[OE-core] [PATCH] ptest-cargo.bbclass: add the possibility to define test arguments
From: Frederic Martinsons
It can be useful for user of this class for giving common rust test
arguments (like --shuffle, --format or --test-threads)
To add arguments to test binary , simply define RUST_TEST_ARGS
in your recipe that inherit ptest-cargo, for example:
RUST_TEST_ARGS = "--shuffle"
Signed-off-by: Frederic Martinsons
---
meta/classes-recipe/ptest-cargo.bbclass | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/ptest-cargo.bbclass
b/meta/classes-recipe/ptest-cargo.bbclass
index f28bc7a826..4ed528445a 100644
--- a/meta/classes-recipe/ptest-cargo.bbclass
+++ b/meta/classes-recipe/ptest-cargo.bbclass
@@ -1,5 +1,8 @@
inherit cargo ptest
+RUST_TEST_ARGS ??= ""
+RUST_TEST_ARGS[doc] = "Arguments to give to the test binaries (e.g. --shuffle)"
+
# I didn't find a cleaner way to share data between compile and install tasks
CARGO_TEST_BINARIES_FILES ?= "${B}/test_binaries_list"
@@ -74,6 +77,7 @@ python do_install_ptest_cargo() {
pn = d.getVar("PN", True)
ptest_path = d.getVar("PTEST_PATH", True)
cargo_test_binaries_file = d.getVar('CARGO_TEST_BINARIES_FILES', True)
+rust_test_args = d.getVar('RUST_TEST_ARGS') or ""
ptest_dir = os.path.join(dest_dir, ptest_path.lstrip('/'))
os.makedirs(ptest_dir, exist_ok=True)
@@ -94,12 +98,12 @@ python do_install_ptest_cargo() {
f.write(f"\necho \"\"\n")
f.write(f"echo \"## starting to run rust tests ##\"\n")
for test_path in test_paths:
-f.write(f"{test_path}\n")
+f.write(f"{test_path} {rust_test_args}\n")
else:
with open(ptest_script, "a") as f:
f.write("#!/bin/sh\n")
for test_path in test_paths:
-f.write(f"{test_path}\n")
+f.write(f"{test_path} {rust_test_args}\n")
os.chmod(ptest_script, 0o755)
# this is chown -R root:root ${D}${PTEST_PATH}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181000):
https://lists.openembedded.org/g/openembedded-core/message/181000
Mute This Topic: https://lists.openembedded.org/mt/98736909/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][kirkstone 13/15] kernel-devicetree: allow specification of dtb directory
This one doesn't work correctly, maybe better to postpone this until a fix
is in master, see:
https://lists.openembedded.org/g/openembedded-core/message/180981
and possible fix:
https://git.openembedded.org/openembedded-core-contrib/commit/?h=jansa/master&id=e2a6da5202a6671113758f9746ddbd8141a75757
Regards,
On Sat, May 6, 2023 at 5:25 PM Steve Sakoman wrote:
> From: Randolph Sapp
>
> Fedora/Redhat and Arch are somewhat standardized on their dtb directory
> structure. Let's add some flags to configure yocto to mimic that
> behavior.
>
> Add the following variables to the kernel class:
> - KERNEL_DTBDEST (controls the destination directory for dtbs)
> - KERNEL_DTBVENDORED (controls if vendor subdirectories are to
> be respected)
>
> Currently KERNEL_DTBDEST is expected to be a subdir of KERNEL_IMAGEDEST
> and KERNEL_DTBVENDORED is expected to be "true"/"false". This only
> applies to the package directory structure. The deploydir structure is
> purposely left untouched for compatibility with existing recipes.
>
> By default this is configured to behave the same as the current recipe
> and produce a flat dtb directory at KERNEL_IMAGEDEST.
>
> Signed-off-by: Randolph Sapp
> Signed-off-by: Steve Sakoman
> ---
> meta/classes/kernel-devicetree.bbclass | 22 +-
> meta/classes/kernel.bbclass| 2 ++
> 2 files changed, 19 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes/kernel-devicetree.bbclass
> b/meta/classes/kernel-devicetree.bbclass
> index b4338da1b1..11b57adc92 100644
> --- a/meta/classes/kernel-devicetree.bbclass
> +++ b/meta/classes/kernel-devicetree.bbclass
> @@ -6,7 +6,12 @@ python () {
> d.appendVar("PACKAGES", "
> ${KERNEL_PACKAGE_NAME}-image-zimage-bundle")
> }
>
> -FILES:${KERNEL_PACKAGE_NAME}-devicetree = "/${KERNEL_IMAGEDEST}/*.dtb
> /${KERNEL_IMAGEDEST}/*.dtbo"
> +FILES:${KERNEL_PACKAGE_NAME}-devicetree = " \
> +/${KERNEL_DTBDEST}/*.dtb \
> +/${KERNEL_DTBDEST}/*.dtbo \
> +/${KERNEL_DTBDEST}/*/*.dtb \
> +/${KERNEL_DTBDEST}/*/*.dtbo \
> +"
> FILES:${KERNEL_PACKAGE_NAME}-image-zimage-bundle =
> "/${KERNEL_IMAGEDEST}/zImage-*.dtb.bin"
>
> # Generate kernel+devicetree bundle
> @@ -67,12 +72,16 @@ do_compile:append() {
> }
>
> do_install:append() {
> + install -d ${D}/${KERNEL_DTBDEST}
> for dtbf in ${KERNEL_DEVICETREE}; do
> dtb=`normalize_dtb "$dtbf"`
> - dtb_ext=${dtb##*.}
> - dtb_base_name=`basename $dtb .$dtb_ext`
> dtb_path=`get_real_dtb_path_in_kernel "$dtb"`
> - install -m 0644 $dtb_path
> ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
> + if [ ${KERNEL_DTBVENDORED} == "false" ]; then
> + dtb_ext=${dtb##*.}
> + dtb_base_name=`basename $dtb .$dtb_ext`
> + dtb=$dtb_base_name.$dtb_ext
> + fi
> + install -Dm 0644 $dtb_path ${D}/${KERNEL_DTBDEST}/$dtb
> done
> }
>
> @@ -82,7 +91,10 @@ do_deploy:append() {
> dtb_ext=${dtb##*.}
> dtb_base_name=`basename $dtb .$dtb_ext`
> install -d $deployDir
> - install -m 0644
> ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
> $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
> + if [ ${KERNEL_DTBVENDORED} == "false" ]; then
> + dtb=$dtb_base_name.$dtb_ext
> + fi
> + install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb
> $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
> if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then
> ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
> $deployDir/$dtb_base_name.$dtb_ext
> fi
> diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
> index b315737fd2..3e3ac2d47d 100644
> --- a/meta/classes/kernel.bbclass
> +++ b/meta/classes/kernel.bbclass
> @@ -210,6 +210,8 @@ KERNEL_RELEASE ?= "${KERNEL_VERSION}"
> # The directory where built kernel lies in the kernel tree
> KERNEL_OUTPUT_DIR ?= "arch/${ARCH}/boot"
> KERNEL_IMAGEDEST ?= "boot"
> +KERNEL_DTBDEST ?= "${KERNEL_IMAGEDEST}"
> +KERNEL_DTBVENDORED ?= "false"
>
> #
> # configuration
> --
> 2.34.1
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180999):
https://lists.openembedded.org/g/openembedded-core/message/180999
Mute This Topic: https://lists.openembedded.org/mt/98726684/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 15/15] run-postinsts: Set dependency for ldconfig to avoid boot issues
From: Arturo Buzarra If a package with a postsints script requires ldconfig, the package class adds a ldconfig postinst fragment to initialize it before. Systemd has its own ldconfig.service to initialize it and sometimes if both services are running at the same time in the first boot, the first one will work, but the second one will fail with the following error: ldconfig[141]: /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: No such file or directory This commit adds a ordering dependency between them to make sure that only one service is running at the same time. Signed-off-by: Arturo Buzarra Signed-off-by: Richard Purdie (cherry picked from commit 4e9d812e127dc6743f52f4881e509e8e2e833afe) Signed-off-by: Jermain Horsman Signed-off-by: Steve Sakoman --- .../run-postinsts/run-postinsts/run-postinsts.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service index 7f72f3388a..b6b81d5c1a 100644 --- a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service +++ b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service @@ -1,7 +1,7 @@ [Unit] Description=Run pending postinsts DefaultDependencies=no -After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount +After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service Before=sysinit.target [Service] -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180998): https://lists.openembedded.org/g/openembedded-core/message/180998 Mute This Topic: https://lists.openembedded.org/mt/98726686/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 12/15] wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
From: Randolph Sapp
This is a bit of a compatibility issue more than anything. Some devices
get upset if the FAT file system contains less blocks than the
partition.
