diff options
Diffstat (limited to 'meta/recipes-extended')
117 files changed, 4577 insertions, 1052 deletions
diff --git a/meta/recipes-extended/at/at_3.2.5.bb b/meta/recipes-extended/at/at_3.2.5.bb index 87a436173f..c0c876a644 100644 --- a/meta/recipes-extended/at/at_3.2.5.bb +++ b/meta/recipes-extended/at/at_3.2.5.bb @@ -52,8 +52,10 @@ INITSCRIPT_PARAMS = "defaults" SYSTEMD_SERVICE:${PN} = "atd.service" -do_configure:prepend() { - cp -f ${WORKDIR}/posixtm.[ch] ${S} +do_patch[postfuncs] += "copy_posix_files" + +copy_posix_files() { + cp -f ${WORKDIR}/posixtm.[ch] ${S} } do_install () { diff --git a/meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch b/meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch new file mode 100644 index 0000000000..c12b4b7766 --- /dev/null +++ b/meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch @@ -0,0 +1,229 @@ +From 7e84276e07c0835a8729d6fe1265e70eedb2a7f7 Mon Sep 17 00:00:00 2001 +From: Chet Ramey <chet.ramey@case.edu> +Date: Mon, 30 Oct 2023 12:16:07 -0400 +Subject: [PATCH] changes to SIGINT handler while waiting for a child; skip + vertical whitespace after translating an integer + +Upstream-Status: Backport +https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=fe24a6a55e8850298b496c5b9d82f1866eba190e + +[Adjust and drop some codes to be applicable the tree] +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + general.c | 5 +++-- + jobs.c | 26 ++++++++++++++++---------- + tests/redir.right | 4 ++-- + tests/redir11.sub | 2 ++ + tests/type.right | 16 ++++++++-------- + tests/type.tests | 24 ++++++++++++------------ + 6 files changed, 43 insertions(+), 34 deletions(-) + +diff --git a/general.c b/general.c +index 50d5216..68987e2 100644 +--- a/general.c ++++ b/general.c +@@ -262,8 +262,9 @@ legal_number (string, result) + if (errno || ep == string) + return 0; /* errno is set on overflow or underflow */ + +- /* Skip any trailing whitespace, since strtoimax does not. */ +- while (whitespace (*ep)) ++ /* Skip any trailing whitespace, since strtoimax does not, using the same ++ test that strtoimax uses for leading whitespace. */ ++ while (isspace ((unsigned char) *ep)) + ep++; + + /* If *string is not '\0' but *ep is '\0' on return, the entire string +diff --git a/jobs.c b/jobs.c +index 7c3b6e8..84dab4d 100644 +--- a/jobs.c ++++ b/jobs.c +@@ -2727,6 +2727,10 @@ wait_for_background_pids (ps) + #define INVALID_SIGNAL_HANDLER (SigHandler *)wait_for_background_pids + static SigHandler *old_sigint_handler = INVALID_SIGNAL_HANDLER; + ++/* The current SIGINT handler as set by restore_sigint_handler. Only valid ++ immediately after restore_sigint_handler, used for continuations. */ ++static SigHandler *cur_sigint_handler = INVALID_SIGNAL_HANDLER; ++ + static int wait_sigint_received; + static int child_caught_sigint; + +@@ -2743,6 +2747,7 @@ wait_sigint_cleanup () + static void + restore_sigint_handler () + { ++ cur_sigint_handler = old_sigint_handler; + if (old_sigint_handler != INVALID_SIGNAL_HANDLER) + { + set_signal_handler (SIGINT, old_sigint_handler); +@@ -2766,8 +2771,7 @@ wait_sigint_handler (sig) + restore_sigint_handler (); + /* If we got a SIGINT while in `wait', and SIGINT is trapped, do + what POSIX.2 says (see builtins/wait.def for more info). */ +- if (this_shell_builtin && this_shell_builtin == wait_builtin && +- signal_is_trapped (SIGINT) && ++ if (signal_is_trapped (SIGINT) && + ((sigint_handler = trap_to_sighandler (SIGINT)) == trap_handler)) + { + trap_handler (SIGINT); /* set pending_traps[SIGINT] */ +@@ -2792,6 +2796,8 @@ wait_sigint_handler (sig) + { + set_exit_status (128+SIGINT); + restore_sigint_handler (); ++ if (cur_sigint_handler == INVALID_SIGNAL_HANDLER) ++ set_sigint_handler (); /* XXX - only do this in one place */ + kill (getpid (), SIGINT); + } + +@@ -2934,15 +2940,15 @@ wait_for (pid, flags) + { + SigHandler *temp_sigint_handler; + +- temp_sigint_handler = set_signal_handler (SIGINT, wait_sigint_handler); +- if (temp_sigint_handler == wait_sigint_handler) +- { ++ temp_sigint_handler = old_sigint_handler; ++ old_sigint_handler = set_signal_handler (SIGINT, wait_sigint_handler); ++ if (old_sigint_handler == wait_sigint_handler) ++ { + #if defined (DEBUG) +- internal_warning ("wait_for: recursively setting old_sigint_handler to wait_sigint_handler: running_trap = %d", running_trap); ++ internal_debug ("wait_for: recursively setting old_sigint_handler to wait_sigint_handler: running_trap = %d", running_trap); + #endif +- } +- else +- old_sigint_handler = temp_sigint_handler; ++ old_sigint_handler = temp_sigint_handler; ++ } + waiting_for_child = 0; + if (old_sigint_handler == SIG_IGN) + set_signal_handler (SIGINT, old_sigint_handler); +@@ -4148,7 +4154,7 @@ set_job_status_and_cleanup (job) + SIGINT (if we reset the sighandler to the default). + In this case, we have to fix things up. What a crock. */ + if (temp_handler == trap_handler && signal_is_trapped (SIGINT) == 0) +- temp_handler = trap_to_sighandler (SIGINT); ++ temp_handler = trap_to_sighandler (SIGINT); + restore_sigint_handler (); + if (temp_handler == SIG_DFL) + termsig_handler (SIGINT); /* XXX */ +diff --git a/tests/redir.right b/tests/redir.right +index 8db1041..9e1403c 100644 +--- a/tests/redir.right ++++ b/tests/redir.right +@@ -154,10 +154,10 @@ foo + 1 + 7 + after: 42 +-./redir11.sub: line 53: $(ss= declare -i ss): ambiguous redirect ++./redir11.sub: line 55: $(ss= declare -i ss): ambiguous redirect + after: 42 + a+=3 + foo + foo +-./redir11.sub: line 75: 42: No such file or directory ++./redir11.sub: line 77: 42: No such file or directory + 42 +diff --git a/tests/redir11.sub b/tests/redir11.sub +index d417cdb..2a9f2b8 100644 +--- a/tests/redir11.sub ++++ b/tests/redir11.sub +@@ -56,6 +56,8 @@ foo() + a=4 b=7 foo + echo after: $a + ++exec 7>&- 4>&- ++ + unset a + typeset -i a + a=4 eval echo $(echo a+=3) +diff --git a/tests/type.right b/tests/type.right +index f876715..c09ab73 100644 +--- a/tests/type.right ++++ b/tests/type.right +@@ -24,15 +24,15 @@ func () + } + while + while is a shell keyword +-./type.tests: line 56: type: m: not found +-alias m='more' +-alias m='more' +-m is aliased to `more' ++./type.tests: line 56: type: morealias: not found ++alias morealias='more' ++alias morealias='more' ++morealias is aliased to `more' + alias +-alias m='more' +-alias m='more' +-alias m='more' +-m is aliased to `more' ++alias morealias='more' ++alias morealias='more' ++alias morealias='more' ++morealias is aliased to `more' + builtin + builtin is a shell builtin + /bin/sh +diff --git a/tests/type.tests b/tests/type.tests +index fd39c18..ddc1540 100644 +--- a/tests/type.tests ++++ b/tests/type.tests +@@ -25,8 +25,6 @@ type -r ${THIS_SH} + type notthere + command -v notthere + +-alias m=more +- + unset -f func 2>/dev/null + func() { echo this is func; } + +@@ -49,24 +47,26 @@ command -V func + command -v while + command -V while + ++alias morealias=more ++ + # the following two lines should produce the same output + # post-3.0 patch makes command -v silent, as posix specifies + # first test with alias expansion off (should all fail or produce no output) +-type -t m +-type m +-command -v m ++type -t morealias ++type morealias ++command -v morealias + alias -p +-alias m ++alias morealias + + # then test with alias expansion on + shopt -s expand_aliases +-type m +-type -t m +-command -v m ++type morealias ++type -t morealias ++command -v morealias + alias -p +-alias m ++alias morealias + +-command -V m ++command -V morealias + shopt -u expand_aliases + + command -v builtin +@@ -76,7 +76,7 @@ command -V /bin/sh + + unset -f func + type func +-unalias m ++unalias morealias + type m + + hash -r +-- +2.25.1 + diff --git a/meta/recipes-extended/bash/bash/CVE-2022-3715.patch b/meta/recipes-extended/bash/bash/CVE-2022-3715.patch new file mode 100644 index 0000000000..44f4d91949 --- /dev/null +++ b/meta/recipes-extended/bash/bash/CVE-2022-3715.patch @@ -0,0 +1,33 @@ +From 15d2428d5d3df8dd826008baf51579ab7750d8b2 Mon Sep 17 00:00:00 2001 +From: Xiangyu Chen <xiangyu.chen@windriver.com> +Date: Wed, 23 Nov 2022 11:17:01 +0800 +Subject: [OE-Core][kirkstone][PATCH] bash: heap-buffer-overflow in + valid_parameter_transform CVE-2022-3715 + +Reference:https://bugzilla.redhat.com/show_bug.cgi?id=2126720 + +CVE: CVE-2022-3715 +Upstream-Status: Backport from +[https://git.savannah.gnu.org/cgit/bash.git/diff/subst.c?h=bash-5.2-testing&id=9cef6d01181525de119832d2b6a925899cdec08e] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + subst.