co->domain, clen + 1);
++acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
++Curl_psl_release(data);
++ }
++ else
++acceptable = !bad_domain(domain);
+ }
+-else
+- acceptable = !bad_domain(domain);
+
+ if(!acceptable) {
+ infof(data, "cookie '%s' dropped, domain '%s' must not "
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb
b/meta/recipes-support/curl/curl_7.69.1.bb
index 82b07bc554..a8e6c4f3ee 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -57,6 +57,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2023-38546.patch \
file://CVE-2023-28321.patch \
file://CVE-2023-28322.patch \
+ file://CVE-2023-46218.patch \
"
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192692):
https://lists.openembedded.org/g/openembedded-core/message/192692
Mute This Topic: https://lists.openembedded.org/mt/103258308/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH] curl: fix CVE-2023-46218
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-46218.patch| 52 +++
meta/recipes-support/curl/curl_8.4.0.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46218.patch
b/meta/recipes-support/curl/curl/CVE-2023-46218.patch
new file mode 100644
index 00..de2f095664
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46218.patch
@@ -0,0 +1,52 @@
+CVE: CVE-2023-46218
+Upstream-Status: Backport [
https://github.com/curl/curl/commit/2b0994c29a721c91c57 ]
+Signed-off-by: Lee Chee Yang
+
+From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Thu, 23 Nov 2023 08:15:47 +0100
+Subject: [PATCH] cookie: lowercase the domain names before PSL checks
+
+Reported-by: Harry Sintonen
+
+Closes #12387
+---
+ lib/cookie.c | 24
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 568cf537ad1b1f..9095cea3e97f22 100644
+--- a/lib/cookie.c
b/lib/cookie.c
+@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data,
+* dereference it.
+*/
+ if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
+-const psl_ctx_t *psl = Curl_psl_use(data);
+-int acceptable;
+-
+-if(psl) {
+- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
+- Curl_psl_release(data);
++bool acceptable = FALSE;
++char lcase[256];
++char lcookie[256];
++size_t dlen = strlen(domain);
++size_t clen = strlen(co->domain);
++if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
++ const psl_ctx_t *psl = Curl_psl_use(data);
++ if(psl) {
++/* the PSL check requires lowercase domain name and pattern */
++Curl_strntolower(lcase, domain, dlen + 1);
++Curl_strntolower(lcookie, co->domain, clen + 1);
++acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
++Curl_psl_release(data);
++ }
++ else
++acceptable = !bad_domain(domain, strlen(domain));
+ }
+-else
+- acceptable = !bad_domain(domain, strlen(domain));
+
+ if(!acceptable) {
+ infof(data, "cookie '%s' dropped, domain '%s' must not "
diff --git a/meta/recipes-support/curl/curl_8.4.0.bb
b/meta/recipes-support/curl/curl_8.4.0.bb
index 5f97730bf4..8f1ba52692 100644
--- a/meta/recipes-support/curl/curl_8.4.0.bb
+++ b/meta/recipes-support/curl/curl_8.4.0.bb
@@ -13,6 +13,7 @@ SRC_URI = " \
https://curl.se/download/${BP}.tar.xz \
file://run-ptest \
file://disable-tests \
+file://CVE-2023-46218.patch \
"
SRC_URI[sha256sum] =
"16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192688):
https://lists.openembedded.org/g/openembedded-core/message/192688
Mute This Topic: https://lists.openembedded.org/mt/103257410/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] curl: update to 8.5.0
From: Lee Chee Yang
update include fix for CVE-2023-46218.
skip test 1477 which check that libcurl-errors.3 and the public
header files have the same set of error codes.
Notes: This test is not included in the source tarball.
https://github.com/curl/curl/issues/12462
Release Notes:
curl and libcurl 8.5.0
Public curl releases: 253
Command line options: 258
curl_easy_setopt() options: 303
Public functions in libcurl: 93
Contributors: 3039
This release includes the following changes:
o gnutls: support CURLSSLOPT_NATIVE_CA [31]
o HTTP3: ngtcp2 builds are no longer experimental [77]
This release includes the following bugfixes:
o appveyor: make VS2008-built curl tool runnable [93]
o asyn-thread: use pipe instead of socketpair for IPC when available [4]
o autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` [128]
o autotools: avoid passing `LDFLAGS` twice to libcurl [127]
o autotools: delete LCC compiler support bits [137]
o autotools: fix/improve gcc and Apple clang version detection [136]
o autotools: stop setting `-std=gnu89` with `--enable-warnings` [135]
o autotools: update references to deleted `crypt-auth` option [46]
o BINDINGS: add V binding [54]
o build: add `src/.checksrc` to source tarball [1]
o build: add more picky warnings and fix them [172]
o build: always revert `#pragma GCC diagnostic` after use [143]
o build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` [107]
o build: delete support bits for obsolete Windows compilers [106]
o build: fix 'threadsafe' feature detection for older gcc [19]
o build: fix builds that disable protocols but not digest auth [174]
o build: fix compiler warning with auths disabled [85]
o build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` [120]
o build: picky warning updates [125]
o build: require Windows XP or newer [86]
o cfilter: provide call to tell connection to forget a socket [65]
o checksrc.pl: support #line instructions
o CI: add autotools, out-of-tree, debug build to distro check job [14]
o CI: ignore test 286 on Appveyor gcc 9 build [6]
o cmake: add `CURL_DISABLE_BINDLOCAL` option [146]
o cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` [138]
o cmake: dedupe Windows system libs [114]
o cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection [2]
o cmake: fix CURL_DISABLE_GETOPTIONS [12]
o cmake: fix multiple include of CURL package [96]
o cmake: fix OpenSSL quic detection in quiche builds [56]
o cmake: option to disable install & drop `curlu` target when unused [72]
o cmake: pre-fill rest of detection values for Windows [50]
o cmake: replace `check_library_exists_concat()` [23]
o cmake: speed up threads setup for Windows [68]
o cmake: speed up zstd detection [69]
o config-win32: set `HAVE_SNPRINTF` for mingw-w64 [123]
o configure: better --disable-http [80]
o configure: check for the fseeko declaration too [55]
o conncache: use the closure handle when disconnecting surplus connections
[173]
o content_encoding: make Curl_all_content_encodings allocless [101]
o cookie: lowercase the domain names before PSL checks [160]
o curl.h: delete Symbian OS references [162]
o curl.h: on FreeBSD include sys/param.h instead of osreldate.h [21]
o curl.rc: switch out the copyright symbol for plain ASCII [167]
o curl: improved IPFS and IPNS URL support [87]
o curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped [99]
o Curl_http_body: cleanup properly when Curl_getformdata errors [152]
o curl_setup: disallow Windows IPv6 builds missing getaddrinfo [57]
o curl_sspi: support more revocation error names in error messages [95]
o CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation [181]
o CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
[165]
o CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does [113]
o CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR
[45]
o CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
o docs/example/keepalive.c: show TCP keep-alive options [73]
o docs/example/localport.c: show off CURLOPT_LOCALPORT [83]
o docs/examples/interface.c: show CURLOPT_INTERFACE use [84]
o docs/libcurl: fix three minor man page format mistakes [26]
o docs/libcurl: SYNSOPSIS cleanup [150]
o docs: add supported version for the json write-out [92]
o docs: clarify that curl passes on input unfiltered [47]
o docs: fix function typo in curl_easy_option_next.3 [36]
o docs: KNOWN_BUGS cleanup
o docs: make all examples in all libcurl man pages compile [175]
o docs: preserve the modification date when copying the prebuilt man page [89]
o docs: remove bold from some man page SYNOPSIS sections [90]
o docs: use SOURCE_DATE_EPOCH for generated manpages [16]
o doh: provide better return code for responses w/o addresses [133]
o doh: use PIPEWAIT when HTTP/2 is attempted [63]
o duphandle: also free 'outcurl->cookies' in error path [122]
o duphandle: make
[OE-core] [dunfell][PATCH 2/2] binutils: Fix CVE-2023-25584
From: Lee Chee Yang
import patch from ubuntu to fix CVE-2023-25584
http://archive.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.34-6ubuntu1.7.debian.tar.xz
upstream patch :
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
Signed-off-by: Lee Chee Yang
---
.../binutils/binutils-2.34.inc| 1 +
.../binutils/binutils/CVE-2023-25584.patch| 530 ++
2 files changed, 531 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc
b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 371e8e9fa4..4824db6dcf 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -55,5 +55,6 @@ SRC_URI = "\
file://CVE-2022-38533.patch \
file://CVE-2023-25588.patch \
file://CVE-2021-46174.patch \
+ file://CVE-2023-25584.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
new file mode 100644
index 00..732ea43210
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
@@ -0,0 +1,530 @@
+CVE: CVE-2023-25584
+Upstream-Status: Backport [ import from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.34-6ubuntu1.7.debian.tar.xz
upstream
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
]
+Signed-off-by: Lee Chee Yang
+
+[Ubuntu note: this is backport of the original patch, no major changes just
+ fix this patch for this release]
+From 77c225bdeb410cf60da804879ad41622f5f1aa44 Mon Sep 17 00:00:00 2001
+From: Alan Modra
+Date: Mon, 12 Dec 2022 18:28:49 +1030
+Subject: [PATCH] Lack of bounds checking in vms-alpha.c parse_module
+
+ PR 29873
+ PR 29874
+ PR 29875
+ PR 29876
+ PR 29877
+ PR 29878
+ PR 29879
+ PR 29880
+ PR 29881
+ PR 29882
+ PR 29883
+ PR 29884
+ PR 29885
+ PR 29886
+ PR 29887
+ PR 29888
+ PR 29889
+ PR 29890
+ PR 29891
+ * vms-alpha.c (parse_module): Make length param bfd_size_type.
+ Delete length == -1 checks. Sanity check record_length.
+ Sanity check DST__K_MODBEG, DST__K_RTNBEG, DST__K_RTNEND lengths.
+ Sanity check DST__K_SOURCE and DST__K_LINE_NUM elements
+ before accessing.
+ (build_module_list): Pass dst_section size to parse_module.
+---
+ bfd/vms-alpha.c | 213 ++--
+ 1 file changed, 168 insertions(+), 45 deletions(-)
+
+--- binutils-2.34.orig/bfd/vms-alpha.c
binutils-2.34/bfd/vms-alpha.c
+@@ -4267,7 +4267,7 @@ new_module (bfd *abfd)
+
+ static void
+ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+-int length)
++bfd_size_type length)
+ {
+ unsigned char *maxptr = ptr + length;
+ unsigned char *src_ptr, *pcl_ptr;
+@@ -4284,7 +4284,7 @@ parse_module (bfd *abfd, struct module *
+ curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
+ module->line_table = curr_line;
+
+- while (length == -1 || ptr < maxptr)
++ while (ptr < maxptr)
+ {
+ /* The first byte is not counted in the recorded length. */
+ int rec_length = bfd_getl16 (ptr) + 1;
+@@ -4292,15 +4292,19 @@ parse_module (bfd *abfd, struct module *
+
+ vms_debug2 ((2, "DST record: leng %d, type %d\n", rec_length,
rec_type));
+
+- if (length == -1 && rec_type == DST__K_MODEND)
++ if (rec_length > maxptr - ptr)
++ break;
++ if (rec_type == DST__K_MODEND)
+ break;
+
+ switch (rec_type)
+ {
+ case DST__K_MODBEG:
++if (rec_length <= DST_S_B_MODBEG_NAME)
++ break;
+ module->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_MODBEG_NAME,
+- maxptr - (ptr +
DST_S_B_MODBEG_NAME));
++ rec_length - DST_S_B_MODBEG_NAME);
+
+ curr_pc = 0;
+ prev_pc = 0;
+@@ -4314,11 +4318,13 @@ parse_module (bfd *abfd, struct module *
+ break;
+
+ case DST__K_RTNBEG:
++if (rec_length <= DST_S_B_RTNBEG_NAME)
++ break;
+ funcinfo = (struct funcinfo *)
+ bfd_zalloc (abfd, sizeof (struct funcinfo));
+ funcinfo->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+- maxptr - (ptr +
DST_S_B_RTNBEG_NAME));
++ rec_length - DST_S_B_RTNBEG_NAME);
+ funcinfo->low = bfd_getl32 (ptr + DST_S_L_RTNBEG_ADDRESS);
+ funcinfo->next = module->func_table;
+
[OE-core] [dunfell][PATCH 1/2] perl: fix CVE-2023-31484/47038/47100
From: Lee Chee Yang
import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.30.0-9ubuntu0.5.debian.tar.xz
fix:
CVE-2023-31484
CVE-2023-47038
CVE-2023-47100
as per https://ubuntu.com/security/CVE-2023-47100 ,
CVE-2023-47100 is duplicate of CVE-2023-47038.
perl import entire CPAN in single commit,
hence backport fix from their upstream cpan instead.
Signed-off-by: Lee Chee Yang
---
.../perl/files/CVE-2023-31484.patch | 27
.../perl/files/CVE-2023-47038.patch | 121 ++
meta/recipes-devtools/perl/perl_5.30.1.bb | 2 +
3 files changed, 150 insertions(+)
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31484.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-47038.patch
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
new file mode 100644
index 00..0fea7bf8a8
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
@@ -0,0 +1,27 @@
+CVE: CVE-2023-31484
+Upstream-Status: Backport [ import from Ubuntu perl_5.30.0-9ubuntu0.5
+upstream
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 ]
+Signed-off-by: Lee Chee Yang
+
+From 9c98370287f4e709924aee7c58ef21c85289a7f0 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist
+Date: Tue, 28 Feb 2023 11:54:06 +0100
+Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
+ identity
+
+---
+ lib/CPAN/HTTP/Client.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+index 4fc792c26..a616fee20 100644
+--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+@@ -32,6 +32,7 @@ sub mirror {
+
+ my $want_proxy = $self->_want_proxy($uri);
+ my $http = HTTP::Tiny->new(
++verify_SSL => 1,
+ $want_proxy ? (proxy => $self->{proxy}) : ()
+ );
+
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-47038.patch
b/meta/recipes-devtools/perl/files/CVE-2023-47038.patch
new file mode 100644
index 00..59252c560c
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-47038.patch
@@ -0,0 +1,121 @@
+as per https://ubuntu.com/security/CVE-2023-47100 , CVE-2023-47100 is
duplicate of CVE-2023-47038
+CVE: CVE-2023-47038 CVE-2023-47100
+Upstream-Status: Backport [ import from ubuntu perl_5.30.0-9ubuntu0.5
+upstream
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 ]
+Signed-off-by: Lee Chee Yang
+
+Backport of:
+
+From 12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 Mon Sep 17 00:00:00 2001
+From: Karl Williamson
+Date: Sat, 9 Sep 2023 11:59:09 -0600
+Subject: [PATCH 1/2] Fix read/write past buffer end: perl-security#140
+
+A package name may be specified in a \p{...} regular expression
+construct. If unspecified, "utf8::" is assumed, which is the package
+all official Unicode properties are in. By specifying a different
+package, one can create a user-defined property with the same
+unqualified name as a Unicode one. Such a property is defined by a sub
+whose name begins with "Is" or "In", and if the sub wishes to refer to
+an official Unicode property, it must explicitly specify the "utf8::".
+S_parse_uniprop_string() is used to parse the interior of both \p{} and
+the user-defined sub lines.
+
+In S_parse_uniprop_string(), it parses the input "name" parameter,
+creating a modified copy, "lookup_name", malloc'ed with the same size as
+"name". The modifications are essentially to create a canonicalized
+version of the input, with such things as extraneous white-space
+stripped off. I found it convenient to strip off the package specifier
+"utf8::". To to so, the code simply pretends "lookup_name" begins just
+after the "utf8::", and adjusts various other values to compensate.
+However, it missed the adjustment of one required one.
+
+This is only a problem when the property name begins with "perl" and
+isn't "perlspace" nor "perlword". All such ones are undocumented
+internal properties.
+
+What happens in this case is that the input is reparsed with slightly
+different rules in effect as to what is legal versus illegal. The
+problem is that "lookup_name" no longer is pointing to its initial
+value, but "name" is. Thus the space allocated for filling "lookup_name"
+is now shorter than "name", and as this shortened "lookup_name" is
+filled by copying suitable portions of "name", the write can be to
+unallocated space.
+
+The solution is to skip the "utf8::" when reparsing "name". Then both
+"lookup_name" and "name" are effectively shortened by the same amount,
+and there is no going off the end.
+
+This commit also does wh
Re: [OE-core] [kirkstone][PATCH 1/2] python3-urllib3: update to v1.26.18
ping
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Lee Chee Yang
> Sent: Thursday, November 30, 2023 8:28 PM
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [kirkstone][PATCH 1/2] python3-urllib3: update to
> v1.26.18
>
> From: Tan Wen Yan
>
> https://github.com/urllib3/urllib3/releases/tag/1.26.18
>
> Major changes in python3-urllib3 1.26.18:
> - Made body stripped from HTTP requests changing the request method to
> GET after HTTP 303 "See Other" redirect responses. (CVE-2023-45803)
>
> ( cherry picked from commit
> 74da05b63634c248910594456dae286947f33da5 )
>
> Signed-off-by: Tan Wen Yan
> Signed-off-by: Steve Sakoman
> Signed-off-by: Lee Chee Yang
> ---
> .../{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-
> devtools/python/{python3-urllib3_1.26.17.bb => python3-
> urllib3_1.26.18.bb} (86%)
>
> diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
> b/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
> similarity index 86%
> rename from meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
> rename to meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
> index 57b166870aa..d384b5eb2f7 100644
> --- a/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
> +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
> @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
> LICENSE = "MIT"
> LIC_FILES_CHKSUM =
> "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
>
> -SRC_URI[sha256sum] =
> "24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82d
> f21"
> +SRC_URI[sha256sum] =
> "f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e3285
> 80a0"
>
> inherit pypi setuptools3
>
> --
> 2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192276):
https://lists.openembedded.org/g/openembedded-core/message/192276
Mute This Topic: https://lists.openembedded.org/mt/102892565/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 6/6] perf: lift TARGET_CC_ARCH modification out of security_flags.inc
From: Rasmus Villemoes
Building perf without security_flags.inc being included in one's
distro results in the buildpaths warning
WARNING: perf-1.0-r9 do_package_qa: QA Issue: File /usr/bin/trace in
package perf contains reference to TMPDIR
because the ${DEBUG_PREFIX_MAP} does not get used. Most recipes get
that from CFLAGS, but the perf recipe explicitly unsets that.
Now ${SELECTED_OPTIMIZATION} of course contains more than just
${DEBUG_FLAGS}/${DEBUG_PREFIX_MAP}. For most TUs, perf's build system
adds its own optimization flags (-O6 for odd reasons), so for those
including the -O2 or -Og doesn't change anything. But looking at the
.o.cmd files show that there are some TUs which currently get built
without any -O flag. So for those adding the distro's
SELECTED_OPTIMIZATION seem to be the right thing to do.
(cherry-picked from Oe-Core rev: aa01c9122ef4a2159df503ef6ed25e802277f13a)
Signed-off-by: Rasmus Villemoes
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
meta/conf/distro/include/security_flags.inc | 1 -
meta/recipes-kernel/perf/perf.bb| 9 +
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/meta/conf/distro/include/security_flags.inc
b/meta/conf/distro/include/security_flags.inc
index 2972f05b4e..d97a6edb0f 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -69,4 +69,3 @@ SECURITY_LDFLAGS:pn-xserver-xorg = "${SECURITY_X_LDFLAGS}"
TARGET_CC_ARCH:append:pn-binutils = " ${SELECTED_OPTIMIZATION}"
TARGET_CC_ARCH:append:pn-gcc = " ${SELECTED_OPTIMIZATION}"
TARGET_CC_ARCH:append:pn-gdb = " ${SELECTED_OPTIMIZATION}"
-TARGET_CC_ARCH:append:pn-perf = " ${SELECTED_OPTIMIZATION}"
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 675acfaf26..a392166e73 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -73,6 +73,15 @@ SPDX_S = "${S}/tools/perf"
# supported kernel.
LDFLAGS="-ldl -lutil"
+# Perf's build system adds its own optimization flags for most TUs,
+# overriding the flags included here. But for some, perf does not add
+# any -O option, so ensure the distro's chosen optimization gets used
+# for those. Since ${SELECTED_OPTIMIZATION} always includes
+# ${DEBUG_FLAGS} which in turn includes ${DEBUG_PREFIX_MAP}, this also
+# ensures perf is built with appropriate -f*-prefix-map options,
+# avoiding the 'buildpaths' QA warning.
+TARGET_CC_ARCH += "${SELECTED_OPTIMIZATION}"
+
EXTRA_OEMAKE = '\
V=1 \
VF=1 \
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192265):
https://lists.openembedded.org/g/openembedded-core/message/192265
Mute This Topic: https://lists.openembedded.org/mt/103144256/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 5/6] ghostscript: upgrade 10.02.0 -> 10.02.1
From: Wang Mingyu
upgrade include CVE-2023-46751.
(cherry pick from Oe-Core rev: 9492c2d51a08fbd4c107540a5a833b1a3fb70504 )
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
.../{ghostscript_10.02.0.bb => ghostscript_10.02.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/ghostscript/{ghostscript_10.02.0.bb =>
ghostscript_10.02.1.bb} (97%)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
similarity index 97%
rename from meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb
rename to meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
index 4bad0f86e1..18c296128a 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
@@ -28,7 +28,7 @@ SRC_URI =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
file://configure.ac-add-option-to-explicitly-disable-neon.patch \
"
-SRC_URI[sha256sum] =
"e54062f166708d84ca82de9f8304a04344466080f936118b88082bd55ed6dc97"
+SRC_URI[sha256sum] =
"e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"
PACKAGECONFIG ??= ""
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192264):
https://lists.openembedded.org/g/openembedded-core/message/192264
Mute This Topic: https://lists.openembedded.org/mt/103144254/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 4/6] perl: 5.38.0 -> 5.38.2
From: Lee Chee Yang
update include fix for CVE-2023-47100.