The fixed-size argument is currently respected by the partition creation
step but not by the file system creation step. Let's make it so the file
system respects this value as well.
Signed-off-by: Randolph Sapp
Signed-off-by: Steve Sakoman
---
scripts/lib/wic/plugins/source/bootimg-efi.py | 7 +++
1 file changed, 7 insertions(+)
diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py
b/scripts/lib/wic/plugins/source/bootimg-efi.py
index a65a5b9780..c28d3917c2 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -390,6 +390,13 @@ class BootimgEFIPlugin(SourcePlugin):
logger.debug("Added %d extra blocks to %s to get to %d total blocks",
extra_blocks, part.mountpoint, blocks)
+# required for compatibility with certain devices expecting file system
+# block count to be equal to partition block count
+if blocks < part.fixed_size:
+blocks = part.fixed_size
+logger.debug("Overriding %s to %d total blocks for compatibility",
+ part.mountpoint, blocks)
+
# dosfs image, created by mkdosfs
bootimg = "%s/boot.img" % cr_workdir
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180995):
https://lists.openembedded.org/g/openembedded-core/message/180995
Mute This Topic: https://lists.openembedded.org/mt/98726683/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 14/15] libbsd: Add correct license for all packages
From: Ranjitsinh Rathod
BSD-4-Clause is only applicable to the {PN}-doc package as when I
check for the source code I find below files which only uses the
license BSD-4-Clause
~/sources/libbsd$ grep -rl "All advertising materials mentioning features or
use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort
COPYING
man/arc4random.3bsd
man/getprogname.3bsd
~/sources/libbsd$ grep -rnB5 "BSD-4"
COPYING-9-Files:
COPYING-10- man/arc4random.3bsd
COPYING-11-Copyright:
COPYING-12- Copyright 1997 Niels Provos
COPYING-13- All rights reserved.
COPYING:14:License: BSD-4-clause-Niels-Provos
Signed-off-by: Steve Sakoman
---
meta/recipes-support/libbsd/libbsd_0.11.5.bb | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-support/libbsd/libbsd_0.11.5.bb
b/meta/recipes-support/libbsd/libbsd_0.11.5.bb
index bb8766a070..21af37882f 100644
--- a/meta/recipes-support/libbsd/libbsd_0.11.5.bb
+++ b/meta/recipes-support/libbsd/libbsd_0.11.5.bb
@@ -29,6 +29,13 @@ HOMEPAGE = "https://libbsd.freedesktop.org/wiki/";
# License: public-domain-Colin-Plumb
LICENSE = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
LICENSE:${PN} = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dbg = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dev = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-doc = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
+LICENSE:${PN}-locale = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-src = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-staticdev = "BSD-3-Clause & ISC & PD"
+
LIC_FILES_CHKSUM = "file://COPYING;md5=0b31944ca2c1075410a30f0c17379d3b"
SECTION = "libs"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180997):
https://lists.openembedded.org/g/openembedded-core/message/180997
Mute This Topic: https://lists.openembedded.org/mt/98726685/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 13/15] kernel-devicetree: allow specification of dtb directory
From: Randolph Sapp
Fedora/Redhat and Arch are somewhat standardized on their dtb directory
structure. Let's add some flags to configure yocto to mimic that
behavior.
Add the following variables to the kernel class:
- KERNEL_DTBDEST (controls the destination directory for dtbs)
- KERNEL_DTBVENDORED (controls if vendor subdirectories are to
be respected)
Currently KERNEL_DTBDEST is expected to be a subdir of KERNEL_IMAGEDEST
and KERNEL_DTBVENDORED is expected to be "true"/"false". This only
applies to the package directory structure. The deploydir structure is
purposely left untouched for compatibility with existing recipes.
By default this is configured to behave the same as the current recipe
and produce a flat dtb directory at KERNEL_IMAGEDEST.
Signed-off-by: Randolph Sapp
Signed-off-by: Steve Sakoman
---
meta/classes/kernel-devicetree.bbclass | 22 +-
meta/classes/kernel.bbclass| 2 ++
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/meta/classes/kernel-devicetree.bbclass
b/meta/classes/kernel-devicetree.bbclass
index b4338da1b1..11b57adc92 100644
--- a/meta/classes/kernel-devicetree.bbclass
+++ b/meta/classes/kernel-devicetree.bbclass
@@ -6,7 +6,12 @@ python () {
d.appendVar("PACKAGES", "
${KERNEL_PACKAGE_NAME}-image-zimage-bundle")
}
-FILES:${KERNEL_PACKAGE_NAME}-devicetree = "/${KERNEL_IMAGEDEST}/*.dtb
/${KERNEL_IMAGEDEST}/*.dtbo"
+FILES:${KERNEL_PACKAGE_NAME}-devicetree = " \
+/${KERNEL_DTBDEST}/*.dtb \
+/${KERNEL_DTBDEST}/*.dtbo \
+/${KERNEL_DTBDEST}/*/*.dtb \
+/${KERNEL_DTBDEST}/*/*.dtbo \
+"
FILES:${KERNEL_PACKAGE_NAME}-image-zimage-bundle =
"/${KERNEL_IMAGEDEST}/zImage-*.dtb.bin"
# Generate kernel+devicetree bundle
@@ -67,12 +72,16 @@ do_compile:append() {
}
do_install:append() {
+ install -d ${D}/${KERNEL_DTBDEST}
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
- dtb_ext=${dtb##*.}
- dtb_base_name=`basename $dtb .$dtb_ext`
dtb_path=`get_real_dtb_path_in_kernel "$dtb"`
- install -m 0644 $dtb_path
${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
+ if [ ${KERNEL_DTBVENDORED} == "false" ]; then
+ dtb_ext=${dtb##*.}
+ dtb_base_name=`basename $dtb .$dtb_ext`
+ dtb=$dtb_base_name.$dtb_ext
+ fi
+ install -Dm 0644 $dtb_path ${D}/${KERNEL_DTBDEST}/$dtb
done
}
@@ -82,7 +91,10 @@ do_deploy:append() {
dtb_ext=${dtb##*.}
dtb_base_name=`basename $dtb .$dtb_ext`
install -d $deployDir
- install -m 0644
${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
$deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
+ if [ ${KERNEL_DTBVENDORED} == "false" ]; then
+ dtb=$dtb_base_name.$dtb_ext
+ fi
+ install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb
$deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then
ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
$deployDir/$dtb_base_name.$dtb_ext
fi
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index b315737fd2..3e3ac2d47d 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -210,6 +210,8 @@ KERNEL_RELEASE ?= "${KERNEL_VERSION}"
# The directory where built kernel lies in the kernel tree
KERNEL_OUTPUT_DIR ?= "arch/${ARCH}/boot"
KERNEL_IMAGEDEST ?= "boot"
+KERNEL_DTBDEST ?= "${KERNEL_IMAGEDEST}"
+KERNEL_DTBVENDORED ?= "false"
#
# configuration
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180996):
https://lists.openembedded.org/g/openembedded-core/message/180996
Mute This Topic: https://lists.openembedded.org/mt/98726684/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 11/15] python3-cryptography: fix for CVE-2023-23931
From: Narpat Mali
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. In affected versions `Cipher.update_into`
would accept Python objects which implement the buffer protocol, but
provide only immutable buffers. This would allow immutable objects
(such as `bytes`) to be mutated, thus violating fundamental rules of
Python and resulting in corrupted output. This now correctly raises
an exception. This issue has been present since `update_into` was
originally introduced in cryptography 1.8.