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/subst.c b/subst.c +index 2b76256..38ee9ac 100644 +--- a/subst.c ++++ b/subst.c +@@ -7962,7 +7962,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl + return ((char *)NULL); + } + +- if (valid_parameter_transform (xform) == 0) ++ if (xform[0] == 0 || valid_parameter_transform (xform) == 0) + { + this_command_name = oname; + #if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */ +-- +2.34.1 + diff --git a/meta/recipes-extended/bash/bash_5.1.16.bb b/meta/recipes-extended/bash/bash_5.1.16.bb index d046faa4e5..ab1ecffb3d 100644 --- a/meta/recipes-extended/bash/bash_5.1.16.bb +++ b/meta/recipes-extended/bash/bash_5.1.16.bb @@ -15,6 +15,8 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ file://use_aclocal.patch \ file://makerace.patch \ file://makerace2.patch \ + file://CVE-2022-3715.patch \ + file://0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch \ " SRC_URI[tarball.sha256sum] = "5bac17218d3911834520dad13cd1f85ab944e1c09ae1aba55906be1f8192f558" diff --git a/meta/recipes-extended/bc/bc_1.07.1.bb b/meta/recipes-extended/bc/bc_1.07.1.bb index 1bec76bb2a..5a03751304 100644 --- a/meta/recipes-extended/bc/bc_1.07.1.bb +++ b/meta/recipes-extended/bc/bc_1.07.1.bb @@ -32,4 +32,4 @@ do_compile:prepend() { ALTERNATIVE:${PN} = "bc dc" ALTERNATIVE_PRIORITY = "100" -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch b/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch deleted file mode 100644 index 6ae213942c..0000000000 --- a/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b9565dc2fe0c4f7daaec91b7e83bc7313dee2f4a Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 13 Apr 2015 17:02:13 -0700 -Subject: [PATCH] Unset need_charset_alias when building for musl - -localcharset uses ac_cv_gnu_library_2_1 from glibc21.m4 -which actually shoudl be fixed in gnulib and then all downstream -projects will get it eventually. For now we apply the fix to -coreutils - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/gnulib.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: cpio-2.11/gnu/Makefile.am -=================================================================== ---- cpio-2.11.orig/gnu/Makefile.am -+++ cpio-2.11/gnu/Makefile.am -@@ -734,7 +734,7 @@ install-exec-localcharset: all-local - case '$(host_os)' in \ - darwin[56]*) \ - need_charset_alias=true ;; \ -- darwin* | cygwin* | mingw* | pw32* | cegcc*) \ -+ darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \ - need_charset_alias=false ;; \ - *) \ - need_charset_alias=true ;; \ diff --git a/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch b/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch deleted file mode 100644 index 478324c1c4..0000000000 --- a/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 33e6cb5a28fab3d99bd6818f8c01e6f33805390f Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff <gray@gnu.org> -Date: Mon, 20 Jan 2020 07:45:39 +0200 -Subject: [PATCH] src/global.c: Remove superfluous declaration of program_name - -Upstream-Status: Backport (commit 641d3f4) -Signed-off-by: Richard Leitner <richard.leitner@skidata.com> ---- - src/global.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/global.c b/src/global.c -index fb3abe9..acf92bc 100644 ---- a/src/global.c -+++ b/src/global.c -@@ -184,9 +184,6 @@ unsigned int warn_option = 0; - /* Extract to standard output? */ - bool to_stdout_option = false; - --/* The name this program was run with. */ --char *program_name; -- - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); --- -2.26.2 - diff --git a/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch b/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch deleted file mode 100644 index 6ceafeee49..0000000000 --- a/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch +++ /dev/null @@ -1,581 +0,0 @@ -GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted -pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers -an out-of-bounds heap write. - -CVE: CVE-2021-38185 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From e494c68a3a0951b1eaba77e2db93f71a890e15d8 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff <gray@gnu.org> -Date: Sat, 7 Aug 2021 12:52:21 +0300 -Subject: [PATCH 1/3] Rewrite dynamic string support. - -* src/dstring.c (ds_init): Take a single argument. -(ds_free): New function. -(ds_resize): Take a single argument. Use x2nrealloc to expand -the storage. -(ds_reset,ds_append,ds_concat,ds_endswith): New function. -(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. -* src/dstring.h (dynamic_string): Keep both the allocated length -(ds_size) and index of the next free byte in the string (ds_idx). -(ds_init,ds_resize): Change signature. -(ds_len): New macro. -(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. -* src/copyin.c: Use new ds_ functions. -* src/copyout.c: Likewise. -* src/copypass.c: Likewise. -* src/util.c: Likewise. ---- - src/copyin.c | 40 +++++++++++------------ - src/copyout.c | 16 ++++----- - src/copypass.c | 34 +++++++++---------- - src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++-------------- - src/dstring.h | 31 +++++++++--------- - src/util.c | 6 ++-- - 6 files changed, 123 insertions(+), 92 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index b29f348..37e503a 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, - char *str_res; /* Result for string function. */ - static dynamic_string new_name; /* New file name for rename option. */ - static int initialized_new_name = false; -+ - if (!initialized_new_name) -- { -- ds_init (&new_name, 128); -- initialized_new_name = true; -- } -+ { -+ ds_init (&new_name); -+ initialized_new_name = true; -+ } - - if (rename_flag) - { -@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) - already in `save_patterns' (from the command line) are preserved. */ - - static void --read_pattern_file () -+read_pattern_file (void) - { -- int max_new_patterns; -- char **new_save_patterns; -- int new_num_patterns; -+ char **new_save_patterns = NULL; -+ size_t max_new_patterns; -+ size_t new_num_patterns; - int i; -- dynamic_string pattern_name; -+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; - FILE *pattern_fp; - - if (num_patterns < 0) - num_patterns = 0; -- max_new_patterns = 1 + num_patterns; -- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); - new_num_patterns = num_patterns; -- ds_init (&pattern_name, 128); -+ max_new_patterns = num_patterns; -+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); - - pattern_fp = fopen (pattern_file_name, "r"); - if (pattern_fp == NULL) - open_fatal (pattern_file_name); - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) - { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -+ if (new_num_patterns == max_new_patterns) -+ new_save_patterns = x2nrealloc (new_save_patterns, -+ &max_new_patterns, -+ sizeof (new_save_patterns[0])); - new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); - ++new_num_patterns; - } -+ -+ ds_free (&pattern_name); -+ - if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) - close_error (pattern_file_name); - -@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count) - in the file system. */ - - void --process_copy_in () -+process_copy_in (void) - { - char done = false; /* True if trailer reached. */ - FILE *tty_in = NULL; /* Interactive file for rename option. */ -diff --git a/src/copyout.c b/src/copyout.c -index 8b0beb6..26e3dda 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) - The format of the header depends on the compatibility (-c) flag. */ - - void --process_copy_out () -+process_copy_out (void) - { -- dynamic_string input_name; /* Name of file read from stdin. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file read from stdin. */ - struct stat file_stat; /* Stat record for file. */ - struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; - /* Output header information. */ -@@ -605,7 +606,6 @@ process_copy_out () - char *orig_file_name = NULL; - - /* Initialize the copy out. */ -- ds_init (&input_name, 128); - file_hdr.c_magic = 070707; - - /* Check whether the output file might be a tape. */ -@@ -657,14 +657,9 @@ process_copy_out () - { - if (file_hdr.c_mode & CP_IFDIR) - { -- int len = strlen (input_name.ds_string); - /* Make sure the name ends with a slash */ -- if (input_name.ds_string[len-1] != '/') -- { -- ds_resize (&input_name, len + 2); -- input_name.ds_string[len] = '/'; -- input_name.ds_string[len+1] = 0; -- } -+ if (!ds_endswith (&input_name, '/')) -+ ds_append (&input_name, '/'); - } - } - -@@ -875,6 +870,7 @@ process_copy_out () - (unsigned long) blocks), (unsigned long) blocks); - } - cpio_file_stat_free (&file_hdr); -+ ds_free (&input_name); - } - - -diff --git a/src/copypass.c b/src/copypass.c -index dc13b5b..62f31c6 100644 ---- a/src/copypass.c -+++ b/src/copypass.c -@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) - If `link_flag', link instead of copying. */ - - void --process_copy_pass () -+process_copy_pass (void) - { -- dynamic_string input_name; /* Name of file from stdin. */ -- dynamic_string output_name; /* Name of new file. