date:20230926

2023-09-26 Thread Meenali Gupta via lists.openembedded.org

On Tue, Sep 26, 2023 at 7:55 PM Robert Joslyn
 wrote:
>
> On 9/26/23 7:55 AM, Khem Raj wrote:
> > I am seeing a ptest failure on qemx86-64/glibc
> >
> >Failed ptests:
> >{'curl': ['test_1474', 'curl']}
>
> In looking at the test, it is marked as flaky with the comment:
>
> # Because of the timing sensitivity (scheduling delays of 500 msec can cause
> # the test to fail), this test is marked flaky to avoid it being run in
> the CI
> # builds which are often run on overloaded servers.
>
> https://github.com/curl/curl/blob/curl-8_3_0/tests/data/test1474#L21
>
> My server is pretty lightly loaded while running the tests, so that
> could explain why I haven't seen it fail normally. I was able to induce
> a failure by running a very heavy load while running that test on my
> desktop (which is older and slower than my build server). If you'd like,
> I can send a follow up patch to skip tests marked as flaky.
>

another run resulted in yet another failure

  test 0587...
   FAIL: 587: protoc!
   There was no content at all in the file log/2/server.input.
   Server glitch? Total curl failure? Returned: 42

prior to this upgrade my test setup never saw curl failures and it has
same amount of load etc.


> Thanks,
>
> Robert
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188290): 
https://lists.openembedded.org/g/openembedded-core/message/188290
Mute This Topic: https://lists.openembedded.org/mt/101543494/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH V7] tar: add ptest support

2023-09-26 Thread qi...@fujitsu.com

From: Qiu Tingting 

Add a ptest for tar.
- It is taking around 3m to execute with kvm, so added it to PTEST_SLOW.
- It contains 244 cases.
- Below is parts of the run log:
  START: ptest-runner
  2023-09-26T08:37
  BEGIN: /usr/lib/tar/ptest
  ##  ##
  ## GNU tar 1.35 test suite. ##
  ##  ##
  PASS: tar version
  PASS: decompressing from stdin
  ...
  200 tests were successful.
  44 tests were skipped.
  DURATION: 190
  END: /usr/lib/tar/ptest
  2023-09-26T08:40
  STOP: ptest-runner
  TOTAL: 1 FAIL: 0

Signed-off-by: Qiu Tingting 
Signed-off-by: Yan Xinkuan 
---
 .../distro/include/ptest-packagelists.inc |   1 +
 meta/recipes-core/images/core-image-ptest.bb  |   3 +
 .../tar/tar/0001-tests-fix-TESTSUITE_AT.patch | 228 ++
 ...2-tests-check-for-recently-fixed-bug.patch |  60 +
 ...rectory-with-writing-from-an-archive.patch | 112 +
 meta/recipes-extended/tar/tar/run-ptest   |  14 ++
 meta/recipes-extended/tar/tar_1.35.bb |  34 +++
 7 files changed, 452 insertions(+)
 create mode 100644 
meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
 create mode 100644 
meta/recipes-extended/tar/tar/0002-tests-check-for-recently-fixed-bug.patch
 create mode 100644 
meta/recipes-extended/tar/tar/0003-Exclude-VCS-directory-with-writing-from-an-archive.patch
 create mode 100644 meta/recipes-extended/tar/tar/run-ptest

diff --git a/meta/conf/distro/include/ptest-packagelists.inc 
b/meta/conf/distro/include/ptest-packagelists.inc
index 9160103cb0..3df7c9e405 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -109,6 +109,7 @@ PTESTS_SLOW = "\
 python3-cryptography \
 python3 \
 strace \
+tar \
 tcl \
 util-linux \
 valgrind \
diff --git a/meta/recipes-core/images/core-image-ptest.bb 
b/meta/recipes-core/images/core-image-ptest.bb
index b81ab7b7c8..b6f5c2fd60 100644
--- a/meta/recipes-core/images/core-image-ptest.bb
+++ b/meta/recipes-core/images/core-image-ptest.bb
@@ -24,6 +24,9 @@ IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
 
+# tar-ptest in particular needs more space
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-tar = "1524288"
+
 # ptests need more memory than standard to avoid the OOM killer
 QB_MEM = "-m 1024"
 QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096"
diff --git a/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch 
b/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
new file mode 100644
index 00..00caeee767
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
@@ -0,0 +1,228 @@
+From 39849e9d91f477d3fb839f93cd0815d0cb3273e9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert 
+Date: Tue, 18 Jul 2023 09:15:03 -0700
+Subject: tests: fix TESTSUITE_AT
+
+Problem reported by Lukas Javorsky  in:
+https://lists.gnu.org/r/bug-tar/2023-07/msg2.html
+* tests/Makefile.am (TESTSUITE_AT): Add exclude17.at, exclude18.at.
+Remove compress.m4; all uses changed.  Add a comment saying how
+to rederive this.  Sort.
+
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/tar.git/commit/?id=39849e9d91f477d3fb839f93cd0815d0cb3273e9]
+---
+ tests/Makefile.am | 93 ---
+ 1 file changed, 48 insertions(+), 45 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 4a8f501..1884b72 100644
+--- a/tests/Makefile.am
 b/tests/Makefile.am
+@@ -45,21 +45,24 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac
+ ## Test suite.  ##
+ ##  ##
+ 
++# You can generate the body of this macro with the following shell command:
++# LC_ALL=C ls *.at */*.at | sed -e 's/^/ /' -e '$!s/$/\\/'
+ TESTSUITE_AT = \
+- testsuite.at\
+- compress.m4\
+  T-cd.at\
+  T-dir00.at\
+  T-dir01.at\
+  T-empty.at\
++ T-mult.at\
++ T-nest.at\
++ T-nonl.at\
+  T-null.at\
+  T-null2.at\
+  T-rec.at\
+  T-recurse.at\
+  T-zfile.at\
+- T-nonl.at\
+- T-mult.at\
+- T-nest.at\
++ acls01.at\
++ acls02.at\
++ acls03.at\
+  add-file.at\
+  append.at\
+  append01.at\
+@@ -68,14 +71,15 @@ TESTSUITE_AT = \
+  append04.at\
+  append05.at\
+  backup01.at\
+- chtype.at\
+- comprec.at\
+- comperr.at\
++ capabs_raw01.at\
+  checkpoint/defaults.at\
+- checkpoint/interval.at\
+- checkpoint/dot.at\
+  checkpoint/dot-compat.at\
+  checkpoint/dot-int.at\
++ checkpoint/dot.at\
++ checkpoint/interval.at\
++ chtype.at\
++ comperr.at\
++ comprec.at\
+  delete01.at\
+  delete02.at\
+  delete03.at\
+@@ -83,6 +87,8 @@ TESTSUITE_AT = \
+  delete05.at\
+  delete06.at\
+  difflink.at\
++ dirrem01.at\
++ dirrem02.at\
+  exclude.at\
+  exclude01.at\
+  exclude02.at\
+@@ -100,6 +106,8 @@ TESTSUITE_AT = \
+  exclude14.at\
+  exclude15.at\
+  exclude16.at\
++ exclude17.at\
++ exclude18.at\
+  extrac01.at\
+

[oe-core][kirkstone][PATCH 1/1] ruby: fix CVE-2023-36617

Backport two patches [1] [2] to fix CVE-2023-36617

Signed-off-by: Meenali Gupta 
---
 .../ruby/ruby/CVE-2023-36617_1.patch  | 52 +++
 .../ruby/ruby/CVE-2023-36617_2.patch  | 47 +
 meta/recipes-devtools/ruby/ruby_3.1.3.bb  |  2 +
 3 files changed, 101 insertions(+)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch 
b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
new file mode 100644
index 00..57a15d302e
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
@@ -0,0 +1,52 @@
+From 9c2eb12776c1b5df2517a7e618e5fe818cc3395e Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada 
+Date: Thu, 27 Jul 2023 15:53:01 +0800
+Subject: [PATCH] ruby: Fix quadratic backtracking on invalid relative URI
+
+Upstream-Status: Backport 
[https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1]
+CVE: CVE-2023-36617
+
+Signed-off-by: Meenali Gupta 
+---
+ lib/uri/rfc2396_parser.rb |  4 ++--
+ test/uri/test_parser.rb   | 12 
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
+index 76a8f99..00c66cf 100644
+--- a/lib/uri/rfc2396_parser.rb
 b/lib/uri/rfc2396_parser.rb
+@@ -497,8 +497,8 @@ module URI
+   ret = {}
+
+   # for URI::split
+-  ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', 
Regexp::EXTENDED)
+-  ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', 
Regexp::EXTENDED)
++  ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', 
Regexp::EXTENDED)
++  ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', 
Regexp::EXTENDED)
+
+   # for URI::extract
+   ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
+diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
+index 03de137..01ed32a 100644
+--- a/test/uri/test_parser.rb
 b/test/uri/test_parser.rb
+@@ -63,4 +63,16 @@ class URI::TestParser < Test::Unit::TestCase
+ assert_equal("\u3042", 
p1.unescape('%e3%81%82'.force_encoding(Encoding::US_ASCII)))
+ assert_equal("\xe3\x83\x90\xe3\x83\x90", 
p1.unescape("\xe3\x83\x90%e3%83%90"))
+   end
++
++  def test_rfc2822_parse_relative_uri
++pre = ->(length) {
++  " " * length + "\0"
++}
++parser = URI::RFC2396_Parser.new
++assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri|
++  assert_raise(URI::InvalidURIError) do
++parser.split(uri)
++  end
++end
++  end
+ end
+--
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch 
b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
new file mode 100644
index 00..ff558183b6
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
@@ -0,0 +1,47 @@
+From eea5868120509c245216c4b5c2d4b5db1c593d0e Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada 
+Date: Thu, 27 Jul 2023 16:16:30 +0800
+Subject: [PATCH] ruby: Fix quadratic backtracking on invalid port number
+
+Upstream-Status: Backport 
[https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8]
+CVE: CVE-2023-36617
+Signed-off-by: Meenali Gupta 
+---
+ lib/uri/rfc3986_parser.rb |  2 +-
+ test/uri/test_parser.rb   | 10 ++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
+index 3c89311..cde3ea7 100644
+--- a/lib/uri/rfc3986_parser.rb
 b/lib/uri/rfc3986_parser.rb
+@@ -101,7 +101,7 @@ module URI
+ QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
+ FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
+ OPAQUE: /\A(?:[^\/].*)?\z/,
+-PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
++PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
+   }
+ end
+
+diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
+index 01ed32a..81c2210 100644
+--- a/test/uri/test_parser.rb
 b/test/uri/test_parser.rb
+@@ -75,4 +75,14 @@ class URI::TestParser < Test::Unit::TestCase
+   end
+ end
+   end
++
++  def test_rfc3986_port_check
++pre = ->(length) {"\t" * length + "a"}
++uri = URI.parse("http://my.example.com;)
++assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port|
++  assert_raise(URI::InvalidComponentError) do
++uri.port = port
++  end
++end
++  end
+ end
+--
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb 
b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 72030508dd..228a2204db 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -31,6 +31,8 @@ SRC_URI = 
"http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch 
\

Re: [OE-core] [PATCH v2] curl: Update from 8.2.1 to 8.3.0

2023-09-26 Thread Robert Joslyn via lists.openembedded.org


On 9/26/23 7:55 AM, Khem Raj wrote:

I am seeing a ptest failure on qemx86-64/glibc

   Failed ptests:
   {'curl': ['test_1474', 'curl']}


In looking at the test, it is marked as flaky with the comment:

# Because of the timing sensitivity (scheduling delays of 500 msec can cause
# the test to fail), this test is marked flaky to avoid it being run in 
the CI

# builds which are often run on overloaded servers.

https://github.com/curl/curl/blob/curl-8_3_0/tests/data/test1474#L21

My server is pretty lightly loaded while running the tests, so that 
could explain why I haven't seen it fail normally. I was able to induce 
a failure by running a very heavy load while running that test on my 
desktop (which is older and slower than my build server). If you'd like, 
I can send a follow up patch to skip tests marked as flaky.


Thanks,

Robert


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188287): 
https://lists.openembedded.org/g/openembedded-core/message/188287
Mute This Topic: https://lists.openembedded.org/mt/101543494/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH v3] libwebp: Fix CVE-2023-5129

Add patch from libwebp 1.2.4 to fix CVE-2023-5129

Signed-off-by: Colin McAllister 
---
 .../webp/files/CVE-2023-5129.patch| 364 ++
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |   1 +
 2 files changed, 365 insertions(+)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..401fa370d4
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 383b8b4eb6780d855e8a8177fbce96ab39dba6a5 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto

[OE-core] [dunfell][PATCH v3] libwebp: Fix CVE-2023-5129

Add patch from libwebp 1.1.0 to fix CVE-2023-5129.

Signed-off-by: Colin McAllister 
---
 .../webp/files/CVE-2023-5129.patch| 364 ++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |   1 +
 2 files changed, 365 insertions(+)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..49eca4de5e
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 12b11893edf6c201710ebeee7c84743a8573fad6 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 93615d4e..0d38314d 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto

[OE-core] [kirkstone][PATCH v2] libwebp: Fix CVE-2024-5129

Add patch from libwebp 1.2.4 to fix CVE-2023-5129

Signed-off-by: Colin McAllister 
---
 .../webp/files/CVE-2023-5129.patch| 364 ++
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |   1 +
 2 files changed, 365 insertions(+)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..401fa370d4
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 383b8b4eb6780d855e8a8177fbce96ab39dba6a5 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto

[OE-core] [mickledore][PATCH] libwebp: Fix CVE-2023-5129

2023-09-26 Thread Colin McAllister via lists.openembedded.org

Add patch for Libwebp 1.3.1 to fix CVE-2023-5129.

Signed-off-by: Colin McAllister 
---
 .../webp/files/CVE-2023-5129.patch| 364 ++
 meta/recipes-multimedia/webp/libwebp_1.3.1.bb |   4 +-
 2 files changed, 367 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..930b2ae459
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 6c928321f47ba69022cd4d814433f365dea63478 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index c0ea0181..7995313f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ =

Re: [OE-core] [PATCH] libwebp: upgrade 1.3.1 -> 1.3.2

I must not have gotten enough sleep last night. Please disregard this change.

From: openembedded-core@lists.openembedded.org 
 on behalf of Colin McAllister via 
lists.openembedded.org 
Sent: Tuesday, September 26, 2023 16:38
To: openembedded-core@lists.openembedded.org 

Cc: McAllister, Colin 
Subject: [OE-core] [PATCH] libwebp: upgrade 1.3.1 -> 1.3.2

CAUTION - EXTERNAL EMAIL: Do not click any links or open any attachments unless 
you trust the sender and know the content is safe.


Upgrades libwebp to the latest version to fix CVE-2023-5129.

Change-Id: I061fcda90c7720bc41a575551b399a6f36dfd534
---
 .../webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb}   | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename meta/recipes-multimedia/webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb} 
(100%)

diff --git a/meta/recipes-multimedia/webp/libwebp_1.3.1.bb 
b/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
similarity index 100%
rename from meta/recipes-multimedia/webp/libwebp_1.3.1.bb
rename to meta/recipes-multimedia/webp/libwebp_1.3.2.bb
--
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188282): 
https://lists.openembedded.org/g/openembedded-core/message/188282
Mute This Topic: https://lists.openembedded.org/mt/101606036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] createrepo-c: Fix function declaration bug found with clang

2023-09-26 Thread Colin McAllister via lists.openembedded.org

clang is stricter about function parameter types in its functions and
errors out.

error: incompatible integer to pointer conversion initializing 'gchar *' (aka 
'char *')

Real problem is in createrepo_c code where funciton definition and
declaration scopes are different

Signed-off-by: Khem Raj 
---
 ...s_groupfile-outside-WITH_LIBMODULEMD.patch | 46 +++
 .../createrepo-c/createrepo-c_1.0.0.bb|  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 
meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch

diff --git 
a/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch
 
b/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch
new file mode 100644
index 000..ea768e06e62
--- /dev/null
+++ 
b/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch
@@ -0,0 +1,46 @@
+From 5326969acc0c7e9e3cabca202154e4120c0d2c2f Mon Sep 17 00:00:00 2001
+From: Khem Raj 
+Date: Tue, 26 Sep 2023 14:52:11 -0700
+Subject: [PATCH] Move cr_compress_groupfile outside WITH_LIBMODULEMD
+
+This function is used in code which is not conditional under WITH_LIBMODULEMD
+therefore the declaration should also match its definition scope
+
+Fixes build issues flagged by clang
+
+src/createrepo_c.c:850:16: error: incompatible integer to pointer conversion 
initializing 'gchar *' (aka 'char *') with an
+ expression of type 'int' [-Wint-conversion]
+|   850 | gchar *compressed_path = 
cr_compress_groupfile(cmd_options->groupfile_fullpath, tmp_out_repo, 
compression);
+|   |^ 
~
+
+Upstream-Status: Submitted 
[https://github.com/rpm-software-management/createrepo_c/pull/387]
+Signed-off-by: Khem Raj 
+---
+ src/metadata_internal.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/metadata_internal.h b/src/metadata_internal.h
+index 8ba0576..ecfbac2 100644
+--- a/src/metadata_internal.h
 b/src/metadata_internal.h
+@@ -52,14 +52,14 @@ cr_metadata_load_modulemd(ModulemdModuleIndex 
**moduleindex,
+  * @param dest_dir  Path to directory where the compressed groupfile 
should be stored.
+  * @return  Path to the new compressed groupfile. Has to be freed 
by the caller.
+  */
++
++#endif /* WITH_LIBMODULEMD */
++
+ gchar *
+ cr_compress_groupfile(const char *groupfile,
+   const char *dest_dir,
+   cr_CompressionType compression);
+ 
+-
+-#endif /* WITH_LIBMODULEMD */
+-
+ #ifdef __cplusplus
+ }
+ #endif
+-- 
+2.42.0
+
diff --git a/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb 
b/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb
index 9b109327c8f..f4e65492f87 100644
--- a/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb
+++ b/meta/recipes-devtools/createrepo-c/createrepo-c_1.0.0.bb
@@ -8,6 +8,7 @@ SRC_URI = 
"git://github.com/rpm-software-management/createrepo_c;branch=master;p
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
file://0001-include-rpm-rpmstring.h.patch \
file://time64fix.patch \
+   
file://0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch \
"
 
 SRCREV = "0cc13920991b2fb8f87fb9d352bd3394c2983289"
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188281): 
https://lists.openembedded.org/g/openembedded-core/message/188281
Mute This Topic: https://lists.openembedded.org/mt/101606379/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [nanbield][PATCH] libwebp: Fix CVE-2023-5129

Add patch from libwebp 1.3.1 branch to fix CVE-2023-5129.
---
 .../webp/files/CVE-2023-5129.patch| 361 ++
 meta/recipes-multimedia/webp/libwebp_1.3.1.bb |   4 +-
 2 files changed, 364 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..c9dffee313
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,361 @@
+From c61154f0bf1ff2ddb63e910f0ddbbfadc5ffccbd Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index c0ea0181..7995313f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto Error;
+   }
+ 
+-  huffman_table = huffman_tables;
+   for (i = 0; i <

Re: [OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129

2023-09-26 Thread Colin McAllister via lists.openembedded.org

Hi Ross,

Sure thing. I just sent up a patch that upgrades master to Libwebp 1.3.2, which 
contains the fix for the CVE.

I will also send up a patch for Nanbield to ensure all non-EOL branches are 
patched.

Regards,
Colin

From: Ross Burton 
Sent: Tuesday, September 26, 2023 16:02
To: McAllister, Colin 
Cc: openembedded-core@lists.openembedded.org 

Subject: Re: [OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129

CAUTION - EXTERNAL EMAIL: Do not click any links or open any attachments unless 
you trust the sender and know the content is safe.


Can we also get a fix for master?  It’s bad form to fix a CVE in the stable 
branches without also fixing master, otherwise it’s possible that security 
issues appear when you upgrade.