Signed-off-by: Narpat Mali
Signed-off-by: Steve Sakoman
---
.../python3-cryptography/CVE-2023-23931.patch | 49 +++
.../python/python3-cryptography_36.0.2.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644
meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
diff --git
a/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
b/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
new file mode 100644
index 00..5fc4878978
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
@@ -0,0 +1,49 @@
+From 9fbf84efc861668755ab645530ec7be9cf3c6696 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor
+Date: Tue, 7 Feb 2023 11:34:18 -0500
+Subject: [PATCH] Don't allow update_into to mutate immutable objects (#8230)
+
+CVE: CVE-2023-23931
+
+Upstream-Status: Backport
[https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696]
+
+Signed-off-by: Narpat Mali
+---
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
+ tests/hazmat/primitives/test_ciphers.py | 8
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py
b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 286583f93..075d68fb9 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -156,7 +156,7 @@ class _CipherContext:
+ data_processed = 0
+ total_out = 0
+ outlen = self._backend._ffi.new("int *")
+-baseoutbuf = self._backend._ffi.from_buffer(buf)
++baseoutbuf = self._backend._ffi.from_buffer(buf,
require_writable=True)
+ baseinbuf = self._backend._ffi.from_buffer(data)
+
+ while data_processed != total_data_len:
+diff --git a/tests/hazmat/primitives/test_ciphers.py
b/tests/hazmat/primitives/test_ciphers.py
+index 02127dd9c..bf3b047de 100644
+--- a/tests/hazmat/primitives/test_ciphers.py
b/tests/hazmat/primitives/test_ciphers.py
+@@ -318,6 +318,14 @@ class TestCipherUpdateInto:
+ with pytest.raises(ValueError):
+ encryptor.update_into(b"testing", buf)
+
++def test_update_into_immutable(self, backend):
++key = b"\x00" * 16
++c = ciphers.Cipher(AES(key), modes.ECB(), backend)
++encryptor = c.encryptor()
++buf = b"\x00" * 32
++with pytest.raises((TypeError, BufferError)):
++encryptor.update_into(b"testing", buf)
++
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
+--
+2.40.0
diff --git a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
index 9ef5ff39c8..c3ae0c1ab9 100644
--- a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
+++ b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
@@ -17,6 +17,7 @@ SRC_URI += " \
file://0001-Cargo.toml-specify-pem-version.patch \
file://0002-Cargo.toml-edition-2018-2021.patch \
file://fix-leak-metric.patch \
+file://CVE-2023-23931.patch \
"
inherit pypi python_setuptools3_rust
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180994):
https://lists.openembedded.org/g/openembedded-core/message/180994
Mute This Topic: https://lists.openembedded.org/mt/98726682/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 10/15] webkitgtk: fix CVE-2022-32888 & CVE-2022-32923
From: Kai Kang
Backport patches to fix CVE-2022-32888 and CVE-2022-32923 for webkitgtk
2.36.8. The bugzilla IDs of the CVEs are from https://support.apple.com
which have been listed in patch headers.
Signed-off-by: Kai Kang
Signed-off-by: Steve Sakoman
---
.../webkit/webkitgtk/CVE-2022-32888.patch | 41 ++
.../webkit/webkitgtk/CVE-2022-32923.patch | 435 ++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 2 +
3 files changed, 478 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
new file mode 100644
index 00..1a6b685450
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
@@ -0,0 +1,41 @@
+CVE: CVE-2022-32888
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/a3dd7dc]
+
+[1]: https://support.apple.com/en-us/HT213446
+[2]: https://bugs.webkit.org/show_bug.cgi?id=242047
+
+Signed-off-by: Kai Kang
+
+From a3dd7dc5f60b87a7cfd14c372e40ebd339076763 Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki
+Date: Mon, 27 Jun 2022 21:34:55 -0700
+Subject: [PATCH] [JSC] Drop wasm stale assertion
+ https://bugs.webkit.org/show_bug.cgi?id=242047 rdar://95866655
+
+Reviewed by Mark Lam.
+
+This patch drops stale assertion in addDelegateToUnreachable.
+
+* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
+(JSC::Wasm::LLIntGenerator::addDelegateToUnreachable):
+
+Canonical link: https://commits.webkit.org/251902@main
+---
+ Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
b/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
+index 39fb39b3331f..d0d2b9725991 100644
+--- a/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
b/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
+@@ -1182,7 +1182,6 @@ auto
LLIntGenerator::addDelegateToUnreachable(ControlType& target, ControlType&
+
+ ControlTry& tryData = std::get(data);
+ m_codeBlock->addExceptionHandler({ HandlerType::Delegate,
tryData.m_try->location(), delegateLabel->location(), 0, m_tryDepth,
targetDepth });
+-checkConsistency();
+ return { };
+ }
+
+--
+2.34.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
new file mode 100644
index 00..60342a14f8
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
@@ -0,0 +1,435 @@
+CVE: CVE-2022-32923
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/ef76e31]
+
+[1]: https://support.apple.com/en-us/HT213495
+[2]: https://bugs.webkit.org/show_bug.cgi?id=242964
+
+Signed-off-by: Kai Kang
+
+From ef76e31a2a066c3d65a9c94a9e2cd88133260c1f Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki
+Date: Wed, 20 Jul 2022 19:30:48 -0700
+Subject: [PATCH] [JSC] BakcwardPropagationPhase should carry NaN / Infinity
+ handling https://bugs.webkit.org/show_bug.cgi?id=242964 rdar://96791603
+
+Reviewed by Mark Lam.
+
+For correctness, we should carry NaN / Infinity handling to make it more clear
in the code generation site.
+
+* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
+(JSC::DFG::BackwardsPropagationPhase::propagate):
+* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
+(JSC::DFG::FixupPhase::fixupArithDivInt32):
+(JSC::DFG::FixupPhase::fixupArithDiv):
+* Source/JavaScriptCore/dfg/DFGGraph.h:
+* Source/JavaScriptCore/dfg/DFGNode.h:
+* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
+(JSC::DFG::dumpNodeFlags):
+* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
+(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity):
+(JSC::DFG::nodeCanSpeculateInt32ForDiv):
+* Source/JavaScriptCore/dfg/DFGNodeType.h:
+
+Canonical link: https://commits.webkit.org/252675@main
+---
+ .../dfg/DFGBackwardsPropagationPhase.cpp | 51 +++
+ Source/JavaScriptCore/dfg/DFGFixupPhase.cpp | 6 ++-
+ Source/JavaScriptCore/dfg/DFGGraph.h | 11
+ Source/JavaScriptCore/dfg/DFGNode.h | 12 +++--
+ Source/JavaScriptCore/dfg/DFGNodeFlags.cpp| 10 ++--
+ Source/JavaScriptCore/dfg/DFGNodeFlags.h | 37 +++---
+ Source/JavaScriptCore/dfg/DFGNodeType.h | 3 +-
+ 7 files changed, 91 insertions(+), 39 deletions(-)
+
+diff --git a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
+index 306ea5d6b974..83a08aff7c20 100644
+--- a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
+@@ -272,7 +272,7 @@ private:
+ case ValueBitNot:
+ case ArithBitNot: {
+ flags |= NodeBytecodeUsesAsInt;
+-flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero |
NodeBytecodeUsesAsOther);
++flags
[OE-core][kirkstone 09/15] binutils : Fix CVE-2023-25588
From: Deepthi Hemraj
Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
Signed-off-by: Deepthi Hemraj
Signed-off-by: Steve Sakoman
---
.../binutils/binutils-2.38.inc| 1 +
.../binutils/0025-CVE-2023-25588.patch| 147 ++
2 files changed, 148 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 1ea17990c8..5c3ff3d93a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -55,5 +55,6 @@ SRC_URI = "\
file://0022-CVE-2023-25584-3.patch \
file://0023-CVE-2023-25585.patch \
file://0026-CVE-2023-1972.patch \
+ file://0025-CVE-2023-25588.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
b/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
new file mode 100644
index 00..142d201c40
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
@@ -0,0 +1,147 @@
+From: Alan Modra
+Date: Fri, 14 Oct 2022 00:00:21 + (+1030)
+Subject: PR29677, Field `the_bfd` of `asymbol` is uninitialised
+X-Git-Tag: gdb-13-branchpoint~871
+X-Git-Url:
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
+
+PR29677, Field `the_bfd` of `asymbol` is uninitialised
+
+Besides not initialising the_bfd of synthetic symbols, counting
+symbols when sizing didn't match symbols created if there were any
+dynsyms named "". We don't want synthetic symbols without names
+anyway, so get rid of them. Also, simplify and correct sanity checks.