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} (99%)
diff --git a/meta/recipes-devtools/perl/perl_5.38.0.bb
b/meta/recipes-devtools/perl/perl_5.38.2.bb
similarity index 99%
rename from meta/recipes-devtools/perl/perl_5.38.0.bb
rename to meta/recipes-devtools/perl/perl_5.38.2.bb
index 639664e355..a9d684cfc5 100644
--- a/meta/recipes-devtools/perl/perl_5.38.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.38.2.bb
@@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \
file://encodefix.patch \
"
-SRC_URI[perl.sha256sum] =
"213ef58089d2f2c972ea353517dc60ec3656f050dcc027666e118b508423e517"
+SRC_URI[perl.sha256sum] =
"a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e"
B = "${WORKDIR}/perl-${PV}-build"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192263):
https://lists.openembedded.org/g/openembedded-core/message/192263
Mute This Topic: https://lists.openembedded.org/mt/103144253/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 2/6] grub: fix CVE-2023-4692 CVE-2023-4693
From: Lee Chee Yang
checkout CVE-2023-4692.patch from OE-Core rev:
c89835b37366dde6c74f8221fd5a295ecabf8225
checkout CVE-2023-4693.patch from OE-Core rev:
1a098dba85ec1b875512d75f7eca9026e781
Signed-off-by: Lee Chee Yang
---
.../grub/files/CVE-2023-4692.patch| 97 +++
.../grub/files/CVE-2023-4693.patch| 62
meta/recipes-bsp/grub/grub2.inc | 2 +
3 files changed, 161 insertions(+)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch
diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
new file mode 100644
index 00..4780e35b7a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
@@ -0,0 +1,97 @@
+From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov
+Date: Thu, 16 Nov 2023 07:21:50 +
+Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST
+ attribute for the $MFT file
+
+When parsing an extremely fragmented $MFT file, i.e., the file described
+using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
+containing bytes read from the underlying drive to store sector numbers,
+which are consumed later to read data from these sectors into another buffer.
+
+These sectors numbers, two 32-bit integers, are always stored at predefined
+offsets, 0x10 and 0x14, relative to first byte of the selected entry within
+the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
+
+However, when parsing a specially-crafted file system image, this may cause
+the NTFS code to write these integers beyond the buffer boundary, likely
+causing the GRUB memory allocator to misbehave or fail. These integers contain
+values which are controlled by on-disk structures of the NTFS file system.
+
+Such modification and resulting misbehavior may touch a memory range not
+assigned to the GRUB and owned by firmware or another EFI application/driver.
+
+This fix introduces checks to ensure that these sector numbers are never
+written beyond the boundary.
+
+Fixes: CVE-2023-4692
+
+Reported-by: Maxim Suhanov
+Signed-off-by: Maxim Suhanov
+Reviewed-by: Daniel Kiper
+
+CVE: CVE-2023-4692
+Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
+
+Signed-off-by: Yogita Urade
+---
+ grub-core/fs/ntfs.c | 18 +-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index 2f34f76..6009e49 100644
+--- a/grub-core/fs/ntfs.c
b/grub-core/fs/ntfs.c
+@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ }
+ if (at->attr_end)
+ {
+- grub_uint8_t *pa;
++ grub_uint8_t *pa, *pa_end;
+
+ at->emft_buf = grub_malloc (at->mft->data->mft_size <<
GRUB_NTFS_BLK_SHR);
+ if (at->emft_buf == NULL)
+@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ }
+ at->attr_nxt = at->edat_buf;
+ at->attr_end = at->edat_buf + u32at (pa, 0x30);
++pa_end = at->edat_buf + n;
+ }
+ else
+ {
+ at->attr_nxt = at->attr_end + u16at (pa, 0x14);
+ at->attr_end = at->attr_end + u32at (pa, 4);
++pa_end = at->mft->buf + (at->mft->data->mft_size <<
GRUB_NTFS_BLK_SHR);
+ }
+ at->flags |= GRUB_NTFS_AF_ALST;
+ while (at->attr_nxt < at->attr_end)
+@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ at->flags |= GRUB_NTFS_AF_GPOS;
+ at->attr_cur = at->attr_nxt;
+ pa = at->attr_cur;
++
++if ((pa >= pa_end) || (pa_end - pa < 0x18))
++ {
++grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++return NULL;
++ }
++
+ grub_set_unaligned32 ((char *) pa + 0x10,
+ grub_cpu_to_le32 (at->mft->data->mft_start));
+ grub_set_unaligned32 ((char *) pa + 0x14,
+@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ {
+ if (*pa != attr)
+ break;
++
++ if ((pa >= pa_end) || (pa_end - pa < 0x18))
++{
++grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++return NULL;
++ }
++
+ if (read_attr
+ (at, pa + 0x10,
+ u32at (pa, 0x10) * (at->mft->data->mft_size <<
GRUB_NTFS_BLK_SHR),
+--
+2.40.0
diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
new file mode 100644
index 00..1b6013d86d
--- /dev/null
+++ b/meta/
[OE-core] [nanbield][patch 3/6] perlcross: update to 1.5.2
From: Lee Chee Yang
remove upstreamed
0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
Signed-off-by: Lee Chee Yang
---
...mt.sh-add-32-bit-integer-format-defi.patch | 28 ---
.../{perlcross_1.5.bb => perlcross_1.5.2.bb} | 3 +-
2 files changed, 1 insertion(+), 30 deletions(-)
delete mode 100644
meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
rename meta/recipes-devtools/perl-cross/{perlcross_1.5.bb =>
perlcross_1.5.2.bb} (86%)
diff --git
a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
b/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
deleted file mode 100644
index 4de4a5b955..00
---
a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 920abf3dc39c851a655b719622c76a6f0dc9981d Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin
-Date: Tue, 5 Sep 2023 19:47:33 +0200
-Subject: [PATCH] cnf/configure_pfmt.sh: add 32 bit integer format definitions
-
-These started to matter in perl 5.38 where they are used to print
-line numbers.
-
-Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/143]
-Signed-off-by: Alexander Kanavin
- cnf/configure_pfmt.sh | 6 ++
- 1 file changed, 6 insertions(+)
-
-diff --git a/cnf/configure_pfmt.sh b/cnf/configure_pfmt.sh
-index 8f93da1..7bb4b6f 100644
a/cnf/configure_pfmt.sh
-+++ b/cnf/configure_pfmt.sh
-@@ -52,3 +52,9 @@ else
- define uvxformat '"lx"'
- define uvXUformat '"lX"'
- fi
-+
-+define i32dformat 'PRId32'
-+define u32uformat 'PRIu32'
-+define u32oformat 'PRIo32'
-+define u32xformat 'PRIx32'
-+define u32XUformat 'PRIX32'
diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
similarity index 86%
rename from meta/recipes-devtools/perl-cross/perlcross_1.5.bb
rename to meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
index 7ca4977b97..b41c182fad 100644
--- a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
+++ b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
@@ -15,11 +15,10 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c
file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
file://determinism.patch \
file://0001-Makefile-check-the-file-if-patched-or-not.patch \
-
file://0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch \
"
GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/;
-SRC_URI[perl-cross.sha256sum] =
"d744a390939e2ebb9a12f6725b4d9c19255a141d90031eff90ea183fdfcbf211"
+SRC_URI[perl-cross.sha256sum] =
"584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90"
S = "${WORKDIR}/perl-cross-${PV}"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192262):
https://lists.openembedded.org/g/openembedded-core/message/192262
Mute This Topic: https://lists.openembedded.org/mt/103144251/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][patch 1/6] avahi: add CVE-2023-38473.patch to SRC_URL
From: Lee Chee Yang
patch file added since Oe-Core rev a9203c46cd64c3ec5e5b00e381bbac85733f85df but
not part of SRC_URI.
Signed-off-by: Lee Chee Yang
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb
b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index aa395beaf9..bfd945c7ae 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -34,6 +34,7 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
file://CVE-2023-38471-1.patch \
file://CVE-2023-38471-2.patch \
file://CVE-2023-38472.patch \
+ file://CVE-2023-38473.patch \
"
GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/;
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192260):
https://lists.openembedded.org/g/openembedded-core/message/192260
Mute This Topic: https://lists.openembedded.org/mt/103144248/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] perlcross: update to 1.5.2
From: Lee Chee Yang
remove upstreamed
0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
Signed-off-by: Lee Chee Yang
---
...mt.sh-add-32-bit-integer-format-defi.patch | 28 ---
.../{perlcross_1.5.bb => perlcross_1.5.2.bb} | 3 +-
2 files changed, 1 insertion(+), 30 deletions(-)
delete mode 100644
meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
rename meta/recipes-devtools/perl-cross/{perlcross_1.5.bb =>
perlcross_1.5.2.bb} (86%)
diff --git
a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
b/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
deleted file mode 100644
index 4de4a5b955..00
---
a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 920abf3dc39c851a655b719622c76a6f0dc9981d Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin
-Date: Tue, 5 Sep 2023 19:47:33 +0200
-Subject: [PATCH] cnf/configure_pfmt.sh: add 32 bit integer format definitions
-
-These started to matter in perl 5.38 where they are used to print
-line numbers.
-
-Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/143]
-Signed-off-by: Alexander Kanavin
- cnf/configure_pfmt.sh | 6 ++
- 1 file changed, 6 insertions(+)
-
-diff --git a/cnf/configure_pfmt.sh b/cnf/configure_pfmt.sh
-index 8f93da1..7bb4b6f 100644
a/cnf/configure_pfmt.sh
-+++ b/cnf/configure_pfmt.sh
-@@ -52,3 +52,9 @@ else
- define uvxformat '"lx"'
- define uvXUformat '"lX"'
- fi
-+
-+define i32dformat 'PRId32'
-+define u32uformat 'PRIu32'
-+define u32oformat 'PRIo32'
-+define u32xformat 'PRIx32'
-+define u32XUformat 'PRIX32'
diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
similarity index 86%
rename from meta/recipes-devtools/perl-cross/perlcross_1.5.bb
rename to meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
index 7ca4977b97..b41c182fad 100644
--- a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
+++ b/meta/recipes-devtools/perl-cross/perlcross_1.5.2.bb
@@ -15,11 +15,10 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c
file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
file://determinism.patch \
file://0001-Makefile-check-the-file-if-patched-or-not.patch \
-
file://0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch \
"
GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/;
-SRC_URI[perl-cross.sha256sum] =
"d744a390939e2ebb9a12f6725b4d9c19255a141d90031eff90ea183fdfcbf211"
+SRC_URI[perl-cross.sha256sum] =
"584dc54c48dca25e032b676a15bef377c1fed9de318b4fc140292a5dbf326e90"
S = "${WORKDIR}/perl-cross-${PV}"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192256):
https://lists.openembedded.org/g/openembedded-core/message/192256
Mute This Topic: https://lists.openembedded.org/mt/103142432/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] perl: 5.38.0 -> 5.38.2
From: Lee Chee Yang
update include fix for CVE-2023-47100.
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/perl/{perl_5.38.0.bb => perl_5.38.2.bb} (99%)
diff --git a/meta/recipes-devtools/perl/perl_5.38.0.bb
b/meta/recipes-devtools/perl/perl_5.38.2.bb
similarity index 99%
rename from meta/recipes-devtools/perl/perl_5.38.0.bb
rename to meta/recipes-devtools/perl/perl_5.38.2.bb
index 639664e355..a9d684cfc5 100644
--- a/meta/recipes-devtools/perl/perl_5.38.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.38.2.bb
@@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \
file://encodefix.patch \
"
-SRC_URI[perl.sha256sum] =
"213ef58089d2f2c972ea353517dc60ec3656f050dcc027666e118b508423e517"
+SRC_URI[perl.sha256sum] =
"a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e"
B = "${WORKDIR}/perl-${PV}-build"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192257):
https://lists.openembedded.org/g/openembedded-core/message/192257
Mute This Topic: https://lists.openembedded.org/mt/103142433/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 2/2] qemu: ignore CVE-2021-20295 CVE-2023-2680
From: Lee Chee Yang Ignore RHEL specific CVE-2021-20295 CVE-2023-2680. Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/qemu/qemu.inc | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index a24915c35c..9dd90e8789 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -166,6 +166,13 @@ CVE_CHECK_WHITELIST += "CVE-2020-27661" # this bug related to windows specific. CVE_CHECK_WHITELIST += "CVE-2023-0664" +# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +# RHEL specific issue +CVE_CHECK_WHITELIST += "CVE-2023-2680" + +# Affected only `qemu-kvm` shipped with Red Hat Enterprise Linux 8.3 release. +CVE_CHECK_WHITELIST += "CVE-2021-20295" + COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" -- 2.37.3 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191774): https://lists.openembedded.org/g/openembedded-core/message/191774 Mute This Topic: https://lists.openembedded.org/mt/102985180/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 1/2] epiphany: fix CVE-2022-29536
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../recipes-gnome/epiphany/epiphany_3.34.4.bb | 1 +
.../epiphany/files/CVE-2022-29536.patch | 46 +++
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
diff --git a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
index e2afb29c12..f43bfd6a67 100644
--- a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
@@ -16,6 +16,7 @@ REQUIRED_DISTRO_FEATURES = "x11 opengl"
SRC_URI =
"${GNOME_MIRROR}/${GNOMEBN}/${@gnome_verdir("${PV}")}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive
\
file://0002-help-meson.build-disable-the-use-of-yelp.patch \
+ file://CVE-2022-29536.patch \
"
SRC_URI[archive.md5sum] = "a559f164bb7d6cbeceb348648076830b"
SRC_URI[archive.sha256sum] =
"60e190fc07ec7e33472e60c7e633e04004f7e277a0ffc5e9cd413706881e598d"
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
new file mode 100644
index 00..7b8adeafcc
--- /dev/null
+++ b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
@@ -0,0 +1,46 @@
+VE: CVE-2022-29536
+Upstream-Status: Backport [
https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525
]
+Signed-off-by: Lee Chee Yang
+
+From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro
+Date: Fri, 15 Apr 2022 18:09:46 -0500
+Subject: [PATCH] Fix memory corruption in ephy_string_shorten()
+
+This fixes a regression that I introduced in
232c613472b38ff0d0d97338f366024ddb9cd228.
+
+I got my browser stuck in a crash loop today while visiting a website
+with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
+condition in which ephy_string_shorten() is ever used. Turns out this
+commit is wrong: an ellipses is a multibyte character (three bytes in
+UTF-8) and so we're writing past the end of the buffer when calling
+strcat() here. Ooops.
+
+Shame it took nearly four years to notice and correct this.
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106>
+---
+ lib/ephy-string.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ephy-string.c b/lib/ephy-string.c
+index 35a148ab32..8e524d52ca 100644
+--- a/lib/ephy-string.c
b/lib/ephy-string.c
+@@ -114,11 +114,10 @@ ephy_string_shorten (char *str,
+ /* create string */
+ bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1)
- str);
+
+- /* +1 for ellipsis, +1 for trailing NUL */
+- new_str = g_new (gchar, bytes + 1 + 1);
++ new_str = g_new (gchar, bytes + strlen ("…") + 1);
+
+ strncpy (new_str, str, bytes);
+- strcat (new_str, "…");
++ strncpy (new_str + bytes, "…", strlen ("…") + 1);
+
+ g_free (str);
+
+--
+GitLab
+
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191773):
https://lists.openembedded.org/g/openembedded-core/message/191773
Mute This Topic: https://lists.openembedded.org/mt/102985179/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 1/2] python3-urllib3: update to v1.26.18
From: Tan Wen Yan
https://github.com/urllib3/urllib3/releases/tag/1.26.18
Major changes in python3-urllib3 1.26.18:
- Made body stripped from HTTP requests changing the request method to GET
after HTTP 303 "See Other" redirect responses. (CVE-2023-45803)
( cherry picked from commit 74da05b63634c248910594456dae286947f33da5 )
Signed-off-by: Tan Wen Yan
Signed-off-by: Steve Sakoman
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.17.bb =>
python3-urllib3_1.26.18.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
index 57b166870aa..d384b5eb2f7 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"
+SRC_URI[sha256sum] =
"f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191506):
https://lists.openembedded.org/g/openembedded-core/message/191506
Mute This Topic: https://lists.openembedded.org/mt/102892565/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 2/2] xwayland: fix CVE-2023-5367
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../xwayland/xwayland/CVE-2023-5367.patch | 85 +++
.../xwayland/xwayland_22.1.8.bb | 4 +-
2 files changed, 88 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
new file mode 100644
index 000..d4da1ecb4b2
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
@@ -0,0 +1,85 @@
+CVE: CVE-2023-5367
+Upstream-Status: Backport [
https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
]
+Signed-off-by: Lee Chee Yang
+
+
+From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Tue, 3 Oct 2023 11:53:05 +1000
+Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
+
+The handling of appending/prepending properties was incorrect, with at
+least two bugs: the property length was set to the length of the new
+part only, i.e. appending or prepending N elements to a property with P
+existing elements always resulted in the property having N elements
+instead of N + P.
+
+Second, when pre-pending a value to a property, the offset for the old
+values was incorrect, leaving the new property with potentially
+uninitalized values and/or resulting in OOB memory writes.
+For example, prepending a 3 element value to a 5 element property would
+result in this 8 value array:
+ [N, N, N, ?, ?, P, P, P ] P, P
+^OOB write
+
+The XI2 code is a copy/paste of the RandR code, so the bug exists in
+both.
+
+CVE-2023-5367, ZDI-CAN-22153
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer
+---
+ Xi/xiproperty.c| 4 ++--
+ randr/rrproperty.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
+index 066ba21fba..d315f04d0e 100644
+--- a/Xi/xiproperty.c
b/Xi/xiproperty.c
+@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property,
Atom type,
+ XIDestroyDeviceProperty(prop);
+ return BadAlloc;
+ }
+-new_value.size = len;
++new_value.size = total_len;
+ new_value.type = type;
+ new_value.format = format;
+
+@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property,
Atom type,
+ case PropModePrepend:
+ new_data = new_value.data;
+ old_data = (void *) (((char *) new_value.data) +
+- (prop_value->size * size_in_bytes));
++ (len * size_in_bytes));
+ break;
+ }
+ if (new_data)
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index c2fb9585c6..25469f57b2 100644
+--- a/randr/rrproperty.c
b/randr/rrproperty.c
+@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property,
Atom type,
+ RRDestroyOutputProperty(prop);
+ return BadAlloc;
+ }
+-new_value.size = len;
++new_value.size = total_len;
+ new_value.type = type;
+ new_value.format = format;
+
+@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property,
Atom type,
+ case PropModePrepend:
+ new_data = new_value.data;
+ old_data = (void *) (((char *) new_value.data) +
+- (prop_value->size * size_in_bytes));
++ (len * size_in_bytes));
+ break;
+ }
+ if (new_data)
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
index 6919ba421b4..94797be8e05 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
@@ -9,7 +9,9 @@ HOMEPAGE =
"https://fedoraproject.org/wiki/Changes/XwaylandStandalone;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
-SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz;
+SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
+ file://CVE-2023-5367.patch \
+"
SRC_URI[sha256sum] =
"d1173290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191507):
https://lists.openembedded.org/g/openembedded-core/message/191507
Mute This Topic: https://lists.openembedded.org/mt/102892566/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscrib
[OE-core] [nanbield][PATCH 3/3] xwayland: upgrade to 23.2.2
From: Ross Burton
e4487cae1 Bump version to 23.2.2
1e8478455 Xi/randr: fix handling of PropModeAppend/Prepend (CVE-2023-5367)
829a99117 Switch to libbsd-overlay
4f8a851b6 xwayland: Cancel the EI disconnect timer when freed
cc79b2a83 glamor: xv: Fix invalid accessing of plane attributes for NV12
07c18c90e xwayland: Give up on EI on setup failure
10353a01a xwayland: Add an option to enable EI portal support
4f8e209d2 xwayland/glamor/gbm: Set GBM_BO_USE_LINEAR if only LINEAR modifier is
supported
c9a842e60 xwayland/present: Handle NULL window_priv in xwl_present_cleanup
2bd43be92 glamor: fixes GL_INVALID_ENUM errors on ES if there is no quads
( cherry-pick from commit 7d0fc94d09db76d4c4d6ca9d2da1b30768f68c9e )
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../xwayland/{xwayland_23.2.1.bb => xwayland_23.2.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xwayland/{xwayland_23.2.1.bb =>
xwayland_23.2.2.bb} (95%)
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb
b/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_23.2.1.bb
rename to meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
index e97a921a96..9feac147db 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.1.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz;
-SRC_URI[sha256sum] =
"eebc2692c3aa80617d78428bc6ec7b91b254a98214d2a70e997098503cd6ef90"
+SRC_URI[sha256sum] =
"9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8"
UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191488):
https://lists.openembedded.org/g/openembedded-core/message/191488
Mute This Topic: https://lists.openembedded.org/mt/102890881/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH 2/3] qemu: Upgrade 8.1.0 -> 8.1.2
From: Richard Purdie
Drop three backport patches as they're applied upstream.