Ross

> On 26 Sep 2023, at 21:02, Colin McAllister via lists.openembedded.org 
>  wrote:
>
> Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.
> ---
> .../webp/files/CVE-2023-5129.patch| 362 ++
> 1 file changed, 362 insertions(+)
> create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
>
> diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
> b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> new file mode 100644
> index 00..f27d773c64
> --- /dev/null
> +++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> @@ -0,0 +1,362 @@
> +From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
> +From: Vincent Rabaud 
> +Date: Thu, 7 Sep 2023 21:16:03 +0200
> +Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
> +
> +First, BuildHuffmanTable is called to check if the data is valid.
> +If it is and the table is not big enough, more memory is allocated.
> +
> +This will make sure that valid (but unoptimized because of unbalanced
> +codes) streams are still decodable.
> +
> +Bug: chromium:1479274
> +Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
> +(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
> +(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
> +---
> + src/dec/vp8l_dec.c| 46 ++-
> + src/dec/vp8li_dec.h   |  2 +-
> + src/utils/huffman_utils.c | 97 +++
> + src/utils/huffman_utils.h | 27 +--
> + 4 files changed, 129 insertions(+), 43 deletions(-)
> +
> +diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
> +index 13480551..186b0b2f 100644
> +--- a/src/dec/vp8l_dec.c
>  b/src/dec/vp8l_dec.c
> +@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
> +   int symbol;
> +   int max_symbol;
> +   int prev_code_len = DEFAULT_CODE_LENGTH;
> +-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
> ++  HuffmanTables tables;
> +
> +-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
> +- code_length_code_lengths,
> +- NUM_CODE_LENGTH_CODES)) {
> ++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
> ++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
> ++ code_length_code_lengths, 
> NUM_CODE_LENGTH_CODES)) {
> + goto End;
> +   }
> +
> +@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
> + int code_len;
> + if (max_symbol-- == 0) break;
> + VP8LFillBitWindow(br);
> +-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
> ++p = _segment->start[VP8LPrefetchBits(br) & 
> LENGTHS_TABLE_MASK];
> + VP8LSetBitPos(br, br->bit_pos_ + p->bits);
> + code_len = p->value;
> + if (code_len < kCodeLengthLiterals) {
> +@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
> +   ok = 1;
> +
> +  End:
> ++  VP8LHuffmanTablesDeallocate();
> +   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
> +   return ok;
> + }
> +@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
> + // 'code_lengths' is pre-allocated temporary buffer, used for creating 
> Huffman
> + // tree.
> + static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
> +-   int* const code_lengths, HuffmanCode* const 
> table) {
> ++   int* const code_lengths,
> ++   HuffmanTables* const table) {
> +   int ok = 0;
> +   int size = 0;
> +   VP8LBitReader* const br = >br_;
> +@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
> xsize, int ysize,
> +   VP8LMetadata* const hdr = >hdr_;
> +   uint32_t* huffman_image = NULL;
> +   HTreeGroup* htree_groups = NULL;
> +-  HuffmanCode* huffman_tables = NULL;
> +-  HuffmanCode* huffman_table = NULL;
> ++  HuffmanTables* huffman_tables = >huffman_tables_;
> +   int num_htree_groups = 1;
> +   int num_htree_groups_max = 1;
> +   int max_alphabet_size = 0;
> +@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
> xsize, int ysize,
> +   int* mapping = NULL;
> +   int ok = 0;
> +
> ++  // Check the table has been 0 initialized (through InitMetadata).
> ++

[OE-core][mickledore 10/10] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig

From: Jaeyoon Jung 

Variable overrides in KCONFIG_CONFIG_COMMAND do not work as expected due
to double quote mismatches. The issue is reproducible in an environment
where gold is the default linker. Below is an example snippet of
run.do_terminal generated by do_menuconfig.

do_terminal() {
exec sh -c "make menuconfig   CC="aarch64-webos-linux-gcc ..."
LD="aarch64-webos-linux-ld.bfd ..."
...
}

Although LD override is set to bfd correctly, it is not passed to make
and make menuconfig ends up with messages like:
| gold linker is not supported as it is not capable of linking the kernel 
proper.
| scripts/Kconfig.include:56: Sorry, this linker is not supported.

(From OE-Core rev: 9c483765db762dbe8020423c8778518612b7e5f7)

Signed-off-by: Jaeyoon Jung 
Signed-off-by: Richard Purdie 
(cherry picked from commit d4664d2b7974354e73d891762ebb2c8a12d62438)
Signed-off-by: Yoann Congal 
Signed-off-by: Steve Sakoman 
---
 meta/classes-recipe/cml1.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/cml1.bbclass b/meta/classes-recipe/cml1.bbclass
index a09a042c3f..73c22f81d6 100644
--- a/meta/classes-recipe/cml1.bbclass
+++ b/meta/classes-recipe/cml1.bbclass
@@ -53,7 +53,7 @@ python do_menuconfig() {
 # ensure that environment variables are overwritten with this tasks 'd' 
values
 d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH 
PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR")
 
-oe_terminal("sh -c \"make %s; if [ \\$? -ne 0 ]; then echo 'Command 
failed.'; printf 'Press any key to continue... '; read r; fi\"" % 
d.getVar('KCONFIG_CONFIG_COMMAND'),
+oe_terminal("sh -c 'make %s; if [ \\$? -ne 0 ]; then echo \"Command 
failed.\"; printf \"Press any key to continue... \"; read r; fi'" % 
d.getVar('KCONFIG_CONFIG_COMMAND'),
 d.getVar('PN') + ' Configuration', d)
 
 # FIXME this check can be removed when the minimum bitbake version has 
been bumped
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188278): 
https://lists.openembedded.org/g/openembedded-core/message/188278
Mute This Topic: https://lists.openembedded.org/mt/101606107/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 09/10] gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation

From: Chen Qi 

The gcc_multilib_setup function is a function that is run at the
do_configure step, so it's counted into the signature computation.
The MULTILIB_VARIANTS this function uses is also extracted to be
taken into consideration. After the change of setting MULTILIB_VARIANTS
explictly vardeps on MULTILIBS, the change of MULTILIBS changes the
signature, thus causing rebuilding. However, in case of gcc-crosssdk,
the setting of multilib should have no effect on it, as it's used
to build nativesdk packages, not the target packages. So ignore
MULTILIB_VARIANTS in signature computation. This fixes oe-selftest
case sstatetests.SStateHashSameSigs2.test_sstate_nativesdk_samesigs_multilib.

(From OE-Core rev: 537c71162a711dec32a63a657c4b101269a3e267)

Signed-off-by: Chen Qi 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/gcc/gcc-crosssdk.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk.inc 
b/meta/recipes-devtools/gcc/gcc-crosssdk.inc
index bd2e71d63f..74c4537f4f 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk.inc
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk.inc
@@ -10,3 +10,5 @@ GCCMULTILIB = "--disable-multilib"
 
 DEPENDS = "virtual/${TARGET_PREFIX}binutils-crosssdk gettext-native 
${NATIVEDEPS}"
 PROVIDES = "virtual/${TARGET_PREFIX}gcc-crosssdk 
virtual/${TARGET_PREFIX}g++-crosssdk"
+
+gcc_multilib_setup[vardepsexclude] = "MULTILIB_VARIANTS"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188277): 
https://lists.openembedded.org/g/openembedded-core/message/188277
Mute This Topic: https://lists.openembedded.org/mt/101606106/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 08/10] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS

From: Chen Qi 

This patch is to ensure recipes get rebuilt correctly and avoid
incorrect sstate cache reuse when toggling multilib.

The following steps show one example of such incorrect sstate cache reuse.
1. enable multilib && bitbake  -c populate_sdk
2. disable multilib && bitbake  -c populate_sdk

The error message is as below:
Error:
 Problem: conflicting requests
   - nothing provides binutils-cross-canadian-i686 needed by 
packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
   - nothing provides gcc-cross-canadian-i686 needed by 
packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
   - nothing provides gdb-cross-canadian-i686 needed by 
packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
 (try to add '--skip-broken' to skip uninstallable packages)

We get this error because packagegroup-cross-canadian recipe is
not rebuilt when it should be.

Current codes have tracked the dependency to MULTILIB_VARIANTS, as
shown in the following chain:
RDEPENDS:packagegroup-cross-canadian-intel-x86-64 ->
all_multilib_tune_values -> MULTILIB_VARIANTS.

However, MULTILIB_VARIANTS cannot automatically depend on MULTILIBS.
See some results from 'bitbake-dumpsigs' below:
List of dependencies for variable MULTILIB_VARIANTS is ['extend_variants']
Variable MULTILIB_VARIANTS value is 
${@extend_variants(d,'MULTILIBS','multilib')}

It's obvious that the value of MULTILIB_VARIANTS depend on the
value of MULTILIBS, so let's set this dependency manually.

(From OE-Core rev: 9f47d8eb51816d16078a23c0cef4d697555f913f)

Signed-off-by: Chen Qi 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
Signed-off-by: Steve Sakoman 
---
 meta/conf/multilib.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf
index 7f3b9463ef..ef3605a73d 100644
--- a/meta/conf/multilib.conf
+++ b/meta/conf/multilib.conf
@@ -2,6 +2,7 @@
 baselib = "${@d.getVar('BASE_LIB:tune-' + (d.getVar('DEFAULTTUNE') or 
'INVALID')) or d.getVar('BASELIB')}"
 
 MULTILIB_VARIANTS = "${@extend_variants(d,'MULTILIBS','multilib')}"
+MULTILIB_VARIANTS[vardeps] += "MULTILIBS"
 MULTILIB_SAVE_VARNAME = "DEFAULTTUNE TARGET_ARCH TARGET_SYS TARGET_VENDOR"
 
 MULTILIBS ??= "multilib:lib32"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188276): 
https://lists.openembedded.org/g/openembedded-core/message/188276
Mute This Topic: https://lists.openembedded.org/mt/101606104/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 07/10] ffmpeg: 5.1.2 -> 5.1.3

From: Lee Chee Yang 

drop patch which is already part of 5.1.3.

0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1eb002596e3761d88de4aeea3158692b82fb6307

0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/293dc39bcaa99f213c6b7a703e11f146abf5d3be

ffmpeg-fix-vulkan.patch :  
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/7268323193d55365f914de39fadd5dbdb1f68976

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 ...c-stop-accessing-out-of-bounds-frame.patch |  89 ---
 ...c-stop-accessing-out-of-bounds-frame.patch | 108 --
 .../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch |  34 --
 .../{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb}  |   5 +-
 4 files changed, 1 insertion(+), 235 deletions(-)
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} 
(96%)

diff --git 
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
 
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
deleted file mode 100644
index 2775a81cc8..00
--- 
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
-From: Paul B Mahol 
-Date: Sat, 12 Nov 2022 16:12:00 +0100
-Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
-
-Upstream-Status: Backport 
[https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
-
-Signed-off-by: 
-

- libavcodec/rpzaenc.c | 22 +++---
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
-index d710eb4f82..4ced9523e2 100644
 a/libavcodec/rpzaenc.c
-+++ b/libavcodec/rpzaenc.c
-@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, 
const uint16_t *block_pt
- 
- // loop thru and compare pixels
- for (y = 0; y < bi->block_height; y++) {
--for (x = 0; x < bi->block_width; x++){
-+for (x = 0; x < bi->block_width; x++) {
- // TODO:  optimize
- min_r = FFMIN(R(block_ptr[x]), min_r);
- min_g = FFMIN(G(block_ptr[x]), min_g);
-@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const 
BlockInfo *bi,
- return -1;
- 
- for (i = 0; i < bi->block_height; i++) {
--for (j = 0; j < bi->block_width; j++){
-+for (j = 0; j < bi->block_width; j++) {
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
- sumx += x;
-@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t 
*block_ptr, const BlockInfo *bi
- int max_err = 0;
- 
- for (i = 0; i < bi->block_height; i++) {
--for (j = 0; j < bi->block_width; j++){
-+for (j = 0; j < bi->block_width; j++) {
- int x_inc, lin_y, lin_x;
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
-@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t 
*src_pixels,
-uint16_t *dest_pixels,
-const BlockInfo *bi, int block_counter)
- {
--for (int y = 0; y < 4; y++) {
-+const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
-+
-+for (int y = 0; y < y_size; y++) {
- memcpy(dest_pixels, src_pixels, 8);
- dest_pixels += bi->rowstride;
- src_pixels += bi->rowstride;
-@@ -730,14 +732,15 @@ post_skip :
- 
- if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
- uint16_t *row_ptr;
--int rgb555;
-+int y_size, rgb555;
- 
- block_offset = get_block_info(, block_counter);
- 
- row_ptr = _pixels[block_offset];
-+y_size = FFMIN(4, bi.image_height - bi.row * 4);
- 
--for (int y = 0; y < 4; y++) {
--for (int x = 0; x < 4; x++){
-+for (int y = 0; y < y_size; y++) {
-+for (int x = 0; x < 4; x++) {
- rgb555 = row_ptr[x] & ~0x8000;
- 
- put_bits(>pb, 16, rgb555);
-@@ -745,6 +748,11 @@ post_skip :
- row_ptr += bi.rowstride;
- }
- 
-+for (int y = y_size; y < 4; y++) {
-+for (int x = 0; x < 4; x++)
-+

[OE-core][mickledore 06/10] bind: update to 9.18.19

From: Lee Chee Yang 

release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19

Security Fixes

Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)

ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]

A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)

ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]

Removed Features

The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]

Feature Changes

If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]

Bug Fixes

The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]

This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.

The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL

This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.

Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]

This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.

The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]

The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]

BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]

Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]

Known Issues

There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 .../bind/{bind_9.18.18.bb => bind_9.18.19.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.18.bb => bind_9.18.19.bb} 
(97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.18.18.bb 
b/meta/recipes-connectivity/bind/bind_9.18.19.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.18.bb
rename to meta/recipes-connectivity/bind/bind_9.18.19.bb
index b9579ab52a..6936c1c6ad 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.18.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.19.bb
@@ -20,7 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
 
-SRC_URI[sha256sum] = 
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
+SRC_URI[sha256sum] = 
"115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # follow the ESV versions divisible by 2
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188274): 
https://lists.openembedded.org/g/openembedded-core/message/188274
Mute This Topic: https://lists.openembedded.org/mt/101606101/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 02/10] linux-yocto: update CVE exclusions

From: Ross Burton 

Signed-off-by: Ross Burton 
Signed-off-by: Steve Sakoman 
---
 .../linux/cve-exclusion_6.1.inc   | 157 ++
 1 file changed, 123 insertions(+), 34 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc 
b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 4e809940db..1656ffc8b5 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-25 16:54:59.886795 for version 6.1.38"
+# Generated at 2023-09-23 10:45:45.248445 for version 6.1.46
 
 python check_kernel_cve_status_version() {
-this_version = "6.1.38"
+this_version = "6.1.46"
 kernel_version = d.getVar("LINUX_VERSION")
 if kernel_version != this_version:
 bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -4839,6 +4839,8 @@ CVE_CHECK_IGNORE += "CVE-2020-27194"
 # fixed-version: Fixed after version 5.6rc4
 CVE_CHECK_IGNORE += "CVE-2020-2732"
 
+# CVE-2020-27418 has no known resolution
+
 # fixed-version: Fixed after version 5.10rc1
 CVE_CHECK_IGNORE += "CVE-2020-27673"
 
@@ -6464,7 +6466,8 @@ CVE_CHECK_IGNORE += "CVE-2022-40768"
 # fixed-version: Fixed after version 6.0rc4
 CVE_CHECK_IGNORE += "CVE-2022-4095"
 
-# CVE-2022-40982 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2022-40982"
 
 # cpe-stable-backport: Backported in 6.1.4
 CVE_CHECK_IGNORE += "CVE-2022-41218"
@@ -6546,9 +6549,9 @@ CVE_CHECK_IGNORE += "CVE-2022-4382"
 # fixed-version: Fixed after version 6.1rc1
 CVE_CHECK_IGNORE += "CVE-2022-43945"
 
-# CVE-2022-44032 has no known resolution
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44033 has no known resolution
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-44034 has no known resolution
 
@@ -6561,13 +6564,16 @@ CVE_CHECK_IGNORE += "CVE-2022-45869"
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45886"
 
-# CVE-2022-45887 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45887"
 
 # CVE-2022-45888 needs backporting (fixed from 6.2rc1)
 
-# CVE-2022-45919 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45919"
 
 # fixed-version: Fixed after version 6.1
 CVE_CHECK_IGNORE += "CVE-2022-45934"
@@ -6629,7 +6635,8 @@ CVE_CHECK_IGNORE += "CVE-2022-48424"
 # cpe-stable-backport: Backported in 6.1.33
 CVE_CHECK_IGNORE += "CVE-2022-48425"
 
-# CVE-2022-48502 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2022-48502"
 
 # fixed-version: Fixed after version 5.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-0030"
@@ -6643,7 +6650,8 @@ CVE_CHECK_IGNORE += "CVE-2023-0047"
 # fixed-version: Fixed after version 6.0rc4
 CVE_CHECK_IGNORE += "CVE-2023-0122"
 
-# CVE-2023-0160 has no known resolution
+# cpe-stable-backport: Backported in 6.1.28
+CVE_CHECK_IGNORE += "CVE-2023-0160"
 
 # cpe-stable-backport: Backported in 6.1.7
 CVE_CHECK_IGNORE += "CVE-2023-0179"
@@ -6726,7 +6734,8 @@ CVE_CHECK_IGNORE += "CVE-2023-1192"
 # fixed-version: Fixed after version 6.1rc3
 CVE_CHECK_IGNORE += "CVE-2023-1195"
 
-# CVE-2023-1206 needs backporting (fixed from 6.1.43)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-1206"
 
 # fixed-version: Fixed after version 5.18rc1
 CVE_CHECK_IGNORE += "CVE-2023-1249"
@@ -6809,11 +6818,14 @@ CVE_CHECK_IGNORE += "CVE-2023-2008"
 # fixed-version: Fixed after version 6.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-2019"
 
-# CVE-2023-20569 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2023-20569"
 
-# CVE-2023-20588 has no known resolution
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-20588"
 
-# CVE-2023-20593 needs backporting (fixed from 6.1.41)
+# cpe-stable-backport: Backported in 6.1.41
+CVE_CHECK_IGNORE += "CVE-2023-20593"
 
 # fixed-version: Fixed after version 6.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-20928"
@@ -6922,7 +6934,7 @@ CVE_CHECK_IGNORE += "CVE-2023-23559"
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2023-23586"
 
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+# CVE-2023-2430 needs backporting (fixed from 6.1.50)
 
 # cpe-stable-backport: Backported in 6.1.22
 CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -6933,6 +6945,8 @@ CVE_CHECK_IGNORE += "CVE-2023-25012"
 # fixed-version: Fixed after version 6.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-2513"
 
+# CVE-2023-25775 needs backporting (fixed from 6.1.53)
+
 # fixed-version: only affects 6.3rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-2598"
 
@@ -6979,7 +6993,8 @@ CVE_CHECK_IGNORE += "CVE-2023-28772"
 #

[OE-core][mickledore 05/10] bind: upgrade 9.18.17 -> 9.18.18

From: Wang Mingyu 

Changelog:

 Deprecate the 'dialup' and 'heartbeat-interval' options.
 Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
 Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
 Mark a primary server as temporarily unreachable if the TCP connection attempt 
times out.
 Don't process detach and close netmgr events when the netmgr has been paused.

(cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564)

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Steve Sakoman 
---
 .../bind/{bind_9.18.17.bb => bind_9.18.18.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.18.bb} 
(97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.18.17.bb 
b/meta/recipes-connectivity/bind/bind_9.18.18.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.17.bb
rename to meta/recipes-connectivity/bind/bind_9.18.18.bb
index fa1249b370..b9579ab52a 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.17.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.18.bb
@@ -20,7 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
 
-SRC_URI[sha256sum] = 
"bde1c5017b81d1d79c69eb8f537f2e5032fd3623acdd5ee830d4f74bc2483458"
+SRC_URI[sha256sum] = 
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # follow the ESV versions divisible by 2
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188273): 
https://lists.openembedded.org/g/openembedded-core/message/188273
Mute This Topic: https://lists.openembedded.org/mt/101606099/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 04/10] python3-git: upgrade 3.1.32 -> 3.1.37

From: Narpat Mali 

The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and
CVE-2023-41040 fixes and other bugfixes.

Changelog:
==
- WIP Quick doc by @LeoDaCoda in #1608
- Partial clean up wrt mypy and black by @bodograumann in #1617
- Disable merge_includes in config writers by @bodograumann in #1618
- feat: full typing for "progress" parameter in Repo class by @madebylydia in 
#1634
- Fix CVE-2023-40590 by @EliahKagan in #1636
- #1566 Creating a lock now uses python built-in "open()" method to work arou… 
by @HageMaster3108 in #1619
- util: close lockfile after opening successfully by @skshetry in #1639
- Bump actions/checkout from 3 to 4 by @dependabot in #1643
- Fix 'Tree' object has no attribute '_name' when submodule path is normal path 
by @CosmosAtlas in #1645
- Fix CVE-2023-41040 by @facutuesca in #1644
- Only make config more permissive in tests that need it by @EliahKagan in #1648
- Added test for PR #1645 submodule path by @CosmosAtlas in #1647
- Fix Windows environment variable upcasing bug by @EliahKagan in #1650
- Improve Python version and OS compatibility, fixing deprecations by 
@EliahKagan in #1654
- Better document env_case test/fixture and cwd by @EliahKagan in #1657
- Remove spurious executable permissions by @EliahKagan in #1658
- Fix up checks in Makefile and make them portable by @EliahKagan in #1661
- Fix URLs that were redirecting to another license by @EliahKagan in #1662
- Assorted small fixes/improvements to root dir docs by @EliahKagan in #1663
- Use venv instead of virtualenv in test_installation by @EliahKagan in #1664
- Omit py_modules in setup by @EliahKagan in #1665
- Don't track code coverage temporary files by @EliahKagan in #1666
- Configure tox by @EliahKagan in #1667
- Format tests with black and auto-exclude untracked paths by @EliahKagan in 
#1668
- Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in 
#1673
- Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in #1675
- Remove @NoEffect annotations by @EliahKagan in #1677
- Add more checks for the validity of refnames by @facutuesca in #1672

Note that the changes to the license file are just removal of excess whitespace
(the extra blank line at the end, and spaces appearing at the end of lines).