+
+ PR 29677
+ * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
+
+CVE: CVE-2023-25588
+
+Signed-off-by: Deepthi Hemraj
+
+---
+
+diff --git a/bfd/mach-o.c b/bfd/mach-o.c
+index acb35e7f0c6..5279343768c 100644
+--- a/bfd/mach-o.c
b/bfd/mach-o.c
+@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ bfd_mach_o_symtab_command *symtab = mdata->symtab;
+ asymbol *s;
+ char * s_start;
+- char * s_end;
+ unsigned long count, i, j, n;
+ size_t size;
+ char *names;
+- char *nul_name;
+ const char stub [] = "$stub";
+
+ *ret = NULL;
+@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ /* We need to allocate a bfd symbol for every indirect symbol and to
+ allocate the memory for its name. */
+ count = dysymtab->nindirectsyms;
+- size = count * sizeof (asymbol) + 1;
+-
++ size = 0;
+ for (j = 0; j < count; j++)
+ {
+- const char * strng;
+ unsigned int isym = dysymtab->indirect_syms[j];
++ const char *str;
+
+ /* Some indirect symbols are anonymous. */
+- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
+- /* PR 17512: file: f5b8eeba. */
+- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) +
sizeof (stub);
++ if (isym < symtab->nsyms
++&& (str = symtab->symbols[isym].symbol.name) != NULL)
++ {
++/* PR 17512: file: f5b8eeba. */
++size += strnlen (str, symtab->strsize - (str - symtab->strtab));
++size += sizeof (stub);
++ }
+ }
+
+- s_start = bfd_malloc (size);
++ s_start = bfd_malloc (size + count * sizeof (asymbol));
+ s = *ret = (asymbol *) s_start;
+ if (s == NULL)
+ return -1;
+ names = (char *) (s + count);
+- nul_name = names;
+- *names++ = 0;
+- s_end = s_start + size;
+
+ n = 0;
+ for (i = 0; i < mdata->nsects; i++)
+@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
+
+ /* PR 17512: file: 08e15eec. */
+-if (first >= count || last >= count || first > last)
++if (first >= count || last > count || first > last)
+ goto fail;
+
+ for (j = first; j < last; j++)
+ {
+ unsigned int isym = dysymtab->indirect_syms[j];
+-
+-/* PR 17512: file: 04d64d9b. */
+-if (((char *) s) + sizeof (* s) > s_end)
+- goto fail;
+-
+-s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
+-s->section = sec->bfdsection;
+-s->value = addr - sec->addr;
+-s->udata.p = NULL;
++const char *str;
++size_t len;
+
+ if (isym < symtab->nsyms
+-&& symtab->symbols[isym].symbol.name)
++&& (str = symtab->symbols[isym].symbol.name) != NULL)
+ {
+-const char *sym = symtab->symbols[isym].symbol.name;
+-size_t len;
[OE-core][kirkstone 08/15] binutils : Fix CVE-2023-1972
From: Deepthi Hemraj
Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
Signed-off-by: Deepthi Hemraj
Signed-off-by: Steve Sakoman
---
.../binutils/binutils-2.38.inc| 1 +
.../binutils/0026-CVE-2023-1972.patch | 41 +++
2 files changed, 42 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 408b503644..1ea17990c8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -54,5 +54,6 @@ SRC_URI = "\
file://0022-CVE-2023-25584-2.patch \
file://0022-CVE-2023-25584-3.patch \
file://0023-CVE-2023-25585.patch \
+ file://0026-CVE-2023-1972.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
new file mode 100644
index 00..f86adad217
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
@@ -0,0 +1,41 @@
+From: Nick Clifton
+Date: Thu, 30 Mar 2023 09:10:09 + (+0100)
+Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef
table.
+X-Git-Url:
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
+
+Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+
+ PR 30285
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are
allocated.
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
+
+CVE: CVE-2023-1972
+
+Signed-off-by: Deepthi Hemraj
+
+---
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 027d0143735..185028cbd97 100644
+--- a/bfd/elf.c
b/bfd/elf.c
+@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool
default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verdef;
+ }
++
++ if (amt == 0)
++ goto error_return_verdef;
+ elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd,
amt);
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return_verdef;
+@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool
default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return;
+ }
++ if (amt == 0)
++ goto error_return;
+ elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd,
amt);
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return;
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180991):
https://lists.openembedded.org/g/openembedded-core/message/180991
Mute This Topic: https://lists.openembedded.org/mt/98726677/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 07/15] binutils : Fix CVE-2023-25585
From: Deepthi Hemraj
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
Signed-off-by: Deepthi Hemraj
Signed-off-by: Steve Sakoman
---
.../binutils/binutils-2.38.inc| 1 +
.../binutils/0023-CVE-2023-25585.patch| 54 +++
2 files changed, 55 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 69fb8539ba..408b503644 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -53,5 +53,6 @@ SRC_URI = "\
file://0022-CVE-2023-25584-1.patch \
file://0022-CVE-2023-25584-2.patch \
file://0022-CVE-2023-25584-3.patch \
+ file://0023-CVE-2023-25585.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
new file mode 100644
index 00..e31a027b9f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
@@ -0,0 +1,54 @@
+From: Alan Modra
+Date: Mon, 12 Dec 2022 08:31:08 + (+1030)
+Subject: PR29892, Field file_table of struct module is uninitialized
+X-Git-Tag: gdb-13-branchpoint~86
+X-Git-Url:
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
+
+PR29892, Field file_table of struct module is uninitialized
+
+ PR 29892
+ * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table.
+ (parse_module): Rewrite file_table reallocation code and clear.
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
+
+CVE: CVE-2023-25585
+
+Signed-off-by: Deepthi Hemraj
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 3b63259cc81..6ee7060b0b2 100644
+--- a/bfd/vms-alpha.c
b/bfd/vms-alpha.c
+@@ -4337,7 +4337,7 @@ new_module (bfd *abfd)
+ = (struct module *) bfd_zalloc (abfd, sizeof (struct module));
+ module->file_table_count = 16; /* Arbitrary. */
+ module->file_table
+-= bfd_malloc (module->file_table_count * sizeof (struct fileinfo));
++= bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo));
+ return module;
+ }
+
+@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module,
unsigned char *ptr,
+ src_ptr + DST_S_B_SRC_DF_FILENAME,
+ ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME));
+
+- while (fileid >= module->file_table_count)
++ if (fileid >= module->file_table_count)
+ {
+- module->file_table_count *= 2;
++ unsigned int old_count = module->file_table_count;
++ module->file_table_count += fileid;
+ module->file_table
+ = bfd_realloc_or_free (module->file_table,
+module->file_table_count
+* sizeof (struct fileinfo));
+ if (module->file_table == NULL)
+ return false;
++ memset (module->file_table + old_count, 0,
++ fileid * sizeof (struct fileinfo));
+ }
+
+ module->file_table [fileid].name = filename;
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180990):
https://lists.openembedded.org/g/openembedded-core/message/180990
Mute This Topic: https://lists.openembedded.org/mt/98726673/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 04/15] go: fix CVE-2023-24534 denial of service from excessive memory allocation
From: Vivek Kumbhar
A parsed MIME header is a map[string][]string. In the common case,
a header contains many one-element []string slices. To avoid
allocating a separate slice for each key, ReadMIMEHeader looks
ahead in the input to predict the number of keys that will be
parsed, and allocates a single []string of that length.
The individual slices are then allocated out of the larger one.
The prediction of the number of header keys was done by counting
newlines in the input buffer, which does not take into account
header continuation lines (where a header key/value spans multiple
lines) or the end of the header block and the start of the body.
This could lead to a substantial amount of overallocation, for
example when the body consists of nothing but a large block of
newlines.
Fix header key count prediction to take into account the end of
the headers (indicated by a blank line) and continuation lines
(starting with whitespace).