( cherry-pick from commit 7480ff9064a74858e83e0ae275dbdb78dd6fc2a4 )
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
...u-native_8.1.0.bb => qemu-native_8.1.2.bb} | 0
...e_8.1.0.bb => qemu-system-native_8.1.2.bb} | 0
meta/recipes-devtools/qemu/qemu.inc | 5 +-
...t-data-in-bounds-in-iotlb_to_section.patch | 42 -
...u-Use-async_run_on_cpu-in-tcg_commit.patch | 157 --
.../qemu/qemu/CVE-2023-42467.patch| 49 --
.../qemu/{qemu_8.1.0.bb => qemu_8.1.2.bb} | 0
7 files changed, 1 insertion(+), 252 deletions(-)
rename meta/recipes-devtools/qemu/{qemu-native_8.1.0.bb =>
qemu-native_8.1.2.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_8.1.0.bb =>
qemu-system-native_8.1.2.bb} (100%)
delete mode 100644
meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch
delete mode 100644
meta/recipes-devtools/qemu/qemu/0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-42467.patch
rename meta/recipes-devtools/qemu/{qemu_8.1.0.bb => qemu_8.1.2.bb} (100%)
diff --git a/meta/recipes-devtools/qemu/qemu-native_8.1.0.bb
b/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_8.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-native_8.1.2.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.1.0.bb
b/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-system-native_8.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 78c495516f..5ab2cb83b4 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -29,18 +29,15 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \
file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \
file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \
- file://0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch
\
- file://0001-softmmu-Use-async_run_on_cpu-in-tcg_commit.patch \
file://fixedmeson.patch \
file://fixmips.patch \
file://qemu-guest-agent.init \
file://qemu-guest-agent.udev \
- file://CVE-2023-42467.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
-SRC_URI[sha256sum] =
"710c101198e334d4762eef65f649bc43fa8a5dd75303554b8acfec3eb25f0e55"
+SRC_URI[sha256sum] =
"541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087"
SRC_URI:append:class-target = " file://cross.patch"
SRC_URI:append:class-nativesdk = " file://cross.patch"
diff --git
a/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch
b/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch
deleted file mode 100644
index 7380e16ab3..00
---
a/meta/recipes-devtools/qemu/qemu/0001-softmmu-Assert-data-in-bounds-in-iotlb_to_section.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc Mon Sep 17 00:00:00 2001
-From: Richard Henderson
-Date: Fri, 25 Aug 2023 14:06:58 -0700
-Subject: [PATCH] softmmu: Assert data in bounds in iotlb_to_section
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Acked-by: Alex Bennée
-Suggested-by: Alex Bennée
-Signed-off-by: Richard Henderson
-
-Upstream-Status: Backport
[https://gitlab.com/qemu-project/qemu/-/commit/86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc]
- softmmu/physmem.c | 10 --
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/softmmu/physmem.c b/softmmu/physmem.c
-index 3df73542e1..7597dc1c39 100644
a/softmmu/physmem.c
-+++ b/softmmu/physmem.c
-@@ -2413,9 +2413,15 @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu,
- int asidx = cpu_asidx_from_attrs(cpu, attrs);
- CPUAddressSpace *cpuas = >cpu_ases[asidx];
- AddressSpaceDispatch *d = qatomic_rcu_read(>memory_dispatch);
--MemoryRegionSection *sections = d->map.sections;
-+int section_index = index & ~TARGET_PAGE_MASK;
-+MemoryRegionSection *ret;
-+
-+assert(section_index < d->map.sections_nb);
-+ret = d->map.sections + section_index;
-+assert(ret->mr);
-+assert(ret->mr->ops);
-
--return [index & ~TARGET_PAGE_MASK];
-+return ret;
- }
-
- static void io_mem_init(void)
---
-2.34.1
-
diff --git
a/meta/recipes-devtools/qemu/qemu/0001-softm
[OE-core] [nanbield][PATCH 1/3] python3-urllib3: Upgrade to 2.0.7
From: Khem Raj
Addresses CVE-2023-45803 [1]
[1]
https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
( cherry-pick from commit befec4d3591bb0dce0e256cf338eb541b2a56b98 )
Signed-off-by: Khem Raj
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_2.0.6.bb => python3-urllib3_2.0.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_2.0.6.bb =>
python3-urllib3_2.0.7.bb} (87%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb
b/meta/recipes-devtools/python/python3-urllib3_2.0.7.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-urllib3_2.0.6.bb
rename to meta/recipes-devtools/python/python3-urllib3_2.0.7.bb
index cd2a9dd4ef..c286838086 100644
--- a/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_2.0.7.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
-SRC_URI[sha256sum] =
"b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564"
+SRC_URI[sha256sum] =
"c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84"
inherit pypi python_hatchling
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191486):
https://lists.openembedded.org/g/openembedded-core/message/191486
Mute This Topic: https://lists.openembedded.org/mt/102890879/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] openssl: upgrade to 3.2.0
From: Lee Chee Yang
upgrade include fix for CVE-2023-5678.
Changes in 3.2.0
https://www.openssl.org/news/cl32.txt
drop upstreamed 0001-Link-libatomic-on-riscv32.patch.
drop fix_random_labels.patch as fixed by
https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf
Signed-off-by: Lee Chee Yang
---
.../0001-Link-libatomic-on-riscv32.patch | 35 ---
.../openssl/openssl/fix_random_labels.patch | 22
.../{openssl_3.1.4.bb => openssl_3.2.0.bb}| 4 +--
3 files changed, 1 insertion(+), 60 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch
delete mode 100644
meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
rename meta/recipes-connectivity/openssl/{openssl_3.1.4.bb =>
openssl_3.2.0.bb} (98%)
diff --git
a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch
b/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch
deleted file mode 100644
index 2c54d8f685..00
---
a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 73266b8573c71e6720453c4c5a9e6e8fa4daec65 Mon Sep 17 00:00:00 2001
-From: Khem Raj
-Date: Sat, 21 Oct 2023 13:03:52 -0700
-Subject: [PATCH] Link libatomic on riscv32
-
-GCC toolchains on linux are not able to build libcrypto without linking
-to libatomic as it does not have all needed atomics implemented as
-intrinsics
-
-Fixes errors like
-
-| ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free'
-
-Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22460]
-Signed-off-by: Khem Raj
- Configurations/10-main.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
-index 46094f59c2..d1a15a1152 100644
a/Configurations/10-main.conf
-+++ b/Configurations/10-main.conf
-@@ -816,7 +816,7 @@ my %targets = (
- },
-
- "linux32-riscv32" => {
--inherit_from => [ "linux-generic32"],
-+inherit_from => [ "linux-latomic" ],
- perlasm_scheme => "linux32",
- asm_arch => 'riscv32',
- },
---
-2.42.0
-
diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
deleted file mode 100644
index 78dcd81685..00
--- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-The perl script adds random suffixes to the local function names to ensure
-it doesn't clash with other parts of openssl. Set the random number seed
-to something predictable so the assembler files are generated consistently
-and our own reproducible builds tests pass.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Purdie
-
-Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-===
openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
-+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable= (16 * 6);
- # ;;; Helper functions
- # ;
-
-+# Ensure the local labels are reproduicble
-+srand(1);
-+
- # ; Generates "random" local labels
- sub random_string() {
- my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.1.4.bb
rename to meta/recipes-connectivity/openssl/openssl_3.2.0.bb
index c6c70a1213..ab0562bd73 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -11,8 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz
\
file://run-ptest \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://fix_random_labels.patch \
- file://0001-Link-libatomic-on-riscv32.patch \
file://0001-Added-handshake-history-reporting-when-test-fails.patch
\
"
@@ -20,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] =
"840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
+SRC_URI[sha256sum] =
"14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e"
inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this grou
[OE-core] [dunfell][PATCH] curl: fix CVE-2023-28321 CVE-2023-28322
From: Lee Chee Yang
import patch from ubuntu curl_7.68.0-1ubuntu2.20.
minor change to CVE-2023-28321.patch tests/data/test1397 part
so the patch can be apply.
Signed-off-by: Lee Chee Yang
---
.../curl/curl/CVE-2023-28321.patch| 272 +
.../curl/curl/CVE-2023-28322.patch| 380 ++
meta/recipes-support/curl/curl_7.69.1.bb | 2 +
3 files changed, 654 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28321.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28322.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28321.patch
b/meta/recipes-support/curl/curl/CVE-2023-28321.patch
new file mode 100644
index 00..da1d1fdcd6
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28321.patch
@@ -0,0 +1,272 @@
+Upstream-Status: Backport [import from ubuntu curl_7.68.0-1ubuntu2.20 with
+minor change to tests/data/test1397 part so the patch can be apply.
+upstream: https://github.com/curl/curl/commit/199f2d440d8659b42 ]
+CVE: CVE-2023-28321
+Signed-off-by: Lee Chee Yang
+
+This backport was obtained from SUSE.
+
+From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Mon, 24 Apr 2023 21:07:02 +0200
+Subject: [PATCH] hostcheck: fix host name wildcard checking
+
+The leftmost "label" of the host name can now only match against single
+'*'. Like the browsers have worked for a long time.
+
+- extended unit test 1397 for this
+- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
+
+Reported-by: Hiroki Kurosawa
+Closes #11018
+---
+ lib/hostcheck.c | 50 +++
+ tests/data/test1397 | 10 ++-
+ tests/unit/Makefile.am | 94
+ tests/unit/Makefile.inc | 94
+ tests/unit/unit1397.c | 134
+ 5 files changed, 202 insertions(+), 180 deletions(-)
+
+--- a/lib/hostcheck.c
b/lib/hostcheck.c
+@@ -58,15 +58,19 @@
+ * apparent distinction between a name and an IP. We need to detect the use of
+ * an IP address and not wildcard match on such names.
+ *
++ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor
++ * "*b".
++ *
++ * @unittest: 1397
++ *
+ * NOTE: hostmatch() gets called with copied buffers so that it can modify the
+ * contents at will.
+ */
+
+ static int hostmatch(char *hostname, char *pattern)
+ {
+- const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
+- int wildcard_enabled;
+- size_t prefixlen, suffixlen;
++ const char *pattern_label_end, *hostname_label_end;
++ size_t suffixlen;
+ struct in_addr ignored;
+ #ifdef ENABLE_IPV6
+ struct sockaddr_in6 si6;
+@@ -80,13 +84,12 @@ static int hostmatch(char *hostname, cha
+ if(pattern[len-1]=='.')
+ pattern[len-1] = 0;
+
+- pattern_wildcard = strchr(pattern, '*');
+- if(pattern_wildcard == NULL)
++ if(strncmp(pattern, "*.", 2))
+ return strcasecompare(pattern, hostname) ?
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+
+ /* detect IP address as hostname and fail the match if so */
+- if(Curl_inet_pton(AF_INET, hostname, ) > 0)
++ else if(Curl_inet_pton(AF_INET, hostname, ) > 0)
+ return CURL_HOST_NOMATCH;
+ #ifdef ENABLE_IPV6
+ if(Curl_inet_pton(AF_INET6, hostname, _addr) > 0)
+@@ -95,14 +98,9 @@ static int hostmatch(char *hostname, cha
+
+ /* We require at least 2 dots in pattern to avoid too wide wildcard
+ match. */
+- wildcard_enabled = 1;
+ pattern_label_end = strchr(pattern, '.');
+- if(pattern_label_end == NULL || strchr(pattern_label_end + 1, '.') == NULL
||
+- pattern_wildcard > pattern_label_end ||
+- strncasecompare(pattern, "xn--", 4)) {
+-wildcard_enabled = 0;
+- }
+- if(!wildcard_enabled)
++ if(pattern_label_end == NULL ||
++ strchr(pattern_label_end + 1, '.') == NULL)
+ return strcasecompare(pattern, hostname) ?
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+
+@@ -117,11 +115,9 @@ static int hostmatch(char *hostname, cha
+ if(hostname_label_end - hostname < pattern_label_end - pattern)
+ return CURL_HOST_NOMATCH;
+
+- prefixlen = pattern_wildcard - pattern;
+- suffixlen = pattern_label_end - (pattern_wildcard + 1);
+- return strncasecompare(pattern, hostname, prefixlen) &&
+-strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen,
+-suffixlen) ?
++ suffixlen = pattern_label_end - (pattern + 1);
++ return strncasecompare(pattern + 1, hostname_label_end - suffixlen,
++ suffixlen) ?
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+ }
+
+--- a/tests/data/test1397
b/tests/data/test1397
+@@ -2,8 +2,7 @@
+
+
+ unittest
+-ssl
+-wildcard
++Curl_cert_hostcheck
+
+
+
+@@ -16,9 +15,8 @@ none
+
+ unittest
+
+-
+-Check wildcard certificate matching function Curl_cert_hostcheck
[OE-core] [PATCH] wic: add test for partition hidden attributes
From: Lee Chee Yang
Add test for the --hidden argument introduced in Oe-Core
rev 7a111ff58d7390b79e2e63c8059f6c25f40f8977.
Signed-off-by: Lee Chee Yang
---
meta/lib/oeqa/selftest/cases/wic.py | 24
1 file changed, 24 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/wic.py
b/meta/lib/oeqa/selftest/cases/wic.py
index b4866bcb32..ab248c5898 100644
--- a/meta/lib/oeqa/selftest/cases/wic.py
+++ b/meta/lib/oeqa/selftest/cases/wic.py
@@ -748,6 +748,30 @@ part /etc --source rootfs --fstype=ext4
--change-directory=etc
os.remove(wks_file)
+def test_partition_hidden_attributes(self):
+"""Test --hidden wks option."""
+wks_file = 'temp.wks'
+sysroot = get_bb_var('RECIPE_SYSROOT_NATIVE', 'wic-tools')
+try:
+with open(wks_file, 'w') as wks:
+wks.write("""
+part / --source rootfs --fstype=ext4
+part / --source rootfs --fstype=ext4 --hidden
+bootloader --ptable gpt""")
+
+runCmd("wic create %s -e core-image-minimal -o %s" \
+ % (wks_file, self.resultdir))
+wicout = os.path.join(self.resultdir, "*.direct")
+
+result = runCmd("%s/usr/sbin/sfdisk --part-attrs %s 1" % (sysroot,
wicout))
+self.assertEqual('', result.output)
+result = runCmd("%s/usr/sbin/sfdisk --part-attrs %s 2" % (sysroot,
wicout))
+self.assertEqual('RequiredPartition', result.output)
+
+finally:
+os.remove(wks_file)
+
+
class Wic2(WicTestCase):
def test_bmap_short(self):
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191054):
https://lists.openembedded.org/g/openembedded-core/message/191054
Mute This Topic: https://lists.openembedded.org/mt/102746380/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 2/2] python3-setuptools: fix CVE-2022-40897
From: Lee Chee Yang
import patch from ubuntu setuptools_45.2.0-1ubuntu0.1 .
Signed-off-by: Lee Chee Yang
---
.../python/python-setuptools.inc | 2 ++
.../python3-setuptools/CVE-2022-40897.patch | 29 +++
2 files changed, 31 insertions(+)
create mode 100644
meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
diff --git a/meta/recipes-devtools/python/python-setuptools.inc
b/meta/recipes-devtools/python/python-setuptools.inc
index 29be852f66..5faf62bc3a 100644
--- a/meta/recipes-devtools/python/python-setuptools.inc
+++ b/meta/recipes-devtools/python/python-setuptools.inc
@@ -8,6 +8,8 @@ PYPI_PACKAGE_EXT = "zip"
inherit pypi
+SRC_URI += " file://CVE-2022-40897.patch "
+
SRC_URI_append_class-native = "
file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
SRC_URI[md5sum] = "0c956eea142af9c2b02d72e3c042af30"
diff --git
a/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
new file mode 100644
index 00..9150cea07e
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch
@@ -0,0 +1,29 @@
+From 43a9c9bfa6aa626ec2a22540bea28d2ca77964be Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs"
+Date: Fri, 4 Nov 2022 13:47:53 -0400
+Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
+ #3659.
+
+CVE: CVE-2022-40897
+Upstream-Status: Backport [
+Upstream :
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
+Import from Ubuntu:
http://archive.ubuntu.com/ubuntu/pool/main/s/setuptools/setuptools_45.2.0-1ubuntu0.1.debian.tar.xz
+]
+Signed-off-by: Lee Chee Yang
+
+---
+ setuptools/package_index.py | 2 +-
+ setuptools/tests/test_packageindex.py | 1 -
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+--- setuptools-45.2.0.orig/setuptools/package_index.py
setuptools-45.2.0/setuptools/package_index.py
+@@ -215,7 +215,7 @@ def unique_values(func):
+ return wrapper
+
+
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""",
re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+
+
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191044):
https://lists.openembedded.org/g/openembedded-core/message/191044
Mute This Topic: https://lists.openembedded.org/mt/102746011/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 1/2] wayland: fix CVE-2021-3782
From: Lee Chee Yang
take CVE-2021-3782.patch from OE-core rev
09b8ff8d2361b2db001bc963f481db294ccf2170.
Signed-off-by: Lee Chee Yang
---
.../wayland/wayland/CVE-2021-3782.patch | 111 ++
.../wayland/wayland_1.18.0.bb | 1 +
2 files changed, 112 insertions(+)
create mode 100644 meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
diff --git a/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
b/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
new file mode 100644
index 00..df204508e9
--- /dev/null
+++ b/meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
@@ -0,0 +1,111 @@
+From 5eed6609619cc2e4eaa8618d11c15d442abf54be Mon Sep 17 00:00:00 2001
+From: Derek Foreman
+Date: Fri, 28 Jan 2022 13:18:37 -0600
+Subject: [PATCH] util: Limit size of wl_map
+
+Since server IDs are basically indistinguishable from really big client
+IDs at many points in the source, it's theoretically possible to overflow
+a map and either overflow server IDs into the client ID space, or grow
+client IDs into the server ID space. This would currently take a massive
+amount of RAM, but the definition of massive changes yearly.
+
+Prevent this by placing a ridiculous but arbitrary upper bound on the
+number of items we can put in a map: 0xF0, somewhere over 15 million.
+This should satisfy pathological clients without restriction, but stays
+well clear of the 0xFF00 transition point between server and client
+IDs. It will still take an improbable amount of RAM to hit this, and a
+client could still exhaust all RAM in this way, but our goal is to prevent
+overflow and undefined behaviour.
+
+Fixes #224
+
+Signed-off-by: Derek Foreman
+
+Upstream-Status: Backport
+CVE: CVE-2021-3782
+
+Reference to upstream patch:
+https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2
+
+[DP: adjust context for wayland version 1.20.0]
+Signed-off-by: Dragos-Marian Panait
+---
+ src/wayland-private.h | 1 +
+ src/wayland-util.c| 25 +++--
+ 2 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/src/wayland-private.h b/src/wayland-private.h
+index 9bf8cb7..35dc40e 100644
+--- a/src/wayland-private.h
b/src/wayland-private.h
+@@ -45,6 +45,7 @@
+ #define WL_MAP_SERVER_SIDE 0
+ #define WL_MAP_CLIENT_SIDE 1
+ #define WL_SERVER_ID_START 0xff00
++#define WL_MAP_MAX_OBJECTS 0x00f0
+ #define WL_CLOSURE_MAX_ARGS 20
+
+ struct wl_object {
+diff --git a/src/wayland-util.c b/src/wayland-util.c
+index d5973bf..3e45d19 100644
+--- a/src/wayland-util.c
b/src/wayland-util.c
+@@ -195,6 +195,7 @@ wl_map_insert_new(struct wl_map *map, uint32_t flags, void
*data)
+ union map_entry *start, *entry;
+ struct wl_array *entries;
+ uint32_t base;
++ uint32_t count;
+
+ if (map->side == WL_MAP_CLIENT_SIDE) {
+ entries = >client_entries;
+@@ -215,10 +216,25 @@ wl_map_insert_new(struct wl_map *map, uint32_t flags,
void *data)
+ start = entries->data;
+ }
+
++ /* wl_array only grows, so if we have too many objects at
++ * this point there's no way to clean up. We could be more
++ * pro-active about trying to avoid this allocation, but
++ * it doesn't really matter because at this point there is
++ * nothing to be done but disconnect the client and delete
++ * the whole array either way.
++ */
++ count = entry - start;
++ if (count > WL_MAP_MAX_OBJECTS) {
++ /* entry->data is freshly malloced garbage, so we'd
++ * better make it a NULL so wl_map_for_each doesn't
++ * dereference it later. */
++ entry->data = NULL;
++ return 0;
++ }
+ entry->data = data;
+ entry->next |= (flags & 0x1) << 1;
+
+- return (entry - start) + base;
++ return count + base;
+ }
+
+ int
+@@ -235,6 +251,9 @@ wl_map_insert_at(struct wl_map *map, uint32_t flags,
uint32_t i, void *data)
+ i -= WL_SERVER_ID_START;
+ }
+
++ if (i > WL_MAP_MAX_OBJECTS)
++ return -1;
++
+ count = entries->size / sizeof *start;
+ if (count < i)
+ return -1;
+@@ -269,8 +288,10 @@ wl_map_reserve_new(struct wl_map *map, uint32_t i)
+ i -= WL_SERVER_ID_START;
+ }
+
+- count = entries->size / sizeof *start;
++ if (i > WL_MAP_MAX_OBJECTS)
++ return -1;
+
++ count = entries->size / sizeof *start;
+ if (count < i)
+ return -1;
+
+--
+2.37.3
diff --git a/meta/recipes-graphics/wayland/wayland_1.18.0.bb
b/meta/recipes-graphics/wayland/wayland_1.18.0.bb
index 00be3aac27..e621abddbf 100644
--- a/meta/recipes-graphics/wayland/wayland_1.18.0.bb
+++ b/meta/recipes-graphics/wayland/wayland_1.18.0.bb
@@ -18,6 +18,7 @@ SRC_URI =
"https://wayland.freedesktop.o
[OE-core] [kirkstone][PATCH] ghostscript: ignore GhostPCL CVE-2023-38560
From: Lee Chee Yang
issue in GhostPCL.