References:
https://github.com/gitpython-developers/GitPython/releases
https://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rst
https://github.com/gitpython-developers/GitPython/commit/e1af18377fd69f9c1007f8abf6ccb95b3c5a6558

Signed-off-by: Narpat Mali 
Signed-off-by: Steve Sakoman 
---
 .../python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => 
python3-git_3.1.37.bb} (86%)

diff --git a/meta/recipes-devtools/python/python3-git_3.1.32.bb 
b/meta/recipes-devtools/python/python3-git_3.1.37.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-git_3.1.32.bb
rename to meta/recipes-devtools/python/python3-git_3.1.37.bb
index f217577eb8..56a335a79e 100644
--- a/meta/recipes-devtools/python/python3-git_3.1.32.bb
+++ b/meta/recipes-devtools/python/python3-git_3.1.37.bb
@@ -6,13 +6,13 @@ access with big-files support."
 HOMEPAGE = "http://github.com/gitpython-developers/GitPython;
 SECTION = "devel/python"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5279a7ab369ba336989dcf2a107e5c8e"
 
 PYPI_PACKAGE = "GitPython"
 
 inherit pypi python_setuptools_build_meta
 
-SRC_URI[sha256sum] = 
"8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6"
+SRC_URI[sha256sum] = 
"f9b9ddc0761c125d5780eab2d64be4873fc6817c2899cbcb34b02344bdc7bc54"
 
 DEPENDS += " ${PYTHON_PN}-gitdb"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188272): 
https://lists.openembedded.org/g/openembedded-core/message/188272
Mute This Topic: https://lists.openembedded.org/mt/101606098/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 03/10] glibc: fix CVE-2023-4527

From: Yash Shinde 

Upstream-Status: 
Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]

Signed-off-by: Yash Shinde 
Signed-off-by: Steve Sakoman 
---
 .../glibc/glibc/0023-CVE-2023-4527.patch  | 219 ++
 meta/recipes-core/glibc/glibc_2.37.bb |   1 +
 2 files changed, 220 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch

diff --git a/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch 
b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
new file mode 100644
index 00..211249211a
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
@@ -0,0 +1,219 @@
+From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001
+From: Florian Weimer 
+Date: Wed, 13 Sep 2023 14:10:56 +0200
+Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses
+ in no- mode
+
+Without passing alt_dns_packet_buffer, __res_context_search can only
+store 2048 bytes (what fits into dns_packet_buffer).  However,
+the function returns the total packet size, and the subsequent
+DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
+of the stack-allocated buffer.
+
+Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-
+stub resolver option") and bug 30842.
+
+(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d)
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
+CVE: CVE-2023-4527
+
+Signed-off-by: Yash Shinde 
+
+---
+ NEWS  |   7 ++
+ resolv/Makefile   |   2 +
+ resolv/nss_dns/dns-host.c |   2 +-
+ resolv/tst-resolv-no-vc.c | 129 ++
+ 4 files changed, 139 insertions(+), 1 deletion(-)
+ create mode 100644 resolv/tst-resolv-no-vc.c
+
+diff --git a/NEWS b/NEWS
+--- a/NEWS
 b/NEWS
+@@ -25,6 +25,7 @@
+   [30101] gmon: fix memory corruption issues
+   [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
+ symlink for libraries without soname
++  [30842] Stack read overflow in getaddrinfo in no- mode (CVE-2023-4527)
+   [30151] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling
+   [30163] posix: Fix system blocks SIGCHLD erroneously
+   [30305] x86_64: Fix asm constraints in feraiseexcept
+@@ -54,6 +55,12 @@
+   heap and prints it to the target log file, potentially revealing a
+   portion of the contents of the heap.
+
++  CVE-2023-4527: If the system is configured in no- mode via
++  /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
++  family, and a DNS response is received over TCP that is larger than
++  2048 bytes, getaddrinfo may potentially disclose stack contents via
++  the returned address data, or crash.
++
+ The following bugs are resolved with this release:
+
+   [12154] network: Cannot resolve hosts which have wildcard aliases
+diff --git a/resolv/Makefile b/resolv/Makefile
+--- a/resolv/Makefile
 b/resolv/Makefile
+@@ -101,6 +101,7 @@
+   tst-resolv-invalid-cname \
+   tst-resolv-network \
+   tst-resolv-no \
++  tst-resolv-no-vc \
+   tst-resolv-nondecimal \
+   tst-resolv-res_init-multi \
+   tst-resolv-search \
+@@ -292,6 +293,7 @@
+ $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
+   $(shared-thread-library)
+ $(objpfx)tst-resolv-no: $(objpfx)libresolv.so $(shared-thread-library)
++$(objpfx)tst-resolv-no-vc: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+--- a/resolv/nss_dns/dns-host.c
 b/resolv/nss_dns/dns-host.c
+@@ -427,7 +427,7 @@
+ {
+   n = __res_context_search (ctx, name, C_IN, T_A,
+   dns_packet_buffer, sizeof (dns_packet_buffer),
+-  NULL, NULL, NULL, NULL, NULL);
++  _dns_packet_buffer, NULL, NULL, NULL, NULL);
+   if (n >= 0)
+   status = gaih_getanswer_no (alt_dns_packet_buffer, n,
+   , pat, errnop, herrnop, ttlp);
+diff --git a/resolv/tst-resolv-no-vc.c b/resolv/tst-resolv-no-vc.c
+new file mode 100644
+--- /dev/null
 b/resolv/tst-resolv-no-vc.c
+@@ -0,0 +1,129 @@
++/* Test the RES_NO resolver option with a large response.
++   Copyright (C) 2022-2023 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any

[OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix

From: Sanjay Chitroda 

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-28320
https://security-tracker.debian.org/tracker/CVE-2023-28320

Upstream Patch:
Introduced by: https://github.com/curl/curl/commit/3c49b405de4f (curl-7_9_8)
Fixed by: https://github.com/curl/curl/commit/13718030ad4b (curl-8_1_0)
Follow-up: https://github.com/curl/curl/commit/f446258f0269 (curl-8_1_0)

Signed-off-by: Sanjay Chitroda 
Signed-off-by: Steve Sakoman 
---
 .../curl/curl/CVE-2023-28320-fol1.patch   | 80 +++
 meta/recipes-support/curl/curl_8.0.1.bb   |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch 
b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
new file mode 100644
index 00..3c06d8c518
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
@@ -0,0 +1,80 @@
+From e442feb37ba25c80b8480b908d1c570fd9f41c5e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Tue, 16 May 2023 23:40:42 +0200
+Subject: [PATCH] hostip: include easy_lock.h before using
+ GLOBAL_INIT_IS_THREADSAFE
+
+Since that header file is the only place that define can be defined.
+
+Reported-by: Marc Deslauriers
+
+Follow-up to 13718030ad4b3209
+
+Closes #11121
+
+CVE: CVE-2023-28320
+Upstream-Status: Backport [https://github.com/curl/curl/commit/f446258f0269]
+
+(cherry picked from commit f446258f0269a62289cca0210157cb8558d0edc3)
+Signed-off-by: Sanjay Chitroda 
+
+---
+ lib/hostip.c | 10 --
+ lib/hostip.h |  9 -
+ 2 files changed, 4 insertions(+), 15 deletions(-)
+
+diff --git a/lib/hostip.c b/lib/hostip.c
+index d6906a2e8..2d26b5628 100644
+--- a/lib/hostip.c
 b/lib/hostip.c
+@@ -70,6 +70,8 @@
+ #include 
+ #endif
+ 
++#include "easy_lock.h"
++
+ #if defined(CURLRES_SYNCH) &&   \
+   defined(HAVE_ALARM) &&\
+   defined(SIGALRM) &&   \
+@@ -79,10 +81,6 @@
+ #define USE_ALARM_TIMEOUT
+ #endif
+ 
+-#ifdef USE_ALARM_TIMEOUT
+-#include "easy_lock.h"
+-#endif
+-
+ #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero 
*/
+ 
+ /*
+@@ -265,8 +263,8 @@ void Curl_hostcache_prune(struct Curl_easy *data)
+ /* Beware this is a global and unique instance. This is used to store the
+return address that we can jump back to from inside a signal handler. This
+is not thread-safe stuff. */
+-sigjmp_buf curl_jmpenv;
+-curl_simple_lock curl_jmpenv_lock;
++static sigjmp_buf curl_jmpenv;
++static curl_simple_lock curl_jmpenv_lock;
+ #endif
+ 
+ /* lookup address, returns entry if found and not stale */
+diff --git a/lib/hostip.h b/lib/hostip.h
+index 4b5481f65..0dd19e87c 100644
+--- a/lib/hostip.h
 b/lib/hostip.h
+@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct 
Curl_addrinfo *addr,
+ #define CURL_INADDR_NONE INADDR_NONE
+ #endif
+ 
+-#ifdef HAVE_SIGSETJMP
+-/* Forward-declaration of variable defined in hostip.c. Beware this
+- * is a global and unique instance. This is used to store the return
+- * address that we can jump back to from inside a signal handler.
+- * This is not thread-safe stuff.
+- */
+-extern sigjmp_buf curl_jmpenv;
+-#endif
+-
+ /*
+  * Function provided by the resolver backend to set DNS servers to use.
+  */
diff --git a/meta/recipes-support/curl/curl_8.0.1.bb 
b/meta/recipes-support/curl/curl_8.0.1.bb
index bcfe4a6088..708f622fe1 100644
--- a/meta/recipes-support/curl/curl_8.0.1.bb
+++ b/meta/recipes-support/curl/curl_8.0.1.bb
@@ -18,6 +18,7 @@ SRC_URI = " \
 file://CVE-2023-28320.patch \
 file://CVE-2023-28321.patch \
 file://CVE-2023-32001.patch \
+file://CVE-2023-28320-fol1.patch \
 "
 SRC_URI[sha256sum] = 
"0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188269): 
https://lists.openembedded.org/g/openembedded-core/message/188269
Mute This Topic: https://lists.openembedded.org/mt/101606095/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore 00/10] Patch review

2023-09-26 Thread Colin McAllister via lists.openembedded.org

Please review this set of changes for mickledore and have comments back by
end of day Thursday, September 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5950

The following changes since commit 72d3ecb22fea59d2520997b3f0a0651557d69ae7:

  cmake.bbclass: fix allarch override syntax (2023-09-18 04:52:03 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/mickledore-nut
  
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/mickledore-nut

Chen Qi (2):
  multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS
  gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation

Jaeyoon Jung (1):
  cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig

Lee Chee Yang (2):
  bind: update to 9.18.19
  ffmpeg: 5.1.2 -> 5.1.3

Narpat Mali (1):
  python3-git: upgrade 3.1.32 -> 3.1.37

Ross Burton (1):
  linux-yocto: update CVE exclusions

Sanjay Chitroda (1):
  curl: Add CVE-2023-28320 follow-up fix

Wang Mingyu (1):
  bind: upgrade 9.18.17 -> 9.18.18

Yash Shinde (1):
  glibc: fix CVE-2023-4527

 meta/classes-recipe/cml1.bbclass  |   2 +-
 meta/conf/multilib.conf   |   1 +
 .../bind/{bind_9.18.17.bb => bind_9.18.19.bb} |   2 +-
 .../glibc/glibc/0023-CVE-2023-4527.patch  | 219 ++
 meta/recipes-core/glibc/glibc_2.37.bb |   1 +
 meta/recipes-devtools/gcc/gcc-crosssdk.inc|   2 +
 ...n3-git_3.1.32.bb => python3-git_3.1.37.bb} |   4 +-
 .../linux/cve-exclusion_6.1.inc   | 157 ++---
 ...c-stop-accessing-out-of-bounds-frame.patch |  89 ---
 ...c-stop-accessing-out-of-bounds-frame.patch | 108 -
 .../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch |  34 ---
 .../{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb}  |   5 +-
 .../curl/curl/CVE-2023-28320-fol1.patch   |  80 +++
 meta/recipes-support/curl/curl_8.0.1.bb   |   1 +
 14 files changed, 432 insertions(+), 273 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.19.bb} 
(97%)
 create mode 100644 meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch
 rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => 
python3-git_3.1.37.bb} (86%)
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} 
(96%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188268): 
https://lists.openembedded.org/g/openembedded-core/message/188268
Mute This Topic: https://lists.openembedded.org/mt/101606094/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libwebp: upgrade 1.3.1 -> 1.3.2

Upgrades libwebp to the latest version to fix CVE-2023-5129.

Change-Id: I061fcda90c7720bc41a575551b399a6f36dfd534
---
 .../webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb}   | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename meta/recipes-multimedia/webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb} 
(100%)

diff --git a/meta/recipes-multimedia/webp/libwebp_1.3.1.bb 
b/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
similarity index 100%
rename from meta/recipes-multimedia/webp/libwebp_1.3.1.bb
rename to meta/recipes-multimedia/webp/libwebp_1.3.2.bb
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188267): 
https://lists.openembedded.org/g/openembedded-core/message/188267
Mute This Topic: https://lists.openembedded.org/mt/101606036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] python3-numpy: upgrade 1.25.2 -> 1.26.0

2023-09-26 Thread Alexandre Belloni via lists.openembedded.org

Hello,

On 26/09/2023 16:24:48+0800, wangmy wrote:
> From: Wang Mingyu 
> 
> License-Update: split license file in standard BSD 3-clause and bundled.
> 
> Changelog:
> ==
> Python 3.12.0 support.
> Cython 3.0.0 compatibility.
> Use of the Meson build system

I'm a bit surprised you didn't need to add an "inherit meson", could you
check?

> Updated SIMD support
> f2py fixes, meson and bind(x) support
> Support for the updated Accelerate BLAS/LAPACK library
> 
> Signed-off-by: Wang Mingyu 
> ---
>  .../{python3-numpy_1.25.2.bb => python3-numpy_1.26.0.bb}  | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta/recipes-devtools/python/{python3-numpy_1.25.2.bb => 
> python3-numpy_1.26.0.bb} (94%)
> 
> diff --git a/meta/recipes-devtools/python/python3-numpy_1.25.2.bb 
> b/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
> similarity index 94%
> rename from meta/recipes-devtools/python/python3-numpy_1.25.2.bb
> rename to meta/recipes-devtools/python/python3-numpy_1.26.0.bb
> index 4793b23a38..e94e431209 100644
> --- a/meta/recipes-devtools/python/python3-numpy_1.25.2.bb
> +++ b/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
> @@ -3,7 +3,7 @@ HOMEPAGE = "https://numpy.org/;
>  DESCRIPTION = "NumPy is the fundamental package needed for scientific 
> computing with Python."
>  SECTION = "devel/python"
>  LICENSE = "BSD-3-Clause & BSD-2-Clause & PSF-2.0 & Apache-2.0 & MIT"
> -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7614a5b0073688df53773ec6ec7fe81d"
> +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a752eb20459cf74a9d84ee4825e8317c"
>  
>  SRCNAME = "numpy"
>  
> @@ -13,7 +13,7 @@ SRC_URI = 
> "${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
> file://disable_blas.patch \
> file://run-ptest \
> "
> -SRC_URI[sha256sum] = 
> "fd608e19c8d7c55021dffd43bfe5492fab8cc105cc8986f813f8c3c048b38760"
> +SRC_URI[sha256sum] = 
> "f93fc78fe8bf15afe2b8d6b6499f1c73953169fad1e9a8dd086cdff3190e7fdf"
>  
>  GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases;
>  UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P\d+(\.\d+)+)$"
> -- 
> 2.34.1
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188266): 
https://lists.openembedded.org/g/openembedded-core/message/188266
Mute This Topic: https://lists.openembedded.org/mt/101591676/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3: fix SoB on patch

2023-09-26 Thread Alexandre Belloni via lists.openembedded.org

From: Alexandre Belloni 

Signed-off-by: Alexandre Belloni 
---
 .../0001-test_ctypes.test_find-skip-without-tools-sdk.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
 
b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
index 371021c0a97c..97150f20385e 100644
--- 
a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
+++ 
b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -9,7 +9,7 @@ easiest way to dynamically check for that is looking for
 
 Upstream-Status: Inappropriate [oe-specific]
 
-Signed-off-by: Tim Orling 
+Signed-off-by: Tim Orling 
 
 ---
  Lib/ctypes/test/test_find.py | 2 ++
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188265): 
https://lists.openembedded.org/g/openembedded-core/message/188265
Mute This Topic: https://lists.openembedded.org/mt/101605567/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129

2023-09-26 Thread Ross Burton

Can we also get a fix for master?  It’s bad form to fix a CVE in the stable 
branches without also fixing master, otherwise it’s possible that security 
issues appear when you upgrade.

Ross

> On 26 Sep 2023, at 21:02, Colin McAllister via lists.openembedded.org 
>  wrote:
> 
> Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.
> ---
> .../webp/files/CVE-2023-5129.patch| 362 ++
> 1 file changed, 362 insertions(+)
> create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> 
> diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
> b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> new file mode 100644
> index 00..f27d773c64
> --- /dev/null
> +++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> @@ -0,0 +1,362 @@
> +From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
> +From: Vincent Rabaud 
> +Date: Thu, 7 Sep 2023 21:16:03 +0200
> +Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
> +
> +First, BuildHuffmanTable is called to check if the data is valid.
> +If it is and the table is not big enough, more memory is allocated.
> +
> +This will make sure that valid (but unoptimized because of unbalanced
> +codes) streams are still decodable.
> +
> +Bug: chromium:1479274
> +Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
> +(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
> +(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
> +---
> + src/dec/vp8l_dec.c| 46 ++-
> + src/dec/vp8li_dec.h   |  2 +-
> + src/utils/huffman_utils.c | 97 +++
> + src/utils/huffman_utils.h | 27 +--
> + 4 files changed, 129 insertions(+), 43 deletions(-)
> +
> +diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
> +index 13480551..186b0b2f 100644
> +--- a/src/dec/vp8l_dec.c
>  b/src/dec/vp8l_dec.c
> +@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
> +   int symbol;
> +   int max_symbol;
> +   int prev_code_len = DEFAULT_CODE_LENGTH;
> +-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
> ++  HuffmanTables tables;
> + 
> +-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
> +- code_length_code_lengths,
> +- NUM_CODE_LENGTH_CODES)) {
> ++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
> ++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
> ++ code_length_code_lengths, 
> NUM_CODE_LENGTH_CODES)) {
> + goto End;
> +   }
> + 
> +@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
> + int code_len;
> + if (max_symbol-- == 0) break;
> + VP8LFillBitWindow(br);
> +-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
> ++p = _segment->start[VP8LPrefetchBits(br) & 
> LENGTHS_TABLE_MASK];
> + VP8LSetBitPos(br, br->bit_pos_ + p->bits);
> + code_len = p->value;
> + if (code_len < kCodeLengthLiterals) {
> +@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
> +   ok = 1;
> + 
> +  End:
> ++  VP8LHuffmanTablesDeallocate();
> +   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
> +   return ok;
> + }
> +@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
> + // 'code_lengths' is pre-allocated temporary buffer, used for creating 
> Huffman
> + // tree.
> + static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
> +-   int* const code_lengths, HuffmanCode* const 
> table) {
> ++   int* const code_lengths,
> ++   HuffmanTables* const table) {
> +   int ok = 0;
> +   int size = 0;
> +   VP8LBitReader* const br = >br_;
> +@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
> xsize, int ysize,
> +   VP8LMetadata* const hdr = >hdr_;
> +   uint32_t* huffman_image = NULL;
> +   HTreeGroup* htree_groups = NULL;
> +-  HuffmanCode* huffman_tables = NULL;
> +-  HuffmanCode* huffman_table = NULL;
> ++  HuffmanTables* huffman_tables = >huffman_tables_;
> +   int num_htree_groups = 1;
> +   int num_htree_groups_max = 1;
> +   int max_alphabet_size = 0;
> +@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
> xsize, int ysize,
> +   int* mapping = NULL;
> +   int ok = 0;
> + 
> ++  // Check the table has been 0 initialized (through InitMetadata).
> ++  assert(huffman_tables->root.start == NULL);
> ++  assert(huffman_tables->curr_segment == NULL);
> ++
> +   if (allow_recursion && VP8LReadBits(br, 1)) {
> + // use meta Huffman codes.
> + const int huffman_precision = VP8LReadBits(br, 3) + 2;
> +@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, 
> int xsize, int ysize,
> + 
> +   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
> +   sizeof(*code_lengths));
> +-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * 
> table_size,
> +-

Re: [OE-core] [kirkstone 02/20] cups: fix CVE-2023-32360

2023-09-26 Thread Claus Stovgaard

Hi Steve and oe-core

Just noticed issues with cups, and can see the problem in this patch.

++ AuthType Defaul
should have been
++ AuthType Default

We are missing a "t" in the end.

Will send a patch - but I might first have time later this week, and it don't 
know if it is needed for 4.0.13

Regards
Claus

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188263): 
https://lists.openembedded.org/g/openembedded-core/message/188263
Mute This Topic: https://lists.openembedded.org/mt/101489304/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] libwebp: Fix CVE-2023-5129

2023-09-26 Thread Colin McAllister via lists.openembedded.org

Add patch from libwebp 1.2.4 branch to fix CVE-2023-5129.