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file from stdin. */ -+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of new file. */ - size_t dirname_len; /* Length of `directory_name'. */ - int res; /* Result of functions. */ - char *slash; /* For moving past slashes in input name. */ -@@ -65,25 +67,18 @@ process_copy_pass () - created files */ - - /* Initialize the copy pass. */ -- ds_init (&input_name, 128); - - dirname_len = strlen (directory_name); - if (change_directory_option && !ISSLASH (directory_name[0])) - { - char *pwd = xgetcwd (); -- -- dirname_len += strlen (pwd) + 1; -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, pwd); -- strcat (output_name.ds_string, "/"); -- strcat (output_name.ds_string, directory_name); -+ -+ ds_concat (&output_name, pwd); -+ ds_append (&output_name, '/'); - } -- else -- { -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, directory_name); -- } -- output_name.ds_string[dirname_len] = '/'; -+ ds_concat (&output_name, directory_name); -+ ds_append (&output_name, '/'); -+ dirname_len = ds_len (&output_name); - output_is_seekable = true; - - change_dir (); -@@ -116,8 +111,8 @@ process_copy_pass () - /* Make the name of the new file. */ - for (slash = input_name.ds_string; *slash == '/'; ++slash) - ; -- ds_resize (&output_name, dirname_len + strlen (slash) + 2); -- strcpy (output_name.ds_string + dirname_len + 1, slash); -+ ds_reset (&output_name, dirname_len); -+ ds_concat (&output_name, slash); - - existing_dir = false; - if (lstat (output_name.ds_string, &out_file_stat) == 0) -@@ -333,6 +328,9 @@ process_copy_pass () - (unsigned long) blocks), - (unsigned long) blocks); - } -+ -+ ds_free (&input_name); -+ ds_free (&output_name); - } - - /* Try and create a hard link from FILE_NAME to another file -diff --git a/src/dstring.c b/src/dstring.c -index e9c063f..358f356 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -20,8 +20,8 @@ - #if defined(HAVE_CONFIG_H) - # include <config.h> - #endif -- - #include <stdio.h> -+#include <stdlib.h> - #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) - #include <string.h> - #else -@@ -33,24 +33,41 @@ - /* Initialiaze dynamic string STRING with space for SIZE characters. */ - - void --ds_init (dynamic_string *string, int size) -+ds_init (dynamic_string *string) -+{ -+ memset (string, 0, sizeof *string); -+} -+ -+/* Free the dynamic string storage. */ -+ -+void -+ds_free (dynamic_string *string) - { -- string->ds_length = size; -- string->ds_string = (char *) xmalloc (size); -+ free (string->ds_string); - } - --/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ -+/* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string, int size) -+ds_resize (dynamic_string *string) - { -- if (size > string->ds_length) -+ if (string->ds_idx == string->ds_size) - { -- string->ds_length = size; -- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); -+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, -+ 1); - } - } - -+/* Reset the index of the dynamic string S to LEN. */ -+ -+void -+ds_reset (dynamic_string *s, size_t len) -+{ -+ while (len > s->ds_size) -+ ds_resize (s); -+ s->ds_idx = len; -+} -+ - /* Dynamic string S gets a string terminated by the EOS character - (which is removed) from file F. S will increase - in size during the function if the string from F is longer than -@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) - char * - ds_fgetstr (FILE *f, dynamic_string *s, char eos) - { -- int insize; /* Amount needed for line. */ -- int strsize; /* Amount allocated for S. */ - int next_ch; - - /* Initialize. */ -- insize = 0; -- strsize = s->ds_length; -+ s->ds_idx = 0; - - /* Read the input string. */ -- next_ch = getc (f); -- while (next_ch != eos && next_ch != EOF) -+ while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- if (insize >= strsize - 1) -- { -- ds_resize (s, strsize * 2 + 2); -- strsize = s->ds_length; -- } -- s->ds_string[insize++] = next_ch; -- next_ch = getc (f); -+ ds_resize (s); -+ s->ds_string[s->ds_idx++] = next_ch; - } -- s->ds_string[insize++] = '\0'; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = '\0'; - -- if (insize == 1 && next_ch == EOF) -+ if (s->ds_idx == 0 && next_ch == EOF) - return NULL; - else - return s->ds_string; - } - -+void -+ds_append (dynamic_string *s, int c) -+{ -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = c; -+ if (c) -+ { -+ s->ds_idx++; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = 0; -+ } -+} -+ -+void -+ds_concat (dynamic_string *s, char const *str) -+{ -+ size_t len = strlen (str); -+ while (len + 1 > s->ds_size) -+ ds_resize (s); -+ memcpy (s->ds_string + s->ds_idx, str, len); -+ s->ds_idx += len; -+ s->ds_string[s->ds_idx] = 0; -+} -+ - char * - ds_fgets (FILE *f, dynamic_string *s) - { -@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) - { - return ds_fgetstr (f, s, '\0'); - } -+ -+/* Return true if the dynamic string S ends with character C. */ -+int -+ds_endswith (dynamic_string *s, int c) -+{ -+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); -+} -diff --git a/src/dstring.h b/src/dstring.h -index b5135fe..f5b04ef 100644 ---- a/src/dstring.h -+++ b/src/dstring.h -@@ -17,10 +17,6 @@ - Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301 USA. */ - --#ifndef NULL --#define NULL 0 --#endif -- - /* A dynamic string consists of record that records the size of an - allocated string and the pointer to that string. The actual string - is a normal zero byte terminated string that can be used with the -@@ -30,22 +26,25 @@ - - typedef struct - { -- int ds_length; /* Actual amount of storage allocated. */ -- char *ds_string; /* String. */ -+ size_t ds_size; /* Actual amount of storage allocated. */ -+ size_t ds_idx; /* Index of the next free byte in the string. */ -+ char *ds_string; /* String storage. */ - } dynamic_string; - -+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } - --/* Macros that look similar to the original string functions. -- WARNING: These macros work only on pointers to dynamic string records. -- If used with a real record, an "&" must be used to get the pointer. */ --#define ds_strlen(s) strlen ((s)->ds_string) --#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) --#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) --#define ds_index(s, c) index ((s)->ds_string, c) --#define ds_rindex(s, c) rindex ((s)->ds_string, c) -+void ds_init (dynamic_string *string); -+void ds_free (dynamic_string *string); -+void ds_reset (dynamic_string *s, size_t len); - --void ds_init (dynamic_string *string, int size); --void ds_resize (dynamic_string *string, int size); -+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ - char *ds_fgetname (FILE *f, dynamic_string *s); - char *ds_fgets (FILE *f, dynamic_string *s); - char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); -+void ds_append (dynamic_string *s, int c); -+void ds_concat (dynamic_string *s, char const *str); -+ -+#define ds_len(s) ((s)->ds_idx) -+ -+int ds_endswith (dynamic_string *s, int c); -+ -diff --git a/src/util.c b/src/util.c -index 4421b20..6d6bbaa 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -846,11 +846,9 @@ get_next_reel (int tape_des) - FILE *tty_out; /* File for interacting with user. */ - int old_tape_des; - char *next_archive_name; -- dynamic_string new_name; -+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; - char *str_res; - -- ds_init (&new_name, 128); -- - /* Open files for interactive communication. */ - tty_in = fopen (TTY_NAME, "r"); - if (tty_in == NULL) -@@ -925,7 +923,7 @@ get_next_reel (int tape_des) - error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), - old_tape_des, tape_des); - -- free (new_name.ds_string); -+ ds_free (&new_name); - fclose (tty_in); - fclose (tty_out); - } --- -2.25.1 - - -From fb7a51bf85b8e6f045cacb4fb783db4a414741bf Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff <gray@gnu.org> -Date: Wed, 11 Aug 2021 18:10:38 +0300 -Subject: [PATCH 2/3] Fix previous commit - -* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a -loop. ---- - src/dstring.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index 358f356..90c691c 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -64,7 +64,7 @@ void - ds_reset (dynamic_string *s, size_t len) - { - while (len > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - s->ds_idx = len; - } - -@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); - while (len + 1 > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -2.25.1 - - -From 86b37d74b15f9bb5fe62fd1642cc126d3ace0189 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff <gray@gnu.org> -Date: Wed, 18 Aug 2021 09:41:39 +0300 -Subject: [PATCH 3/3] Fix dynamic string reallocations - -* src/dstring.c (ds_resize): Take additional argument: number of -bytes to leave available after ds_idx. All uses changed. ---- - src/dstring.