GhostPCL not part of this GhostScript recipe.
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 4c4c22cf39e..7f4050755cb 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -23,6 +23,9 @@ UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)\.tar"
# however we use an external jpeg which doesn't have the issue.
CVE_CHECK_IGNORE += "CVE-2013-6629"
+# Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
+CVE_CHECK_IGNORE += "CVE-2023-38560"
+
def gs_verdir(v):
return "".join(v.split("."))
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190767):
https://lists.openembedded.org/g/openembedded-core/message/190767
Mute This Topic: https://lists.openembedded.org/mt/102624071/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] documentation.conf: drop SERIAL_CONSOLES_CHECK
From: Lee Chee Yang remove obsolete SERIAL_CONSOLES_CHECK. Signed-off-by: Lee Chee Yang --- meta/conf/documentation.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf index 23a9c0fe7b..d03c497c0e 100644 --- a/meta/conf/documentation.conf +++ b/meta/conf/documentation.conf @@ -379,7 +379,6 @@ SDKMACHINE[doc] = "Specifies the architecture (i.e. i686 or x86_64) for which to SECTION[doc] = "The section in which packages should be categorized. Package management utilities can make use of this variable." SELECTED_OPTIMIZATION[doc] = "The variable takes the value of FULL_OPTIMIZATION unless DEBUG_BUILD = '1'. In this case, the value of DEBUG_OPTIMIZATION is used." SERIAL_CONSOLES[doc] = "Defines the serial consoles (TTYs) to enable using getty." -SERIAL_CONSOLES_CHECK[doc] = "Similar to SERIAL_CONSOLES except the device is checked for existence before attempting to enable it. Supported only by SysVinit." SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS[doc] = "A list of recipe dependencies that should not be used to determine signatures of tasks from one recipe when they depend on tasks from another recipe." SIGGEN_EXCLUDERECIPES_ABISAFE[doc] = "A list of recipes that are completely stable and will never change." SITEINFO_BITS[doc] = "Specifies the number of bits for the target system CPU." -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190108): https://lists.openembedded.org/g/openembedded-core/message/190108 Mute This Topic: https://lists.openembedded.org/mt/102359058/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH] kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
index 871b36440f..206c6ccae7 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
@@ -30,6 +30,9 @@ inherit autotools update-rc.d systemd
export LDFLAGS = "-L${STAGING_LIBDIR}"
EXTRA_OECONF = " --with-zlib=yes"
+# affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL
versions prior to 2.0.20-47.
+CVE_CHECK_WHITELIST += "CVE-2021-20269"
+
do_compile_prepend() {
# Remove the prepackaged config.h from the source tree as it overrides
# the same file generated by configure and placed in the build tree
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189696):
https://lists.openembedded.org/g/openembedded-core/message/189696
Mute This Topic: https://lists.openembedded.org/mt/102194515/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][kirkstone][PATCH] qemu: ignore RHEL specific CVE-2023-2680
From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/qemu/qemu.inc | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 5526eacb960..83bd5d7e67d 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -125,6 +125,10 @@ CVE_CHECK_IGNORE += "CVE-2018-18438" # this bug related to windows specific. CVE_CHECK_IGNORE += "CVE-2023-0664" +# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +# RHEL specific issue +CVE_CHECK_IGNORE += "CVE-2023-2680" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" -- 2.37.3 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189427): https://lists.openembedded.org/g/openembedded-core/message/189427 Mute This Topic: https://lists.openembedded.org/mt/102055231/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] qemu: ignore RHEL specific CVE-2023-2680
From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/qemu/qemu.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index b331f87c0d..78c495516f 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -56,6 +56,9 @@ CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were d # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows" +# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue." + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" -- 2.37.3 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189280): https://lists.openembedded.org/g/openembedded-core/message/189280 Mute This Topic: https://lists.openembedded.org/mt/101992219/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 3/7] python3-urllib3: upgrade 1.26.11 -> 1.26.12
From: wangmy
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
(cherry picked from commit cb05578af3ace6e3983f93e16d9ad1ac2a65fbe2)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.11.bb => python3-urllib3_1.26.12.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.11.bb =>
python3-urllib3_1.26.12.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.11.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.12.bb
index a8d47de0f42..1cd69bcb104 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a"
+SRC_URI[sha256sum] =
"3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189064):
https://lists.openembedded.org/g/openembedded-core/message/189064
Mute This Topic: https://lists.openembedded.org/mt/101938010/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 6/7] python3-urllib3: upgrade 1.26.14 -> 1.26.15
From: Wang Mingyu
Changelog:
==
* Fix socket timeout value when "HTTPConnection" is reused ('#2645
<https://github.com/urllib3/urllib3/issues/2645>'__)
* Remove "!" character from the unreserved characters in IPv6 Zone ID parsing
('#2899 <https://github.com/urllib3/urllib3/issues/2899>'__)
* Fix IDNA handling of '\x80' byte ('#2901
<https://github.com/urllib3/urllib3/issues/2901>'__)
Signed-off-by: Wang Mingyu
Signed-off-by: Richard Purdie
(cherry picked from commit 8e062efbac29a81831c3060bcae601dc533d65dd)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.14.bb => python3-urllib3_1.26.15.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.14.bb =>
python3-urllib3_1.26.15.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.14.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
index f35a141df26..d2de7c4c022 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72"
+SRC_URI[sha256sum] =
"8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189067):
https://lists.openembedded.org/g/openembedded-core/message/189067
Mute This Topic: https://lists.openembedded.org/mt/101938013/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 7/7] python3-urllib3: 1.26.15 -> 1.26.17
From: Lee Chee Yang
1.26.17 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
1.26.16 (2023-05-23)
Fixed thread-safety issue where accessing a PoolManager with many
distinct origins would cause connection pools to be closed while
requests are in progress (#2954)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.15.bb =>
python3-urllib3_1.26.17.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
index d2de7c4c022..57b166870aa 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305"
+SRC_URI[sha256sum] =
"24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189068):
https://lists.openembedded.org/g/openembedded-core/message/189068
Mute This Topic: https://lists.openembedded.org/mt/101938014/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 1/7] python3-urllib3: upgrade 1.26.9 -> 1.26.10
From: wangmy
Add dependence python3-logging.
Changelog:
=
* Removed support for Python 3.5
* Fixed an issue where a "ProxyError" recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
Signed-off-by: Wang Mingyu
Signed-off-by: Richard Purdie
(cherry picked from commit a8a26a92dfe367472daf086a33a1b30ff6d17540)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.9.bb => python3-urllib3_1.26.10.bb} | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.9.bb =>
python3-urllib3_1.26.10.bb} (82%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.9.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb
similarity index 82%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.9.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.10.bb
index 95ae4a54a40..a8e2073d71e 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.9.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"
+SRC_URI[sha256sum] =
"879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6"
inherit pypi setuptools3
@@ -15,6 +15,7 @@ RDEPENDS:${PN} += "\
${PYTHON_PN}-netclient \
${PYTHON_PN}-pyopenssl \
${PYTHON_PN}-threading \
+${PYTHON_PN}-logging \
"
CVE_PRODUCT = "urllib3"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189062):
https://lists.openembedded.org/g/openembedded-core/message/189062
Mute This Topic: https://lists.openembedded.org/mt/101938008/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 2/7] python3-urllib3: upgrade 1.26.10 -> 1.26.11
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit dbe07ff87e2cb1a8276e69a43c7cdbb9ae6e5493)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.10.bb => python3-urllib3_1.26.11.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.10.bb =>
python3-urllib3_1.26.11.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.10.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.11.bb
index a8e2073d71e..a8d47de0f42 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6"
+SRC_URI[sha256sum] =
"ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189063):
https://lists.openembedded.org/g/openembedded-core/message/189063
Mute This Topic: https://lists.openembedded.org/mt/101938009/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 5/7] python3-urllib3: upgrade 1.26.13 -> 1.26.14
From: Tim Orling
https://github.com/urllib3/urllib3/blob/1.26.14/CHANGES.rst#12614-2023-01-11
1.26.14 (2023-01-11)
Fixed parsing of port 0 (zero) returning None, instead of 0. (#2850)
Removed deprecated getheaders() calls in contrib module.
Signed-off-by: Tim Orling
Signed-off-by: Richard Purdie
(cherry picked from commit 55ab1bf20e6893088acb6460e9004dac8e205559)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.13.bb => python3-urllib3_1.26.14.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.13.bb =>
python3-urllib3_1.26.14.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.13.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.14.bb
index 7af95117cf1..f35a141df26 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8"
+SRC_URI[sha256sum] =
"076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189066):
https://lists.openembedded.org/g/openembedded-core/message/189066
Mute This Topic: https://lists.openembedded.org/mt/101938012/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 4/7] python3-urllib3: upgrade 1.26.12 -> 1.26.13
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit b18552f69a2eb8900981a10ba386dc4f862b29c3)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.12.bb => python3-urllib3_1.26.13.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.12.bb =>
python3-urllib3_1.26.13.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.12.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.13.bb
index 1cd69bcb104..7af95117cf1 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e"
+SRC_URI[sha256sum] =
"c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189065):
https://lists.openembedded.org/g/openembedded-core/message/189065
Mute This Topic: https://lists.openembedded.org/mt/101938011/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][PATCH 1/2] python3-urllib3: 1.26.15 -> 1.26.17
From: Lee Chee Yang
1.26.17 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
1.26.16 (2023-05-23)
Fixed thread-safety issue where accessing a PoolManager with many
distinct origins would cause connection pools to be closed while
requests are in progress (#2954)
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_1.26.15.bb =>
python3-urllib3_1.26.17.bb} (86%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
index d2de7c4c02..57b166870a 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
-SRC_URI[sha256sum] =
"8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305"
+SRC_URI[sha256sum] =
"24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"
inherit pypi setuptools3
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189061):
https://lists.openembedded.org/g/openembedded-core/message/189061
Mute This Topic: https://lists.openembedded.org/mt/101937565/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][PATCH 2/2] cups: fix CVE-2023-4504
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
diff --git a/meta/recipes-extended/cups/cups.inc
b/meta/recipes-extended/cups/cups.inc
index c6a676b747..d09ceb203f 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -17,6 +17,7 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://cups-volatiles.conf \
file://CVE-2023-32324.patch \
file://CVE-2023-34241.patch \
+ file://CVE-2023-4504.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases;
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 00..e52e43a209
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2023-4504
+Upstream-Status: Backport
[https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
]
+Signed-off-by: Lee Chee Yang
+
+From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal
+Date: Wed, 20 Sep 2023 14:45:17 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+---
+ cups/raster-interpret.c | 14 +-
+ 1 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
+index 6fcf731b5..b8655c8c6 100644
+--- a/cups/raster-interpret.c
b/cups/raster-interpret.c
+@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
+
+ cur ++;
+
+-if (*cur == 'b')
++ /*
++ * Return NULL if we reached NULL terminator, a lone backslash
++ * is not a valid character in PostScript.
++ */
++
++ if (!*cur)
++ {
++*ptr = NULL;
++
++return (NULL);
++ }
++
++ if (*cur == 'b')
+ *valptr++ = '\b';
+ else if (*cur == 'f')
+ *valptr++ = '\f';
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189060):
https://lists.openembedded.org/g/openembedded-core/message/189060
Mute This Topic: https://lists.openembedded.org/mt/101937564/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] python3-urllib3: 2.0.5 -> 2.0.6
From: Lee Chee Yang
changelog
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
Signed-off-by: Lee Chee Yang
---
.../{python3-urllib3_2.0.5.bb => python3-urllib3_2.0.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-urllib3_2.0.5.bb =>
python3-urllib3_2.0.6.bb} (87%)
diff --git a/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
b/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
rename to meta/recipes-devtools/python/python3-urllib3_2.0.6.bb
index 9c15791d34..cd2a9dd4ef 100644
--- a/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_2.0.6.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
-SRC_URI[sha256sum] =
"13abf37382ea2ce6fb744d4dad67838eec857c9f4f57009891805e0b5e123594"
+SRC_URI[sha256sum] =
"b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564"
inherit pypi python_hatchling
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189028):
https://lists.openembedded.org/g/openembedded-core/message/189028
Mute This Topic: https://lists.openembedded.org/mt/101935087/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH v2] qemu: fix CVE-2020-24165
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
v2: update qemu.inc, rebase on latest HEAD
(926eb08fe325e2ea13098f99d920840b9354ceb9)
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-24165.patch| 94 +++
2 files changed, 95 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 2669ba4ec8..e6b26aba88 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -141,6 +141,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2023-0330_2.patch \
file://CVE-2023-3354.patch \
file://CVE-2023-3180.patch \
+ file://CVE-2020-24165.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
b/meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
new file mode 100644
index 00..e0a27331a8
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
@@ -0,0 +1,94 @@
+CVE: CVE-2020-24165
+Upstream-Status: Backport
[https://github.com/qemu/qemu/commit/886cc68943ebe8cf7e5f970be33459f95068a441 ]
+Signed-off-by: Lee Chee Yang
+
+From 886cc68943ebe8cf7e5f970be33459f95068a441 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alex=20Benn=C3=A9e?=
+Date: Fri, 14 Feb 2020 14:49:52 +
+Subject: [PATCH] accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The bug describes a race whereby cpu_exec_step_atomic can acquire a TB
+which is invalidated by a tb_flush before we execute it. This doesn't
+affect the other cpu_exec modes as a tb_flush by it's nature can only
+occur on a quiescent system. The race was described as:
+
+ B2. tcg_cpu_exec => cpu_exec => tb_find => tb_gen_code
+ B3. tcg_tb_alloc obtains a new TB
+
+ C3. TB obtained with tb_lookup__cpu_state or tb_gen_code
+ (same TB as B2)
+
+ A3. start_exclusive critical section entered
+ A4. do_tb_flush is called, TB memory freed/re-allocated
+ A5. end_exclusive exits critical section
+
+ B2. tcg_cpu_exec => cpu_exec => tb_find => tb_gen_code
+ B3. tcg_tb_alloc reallocates TB from B2
+
+ C4. start_exclusive critical section entered
+ C5. cpu_tb_exec executes the TB code that was free in A4
+
+The simplest fix is to widen the exclusive period to include the TB
+lookup. As a result we can drop the complication of checking we are in
+the exclusive region before we end it.
+
+Cc: Yifan
+Buglink: https://bugs.launchpad.net/qemu/+bug/1863025
+Reviewed-by: Paolo Bonzini
+Reviewed-by: Richard Henderson
+Signed-off-by: Alex Bennée
+Message-Id: <20200214144952.15502-1-alex.ben...@linaro.org>
+Signed-off-by: Richard Henderson
+---
+ accel/tcg/cpu-exec.c | 21 +++--
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
+index 2560c90eec79..d95c4848a47b 100644
+--- a/accel/tcg/cpu-exec.c
b/accel/tcg/cpu-exec.c
+@@ -240,6 +240,8 @@ void cpu_exec_step_atomic(CPUState *cpu)
+ uint32_t cf_mask = cflags & CF_HASH_MASK;
+
+ if (sigsetjmp(cpu->jmp_env, 0) == 0) {
++start_exclusive();
++
+ tb = tb_lookup__cpu_state(cpu, , _base, , cf_mask);
+ if (tb == NULL) {
+ mmap_lock();
+@@ -247,8 +249,6 @@ void cpu_exec_step_atomic(CPUState *cpu)
+ mmap_unlock();
+ }
+
+-start_exclusive();
+-
+ /* Since we got here, we know that parallel_cpus must be true. */
+ parallel_cpus = false;
+ cc->cpu_exec_enter(cpu);
+@@ -271,14 +271,15 @@ void cpu_exec_step_atomic(CPUState *cpu)
+ qemu_plugin_disable_mem_helpers(cpu);
+ }
+
+-if (cpu_in_exclusive_context(cpu)) {
+-/* We might longjump out of either the codegen or the
+- * execution, so must make sure we only end the exclusive
+- * region if we started it.
+- */
+-parallel_cpus = true;
+-end_exclusive();
+-}
++
++/*
++ * As we start the exclusive region before codegen we must still
++ * be in the region if we longjump out of either the codegen or
++ * the execution.
++ */
++g_assert(cpu_in_exclusive_context(cpu));
++parallel_cpus = true;
++end_exclusive();
+ }
+
+ struct tb_desc {
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188390):
https://lists.openembedded.org/g/openembedded-core/message/188390
Mute This Topic: https://lists.openembedded.org/mt/101651413/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 2/3] bind: update to 9.18.19
From: Lee Chee Yang
Notes for BIND 9.18.19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
Notes for BIND 9.18.18
Feature Changes
When a primary server for a zone responds to an SOA query, but the
subsequent TCP connection required to transfer the zone is refused, that
server is marked as temporarily unreachable. This now also happens if
the TCP connection attempt times out, preventing too many zones from
queuing up on an unreachable server and allowing the refresh process to
move on to the next configured primary more quickly. [GL #4215]
The dialup and heartbeat-interval options have been deprecated and will
be removed in a future BIND 9 release. [GL #3700]
Bug Fixes
Processing already-queued queries received over TCP could cause an
assertion failure, when the server was reconfigured at the same time or
the cache was being flushed. This has been fixed. [GL #4200]
Setting dnssec-policy to insecure prevented zones containing resource
records with a TTL value larger than 86400 seconds (1 day) from being
loaded. This has been fixed by ignoring the TTL values in the zone and
using a value of 604800 seconds (1 week) as the maximum zone TTL in key
rollover timing calculations. [GL #4032]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
Link to release notes:
https://bind9.readthedocs.io/en/v9.18.19/notes.html#notes-for-bind-9-18-19
Signed-off-by: Lee Chee Yang
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
.../bind-ensure-searching-for-json-headers-searches-sysr.patch | 0
meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind9 | 0
.../recipes-connectivity/bind/{bind-9.18.17 => bind}/conf.patch | 0
.../bind/{bind-9.18.17 => bind}/generate-rndc-key.sh| 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../{bind-9.18.17 => bind}/make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.17 => bind}/named.service | 0
.../bind/{bind_9.18.17.bb => bind_9.18.19.bb}
[OE-core] [kirkstone][PATCH 3/3] cups: Fix CVE-2023-4504
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
diff --git a/meta/recipes-extended/cups/cups.inc
b/meta/recipes-extended/cups/cups.inc
index 4d0c52eab85..047ab338983 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -18,6 +18,7 @@ SRC_URI =
"https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
file://CVE-2023-32324.patch \
file://CVE-2023-34241.patch \
file://CVE-2023-32360.patch \
+ file://CVE-2023-4504.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases;
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 000..e52e43a209b
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2023-4504
+Upstream-Status: Backport
[https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
]
+Signed-off-by: Lee Chee Yang
+
+From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal
+Date: Wed, 20 Sep 2023 14:45:17 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+---
+ cups/raster-interpret.c | 14 +-
+ 1 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
+index 6fcf731b5..b8655c8c6 100644
+--- a/cups/raster-interpret.c
b/cups/raster-interpret.c
+@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
+
+ cur ++;
+
+-if (*cur == 'b')
++ /*
++ * Return NULL if we reached NULL terminator, a lone backslash
++ * is not a valid character in PostScript.
++ */
++
++ if (!*cur)
++ {
++*ptr = NULL;
++
++return (NULL);
++ }
++
++ if (*cur == 'b')
+ *valptr++ = '\b';
+ else if (*cur == 'f')
+ *valptr++ = '\f';
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188312):
https://lists.openembedded.org/g/openembedded-core/message/188312
Mute This Topic: https://lists.openembedded.org/mt/101615650/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 1/3] xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
From: Ross Burton
(cherry-pick from commit 769576f36aac9652525beec5c7e8a4d26632b844 )
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
Signed-off-by: Lee Chee Yang
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 6b11c79be6e..ecb164ddf76 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -28,6 +28,8 @@ CVE_CHECK_IGNORE += "CVE-2011-4613"
# impossible or difficult to exploit. There is currently no upstream patch
# available for this flaw.
CVE_CHECK_IGNORE += "CVE-2020-25697"
+# This is specific to XQuartz, which is the macOS X server port
+CVE_CHECK_IGNORE += "CVE-2022-3553"
S = "${WORKDIR}/${XORG_PN}-${PV}"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188310):
https://lists.openembedded.org/g/openembedded-core/message/188310
Mute This Topic: https://lists.openembedded.org/mt/101615648/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] cups: fix CVE-2023-4504
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
diff --git a/meta/recipes-extended/cups/cups.inc
b/meta/recipes-extended/cups/cups.inc
index 36feaddcf8..fa32c38549 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,7 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
file://0004-cups-fix-multilib-install-file-conflicts.patch \
file://volatiles.99_cups \
file://cups-volatiles.conf \
+ file://CVE-2023-4504.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases;
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 00..e52e43a209
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2023-4504
+Upstream-Status: Backport
[https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
]
+Signed-off-by: Lee Chee Yang
+
+From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal
+Date: Wed, 20 Sep 2023 14:45:17 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+---
+ cups/raster-interpret.c | 14 +-
+ 1 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
+index 6fcf731b5..b8655c8c6 100644
+--- a/cups/raster-interpret.c
b/cups/raster-interpret.c
+@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
+
+ cur ++;
+
+-if (*cur == 'b')
++ /*
++ * Return NULL if we reached NULL terminator, a lone backslash
++ * is not a valid character in PostScript.