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
Fixes CVE-2023-24534
For #58975
Fixes #59267
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-24534.patch | 200 ++
2 files changed, 201 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc
b/meta/recipes-devtools/go/go-1.17.13.inc
index cda9227042..c5260569e2 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -28,6 +28,7 @@ SRC_URI += "\
file://cve-2022-41725.patch \
file://CVE-2022-41722.patch \
file://CVE-2023-24537.patch \
+file://CVE-2023-24534.patch \
"
SRC_URI[main.sha256sum] =
"a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
b/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
new file mode 100644
index 00..c65c7852d5
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
@@ -0,0 +1,200 @@
+From d6759e7a059f4208f07aa781402841d7ddaaef96 Mon Sep 17 00:00:00 2001
+From: Damien Neil
+Date: Fri, 10 Mar 2023 14:21:05 -0800
+Subject: [PATCH] [release-branch.go1.19] net/textproto: avoid overpredicting
+ the number of MIME header keys
+
+Reviewed-on:
https://team-review.git.corp.google.com/c/golang/go-private/+/1802452
+Run-TryBot: Damien Neil
+Reviewed-by: Roland Shoemaker
+Reviewed-by: Julie Qiu
+(cherry picked from commit f739f080a72fd5b06d35c8e244165159645e2ed6)
+Reviewed-on:
https://team-review.git.corp.google.com/c/golang/go-private/+/1802393
+Reviewed-by: Damien Neil
+Run-TryBot: Roland Shoemaker
+Change-Id: I675451438d619a9130360c56daf529559004903f
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481982
+Run-TryBot: Michael Knyszek
+TryBot-Result: Gopher Robot
+Reviewed-by: Matthew Dempsky
+Auto-Submit: Michael Knyszek
+
+Upstream-Status: Backport
[https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96]
+CVE: CVE-2023-24534
+Signed-off-by: Vivek Kumbhar
+
+---
+ src/bytes/bytes.go | 14
+ src/net/textproto/reader.go | 30 ++--
+ src/net/textproto/reader_test.go | 59
+ 3 files changed, 92 insertions(+), 11 deletions(-)
+
+diff --git a/src/bytes/bytes.go b/src/bytes/bytes.go
+index ce52649..95ff31c 100644
+--- a/src/bytes/bytes.go
b/src/bytes/bytes.go
+@@ -1174,3 +1174,17 @@ func Index(s, sep []byte) int {
+ }
+ return -1
+ }
++
++// Cut slices s around the first instance of sep,
++// returning the text before and after sep.
++// The found result reports whether sep appears in s.
++// If sep does not appear in s, cut returns s, nil, false.
++//
++// Cut returns slices of the original slice s, not copies.
++func Cut(s, sep []byte) (before, after []byte, found bool) {
++ if i := Index(s, sep); i >= 0 {
++ return s[:i], s[i+len(sep):], true
++ }
++ return s, nil, false
++}
++
+diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
+index 6a680f4..fcbede8 100644
+--- a/src/net/textproto/reader.go
b/src/net/textproto/reader.go
+@@ -493,8 +493,11 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader,
error) {
+ // large one ahead of time which we'll cut up into smaller
+ // slices. If this isn't big enough later, we allocate small ones.
+ var strs []string
+- hint := r.upcomingHeaderNewlines()
++ hint := r.upcomingHeaderKeys()
+ if hint > 0 {
++ if hint > 1000 {
++ hint = 1000 // set a cap to avoid overallocation
++ }
+ strs = make([]string, hint)
+ }
+
+@@ -589,9 +592,11 @@ func mustHaveFieldNameColon(line []byte) error {
+ return nil
+ }
+
+-// upcomingHeaderNewlines returns an approximation of the number of newlines
++var nl =
[OE-core][kirkstone 06/15] binutils : Fix CVE-2023-25584
From: Deepthi Hemraj
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44]
Signed-off-by: Deepthi Hemraj
Signed-off-by: Steve Sakoman
---
.../binutils/binutils-2.38.inc| 3 +
.../binutils/0022-CVE-2023-25584-1.patch | 56 ++
.../binutils/0022-CVE-2023-25584-2.patch | 38 ++
.../binutils/0022-CVE-2023-25584-3.patch | 534 ++
4 files changed, 631 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index bf44e6c762..69fb8539ba 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -50,5 +50,8 @@ SRC_URI = "\
file://0021-CVE-2023-1579-2.patch \
file://0021-CVE-2023-1579-3.patch \
file://0021-CVE-2023-1579-4.patch \
+ file://0022-CVE-2023-25584-1.patch \
+ file://0022-CVE-2023-25584-2.patch \
+ file://0022-CVE-2023-25584-3.patch \
"
S = "${WORKDIR}/git"
diff --git
a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
new file mode 100644
index 00..990243f5c9
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
@@ -0,0 +1,56 @@
+From: Alan Modra
+Date: Thu, 17 Mar 2022 09:35:39 + (+1030)
+Subject: ubsan: Null dereference in parse_module
+X-Git-Tag: gdb-12.1-release~59
+X-Git-Url:
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2
+
+ubsan: Null dereference in parse_module
+
+ * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
+ has set module->func_table for DST__K_RTNEND. Check return
+ of bfd_zalloc.
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 4a92574c850..1129c98f0e2 100644
+--- a/bfd/vms-alpha.c
b/bfd/vms-alpha.c
+@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module,
unsigned char *ptr,
+
+ /* Initialize tables with zero element. */
+ curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
++ if (!curr_srec)
++return false;
+ module->srec_table = curr_srec;
+
+ curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
++ if (!curr_line)
++return false;
+ module->line_table = curr_line;
+
+ while (length == -1 || ptr < maxptr)
+@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned
char *ptr,
+ case DST__K_RTNBEG:
+ funcinfo = (struct funcinfo *)
+ bfd_zalloc (abfd, sizeof (struct funcinfo));
++if (!funcinfo)
++ return false;
+ funcinfo->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+ maxptr - (ptr +
DST_S_B_RTNBEG_NAME));
+@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned
char *ptr,
+ break;
+
+ case DST__K_RTNEND:
++if (!module->func_table)
++ return false;
+ module->func_table->high = module->func_table->low
+ + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;
+
diff --git
a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
new file mode 100644
index 00..f4c5ed2aff
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
@@ -0,0 +1,38 @@
+From da928f639002002dfc649ed9f50492d5d6cb4cee Mon Sep 17 00:00:00 2001
+From: Nick Clifton
+Date: Mon, 5 Dec 2022 11:11:44 +
+Subject: [PATCH] Fix an illegal memory access when parsing a corrupt VMS Alpha
+ file.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix an illegal memory access when parsing a corrupt VMS Alpha file.
+
+PR 29848
+* vms-alpha.c (parse_module): Fix potential out of bounds memory
+access.
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=942fa4fb32738ecbb447546d54f1e5f0312d2ed4]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj
+
+---
+ bfd/vms-alpha.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index c548722c..53b3f1bf 100644
+--- a/bfd/vms-alpha.c
b/bfd/vms-alpha.c
+@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct
[OE-core][kirkstone 05/15] go: Security fix for CVE-2023-24538
From: Shubham Kulkarni
html/template: disallow actions in JS template literals
Backport from
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
Signed-off-by: Shubham Kulkarni
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-24538.patch | 208 ++
2 files changed, 209 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc
b/meta/recipes-devtools/go/go-1.17.13.inc
index c5260569e2..d7cb47ebf4 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -29,6 +29,7 @@ SRC_URI += "\
file://CVE-2022-41722.patch \
file://CVE-2023-24537.patch \
file://CVE-2023-24534.patch \
+file://CVE-2023-24538.patch \
"
SRC_URI[main.sha256sum] =
"a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
b/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
new file mode 100644
index 00..502486befc
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
@@ -0,0 +1,208 @@
+From 07cc3b8711a8efbb5885f56dd90d854049ad2f7d Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker
+Date: Mon, 20 Mar 2023 11:01:13 -0700
+Subject: [PATCH] html/template: disallow actions in JS template literals
+
+ECMAScript 6 introduced template literals[0][1] which are delimited with
+backticks. These need to be escaped in a similar fashion to the
+delimiters for other string literals. Additionally template literals can
+contain special syntax for string interpolation.
+
+There is no clear way to allow safe insertion of actions within JS
+template literals, as handling (JS) string interpolation inside of these
+literals is rather complex. As such we've chosen to simply disallow
+template actions within these template literals.
+
+A new error code is added for this parsing failure case, errJsTmplLit,
+but it is unexported as it is not backwards compatible with other minor
+release versions to introduce an API change in a minor release. We will
+export this code in the next major release.
+
+The previous behavior (with the cavet that backticks are now escaped
+properly) can be re-enabled with GODEBUG=jstmpllitinterp=1.