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index 90c691c..0f597cc 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) - /* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string) -+ds_resize (dynamic_string *string, size_t len) - { -- if (string->ds_idx == string->ds_size) -+ while (len + string->ds_idx >= string->ds_size) - { - string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, - 1); -@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) - void - ds_reset (dynamic_string *s, size_t len) - { -- while (len > s->ds_size) -- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); -+ ds_resize (s, len); - s->ds_idx = len; - } - -@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) - /* Read the input string. */ - while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx++] = next_ch; - } -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = '\0'; - - if (s->ds_idx == 0 && next_ch == EOF) -@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) - void - ds_append (dynamic_string *s, int c) - { -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = c; - if (c) - { - s->ds_idx++; -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = 0; - } - } -@@ -115,8 +114,7 @@ void - ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); -- while (len + 1 > s->ds_size) -- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); -+ ds_resize (s, len); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -2.25.1 - diff --git a/meta/recipes-extended/cpio/cpio_2.13.bb b/meta/recipes-extended/cpio/cpio_2.14.bb index e72a114de9..c0b97ee166 100644 --- a/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/meta/recipes-extended/cpio/cpio_2.14.bb @@ -7,13 +7,10 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ - file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ - file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ - file://CVE-2021-38185.patch \ + file://0001-configure-Include-needed-header-for-major-minor-macr.patch \ " -SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" -SRC_URI[sha256sum] = "e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8f3db88" +SRC_URI[sha256sum] = "145a340fd9d55f0b84779a44a12d5f79d77c99663967f8cfa168d7905ca52454" inherit autotools gettext texinfo diff --git a/meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch b/meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch new file mode 100644 index 0000000000..360dd1ebd8 --- /dev/null +++ b/meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch @@ -0,0 +1,47 @@ +From 8179be21e664cedb2e9d238cc2f6d04965e97275 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Thu, 11 May 2023 10:18:44 +0300 +Subject: [PATCH] configure: Include needed header for major/minor macros + +This helps in avoiding the warning about implicit function declaration +which is elevated as error with newer compilers e.g. clang 16 + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=8179be21e664cedb2e9d238cc2f6d04965e97275] +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + configure.ac | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index de479e7..c601029 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -43,8 +43,22 @@ AC_TYPE_UID_T + AC_CHECK_TYPE(gid_t, int) + + AC_HEADER_DIRENT +-AX_COMPILE_CHECK_RETTYPE([major], [0]) +-AX_COMPILE_CHECK_RETTYPE([minor], [0]) ++AX_COMPILE_CHECK_RETTYPE([major], [0], [ ++#include <sys/types.h> ++#ifdef MAJOR_IN_MKDEV ++# include <sys/mkdev.h> ++#endif ++#ifdef MAJOR_IN_SYSMACROS ++# include <sys/sysmacros.h> ++#endif]) ++AX_COMPILE_CHECK_RETTYPE([minor], [0], [ ++#include <sys/types.h> ++#ifdef MAJOR_IN_MKDEV ++# include <sys/mkdev.h> ++#endif ++#ifdef MAJOR_IN_SYSMACROS ++# include <sys/sysmacros.h> ++#endif]) + + AC_CHECK_FUNCS([fchmod fchown]) + # This is needed for mingw build +-- +2.34.1 diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.7.bb b/meta/recipes-extended/cracklib/cracklib_2.9.8.bb index 629069e844..a3db6eb394 100644 --- a/meta/recipes-extended/cracklib/cracklib_2.9.7.bb +++ b/meta/recipes-extended/cracklib/cracklib_2.9.8.bb @@ -9,11 +9,12 @@ DEPENDS = "cracklib-native zlib" EXTRA_OECONF = "--without-python --libdir=${base_libdir}" -SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ +SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ - file://0002-craklib-fix-testnum-and-teststr-failed.patch" + file://0002-craklib-fix-testnum-and-teststr-failed.patch \ + " -SRCREV = "f83934cf3cced0c9600c7d81332f4169f122a2cf" +SRCREV = "d9e8f9f47718539aeba80f90f4e072549926dc9c" S = "${WORKDIR}/git/src" inherit autotools gettext diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 4592980766..047ab33898 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -15,6 +15,10 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ + file://CVE-2023-32324.patch \ + file://CVE-2023-34241.patch \ + file://CVE-2023-32360.patch \ + file://CVE-2023-4504.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" @@ -48,6 +52,7 @@ PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=no,gnutls" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" +PACKAGECONFIG[webif] = "--enable-webif,--disable-webif" EXTRA_OECONF = " \ --enable-dbus \ @@ -67,7 +72,7 @@ EXTRA_OECONF = " \ EXTRA_AUTORECONF += "--exclude=autoheader" do_install () { - oe_runmake "DESTDIR=${D}" install + oe_runmake "BUILDROOT=${D}" install # Remove /var/run from package as cupsd will populate it on startup rm -fr ${D}/${localstatedir}/run @@ -75,7 +80,7 @@ do_install () { rmdir ${D}/${libexecdir}/${BPN}/driver # Fix the pam configuration file permissions - if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + if ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then chmod 0644 ${D}${sysconfdir}/pam.d/cups fi @@ -93,7 +98,7 @@ do_install () { fi } -PACKAGES =+ "${PN}-lib ${PN}-libimage" +PACKAGES =+ "${PN}-lib ${PN}-libimage ${PN}-webif" RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}" FILES:${PN} += "${libexecdir}/cups/" @@ -102,13 +107,10 @@ FILES:${PN}-lib = "${libdir}/libcups.so.*" FILES:${PN}-libimage = "${libdir}/libcupsimage.so.*" -#package the html for the webgui inside the main packages (~1MB uncompressed) +# put the html for the web interface into its own PACKAGE +FILES:${PN}-webif += "${datadir}/doc/cups/ ${datadir}/icons/" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'webif', '${PN}-webif', '', d)}" -FILES:${PN} += "${datadir}/doc/cups/images \ - ${datadir}/doc/cups/*html \ - ${datadir}/doc/cups/*.css \ - ${datadir}/icons/ \ - " CONFFILES:${PN} += "${sysconfdir}/cups/cupsd.conf" MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/cups-config" diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch new file mode 100644 index 0000000000..40b89c9899 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch @@ -0,0 +1,36 @@ +From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Thu, 1 Jun 2023 12:04:00 +0200 +Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324) + +CVE: CVE-2023-32324 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589] + +(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e) +Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> +--- + cups/string.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/cups/string.c b/cups/string.c +index 93cdad19..6ef58515 100644 +--- a/cups/string.c ++++ b/cups/string.c +@@ -1,6 +1,7 @@ + /* + * String functions for CUPS. + * ++ * Copyright © 2023 by OpenPrinting. + * Copyright © 2007-2019 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products. + * +@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ + size_t srclen; /* Length of source string */ + + ++ if (size == 0) ++ return (0); ++ + /* + * Figure out how much room is needed... + */ diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch new file mode 100644 index 0000000000..c3db722f1f --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch @@ -0,0 +1,35 @@ +From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <michael.r.sweet@gmail.com> +Date: Thu, 14 Sep 2023 09:16:45 +0000 +Subject: [PATCH] Require authentication for CUPS-Get-Document. + +CVE: CVE-2023-32360 + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + conf/cupsd.conf.in | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in +index b258849..08f5070 100644 +--- a/conf/cupsd.conf.in ++++ b/conf/cupsd.conf.in +@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@ + Order deny,allow + </Limit> + +- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> ++ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job> ++ Require user @OWNER @SYSTEM ++ Order deny,allow ++ </Limit> ++ ++ <Limit CUPS-Get-Document> ++ AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> +-- +2.35.5 diff --git a/meta/recipes-extended/cups/cups/CVE-2023-34241.patch b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch new file mode 100644 index 0000000000..95b3925b36 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-34241.patch @@ -0,0 +1,68 @@ +From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 +From: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Thu, 1 Jun 2023 11:33:39 -0400 +Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection + +httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. + +We have to log the hostname first. + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2] +CVE: CVE-2023-34241 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + scheduler/client.