Change-Id: Id9fd776e81105beba3d37564e83ade816270aedd
---
 .../webp/files/CVE-2023-5129.patch| 362 ++
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |   1 +
 2 files changed, 363 insertions(+)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..f27d773c64
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,362 @@
+From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ =

[OE-core] [dunfell][PATCH v2] libwebp: Fix CVE-2023-5129

2023-09-26 Thread Colin McAllister via lists.openembedded.org

Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.

Change-Id: Idaabd9e118fb51a80159a25312000337427e23bf
---
 .../webp/files/CVE-2023-5129.patch| 362 ++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |   1 +
 2 files changed, 363 insertions(+)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..f27d773c64
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,362 @@
+From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ =

[OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129

2023-09-26 Thread Colin McAllister via lists.openembedded.org

Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.
---
 .../webp/files/CVE-2023-5129.patch| 362 ++
 1 file changed, 362 insertions(+)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..f27d773c64
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,362 @@
+From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h   |  2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
 b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+   int symbol;
+   int max_symbol;
+   int prev_code_len = DEFAULT_CODE_LENGTH;
+-  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++  HuffmanTables tables;
+ 
+-  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++  !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths, 
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+   }
+ 
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) & 
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+   ok = 1;
+ 
+  End:
++  VP8LHuffmanTablesDeallocate();
+   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+   return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+-   int* const code_lengths, HuffmanCode* const table) 
{
++   int* const code_lengths,
++   HuffmanTables* const table) {
+   int ok = 0;
+   int size = 0;
+   VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   VP8LMetadata* const hdr = >hdr_;
+   uint32_t* huffman_image = NULL;
+   HTreeGroup* htree_groups = NULL;
+-  HuffmanCode* huffman_tables = NULL;
+-  HuffmanCode* huffman_table = NULL;
++  HuffmanTables* huffman_tables = >huffman_tables_;
+   int num_htree_groups = 1;
+   int num_htree_groups_max = 1;
+   int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+   int* mapping = NULL;
+   int ok = 0;
+ 
++  // Check the table has been 0 initialized (through InitMetadata).
++  assert(huffman_tables->root.start == NULL);
++  assert(huffman_tables->curr_segment == NULL);
++
+   if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int 
xsize, int ysize,
+ 
+   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+   sizeof(*code_lengths));
+-  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+ 
+-  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) 
{
++  if (htree_groups == NULL || code_lengths == NULL ||
++  !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto Error;
+   }
+ 
+-  huffman_table = huffman_tables;
+   for (i = 0; i <

Re: [OE-core] [PATCH 25/40] meson: upgrade 1.1.1 -> 1.2.1

2023-09-26 Thread Sandeep Gundlupet Raju via lists.openembedded.org

On Tue, Sep 26, 2023 at 10:55 AM Martin Jansa  wrote:
>
> On Mon, Sep 25, 2023 at 6:47 PM Khem Raj  wrote:
>>
>> gnupg failure seems related to this -
>> https://errors.yoctoproject.org/Errors/Details/738191/
>
>
> I've just sent a fix for this one (gupnp not gnupg :)):

Yeah poor eyes and spellchecker have me at times. Thanks for chiming
in with a patch

> https://lists.openembedded.org/g/openembedded-devel/message/105145

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188259): 
https://lists.openembedded.org/g/openembedded-core/message/188259
Mute This Topic: https://lists.openembedded.org/mt/101516872/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 25/40] meson: upgrade 1.1.1 -> 1.2.1

2023-09-26 Thread Martin Jansa

On Mon, Sep 25, 2023 at 6:47 PM Khem Raj  wrote:

> gnupg failure seems related to this -
> https://errors.yoctoproject.org/Errors/Details/738191/


I've just sent a fix for this one (gupnp not gnupg :)):
https://lists.openembedded.org/g/openembedded-devel/message/105145

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188258): 
https://lists.openembedded.org/g/openembedded-core/message/188258
Mute This Topic: https://lists.openembedded.org/mt/101516872/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] beaglebone-yocto testimage ping timeout issue



On 9/25/2023 2:42 PM, Richard Purdie wrote:

On Mon, 2023-09-25 at 11:17 -0700, Khem Raj wrote:

core-image-minimal does not have ssh server in image so maybe start
with core-image-base or something or add
IMAGE_FEATURES += "ssh-server-openssh package-management hwcodecs" to local.conf

Whilst in general that is good advice to make minimal more testable,
you don't need an ssh server for ping to work so it won't be that for
the ping issue.


you might need to prepare the target testing setup

especially TEST_TARGET_IP and TEST_SERVER_IP and TEST_TARGET
see - 
https://github.com/YoeDistro/yoe-distro/blob/master/conf/projects/visionfive2/config.conf#L18-L20

Can you share the full testimage log somewhere? The first thing to
check is whether anything booted or not. If it hasn't booted, it won't
ping. Start with that and work forward - are the network devices
configured in the kernel log?


[Sandeep]: We haven't touched any thing. We are using below commands 
from stock poky. I would expect this is configured properly from poky layer.


MACHINE=beaglebone-yocto bitbake core-image-minimal

MACHINE=beaglebone-yocto bitbake core-image-minimal -c testimage


That does raise the question - how are you provisioning the beaglebone
and the other hardware with the image/kernel? I'm not sure that is
setup to work under qemu?

[Sandeep]: Attached the logs. I can boot qemu manually without any issues.


Cheers,

Richard


/scratch1/sandeepg/yocto/yp-master/build-ci-master  $ MACHINE=beaglebone-yocto 
runqemu nographic
runqemu - INFO - Running MACHINE=beaglebone-yocto bitbake -e  ...
runqemu - INFO - Continuing with the following parameters:
KERNEL: 
[/scratch1/sandeepg/yocto/yp-master/build-ci-master/tmp/deploy/images/beaglebone-yocto/zImage]
MACHINE: [beaglebone-yocto]
FSTYPE: [wic (no-kernel-in-fs)]
ROOTFS: 
[/scratch1/sandeepg/yocto/yp-master/build-ci-master/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.rootfs-20230925163513.wic]
CONFFILE: 
[/scratch1/sandeepg/yocto/yp-master/build-ci-master/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.rootfs-20230925163513.qemuboot.conf]

runqemu - INFO - Using preconfigured tap device tap0
runqemu - INFO - If this is not intended, touch /tmp/qemu-tap-locks/tap0.skip 
to make runqemu skip tap0.
runqemu - INFO - Network configuration: 
ip=192.168.7.2::192.168.7.1:255.255.255.0::eth0:off:8.8.8.8 net.ifnames=0
runqemu - INFO - Running 
/scratch1/sandeepg/yocto/yp-master/build-ci-master/tmp/work/x86_64-linux/qemu-helper-native/1.0/recipe-sysroot-native/usr/bin/qemu-system-arm
 -device virtio-net-device,netdev=net0,mac=52:54:00:12:34:02 -netdev 
tap,id=net0,ifname=tap0,script=no,downscript=no -object 
rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 -drive 
id=disk0,file=/scratch1/sandeepg/yocto/yp-master/build-ci-master/tmp/deploy/images/beaglebone-yocto/core-image-minimal-beaglebone-yocto.rootfs-20230925163513.wic,if=none,format=raw
 -device virtio-blk-device,drive=disk0 -device virtio-rng-device  -machine virt 
-cpu cortex-a15  -m 256 -serial mon:stdio -serial null -nographic  -kernel 
/scratch1/sandeepg/yocto/yp-master/build-ci-master/tmp/deploy/images/beaglebone-yocto/zImage
 -append 'root=/dev/vda2 rw  mem=256M 
ip=192.168.7.2::192.168.7.1:255.255.255.0::eth0:off:8.8.8.8 net.ifnames=0 
console=ttyS0 console=ttyO0 console=ttyAMA0 console=ttyAMA0 
systemd.mask=systemd-networkd '

runqemu - INFO - Host uptime: 3974482.56

Booting Linux on physical CPU 0x0
Linux version 6.1.20-yocto-standard (oe-user@oe-host) 
(arm-poky-linux-gnueabi-gcc (GCC) 13.2.0, GNU ld (GNU Binutils) 
2.41.0.20230731) #1 PREEMPT Sat Mar 18 02:48:04 UTC 2023
CPU: ARMv7 Processor [414fc0f0] revision 0 (ARMv7), cr=10c53c7d
CPU: div instructions available: patching division code
CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
OF: fdt: Machine model: linux,dummy-virt
random: crng init done
Memory policy: Data cache writeback
cma: Reserved 16 MiB at 0x4f00
Zone ranges:
  Normal   [mem 0x4000-0x4fff]
  HighMem  empty
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x4000-0x4fff]
Initmem setup node 0 [mem 0x4000-0x4fff]
psci: probing for conduit method from DT.
psci: PSCIv1.1 detected in firmware.
psci: Using standard PSCI v0.2 function IDs
psci: Trusted OS migration not required
psci: SMC Calling Convention v1.0
CPU: All CPU(s) started in SVC mode.
Built 1 zonelists, mobility grouping on.  Total pages: 64960
Kernel command line: root=/dev/vda2 rw  mem=256M 
ip=192.168.7.2::192.168.7.1:255.255.255.0::eth0:off:8.8.8.8 net.ifnames=0 
console=ttyS0 console=ttyO0 console=ttyAMA0 console=ttyAMA0 
systemd.mask=systemd-networkd 
Dentry cache hash table entries: 32768 (order: 5, 131072 bytes, linear)
Inode-cache hash table entries: 16384 (order: 4, 65536 bytes, linear)
mem auto-init: stack:all(zero), heap alloc:off, heap free:off
Memory:

[OE-core] Yocto Project Status 26 September 2023 (WW39)

2023-09-26 Thread Stephen Jolley

Current Dev Position: YP 4.3 M4 (Feature Freeze)

Next Deadline: 2nd October 2023 YP 4.3 M4 build date

Next Team Meetings:

Bug Triage meeting Thursday September 28th 7:30 am PDT (
https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
-

Weekly Project Engineering Sync Tuesday September 26th at 8 am PDT (
https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)

Twitch - See https://www.twitch.tv/theyoctojester

Key Status/Updates:

YP 4.3 M3 rc1 was released and work is being done on the autobuilder QA
email step to improve for future releases. The regression report is still
being worked on.
-

YP 3.1.28 is under review for release
-

YP 4.0.13 rc2 is in QA
-

The numpy reproducibility issue remains and is proving extremely
problematic with many failed builds. We may have to merge the debug patch
into master.
-

The openssh ptest intermittent failure does have better logs available
but we’ve yet to decode what it means:

http://autobuilder.yocto.io/pub/non-release/20230917-2/testresults/qemuarm64-ptest/openssh.log

The changes to error for overlapping symlinks under sstate control have
highlighted some issues, particularly in world build configurations however
so far these have proven to be real issues that needed addressing in the
configuration as the files overlapped and caused determinism issues.
-

The number of build failures from incoming patches remains high and is
causing patch review delays and headaches for the maintainers. We are not
here to debug people’s patches, we’re only meant to be catching
accidental/occasional issues.
-

Patches for enabling wider SPDX tooling and testing in core are being
proposed but there are quite a few python module dependencies. We do have
good tooling/class support for python modules so the maintenance overhead
of these is relatively low but the number of modules in core has increased
steadily. Feedback welcome.
-

Since the 6.4 kernel is already EOL, we are considering a 6.5 kernel for
4.3 as the best of several difficult options.
-

The project is working on improving its security processes and policies,
there are emails on the mailing list discussing this. Please highlight
these to any parties who may be interested or have useful feedback.

Ways to contribute:

As people are likely aware, the project has a number of components which
are either unmaintained, or have people with little to no time trying to
keep them alive. These components include: patchtest, layerindex, devtool,
toaster, wic, oeqa, autobuilder, CROPs containers, pseudo and more. Many
have open bugs. Help is welcome in trying to better look after these
components!
-

There are bugs identified as possible for newcomers to the project:
https://wiki.yoctoproject.org/wiki/Newcomers
-

There are bugs that are currently unassigned for YP 4.3. See:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.3_Unassigned_Enhancements.2FBugs
-

We’d welcome new maintainers for recipes in OE-Core. Please see the list
at:

http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/maintainers.inc
and discuss with the existing maintainer, or ask on the OE-Core mailing
list. We will likely move a chunk of these to “Unassigned” soon to help
facilitate this.
-

Help is very much welcome in trying to resolve our autobuilder
intermittent issues. You can see the list of failures we’re continuing to
see by searching for the “AB-INT” tag in bugzilla:
https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT.
-

Help us resolve CVE issues: CVE metrics

We have a growing number of bugs in bugzilla, any help with them is
appreciated.

YP 4.3 Milestone Dates:

YP 4.3 M3 was released.
-

YP 4.3 M4 build date 2023/10/02
-

YP 4.3 M4 Release date 2023/10/27

YP 5.0 Milestone Dates:

YP 5.0 M1 build date 2023/12/04
-

YP 5.0 M1 Release date 2023/12/15
-

YP 5.0 M2 build date 2024/01/15
-

YP 5.0 M2 Release date 2024/01/24
-

YP 5.0 M3 build date 2024/02/19
-

YP 5.0 M3 Release date 2024/03/01
-

YP 5.0 M4 build date 2024/04/01
-

YP 5.0 M4 Release date 2024/04/30

Upcoming dot releases:

YP 3.1.28 is ready for release.
-

YP 4.0.13 is in QA.
-

YP 3.1.29 build date 2023/10/30
-

YP 3.1.29 Release date 2023/11/10
-

YP 4.0.14 build date 2023/11/06
-

YP 4.0.14 Release date 2023/11/17
-

YP 4.2.4 build date 2023/11/13
-

YP 4.2.4 Release date 2023/11/24
-

YP 4.3.1 build date 2023/11/27
-

YP 4.3.1 Release date 2023/12/08
-

YP 3.1.30 build date 2023/12/11
-

YP 3.1.30 Release date 2023/12/22

Re: [OE-core] [PATCH v2] curl: Update from 8.2.1 to 8.3.0

I am seeing a ptest failure on qemx86-64/glibc

  Failed ptests:
  {'curl': ['test_1474', 'curl']}

On Sat, Sep 23, 2023 at 10:25 AM Robert Joslyn via
lists.openembedded.org
 wrote:
>
> From: Robert Joslyn 
>
> NSS support was removed, so adjust PACKAGECONFIG options.
>
> The --enable-crypto-auth option was removed and split into separate
> options for basic-auth, bearer-auth, digest-auth, kerberos-auth,
> negotiate-auth, and aws. Enable these new options since upstream enables
> them by default.
>
> Disable test 1279 since this requires libcurl and hangs the tests.
>
> Signed-off-by: Robert Joslyn 
> ---
> Changes from v1:
> Enable aws authentication by default. Upstream enables it by default and
> test 1964 fails with it disabled.
>
>  meta/recipes-support/curl/curl/disable-tests   |  1 +
>  .../curl/{curl_8.2.1.bb => curl_8.3.0.bb}  | 14 +-
>  2 files changed, 10 insertions(+), 5 deletions(-)
>  rename meta/recipes-support/curl/{curl_8.2.1.bb => curl_8.3.0.bb} (88%)
>
> diff --git a/meta/recipes-support/curl/curl/disable-tests 
> b/meta/recipes-support/curl/curl/disable-tests
> index b687b2bb76..fdac795662 100644
> --- a/meta/recipes-support/curl/curl/disable-tests
> +++ b/meta/recipes-support/curl/curl/disable-tests
> @@ -21,6 +21,7 @@
>  # This test is scanning the source tree
>  1222
>  # These CRL tests need --libcurl option to be enabled
> +1279
>  1400
>  1401
>  1402
> diff --git a/meta/recipes-support/curl/curl_8.2.1.bb 
> b/meta/recipes-support/curl/curl_8.3.0.bb
> similarity index 88%
> rename from meta/recipes-support/curl/curl_8.2.1.bb
> rename to meta/recipes-support/curl/curl_8.3.0.bb
> index b86c6f3bba..646ac01914 100644
> --- a/meta/recipes-support/curl/curl_8.2.1.bb
> +++ b/meta/recipes-support/curl/curl_8.3.0.bb
> @@ -14,7 +14,7 @@ SRC_URI = " \
>  file://run-ptest \
>  file://disable-tests \
>  "
> -SRC_URI[sha256sum] = 
> "dd322f6bd0a20e6cebdfd388f69e98c3d183bed792cf4713c8a7ef498cba4894"
> +SRC_URI[sha256sum] = 
> "376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63"
>
>  # Curl has used many names over the years...
>  CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl 
> daniel_stenberg:curl"
> @@ -24,21 +24,26 @@ inherit autotools pkgconfig binconfig multilib_header 
> ptest
>  # Entropy source for random PACKAGECONFIG option
>  RANDOM ?= "/dev/urandom"
>
> -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn 
> openssl proxy random threaded-resolver verbose zlib"
> +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws 
> basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random 
> threaded-resolver verbose zlib"
>  PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver 
> verbose zlib"
>  PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver 
> verbose zlib"
>
>  # 'ares' and 'threaded-resolver' are mutually exclusive
>  PACKAGECONFIG[ares] = 
> "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
> +PACKAGECONFIG[aws] = "--enable-aws,--disable-aws"
> +PACKAGECONFIG[basic-auth] = "--enable-basic-auth,--disable-basic-auth"
> +PACKAGECONFIG[bearer-auth] = "--enable-bearer-auth,--disable-bearer-auth"
>  PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
>  PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
>  # Don't use this in production
>  PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
>  PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
> +PACKAGECONFIG[digest-auth] = "--enable-digest-auth,--disable-digest-auth"
>  PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
>  PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
>  PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
>  PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
> +PACKAGECONFIG[kerberos-auth] = 
> "--enable-kerberos-auth,--disable-kerberos-auth"
>  PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
>  PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap"
>  PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap"
> @@ -47,6 +52,7 @@ PACKAGECONFIG[libidn] = 
> "--with-libidn2,--without-libidn2,libidn2"
>  PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
>  PACKAGECONFIG[mbedtls] = 
> "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
>  PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
> +PACKAGECONFIG[negotiate-auth] = 
> "--enable-negotiate-auth,--disable-negotiate-auth"
>  PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
>  PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl"
>  PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
> @@ -56,7 +62,6 @@ PACKAGECONFIG[rtmpdump] = 
> "--with-librtmp,--without-librtmp,rtmpdump"
>  PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
>  PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
>  PACKAGECONFIG[smtp] =

Re: [OE-core][PATCH] oe-find-native-sysroot: avoid warning message messing things up

2023-09-26 Thread Chen Qi via lists.openembedded.org

Just noticed your patches. Yes, this patch is not needed.

Regards,
Qi

From: Peter Kjellerstedt 
Sent: Tuesday, September 26, 2023 9:10 PM
To: Jose Quaresma ; Chen, Qi 
Cc: openembedded-core@lists.openembedded.org
Subject: RE: [OE-core][PATCH] oe-find-native-sysroot: avoid warning message 
messing things up

NAK

This is no longer needed since commit 6b7883533 (bitbake-getvar: Make --value 
imply –quiet) landed in bitbake.

//Peter

From: 
openembedded-core@lists.openembedded.org
 
mailto:openembedded-core@lists.openembedded.org>>
 On Behalf Of Jose Quaresma
Sent: den 26 september 2023 12:21
To: qi.c...@windriver.com
Cc: 
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] oe-find-native-sysroot: avoid warning message 
messing things up

Hi Chen,

I have raised this when it lands
https://lists.openembedded.org/g/openembedded-core/message/187378

Tested.by:
 Jose Quaresma mailto:quaresma.j...@gmail.com>>
Jose
Chen Qi via 
lists.openembedded.org
 
mailto:windriver@lists.openembedded.org>>
 escreveu no dia terça, 26/09/2023 à(s) 11:15:
From: Chen Qi mailto:qi.c...@windriver.com>>

Add '-q' option to bitbake-getvar to avoid warning messages contaminating
the actual result.

Signed-off-by: Chen Qi mailto:qi.c...@windriver.com>>
---
 scripts/oe-find-native-sysroot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/oe-find-native-sysroot b/scripts/oe-find-native-sysroot
index 6228efcbee..541318b461 100755
--- a/scripts/oe-find-native-sysroot
+++ b/scripts/oe-find-native-sysroot
@@ -38,7 +38,7 @@ fi
 # Global vars
 set_oe_native_sysroot(){
 echo "Getting sysroot..."
-OECORE_NATIVE_SYSROOT=$(bitbake-getvar -r $1 --value STAGING_DIR_NATIVE)
+OECORE_NATIVE_SYSROOT=$(bitbake-getvar -q -r $1 --value STAGING_DIR_NATIVE)
 }

 if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
--
2.40.0




--
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188254): 
https://lists.openembedded.org/g/openembedded-core/message/188254
Mute This Topic: https://lists.openembedded.org/mt/101592501/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 7/7] vim: Upgrade 9.0.1664 -> 9.0.1894

From: Richard Purdie 

This includes multiple CVE fixes.

The license change is due to changes in maintainership, the license
itself is unchanged.