+
+This change subsumes CL471455.
+
+Thanks to Sohom Datta, Manipal Institute of Technology, for reporting
+this issue.
+
+Fixes CVE-2023-24538
+For #59234
+Fixes #59271
+
+[0]
https://tc39.es/ecma262/multipage/ecmascript-language-expressions.html#sec-template-literals
+[1]
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals
+
+Reviewed-on:
https://team-review.git.corp.google.com/c/golang/go-private/+/1802457
+Reviewed-by: Damien Neil
+Run-TryBot: Damien Neil
+Reviewed-by: Julie Qiu
+Reviewed-by: Roland Shoemaker
+Reviewed-on:
https://team-review.git.corp.google.com/c/golang/go-private/+/1802612
+Run-TryBot: Roland Shoemaker
+Change-Id: Ic7f10595615f2b2740d9c85ad7ef40dc0e78c04c
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481987
+Auto-Submit: Michael Knyszek
+TryBot-Result: Gopher Robot
+Run-TryBot: Michael Knyszek
+Reviewed-by: Matthew Dempsky
+
+Upstream-Status: Backport from
https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni
+---
+ src/html/template/context.go | 2 ++
+ src/html/template/error.go| 13 +
+ src/html/template/escape.go | 11 +++
+ src/html/template/js.go | 2 ++
+ src/html/template/jsctx_string.go | 9 +
+ src/html/template/transition.go | 7 ++-
+ 6 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/context.go b/src/html/template/context.go
+index f7d4849..0b65313 100644
+--- a/src/html/template/context.go
b/src/html/template/context.go
+@@ -116,6 +116,8 @@ const (
+ stateJSDqStr
+ // stateJSSqStr occurs inside a JavaScript single quoted string.
+ stateJSSqStr
++ // stateJSBqStr occurs inside a JavaScript back quoted string.
++ stateJSBqStr
+ // stateJSRegexp occurs inside a JavaScript regexp literal.
+ stateJSRegexp
+ // stateJSBlockCmt occurs inside a JavaScript /* block comment */.
+diff --git a/src/html/template/error.go b/src/html/template/error.go
+index 0e52706..fd26b64 100644
+--- a/src/html/template/error.go
b/src/html/template/error.go
+@@ -211,6 +211,19 @@ const (
+ // pipeline occurs in an unquoted attribute value context, "html" is
+ // disallowed. Avoid using "html" and "urlquery" entirely in new
templates.
+ ErrPredefinedEscaper
++
++ // errJSTmplLit: "... appears in a JS template literal"
++ // Example:
++ // var tmpl = `{{.Interp}`
++ // Discussion:
++ // Package html/template does not support actions inside
[OE-core][kirkstone 03/15] freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
From: Vivek Kumbhar
Fix An integer overflow vulnerability was discovered in Freetype in
tt_hvadvance_adjust() function in src/truetype/ttgxvar.c
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
.../freetype/freetype/CVE-2023-2004.patch | 41 +++
.../freetype/freetype_2.11.1.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
new file mode 100644
index 00..f600309d3e
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
@@ -0,0 +1,41 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+
+Upstream-Status: Backport
[https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
+CVE: CVE-2023-2004
+Signed-off-by: Vivek Kumbhar
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 7f2db0c..8968111 100644
+--- a/src/truetype/ttgxvar.c
b/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include
+ #include
+ #include FT_CONFIG_CONFIG_H
++#include
+ #include
+ #include
+ #include
+@@ -1147,7 +1148,7 @@
+ delta == 1 ? "" : "s",
+ vertical ? "VVAR" : "HVAR" ));
+
+-*avalue += delta;
++*avalue = ADD_INT( *avalue, delta );
+
+ Exit:
+ return error;
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb
b/meta/recipes-graphics/freetype/freetype_2.11.1.bb
index d425e162bc..29f4d8dfb7 100644
--- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb
@@ -16,6 +16,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.xz \
file://CVE-2022-27404.patch \
file://CVE-2022-27405.patch \
file://CVE-2022-27406.patch \
+ file://CVE-2023-2004.patch \
"
SRC_URI[sha256sum] =
"ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180986):
https://lists.openembedded.org/g/openembedded-core/message/180986
Mute This Topic: https://lists.openembedded.org/mt/98726663/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 02/15] connman: fix CVE-2023-28488 DoS in client.c
From: Hitendra Prajapati
Upstream-Status: Backport from
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../connman/connman/CVE-2023-28488.patch | 60 +++
.../connman/connman_1.41.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644
meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
b/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
new file mode 100644
index 00..a6cabdfb20
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
@@ -0,0 +1,60 @@
+From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
+From: Daniel Wagner
+Date: Tue, 11 Apr 2023 08:12:56 +0200
+Subject: gdhcp: Verify and sanitize packet length first
+
+Avoid overwriting the read packet length after the initial test. Thus
+move all the length checks which depends on the total length first
+and do not use the total lenght from the IP packet afterwards.
+
+Reported by Polina Smirnova
+
+CVE: CVE-2023-28488
+Upstream-Status: Backport
[https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138]
+Signed-off-by: Hitendra Prajapati
+---
+ gdhcp/client.c | 16 +---
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index 3016dfc..28fa606 100644
+--- a/gdhcp/client.c
b/gdhcp/client.c
+@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet
*packet, int bytes)
+ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ struct sockaddr_in *dst_addr)
+ {
+- int bytes;
+ struct ip_udp_dhcp_packet packet;
+ uint16_t check;
++ int bytes, tot_len;
+
+ memset(&packet, 0, sizeof(packet));
+
+@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet
*dhcp_pkt, int fd,
+ if (bytes < 0)
+ return -1;
+
+- if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
+- return -1;
+-
+- if (bytes < ntohs(packet.ip.tot_len))
++ tot_len = ntohs(packet.ip.tot_len);
++ if (bytes > tot_len) {
++ /* ignore any extra garbage bytes */
++ bytes = tot_len;
++ } else if (bytes < tot_len) {
+ /* packet is bigger than sizeof(packet), we did partial read */
+ return -1;
++ }
+
+- /* ignore any extra garbage bytes */
+- bytes = ntohs(packet.ip.tot_len);
++ if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
++ return -1;
+
+ if (!sanity_check(&packet, bytes))
+ return -1;
+--
+2.25.1
+
diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb
b/meta/recipes-connectivity/connman/connman_1.41.bb
index 79542b2175..27b28be41c 100644
--- a/meta/recipes-connectivity/connman/connman_1.41.bb
+++ b/meta/recipes-connectivity/connman/connman_1.41.bb
@@ -8,6 +8,7 @@ SRC_URI =
"${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://CVE-2022-32293_p1.patch \
file://CVE-2022-32293_p2.patch \
file://CVE-2022-32292.patch \
+ file://CVE-2023-28488.patch \
"
SRC_URI:append:libc-musl = "
file://0002-resolve-musl-does-not-implement-res_ninit.patch"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180985):
https://lists.openembedded.org/g/openembedded-core/message/180985
Mute This Topic: https://lists.openembedded.org/mt/98726661/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 01/15] ffmpeg: fix for CVE-2022-48434
From: Narpat Mali
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and
other products, leaves stale hwaccel state in worker threads, which
allows attackers to trigger a use-after-free and execute arbitrary
code in some circumstances (e.g., hardware re-initialization upon a
mid-video SPS change when Direct3D11 is used).
Signed-off-by: Narpat Mali
Signed-off-by: Steve Sakoman
---
.../ffmpeg/ffmpeg/CVE-2022-48434.patch| 130 ++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
2 files changed, 132 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
new file mode 100644
index 00..3cd374dc39
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
@@ -0,0 +1,130 @@
+From e40c964a0678908e2c756741343ed50d6a99ee12 Mon Sep 17 00:00:00 2001
+From: Anton Khirnov
+Date: Fri, 28 Apr 2023 11:45:30 +
+Subject: [PATCH] lavc/pthread_frame: avoid leaving stale hwaccel state in
+ worker threads
+
+This state is not refcounted, so make sure it always has a well-defined
+owner.
+
+Remove the block added in 091341f, as
+this commit also solves that issue in a more general way.