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/scheduler/client.c b/scheduler/client.c +index e7e419f..441c1d7 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + /* + * Can't have an unresolved IP address with double-lookups enabled... + */ +- +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "Name lookup failed - connection from %s closed!", ++ "Name lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); + ++ httpClose(con->http); + free(con); + return; + } +@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + * with double-lookups enabled... + */ + +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "IP lookup failed - connection from %s closed!", ++ "IP lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + + if (!hosts_access(&wrap_req)) + { +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, + "Connection from %s refused by /etc/hosts.allow and " + "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +-- +2.25.1 + diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch new file mode 100644 index 0000000000..e52e43a209 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch @@ -0,0 +1,42 @@ +CVE: CVE-2023-4504 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Wed, 20 Sep 2023 14:45:17 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c +index 6fcf731b5..b8655c8c6 100644 +--- a/cups/raster-interpret.c ++++ b/cups/raster-interpret.c +@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; diff --git a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch index aac1c43465..32793233f9 100644 --- a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch +++ b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch @@ -1,4 +1,4 @@ -From bd7fb8be2ae2d75347cf7733302d5093046ffa85 Mon Sep 17 00:00:00 2001 +From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001 From: Peiran Hong <peiran.hong@windriver.com> Date: Thu, 5 Sep 2019 15:42:22 -0400 Subject: [PATCH] Skip strip-trailing-cr test case @@ -10,26 +10,20 @@ package. Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Peiran Hong <peiran.hong@windriver.com> + --- - tests/Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) + tests/Makefile.am | 1 - + 1 file changed, 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am -index 83a7c9d..04d51b5 100644 +index 79bacfb..4adb4d7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -21,8 +21,10 @@ TESTS = \ +@@ -22,7 +22,6 @@ TESTS = \ stdin \ strcoll-0-names \ filename-quoting \ - strip-trailing-cr \ - colors -+# Skipping this test since it requires valgrind -+# and thus is too heavy for diffutils package -+# strip-trailing-cr - - XFAIL_TESTS = large-subopt - --- -2.21.0 - + timezone \ + colors \ + y2038-vs-32bit diff --git a/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch b/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch deleted file mode 100644 index 4928e1eaff..0000000000 --- a/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From f385ad6639380eb6dfa8b8eb4a5ba65dd12db744 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 25 Mar 2022 13:43:19 -0700 -Subject: [PATCH] mcontext is not a standard layout so glibc and musl differ - -This is already applied to libsigsegv upstream, hopefully next version -of grep will update its internal copy and we can drop this patch - -Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=libsigsegv.git;a=commitdiff;h=a6ff69873110c0a8ba6f7fd90532dbc11224828c] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/sigsegv.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/sigsegv.c b/lib/sigsegv.c -index 998c827..b6f4841 100644 ---- a/lib/sigsegv.c -+++ b/lib/sigsegv.c -@@ -219,8 +219,8 @@ int libsigsegv_version = LIBSIGSEGV_VERSION; - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gp_regs[1] - # else /* 32-bit */ - /* both should be equivalent */ --# if 0 --# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1] -+# if ! defined __GLIBC__ -+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_regs->gregs[1] - # else - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1] - # endif --- -2.35.1 - diff --git a/meta/recipes-extended/diffutils/diffutils_3.8.bb b/meta/recipes-extended/diffutils/diffutils_3.10.bb index 8889c83ee2..08e8305612 100644 --- a/meta/recipes-extended/diffutils/diffutils_3.8.bb +++ b/meta/recipes-extended/diffutils/diffutils_3.10.bb @@ -6,10 +6,9 @@ require diffutils.inc SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \ file://run-ptest \ file://0001-Skip-strip-trailing-cr-test-case.patch \ - file://0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch \ " -SRC_URI[sha256sum] = "a6bdd7d1b31266d11c4f4de6c1b748d4607ab0231af5188fc2533d0ae2438fec" +SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e" EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix" diff --git a/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch new file mode 100644 index 0000000000..bc157d6afb --- /dev/null +++ b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch @@ -0,0 +1,28 @@ +From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001 +From: "Arnold D. Robbins" <arnold@skeeve.com> +Date: Wed, 3 Aug 2022 13:00:54 +0300 +Subject: [PATCH] Smal bug fix in builtin.c. + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches/CVE-2023-4156.patch?h=ubuntu/jammy-security +Upstream commit https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212] +CVE: CVE-2023-4156 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + ChangeLog | 6 ++++++ + builtin.c | 5 ++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +--- gawk-5.1.0.orig/builtin.c ++++ gawk-5.1.0/builtin.c +@@ -957,7 +957,10 @@ check_pos: + s1++; + n0--; + } +- if (val >= num_args) { ++ // val could be less than zero if someone provides a field width ++ // so large that it causes integer overflow. Mainly fuzzers do this, ++ // but let's try to be good anyway. ++ if (val < 0 || val >= num_args) { + toofew = true; + break; + } diff --git a/meta/recipes-extended/gawk/gawk_5.1.1.bb b/meta/recipes-extended/gawk/gawk_5.1.1.bb index fe339805d0..0b0d0897bc 100644 --- a/meta/recipes-extended/gawk/gawk_5.1.1.bb +++ b/meta/recipes-extended/gawk/gawk_5.1.1.bb @@ -18,6 +18,7 @@ PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr" SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ file://remove-sensitive-tests.patch \ file://run-ptest \ + file://CVE-2023-4156.patch \ " SRC_URI[sha256sum] = "6168d8d1dc8f74bd17d9dc22fa9634c49070f232343b744901da15fb4f06bffd" diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch new file mode 100644 index 0000000000..99fcc61b9b --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch @@ -0,0 +1,146 @@ +From ed607fedbcd41f4a0e71df6af4ba5b07dd630209 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 7 Jun 2023 10:23:06 +0100 +Subject: [PATCH 1/2] Bug 706761: Don't "reduce" %pipe% file names for + permission validation + +For regular file names, we try to simplfy relative paths before we use them. + +Because the %pipe% device can, effectively, accept command line calls, we +shouldn't be simplifying that string, because the command line syntax can end +up confusing the path simplifying code. That can result in permitting a pipe +command which does not match what was originally permitted. + +Special case "%pipe" in the validation code so we always deal with the entire +string. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea] +CVE: CVE-2023-36664 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + base/gpmisc.c | 31 +++++++++++++++++++-------- + base/gslibctx.c | 56 ++++++++++++++++++++++++++++++++++++------------- + 2 files changed, 64 insertions(+), 23 deletions(-) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index 8b6458a..c61ab3f 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -1076,16 +1076,29 @@ gp_validate_path_len(const gs_memory_t *mem, + && !memcmp(path + cdirstrl, dirsepstr, dirsepstrl)) { + prefix_len = 0; + } +- rlen = len+1; +- bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); +- if (bufferfull == NULL) +- return gs_error_VMerror; +- +- buffer = bufferfull + prefix_len; +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; + ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (len > 5 && memcmp(path, "%pipe", 5) != 0) { ++ bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len+1; ++ bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); ++ if (bufferfull == NULL) ++ return gs_error_VMerror; ++ ++ buffer = bufferfull + prefix_len; ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + while (1) { + switch (mode[0]) + { +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 5bf497b..5fdfe25 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -734,14 +734,28 @@ gs_add_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, co + return gs_error_rangecheck; + } + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (len > 5 && memcmp(path, "%pipe", 5) != 0) { ++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len + 1; + +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_add_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + + n = control->num; + for (i = 0; i < n; i++) +@@ -827,14 +841,28 @@ gs_remove_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, + return gs_error_rangecheck; + } + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (len > 5 && memcmp(path, "%pipe", 5) != 0) { ++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len+1; + +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_remove_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + + n = control->num; + for (i = 0; i < n; i++) { +-- +2.40.1 diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch new file mode 100644 index 0000000000..7d78e6b1b1 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch @@ -0,0 +1,60 @@ +From f96350aeb7f8c2e3f7129866c694a24f241db18c Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 14 Jun 2023 09:08:12 +0100 +Subject: [PATCH 2/2] Bug 706778: 706761 revisit + +Two problems with the original commit. The first a silly typo inverting the +logic of a test. + +The second was forgetting that we actually actually validate two candidate +strings for pipe devices. One with the expected "%pipe%" prefix, the other +using the pipe character prefix: "|". + +This addresses both those. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099] +CVE: CVE-2023-36664 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + base/gpmisc.c | 2 +- + base/gslibctx.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index c61ab3f..e459f6a 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -1080,7 +1080,7 @@ gp_validate_path_len(const gs_memory_t *mem, + /* "%pipe%" do not follow the normal rules for path definitions, so we + don't "reduce" them to avoid unexpected results + */ +- if (len > 5 && memcmp(path, "%pipe", 5) != 0) { ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { + bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path"); + if (buffer == NULL) + return gs_error_VMerror; +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 5fdfe25..2a1addf 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -737,7 +737,7 @@ gs_add_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, co + /* "%pipe%" do not follow the normal rules for path definitions, so we + don't "reduce" them to avoid unexpected results + */ +- if (len > 5 && memcmp(path, "%pipe", 5) != 0) { ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { + buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len"); + if (buffer == NULL) + return gs_error_VMerror; +@@ -844,7 +844,7 @@ gs_remove_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, + /* "%pipe%" do not follow the normal rules for path definitions, so we + don't "reduce" them to avoid unexpected results + */ +- if (len > 5 && memcmp(path, "%pipe", 5) != 0) { ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { + buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len"); + if (buffer == NULL) + return gs_error_VMerror; +-- +2.40.1 diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch new file mode 100644 index 0000000000..2b2b85fa27 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch @@ -0,0 +1,32 @@ +From 34b0eec257c3a597e0515946f17fb973a33a7b5b Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Mon, 17 Jul 2023 14:06:37 +0100 +Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from + devices/gdevpcx.c + +Bounds check the buffer, before dereferencing the pointer. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f] + +CVE: CVE-2023-38559 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + base/gdevdevn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gdevdevn.c b/base/gdevdevn.c +index f679127..66c771b 100644 +--- a/base/gdevdevn.c ++++ b/base/gdevdevn.c +@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file + byte data = *from; + + from += step; +- if (data != *from || from == end) { ++ if (from >= end || data != *from) { + if (data >= 0xc0) + gp_fputc(0xc1, file); + } else { +-- +2.40.0 diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch new file mode 100644 index 0000000000..979f354ed5 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch @@ -0,0 +1,62 @@ +From 8b0f20002536867bd73ff4552408a72597190cbe Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Thu, 24 Aug 2023 15:24:35 +0100 +Subject: [PATCH] IJS device - try and secure the IJS server startup + +Bug #707051 ""ijs" device can execute arbitrary commands" + +The problem is that the 'IJS' device needs to start the IJS server, and +that is indeed an arbitrary command line. There is (apparently) no way +to validate it. Indeed, this is covered quite clearly in the comments +at the start of the source: + + * WARNING: The ijs server can be selected on the gs command line + * which is a security risk, since any program can be run. + +Previously this used the awful LockSafetyParams hackery, which we +abandoned some time ago because it simply couldn't be made secure (it +was implemented in PostScript and was therefore vulnerable to PostScript +programs). + +This commit prevents PostScript programs switching to the IJS device +after SAFER has been activated, and prevents changes to the IjsServer +parameter after SAFER has been activated. + +SAFER is activated, unless explicitly disabled, before any user +PostScript is executed which means that the device and the server +invocation can only be configured on the command line. This does at +least provide minimal security against malicious PostScript programs. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe] + +CVE: CVE-2023-43115 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + devices/gdevijs.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/devices/gdevijs.c b/devices/gdevijs.c +index 8cbd84b97..16f5a1752 100644 +--- a/devices/gdevijs.c ++++ b/devices/gdevijs.c +@@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev) + static const char rgb[] = "DeviceRGB"; + gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + ++ if (ijsdev->memory->gs_lib_ctx->core->path_control_active) ++ return_error(gs_error_invalidaccess); + if (!ijsdev->ColorSpace) { + ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1, + "gsijs_initialize"); +@@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_param_list *plist) + if (code >= 0) + code = gsijs_read_string(plist, "IjsServer", + ijsdev->IjsServer, sizeof(ijsdev->IjsServer), +- dev->LockSafetyParams, is_open); ++ ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); + + if (code >= 0) + code = gsijs_read_string_malloc(plist, "DeviceManufacturer", +-- +2.40.0 diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch new file mode 100644 index 0000000000..6fe5590892 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch @@ -0,0 +1,41 @@ +From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Mon, 16 Oct 2023 16:49:40 +0100 +Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output + files + +In the device initialization redesign, tiffsep and tiffsep1 lost the requirement +for the output files to be seekable. + +Fixing that highlighted a problem with the error handling in +gdev_prn_open_printer_seekable() where closing the erroring file would leave a +dangling pointer, and lead to a crash. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a] +CVE: CVE-2023-46751 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + base/gdevprn.c | 1 + + devices/gdevtsep.c | 1 + + 2 files changed, 2 insertions(+) + +--- a/base/gdevprn.c ++++ b/base/gdevprn.c +@@ -1251,6 +1251,7 @@ gdev_prn_open_printer_seekable(gx_device + && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) { + + code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file); ++ ppdev->file = NULL; + if (code < 0) + return code; + } +--- a/devices/gdevtsep.c ++++ b/devices/gdevtsep.c +@@ -738,6 +738,7 @@ tiffsep_initialize_device_procs(gx_devic + { + gdev_prn_initialize_device_procs(dev); + ++ set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); + set_dev_proc(dev, open_device, tiffsep_prn_open); + set_dev_proc(dev, close_device, tiffsep_prn_close); + set_dev_proc(dev, map_color_rgb, tiffsep_decode_color); diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch new file mode 100644 index 0000000000..9b057d609a --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch @@ -0,0 +1,60 @@ +From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Fri, 24 Mar 2023 13:19:57 +0000 +Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding + +Bug #706494 "Buffer Overflow in s_xBCPE_process" + +As described in detail in the bug report, if the write buffer is filled +to one byte less than full, and we then try to write an escaped +character, we overrun the buffer because we don't check before +writing two bytes to it. + +This just checks if we have two bytes before starting to write an +escaped character and exits if we don't (replacing the consumed byte +of the input). + +Up for further discussion; why do we even permit a BCP encoding filter +anyway ? I think we should remove this, at least when SAFER is true. +--- +CVE: CVE-2023-28879 + +Upstream-Status: Backport [see text] + +git://git.ghostscript.com/ghostpdl +cherry-pick + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- + base/sbcp.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/base/sbcp.c b/base/sbcp.c +index 979ae0992..47fc233ec 100644 +--- a/base/sbcp.c ++++ b/base/sbcp.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2001-2021 Artifex Software, Inc. ++/* Copyright (C) 2001-2023 Artifex Software, Inc. + All Rights Reserved. + + This software is provided AS-IS with no warranty, either express or +@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, + byte ch = *++p; + + if (ch <= 31 && escaped[ch]) { ++ /* Make sure we have space to store two characters in the write buffer, ++ * if we don't then exit without consuming the input character, we'll process ++ * that on the next time round. ++ */ ++ if (pw->limit - q < 2) { ++ p--; ++ break; ++ } + if (p == rlimit) { + p--; + break; +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 365420fb64..e99c740685 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -10,7 +10,7 @@ dot-matrix, inkjet and laser models. \ HOMEPAGE = "http://www.ghostscript.com" SECTION = "console/utils" -LICENSE = "GPL-3.0-only" +LICENSE = "AGPL-3.