Signed-off-by: Richard Purdie 
(cherry picked from commit 91e66b93a0c0928f0c2cfe78e22898a6c9800f34)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index dc22a023c3..73e639d7b1 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -10,7 +10,7 @@ DEPENDS = "ncurses gettext-native"
 RSUGGESTS_${PN} = "diffutils"
 
 LICENSE = "vim"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d1a651ab770b45d41c0f8cb5a8ca930e"
 
 SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://disable_acl_header_check.patch \
@@ -19,8 +19,8 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
 
-PV .= ".1664"
-SRCREV = "8154e642aa476e1a5d3de66c34e8289845b2b797"
+PV .= ".1894"
+SRCREV = "e5f7cd0a60d0eeab84f7aeb35c13d3af7e50072e"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188253): 
https://lists.openembedded.org/g/openembedded-core/message/188253
Mute This Topic: https://lists.openembedded.org/mt/101596336/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 6/7] vim: upgrade 9.0.1592 -> 9.0.1664

From: Archana Polampalli 

Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-3896
8154e642a (tag: v9.0.1664) patch 9.0.1664: divide by zero when scrolling with 
'smoothscroll' set

Signed-off-by: Archana Polampalli 
Signed-off-by: Richard Purdie 
(cherry picked from commit 4a1ab744142c9229f03a359b45e5e89a1fbae0d3)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index bbafa170f4..dc22a023c3 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
 
-PV .= ".1592"
-SRCREV = "29b4c513b11deb37f0e0538df53d195f602fa42c"
+PV .= ".1664"
+SRCREV = "8154e642aa476e1a5d3de66c34e8289845b2b797"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188252): 
https://lists.openembedded.org/g/openembedded-core/message/188252
Mute This Topic: https://lists.openembedded.org/mt/101596335/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 5/7] gcc: Fix -fstack-protector issue on aarch64

From: Ross Burton 

This series of patches fixes deficiencies in GCC's -fstack-protector
implementation for AArch64 when using dynamically allocated stack space.
This is CVE-2023-4039.  See:

https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf

for more details.

Signed-off-by: Ross Burton 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/gcc/gcc-9.5.inc |1 +
 .../gcc/gcc-9.5/CVE-2023-4039.patch   | 1506 +
 2 files changed, 1507 insertions(+)
 create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch

diff --git a/meta/recipes-devtools/gcc/gcc-9.5.inc 
b/meta/recipes-devtools/gcc/gcc-9.5.inc
index 23bfb1a9db..9bb41bbe24 100644
--- a/meta/recipes-devtools/gcc/gcc-9.5.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.5.inc
@@ -70,6 +70,7 @@ SRC_URI = "\

file://0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \

file://0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch \

file://0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch \
+   file://CVE-2023-4039.patch \
 "
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
 SRC_URI[sha256sum] = 
"27769f64ef1d4cd5e2be8682c0c93f9887983e6cfd1a927ce5a0a2915a95cf8f"
diff --git a/meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch 
b/meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
new file mode 100644
index 00..56d229066f
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
@@ -0,0 +1,1506 @@
+From: Richard Sandiford 
+Subject: [PATCH 00/19] aarch64: Fix -fstack-protector issue
+Date: Tue, 12 Sep 2023 16:25:10 +0100
+
+This series of patches fixes deficiencies in GCC's -fstack-protector
+implementation for AArch64 when using dynamically allocated stack space.
+This is CVE-2023-4039.  See:
+
+https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
+https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf
+
+for more details.
+
+The fix is to put the saved registers above the locals area when
+-fstack-protector is used.
+
+The series also fixes a stack-clash problem that I found while working
+on the CVE.  In unpatched sources, the stack-clash problem would only
+trigger for unrealistic numbers of arguments (8K 64-bit arguments, or an
+equivalent).  But it would be a more significant issue with the new
+-fstack-protector frame layout.  It's therefore important that both
+problems are fixed together.
+
+Some reorganisation of the code seemed necessary to fix the problems in a
+cleanish way.  The series is therefore quite long, but only a handful of
+patches should have any effect on code generation.
+
+See the individual patches for a detailed description.
+
+Tested on aarch64-linux-gnu. Pushed to trunk and to all active branches.
+I've also pushed backports to GCC 7+ to vendors/ARM/heads/CVE-2023-4039.
+
+CVE: CVE-2023-4039
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton 
+  
+  
+From 78ebdb7b12d5e258b9811bab715734454268fd0c Mon Sep 17 00:00:00 2001
+From: Richard Sandiford 
+Date: Fri, 16 Jun 2023 17:00:51 +0100
+Subject: [PATCH 01/10] aarch64: Explicitly handle frames with no saved
+ registers
+
+If a frame has no saved registers, it can be allocated in one go.
+There is no need to treat the areas below and above the saved
+registers as separate.
+
+And if we allocate the frame in one go, it should be allocated
+as the initial_adjust rather than the final_adjust.  This allows the
+frame size to grow to guard_size - guard_used_by_caller before a stack
+probe is needed.  (A frame with no register saves is necessarily a
+leaf frame.)
+
+This is a no-op as thing stand, since a leaf function will have
+no outgoing arguments, and so all the frame will be above where
+the saved registers normally go.
+
+gcc/
+   * config/aarch64/aarch64.c (aarch64_layout_frame): Explicitly
+   allocate the frame in one go if there are no saved registers.
+---
+ gcc/config/aarch64/aarch64.c | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
+index a35dceab9fc..e9dad682738 100644
+--- a/gcc/config/aarch64/aarch64.c
 b/gcc/config/aarch64/aarch64.c
+@@ -4771,9 +4771,11 @@ aarch64_layout_frame (void)
+ max_push_offset = 256;
+ 
+   HOST_WIDE_INT const_size, const_fp_offset;
+-  if (cfun->machine->frame.frame_size.is_constant (_size)
+-  && const_size < max_push_offset
+-  && known_eq (crtl->outgoing_args_size, 0))
++  if (cfun->machine->frame.saved_regs_size == 0)
++cfun->machine->frame.initial_adjust = cfun->machine->frame.frame_size;
++  else if (cfun->machine->frame.frame_size.is_constant (_size)
++ && const_size < max_push_offset
++ && known_eq

[OE-core][dunfell 3/7] go: Backport fix for CVE-2022-41725 and CVE-2023-24536

From: Vijay Anusuri 

Upstream-commit:
https://github.com/golang/go/commit/874b3132a84cf76da6a48978826c04c380a37a50
&
https://github.com/golang/go/commit/4e5a313524da62600eb59dbf98624cfe946456f8
&
https://github.com/golang/go/commit/5246fa5e75b129a7dbd9722aa4de0cbaf7ceae43
&
https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab
&
https://github.com/golang/go/commit/ef41a4e2face45e580c5836eaebd51629fc23f15
&
https://github.com/golang/go/commit/7a359a651c7ebdb29e0a1c03102fce793e9f58f0
&
https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538

Signed-off-by: Vijay Anusuri 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.14.inc  |   7 +
 .../go/go-1.14/CVE-2022-41725-pre1.patch  |  85 +++
 .../go/go-1.14/CVE-2022-41725-pre2.patch  |  97 +++
 .../go/go-1.14/CVE-2022-41725-pre3.patch  |  98 +++
 .../go/go-1.14/CVE-2022-41725.patch   | 660 ++
 .../go/go-1.14/CVE-2023-24536_1.patch | 134 
 .../go/go-1.14/CVE-2023-24536_2.patch | 184 +
 .../go/go-1.14/CVE-2023-24536_3.patch | 349 +
 8 files changed, 1614 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc 
b/meta/recipes-devtools/go/go-1.14.inc
index 20377e095b..784b502f46 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -70,6 +70,13 @@ SRC_URI += "\
 file://CVE-2023-29400.patch \
 file://CVE-2023-29406.patch \
 file://CVE-2023-29409.patch \
+file://CVE-2022-41725-pre1.patch \
+file://CVE-2022-41725-pre2.patch \
+file://CVE-2022-41725-pre3.patch \
+file://CVE-2022-41725.patch \
+file://CVE-2023-24536_1.patch \
+file://CVE-2023-24536_2.patch \
+file://CVE-2023-24536_3.patch \
 "
 
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch 
b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
new file mode 100644
index 00..37ebc41947
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
@@ -0,0 +1,85 @@
+From 874b3132a84cf76da6a48978826c04c380a37a50 Mon Sep 17 00:00:00 2001
+From: avivklas 
+Date: Fri, 7 Aug 2020 21:50:12 +0300
+Subject: [PATCH] mime/multipart: return overflow errors in Reader.ReadForm
+
+Updates Reader.ReadForm to check for overflow errors that may
+result from a leeway addition of 10MiB to the input argument
+maxMemory.
+
+Fixes #40430
+
+Change-Id: I510b8966c95c51d04695ba9d08fcfe005fd11a5d
+Reviewed-on: https://go-review.googlesource.com/c/go/+/247477
+Run-TryBot: Emmanuel Odeke 
+Trust: Cuong Manh Le 
+Trust: Emmanuel Odeke 
+TryBot-Result: Go Bot 
+Reviewed-by: Emmanuel Odeke 
+
+Upstream-Status: Backport 
[https://github.com/golang/go/commit/874b3132a84cf76da6a48978826c04c380a37a50]
+CVE: CVE-2022-41725 #Dependency Patch1
+Signed-off-by: Vijay Anusuri 
+---
+ src/mime/multipart/formdata.go  |  4 
+ src/mime/multipart/formdata_test.go | 18 ++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go
+index 832d0ad693666..4eb31012941ac 100644
+--- a/src/mime/multipart/formdata.go
 b/src/mime/multipart/formdata.go
+@@ -7,6 +7,7 @@ package multipart
+ import (
+   "bytes"
+   "errors"
++  "fmt"
+   "io"
+   "io/ioutil"
+   "net/textproto"
+@@ -41,6 +42,9 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err 
error) {
+ 
+   // Reserve an additional 10 MB for non-file parts.
+   maxValueBytes := maxMemory + int64(10<<20)
++  if maxValueBytes <= 0 {
++  return nil, fmt.Errorf("multipart: integer overflow from 
maxMemory(%d) + 10MiB for non-file parts", maxMemory)
++  }
+   for {
+   p, err := r.NextPart()
+   if err == io.EOF {
+diff --git a/src/mime/multipart/formdata_test.go 
b/src/mime/multipart/formdata_test.go
+index 7d756c8c244a0..7112e0d3727fe 100644
+--- a/src/mime/multipart/formdata_test.go
 b/src/mime/multipart/formdata_test.go
+@@ -7,6 +7,7 @@ package multipart
+ import (
+   "bytes"
+   "io"
++  "math"
+   "os"
+   "strings"
+   "testing"
+@@ -52,6 +53,23 @@ func TestReadFormWithNamelessFile(t *testing.T) {
+   }
+ }
+ 
++// Issue 40430: Ensure that we report integer overflows in additions of 
maxMemory,
++// instead of

[OE-core][dunfell 4/7] flac: fix CVE-2020-22219

From: Michael Opdenacker 

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before
1.4.0 allows remote attackers to run arbitrary code via crafted input to
the encoder.

Signed-off-by: Meenali Gupta 
Signed-off-by: Michael Opdenacker 
Tested-by: Michael Opdenacker 
Signed-off-by: Steve Sakoman 
---
 .../flac/files/CVE-2020-22219.patch   | 197 ++
 meta/recipes-multimedia/flac/flac_1.3.3.bb|   1 +
 2 files changed, 198 insertions(+)
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch

diff --git a/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch 
b/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
new file mode 100644
index 00..e042872dc0
--- /dev/null
+++ b/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
@@ -0,0 +1,197 @@
+From 579ff6922089cbbbd179619e40e622e279bd719f Mon Sep 17 00:00:00 2001
+From: Martijn van Beurden 
+Date: Wed, 3 Aug 2022 13:52:19 +0200
+Subject: [PATCH] flac: Add and use _nofree variants of safe_realloc functions
+
+Parts of the code use realloc like
+
+x = safe_realloc(x, somesize);
+
+when this is the case, the safe_realloc variant used must free the
+old memory block in case it fails, otherwise it will leak. However,
+there are also instances in the code where handling is different:
+
+if (0 == (x = safe_realloc(y, somesize)))
+return false
+
+in this case, y should not be freed, as y is not set to NULL we
+could encounter double frees. Here the safe_realloc_nofree
+functions are used.
+
+Upstream-Status: Backport 
[https://github.com/xiph/flac/commit/21fe95ee828b0b9b944f6aa0bb02d24fbb981815]
+CVE: CVE-2020-22219
+
+Signed-off-by: Meenali Gupta 
+---
+ include/share/alloc.h | 41 +++
+ src/flac/encode.c |  4 ++--
+ src/flac/foreign_metadata.c   |  2 +-
+ src/libFLAC/bitwriter.c   |  2 +-
+ src/libFLAC/metadata_object.c |  2 +-
+ src/plugin_common/tags.c  |  2 +-
+ src/share/utf8/iconvert.c |  2 +-
+ 7 files changed, 44 insertions(+), 11 deletions(-)
+
+diff --git a/include/share/alloc.h b/include/share/alloc.h
+index 914de9b..55bdd1d 100644
+--- a/include/share/alloc.h
 b/include/share/alloc.h
+@@ -161,17 +161,30 @@ static inline void *safe_realloc_(void *ptr, size_t size)
+   free(oldptr);
+   return newptr;
+ }
+-static inline void *safe_realloc_add_2op_(void *ptr, size_t size1, size_t 
size2)
++static inline void *safe_realloc_nofree_add_2op_(void *ptr, size_t size1, 
size_t size2)
++{
++  size2 += size1;
++  if(size2 < size1)
++  return 0;
++  return realloc(ptr, size2);
++}
++
++static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t 
size2, size_t size3)
+ {
+   size2 += size1;
+   if(size2 < size1) {
+   free(ptr);
+   return 0;
+   }
+-  return realloc(ptr, size2);
++  size3 += size2;
++  if(size3 < size2) {
++  free(ptr);
++  return 0;
++  }
++  return safe_realloc_(ptr, size3);
+ }
+
+-static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t 
size2, size_t size3)
++static inline void *safe_realloc_nofree_add_3op_(void *ptr, size_t size1, 
size_t size2, size_t size3)
+ {
+   size2 += size1;
+   if(size2 < size1)
+@@ -182,7 +195,7 @@ static inline void *safe_realloc_add_3op_(void *ptr, 
size_t size1, size_t size2,
+   return realloc(ptr, size3);
+ }
+
+-static inline void *safe_realloc_add_4op_(void *ptr, size_t size1, size_t 
size2, size_t size3, size_t size4)
++static inline void *safe_realloc_nofree_add_4op_(void *ptr, size_t size1, 
size_t size2, size_t size3, size_t size4)
+ {
+   size2 += size1;
+   if(size2 < size1)
+@@ -205,6 +218,15 @@ static inline void *safe_realloc_mul_2op_(void *ptr, 
size_t size1, size_t size2)
+   return safe_realloc_(ptr, size1*size2);
+ }
+
++static inline void *safe_realloc_nofree_mul_2op_(void *ptr, size_t size1, 
size_t size2)
++{
++  if(!size1 || !size2)
++  return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
++  if(size1 > SIZE_MAX / size2)
++  return 0;
++  return realloc(ptr, size1*size2);
++}
++
+ /* size1 * (size2 + size3) */
+ static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t 
size2, size_t size3)
+ {
+@@ -216,4 +238,15 @@ static inline void *safe_realloc_muladd2_(void *ptr, 
size_t size1, size_t size2,
+   return safe_realloc_mul_2op_(ptr, size1, size2);
+ }
+
++/* size1 * (size2 + size3) */
++static inline void *safe_realloc_nofree_muladd2_(void *ptr, size_t size1, 
size_t size2, size_t size3)
++{
++  if(!size1 || (!size2 && !size3))
++  return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
++  size2 += size3;
++  if(size2 < size3)
++  return 0;
++  return safe_realloc_nofree_mul_2op_(ptr, size1, size2);
++}
++
+ #endif
+diff --git

[OE-core][dunfell 2/7] libxml2: Fix CVE-2023-39615

From: Siddharth Doshi 

Upstream-Status: Backport from 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9,
 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
CVE: CVE-2023-39615
Signed-off-by: Siddharth Doshi 
Signed-off-by: Steve Sakoman 
---
 .../libxml/libxml2/CVE-2023-39615-0001.patch  | 36 ++
 .../libxml/libxml2/CVE-2023-39615-0002.patch  | 71 +++
 .../libxml/libxml2/CVE-2023-39615-pre.patch   | 44 
 meta/recipes-core/libxml/libxml2_2.9.10.bb|  3 +
 4 files changed, 154 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
new file mode 100644
index 00..9689cec67d
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
@@ -0,0 +1,36 @@
+From d0c3f01e110d54415611c5fa0040cdf4a56053f9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Sat, 6 May 2023 17:47:37 +0200
+Subject: [PATCH] parser: Fix old SAX1 parser with custom callbacks
+
+For some reason, xmlCtxtUseOptionsInternal set the start and end element
+SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1
+was specified. This means that custom SAX handlers could never work with
+that flag because these functions would receive the wrong user data
+argument and crash immediately.
+
+Fixes #535.
+
+Upstream-Status: Backport from 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9]
+CVE: CVE-2023-39615
+Signed-off-by: Siddharth Doshi 
+---
+ parser.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 6e09208..7814e6e 100644
+--- a/parser.c
 b/parser.c
+@@ -15156,8 +15156,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int 
options, const char *encodi
+ }
+ #ifdef LIBXML_SAX1_ENABLED
+ if (options & XML_PARSE_SAX1) {
+-ctxt->sax->startElement = xmlSAX2StartElement;
+-ctxt->sax->endElement = xmlSAX2EndElement;
+ ctxt->sax->startElementNs = NULL;
+ ctxt->sax->endElementNs = NULL;
+ ctxt->sax->initialized = 1;
+-- 
+2.24.4
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
new file mode 100644
index 00..ebd9868fac
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
@@ -0,0 +1,71 @@
+From 235b15a590eecf97b09e87bdb7e4f8333e9de129 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Mon, 8 May 2023 17:58:02 +0200
+Subject: [PATCH] SAX: Always initialize SAX1 element handlers
+
+Follow-up to commit d0c3f01e. A parser context will be initialized to
+SAX version 2, but this can be overridden with XML_PARSE_SAX1 later,
+so we must initialize the SAX1 element handlers as well.
+
+Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so
+we don't switch to SAX1 if the SAX2 element handlers are NULL.
+
+Upstream-Status: Backport from 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
+CVE: CVE-2023-39615
+Signed-off-by: Siddharth Doshi 
+---
+ SAX2.c   | 11 +++
+ parser.c |  5 +
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/SAX2.c b/SAX2.c
+index 5f141f9..902d34d 100644
+--- a/SAX2.c
 b/SAX2.c
+@@ -2869,20 +2869,23 @@ xmlSAXVersion(xmlSAXHandler *hdlr, int version)
+ {
+ if (hdlr == NULL) return(-1);
+ if (version == 2) {
+-  hdlr->startElement = NULL;
+-  hdlr->endElement = NULL;
+   hdlr->startElementNs = xmlSAX2StartElementNs;
+   hdlr->endElementNs = xmlSAX2EndElementNs;
+   hdlr->serror = NULL;
+   hdlr->initialized = XML_SAX2_MAGIC;
+ #ifdef LIBXML_SAX1_ENABLED
+ } else if (version == 1) {
+-  hdlr->startElement = xmlSAX2StartElement;
+-  hdlr->endElement = xmlSAX2EndElement;
+   hdlr->initialized = 1;
+ #endif /* LIBXML_SAX1_ENABLED */
+ } else
+ return(-1);
++#ifdef LIBXML_SAX1_ENABLED
++hdlr->startElement = xmlSAX2StartElement;
++hdlr->endElement = xmlSAX2EndElement;
++#else
++hdlr->startElement = NULL;
++hdlr->endElement = NULL;
++#endif /* LIBXML_SAX1_ENABLED */
+ hdlr->internalSubset = xmlSAX2InternalSubset;
+ hdlr->externalSubset = xmlSAX2ExternalSubset;
+ hdlr->isStandalone = xmlSAX2IsStandalone;
+diff --git a/parser.c b/parser.c
+index 7814e6e..cf0fb38 100644
+--- a/parser.c
 b/parser.c
+@@ -1102,10 +1102,7 @@ xmlDetectSAX2(xmlParserCtxtPtr ctxt) {
+ if (ctxt == NULL) return;
+ sax = ctxt->sax;
+ #ifdef LIBXML_SAX1_ENABLED
+-if ((sax) &&  (sax->initialized == XML_SAX2_MAGIC) &&
+-((sax->startElementNs != NULL)

[OE-core][dunfell 1/7] gdb: Fix CVE-2023-39128

From: Siddharth Doshi 

Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are
disabling gdb in binutils configure.