+
+CVE:CVE-2022-48434
+
+Upstream-Status: Backport
[https://github.com/FFmpeg/FFmpeg/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11]
+
+Signed-off-by: Narpat Mali
+---
+ libavcodec/pthread_frame.c | 46 +-
+ 1 file changed, 35 insertions(+), 11 deletions(-)
+
+diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
+index 85a6bc9..e40dced 100644
+--- a/libavcodec/pthread_frame.c
b/libavcodec/pthread_frame.c
+@@ -145,6 +145,12 @@ typedef struct FrameThreadContext {
+ * Set for the first N packets, where N is
the number of threads.
+ * While it is set,
ff_thread_en/decode_frame won't return any results.
+ */
++
++/* hwaccel state is temporarily stored here in order to transfer its
ownership
++ * to the next decoding thread without the need for extra synchronization
*/
++const AVHWAccel *stash_hwaccel;
++void*stash_hwaccel_context;
++void*stash_hwaccel_priv;
+ } FrameThreadContext;
+
+ #if FF_API_THREAD_SAFE_CALLBACKS
+@@ -229,9 +235,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
+ ff_thread_finish_setup(avctx);
+
+ if (p->hwaccel_serializing) {
++/* wipe hwaccel state to avoid stale pointers lying around;
++ * the state was transferred to FrameThreadContext in
++ * ff_thread_finish_setup(), so nothing is leaked */
++avctx->hwaccel = NULL;
++avctx->hwaccel_context = NULL;
++avctx->internal->hwaccel_priv_data = NULL;
++
+ p->hwaccel_serializing = 0;
+ pthread_mutex_unlock(&p->parent->hwaccel_mutex);
+ }
++av_assert0(!avctx->hwaccel);
+
+ if (p->async_serializing) {
+ p->async_serializing = 0;
+@@ -294,14 +308,10 @@ static int update_context_from_thread(AVCodecContext
*dst, AVCodecContext *src,
+ dst->color_range = src->color_range;
+ dst->chroma_sample_location = src->chroma_sample_location;
+
+-dst->hwaccel = src->hwaccel;
+-dst->hwaccel_context = src->hwaccel_context;
+-
+ dst->channels = src->channels;
+ dst->sample_rate= src->sample_rate;
+ dst->sample_fmt = src->sample_fmt;
+ dst->channel_layout = src->channel_layout;
+-dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data;
+
+ if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx ||
+ (dst->hw_frames_ctx && dst->hw_frames_ctx->data !=
src->hw_frames_ctx->data)) {
+@@ -442,6 +452,12 @@ static int submit_packet(PerThreadContext *p,
AVCodecContext *user_avctx,
+ pthread_mutex_unlock(&p->mutex);
+ return err;
+ }
++
++/* transfer hwaccel state stashed from previous thread, if any */
++av_assert0(!p->avctx->hwaccel);
++FFSWAP(const AVHWAccel*, p->avctx->hwaccel,
fctx->stash_hwaccel);
++FFSWAP(void*,p->avctx->hwaccel_context,
fctx->stash_hwaccel_context);
++FFSWAP(void*,p->avctx->internal->hwaccel_priv_data,
fctx->stash_hwaccel_priv);
+ }
+
+ av_packet_unref(p->avpkt);
+@@ -647,6 +663,14 @@ void ff_thread_finish_setup(AVCodecContext *avctx) {
+ async_lock(p->parent);
+ }
+
++/* save hwaccel state for passing to the next thread;
++ * this is done here so that this worker thread can wipe its own hwaccel
++ * state after decoding, without requiring synchronization */
++av_a
[OE-core][kirkstone 00/15] Patch review
Please review this set of patches for kirkstone and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5269 The following changes since commit 2d67702bdfc64358d364dd6484ae41842ee7c52f: glibc: stable 2.35 branch updates. (2023-04-28 03:55:33 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Arturo Buzarra (1): run-postinsts: Set dependency for ldconfig to avoid boot issues Deepthi Hemraj (4): binutils : Fix CVE-2023-25584 binutils : Fix CVE-2023-25585 binutils : Fix CVE-2023-1972 binutils : Fix CVE-2023-25588 Hitendra Prajapati (1): connman: fix CVE-2023-28488 DoS in client.c Kai Kang (1): webkitgtk: fix CVE-2022-32888 & CVE-2022-32923 Narpat Mali (2): ffmpeg: fix for CVE-2022-48434 python3-cryptography: fix for CVE-2023-23931 Randolph Sapp (2): wic/bootimg-efi: if fixed-size is set then use that for mkdosfs kernel-devicetree: allow specification of dtb directory Ranjitsinh Rathod (1): libbsd: Add correct license for all packages Shubham Kulkarni (1): go: Security fix for CVE-2023-24538 Vivek Kumbhar (2): freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c go: fix CVE-2023-24534 denial of service from excessive memory allocation meta/classes/kernel-devicetree.bbclass| 22 +- meta/classes/kernel.bbclass | 2 + .../connman/connman/CVE-2023-28488.patch | 60 ++ .../connman/connman_1.41.bb | 1 + .../binutils/binutils-2.38.inc| 6 + .../binutils/0022-CVE-2023-25584-1.patch | 56 ++ .../binutils/0022-CVE-2023-25584-2.patch | 38 ++ .../binutils/0022-CVE-2023-25584-3.patch | 534 ++ .../binutils/0023-CVE-2023-25585.patch| 54 ++ .../binutils/0025-CVE-2023-25588.patch| 147 + .../binutils/0026-CVE-2023-1972.patch | 41 ++ meta/recipes-devtools/go/go-1.17.13.inc | 2 + .../go/go-1.18/CVE-2023-24534.patch | 200 +++ .../go/go-1.18/CVE-2023-24538.patch | 208 +++ .../python3-cryptography/CVE-2023-23931.patch | 49 ++ .../python/python3-cryptography_36.0.2.bb | 1 + .../run-postinsts/run-postinsts.service | 2 +- .../freetype/freetype/CVE-2023-2004.patch | 41 ++ .../freetype/freetype_2.11.1.bb | 1 + .../ffmpeg/ffmpeg/CVE-2022-48434.patch| 130 + .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +- .../webkit/webkitgtk/CVE-2022-32888.patch | 41 ++ .../webkit/webkitgtk/CVE-2022-32923.patch | 435 ++ meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 2 + meta/recipes-support/libbsd/libbsd_0.11.5.bb | 7 + scripts/lib/wic/plugins/source/bootimg-efi.py | 7 + 26 files changed, 2083 insertions(+), 7 deletions(-) create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180983): https://lists.openembedded.org/g/openembedded-core/message/180983 Mute This Topic: https://lists.openembedded.org/mt/98726658/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] glib-networking: Add test retry to avoid failures
In autobuilder testing we regularly see glib-networking ptest fail with a
"Resource temporarily unavailable (g-io-error-quark, 27)" error.
Add a patch to see if a retry can resolve the issue.
Signed-off-by: Richard Purdie
---
.../glib-networking/eagain.patch | 29 +++
.../glib-networking/glib-networking_2.74.0.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644
meta/recipes-core/glib-networking/glib-networking/eagain.patch
diff --git a/meta/recipes-core/glib-networking/glib-networking/eagain.patch
b/meta/recipes-core/glib-networking/glib-networking/eagain.patch
new file mode 100644
index 000..6dfbb2736c8
--- /dev/null
+++ b/meta/recipes-core/glib-networking/glib-networking/eagain.patch
@@ -0,0 +1,29 @@
+In autobuilder testing we regularly see glib-networking ptest fail with:
+
+GLib-Net:ERROR:/usr/src/debug/glib-networking/2.74.0-r0/tls/tests/connection.c:1944:simul_read_thread:
assertion failed (error == NULL): Resource temporarily unavailable
(g-io-error-quark, 27)
+Bail out!
GLib-Net:ERROR:/usr/src/debug/glib-networking/2.74.0-r0/tls/tests/connection.c:1944:simul_read_thread:
assertion failed (error == NULL): Resource temporarily unavailable
(g-io-error-quark, 27)
+FAIL: glib-networking/connection-openssl.test (Child process killed by signal
6)
+SUMMARY: total=4; passed=3; skipped=0; failed=1; user=0.9s; system=0.4s;
maxrss=10708
+FAIL: glib-networking/connection-openssl.test (Child process killed by signal
6)
+
+The test should probably retry in this situation so test a patch which does
this.