++ */
++
++ if (!*cur)
++ {
++*ptr = NULL;
++
++return (NULL);
++ }
++
++ if (*cur == 'b')
+ *valptr++ = '\b';
+ else if (*cur == 'f')
+ *valptr++ = '\f';
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188303):
https://lists.openembedded.org/g/openembedded-core/message/188303
Mute This Topic: https://lists.openembedded.org/mt/101614727/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][PATCH 3/3] ffmpeg: 5.1.2 -> 5.1.3
From: Lee Chee Yang
drop patch which is already part of 5.1.3.
0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1eb002596e3761d88de4aeea3158692b82fb6307
0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/293dc39bcaa99f213c6b7a703e11f146abf5d3be
ffmpeg-fix-vulkan.patch :
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/7268323193d55365f914de39fadd5dbdb1f68976
Signed-off-by: Lee Chee Yang
---
...c-stop-accessing-out-of-bounds-frame.patch | 89 ---
...c-stop-accessing-out-of-bounds-frame.patch | 108 --
.../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch | 34 --
.../{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} | 5 +-
4 files changed, 1 insertion(+), 235 deletions(-)
delete mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
delete mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
delete mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb}
(96%)
diff --git
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
deleted file mode 100644
index 2775a81cc8..00
---
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
-From: Paul B Mahol
-Date: Sat, 12 Nov 2022 16:12:00 +0100
-Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
-
-Upstream-Status: Backport
[https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
-
-Signed-off-by:
-
- libavcodec/rpzaenc.c | 22 +++---
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
-index d710eb4f82..4ced9523e2 100644
a/libavcodec/rpzaenc.c
-+++ b/libavcodec/rpzaenc.c
-@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi,
const uint16_t *block_pt
-
- // loop thru and compare pixels
- for (y = 0; y < bi->block_height; y++) {
--for (x = 0; x < bi->block_width; x++){
-+for (x = 0; x < bi->block_width; x++) {
- // TODO: optimize
- min_r = FFMIN(R(block_ptr[x]), min_r);
- min_g = FFMIN(G(block_ptr[x]), min_g);
-@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const
BlockInfo *bi,
- return -1;
-
- for (i = 0; i < bi->block_height; i++) {
--for (j = 0; j < bi->block_width; j++){
-+for (j = 0; j < bi->block_width; j++) {
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
- sumx += x;
-@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t
*block_ptr, const BlockInfo *bi
- int max_err = 0;
-
- for (i = 0; i < bi->block_height; i++) {
--for (j = 0; j < bi->block_width; j++){
-+for (j = 0; j < bi->block_width; j++) {
- int x_inc, lin_y, lin_x;
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
-@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t
*src_pixels,
-uint16_t *dest_pixels,
-const BlockInfo *bi, int block_counter)
- {
--for (int y = 0; y < 4; y++) {
-+const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
-+
-+for (int y = 0; y < y_size; y++) {
- memcpy(dest_pixels, src_pixels, 8);
- dest_pixels += bi->rowstride;
- src_pixels += bi->rowstride;
-@@ -730,14 +732,15 @@ post_skip :
-
- if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
- uint16_t *row_ptr;
--int rgb555;
-+int y_size, rgb555;
-
- block_offset = get_block_info(, block_counter);
-
- row_ptr = _pixels[block_offset];
-+y_size = FFMIN(4, bi.image_height - bi.row * 4);
-
--for (int y = 0; y < 4; y++) {
--for (int x = 0; x < 4; x++){
-+for (int y = 0; y < y_size; y++) {
-+for (int x = 0; x < 4; x++) {
- rgb555 = row_ptr[x] & ~0x8000;
-
- put_bits(>pb, 16, rgb555);
-@@ -745,6 +748,11 @@ post_skip :
- row_ptr += bi.rowstride;
- }
-
-+for (int y = y_size;
[OE-core] [mickledore][PATCH 1/3] bind: upgrade 9.18.17 -> 9.18.18
From: Wang Mingyu
Changelog:
Deprecate the 'dialup' and 'heartbeat-interval' options.
Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
Mark a primary server as temporarily unreachable if the TCP connection attempt
times out.
Don't process detach and close netmgr events when the netmgr has been paused.
(cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564)
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
---
.../bind/{bind_9.18.17.bb => bind_9.18.18.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.18.bb}
(97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.17.bb
b/meta/recipes-connectivity/bind/bind_9.18.18.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.17.bb
rename to meta/recipes-connectivity/bind/bind_9.18.18.bb
index fa1249b370..b9579ab52a 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.17.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.18.bb
@@ -20,7 +20,7 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] =
"bde1c5017b81d1d79c69eb8f537f2e5032fd3623acdd5ee830d4f74bc2483458"
+SRC_URI[sha256sum] =
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
# follow the ESV versions divisible by 2
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188221):
https://lists.openembedded.org/g/openembedded-core/message/188221
Mute This Topic: https://lists.openembedded.org/mt/101591651/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][PATCH 2/3] bind: update to 9.18.19
From: Lee Chee Yang
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
Signed-off-by: Lee Chee Yang
---
.../bind/{bind_9.18.18.bb => bind_9.18.19.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.18.bb => bind_9.18.19.bb}
(97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.18.bb
b/meta/recipes-connectivity/bind/bind_9.18.19.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.18.bb
rename to meta/recipes-connectivity/bind/bind_9.18.19.bb
index b9579ab52a..6936c1c6ad 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.18.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.19.bb
@@ -20,7 +20,7 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] =
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
+SRC_URI[sha256sum] =
"115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
# follow the ESV versions divisible by 2
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188222):
https://lists.openembedded.org/g/openembedded-core/message/188222
Mute This Topic: https://lists.openembedded.org/mt/101591652/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] bind: update to 9.18.19
From: Lee Chee Yang
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
Signed-off-by: Lee Chee Yang
---
.../bind/{bind_9.18.18.bb => bind_9.18.19.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.18.bb => bind_9.18.19.bb}
(97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.18.bb
b/meta/recipes-connectivity/bind/bind_9.18.19.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.18.bb
rename to meta/recipes-connectivity/bind/bind_9.18.19.bb
index e74e685fe8..8124c5c591 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.18.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.19.bb
@@ -20,7 +20,7 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] =
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
+SRC_URI[sha256sum] =
"115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
# follow the ESV versions divisible by 2
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188184):
https://lists.openembedded.org/g/openembedded-core/message/188184
Mute This Topic: https://lists.openembedded.org/mt/101571725/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008
> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Hemraj, Deepthi via > lists.openembedded.org > Sent: Wednesday, September 6, 2023 3:32 PM > To: openembedded-core@lists.openembedded.org > Cc: randy.macl...@windriver.com; umesh.kala...@windriver.com; > naveen.go...@windriver.com; shivaprasad.moodala...@windriver.com; > sundeep.kokko...@windriver.com > Subject: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008 > > Signed-off-by: Deepthi Hemraj > --- > meta/recipes-devtools/binutils/binutils-2.38.inc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes- > devtools/binutils/binutils-2.38.inc > index 5c3ff3d93a..9bcf7ad4f5 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > @@ -56,5 +56,6 @@ SRC_URI = "\ > file://0023-CVE-2023-25585.patch \ > file://0026-CVE-2023-1972.patch \ > file://0025-CVE-2023-25588.patch \ > + file://0027-CVE-2022-47008.patch \[] missing patch file ? Chee Yang -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187282): https://lists.openembedded.org/g/openembedded-core/message/187282 Mute This Topic: https://lists.openembedded.org/mt/101188282/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 5/5] nasm: fix CVE-2022-44370
From: Archana Polampalli
NASM v2.16 was discovered to contain a heap buffer overflow in the
component quote_for_pmake() asm/nasm.c:856
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-44370
Upstream patches:
https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
( cherry picked from commit 1568df72136f46f0767bba56c10c48bf2a1ec259 )
Signed-off-by: Archana Polampalli
Signed-off-by: Steve Sakoman
Signed-off-by: Lee Chee Yang
---
.../nasm/nasm/CVE-2022-44370.patch| 104 ++
meta/recipes-devtools/nasm/nasm_2.15.05.bb| 1 +
2 files changed, 105 insertions(+)
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
b/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
new file mode 100644
index 00..1bd49c9fd9
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
@@ -0,0 +1,104 @@
+From b37677f7e40276bd8f504584bcba2c092f1146a8 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin"
+Date: Mon, 7 Nov 2022 10:26:03 -0800
+Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault
+
+while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
+introduce mempset() to make these kinds of errors less likely in the
+future.
+
+Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+Reported-by: <13579and24...@gmail.com>
+Signed-off-by: H. Peter Anvin
+
+Upstream-Status: Backport
+CVE: CVE-2022-4437
+
+Reference to upstream patch:
+[https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d]
+
+Signed-off-by: Archana Polampalli
+---
+ asm/nasm.c | 12 +---
+ configure.ac | 1 +
+ include/compiler.h | 7 +++
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 7a7f8b4..675cff4 100644
+--- a/asm/nasm.c
b/asm/nasm.c
+@@ -1,6 +1,6 @@
+ /* --- *
+ *
+- * Copyright 1996-2020 The NASM Authors - All Rights Reserved
++ * Copyright 1996-2022 The NASM Authors - All Rights Reserved
+ * See the file AUTHORS included with the NASM distribution for
+ * the specific copyright holders.
+ *
+@@ -814,8 +814,7 @@ static char *quote_for_pmake(const char *str)
+ }
+
+ /* Convert N backslashes at the end of filename to 2N backslashes */
+-if (nbs)
+-n += nbs;
++n += nbs;
+
+ os = q = nasm_malloc(n);
+
+@@ -824,10 +823,10 @@ static char *quote_for_pmake(const char *str)
+ switch (*p) {
+ case ' ':
+ case '\t':
+-while (nbs--)
+-*q++ = '\\';
++q = mempset(q, '\\', nbs);
+ *q++ = '\\';
+ *q++ = *p;
++nbs = 0;
+ break;
+ case '$':
+ *q++ = *p;
+@@ -849,9 +848,8 @@ static char *quote_for_pmake(const char *str)
+ break;
+ }
+ }
+-while (nbs--)
+-*q++ = '\\';
+
++q = mempset(q, '\\', nbs);
+ *q = '\0';
+
+ return os;
+diff --git a/configure.ac b/configure.ac
+index 39680b1..940ebe2 100644
+--- a/configure.ac
b/configure.ac
+@@ -199,6 +199,7 @@ AC_CHECK_FUNCS(strrchrnul)
+ AC_CHECK_FUNCS(iscntrl)
+ AC_CHECK_FUNCS(isascii)
+ AC_CHECK_FUNCS(mempcpy)
++AC_CHECK_FUNCS(mempset)
+
+ AC_CHECK_FUNCS(getuid)
+ AC_CHECK_FUNCS(getgid)
+diff --git a/include/compiler.h b/include/compiler.h
+index db3d6d6..b64da6a 100644
+--- a/include/compiler.h
b/include/compiler.h
+@@ -256,6 +256,13 @@ static inline void *mempcpy(void *dst, const void *src,
size_t n)
+ }
+ #endif
+
++#ifndef HAVE_MEMPSET
++static inline void *mempset(void *dst, int c, size_t n)
++{
++return (char *)memset(dst, c, n) + n;
++}
++#endif
++
+ /*
+ * Hack to support external-linkage inline functions
+ */
+--
+2.40.0
diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb
b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
index 43088baf71..c5638debdd 100644
--- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe"
SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
file://0001-stdlib-Add-strlcat.patch \
file://0002-Add-debug-prefix-map-option.patch \
+ file://CVE-2022-44370.patch \
"
SRC_URI[sha256sum] =
"3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187272):
https://lists.openembedded.org/g/openembedded-core/message/187272
Mute This Topic: https://lists.openembedded.org/mt/101185749/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 2/5] libxpm: fix CVE-2022-46285
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
.../xorg-lib/libxpm/CVE-2022-46285.patch | 40 +++
.../xorg-lib/libxpm_3.5.13.bb | 2 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
diff --git a/meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
b/meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
new file mode 100644
index 00..e8b654dfb2
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
@@ -0,0 +1,40 @@
+CVE: CVE-2022-46285
+Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148
]
+Signed-off-by: Lee Chee Yang
+
+From a3a7c6dcc3b629d765014816c566c63165c63ca8 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith
+Date: Sat, 17 Dec 2022 12:23:45 -0800
+Subject: [PATCH] Fix CVE-2022-46285: Infinite loop on unclosed comments
+
+When reading XPM images from a file with libXpm 3.5.14 or older, if a
+comment in the file is not closed (i.e. a C-style comment starts with
+"/*" and is missing the closing "*/"), the ParseComment() function will
+loop forever calling getc() to try to read the rest of the comment,
+failing to notice that it has returned EOF, which may cause a denial of
+service to the calling program.
+
+Reported-by: Marco Ivaldi
+Signed-off-by: Alan Coopersmith
+---
+ src/data.c | 4
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/data.c b/src/data.c
+index 898889c..bfad4ff 100644
+--- a/src/data.c
b/src/data.c
+@@ -174,6 +174,10 @@ ParseComment(xpmData *data)
+ notend = 0;
+ Ungetc(data, *s, file);
+ }
++ else if (c == EOF) {
++ /* hit end of file before the end of the comment */
++ return XpmFileInvalid;
++ }
+ }
+ return 0;
+ }
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb
b/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb
index fda8e32d2c..8937e61cb5 100644
--- a/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb
+++ b/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb
@@ -21,6 +21,8 @@ PACKAGES =+ "sxpm cxpm"
FILES_cxpm = "${bindir}/cxpm"
FILES_sxpm = "${bindir}/sxpm"
+SRC_URI += " file://CVE-2022-46285.patch"
+
SRC_URI[md5sum] = "6f0ecf8d103d528cfc803aa475137afa"
SRC_URI[sha256sum] =
"9cd1da57588b6cb71450eff2273ef6b657537a9ac4d02d0014228845b935ac25"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187269):
https://lists.openembedded.org/g/openembedded-core/message/187269
Mute This Topic: https://lists.openembedded.org/mt/101185746/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 3/5] qemu: fix CVE-2020-24165
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
meta/recipes-devtools/qemu/qemu.inc | 3 +-
.../qemu/qemu/CVE-2020-24165.patch| 94 +++
2 files changed, 96 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 2871818cb1..2dd3549a59 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -139,7 +139,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \
file://CVE-2023-0330.patch \
file://CVE-2023-3354.patch \
- "
+ file://CVE-2020-24165.patch \
+ "
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
b/meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
new file mode 100644
index 00..e0a27331a8
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
@@ -0,0 +1,94 @@
+CVE: CVE-2020-24165
+Upstream-Status: Backport
[https://github.com/qemu/qemu/commit/886cc68943ebe8cf7e5f970be33459f95068a441 ]
+Signed-off-by: Lee Chee Yang
+
+From 886cc68943ebe8cf7e5f970be33459f95068a441 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alex=20Benn=C3=A9e?=
+Date: Fri, 14 Feb 2020 14:49:52 +
+Subject: [PATCH] accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The bug describes a race whereby cpu_exec_step_atomic can acquire a TB
+which is invalidated by a tb_flush before we execute it. This doesn't
+affect the other cpu_exec modes as a tb_flush by it's nature can only
+occur on a quiescent system. The race was described as:
+
+ B2. tcg_cpu_exec => cpu_exec => tb_find => tb_gen_code
+ B3. tcg_tb_alloc obtains a new TB
+
+ C3. TB obtained with tb_lookup__cpu_state or tb_gen_code
+ (same TB as B2)
+
+ A3. start_exclusive critical section entered
+ A4. do_tb_flush is called, TB memory freed/re-allocated
+ A5. end_exclusive exits critical section
+
+ B2. tcg_cpu_exec => cpu_exec => tb_find => tb_gen_code
+ B3. tcg_tb_alloc reallocates TB from B2
+
+ C4. start_exclusive critical section entered
+ C5. cpu_tb_exec executes the TB code that was free in A4
+
+The simplest fix is to widen the exclusive period to include the TB
+lookup. As a result we can drop the complication of checking we are in
+the exclusive region before we end it.
+
+Cc: Yifan
+Buglink: https://bugs.launchpad.net/qemu/+bug/1863025
+Reviewed-by: Paolo Bonzini
+Reviewed-by: Richard Henderson
+Signed-off-by: Alex Bennée
+Message-Id: <20200214144952.15502-1-alex.ben...@linaro.org>
+Signed-off-by: Richard Henderson
+---
+ accel/tcg/cpu-exec.c | 21 +++--
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
+index 2560c90eec79..d95c4848a47b 100644
+--- a/accel/tcg/cpu-exec.c
b/accel/tcg/cpu-exec.c
+@@ -240,6 +240,8 @@ void cpu_exec_step_atomic(CPUState *cpu)
+ uint32_t cf_mask = cflags & CF_HASH_MASK;
+
+ if (sigsetjmp(cpu->jmp_env, 0) == 0) {
++start_exclusive();
++
+ tb = tb_lookup__cpu_state(cpu, , _base, , cf_mask);
+ if (tb == NULL) {
+ mmap_lock();
+@@ -247,8 +249,6 @@ void cpu_exec_step_atomic(CPUState *cpu)
+ mmap_unlock();
+ }
+
+-start_exclusive();
+-
+ /* Since we got here, we know that parallel_cpus must be true. */
+ parallel_cpus = false;
+ cc->cpu_exec_enter(cpu);
+@@ -271,14 +271,15 @@ void cpu_exec_step_atomic(CPUState *cpu)
+ qemu_plugin_disable_mem_helpers(cpu);
+ }
+
+-if (cpu_in_exclusive_context(cpu)) {
+-/* We might longjump out of either the codegen or the
+- * execution, so must make sure we only end the exclusive
+- * region if we started it.
+- */
+-parallel_cpus = true;
+-end_exclusive();
+-}
++
++/*
++ * As we start the exclusive region before codegen we must still
++ * be in the region if we longjump out of either the codegen or
++ * the execution.
++ */
++g_assert(cpu_in_exclusive_context(cpu));
++parallel_cpus = true;
++end_exclusive();
+ }
+
+ struct tb_desc {
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187270):
https://lists.openembedded.org/g/openembedded-core/message/187270
Mute This Topic: https://lists.openembedded.org/mt/101185747/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 4/5] nasm: update 2.15.03 -> 2.15.05
From: Alexander Kanavin
Use autotools-brokensep as new version needs that.