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=f98ffa763e50cded76f49bce73aade16" DEPENDS = "ghostscript-native tiff jpeg fontconfig cups libpng" @@ -23,6 +23,9 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" # however we use an external jpeg which doesn't have the issue. CVE_CHECK_IGNORE += "CVE-2013-6629" +# Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe. +CVE_CHECK_IGNORE += "CVE-2023-38560" + def gs_verdir(v): return "".join(v.split(".")) @@ -34,6 +37,12 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://avoid-host-contamination.patch \ file://mkdir-p.patch \ file://CVE-2022-2085.patch \ + file://cve-2023-28879.patch \ + file://CVE-2023-36664-0001.patch \ + file://CVE-2023-36664-0002.patch \ + file://CVE-2023-38559.patch \ + file://CVE-2023-43115.patch \ + file://CVE-2023-46751.patch \ " SRC_URI = "${SRC_URI_BASE} \ diff --git a/meta/recipes-extended/gperf/gperf/1862c6e57a308a05889c80c048dbc58bdc378dcb.patch b/meta/recipes-extended/gperf/gperf/1862c6e57a308a05889c80c048dbc58bdc378dcb.patch new file mode 100644 index 0000000000..98959db0a8 --- /dev/null +++ b/meta/recipes-extended/gperf/gperf/1862c6e57a308a05889c80c048dbc58bdc378dcb.patch @@ -0,0 +1,181 @@ +From 1862c6e57a308a05889c80c048dbc58bdc378dcb Mon Sep 17 00:00:00 2001 +From: Bruno Haible <bruno@clisp.org> +Date: Tue, 5 Jul 2022 07:51:46 +0200 +Subject: [PATCH] Add support for reproducible builds. + +Suggested by Richard Purdie <richard.purdie@linuxfoundation.org> in +<https://lists.gnu.org/archive/html/bug-gperf/2022-07/msg00000.html>. + +* autogen.sh: Import also lib/filename.h. +* Makefile.in (IMPORTED_FILES): Add lib/filename.h. +* src/options.cc: Include filename.h. +(Options::print_options): Print only the base name of the program name. +* tests/*.exp: Update. + +Upstream-Status: Backport + +Index: gperf-3.1/ChangeLog +=================================================================== +--- gperf-3.1.orig/ChangeLog ++++ gperf-3.1/ChangeLog +@@ -1,3 +1,14 @@ ++2022-07-05 Bruno Haible <bruno@clisp.org> ++ ++ Add support for reproducible builds. ++ Suggested by Richard Purdie <richard.purdie@linuxfoundation.org> in ++ <https://lists.gnu.org/archive/html/bug-gperf/2022-07/msg00000.html>. ++ * autogen.sh: Import also lib/filename.h. ++ * Makefile.in (IMPORTED_FILES): Add lib/filename.h. ++ * src/options.cc: Include filename.h. ++ (Options::print_options): Print only the base name of the program name. ++ * tests/*.exp: Update. ++ + 2017-01-02 Marcel Schaible <marcel.schaible@studium.fernuni-hagen.de> + + * gperf-3.1 released. +Index: gperf-3.1/src/options.cc +=================================================================== +--- gperf-3.1.orig/src/options.cc ++++ gperf-3.1/src/options.cc +@@ -26,6 +26,7 @@ + #include <string.h> /* declares strcmp() */ + #include <ctype.h> /* declares isdigit() */ + #include <limits.h> /* defines CHAR_MAX */ ++#include "filename.h" + #include "getopt.h" + #include "version.h" + +@@ -280,6 +281,16 @@ Options::print_options () const + { + const char *arg = _argument_vector[i]; + ++ if (i == 0) ++ { ++ /* _argument_vector[0] is the program name. Print only its base name. ++ This is useful for reproducible builds. */ ++ const char *p = arg + strlen (arg); ++ while (p > arg && ! ISSLASH (p[-1])) ++ p--; ++ arg = p; ++ } ++ + /* Escape arg if it contains shell metacharacters. */ + if (*arg == '-') + { +Index: gperf-3.1/lib/filename.h +=================================================================== +--- /dev/null ++++ gperf-3.1/lib/filename.h +@@ -0,0 +1,112 @@ ++/* Basic filename support macros. ++ Copyright (C) 2001-2022 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++/* From Paul Eggert and Jim Meyering. */ ++ ++#ifndef _FILENAME_H ++#define _FILENAME_H ++ ++#include <string.h> ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++ ++/* Filename support. ++ ISSLASH(C) tests whether C is a directory separator ++ character. ++ HAS_DEVICE(Filename) tests whether Filename contains a device ++ specification. ++ FILE_SYSTEM_PREFIX_LEN(Filename) length of the device specification ++ at the beginning of Filename, ++ index of the part consisting of ++ alternating components and slashes. ++ FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE ++ 1 when a non-empty device specification ++ can be followed by an empty or relative ++ part, ++ 0 when a non-empty device specification ++ must be followed by a slash, ++ 0 when device specification don't exist. ++ IS_ABSOLUTE_FILE_NAME(Filename) ++ tests whether Filename is independent of ++ any notion of "current directory". ++ IS_RELATIVE_FILE_NAME(Filename) ++ tests whether Filename may be concatenated ++ to a directory filename. ++ Note: On native Windows, OS/2, DOS, "c:" is neither an absolute nor a ++ relative file name! ++ IS_FILE_NAME_WITH_DIR(Filename) tests whether Filename contains a device ++ or directory specification. ++ */ ++#if defined _WIN32 || defined __CYGWIN__ \ ++ || defined __EMX__ || defined __MSDOS__ || defined __DJGPP__ ++ /* Native Windows, Cygwin, OS/2, DOS */ ++# define ISSLASH(C) ((C) == '/' || (C) == '\\') ++ /* Internal macro: Tests whether a character is a drive letter. */ ++# define _IS_DRIVE_LETTER(C) \ ++ (((C) >= 'A' && (C) <= 'Z') || ((C) >= 'a' && (C) <= 'z')) ++ /* Help the compiler optimizing it. This assumes ASCII. */ ++# undef _IS_DRIVE_LETTER ++# define _IS_DRIVE_LETTER(C) \ ++ (((unsigned int) (C) | ('a' - 'A')) - 'a' <= 'z' - 'a') ++# define HAS_DEVICE(Filename) \ ++ (_IS_DRIVE_LETTER ((Filename)[0]) && (Filename)[1] == ':') ++# define FILE_SYSTEM_PREFIX_LEN(Filename) (HAS_DEVICE (Filename) ? 2 : 0) ++# ifdef __CYGWIN__ ++# define FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE 0 ++# else ++ /* On native Windows, OS/2, DOS, the system has the notion of a ++ "current directory" on each drive. */ ++# define FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE 1 ++# endif ++# if FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE ++# define IS_ABSOLUTE_FILE_NAME(Filename) \ ++ ISSLASH ((Filename)[FILE_SYSTEM_PREFIX_LEN (Filename)]) ++# else ++# define IS_ABSOLUTE_FILE_NAME(Filename) \ ++ (ISSLASH ((Filename)[0]) || HAS_DEVICE (Filename)) ++# endif ++# define IS_RELATIVE_FILE_NAME(Filename) \ ++ (! (ISSLASH ((Filename)[0]) || HAS_DEVICE (Filename))) ++# define IS_FILE_NAME_WITH_DIR(Filename) \ ++ (strchr ((Filename), '/') != NULL || strchr ((Filename), '\\') != NULL \ ++ || HAS_DEVICE (Filename)) ++#else ++ /* Unix */ ++# define ISSLASH(C) ((C) == '/') ++# define HAS_DEVICE(Filename) ((void) (Filename), 0) ++# define FILE_SYSTEM_PREFIX_LEN(Filename) ((void) (Filename), 0) ++# define FILE_SYSTEM_DRIVE_PREFIX_CAN_BE_RELATIVE 0 ++# define IS_ABSOLUTE_FILE_NAME(Filename) ISSLASH ((Filename)[0]) ++# define IS_RELATIVE_FILE_NAME(Filename) (! ISSLASH ((Filename)[0])) ++# define IS_FILE_NAME_WITH_DIR(Filename) (strchr ((Filename), '/') != NULL) ++#endif ++ ++/* Deprecated macros. For backward compatibility with old users of the ++ 'filename' module. */ ++#define IS_ABSOLUTE_PATH IS_ABSOLUTE_FILE_NAME ++#define IS_PATH_WITH_DIR IS_FILE_NAME_WITH_DIR ++ ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* _FILENAME_H */ diff --git a/meta/recipes-extended/gperf/gperf_3.1.bb b/meta/recipes-extended/gperf/gperf_3.1.bb index 82750fca05..c9f09c7931 100644 --- a/meta/recipes-extended/gperf/gperf_3.1.bb +++ b/meta/recipes-extended/gperf/gperf_3.1.bb @@ -9,6 +9,8 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz" SRC_URI[md5sum] = "9e251c0a618ad0824b51117d5d9db87e" SRC_URI[sha256sum] = "588546b945bba4b70b6a3a616e80b4ab466e3f33024a352fc2198112cdbb3ae2" +SRC_URI += "file://1862c6e57a308a05889c80c048dbc58bdc378dcb.patch" + inherit autotools # The nested configures don't find the parent aclocal.m4 out of the box, so tell diff --git a/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch b/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch index 9105da6457..c3cfc7cea8 100644 --- a/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch +++ b/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch @@ -3,7 +3,7 @@ From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Sat, 7 Mar 2020 00:59:13 +0000 Subject: [PATCH] Make manpages mulitlib identical -Upstream-Status: Pending +Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com] Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> --- Makefile.am | 2 +- diff --git a/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch b/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch index eda6a40f51..b028fa20aa 100644 --- a/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch +++ b/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch @@ -15,7 +15,7 @@ doesn't work: So replace "perl -w" with "use warnings" to make it work. -Upstream-Status: Pending +Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> diff --git a/meta/recipes-extended/less/less/CVE-2022-46663.patch b/meta/recipes-extended/less/less/CVE-2022-46663.patch new file mode 100644 index 0000000000..4d61a52fa6 --- /dev/null +++ b/meta/recipes-extended/less/less/CVE-2022-46663.patch @@ -0,0 +1,31 @@ +From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Fri, 7 Oct 2022 19:25:46 -0700 +Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence. + + +CVE: CVE-2022-46663 +Upstream-Status: Backport [https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c] +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + line.