+
+Upstream-Status: Pending [testing to see if patch resolves the issue]
+
+Signed-off-by: Richard Purdie
+
+Index: glib-networking-2.74.0/tls/tests/connection.c
+===
+--- glib-networking-2.74.0.orig/tls/tests/connection.c
glib-networking-2.74.0/tls/tests/connection.c
+@@ -1941,6 +1941,10 @@ simul_read_thread (gpointer user_data)
+test->buf + test->nread,
+MIN (TEST_DATA_LENGTH / 2,
TEST_DATA_LENGTH - test->nread),
+NULL, &error);
++
++ if (error == G_IO_STATUS_AGAIN)
++ continue;
++
+ g_assert_no_error (error);
+
+ test->nread += nread;
diff --git a/meta/recipes-core/glib-networking/glib-networking_2.74.0.bb
b/meta/recipes-core/glib-networking/glib-networking_2.74.0.bb
index dc0be23357f..b3a88aca8db 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.74.0.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.74.0.bb
@@ -24,6 +24,7 @@ GNOMEBASEBUILDCLASS = "meson"
inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome
SRC_URI += "file://run-ptest"
+SRC_URI += "file://eagain.patch"
FILES:${PN} += "\
${libdir}/gio/modules/libgio*.so \
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180982):
https://lists.openembedded.org/g/openembedded-core/message/180982
Mute This Topic: https://lists.openembedded.org/mt/98724857/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] kernel-devicetree: allow specification of dtb directory
On Fri, May 5, 2023 at 6:38 PM Randolph Sapp via lists.openembedded.org wrote:
> From: Randolph Sapp
>
> Fedora/Redhat and Arch are somewhat standardized on their dtb directory
> structure. Let's add some flags to configure yocto to mimic that
> behavior.
>
> Add the following variables to the kernel class:
> - KERNEL_DTBDEST (controls the destination directory for dtbs)
> - KERNEL_DTBVENDORED (controls if vendor subdirectories are to
> be respected)
>
> Currently KERNEL_DTBDEST is expected to be a subdir of KERNEL_IMAGEDEST
> and KERNEL_DTBVENDORED is expected to be "true"/"false". This only
> applies to the package directory structure. The deploydir structure is
> purposely left untouched for compatibility with existing recipes.
>
> By default this is configured to behave the same as the current recipe
> and produce a flat dtb directory at KERNEL_IMAGEDEST.
>
> Signed-off-by: Randolph Sapp
> ---
>
> Well, suppose I was breaking things by submitting this to kirkstone
> first. This is just the master version of the following patchset:
> https://lists.openembedded.org/g/openembedded-core/message/180754
>
> I'd love to get that series merged as well if this patch is acceptable.
>
> meta/classes-recipe/kernel-devicetree.bbclass | 22 ++-
> meta/classes-recipe/kernel.bbclass| 2 ++
> 2 files changed, 19 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes-recipe/kernel-devicetree.bbclass
> b/meta/classes-recipe/kernel-devicetree.bbclass
> index 4d0ecb1032..a6c6c5f227 100644
> --- a/meta/classes-recipe/kernel-devicetree.bbclass
> +++ b/meta/classes-recipe/kernel-devicetree.bbclass
> ...
> - dtb_base_name=`basename $dtb .$dtb_ext`
> dtb_path=`get_real_dtb_path_in_kernel "$dtb"`
> - install -m 0644 $dtb_path
> ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
> + if [ ${KERNEL_DTBVENDORED} == "false" ]; then
>
dash doesn't like this:
/bin/dash -c "if [ false == "false" ]; then echo foo; fi"
add quotes or use single '='.
+ dtb_ext=${dtb##*.}
> + dtb_base_name=`basename $dtb .$dtb_ext`
> + dtb=$dtb_base_name.$dtb_ext
> + fi
> + install -Dm 0644 $dtb_path ${D}/${KERNEL_DTBDEST}/$dtb
> done
> }
>
> @@ -88,7 +97,10 @@ do_deploy:append() {
> dtb_ext=${dtb##*.}
> dtb_base_name=`basename $dtb .$dtb_ext`
> install -d $deployDir
> - install -m 0644
> ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
> $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
> + if [ ${KERNEL_DTBVENDORED} == "false" ]; then
>
Same here
> + dtb=$dtb_base_name.$dtb_ext
> + fi
> + install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb
> $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
> if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then
> ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
> $deployDir/$dtb_base_name.$dtb_ext
> fi
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180981):
https://lists.openembedded.org/g/openembedded-core/message/180981
Mute This Topic: https://lists.openembedded.org/mt/98709532/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] ghostscript: upgrade to 10.01.1
Hello Ross,
This doesn't apply because of 8a70d6935afa ghostscript: fix CVE-2023-28879
>From the commit message, I believe cve-2023-28879.patch is still needed.
On 03/05/2023 17:47:29+0100, Ross Burton wrote:
> From: Ross Burton
>
> Fixes CVE-2023-28879.
>
> Drop an upstreamed patch.
>
> Signed-off-by: Ross Burton
> ---
> .../ghostscript/cross-compile.patch | 40 ---
> ...cript_10.0.0.bb => ghostscript_10.01.1.bb} | 3 +-
> 2 files changed, 1 insertion(+), 42 deletions(-)
> delete mode 100644
> meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
> rename meta/recipes-extended/ghostscript/{ghostscript_10.0.0.bb =>
> ghostscript_10.01.1.bb} (97%)
>
> diff --git
> a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
> b/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
> deleted file mode 100644
> index ba62820df1e..000
> --- a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -From 4c3575346b9c7d394ebc73b4e5fabebadd8877ec Mon Sep 17 00:00:00 2001
> -From: Chris Liddell
> -Date: Thu, 24 Nov 2022 16:33:47 +
> -Subject: [PATCH] Fix a little bitrot in the cross-compiling logic
> -
> -Removing the option to disable FAPI meant configuring for cross compiling
> would
> -fail because the option being passed to the sub-call to configure would
> include
> -an unknown command line option.
> -
> -Upstream-Status: Backport
> [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;f=configure.ac;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec]
> -Signed-off-by: Alexander Kanavin
>
> - configure.ac | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/configure.ac b/configure.ac
> -index d5c68c4b3..738eb10a9 100644
> a/configure.ac
> -+++ b/configure.ac
> -@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then
> - echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in
> -
> - AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary
> tools)])
> -- "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX"
> CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX=
> MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only
> --disable-hidden-visibility --with-local-zlib --without-libtiff
> --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype
> --disable-fapi --disable-cups --disable-openjpeg --disable-gtk
> --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster
> --without-ijs --without-jbig2dec --without-x --with-drivers=""
> -+ "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX"
> CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX=
> MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only
> --disable-hidden-visibility --with-local-zlib --without-libtiff
> --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype
> --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no
> --without-libidn --without-libpaper --without-pdftoraster --without-ijs
> --without-jbig2dec --without-x --with-drivers=""
> - status=$?
> - cp config.log "$olddir/configaux.log"
> - if test $status -eq 0 ; then
> -@@ -2530,7 +2530,7 @@ PDF=
> - PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak"
> - PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak"
> -
> --if test x"$with_pdf" != x"no" ; then
> -+if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then
> -
> - if test x"$JBIG2_DECODER" = x""; then
> - AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support])
> ---
> -2.25.1
> -
> diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
> b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
> similarity index 97%
> rename from meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
> rename to meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
> index 56a93632e29..5d4b8cdc913 100644
> --- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
> +++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
> @@ -33,7 +33,6 @@ SRC_URI_BASE =
> "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
> file://do-not-check-local-libpng-source.patch \
> file://avoid-host-contamination.patch \
> file://mkdir-p.patch \
> -file://cross-compile.patch \
> "
>
> SRC_URI = "${SRC_URI_BASE} \
> @@ -45,7 +44,7 @@ SRC_URI:class-native = "${SRC_URI_BASE} \
>
> file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \
> "
>
> -SRC_URI[sha256sum] =
> "a57764d70caf85e2fc0b0f59b83b92e25775631714dcdb97cc6e0cea414bb5a3"
> +SRC_URI[sha256sum] =
> "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
>
> # Put something like
> #
> --
> 2.34.1
>
>
>
>
--
Alexandre Belloni, co-owner and C