upgrade include fix for CVE-2020-21686 and CVE-2022-29654
(cherry picked from commit c9c724ffa36757b56e70bc8d7b880c0c5777b153)
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
Signed-off-by: Lee Chee Yang
---
.../0002-Add-debug-prefix-map-option.patch| 42 +--
.../nasm/{nasm_2.15.03.bb => nasm_2.15.05.bb} | 4 +-
2 files changed, 22 insertions(+), 24 deletions(-)
rename meta/recipes-devtools/nasm/{nasm_2.15.03.bb => nasm_2.15.05.bb} (84%)
diff --git
a/meta/recipes-devtools/nasm/nasm/0002-Add-debug-prefix-map-option.patch
b/meta/recipes-devtools/nasm/nasm/0002-Add-debug-prefix-map-option.patch
index f788e0fd43..9f4c8dc0bd 100644
--- a/meta/recipes-devtools/nasm/nasm/0002-Add-debug-prefix-map-option.patch
+++ b/meta/recipes-devtools/nasm/nasm/0002-Add-debug-prefix-map-option.patch
@@ -1,4 +1,4 @@
-From bb4e42ad3a0cdd23a1d1797e6299c76b474867c0 Mon Sep 17 00:00:00 2001
+From 81d6519499dcfebe7d21e65e002a8885a4e8d852 Mon Sep 17 00:00:00 2001
From: Joshua Watt
Date: Tue, 19 Nov 2019 13:12:17 -0600
Subject: [PATCH] Add --debug-prefix-map option
@@ -11,7 +11,7 @@ Upstream-Status: Submitted
[https://bugzilla.nasm.us/show_bug.cgi?id=3392635]
Signed-off-by: Joshua Watt
---
- asm/nasm.c | 26 +-
+ asm/nasm.c | 24
include/nasmlib.h | 9 +
nasm.txt| 4
nasmlib/filename.c | 20
@@ -23,34 +23,32 @@ Signed-off-by: Joshua Watt
stdlib/strlcat.c| 2 +-
test/elfdebugprefix.asm | 6 ++
test/performtest.pl | 12 ++--
- 12 files changed, 83 insertions(+), 10 deletions(-)
+ 12 files changed, 82 insertions(+), 9 deletions(-)
create mode 100644 test/elfdebugprefix.asm
diff --git a/asm/nasm.c b/asm/nasm.c
-index a0e1719..fc6c62e 100644
+index e5ae89a..7a7f8b4 100644
--- a/asm/nasm.c
+++ b/asm/nasm.c
-@@ -938,7 +938,8 @@ enum text_options {
- OPT_LIMIT,
+@@ -939,6 +939,7 @@ enum text_options {
OPT_KEEP_ALL,
OPT_NO_LINE,
--OPT_DEBUG
-+OPT_DEBUG,
-+OPT_DEBUG_PREFIX_MAP
+ OPT_DEBUG,
++OPT_DEBUG_PREFIX_MAP,
+ OPT_REPRODUCIBLE
};
enum need_arg {
- ARG_NO,
-@@ -970,6 +971,7 @@ static const struct textargs textopts[] = {
+@@ -971,6 +972,7 @@ static const struct textargs textopts[] = {
{"keep-all", OPT_KEEP_ALL, ARG_NO, 0},
{"no-line", OPT_NO_LINE, ARG_NO, 0},
{"debug",OPT_DEBUG, ARG_MAYBE, 0},
+{"debug-prefix-map", OPT_DEBUG_PREFIX_MAP, true, 0},
+ {"reproducible", OPT_REPRODUCIBLE, ARG_NO, 0},
{NULL, OPT_BOGUS, ARG_NO, 0}
};
-
-@@ -1332,6 +1334,26 @@ static bool process_arg(char *p, char *q, int pass)
- case OPT_DEBUG:
- debug_nasm = param ? strtoul(param, NULL, 10) :
debug_nasm+1;
+@@ -1337,6 +1339,26 @@ static bool process_arg(char *p, char *q, int pass)
+ case OPT_REPRODUCIBLE:
+ reproducible = true;
break;
+case OPT_DEBUG_PREFIX_MAP: {
+struct debug_prefix_list *d;
@@ -75,7 +73,7 @@ index a0e1719..fc6c62e 100644
case OPT_HELP:
help(stdout);
exit(0);
-@@ -2297,6 +2319,8 @@ static void help(FILE *out)
+@@ -2304,6 +2326,8 @@ static void help(FILE *out)
"-w-x disable warning x (also -Wno-x)\n"
"-w[+-]error promote all warnings to errors (also -Werror)\n"
"-w[+-]error=x promote warning x to errors (also -Werror=x)\n"
@@ -85,7 +83,7 @@ index a0e1719..fc6c62e 100644
fprintf(out, " %-20s %s\n",
diff --git a/include/nasmlib.h b/include/nasmlib.h
-index e9bfbcc..98fc653 100644
+index 438178d..4c3e90d 100644
--- a/include/nasmlib.h
+++ b/include/nasmlib.h
@@ -250,10 +250,19 @@ int64_t readstrnum(char *str, int length, bool *warn);
@@ -181,10 +179,10 @@ index 54b22f8..c4a412c 100644
static void as86_cleanup(void)
diff --git a/output/outcoff.c b/output/outcoff.c
-index bcd9ff3..15bfcf3 100644
+index 58fa024..14baf7b 100644
--- a/output/outcoff.c
+++ b/output/outcoff.c
-@@ -1095,14 +1095,14 @@ static void coff_symbol(char *name, int32_t strpos,
int32_t value,
+@@ -1072,14 +1072,14 @@ static void coff_symbol(char *name, int32_t strpos,
int32_t value,
static void coff_write_symbols(void)
{
@@ -215,7 +213,7 @@ index 61af020..1292958 100644
nsects = sectlen = 0;
syms = saa_init((int32_t)sizeof(struct elf_symbol));
diff --git a/output/outieee.c b/output/outieee.c
-index 4cc0f0f..2468724 100644
+index 6d6d4b2..cdb8333 100644
--- a/output/outieee.c
+++ b/output/outieee.c
@@ -207,7 +207,7 @@ static void ieee_unqualified_name(char *, char *);
@@ -228,10 +226,10 @@ index 4cc0f0f
[OE-core] [dunfell][PATCH 1/5] python3: update to 3.8.18
From: Lee Chee Yang
https://docs.python.org/release/3.8.18/whatsnew/changelog.html#changelog
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted data. Security issue reported as
CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.
Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into
account when determining their target, so it will no longer reject some
valid tarballs with LinkOutsideDestinationError.
Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL
1.1.1v, 3.0.10, and 3.1.2.
Signed-off-by: Lee Chee Yang
---
.../python/{python3_3.8.17.bb => python3_3.8.18.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/python/{python3_3.8.17.bb => python3_3.8.18.bb}
(99%)
diff --git a/meta/recipes-devtools/python/python3_3.8.17.bb
b/meta/recipes-devtools/python/python3_3.8.18.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.8.17.bb
rename to meta/recipes-devtools/python/python3_3.8.18.bb
index 00c4ff497a..9d0f72ecf9 100644
--- a/meta/recipes-devtools/python/python3_3.8.17.bb
+++ b/meta/recipes-devtools/python/python3_3.8.18.bb
@@ -43,8 +43,8 @@ SRC_URI_append_class-native = " \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[md5sum] = "70223497e664524303ca2364208647e1"
-SRC_URI[sha256sum] =
"2e54b0c68191f16552f6de2e97a2396540572a219f6bbb28591a137cecc490a9"
+SRC_URI[md5sum] = "5ea6267ea00513fc31d3746feb35842d"
+SRC_URI[sha256sum] =
"3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187268):
https://lists.openembedded.org/g/openembedded-core/message/187268
Mute This Topic: https://lists.openembedded.org/mt/101185745/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 1/2] file: fix CVE-2022-48554
From: Chee Yang Lee
ignore changes to FILE_RCSID part.
Signed-off-by: Chee Yang Lee
---
.../file/file/CVE-2022-48554.patch| 35 +++
meta/recipes-devtools/file/file_5.41.bb | 4 ++-
2 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/file/file/CVE-2022-48554.patch
diff --git a/meta/recipes-devtools/file/file/CVE-2022-48554.patch
b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
new file mode 100644
index 00..c285bd2c23
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
@@ -0,0 +1,35 @@
+CVE: CVE-2022-48554
+Upstream-Status: Backport [
https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
+Signed-off-by: Lee Chee Yang
+
+From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas
+Date: Mon, 14 Feb 2022 16:26:10 +
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+
+---
+ src/funcs.c | 11 +++
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/funcs.c b/src/funcs.c
+index 89e1da597..dcfd352d2 100644
+--- a/src/funcs.c
b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08
christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+- if (++width > blen)
+- width = blen;
+- strlcpy(buf, str, width);
++ if (blen == 0)
++ return buf;
++ if (width >= blen)
++ width = blen - 1;
++ memcpy(buf, str, width);
++ buf[width] = '\0';
+ return buf;
+ }
+
diff --git a/meta/recipes-devtools/file/file_5.41.bb
b/meta/recipes-devtools/file/file_5.41.bb
index 653887e97a..6fd4f2c746 100644
--- a/meta/recipes-devtools/file/file_5.41.bb
+++ b/meta/recipes-devtools/file/file_5.41.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM =
"file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
DEPENDS = "file-replacement-native"
DEPENDS:class-native = "bzip2-replacement-native"
-SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
+ file://CVE-2022-48554.patch \
+"
SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1"
S = "${WORKDIR}/git"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187170):
https://lists.openembedded.org/g/openembedded-core/message/187170
Mute This Topic: https://lists.openembedded.org/mt/101145679/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH 2/2] python3: upgrade to 3.10.13
From: Chee Yang Lee
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted data. Security issue reported as
CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.
Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into
account when determining their target, so it will no longer reject some
valid tarballs with LinkOutsideDestinationError.
Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL
1.1.1v, 3.0.10, and 3.1.2.
C API
gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.
Signed-off-by: Chee Yang Lee
---
.../python/{python3_3.10.12.bb => python3_3.10.13.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3_3.10.12.bb => python3_3.10.13.bb}
(99%)
diff --git a/meta/recipes-devtools/python/python3_3.10.12.bb
b/meta/recipes-devtools/python/python3_3.10.13.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.10.12.bb
rename to meta/recipes-devtools/python/python3_3.10.13.bb
index 74f1defc95..ba53a09ef5 100644
--- a/meta/recipes-devtools/python/python3_3.10.12.bb
+++ b/meta/recipes-devtools/python/python3_3.10.13.bb
@@ -43,7 +43,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] =
"afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8"
+SRC_URI[sha256sum] =
"5c88848668640d3e152b35b4536ef1c23b2ca4bd2c957ef1ecbb053f571dd3f6"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187171):
https://lists.openembedded.org/g/openembedded-core/message/187171
Mute This Topic: https://lists.openembedded.org/mt/101145680/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][kirkstone][patch] libssh2: fix CVE-2020-22218
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../libssh2/libssh2/CVE-2020-22218.patch | 34 +++
.../recipes-support/libssh2/libssh2_1.10.0.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
new file mode 100644
index 00..066233fcae
--- /dev/null
+++ b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
@@ -0,0 +1,34 @@
+CVE: CVE-2020-22218
+Upstream-Status: Backport [
https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45
]
+Signed-off-by: Lee Chee Yang
+
+
+From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001
+From: lutianxiong
+Date: Fri, 29 May 2020 01:25:40 +0800
+Subject: [PATCH] transport.c: fix use-of-uninitialized-value (#476)
+
+file:transport.c
+
+notes:
+return error if malloc(0)
+
+credit:
+lutianxiong
+---
+ src/transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index 96fca6b8cc..adf96c2437 100644
+--- a/src/transport.c
b/src/transport.c
+@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+ /* Get a packet handle put data into. We get one to
+hold all data, including padding and MAC. */
+ p->payload = LIBSSH2_ALLOC(session, total_num);
+-if(!p->payload) {
++if(total_num == 0 || !p->payload) {
+ return LIBSSH2_ERROR_ALLOC;
+ }
+ p->total_num = total_num;
diff --git a/meta/recipes-support/libssh2/libssh2_1.10.0.bb
b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
index d5513373b0..8483a292c2 100644
--- a/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://fix-ssh2-test.patch \
file://run-ptest \
+ file://CVE-2020-22218.patch \
"
SRC_URI[sha256sum] =
"2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187169):
https://lists.openembedded.org/g/openembedded-core/message/187169
Mute This Topic: https://lists.openembedded.org/mt/101145563/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][patch 4/4] go: upgrade 1.20.6 -> 1.20.7
From: Sakib Sajal
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.6..go1.20.7 origin/release-branch.go1.20
adb775e309 (tag: go1.20.7, origin/release-branch.go1.20)
[release-branch.go1.20] go1.20.7
659f2a2207 [release-branch.go1.20] crypto/tls: restrict RSA keys in
certificates to <= 8192 bits
10d85fa0f6 [release-branch.go1.20] cmd/asm, cmd/internal/obj: generate proper
atomic ops for riscv64
bd3a1f24e7 [release-branch.go1.20] net: tolerate permission errors in interface
tests
6211a024b4 [release-branch.go1.20] cmd/compile: on PPC64, fix sign/zero
extension when masking
[1] https://github.com/golang/go/compare/go1.20.6...go1.20.7
Upgrade include fix for CVE-2023-29409 CVE-2023-39533
(cherry picked from commit 039324d917ed124228a14ac1effdd66b27d9e82b)
Signed-off-by: Sakib Sajal
Signed-off-by: Alexandre Belloni
Signed-off-by: Chee Yang Lee
---
meta/recipes-devtools/go/{go-1.20.6.inc => go-1.20.7.inc} | 2 +-
...o-binary-native_1.20.6.bb => go-binary-native_1.20.7.bb} | 6 +++---
...cross-canadian_1.20.6.bb => go-cross-canadian_1.20.7.bb} | 0
.../go/{go-cross_1.20.6.bb => go-cross_1.20.7.bb} | 0
.../go/{go-crosssdk_1.20.6.bb => go-crosssdk_1.20.7.bb} | 0
.../go/{go-native_1.20.6.bb => go-native_1.20.7.bb} | 0
.../go/{go-runtime_1.20.6.bb => go-runtime_1.20.7.bb} | 0
meta/recipes-devtools/go/{go_1.20.6.bb => go_1.20.7.bb} | 0
8 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.20.6.inc => go-1.20.7.inc} (90%)
rename meta/recipes-devtools/go/{go-binary-native_1.20.6.bb =>
go-binary-native_1.20.7.bb} (78%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.20.6.bb =>
go-cross-canadian_1.20.7.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.20.6.bb => go-cross_1.20.7.bb}
(100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.20.6.bb =>
go-crosssdk_1.20.7.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.20.6.bb => go-native_1.20.7.bb}
(100%)
rename meta/recipes-devtools/go/{go-runtime_1.20.6.bb => go-runtime_1.20.7.bb}
(100%)
rename meta/recipes-devtools/go/{go_1.20.6.bb => go_1.20.7.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.20.6.inc
b/meta/recipes-devtools/go/go-1.20.7.inc
similarity index 90%
rename from meta/recipes-devtools/go/go-1.20.6.inc
rename to meta/recipes-devtools/go/go-1.20.7.inc
index 6277020fec..009a67e89e 100644
--- a/meta/recipes-devtools/go/go-1.20.6.inc
+++ b/meta/recipes-devtools/go/go-1.20.7.inc
@@ -17,4 +17,4 @@ SRC_URI += "\
file://CVE-2023-24531_1.patch \
file://CVE-2023-24531_2.patch \
"
-SRC_URI[main.sha256sum] =
"62ee5bc6fb55b8bae8f705e0cb8df86d6453626b4ecf93279e2867092e0b7f70"
+SRC_URI[main.sha256sum] =
"2c5ee9c9ec1e733b0dbbc2bdfed3f62306e51d8172bf38f4f4e542b27520f597"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
b/meta/recipes-devtools/go/go-binary-native_1.20.7.bb
similarity index 78%
rename from meta/recipes-devtools/go/go-binary-native_1.20.6.bb
rename to meta/recipes-devtools/go/go-binary-native_1.20.7.bb
index 5b2f8f4352..3decde1954 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.20.6.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.20.7.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI =
"https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE};
-SRC_URI[go_linux_amd64.sha256sum] =
"b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb"
-SRC_URI[go_linux_arm64.sha256sum] =
"4e15ab37556e979181a1a1cc60f6d796932223a0f5351d7c83768b356f84429b"
-SRC_URI[go_linux_ppc64le.sha256sum] =
"a1b91a42a40bba54bfd5c96c23d72250e0c424038d0d2b5c7950b828b4905822"
+SRC_URI[go_linux_amd64.sha256sum] =
"f0a87f1bcae91c4b69f8dc2bc6d7e6bfcd7524fceec130af525058c0c17b1b44"
+SRC_URI[go_linux_arm64.sha256sum] =
"44781ae3b153c3b07651d93b6bc554e835a36e2d72a696281c1e4dad9efffe43"
+SRC_URI[go_linux_ppc64le.sha256sum] =
"6318a1db307c12b8afe68808bd6fae4fba1e558a85b958216096869ed506dcb3"
UPSTREAM_CHECK_URI = "https://golang.org/dl/;
UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb
b/meta/recipes-devtools/go/go-cross-canadian_1.20.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.20.7.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.20.6.bb
b/meta/recipes-devtools/go/go-cross_1.20.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.20.6.bb
rename to meta/recipes-devtools/go/go-cross_1.20.7.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb
b/meta/recipes-devtools/go/go-crosssdk_1.20.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.20.6.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.20.7.bb
diff --git a/meta/recipes-devtools/go/go-native_1.20.6.bb
[OE-core] [mickledore][patch 1/4] python3: upgrade 3.11.2 -> 3.11.3
From: Alexander Kanavin
(cherry picked from commit 7d5bb3a4690ef61a1fee21773b4717e829789e32)
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
Signed-off-by: Chee Yang Lee
---
.../0001-Don-t-search-system-for-headers-libraries.patch| 2 +-
...1-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch | 2 +-
.../python3/12-distutils-prefix-is-inside-staging-area.patch| 2 +-
.../python/{python3_3.11.2.bb => python3_3.11.3.bb} | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/python/{python3_3.11.2.bb => python3_3.11.3.bb}
(99%)
diff --git
a/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
b/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
index 96e5e81342..c9253832cf 100644
---
a/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
+++
b/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
@@ -1,4 +1,4 @@
-From 7d296dc635ad3ac2792955ce37e140a4104b098f Mon Sep 17 00:00:00 2001
+From 6cb667f37beacd832cb409e5244b3c90dfad32f7 Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman
Date: Wed, 4 Mar 2020 00:06:42 +
Subject: [PATCH] Don't search system for headers/libraries
diff --git
a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index 86971f4048..d5b7ce2b95 100644
---
a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++
b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From cab8b8b1390165a93dfb27c48c1cc4c3e4280dfd Mon Sep 17 00:00:00 2001
+From 4ed481f4928c361970e78f27c4d9be8700af176b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin
Date: Fri, 10 Sep 2021 12:28:31 +0200
Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
diff --git
a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
index e080b5c562..5ee4e4f126 100644
---
a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
+++
b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
@@ -1,4 +1,4 @@
-From 79e7ed59750612e57647847957ab85709307ea38 Mon Sep 17 00:00:00 2001
+From 4c39252c71d8bca81fdc43753c83a59f8668c619 Mon Sep 17 00:00:00 2001
From: Khem Raj
Date: Tue, 14 May 2013 15:00:26 -0700
Subject: [PATCH] python3: Add target and native recipes
diff --git a/meta/recipes-devtools/python/python3_3.11.2.bb
b/meta/recipes-devtools/python/python3_3.11.3.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.11.2.bb
rename to meta/recipes-devtools/python/python3_3.11.3.bb
index f3be9768bf..0563a0ab9b 100644
--- a/meta/recipes-devtools/python/python3_3.11.2.bb
+++ b/meta/recipes-devtools/python/python3_3.11.3.bb
@@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] =
"29e4b8f5f1658542a8c13e2dd277358c9c48f2b2f7318652ef1675e402b9d2af"
+SRC_URI[sha256sum] =
"8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187006):
https://lists.openembedded.org/g/openembedded-core/message/187006
Mute This Topic: https://lists.openembedded.org/mt/101094624/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][patch 3/4] python3: update to 3.11.5
From: Chee Yang Lee
upgrade include fix for CVE-2023-40217
Release notes:
https://docs.python.org/3/whatsnew/changelog.html#python-3-11-5-final
Signed-off-by: Chee Yang Lee
---
.../python/{python3_3.11.4.bb => python3_3.11.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3_3.11.4.bb => python3_3.11.5.bb}
(99%)
diff --git a/meta/recipes-devtools/python/python3_3.11.4.bb
b/meta/recipes-devtools/python/python3_3.11.5.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.11.4.bb
rename to meta/recipes-devtools/python/python3_3.11.5.bb
index 41b27094c7..b1ab307804 100644
--- a/meta/recipes-devtools/python/python3_3.11.4.bb
+++ b/meta/recipes-devtools/python/python3_3.11.5.bb
@@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] =
"2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6"
+SRC_URI[sha256sum] =
"85cd12e9cf1d6d5a45f17f7afe1cebe7ee628d3282281c492e86adf636defa3f"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187008):
https://lists.openembedded.org/g/openembedded-core/message/187008
Mute This Topic: https://lists.openembedded.org/mt/101094626/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][patch 2/4] python3: update 3.11.3 -> 3.11.4
From: Alexander Kanavin
upgrade include fix for CVE-2023-24329
(cherry picked from commit f7f163ebe8c53de4314d04595c1fbcc7af2deccc )
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
Signed-off-by: Chee Yang Lee
---
...1-Don-t-search-system-for-headers-libraries.patch | 2 +-
...y-handle-stdin-I-O-errors-same-way-as-maste.patch | 12 ++--
...nfig.py-use-prefix-value-from-build-configu.patch | 2 +-
.../12-distutils-prefix-is-inside-staging-area.patch | 2 +-
meta/recipes-devtools/python/python3/makerace.patch | 8
.../python/{python3_3.11.3.bb => python3_3.11.4.bb} | 2 +-
6 files changed, 14 insertions(+), 14 deletions(-)
rename meta/recipes-devtools/python/{python3_3.11.3.bb => python3_3.11.4.bb}
(99%)
diff --git
a/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
b/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
index c9253832cf..222a567dd5 100644
---
a/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
+++
b/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch
@@ -1,4 +1,4 @@
-From 6cb667f37beacd832cb409e5244b3c90dfad32f7 Mon Sep 17 00:00:00 2001
+From aa8f1709c54557d2b51a9a37d15ccc3de62e90cb Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman
Date: Wed, 4 Mar 2020 00:06:42 +
Subject: [PATCH] Don't search system for headers/libraries
diff --git
a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
index df5179e877..07c6aef9b9 100644
---
a/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
+++
b/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
@@ -1,4 +1,4 @@
-From 86061629f4a179e740a17e53dd2c98ab47af2fe2 Mon Sep 17 00:00:00 2001
+From 7b0a14e7320078ac891d415cab9b7568e3f52ad8 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin
Date: Thu, 16 Sep 2021 16:35:37 +0200
Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O
@@ -30,18 +30,18 @@ Signed-off-by: Alexander Kanavin
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Lib/pty.py b/Lib/pty.py
-index 8d8ce40..35439c6 100644
+index fefb63a..4cef056 100644
--- a/Lib/pty.py
+++ b/Lib/pty.py
-@@ -154,7 +154,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
- os.write(STDOUT_FILENO, data)
+@@ -184,7 +184,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read):
+ i_buf = i_buf[n:]
- if STDIN_FILENO in rfds:
+ if stdin_avail and STDIN_FILENO in rfds:
-data = stdin_read(STDIN_FILENO)
+try:
+data = stdin_read(STDIN_FILENO)
+except OSError:
+data = b""
if not data:
- fds.remove(STDIN_FILENO)
+ stdin_avail = False
else:
diff --git
a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index d5b7ce2b95..a0f3d72992 100644
---
a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++
b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -1,4 +1,4 @@
-From 4ed481f4928c361970e78f27c4d9be8700af176b Mon Sep 17 00:00:00 2001
+From 512c617bd00b74b30a80dd56a12391de46e2b6cf Mon Sep 17 00:00:00 2001
From: Alexander Kanavin
Date: Fri, 10 Sep 2021 12:28:31 +0200
Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration
diff --git
a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
index 5ee4e4f126..bbdd8b586e 100644
---
a/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
+++
b/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
@@ -1,4 +1,4 @@
-From 4c39252c71d8bca81fdc43753c83a59f8668c619 Mon Sep 17 00:00:00 2001
+From 843574d5a5b0818e83e20f8c0389d567bd4733fb Mon Sep 17 00:00:00 2001
From: Khem Raj
Date: Tue, 14 May 2013 15:00:26 -0700
Subject: [PATCH] python3: Add target and native recipes
diff --git a/meta/recipes-devtools/python/python3/makerace.patch
b/meta/recipes-devtools/python/python3/makerace.patch
index 979fc9dc36..c71c1e15de 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -1,4 +1,4 @@
-From 4f52aaf2a548b3356c6f1369c62b11335dc27464 Mon Sep 17 00:00:00 2001
+From
[OE-core] [dunfell][patch] tiff: CVE-2022-3599.patch also fix CVE-2022-4645 CVE-2023-30774
From: Chee Yang Lee The same patch also fix CVE-2022-4645 CVE-2023-30774 CVE-2022-4645 - https://gitlab.com/libtiff/libtiff/-/issues/277 CVE-2023-30774 - https://gitlab.com/libtiff/libtiff/-/issues/463 Signed-off-by: Chee Yang Lee --- meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch index 9689a99638..b3232d9002 100644 --- a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch @@ -4,7 +4,7 @@ Date: Tue, 30 Aug 2022 16:56:48 +0200 Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ] -CVE: CVE-2022-3599 +CVE: CVE-2022-3599 CVE-2022-4645 CVE-2023-30774 Signed-off-by: Chee Yang Lee Origin: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 -- 2.37.3 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186417): https://lists.openembedded.org/g/openembedded-core/message/186417 Mute This Topic: https://lists.openembedded.org/mt/100865702/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][patch v2] bind: 9.18.11 -> 9.18.17
From: Chee Yang Lee
upgrade also include fix for CVE-2023-2829.