Upstream-Status: Backport from 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
CVE: CVE-2023-39128
Signed-off-by: Siddharth Doshi 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/gdb/gdb-9.1.inc |  1 +
 .../gdb/gdb/0012-CVE-2023-39128.patch | 75 +++
 2 files changed, 76 insertions(+)
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch

diff --git a/meta/recipes-devtools/gdb/gdb-9.1.inc 
b/meta/recipes-devtools/gdb/gdb-9.1.inc
index d019e6b384..212c554cf1 100644
--- a/meta/recipes-devtools/gdb/gdb-9.1.inc
+++ b/meta/recipes-devtools/gdb/gdb-9.1.inc
@@ -16,6 +16,7 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
file://0009-resolve-restrict-keyword-conflict.patch \
file://0010-Fix-invalid-sigprocmask-call.patch \
file://0011-gdbserver-ctrl-c-handling.patch \
+   file://0012-CVE-2023-39128.patch \
"
 SRC_URI[md5sum] = "f7e9f6236c425097d9e5f18a6ac40655"
 SRC_URI[sha256sum] = 
"699e0ec832fdd2f21c8266171ea5bf44024bd05164fdf064e4d10cc4cf0d1737"
diff --git a/meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch 
b/meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
new file mode 100644
index 00..6445455bde
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
@@ -0,0 +1,75 @@
+From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001
+From: Tom Tromey 
+Date: Wed, 16 Aug 2023 11:29:19 -0600
+Subject: [PATCH] Avoid buffer overflow in ada_decode
+
+A bug report pointed out a buffer overflow in ada_decode, which Keith
+helpfully analyzed.  ada_decode had a logic error when the input was
+all digits.  While this isn't valid -- and would probably only appear
+in fuzzer tests -- it still should be handled properly.
+
+This patch adds a missing bounds check.  Tested with the self-tests in
+an asan build.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
+Reviewed-by: Keith Seitz 
+
+Upstream-Status: Backport from 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
   
+CVE: CVE-2023-39128
+Signed-off-by: Siddharth Doshi 
+---
+ gdb/ada-lang.c | 19 ++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
+index 0c2d4fc..40852b6 100644
+--- a/gdb/ada-lang.c
 b/gdb/ada-lang.c
+@@ -56,6 +56,7 @@
+ #include "cli/cli-utils.h"
+ #include "gdbsupport/function-view.h"
+ #include "gdbsupport/byte-vector.h"
++#include "gdbsupport/selftest.h"
+ #include 
+ 
+ /* Define whether or not the C operator '/' truncates towards zero for
+@@ -1184,7 +1185,7 @@ ada_decode (const char *encoded)
+ i -= 1;
+   if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
+ len0 = i - 1;
+-  else if (encoded[i] == '$')
++  else if (i >= 0 && encoded[i] == '$')
+ len0 = i;
+ }
+ 
+@@ -1350,6 +1351,18 @@ Suppress:
+ 
+ }
+ 
++#ifdef GDB_SELF_TEST
++
++static void
++ada_decode_tests ()
++{
++  /* This isn't valid, but used to cause a crash.  PR gdb/30639.  The
++ result does not really matter very much.  */
++  SELF_CHECK (ada_decode ("44") == "44");
++}
++
++#endif
++
+ /* Table for keeping permanent unique copies of decoded names.  Once
+allocated, names in this table are never released.  While this is a
+storage leak, it should not be significant unless there are massive
+@@ -14345,4 +14358,8 @@ DWARF attribute."),
+   gdb::observers::new_objfile.attach (ada_new_objfile_observer);
+   gdb::observers::free_objfile.attach (ada_free_objfile_observer);
+   gdb::observers::inferior_exit.attach (ada_inferior_exit);
++
++#ifdef GDB_SELF_TEST
++  selftests::register_test ("ada-decode", ada_decode_tests);
++#endif
+ }
+-- 
+2.24.4
+
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188247): 
https://lists.openembedded.org/g/openembedded-core/message/188247
Mute This Topic: https://lists.openembedded.org/mt/101596328/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 0/7] Patch review

2023-09-26 Thread A. Sverdlin via lists.openembedded.org

Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947

The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a:

  build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 
-1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Archana Polampalli (1):
  vim: upgrade 9.0.1592 -> 9.0.1664

Michael Opdenacker (1):
  flac: fix CVE-2020-22219

Richard Purdie (1):
  vim: Upgrade 9.0.1664 -> 9.0.1894

Ross Burton (1):
  gcc: Fix -fstack-protector issue on aarch64

Siddharth Doshi (2):
  gdb: Fix CVE-2023-39128
  libxml2: Fix CVE-2023-39615

Vijay Anusuri (1):
  go: Backport fix for CVE-2022-41725 and CVE-2023-24536

 .../libxml/libxml2/CVE-2023-39615-0001.patch  |   36 +
 .../libxml/libxml2/CVE-2023-39615-0002.patch  |   71 +
 .../libxml/libxml2/CVE-2023-39615-pre.patch   |   44 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb|3 +
 meta/recipes-devtools/gcc/gcc-9.5.inc |1 +
 .../gcc/gcc-9.5/CVE-2023-4039.patch   | 1506 +
 meta/recipes-devtools/gdb/gdb-9.1.inc |1 +
 .../gdb/gdb/0012-CVE-2023-39128.patch |   75 +
 meta/recipes-devtools/go/go-1.14.inc  |7 +
 .../go/go-1.14/CVE-2022-41725-pre1.patch  |   85 +
 .../go/go-1.14/CVE-2022-41725-pre2.patch  |   97 ++
 .../go/go-1.14/CVE-2022-41725-pre3.patch  |   98 ++
 .../go/go-1.14/CVE-2022-41725.patch   |  660 
 .../go/go-1.14/CVE-2023-24536_1.patch |  134 ++
 .../go/go-1.14/CVE-2023-24536_2.patch |  184 ++
 .../go/go-1.14/CVE-2023-24536_3.patch |  349 
 .../flac/files/CVE-2020-22219.patch   |  197 +++
 meta/recipes-multimedia/flac/flac_1.3.3.bb|1 +
 meta/recipes-support/vim/vim.inc  |6 +-
 19 files changed, 3552 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188246): 
https://lists.openembedded.org/g/openembedded-core/message/188246
Mute This Topic: https://lists.openembedded.org/mt/101596327/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] oe-find-native-sysroot: avoid warning message messing things up

2023-09-26 Thread Peter Kjellerstedt

NAK

This is no longer needed since commit 6b7883533 (bitbake-getvar: Make --value 
imply –quiet) landed in bitbake.

//Peter

From: openembedded-core@lists.openembedded.org 
 On Behalf Of Jose Quaresma
Sent: den 26 september 2023 12:21
To: qi.c...@windriver.com
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] oe-find-native-sysroot: avoid warning message 
messing things up

Hi Chen,

I have raised this when it lands
https://lists.openembedded.org/g/openembedded-core/message/187378

Tested.by: Jose Quaresma 
mailto:quaresma.j...@gmail.com>>
Jose
Chen Qi via lists.openembedded.org 
mailto:windriver@lists.openembedded.org>>
 escreveu no dia terça, 26/09/2023 à(s) 11:15:
From: Chen Qi mailto:qi.c...@windriver.com>>

Add '-q' option to bitbake-getvar to avoid warning messages contaminating
the actual result.

Signed-off-by: Chen Qi mailto:qi.c...@windriver.com>>
---
 scripts/oe-find-native-sysroot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/oe-find-native-sysroot b/scripts/oe-find-native-sysroot
index 6228efcbee..541318b461 100755
--- a/scripts/oe-find-native-sysroot
+++ b/scripts/oe-find-native-sysroot
@@ -38,7 +38,7 @@ fi
 # Global vars
 set_oe_native_sysroot(){
 echo "Getting sysroot..."
-OECORE_NATIVE_SYSROOT=$(bitbake-getvar -r $1 --value STAGING_DIR_NATIVE)
+OECORE_NATIVE_SYSROOT=$(bitbake-getvar -q -r $1 --value STAGING_DIR_NATIVE)
 }

 if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
--
2.40.0





--
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188245): 
https://lists.openembedded.org/g/openembedded-core/message/188245
Mute This Topic: https://lists.openembedded.org/mt/101592501/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] kernel.bbclass: Add force flag to rm calls

From: Ryan Eatmon 

The latest 6.5 kernels do not appear to create the source file in
${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source so the
recipe errors out when trying to remove it.  Simple fix is to add the
-f (force) flag to the call.

(From OE-Core rev: 2e669bf797b15d803e7d6a700e449bdc467a4bcc)

Signed-off-by: Ryan Eatmon 
Signed-off-by: Richard Purdie 
Signed-off-by: Alexander Sverdlin 
---
 meta/classes/kernel.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index f7d199e917..5951347361 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -442,8 +442,8 @@ kernel_do_install() {
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE
if (grep -q -i -e '^CONFIG_MODULES=y$' .config); then
oe_runmake DEPMOD=echo 
MODLIB=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION} 
INSTALL_FW_PATH=${D}${nonarch_base_libdir}/firmware modules_install
-   rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
-   rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
+   rm -f 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
+   rm -f 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
# Remove empty module directories to prevent QA issues
find 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty 
-delete
else
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188244): 
https://lists.openembedded.org/g/openembedded-core/message/188244
Mute This Topic: https://lists.openembedded.org/mt/101592800/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] oe-find-native-sysroot: avoid warning message messing things up

2023-09-26 Thread Jose Quaresma

Hi Chen,

I have raised this when it lands
https://lists.openembedded.org/g/openembedded-core/message/187378

Tested.by: Jose Quaresma 

Jose

Chen Qi via lists.openembedded.org  escreveu no dia terça, 26/09/2023
à(s) 11:15:

> From: Chen Qi 
>
> Add '-q' option to bitbake-getvar to avoid warning messages contaminating
> the actual result.
>
> Signed-off-by: Chen Qi 
> ---
>  scripts/oe-find-native-sysroot | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/oe-find-native-sysroot
> b/scripts/oe-find-native-sysroot
> index 6228efcbee..541318b461 100755
> --- a/scripts/oe-find-native-sysroot
> +++ b/scripts/oe-find-native-sysroot
> @@ -38,7 +38,7 @@ fi
>  # Global vars
>  set_oe_native_sysroot(){
>  echo "Getting sysroot..."
> -OECORE_NATIVE_SYSROOT=$(bitbake-getvar -r $1 --value
> STAGING_DIR_NATIVE)
> +OECORE_NATIVE_SYSROOT=$(bitbake-getvar -q -r $1 --value
> STAGING_DIR_NATIVE)
>  }
>
>  if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
> --
> 2.40.0
>
>
> 
>
>

-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188243): 
https://lists.openembedded.org/g/openembedded-core/message/188243
Mute This Topic: https://lists.openembedded.org/mt/101592501/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] oe-find-native-sysroot: avoid warning message messing things up

2023-09-26 Thread Chen Qi via lists.openembedded.org

From: Chen Qi 

Add '-q' option to bitbake-getvar to avoid warning messages contaminating
the actual result.

Signed-off-by: Chen Qi 
---
 scripts/oe-find-native-sysroot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/oe-find-native-sysroot b/scripts/oe-find-native-sysroot
index 6228efcbee..541318b461 100755
--- a/scripts/oe-find-native-sysroot
+++ b/scripts/oe-find-native-sysroot
@@ -38,7 +38,7 @@ fi
 # Global vars
 set_oe_native_sysroot(){
 echo "Getting sysroot..."
-OECORE_NATIVE_SYSROOT=$(bitbake-getvar -r $1 --value STAGING_DIR_NATIVE)
+OECORE_NATIVE_SYSROOT=$(bitbake-getvar -q -r $1 --value STAGING_DIR_NATIVE)
 }
 
 if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188242): 
https://lists.openembedded.org/g/openembedded-core/message/188242
Mute This Topic: https://lists.openembedded.org/mt/101592501/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V6] tar: add ptest support

On Tue, 26 Sept 2023 at 11:17, qi...@fujitsu.com  wrote:
> +Upstream-Status: Submitted 
> [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=39849e9d91f477d3fb839f93cd0815d0cb3273e9]

Thanks, this is nearly fine, only this line should say:

Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/tar.git/commit/?id=39849e9d91f477d3fb839f93cd0815d0cb3273e9]

'Submitted' means the patch was sent upstream, but is in review and
has not yet been merged into the trunk development branch. It also
needs a link to the upstream submission (e.g. github pull request, or
an email thread in the mailing list archive).

'Backport' is when the patch is already in that branch, and is
expected to be included automatically in the next release.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188241): 
https://lists.openembedded.org/g/openembedded-core/message/188241
Mute This Topic: https://lists.openembedded.org/mt/101592074/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH V6] tar: add ptest support

2023-09-26 Thread qi...@fujitsu.com

From: Qiu Tingting 

Add a ptest for tar.
- It is taking around 3m to execute with kvm, so added it to PTEST_SLOW.
- It contains 244 cases.
- Below is parts of the run log:
  START: ptest-runner
  2023-09-26T08:37
  BEGIN: /usr/lib/tar/ptest
  ##  ##
  ## GNU tar 1.35 test suite. ##
  ##  ##
  PASS: tar version
  PASS: decompressing from stdin
  ...
  200 tests were successful.
  44 tests were skipped.
  DURATION: 190
  END: /usr/lib/tar/ptest
  2023-09-26T08:40
  STOP: ptest-runner
  TOTAL: 1 FAIL: 0

Signed-off-by: Qiu Tingting 
Signed-off-by: Yan Xinkuan 
---
 .../distro/include/ptest-packagelists.inc |   1 +
 meta/recipes-core/images/core-image-ptest.bb  |   3 +
 .../tar/tar/0001-tests-fix-TESTSUITE_AT.patch | 228 ++
 ...2-tests-check-for-recently-fixed-bug.patch |  60 +
 ...rectory-with-writing-from-an-archive.patch | 112 +
 meta/recipes-extended/tar/tar/run-ptest   |  14 ++
 meta/recipes-extended/tar/tar_1.35.bb |  34 +++
 7 files changed, 452 insertions(+)
 create mode 100644 
meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
 create mode 100644 
meta/recipes-extended/tar/tar/0002-tests-check-for-recently-fixed-bug.patch
 create mode 100644 
meta/recipes-extended/tar/tar/0003-Exclude-VCS-directory-with-writing-from-an-archive.patch
 create mode 100644 meta/recipes-extended/tar/tar/run-ptest

diff --git a/meta/conf/distro/include/ptest-packagelists.inc 
b/meta/conf/distro/include/ptest-packagelists.inc
index 9160103cb0..3df7c9e405 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -109,6 +109,7 @@ PTESTS_SLOW = "\
 python3-cryptography \
 python3 \
 strace \
+tar \
 tcl \
 util-linux \
 valgrind \
diff --git a/meta/recipes-core/images/core-image-ptest.bb 
b/meta/recipes-core/images/core-image-ptest.bb
index b81ab7b7c8..b6f5c2fd60 100644
--- a/meta/recipes-core/images/core-image-ptest.bb
+++ b/meta/recipes-core/images/core-image-ptest.bb
@@ -24,6 +24,9 @@ IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
 
+# tar-ptest in particular needs more space
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-tar = "1524288"
+
 # ptests need more memory than standard to avoid the OOM killer
 QB_MEM = "-m 1024"
 QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096"
diff --git a/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch 
b/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
new file mode 100644
index 00..00caeee767
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/0001-tests-fix-TESTSUITE_AT.patch
@@ -0,0 +1,228 @@
+From 39849e9d91f477d3fb839f93cd0815d0cb3273e9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert 
+Date: Tue, 18 Jul 2023 09:15:03 -0700
+Subject: tests: fix TESTSUITE_AT
+
+Problem reported by Lukas Javorsky  in:
+https://lists.gnu.org/r/bug-tar/2023-07/msg2.html
+* tests/Makefile.am (TESTSUITE_AT): Add exclude17.at, exclude18.at.
+Remove compress.m4; all uses changed.  Add a comment saying how
+to rederive this.  Sort.
+
+Upstream-Status: Submitted 
[https://git.savannah.gnu.org/cgit/tar.git/commit/?id=39849e9d91f477d3fb839f93cd0815d0cb3273e9]
+---
+ tests/Makefile.am | 93 ---
+ 1 file changed, 48 insertions(+), 45 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 4a8f501..1884b72 100644
+--- a/tests/Makefile.am
 b/tests/Makefile.am
+@@ -45,21 +45,24 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac
+ ## Test suite.  ##
+ ##  ##
+ 
++# You can generate the body of this macro with the following shell command:
++# LC_ALL=C ls *.at */*.at | sed -e 's/^/ /' -e '$!s/$/\\/'
+ TESTSUITE_AT = \
+- testsuite.at\
+- compress.m4\
+  T-cd.at\
+  T-dir00.at\
+  T-dir01.at\
+  T-empty.at\
++ T-mult.at\
++ T-nest.at\
++ T-nonl.at\
+  T-null.at\
+  T-null2.at\
+  T-rec.at\
+  T-recurse.at\
+  T-zfile.at\
+- T-nonl.at\
+- T-mult.at\
+- T-nest.at\
++ acls01.at\
++ acls02.at\
++ acls03.at\
+  add-file.at\
+  append.at\
+  append01.at\
+@@ -68,14 +71,15 @@ TESTSUITE_AT = \
+  append04.at\
+  append05.at\
+  backup01.at\
+- chtype.at\
+- comprec.at\
+- comperr.at\
++ capabs_raw01.at\
+  checkpoint/defaults.at\
+- checkpoint/interval.at\
+- checkpoint/dot.at\
+  checkpoint/dot-compat.at\
+  checkpoint/dot-int.at\
++ checkpoint/dot.at\
++ checkpoint/interval.at\
++ chtype.at\
++ comperr.at\
++ comprec.at\
+  delete01.at\
+  delete02.at\
+  delete03.at\
+@@ -83,6 +87,8 @@ TESTSUITE_AT = \
+  delete05.at\
+  delete06.at\
+  difflink.at\
++ dirrem01.at\
++ dirrem02.at\
+  exclude.at\
+  exclude01.at\
+  exclude02.at\
+@@ -100,6 +106,8 @@ TESTSUITE_AT = \
+  exclude14.at\
+  exclude15.at\
+  exclude16.at\
++ exclude17.at\
++ exclude18.at\
+  extrac01.at\
+

[OE-core] [PATCH] python3-zipp: upgrade 3.16.2 -> 3.17.0

From: Wang Mingyu 

Changelog:
===
-Added CompleteDirs.inject classmethod to make available for use elsewhere.
-Avoid matching path separators for '?' in glob.

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-zipp_3.16.2.bb => python3-zipp_3.17.0.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-zipp_3.16.2.bb => 
python3-zipp_3.17.0.bb} (85%)

diff --git a/meta/recipes-devtools/python/python3-zipp_3.16.2.bb 
b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
similarity index 85%
rename from meta/recipes-devtools/python/python3-zipp_3.16.2.bb
rename to meta/recipes-devtools/python/python3-zipp_3.17.0.bb
index 9dff59ffaf..11f3b5cda0 100644
--- a/meta/recipes-devtools/python/python3-zipp_3.16.2.bb
+++ b/meta/recipes-devtools/python/python3-zipp_3.17.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/jaraco/zipp;
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f"
 
-SRC_URI[sha256sum] = 
"ebc15946aa78bd63458992fc81ec3b6f7b1e92d51c35e6de1c3804e73b799147"
+SRC_URI[sha256sum] = 
"84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0"
 
 DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188239): 
https://lists.openembedded.org/g/openembedded-core/message/188239
Mute This Topic: https://lists.openembedded.org/mt/101591782/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-urllib3: upgrade 2.0.4 -> 2.0.5

From: Wang Mingyu 

Changelog:
==
-Allowed pyOpenSSL third-party module without any deprecation warning.
-Fixed default blocksize of HTTPConnection classes to match high-level
 classes. Previously was 8KiB, now 16KiB.

Signed-off-by: Wang Mingyu 
---
 .../{python3-urllib3_2.0.4.bb => python3-urllib3_2.0.5.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-urllib3_2.0.4.bb => 
python3-urllib3_2.0.5.bb} (87%)

diff --git a/meta/recipes-devtools/python/python3-urllib3_2.0.4.bb 
b/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-urllib3_2.0.4.bb
rename to meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
index 0abd2adf65..9c15791d34 100644
--- a/meta/recipes-devtools/python/python3-urllib3_2.0.4.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_2.0.5.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3;
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda"
 
-SRC_URI[sha256sum] = 
"8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11"
+SRC_URI[sha256sum] = 
"13abf37382ea2ce6fb744d4dad67838eec857c9f4f57009891805e0b5e123594"
 
 inherit pypi python_hatchling
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188238): 
https://lists.openembedded.org/g/openembedded-core/message/188238
Mute This Topic: https://lists.openembedded.org/mt/101591772/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-typing-extensions: upgrade 4.7.1 -> 4.8.0

From: Wang Mingyu 

Changelog:
===
-Add typing_extensions.Doc, as proposed by PEP 727.
-Drop support for Python 3.7 (including PyPy-3.7).
-Fix bug where get_original_bases() would return incorrect results when called
 on a concrete subclass of a generic class.
-Fix bug where ParamSpec(default=...) would raise a TypeError on Python 
versions <3.11.

Signed-off-by: Wang Mingyu 
---
 ...g-extensions_4.7.1.bb => python3-typing-extensions_4.8.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-typing-extensions_4.7.1.bb => 
python3-typing-extensions_4.8.0.bb} (91%)

diff --git a/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb 
b/meta/recipes-devtools/python/python3-typing-extensions_4.8.0.bb
similarity index 91%
rename from meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
rename to meta/recipes-devtools/python/python3-typing-extensions_4.8.0.bb
index 8ff77ba4fd..33749a9f0f 100644
--- a/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb
+++ b/meta/recipes-devtools/python/python3-typing-extensions_4.8.0.bb
@@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2"
 # The name on PyPi is slightly different.
 PYPI_PACKAGE = "typing_extensions"
 
-SRC_URI[sha256sum] = 
"b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2"
+SRC_URI[sha256sum] = 
"df8e4339e9cb77357558cbdbceca33c303714cf861d1eef15e1070055ae8b7ef"
 
 inherit pypi python_flit_core
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188237): 
https://lists.openembedded.org/g/openembedded-core/message/188237
Mute This Topic: https://lists.openembedded.org/mt/101591764/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-trove-classifiers: upgrade 2023.8.7 -> 2023.9.19

From: Wang Mingyu 

Changelog:
 Add Trove classifier for Django 5.0 (#153)

Signed-off-by: Wang Mingyu 
---
 ...fiers_2023.8.7.bb => python3-trove-classifiers_2023.9.19.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-trove-classifiers_2023.8.7.bb => 
python3-trove-classifiers_2023.9.19.bb} (87%)

diff --git a/meta/recipes-devtools/python/python3-trove-classifiers_2023.8.7.bb 
b/meta/recipes-devtools/python/python3-trove-classifiers_2023.9.19.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-trove-classifiers_2023.8.7.bb
rename to meta/recipes-devtools/python/python3-trove-classifiers_2023.9.19.bb
index 9aed0d62e4..aa062f659b 100644
--- a/meta/recipes-devtools/python/python3-trove-classifiers_2023.8.7.bb
+++ b/meta/recipes-devtools/python/python3-trove-classifiers_2023.9.19.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/trove-classifiers;
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRC_URI[sha256sum] = 
"c9f2a0a85d545e5362e967e4f069f56fddfd91215e22ffa48c66fb283521319a"
+SRC_URI[sha256sum] = 
"3e700af445c802f251ce2b741ee78d2e5dfa5ab8115b933b89ca631b414691c9"
 
 inherit pypi python_setuptools_build_meta ptest
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188236): 
https://lists.openembedded.org/g/openembedded-core/message/188236
Mute This Topic: https://lists.openembedded.org/mt/101591754/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-smmap: upgrade 5.0.0 -> 6.0.0

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-smmap_5.0.0.bb => python3-smmap_6.0.0.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-smmap_5.0.0.bb => 
python3-smmap_6.0.0.bb} (87%)

diff --git a/meta/recipes-devtools/python/python3-smmap_5.0.0.bb 
b/meta/recipes-devtools/python/python3-smmap_6.0.0.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-smmap_5.0.0.bb
rename to meta/recipes-devtools/python/python3-smmap_6.0.0.bb
index ea131ef793..02c43e069b 100644
--- a/meta/recipes-devtools/python/python3-smmap_5.0.0.bb
+++ b/meta/recipes-devtools/python/python3-smmap_6.0.0.bb
@@ -11,7 +11,7 @@ inherit pypi setuptools3
 
 PYPI_PACKAGE = "smmap"
 
-SRC_URI[sha256sum] = 
"c840e62059cd3be204b0c9c9f74be2c09d5648eddd4580d9314c3ecde0b30936"
+SRC_URI[sha256sum] = 
"8d79028ea6cc131da5eab099a5d95a998d43c6779956fffe3b455040911076da"
 
 RDEPENDS:${PN} += "${PYTHON_PN}-codecs \
${PYTHON_PN}-mmap \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188235): 
https://lists.openembedded.org/g/openembedded-core/message/188235
Mute This Topic: https://lists.openembedded.org/mt/101591733/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-pycryptodomex: upgrade 3.18.0 -> 3.19.0

From: Wang Mingyu 

Changelog:
===
-The update() methods of TupleHash128 and TupleHash256 objects can now hash
 multiple items (byte strings) at once. Thanks to Sylvain Pelissier.
-Added support for ECDH, with Crypto.Protocol.DH.
-GH#754: due to a bug in cffi, do not use it on Windows with Python 3.12+.

Signed-off-by: Wang Mingyu 
---
 ...-pycryptodomex_3.18.0.bb => python3-pycryptodomex_3.19.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-pycryptodomex_3.18.0.bb => 
python3-pycryptodomex_3.19.0.bb} (69%)

diff --git a/meta/recipes-devtools/python/python3-pycryptodomex_3.18.0.bb 
b/meta/recipes-devtools/python/python3-pycryptodomex_3.19.0.bb
similarity index 69%
rename from meta/recipes-devtools/python/python3-pycryptodomex_3.18.0.bb
rename to meta/recipes-devtools/python/python3-pycryptodomex_3.19.0.bb
index cbbc17adba..87aff01bfc 100644
--- a/meta/recipes-devtools/python/python3-pycryptodomex_3.18.0.bb
+++ b/meta/recipes-devtools/python/python3-pycryptodomex_3.19.0.bb
@@ -1,7 +1,7 @@
 require python-pycryptodome.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = 
"3e3ecb5fe979e7c1bb0027e518340acf7ee60415d79295e5251d13c68dde576e"
+SRC_URI[sha256sum] = 
"af83a554b3f077564229865c45af0791be008ac6469ef0098152139e6bd4b5b6"
 
 FILES:${PN}-tests = " \
 ${PYTHON_SITEPACKAGES_DIR}/Cryptodome/SelfTest/ \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188234): 
https://lists.openembedded.org/g/openembedded-core/message/188234
Mute This Topic: https://lists.openembedded.org/mt/101591721/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-pycryptodome: upgrade 3.18.0 -> 3.19.0

From: Wang Mingyu 

Changelog:
==
- The update() methods of TupleHash128 and TupleHash256 objects can now hash
 multiple items (byte strings) at once. Thanks to Sylvain Pelissier.
- Added support for ECDH, with Crypto.Protocol.DH.
- GH#754: due to a bug in cffi, do not use it on Windows with Python 3.12+.

Signed-off-by: Wang Mingyu 
---
 ...n3-pycryptodome_3.18.0.bb => python3-pycryptodome_3.19.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-pycryptodome_3.18.0.bb => 
python3-pycryptodome_3.19.0.bb} (38%)

diff --git a/meta/recipes-devtools/python/python3-pycryptodome_3.18.0.bb 
b/meta/recipes-devtools/python/python3-pycryptodome_3.19.0.bb
similarity index 38%
rename from meta/recipes-devtools/python/python3-pycryptodome_3.18.0.bb
rename to meta/recipes-devtools/python/python3-pycryptodome_3.19.0.bb
index a1e4b42bdf..92fe1aa17a 100644
--- a/meta/recipes-devtools/python/python3-pycryptodome_3.18.0.bb
+++ b/meta/recipes-devtools/python/python3-pycryptodome_3.19.0.bb
@@ -1,5 +1,5 @@
 require python-pycryptodome.inc
 inherit setuptools3
 
-SRC_URI[sha256sum] = 
"c9adee653fc882d98956e33ca2c1fb582e23a8af7ac82fee75bd6113c55a0413"
+SRC_URI[sha256sum] = 
"bc35d463222cdb4dbebd35e0784155c81e161b9284e567e7e933d722e51e"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188233): 
https://lists.openembedded.org/g/openembedded-core/message/188233
Mute This Topic: https://lists.openembedded.org/mt/101591707/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-hypothesis: upgrade 6.84.3 -> 6.86.2

From: Wang Mingyu 

Changelog:
===
-Hotfix for issue #3747, a bug in explain mode which is so rare that we missed
 it in six months of dogfooding.
-This patch improves the documentation of @example(...).xfail() by adding a
 note about PEP 614, similar to @example(...).via(), and adds a warning when a
 strategy generates a test case which seems identical to one provided by an
 xfailed example.
-This release enables the explain phase by default.
-This patch switches some of our type annotations to use typing.Literal when
 only a few specific values are allowed, such as UUID or IP address versions.
-This release deprecates the old whitelist/blacklist arguments to characters(),
 in favor of include/exclude arguments which more clearly describe their
 effects on the set of characters which can be generated.
-You can use Hypothesis; codemods to automatically upgrade to the new argument 
names.

Signed-off-by: Wang Mingyu 
---
 ...ython3-hypothesis_6.84.3.bb => python3-hypothesis_6.86.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-hypothesis_6.84.3.bb => 
python3-hypothesis_6.86.2.bb} (91%)

diff --git a/meta/recipes-devtools/python/python3-hypothesis_6.84.3.bb 
b/meta/recipes-devtools/python/python3-hypothesis_6.86.2.bb
similarity index 91%
rename from meta/recipes-devtools/python/python3-hypothesis_6.84.3.bb
rename to meta/recipes-devtools/python/python3-hypothesis_6.86.2.bb
index 21b0f65a8e..6ec1457e46 100644
--- a/meta/recipes-devtools/python/python3-hypothesis_6.84.3.bb
+++ b/meta/recipes-devtools/python/python3-hypothesis_6.86.2.bb
@@ -13,7 +13,7 @@ SRC_URI += " \
 file://test_rle.py \
 "
 
-SRC_URI[sha256sum] = 
"b4117f4138e81986cf62ad4e1410a021adeaa52e4b0326419da626cd7d3b6250"
+SRC_URI[sha256sum] = 
"e5d75d70f5a4fc372cddf03ec6141237a0a270ed106aeb2156a4984f06d37b0f"
 
 RDEPENDS:${PN} += " \
 python3-attrs \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188232): 
https://lists.openembedded.org/g/openembedded-core/message/188232
Mute This Topic: https://lists.openembedded.org/mt/101591703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-cryptography-vectors: upgrade 41.0.3 -> 41.0.4

From: Wang Mingyu 

Changelog:
 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3.

Signed-off-by: Wang Mingyu 
---
 ...vectors_41.0.3.bb => python3-cryptography-vectors_41.0.4.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-cryptography-vectors_41.0.3.bb => 
python3-cryptography-vectors_41.0.4.bb} (91%)

diff --git 
a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.3.bb 
b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.4.bb
similarity index 91%
rename from meta/recipes-devtools/python/python3-cryptography-vectors_41.0.3.bb
rename to meta/recipes-devtools/python/python3-cryptography-vectors_41.0.4.bb
index 1b499e0299..6b5d8adee9 100644
--- a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.3.bb
+++ b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.4.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \
 # NOTE: Make sure to keep this recipe at the same version as 
python3-cryptography
 #   Upgrade both recipes at the same time
 
-SRC_URI[sha256sum] = 
"80de0452c4b34f56f5518e81ebd75b6b905f5728aaed521d42e41f4ebc8a43fb"
+SRC_URI[sha256sum] = 
"440af2813ea7aeb52181ec651a36d9ae8f0976e8b3a62b411a800fe6fa57a19e"
 
 PYPI_PACKAGE = "cryptography_vectors"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188231): 
https://lists.openembedded.org/g/openembedded-core/message/188231
Mute This Topic: https://lists.openembedded.org/mt/101591692/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-subunit: upgrade 1.4.2 -> 1.4.3

From: Wang Mingyu 

License-Update: Rely on external copy of iso8601

Changelog:
==
* Subunit now has a dependency on an external iso8601
  module rather than shipping its own.
* Drop various compatibility wrappers for Python < 3.6.
* Fix "subunit-filter --fixup-expected-failures"
  on Python 3.

Signed-off-by: Wang Mingyu 
---
 .../{python3-subunit_1.4.2.bb => python3-subunit_1.4.3.bb}| 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-subunit_1.4.2.bb => 
python3-subunit_1.4.3.bb} (74%)

diff --git a/meta/recipes-devtools/python/python3-subunit_1.4.2.bb 
b/meta/recipes-devtools/python/python3-subunit_1.4.3.bb
similarity index 74%
rename from meta/recipes-devtools/python/python3-subunit_1.4.2.bb
rename to meta/recipes-devtools/python/python3-subunit_1.4.3.bb
index a018ef1dc8..9b231bbe37 100644
--- a/meta/recipes-devtools/python/python3-subunit_1.4.2.bb
+++ b/meta/recipes-devtools/python/python3-subunit_1.4.3.bb
@@ -2,11 +2,11 @@ SUMMARY = "Python implementation of subunit test streaming 
protocol"
 HOMEPAGE = "https://pypi.org/project/python-subunit/;
 SECTION = "devel/python"
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = 
"file://README.rst;beginline=1;endline=20;md5=909c08e291647fd985fbe5d9836d51b6"
+LIC_FILES_CHKSUM = 
"file://README.rst;beginline=1;endline=20;md5=571e2d702e247b9d8a7745b3b54315ed"
 
 PYPI_PACKAGE = "python-subunit"
 
-SRC_URI[sha256sum] = 
"2988d324d55ec35dd037e502e3f74ac38f4e457bd44ee0edf5e898f7ee1134d4"
+SRC_URI[sha256sum] = 
"9ee76092d5b0a02055219763f1aa9e28835f2dd722f03ea9fd8d68e4066b3378"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188230): 
https://lists.openembedded.org/g/openembedded-core/message/188230
Mute This Topic: https://lists.openembedded.org/mt/101591682/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-numpy: upgrade 1.25.2 -> 1.26.0

From: Wang Mingyu 

License-Update: split license file in standard BSD 3-clause and bundled.

Changelog:
==
Python 3.12.0 support.
Cython 3.0.0 compatibility.
Use of the Meson build system
Updated SIMD support
f2py fixes, meson and bind(x) support
Support for the updated Accelerate BLAS/LAPACK library

Signed-off-by: Wang Mingyu 
---
 .../{python3-numpy_1.25.2.bb => python3-numpy_1.26.0.bb}  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-numpy_1.25.2.bb => 
python3-numpy_1.26.0.bb} (94%)

diff --git a/meta/recipes-devtools/python/python3-numpy_1.25.2.bb 
b/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
similarity index 94%
rename from meta/recipes-devtools/python/python3-numpy_1.25.2.bb
rename to meta/recipes-devtools/python/python3-numpy_1.26.0.bb
index 4793b23a38..e94e431209 100644
--- a/meta/recipes-devtools/python/python3-numpy_1.25.2.bb
+++ b/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://numpy.org/;
 DESCRIPTION = "NumPy is the fundamental package needed for scientific 
computing with Python."
 SECTION = "devel/python"
 LICENSE = "BSD-3-Clause & BSD-2-Clause & PSF-2.0 & Apache-2.0 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7614a5b0073688df53773ec6ec7fe81d"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a752eb20459cf74a9d84ee4825e8317c"
 
 SRCNAME = "numpy"
 
@@ -13,7 +13,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
file://disable_blas.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = 
"fd608e19c8d7c55021dffd43bfe5492fab8cc105cc8986f813f8c3c048b38760"
+SRC_URI[sha256sum] = 
"f93fc78fe8bf15afe2b8d6b6499f1c73953169fad1e9a8dd086cdff3190e7fdf"
 
 GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases;
 UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P\d+(\.\d+)+)$"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188229): 
https://lists.openembedded.org/g/openembedded-core/message/188229
Mute This Topic: https://lists.openembedded.org/mt/101591676/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] gobject-introspection: upgrade 1.78.0 -> 1.78.1

From: Wang Mingyu 

Changelog:
 Avoid undefined behaviour in the Regress test suite

Signed-off-by: Wang Mingyu 
---
 ...-introspection_1.78.0.bb => gobject-introspection_1.78.1.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename 
meta/recipes-gnome/gobject-introspection/{gobject-introspection_1.78.0.bb => 
gobject-introspection_1.78.1.bb} (99%)

diff --git 
a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.0.bb 
b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.1.bb
similarity index 99%
rename from 
meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.0.bb
rename to 
meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.1.bb
index 42b0979aaf..2c6fb7aaa3 100644
--- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.0.bb
+++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.78.1.bb
@@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=c434e8128a68bedd59b80b2ac1eb1c4a \
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${@oe.utils.trim_version("${PV}", 
2)}/${BPN}-${PV}.tar.xz \
"
 
-SRC_URI[sha256sum] = 
"84f5bd2038bd52abbce74a639832c5b46a2d17e9c5a8ae14f9788e8516c04166"
+SRC_URI[sha256sum] = 
"bd7babd99af7258e76819e45ba4a6bc399608fe762d83fde3cac033c50841bb4"
 
 SRC_URI:append:class-native = " 
file://0001-Relocate-the-repository-directory-for-native-builds.patch"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188228): 
https://lists.openembedded.org/g/openembedded-core/message/188228
Mute This Topic: https://lists.openembedded.org/mt/101591672/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libsecret: upgrade 0.21.0 -> 0.21.1

From: Wang Mingyu 

Changelog:
===
 * Fix updating credentials by another process in the same Flatpak sandbox 
[#62, !99]
 * Migrate to g_memdup2 [!121]
 * Print error logs in CI [!125]
 * Updated translations

Signed-off-by: Wang Mingyu 
---
 .../libsecret/{libsecret_0.21.0.bb => libsecret_0.21.1.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-gnome/libsecret/{libsecret_0.21.0.bb => 
libsecret_0.21.1.bb} (91%)

diff --git a/meta/recipes-gnome/libsecret/libsecret_0.21.0.bb 
b/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
similarity index 91%
rename from meta/recipes-gnome/libsecret/libsecret_0.21.0.bb
rename to meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
index 8f560f9f39..63102476cb 100644
--- a/meta/recipes-gnome/libsecret/libsecret_0.21.0.bb
+++ b/meta/recipes-gnome/libsecret/libsecret_0.21.1.bb
@@ -14,7 +14,7 @@ inherit gnomebase gi-docgen vala gobject-introspection 
manpages
 
 DEPENDS += "glib-2.0 libgcrypt gettext-native"
 
-SRC_URI[archive.sha256sum] = 
"2735b29d1cc0e5b12ba90bee88bd21774ac8db4ae1a4b716f46c409c19a14613"
+SRC_URI[archive.sha256sum] = 
"674f51323a5f74e4cb7e3277da68b5afddd333eca25bc9fd2d820a92972f90b1"
 
 GTKDOC_MESON_OPTION = 'gtk_doc'
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188227): 
https://lists.openembedded.org/g/openembedded-core/message/188227
Mute This Topic: https://lists.openembedded.org/mt/101591668/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] kbd: upgrade 2.6.2 -> 2.6.3

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 meta/recipes-core/kbd/{kbd_2.6.2.bb => kbd_2.6.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/kbd/{kbd_2.6.2.bb => kbd_2.6.3.bb} (94%)

diff --git a/meta/recipes-core/kbd/kbd_2.6.2.bb 
b/meta/recipes-core/kbd/kbd_2.6.3.bb
similarity index 94%
rename from meta/recipes-core/kbd/kbd_2.6.2.bb
rename to meta/recipes-core/kbd/kbd_2.6.3.bb
index abd039f7a9..5287781ac1 100644
--- a/meta/recipes-core/kbd/kbd_2.6.2.bb
+++ b/meta/recipes-core/kbd/kbd_2.6.3.bb
@@ -16,7 +16,7 @@ RCONFLICTS:${PN} = "console-tools"
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \
"
 
-SRC_URI[sha256sum] = 
"33e3bb3c3f55933b10f053b14b5f69a2e24c28543e9ec7690246fe47628dd94f"
+SRC_URI[sha256sum] = 
"04996c08d7d1c460966fb244a3d3883352c2674b7ad522003d9f4ecb8ab48deb"
 
 EXTRA_OECONF = "--disable-tests"
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188226): 
https://lists.openembedded.org/g/openembedded-core/message/188226
Mute This Topic: https://lists.openembedded.org/mt/101591665/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] harfbuzz: upgrade 8.2.0 -> 8.2.1

From: Wang Mingyu 

Changelog:
 Unicode 15.1 support.

Signed-off-by: Wang Mingyu 
---
 .../harfbuzz/{harfbuzz_8.2.0.bb => harfbuzz_8.2.1.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/harfbuzz/{harfbuzz_8.2.0.bb => harfbuzz_8.2.1.bb} 
(95%)

diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.0.bb 
b/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb
similarity index 95%
rename from meta/recipes-graphics/harfbuzz/harfbuzz_8.2.0.bb
rename to meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb
index 1e60844204..df41af29f9 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.0.bb
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.1.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \
 "
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = 
"8cb7117a62f42d5ad25d4a697e1bbfc65933b3eed2ee7f247203c79c9f1b514c"
+SRC_URI[sha256sum] = 
"0fec78f98c9c8faf228957a201c8846f809452c20f8445eb092a1ba6f22dbea5"
 
 DEPENDS += "glib-2.0-native"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188225): 
https://lists.openembedded.org/g/openembedded-core/message/188225
Mute This Topic: https://lists.openembedded.org/mt/101591662/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] enchant2: upgrade 2.5.0 -> 2.6.1

From: Wang Mingyu 

Changelog:
==
-This version tweaks normalization of language tags so that only the part of
 the tag that specifies country and language is altered; any extra that is
 not removed is left alone.
-This version removes validation of language tags; dictionary names no longer
 have to be valid language tags.
-Debug output now uses GLib's debug system, and can be enabled at run-time by
 setting the environment variable G_MESSAGES_DEBUG to 'libenchant'.
-The Aspell back-end has a fix to let it work with language variants such as
 "en_GB-ize".
-There's more code clean-up, build system updates, and a couple of null
-pointer dereference fixes

Signed-off-by: Wang Mingyu 
---
 .../enchant/{enchant2_2.5.0.bb => enchant2_2.6.1.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/enchant/{enchant2_2.5.0.bb => enchant2_2.6.1.bb} 
(92%)

diff --git a/meta/recipes-support/enchant/enchant2_2.5.0.bb 
b/meta/recipes-support/enchant/enchant2_2.6.1.bb
similarity index 92%
rename from meta/recipes-support/enchant/enchant2_2.5.0.bb
rename to meta/recipes-support/enchant/enchant2_2.6.1.bb
index f5ec1ef522..a3510a8705 100644
--- a/meta/recipes-support/enchant/enchant2_2.5.0.bb
+++ b/meta/recipes-support/enchant/enchant2_2.6.1.bb
@@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 groff-native"
 inherit autotools pkgconfig github-releases
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = 
"149e224cdd2ca825d874639578b6246e07f37d5b8f3970658a377a1ef46f2e15"
+SRC_URI[sha256sum] = 
"f24e12469137ae1d03140bb9032a47a5947c36f4d1e2f12b929061005eb15279"
 
 GITHUB_BASE_URI = "https://github.com/AbiWord/enchant/releases;
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188224): 
https://lists.openembedded.org/g/openembedded-core/message/188224
Mute This Topic: https://lists.openembedded.org/mt/101591658/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [mickledore][PATCH 3/3] ffmpeg: 5.1.2 -> 5.1.3

2023-09-26 Thread Lee Chee Yang

From: Lee Chee Yang 

drop patch which is already part of 5.1.3.