License-Update: removed trailing whitespace from COPYRIGHT
also remove obsolete configuration option epoll and devpoll:
https://github.com/isc-projects/bind9/commit/6b6076c882a00028197b04a827f6cf8e7a5369de
Signed-off-by: Chee Yang Lee
---
v2: add more info in commit message
.../bind/bind-9.18.11/CVE-2023-2828.patch | 197 --
.../bind/bind-9.18.11/CVE-2023-2911.patch | 97 -
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.11 => bind-9.18.17}/bind9 | 0
.../{bind-9.18.11 => bind-9.18.17}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.11.bb => bind_9.18.17.bb} | 8 +-
12 files changed, 3 insertions(+), 299 deletions(-)
delete mode 100644
meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
delete mode 100644
meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.18.17}/bind9
(100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.18.17.bb}
(92%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
b/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
deleted file mode 100644
index ef2d64b16c..00
--- a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From e9d5219fca9f6b819d953990b369d6acfb4e952b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?=
-Date: Tue, 30 May 2023 08:46:17 +0200
-Subject: [PATCH] Improve RBT overmem cache cleaning
-
-When cache memory usage is over the configured cache size (overmem) and
-we are cleaning unused entries, it might not be enough to clean just two
-entries if the entries to be expired are smaller than the newly added
-rdata. This could be abused by an attacker to cause a remote Denial of
-Service by possibly running out of the operating system memory.
-
-Currently, the addrdataset() tries to do a single TTL-based cleaning
-considering the serve-stale TTL and then optionally moves to overmem
-cleaning if we are in that condition. Then the overmem_purge() tries to
-do another single TTL based cleaning from the TTL heap and then continue
-with LRU-based cleaning up to 2 entries cleaned.
-
-Squash the TTL-cleaning mechanism into single call from addrdataset(),
-but ignore the serve-stale TTL if we are currently overmem.
-
-Then instead of having a fixed number of entries to clean, pass the size
-of newly added rdatasetheader to the overmem_purge() function and
-cleanup at least the size of the newly added data. This prevents the
-cache going over the configured memory limit (`max-cache-size`).
-
-Additionally, refactor the overmem_purge() function to reduce for-loop
-nesting for readability.
-
-Patch taken from :
https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch
-
-Upstream-Status: Backport
[https://gitlab.isc.org/isc-projects/bind9/-/commit/e9d5219fca9f6b819d953990b369d6acfb4e952b]
-CVE: CVE-2023-2828
-Signed-off-by: Hitendra Prajapati
- lib/dns/rbtdb.c | 106 +---
- 1 file changed, 65 insertions(+), 41 deletions(-)
-
-diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
-index d1aee54..ba60a49 100644
a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -561,7 +561,7 @@ static void
- expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked,
- expire_t reason);
- static void
--overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_stdtime_t
now,
-+overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, size_t
purgesize,
- bool tree_locked);
- static void
- resign_insert(dns_rbtdb_t *rbtdb, int idx,
[OE-core] [kirkstone][patch] bind: 9.18.11 -> 9.18.17
From: Chee Yang Lee
upgrade also include fix for CVE-2023-2829.
License-Update: removed trailing whitespace from COPYRIGHT
Signed-off-by: Chee Yang Lee
---
.../bind/bind-9.18.11/CVE-2023-2828.patch | 197 --
.../bind/bind-9.18.11/CVE-2023-2911.patch | 97 -
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.11 => bind-9.18.17}/bind9 | 0
.../{bind-9.18.11 => bind-9.18.17}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.11.bb => bind_9.18.17.bb} | 8 +-
12 files changed, 3 insertions(+), 299 deletions(-)
delete mode 100644
meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
delete mode 100644
meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 => bind-9.18.17}/bind9
(100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.11 =>
bind-9.18.17}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.11.bb => bind_9.18.17.bb}
(92%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
b/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
deleted file mode 100644
index ef2d64b16c..00
--- a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2828.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From e9d5219fca9f6b819d953990b369d6acfb4e952b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?=
-Date: Tue, 30 May 2023 08:46:17 +0200
-Subject: [PATCH] Improve RBT overmem cache cleaning
-
-When cache memory usage is over the configured cache size (overmem) and
-we are cleaning unused entries, it might not be enough to clean just two
-entries if the entries to be expired are smaller than the newly added
-rdata. This could be abused by an attacker to cause a remote Denial of
-Service by possibly running out of the operating system memory.
-
-Currently, the addrdataset() tries to do a single TTL-based cleaning
-considering the serve-stale TTL and then optionally moves to overmem
-cleaning if we are in that condition. Then the overmem_purge() tries to
-do another single TTL based cleaning from the TTL heap and then continue
-with LRU-based cleaning up to 2 entries cleaned.
-
-Squash the TTL-cleaning mechanism into single call from addrdataset(),
-but ignore the serve-stale TTL if we are currently overmem.
-
-Then instead of having a fixed number of entries to clean, pass the size
-of newly added rdatasetheader to the overmem_purge() function and
-cleanup at least the size of the newly added data. This prevents the
-cache going over the configured memory limit (`max-cache-size`).
-
-Additionally, refactor the overmem_purge() function to reduce for-loop
-nesting for readability.
-
-Patch taken from :
https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch
-
-Upstream-Status: Backport
[https://gitlab.isc.org/isc-projects/bind9/-/commit/e9d5219fca9f6b819d953990b369d6acfb4e952b]
-CVE: CVE-2023-2828
-Signed-off-by: Hitendra Prajapati
- lib/dns/rbtdb.c | 106 +---
- 1 file changed, 65 insertions(+), 41 deletions(-)
-
-diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
-index d1aee54..ba60a49 100644
a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -561,7 +561,7 @@ static void
- expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked,
- expire_t reason);
- static void
--overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_stdtime_t
now,
-+overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, size_t
purgesize,
- bool tree_locked);
- static void
- resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader);
-@@ -6787,6 +6787,16 @@ cleanup:
-
- static dns_dbmethods_t zone_methods;
-
-+static size_t
-+rdataset_size(rdatasetheader_t *header) {
-+ if
[OE-core] [mickledore][patch 1/2] librsvg: upgrade to 2.54.6
From: Chee Yang Lee
update include fix for CVE-2023-38633.
Signed-off-by: Chee Yang Lee
---
.../librsvg/{librsvg_2.54.5.bb => librsvg_2.54.6.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/librsvg/{librsvg_2.54.5.bb => librsvg_2.54.6.bb}
(97%)
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
b/meta/recipes-gnome/librsvg/librsvg_2.54.6.bb
similarity index 97%
rename from meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
rename to meta/recipes-gnome/librsvg/librsvg_2.54.6.bb
index 59278d1b16..b917b76041 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.54.6.bb
@@ -20,7 +20,7 @@ SRC_URI +=
"file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.pat
file://0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch \
"
-SRC_URI[archive.sha256sum] =
"4f03190f45324d1fa1f52a79dfcded1f64eaf49b3ae2f88eedab0c07617cae6e"
+SRC_URI[archive.sha256sum] =
"0ee6174140b5fc017e19a75c26e8c3324a560bf2c37f7abd3da06bd58542bb03"
# librsvg is still autotools-based, but is calling cargo from its
automake-driven makefiles
# so we cannot use cargo class directly, but still need bits and pieces from
it
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186301):
https://lists.openembedded.org/g/openembedded-core/message/186301
Mute This Topic: https://lists.openembedded.org/mt/100797334/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][patch 2/2] ghostscript: fix CVE-2023-38559
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../ghostscript/CVE-2023-38559.patch | 31 +++
.../ghostscript/ghostscript_10.0.0.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
new file mode 100644
index 00..4ef71cba7b
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
@@ -0,0 +1,31 @@
+CVE: CVE-2023-38559
+Upstream-Status: Backport [
https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=d81b82c70bc1 ]
+Signed-off-by: Lee Chee Yang
+
+From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
+From: Chris Liddell
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
+ devices/gdevpcx.c
+
+Bounds check the buffer, before dereferencing the pointer.
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index 7b14d9c71..6351fb77a 100644
+--- a/base/gdevdevn.c
b/base/gdevdevn.c
+@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end,
int step, gp_file * file
+ byte data = *from;
+
+ from += step;
+-if (data != *from || from == end) {
++if (from >= end || data != *from) {
+ if (data >= 0xc0)
+ gp_fputc(0xc1, file);
+ } else {
+--
+2.34.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
index 9a900ee04f..9e2cd01ff4 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
@@ -36,6 +36,7 @@ SRC_URI_BASE =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://cross-compile.patch \
file://cve-2023-28879.patch \
file://cve-2023-36664.patch \
+file://CVE-2023-38559.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186302):
https://lists.openembedded.org/g/openembedded-core/message/186302
Mute This Topic: https://lists.openembedded.org/mt/100797335/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][patch] librsvg: 2.52.7 -> 2.52.10
From: Chee Yang Lee
upgrade include fix for CVE-2023-38633
Signed-off-by: Chee Yang Lee
---
.../librsvg/{librsvg_2.52.7.bb => librsvg_2.52.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/librsvg/{librsvg_2.52.7.bb => librsvg_2.52.10.bb}
(96%)
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.52.7.bb
b/meta/recipes-gnome/librsvg/librsvg_2.52.10.bb
similarity index 96%
rename from meta/recipes-gnome/librsvg/librsvg_2.52.7.bb
rename to meta/recipes-gnome/librsvg/librsvg_2.52.10.bb
index 78eb93c635..b79e95a04f 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.52.7.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.52.10.bb
@@ -20,7 +20,7 @@ SRC_URI +=
"file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.pat
file://0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch \
"
-SRC_URI[archive.sha256sum] =
"057c1eeeaf85c84e254bdb707459207f5840da5b4d52b4711c03140ed09e6887"
+SRC_URI[archive.sha256sum] =
"6292dfcd6a8e1ce1784e0188914546af1633081d1fae9e22f7cb017e7e84ba8f"
# librsvg is still autotools-based, but is calling cargo from its
automake-driven makefiles
# so we cannot use cargo class directly, but still need bits and pieces from
it
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186300):
https://lists.openembedded.org/g/openembedded-core/message/186300
Mute This Topic: https://lists.openembedded.org/mt/100797130/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [mickledore][patch] curl: fix CVE-2023-32001
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../curl/curl/CVE-2023-32001.patch| 39 +++
meta/recipes-support/curl/curl_8.0.1.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch
b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
new file mode 100644
index 00..c9ca3ae514
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
@@ -0,0 +1,39 @@
+CVE: CVE-2023-32001
+Upstream-Status: Backport
[https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
+Signed-off-by: Lee Chee Yang
+
+
+From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
+From: SaltyMilk
+Date: Mon, 10 Jul 2023 21:43:28 +0200
+Subject: [PATCH] fopen: optimize
+
+Closes #11419
+---
+ lib/fopen.c | 12 ++--
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index c9c9e3d6e73a2..b6e3cadddef65 100644
+--- a/lib/fopen.c
b/lib/fopen.c
+@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char
*filename,
+ int fd = -1;
+ *tempname = NULL;
+
+- if(stat(filename, ) == -1 || !S_ISREG(sb.st_mode)) {
+-/* a non-regular file, fallback to direct fopen() */
+-*fh = fopen(filename, FOPEN_WRITETEXT);
+-if(*fh)
+- return CURLE_OK;
++ *fh = fopen(filename, FOPEN_WRITETEXT);
++ if(!*fh)
+ goto fail;
+- }
++ if(fstat(fileno(*fh), ) == -1 || !S_ISREG(sb.st_mode))
++return CURLE_OK;
++ fclose(*fh);
++ *fh = NULL;
+
+ result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+ if(result)
diff --git a/meta/recipes-support/curl/curl_8.0.1.bb
b/meta/recipes-support/curl/curl_8.0.1.bb
index ecef173df2..bcfe4a6088 100644
--- a/meta/recipes-support/curl/curl_8.0.1.bb
+++ b/meta/recipes-support/curl/curl_8.0.1.bb
@@ -17,6 +17,7 @@ SRC_URI = " \
file://CVE-2023-28319.patch \
file://CVE-2023-28320.patch \
file://CVE-2023-28321.patch \
+file://CVE-2023-32001.patch \
"
SRC_URI[sha256sum] =
"0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186105):
https://lists.openembedded.org/g/openembedded-core/message/186105
Mute This Topic: https://lists.openembedded.org/mt/100771850/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core]mickledore][PATCH 1/1] bind: upgrade 9.18.5 -> 9.18.16
> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Polampalli, Archana via > lists.openembedded.org > Sent: Tuesday, August 8, 2023 1:24 AM > To: openembedded-core@lists.openembedded.org > Cc: hari.gpil...@windriver.com > Subject: [oe-core]mickledore][PATCH 1/1] bind: upgrade 9.18.5 -> 9.18.16 Typo in commit short message/title " 9.18.15 ". There is similar patch in master. https://git.openembedded.org/openembedded-core/commit/?id=77d2fa5ac1f394fba2b8e24f2b6ded6ea6b691b4 > > Remove --enable-epoll and --disable-devpoll configuration option as these > are > removed in bind-9.18.16 > 6b6076c882: Remove obsolete epoll/kqueue/devpoll configure options > Ref: > https://github.com/isc- > projects/bind9/commit/6b6076c882a00028197b04a827f6cf8e7a5369de > > Security fixes: > https://nvd.nist.gov/vuln/detail/CVE-2023-2828 > https://nvd.nist.gov/vuln/detail/CVE-2023-2911 > > Changelog: > https://github.com/isc-projects/bind9/blob/v9.18.16/CHANGES > https://bind9.readthedocs.io/en/v9.18.16/notes.html#notes-for-bind-9-18-16 > > Signed-off-by: Archana Polampalli -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185629): https://lists.openembedded.org/g/openembedded-core/message/185629 Mute This Topic: https://lists.openembedded.org/mt/100604849/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][patch 1/2] sysstat: fix CVE-2023-33204
From: Chee Yang Lee
import patch from debian to fix CVE-2023-33204
http://security.debian.org/debian-security/pool/updates/main/s/sysstat/sysstat_12.0.3-2+deb10u2.debian.tar.xz
upstream patch:
https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
Signed-off-by: Chee Yang Lee
---
.../sysstat/sysstat/CVE-2023-33204.patch | 46 +++
.../sysstat/sysstat_12.2.1.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
new file mode 100644
index 00..9a27945a8b
--- /dev/null
+++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
@@ -0,0 +1,46 @@
+Origin:
https://github.com/opencontainers/runc/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
+Reviewed-by: Sylvain Beucler
+Last-Update: 2023-02-18
+
+From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+
+CVE: CVE-2023-33204
+Upstream-Status: Backport [ upstream:
https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
+debian:
http://security.debian.org/debian-security/pool/updates/main/s/sysstat/sysstat_12.0.3-2+deb10u2.debian.tar.xz
]
+Signed-off-by: Lee Chee Yang
+
+---
+ common.c | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+Index: sysstat-12.0.3/common.c
+===
+--- sysstat-12.0.3.orig/common.c
sysstat-12.0.3/common.c
+@@ -1449,15 +1449,16 @@ int parse_values(char *strargv, unsigned
+ */
+ void check_overflow(size_t val1, size_t val2, size_t val3)
+ {
+- if ((unsigned long long) val1 *
+- (unsigned long long) val2 *
+- (unsigned long long) val3 > UINT_MAX) {
++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++ (((unsigned long long) UINT_MAX / (unsigned long long) val1 <
++(unsigned long long) val2) ||
++ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 *
(unsigned long long) val2) <
++(unsigned long long) val3))) {
+ #ifdef DEBUG
+- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+- __FUNCTION__,
+- (unsigned long long) val1 * (unsigned long long) val2 *
(unsigned long long) val3);
++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u).
Aborting...\n",
++ __FUNCTION__, val1, val2, val3);
+ #endif
+- exit(4);
++ exit(4);
+ }
+ }
+
diff --git a/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
b/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
index 2c0d5c8136..ac7b898db9 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
@@ -4,6 +4,7 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
file://CVE-2022-39377.patch \
+file://CVE-2023-33204.patch \
"
SRC_URI[md5sum] = "9dfff5fac24e35bd92fb7896debf2ffb"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184008):
https://lists.openembedded.org/g/openembedded-core/message/184008
Mute This Topic: https://lists.openembedded.org/mt/14440/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][patch 2/2] python3: upgrade to 3.8.17
From: Chee Yang Lee
License-Update: update year to 2023
https://github.com/python/cpython/commit/30afa75ad8deca57a2bd0218f8fd6b3437c89507
Release Notes for 3.8.15:
Security content in this release
CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which
fixes a heap use-after-free vulnerability in function doContent
gh-97616: a fix for a possible buffer overflow in list *= int
gh-97612: a fix for possible shell injection in the example script
get-remote-certificate.py (this issue originally had a CVE assigned to
it, which its author withdrew)
gh-96577: a fix for a potential buffer overrun in msilib
https://www.python.org/downloads/release/python-3815/
Release Notes for 3.8.16:
Security content in this release
gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680 (heap
use-after-free).
gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 to fix
CVE-2022-37454.
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or
asyncio related name resolution functions no longer involves a quadratic
algorithm to fix CVE-2022-45061. This prevents a potential CPU denial of
service if an out-of-spec excessive length hostname involving
bidirectional characters were decoded. Some protocols such as urllib
http 3xx redirects potentially allow for an attacker to supply such a
name.
gh-68966: The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell commands to address
CVE-2015-20107. Instead of using such text, it will warn and act as if a
match was not found (or for test commands, as if the test failed).
gh-11: python -m http.server no longer allows terminal control
characters sent within a garbage request to be printed to the stderr
server log.
gh-87604: Avoid publishing list of active per-interpreter audit hooks
via the gc module.
https://www.python.org/downloads/release/python-3816/
Release Notes for 3.8.17:
Security content in this release
gh-103142: The version of OpenSSL used in Windows and Mac installers has
been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465,
CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303,
and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and
space characters following the specification for URLs defined by WHATWG
in response to CVE-2023-24329.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for
directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes
produced by http.client.SimpleHTTPRequestHandler.
gh-103935: trace.__main__ now uses io.open_code() for files to be
executed instead of raw open().
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe
when launching with shell=True.
gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that allows limiting
tar features than may be surprising or dangerous, such as creating files
outside the destination directory. See Extraction filters for details.
https://www.python.org/downloads/release/python-3817/
Signed-off-by: Chee Yang Lee
---
.../python/files/CVE-2022-45061.patch | 100 -
.../python/python3/CVE-2022-37454.patch | 105 --
.../{python3_3.8.14.bb => python3_3.8.17.bb} | 8 +-
3 files changed, 3 insertions(+), 210 deletions(-)
delete mode 100644 meta/recipes-devtools/python/files/CVE-2022-45061.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2022-37454.patch
rename meta/recipes-devtools/python/{python3_3.8.14.bb => python3_3.8.17.bb}
(98%)
diff --git a/meta/recipes-devtools/python/files/CVE-2022-45061.patch
b/meta/recipes-devtools/python/files/CVE-2022-45061.patch
deleted file mode 100644
index 647bf59908..00
--- a/meta/recipes-devtools/python/files/CVE-2022-45061.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 064ec20bf7a181ba5fa961aaa12973812aa6ca5d Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-isling...@users.noreply.github.com>
-Date: Mon, 7 Nov 2022 18:57:10 -0800
-Subject: [PATCH] [3.11] gh-98433: Fix quadratic time idna decoding. (GH-99092)
- (GH-99222)
-
-There was an unnecessary quadratic loop in idna decoding. This restores
-the behavior to linear.