0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1eb002596e3761d88de4aeea3158692b82fb6307

0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965):
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/293dc39bcaa99f213c6b7a703e11f146abf5d3be

ffmpeg-fix-vulkan.patch :  
https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/7268323193d55365f914de39fadd5dbdb1f68976

Signed-off-by: Lee Chee Yang 
---
 ...c-stop-accessing-out-of-bounds-frame.patch |  89 ---
 ...c-stop-accessing-out-of-bounds-frame.patch | 108 --
 .../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch |  34 --
 .../{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb}  |   5 +-
 4 files changed, 1 insertion(+), 235 deletions(-)
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
 delete mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.1.2.bb => ffmpeg_5.1.3.bb} 
(96%)

diff --git 
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
 
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
deleted file mode 100644
index 2775a81cc8..00
--- 
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
-From: Paul B Mahol 
-Date: Sat, 12 Nov 2022 16:12:00 +0100
-Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
-
-Upstream-Status: Backport 
[https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
-
-Signed-off-by: 
-

- libavcodec/rpzaenc.c | 22 +++---
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
-index d710eb4f82..4ced9523e2 100644
 a/libavcodec/rpzaenc.c
-+++ b/libavcodec/rpzaenc.c
-@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, 
const uint16_t *block_pt
- 
- // loop thru and compare pixels
- for (y = 0; y < bi->block_height; y++) {
--for (x = 0; x < bi->block_width; x++){
-+for (x = 0; x < bi->block_width; x++) {
- // TODO:  optimize
- min_r = FFMIN(R(block_ptr[x]), min_r);
- min_g = FFMIN(G(block_ptr[x]), min_g);
-@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const 
BlockInfo *bi,
- return -1;
- 
- for (i = 0; i < bi->block_height; i++) {
--for (j = 0; j < bi->block_width; j++){
-+for (j = 0; j < bi->block_width; j++) {
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
- sumx += x;
-@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t 
*block_ptr, const BlockInfo *bi
- int max_err = 0;
- 
- for (i = 0; i < bi->block_height; i++) {
--for (j = 0; j < bi->block_width; j++){
-+for (j = 0; j < bi->block_width; j++) {
- int x_inc, lin_y, lin_x;
- x = GET_CHAN(block_ptr[j], xchannel);
- y = GET_CHAN(block_ptr[j], ychannel);
-@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t 
*src_pixels,
-uint16_t *dest_pixels,
-const BlockInfo *bi, int block_counter)
- {
--for (int y = 0; y < 4; y++) {
-+const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
-+
-+for (int y = 0; y < y_size; y++) {
- memcpy(dest_pixels, src_pixels, 8);
- dest_pixels += bi->rowstride;
- src_pixels += bi->rowstride;
-@@ -730,14 +732,15 @@ post_skip :
- 
- if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
- uint16_t *row_ptr;
--int rgb555;
-+int y_size, rgb555;
- 
- block_offset = get_block_info(, block_counter);
- 
- row_ptr = _pixels[block_offset];
-+y_size = FFMIN(4, bi.image_height - bi.row * 4);
- 
--for (int y = 0; y < 4; y++) {
--for (int x = 0; x < 4; x++){
-+for (int y = 0; y < y_size; y++) {
-+for (int x = 0; x < 4; x++) {
- rgb555 = row_ptr[x] & ~0x8000;
- 
- put_bits(>pb, 16, rgb555);
-@@ -745,6 +748,11 @@ post_skip :
- row_ptr += bi.rowstride;
- }
- 
-+for (int y = y_size; y < 4; y++) {
-+for (int x = 0; x < 4; x++)
-+put_bits(>pb,

[OE-core] [mickledore][PATCH 1/3] bind: upgrade 9.18.17 -> 9.18.18

2023-09-26 Thread Lee Chee Yang

From: Wang Mingyu 

Changelog:

 Deprecate the 'dialup' and 'heartbeat-interval' options.
 Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
 Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
 Mark a primary server as temporarily unreachable if the TCP connection attempt 
times out.
 Don't process detach and close netmgr events when the netmgr has been paused.

(cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564)

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
---
 .../bind/{bind_9.18.17.bb => bind_9.18.18.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.18.bb} 
(97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.18.17.bb 
b/meta/recipes-connectivity/bind/bind_9.18.18.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.17.bb
rename to meta/recipes-connectivity/bind/bind_9.18.18.bb
index fa1249b370..b9579ab52a 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.17.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.18.bb
@@ -20,7 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
 
-SRC_URI[sha256sum] = 
"bde1c5017b81d1d79c69eb8f537f2e5032fd3623acdd5ee830d4f74bc2483458"
+SRC_URI[sha256sum] = 
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # follow the ESV versions divisible by 2
-- 
2.37.3


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188221): 
https://lists.openembedded.org/g/openembedded-core/message/188221
Mute This Topic: https://lists.openembedded.org/mt/101591651/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [mickledore][PATCH 2/3] bind: update to 9.18.19

2023-09-26 Thread Lee Chee Yang

From: Lee Chee Yang 

release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19

Security Fixes

Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)

ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]

A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)

ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]

Removed Features

The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]

Feature Changes

If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]

Bug Fixes

The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]

This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.

The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL

This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.

Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]

This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.

The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]

The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]

BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]

Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]

Known Issues

There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.

Signed-off-by: Lee Chee Yang 
---
 .../bind/{bind_9.18.18.bb => bind_9.18.19.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.18.bb => bind_9.18.19.bb} 
(97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.18.18.bb 
b/meta/recipes-connectivity/bind/bind_9.18.19.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.18.bb
rename to meta/recipes-connectivity/bind/bind_9.18.19.bb
index b9579ab52a..6936c1c6ad 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.18.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.19.bb
@@ -20,7 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
 
-SRC_URI[sha256sum] = 
"d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
+SRC_URI[sha256sum] = 
"115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # follow the ESV versions divisible by 2
-- 
2.37.3


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188222): 
https://lists.openembedded.org/g/openembedded-core/message/188222
Mute This Topic: https://lists.openembedded.org/mt/101591652/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] at-spi2-core: upgrade 2.48.4 -> 2.50.0

From: Wang Mingyu 

Changelog:
===
* Fix at-spi2-atk test when running under a non-English locale.
* collection: Avoid locking up if an object has a very large child count
* Fix possible NULL pointer dereference when deregistering an event listener.
* Various fixes for the new key grabbing API.
* Don't wait for a reply when registering or deregistering keystroke
  listeners.
* Add a meson option to exclude the gtk2 atk-bridge module.
* Fix a test failure/timeout.
* Add atspi_get_version() to return the runtime version of the library.
* Collection: fix match testing for attributes.
* Fix a NULL pointer dereference when deregistering an event listener that
  doesn't include a detail.
* Fix the documentation for interfaces in collection match rules.
* Add an AtspiLive enum to specify the politeness level for live regions,
  and document that this should be used for Announcement signals. Also add a
  notification signal in atk to replace the announcement signal that lacks
  the politeness information.
* Add an asynchronous version of atspi_generate_mouse_event.
* TableCell.xml: Add Get{Column,Row}HeaderCells methods
* atspi_accessible_get_localized_role_name: Use internal names when possible.
* Add a non-recursive function to clear a single object's cache.
* Code clean-ups.

Signed-off-by: Wang Mingyu 
---
 .../atk/{at-spi2-core_2.48.4.bb => at-spi2-core_2.50.0.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/atk/{at-spi2-core_2.48.4.bb => 
at-spi2-core_2.50.0.bb} (95%)

diff --git a/meta/recipes-support/atk/at-spi2-core_2.48.4.bb 
b/meta/recipes-support/atk/at-spi2-core_2.50.0.bb
similarity index 95%
rename from meta/recipes-support/atk/at-spi2-core_2.48.4.bb
rename to meta/recipes-support/atk/at-spi2-core_2.50.0.bb
index 0f355d8af7..57958fb7f5 100644
--- a/meta/recipes-support/atk/at-spi2-core_2.48.4.bb
+++ b/meta/recipes-support/atk/at-spi2-core_2.50.0.bb
@@ -11,7 +11,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = 
"29ecb12992e8339675f5d755c8735ea3ea298379cfa2c93fde96bee5dc57a515"
+SRC_URI[sha256sum] = 
"e9f5a8c8235c9dd963b2171de9120301129c677dde933955e1df618b949c4adc"
 
 DEPENDS = " \
dbus \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188220): 
https://lists.openembedded.org/g/openembedded-core/message/188220
Mute This Topic: https://lists.openembedded.org/mt/101591639/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe-core][PATCHv7] vte: upgrade 2.72.2 -> 2.74.0

To reproduce:

local.conf:
DEFAULTTUNE = "x86-64-x32"
baselib = "lib32"

bitbake -c install librsvg

Alex


On Tue, 26 Sept 2023 at 08:38, Alexander Kanavin via
lists.openembedded.org 
wrote:
>
> "|   thread 'main' panicked at 'TARGET x86_64-poky-linux-gnux32-gnu is
> not a builtin target, and it could not be parsed as a valid triplet:
> Unrecognized binary format: gnu',
> /home/pokybuild/yocto-worker/qemux86-64-x32/build/build/tmp/work/x86_64_x32-poky-linux-gnux32/librsvg/2.56.3/cargo_home/bitbake/system-deps-6.1.1/src/lib.rs:868:94"
>
> The same failure already happens in master; vte merely adds a
> dependency that exposes it on the AB (and vte is not, in itself,
> guilty of it).
>
> Looks like rust triplet handling isn't correctly done on x32.
>
> Alex
>
> On Tue, 26 Sept 2023 at 00:03, Alexandre Belloni via
> lists.openembedded.org
>  wrote:
> >
> > Hello,
> >
> > It was not clear to me but I'm fairly sure this is what causes this
> > failure:
> >
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/57/builds/7719/steps/12/logs/stdio
> >
> > On 22/09/2023 12:39:51+0200, Markus Volk wrote:
> > > Rework recipe
> > >
> > > - remove legacy of the autotools buildsystem
> > > - remove BBCLASSEXTEND
> > > - build   vapi dependent on gi-data
> > > - docs require gir, add   a EXTRA_OEMESON:append to avoid fail in
> > >   a combination   where docs=true and gir=false
> > > - gtk+3 and gtk4 are requested by default-> add gtk4 depending
> > >   on DISTRO_FEATURE
> > > - install systemd support files   depending on DISTRO_FEATURE
> > > - update 0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > >
> > > Signed-off-by: Markus Volk 
> > > ---
> > >  ...EXITCODE-macro-for-non-glibc-systems.patch | 35 ---
> > >  .../vte/{vte_0.72.2.bb => vte_0.74.0.bb}  | 29 ++-
> > >  2 files changed, 25 insertions(+), 39 deletions(-)
> > >  rename meta/recipes-support/vte/{vte_0.72.2.bb => vte_0.74.0.bb} (67%)
> > >
> > > diff --git 
> > > a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > >  
> > > b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > > index b4100fc381..8934d5f80a 100644
> > > --- 
> > > a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > > +++ 
> > > b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > > @@ -11,32 +11,25 @@ Upstream-Status: Submitted [1]
> > >  Signed-off-by: Andreas Müller 
> > >
> > >  [1] https://gitlab.gnome.org/GNOME/vte/issues/72
> > > -
> > >  ---
> > > - src/missing.hh | 4 
> > > - src/widget.cc  | 1 +
> > > - 2 files changed, 5 insertions(+)
> > > + src/widget.cc  | 4 +++
> > > + 1 files changed, 4 insertions(+)
> > >
> > >  a/src/missing.hh
> > > -+++ b/src/missing.hh
> > > -@@ -24,6 +24,10 @@
> > > - #define NSIG (8 * sizeof(sigset_t))
> > > - #endif
> > > +diff --git a/src/widget.cc b/src/widget.cc
> > > +index 07f7cabf..31a77f68 100644
> > > +--- a/src/widget.cc
> > >  b/src/widget.cc
> > > +@@ -16,6 +16,10 @@
> > > +  * along with this library.  If not, see 
> > > .
> > > +  */
> > >
> > >  +#ifndef W_EXITCODE
> > >  +#define W_EXITCODE(ret, sig) ((ret) << 8 | (sig))
> > >  +#endif
> > >  +
> > > - #ifndef HAVE_FDWALK
> > > - int fdwalk(int (*cb)(void* data, int fd),
> > > -void* data);
> > >  a/src/widget.cc
> > > -+++ b/src/widget.cc
> > > -@@ -21,6 +21,7 @@
> > > - #include "widget.hh"
> > > -
> > > - #include  // for W_EXITCODE
> > > -+#include "missing.hh" // for W_EXITCODE on non-glibc systems
> > > + #include "config.h"
> > >
> > > - #include 
> > > - #include 
> > > + #include "widget.hh"
> > > +--
> > > +2.42.0
> > > +
> > > diff --git a/meta/recipes-support/vte/vte_0.72.2.bb 
> > > b/meta/recipes-support/vte/vte_0.74.0.bb
> > > similarity index 67%
> > > rename from meta/recipes-support/vte/vte_0.72.2.bb
> > > rename to meta/recipes-support/vte/vte_0.74.0.bb
> > > index 4249b75ac0..aeaf088598 100644
> > > --- a/meta/recipes-support/vte/vte_0.72.2.bb
> > > +++ b/meta/recipes-support/vte/vte_0.74.0.bb
> > > @@ -17,32 +17,27 @@ GNOMEBASEBUILDCLASS = "meson"
> > >  GIR_MESON_OPTION = 'gir'
> > >  GIDOCGEN_MESON_OPTION = "docs"
> > >
> > > -inherit gnomebase gi-docgen features_check upstream-version-is-even 
> > > gobject-introspection
> > > +inherit gnomebase gi-docgen features_check upstream-version-is-even 
> > > gobject-introspection vala
> > >
> > > -# vapigen.m4 is required when vala is not present (but the one from vala 
> > > should be used normally)
> > >  SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
> > > -SRC_URI[archive.sha256sum] = 
> > > "f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
> > > +SRC_URI[archive.sha256sum] = 
> > > "9ae08f777952ba793221152d360550451580f42d3b570e3341ebb6841984c76b"
> > >
> > >  ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
>

Re: [oe-core][PATCHv7] vte: upgrade 2.72.2 -> 2.74.0

"|   thread 'main' panicked at 'TARGET x86_64-poky-linux-gnux32-gnu is
not a builtin target, and it could not be parsed as a valid triplet:
Unrecognized binary format: gnu',
/home/pokybuild/yocto-worker/qemux86-64-x32/build/build/tmp/work/x86_64_x32-poky-linux-gnux32/librsvg/2.56.3/cargo_home/bitbake/system-deps-6.1.1/src/lib.rs:868:94"

The same failure already happens in master; vte merely adds a
dependency that exposes it on the AB (and vte is not, in itself,
guilty of it).

Looks like rust triplet handling isn't correctly done on x32.

Alex

On Tue, 26 Sept 2023 at 00:03, Alexandre Belloni via
lists.openembedded.org
 wrote:
>
> Hello,
>
> It was not clear to me but I'm fairly sure this is what causes this
> failure:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/57/builds/7719/steps/12/logs/stdio
>
> On 22/09/2023 12:39:51+0200, Markus Volk wrote:
> > Rework recipe
> >
> > - remove legacy of the autotools buildsystem
> > - remove BBCLASSEXTEND
> > - build   vapi dependent on gi-data
> > - docs require gir, add   a EXTRA_OEMESON:append to avoid fail in
> >   a combination   where docs=true and gir=false
> > - gtk+3 and gtk4 are requested by default-> add gtk4 depending
> >   on DISTRO_FEATURE
> > - install systemd support files   depending on DISTRO_FEATURE
> > - update 0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> >
> > Signed-off-by: Markus Volk 
> > ---
> >  ...EXITCODE-macro-for-non-glibc-systems.patch | 35 ---
> >  .../vte/{vte_0.72.2.bb => vte_0.74.0.bb}  | 29 ++-
> >  2 files changed, 25 insertions(+), 39 deletions(-)
> >  rename meta/recipes-support/vte/{vte_0.72.2.bb => vte_0.74.0.bb} (67%)
> >
> > diff --git 
> > a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> >  
> > b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > index b4100fc381..8934d5f80a 100644
> > --- 
> > a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > +++ 
> > b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> > @@ -11,32 +11,25 @@ Upstream-Status: Submitted [1]
> >  Signed-off-by: Andreas Müller 
> >
> >  [1] https://gitlab.gnome.org/GNOME/vte/issues/72
> > -
> >  ---
> > - src/missing.hh | 4 
> > - src/widget.cc  | 1 +
> > - 2 files changed, 5 insertions(+)
> > + src/widget.cc  | 4 +++
> > + 1 files changed, 4 insertions(+)
> >
> >  a/src/missing.hh
> > -+++ b/src/missing.hh
> > -@@ -24,6 +24,10 @@
> > - #define NSIG (8 * sizeof(sigset_t))
> > - #endif
> > +diff --git a/src/widget.cc b/src/widget.cc
> > +index 07f7cabf..31a77f68 100644
> > +--- a/src/widget.cc
> >  b/src/widget.cc
> > +@@ -16,6 +16,10 @@
> > +  * along with this library.  If not, see .
> > +  */
> >
> >  +#ifndef W_EXITCODE
> >  +#define W_EXITCODE(ret, sig) ((ret) << 8 | (sig))
> >  +#endif
> >  +
> > - #ifndef HAVE_FDWALK
> > - int fdwalk(int (*cb)(void* data, int fd),
> > -void* data);
> >  a/src/widget.cc
> > -+++ b/src/widget.cc
> > -@@ -21,6 +21,7 @@
> > - #include "widget.hh"
> > -
> > - #include  // for W_EXITCODE
> > -+#include "missing.hh" // for W_EXITCODE on non-glibc systems
> > + #include "config.h"
> >
> > - #include 
> > - #include 
> > + #include "widget.hh"
> > +--
> > +2.42.0
> > +
> > diff --git a/meta/recipes-support/vte/vte_0.72.2.bb 
> > b/meta/recipes-support/vte/vte_0.74.0.bb
> > similarity index 67%
> > rename from meta/recipes-support/vte/vte_0.72.2.bb
> > rename to meta/recipes-support/vte/vte_0.74.0.bb
> > index 4249b75ac0..aeaf088598 100644
> > --- a/meta/recipes-support/vte/vte_0.72.2.bb
> > +++ b/meta/recipes-support/vte/vte_0.74.0.bb
> > @@ -17,32 +17,27 @@ GNOMEBASEBUILDCLASS = "meson"
> >  GIR_MESON_OPTION = 'gir'
> >  GIDOCGEN_MESON_OPTION = "docs"
> >
> > -inherit gnomebase gi-docgen features_check upstream-version-is-even 
> > gobject-introspection
> > +inherit gnomebase gi-docgen features_check upstream-version-is-even 
> > gobject-introspection vala
> >
> > -# vapigen.m4 is required when vala is not present (but the one from vala 
> > should be used normally)
> >  SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
> > -SRC_URI[archive.sha256sum] = 
> > "f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
> > +SRC_URI[archive.sha256sum] = 
> > "9ae08f777952ba793221152d360550451580f42d3b570e3341ebb6841984c76b"
> >
> >  ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
> >
> > -# Help g-ir-scanner find the .so for linking
> > -do_compile:prepend() {
> > -export GIR_EXTRA_LIBS_PATH="${B}/src/.libs"
> > -}
> > +EXTRA_OEMESON += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
> > '-Dvapi=true', '-Dvapi=false', d)}"
> > +EXTRA_OEMESON:append = " ${@bb.utils.contains('GI_DATA_ENABLED', 'False', 
> > '-Ddocs=false', '', d)}"
> >
> > -# Package additional files
> > -FILES:${PN}-dev += "${datadir}/vala/vapi/*"
> >

Re: [OE-core] [PATCH V5] tar: add ptest support