-
-(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d)
-
-(cherry picked from commit a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15)
-
-Co-authored-by: Miss Islington (bot)
<31488909+miss-isling...@users.noreply.github.com>
-Co-authored-by: Gregory P. Smith
-
-CVE: CVE-2022-45061
-Upstream-Status: Backport
[https://github.com/python/cpython/pull/99231/commits/064ec20bf7a181ba5fa961aaa12973812aa6ca5d]
-Signed-off-by: Omkar Patil
-
- Lib/encodings/idna.py | 32 +--
- Lib/test/test_codecs.py | 6
-
[OE-core] [mickledore][patch] python3-requests: fix CVE-2023-32681
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../python3-requests/CVE-2023-32681.patch | 61 +++
.../python/python3-requests_2.28.2.bb | 2 +
2 files changed, 63 insertions(+)
create mode 100644
meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch
diff --git a/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch
b/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch
new file mode 100644
index 00..0110615572
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch
@@ -0,0 +1,61 @@
+From 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 Mon Sep 17 00:00:00 2001
+From: Nate Prewitt
+Date: Mon, 22 May 2023 08:08:57 -0700
+Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q
+
+CVE: CVE-2023-32681
+Upstream-Status: Backport
+[https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5]
+Signed-off-by: Lee Chee Yang
+
+---
+ requests/sessions.py | 4 +++-
+ tests/test_requests.py | 20
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/requests/sessions.py b/requests/sessions.py
+index 6cb3b4dae3..dbcf2a7b0e 100644
+--- a/requests/sessions.py
b/requests/sessions.py
+@@ -324,7 +324,9 @@ def rebuild_proxies(self, prepared_request, proxies):
+ except KeyError:
+ username, password = None, None
+
+-if username and password:
++# urllib3 handles proxy authorization for us in the standard adapter.
++# Avoid appending this to TLS tunneled requests where it may be
leaked.
++if not scheme.startswith('https') and username and password:
+ headers["Proxy-Authorization"] = _basic_auth_str(username,
password)
+
+ return new_proxies
+diff --git a/tests/test_requests.py b/tests/test_requests.py
+index b1c8dd4534..b420c44d73 100644
+--- a/tests/test_requests.py
b/tests/test_requests.py
+@@ -647,6 +647,26 @@ def test_proxy_authorization_preserved_on_request(self,
httpbin):
+
+ assert sent_headers.get("Proxy-Authorization") == proxy_auth_value
+
++
++@pytest.mark.parametrize(
++"url,has_proxy_auth",
++(
++('http://example.com', True),
++('https://example.com', False),
++),
++)
++def test_proxy_authorization_not_appended_to_https_request(self, url,
has_proxy_auth):
++session = requests.Session()
++proxies = {
++'http': 'http://test:pass@localhost:8080',
++'https': 'http://test:pass@localhost:8090',
++}
++req = requests.Request('GET', url)
++prep = req.prepare()
++session.rebuild_proxies(prep, proxies)
++
++assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth
++
+ def test_basicauth_with_netrc(self, httpbin):
+ auth = ("user", "pass")
+ wrong_auth = ("wronguser", "wrongpass")
diff --git a/meta/recipes-devtools/python/python3-requests_2.28.2.bb
b/meta/recipes-devtools/python/python3-requests_2.28.2.bb
index 2f397ddaad..b57f71673c 100644
--- a/meta/recipes-devtools/python/python3-requests_2.28.2.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.28.2.bb
@@ -5,6 +5,8 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
SRC_URI[sha256sum] =
"98b1b2782e3c6c4904938b84c0eb932721069dfdb9134313beff7c83c2df24bf"
+SRC_URI += " file://CVE-2023-32681.patch"
+
inherit pypi setuptools3
RDEPENDS:${PN} += " \
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183912):
https://lists.openembedded.org/g/openembedded-core/message/183912
Mute This Topic: https://lists.openembedded.org/mt/99980746/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [langdale][patch] python3-setuptools: fix for CVE-2022-40897
From: Narpat Mali
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote
attackers
to cause a denial of service via HTML in a crafted package or custom
PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in
package_index.py.
CVE: CVE-2022-40897
Upstream-Status: Backport
[https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]
cherry-pick and modify from OE-Core rev:
f574d8d57ff3fbc38e350e7a90913993081c4fdf
Signed-off-by: Narpat Mali
Signed-off-by: Steve Sakoman
Signed-off-by: Chee Yang Lee
---
...-of-whitespace-to-search-backtrack.-.patch | 31 +++
.../python/python3-setuptools_65.0.2.bb | 4 ++-
2 files changed, 34 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
diff --git
a/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
b/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
new file mode 100644
index 00..20a13da7bc
--- /dev/null
+++
b/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
@@ -0,0 +1,31 @@
+From 9e9f617a83f6593b476669030b0347d48e831c3f Mon Sep 17 00:00:00 2001
+From: Narpat Mali
+Date: Mon, 9 Jan 2023 14:45:05 +
+Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
+ #3659.
+
+CVE: CVE-2022-40897
+
+Upstream-Status: Backport
[https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]
+
+Signed-off-by: Narpat Mali
+---
+ setuptools/package_index.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 270e7f3..e93fcc6 100644
+--- a/setuptools/package_index.py
b/setuptools/package_index.py
+@@ -197,7 +197,7 @@ def unique_values(func):
+ return wrapper
+
+
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""",
re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+
+
+--
+2.34.1
+
diff --git a/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
b/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
index 1a639ea333..d7cbb99c9d 100644
--- a/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
@@ -9,7 +9,9 @@ inherit pypi python_setuptools_build_meta
SRC_URI:append:class-native = "
file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
SRC_URI += "file://0001-change-shebang-to-python3.patch \
-
file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
+
file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \
+
file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \
+"
SRC_URI[sha256sum] =
"101bf15ca723beef42c8db91a761f3748d4d697e17fae904db60c0b619d8d094"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178987):
https://lists.openembedded.org/g/openembedded-core/message/178987
Mute This Topic: https://lists.openembedded.org/mt/97800993/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][patch v2] qemu: fix multple CVEs
From: Chee Yang Lee
import patches from ubuntu to fix
CVE-2020-15469
CVE-2020-15859
CVE-2020-17380
CVE-2020-35504
CVE-2020-35505
CVE-2021-3409
CVE-2022-26354
https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security
Combine patches for both CVE-2020-25085 and CVE-2021-3409 also fix
CVE-2020-17380.
so mark CVE-2020-17380 fixed by CVE-2021-3409 patches. CVE-2020-17380 patch
backported since
oecore rev 6b4c58a31ec11e557d40c31f2532985dd53e61eb.
Signed-off-by: Chee Yang Lee
---
v2: patch file included link to both upstream qemu and ubuntu qemu
meta/recipes-devtools/qemu/qemu.inc | 17 +++
.../qemu/qemu/CVE-2020-15469-1.patch | 50 +
.../qemu/qemu/CVE-2020-15469-2.patch | 69
.../qemu/qemu/CVE-2020-15469-3.patch | 49 +
.../qemu/qemu/CVE-2020-15469-4.patch | 53 +
.../qemu/qemu/CVE-2020-15469-5.patch | 53 +
.../qemu/qemu/CVE-2020-15469-6.patch | 61 +++
.../qemu/qemu/CVE-2020-15469-7.patch | 50 +
.../qemu/qemu/CVE-2020-15469-8.patch | 44
.../qemu/qemu/CVE-2020-15859.patch| 39 +++
.../qemu/qemu/CVE-2020-35504.patch| 51 +
.../qemu/qemu/CVE-2020-35505.patch| 42 +++
.../qemu/qemu/CVE-2021-3409-1.patch | 85 +++
.../qemu/qemu/CVE-2021-3409-2.patch | 103 ++
.../qemu/qemu/CVE-2021-3409-3.patch | 71
.../qemu/qemu/CVE-2021-3409-4.patch | 52 +
.../qemu/qemu/CVE-2021-3409-5.patch | 93
.../qemu/qemu/CVE-2022-26354.patch| 57 ++
18 files changed, 1039 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-5.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-7.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-8.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-35504.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-5.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-26354.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 36d0b9320f..ddbe85c9d0 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -116,6 +116,23 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-20196.patch \
file://CVE-2021-3507.patch \
file://CVE-2021-3929.patch \
+ file://CVE-2020-15859.patch \
+ file://CVE-2020-15469-1.patch \
+ file://CVE-2020-15469-2.patch \
+ file://CVE-2020-15469-3.patch \
+ file://CVE-2020-15469-4.patch \
+ file://CVE-2020-15469-5.patch \
+ file://CVE-2020-15469-6.patch \
+ file://CVE-2020-15469-7.patch \
+ file://CVE-2020-15469-8.patch \
+ file://CVE-2020-35504.patch \
+ file://CVE-2020-35505.patch \
+ file://CVE-2022-26354.patch \
+ file://CVE-2021-3409-1.patch \
+ file://CVE-2021-3409-2.patch \
+ file://CVE-2021-3409-3.patch \
+ file://CVE-2021-3409-4.patch \
+ file://CVE-2021-3409-5.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
new file mode 100644
index 00..20f39f0a26
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
@@ -0,0 +1,50 @@
+From 520f26fc6d17b71a43eaf620e834b3bdf316f3d3 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit
+Date: Tue, 11 Aug 2020 17:11:25 +0530
+Subject: [PATCH] hw/pci-host: add pci-intack write method
+
+Add pci-intack mmio write method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun
+Reviewed-by: Li Qiang
+Reviewed-by: Peter Maydell
+Signed-off-by: Prasad J Pandit
+Message-Id: <2020084133.672647-2-ppan...@redhat.com>
+Signed-off-by: Paolo Bonzini
[OE-core] [dunfell][patch 1/3] qemu: fix multple CVEs
From: Chee Yang Lee
import patches from ubuntu to fix
CVE-2020-15469
CVE-2020-15859
CVE-2020-17380
CVE-2020-35504
CVE-2020-35505
CVE-2021-3409
CVE-2022-26354
https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security
Combine patches for both CVE-2020-25085 and CVE-2021-3409 also fix
CVE-2020-17380.
so mark CVE-2020-17380 fixed by CVE-2021-3409 patches. CVE-2020-17380 patch
backported since
oecore rev 6b4c58a31ec11e557d40c31f2532985dd53e61eb.
Signed-off-by: Chee Yang Lee
---
meta/recipes-devtools/qemu/qemu.inc | 17 +++
.../qemu/qemu/CVE-2020-15469-1.patch | 48
.../qemu/qemu/CVE-2020-15469-2.patch | 69
.../qemu/qemu/CVE-2020-15469-3.patch | 49 +
.../qemu/qemu/CVE-2020-15469-4.patch | 53 +
.../qemu/qemu/CVE-2020-15469-5.patch | 53 +
.../qemu/qemu/CVE-2020-15469-6.patch | 61 +++
.../qemu/qemu/CVE-2020-15469-7.patch | 50 +
.../qemu/qemu/CVE-2020-15469-8.patch | 44
.../qemu/qemu/CVE-2020-15859.patch| 39 +++
.../qemu/qemu/CVE-2020-35504.patch| 51 +
.../qemu/qemu/CVE-2020-35505.patch| 42 +++
.../qemu/qemu/CVE-2021-3409-1.patch | 85 +++
.../qemu/qemu/CVE-2021-3409-2.patch | 103 ++
.../qemu/qemu/CVE-2021-3409-3.patch | 71
.../qemu/qemu/CVE-2021-3409-4.patch | 52 +
.../qemu/qemu/CVE-2021-3409-5.patch | 93
.../qemu/qemu/CVE-2022-26354.patch| 57 ++
18 files changed, 1037 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-5.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-7.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15469-8.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-15859.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-35504.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3409-5.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-26354.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 36d0b9320f..ddbe85c9d0 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -116,6 +116,23 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-20196.patch \
file://CVE-2021-3507.patch \
file://CVE-2021-3929.patch \
+ file://CVE-2020-15859.patch \
+ file://CVE-2020-15469-1.patch \
+ file://CVE-2020-15469-2.patch \
+ file://CVE-2020-15469-3.patch \
+ file://CVE-2020-15469-4.patch \
+ file://CVE-2020-15469-5.patch \
+ file://CVE-2020-15469-6.patch \
+ file://CVE-2020-15469-7.patch \
+ file://CVE-2020-15469-8.patch \
+ file://CVE-2020-35504.patch \
+ file://CVE-2020-35505.patch \
+ file://CVE-2022-26354.patch \
+ file://CVE-2021-3409-1.patch \
+ file://CVE-2021-3409-2.patch \
+ file://CVE-2021-3409-3.patch \
+ file://CVE-2021-3409-4.patch \
+ file://CVE-2021-3409-5.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
new file mode 100644
index 00..7728079637
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-1.patch
@@ -0,0 +1,48 @@
+From 520f26fc6d17b71a43eaf620e834b3bdf316f3d3 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit
+Date: Tue, 11 Aug 2020 17:11:25 +0530
+Subject: [PATCH] hw/pci-host: add pci-intack write method
+
+Add pci-intack mmio write method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun
+Reviewed-by: Li Qiang
+Reviewed-by: Peter Maydell
+Signed-off-by: Prasad J Pandit
+Message-Id: <2020084133.672647-2-ppan...@redhat.com>
+Signed-off-by: Paolo Bonzini
+
+CVE: CVE-2020-15469
+Upstream-Status: Backport [import from
[OE-core] [dunfell][patch 3/3] libksba: fix CVE-2022-3515
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../libksba/libksba/CVE-2022-3515.patch | 47 +++
meta/recipes-support/libksba/libksba_1.3.5.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-support/libksba/libksba/CVE-2022-3515.patch
diff --git a/meta/recipes-support/libksba/libksba/CVE-2022-3515.patch
b/meta/recipes-support/libksba/libksba/CVE-2022-3515.patch
new file mode 100644
index 00..ff9f2f9275
--- /dev/null
+++ b/meta/recipes-support/libksba/libksba/CVE-2022-3515.patch
@@ -0,0 +1,47 @@
+From 4b7d9cd4a018898d7714ce06f3faf2626c14582b Mon Sep 17 00:00:00 2001
+From: Werner Koch
+Date: Wed, 5 Oct 2022 14:19:06 +0200
+Subject: [PATCH] Detect a possible overflow directly in the TLV parser.
+
+* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
+used sum.
+--
+
+It is quite common to have checks like
+
+if (ti.nhdr + ti.length >= DIM(tmpbuf))
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+This patch detects possible integer overflows immmediately when
+creating the TI object.
+
+Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
+
+
+Upstream-Status: Backport
[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=patch;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b]
+CVE: CVE-2022-3515
+Signed-off-by: Chee Yang Lee
+---
+ src/ber-help.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/ber-help.c b/src/ber-help.c
+index 81c31ed..56efb6a 100644
+--- a/src/ber-help.c
b/src/ber-help.c
+@@ -182,6 +182,12 @@ _ksba_ber_read_tl (ksba_reader_t reader, struct tag_info
*ti)
+ ti->length = len;
+ }
+
++ if (ti->length > ti->nhdr && (ti->nhdr + ti->length) < ti->length)
++{
++ ti->err_string = "header+length would overflow";
++ return gpg_error (GPG_ERR_EOVERFLOW);
++}
++
+ /* Without this kludge some example certs can't be parsed */
+ if (ti->class == CLASS_UNIVERSAL && !ti->tag)
+ ti->length = 0;
+--
+2.11.0
+
diff --git a/meta/recipes-support/libksba/libksba_1.3.5.bb
b/meta/recipes-support/libksba/libksba_1.3.5.bb
index 841830efa8..5293aa91e1 100644
--- a/meta/recipes-support/libksba/libksba_1.3.5.bb
+++ b/meta/recipes-support/libksba/libksba_1.3.5.bb
@@ -24,6 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html;
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch \
file://CVE-2022-47629.patch \
+ file://CVE-2022-3515.patch \
"
SRC_URI[md5sum] = "8302a3e263a7c630aa7dea7d341f07a2"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178808):
https://lists.openembedded.org/g/openembedded-core/message/178808
Mute This Topic: https://lists.openembedded.org/mt/97727727/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][patch 2/3] ghostscript: add CVE tag for check-stack-limits-after-function-evalution.patch
From: Chee Yang Lee This patch fix CVE-2021-45944. https://nvd.nist.gov/vuln/detail/CVE-2021-45944 Signed-off-by: Chee Yang Lee --- .../check-stack-limits-after-function-evalution.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch index 722bab4ddb..77eec7d158 100644 --- a/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch +++ b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch @@ -14,7 +14,7 @@ stack than are available. To cope, add in stack limit checking to throw an appropriate error when this happens. - +CVE: CVE-2021-45944 Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=7861fcad13c497728189feafb41cd57b5b50ea25] Signed-off-by: Minjae Kim --- -- 2.37.3 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178806): https://lists.openembedded.org/g/openembedded-core/message/178806 Mute This Topic: https://lists.openembedded.org/mt/97727721/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [langdale][patch 3/3] go: upgrade to 1.19.7
From: Chee Yang Lee
upgrade include fix for CVE-2022-41722 CVE-2022-41723 CVE-2022-41724
CVE-2022-41725 CVE-2023-24532
Release notes:
go1.19.5 (released 2023-01-10) includes fixes to the compiler, the
linker, and the crypto/x509, net/http, sync/atomic, and syscall
packages. See the Go 1.19.5 milestone on our issue tracker for details.
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages, as
well as bug fixes to the go command, the linker, the runtime, and the
crypto/x509, net/http, and time packages. See the Go 1.19.6 milestone on
our issue tracker for details.
go1.19.7 (released 2023-03-07) includes a security fix to the
crypto/elliptic package, as well as bug fixes to the linker, the
runtime, and the crypto/x509 and syscall packages. See the Go 1.19.7
milestone on our issue tracker for details.
Signed-off-by: Chee Yang Lee
---
meta/recipes-devtools/go/{go-1.19.4.inc => go-1.19.7.inc} | 2 +-
...{go-binary-native_1.19.4.bb => go-binary-native_1.19.7.bb} | 4 ++--
...o-cross-canadian_1.19.4.bb => go-cross-canadian_1.19.7.bb} | 0
.../go/{go-cross_1.19.4.bb => go-cross_1.19.7.bb} | 0
.../go/{go-crosssdk_1.19.4.bb => go-crosssdk_1.19.7.bb} | 0
.../go/{go-native_1.19.4.bb => go-native_1.19.7.bb} | 0
.../go/{go-runtime_1.19.4.bb => go-runtime_1.19.7.bb} | 0
meta/recipes-devtools/go/{go_1.19.4.bb => go_1.19.7.bb} | 0
8 files changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-devtools/go/{go-1.19.4.inc => go-1.19.7.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.19.4.bb =>
go-binary-native_1.19.7.bb} (84%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.19.4.bb =>
go-cross-canadian_1.19.7.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.19.4.bb => go-cross_1.19.7.bb}
(100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.19.4.bb =>
go-crosssdk_1.19.7.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.19.4.bb => go-native_1.19.7.bb}
(100%)
rename meta/recipes-devtools/go/{go-runtime_1.19.4.bb => go-runtime_1.19.7.bb}
(100%)
rename meta/recipes-devtools/go/{go_1.19.4.bb => go_1.19.7.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.19.4.inc
b/meta/recipes-devtools/go/go-1.19.7.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.19.4.inc
rename to meta/recipes-devtools/go/go-1.19.7.inc
index 49349ba6ec..7d76f34bdf 100644
--- a/meta/recipes-devtools/go/go-1.19.4.inc
+++ b/meta/recipes-devtools/go/go-1.19.7.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://filter-build-paths.patch \
"
-SRC_URI[main.sha256sum] =
"eda74db4ac494800a3e66ee784e495bfbb9b8e535df924a8b01b1a8028b7f368"
+SRC_URI[main.sha256sum] =
"775bdf285ceaba940da8a2fe20122500efd7a0b65dbcee85247854a8d7402633"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.19.4.bb
b/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
similarity index 84%
rename from meta/recipes-devtools/go/go-binary-native_1.19.4.bb
rename to meta/recipes-devtools/go/go-binary-native_1.19.7.bb
index f1208d183a..0e2c8f1b24 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.19.4.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
@@ -9,8 +9,8 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI =
"https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE};
-SRC_URI[go_linux_amd64.sha256sum] =
"c9c08f783325c4cf840a94333159cc937f05f75d36a8b307951d5bd959cf2ab8"
-SRC_URI[go_linux_arm64.sha256sum] =
"9df122d6baf6f2275270306b92af3b09d7973fb1259257e284dba33c0db14f1b"
+SRC_URI[go_linux_amd64.sha256sum] =
"7a75720c9b066ae1750f6bcc7052aba70fa3813f4223199ee2a2315fd3eb533d"
+SRC_URI[go_linux_arm64.sha256sum] =
"071ea7bf386fdd08df524859b878d99fc359e491e7ad65c1c1cc55b67972c882"
UPSTREAM_CHECK_URI = "https://golang.org/dl/;
UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.19.4.bb
b/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.19.4.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.19.4.bb
b/meta/recipes-devtools/go/go-cross_1.19.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.19.4.bb
rename to meta/recipes-devtools/go/go-cross_1.19.7.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.19.4.bb
b/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.19.4.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.19.7.bb
diff --git a/meta/recipes-devtools/go/go-native_1.19.4.bb
b/meta/recipes-devtools/go/go-native_1.19.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-native_1.19.4.bb
rename to