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/line.c b/line.c +index 0ef9b07..9d49cf8 100644 +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } +-- +2.25.1 + diff --git a/meta/recipes-extended/less/less/CVE-2022-48624.patch b/meta/recipes-extended/less/less/CVE-2022-48624.patch new file mode 100644 index 0000000000..409730bd4f --- /dev/null +++ b/meta/recipes-extended/less/less/CVE-2022-48624.patch @@ -0,0 +1,41 @@ +From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Sat, 25 Jun 2022 11:54:43 -0700 +Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE. + +Upstream-Status: Backport [https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144] +CVE: CVE-2022-48624 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + filename.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/filename.c b/filename.c +index 5824e385..dff20c08 100644 +--- a/filename.c ++++ b/filename.c +@@ -972,6 +972,8 @@ close_altfile(altfilename, filename) + { + #if HAVE_POPEN + char *lessclose; ++ char *qfilename; ++ char *qaltfilename; + FILE *fd; + char *cmd; + int len; +@@ -986,9 +988,13 @@ close_altfile(altfilename, filename) + error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG); + return; + } +- len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2); ++ qfilename = shell_quote(filename); ++ qaltfilename = shell_quote(altfilename); ++ len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2); + cmd = (char *) ecalloc(len, sizeof(char)); +- SNPRINTF2(cmd, len, lessclose, filename, altfilename); ++ SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename); ++ free(qaltfilename); ++ free(qfilename); + fd = shellcmd(cmd); + free(cmd); + if (fd != NULL) diff --git a/meta/recipes-extended/less/less_600.bb b/meta/recipes-extended/less/less_600.bb index 9ebe39daab..f88127a9e3 100644 --- a/meta/recipes-extended/less/less_600.bb +++ b/meta/recipes-extended/less/less_600.bb @@ -26,6 +26,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ DEPENDS = "ncurses" SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ + file://CVE-2022-46663.patch \ + file://CVE-2022-48624.patch \ " SRC_URI[sha256sum] = "6633d6aa2b3cc717afb2c205778c7c42c4620f63b1d682f3d12c98af0be74d20" diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index c795b41628..0219ffa720 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -7,11 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665" DEPENDS = "e2fsprogs-native" -PACKAGECONFIG ?= "zlib bz2 xz lzo zstd" - -PACKAGECONFIG:append:class-target = "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \ -" +PACKAGECONFIG ?= "zlib bz2 xz lzo zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}" DEPENDS_BZIP2 = "bzip2-replacement-native" DEPENDS_BZIP2:class-target = "bzip2" @@ -30,12 +26,15 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls," PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd," -EXTRA_OECONF += "--enable-largefile" +EXTRA_OECONF += "--enable-largefile --without-iconv" SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" UPSTREAM_CHECK_URI = "http://libarchive.org/" -SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2" +SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3" + +# upstream-wontfix: upstream has documented that reported function is not thread-safe +CVE_CHECK_IGNORE += "CVE-2023-30571" inherit autotools update-alternatives pkgconfig diff --git a/meta/recipes-extended/libnss-nis/libnss-nis.bb b/meta/recipes-extended/libnss-nis/libnss-nis.bb index d0afb3ca0a..f0e687c330 100644 --- a/meta/recipes-extended/libnss-nis/libnss-nis.bb +++ b/meta/recipes-extended/libnss-nis/libnss-nis.bb @@ -13,9 +13,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" DEPENDS += "libtirpc libnsl2" -PV = "3.1+git${SRCPV}" +PV = "3.2" -SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad" +SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59" SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \ " diff --git a/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch new file mode 100644 index 0000000000..3d5e5b8db9 --- /dev/null +++ b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch @@ -0,0 +1,155 @@ +From 3ee23a0a5a8c2261e788acbee67722fcbecbea28 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Wed, 27 Jul 2022 17:34:21 +0530 +Subject: [PATCH] CVE-2021-46828 + +Upstream-Status: Backport [http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed} +CVE: CVE-2021-46828 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/svc.c | 17 +++++++++++++- + src/svc_vc.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 77 insertions(+), 2 deletions(-) + +diff --git a/src/svc.c b/src/svc.c +index 6db164b..3a8709f 100644 +--- a/src/svc.c ++++ b/src/svc.c +@@ -57,7 +57,7 @@ + + #define max(a, b) (a > b ? a : b) + +-static SVCXPRT **__svc_xports; ++SVCXPRT **__svc_xports; + int __svc_maxrec; + + /* +@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock) + rwlock_unlock (&svc_fd_lock); + } + ++int ++svc_open_fds() ++{ ++ int ix; ++ int nfds = 0; ++ ++ rwlock_rdlock (&svc_fd_lock); ++ for (ix = 0; ix < svc_max_pollfd; ++ix) { ++ if (svc_pollfd[ix].fd != -1) ++ nfds++; ++ } ++ rwlock_unlock (&svc_fd_lock); ++ return (nfds); ++} ++ + /* + * Add a service program to the callout list. + * The dispatch routine will be called when a rpc request for this +diff --git a/src/svc_vc.c b/src/svc_vc.c +index f1d9f00..3dc8a75 100644 +--- a/src/svc_vc.c ++++ b/src/svc_vc.c +@@ -64,6 +64,8 @@ + + + extern rwlock_t svc_fd_lock; ++extern SVCXPRT **__svc_xports; ++extern int svc_open_fds(); + + static SVCXPRT *makefd_xprt(int, u_int, u_int); + static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *); +@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *); + static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in); + static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq, + void *in); ++static int __svc_destroy_idle(int timeout); + + struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */ + u_int sendsize; +@@ -313,13 +316,14 @@ done: + return (xprt); + } + ++ + /*ARGSUSED*/ + static bool_t + rendezvous_request(xprt, msg) + SVCXPRT *xprt; + struct rpc_msg *msg; + { +- int sock, flags; ++ int sock, flags, nfds, cnt; + struct cf_rendezvous *r; + struct cf_conn *cd; + struct sockaddr_storage addr; +@@ -379,6 +383,16 @@ again: + + gettimeofday(&cd->last_recv_time, NULL); + ++ nfds = svc_open_fds(); ++ if (nfds >= (_rpc_dtablesize() / 5) * 4) { ++ /* destroy idle connections */ ++ cnt = __svc_destroy_idle(15); ++ if (cnt == 0) { ++ /* destroy least active */ ++ __svc_destroy_idle(0); ++ } ++ } ++ + return (FALSE); /* there is never an rpc msg to be processed */ + } + +@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock) + { + return FALSE; + } ++ ++static int ++__svc_destroy_idle(int timeout) ++{ ++ int i, ncleaned = 0; ++ SVCXPRT *xprt, *least_active; ++ struct timeval tv, tdiff, tmax; ++ struct cf_conn *cd; ++ ++ gettimeofday(&tv, NULL); ++ tmax.tv_sec = tmax.tv_usec = 0; ++ least_active = NULL; ++ rwlock_wrlock(&svc_fd_lock); ++ ++ for (i = 0; i <= svc_max_pollfd; i++) { ++ if (svc_pollfd[i].fd == -1) ++ continue; ++ xprt = __svc_xports[i]; ++ if (xprt == NULL || xprt->xp_ops == NULL || ++ xprt->xp_ops->xp_recv != svc_vc_recv) ++ continue; ++ cd = (struct cf_conn *)xprt->xp_p1; ++ if (!cd->nonblock) ++ continue; ++ if (timeout == 0) { ++ timersub(&tv, &cd->last_recv_time, &tdiff); ++ if (timercmp(&tdiff, &tmax, >)) { ++ tmax = tdiff; ++ least_active = xprt; ++ } ++ continue; ++ } ++ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) { ++ __xprt_unregister_unlocked(xprt); ++ __svc_vc_dodestroy(xprt); ++ ncleaned++; ++ } ++ } ++ if (timeout == 0 && least_active != NULL) { ++ __xprt_unregister_unlocked(least_active); ++ __svc_vc_dodestroy(least_active); ++ ncleaned++; ++ } ++ rwlock_unlock(&svc_fd_lock); ++ return (ncleaned); ++} +-- +2.25.1 + diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb index 45b3d2befc..6980135a92 100644 --- a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb +++ b/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \ PROVIDES = "virtual/librpc" -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2" +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \ + file://CVE-2021-46828.patch \ + " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" SRC_URI[sha256sum] = "e24eb88b8ce7db3b7ca6eb80115dd1284abc5ec32a8deccfed2224fc2532b9fd" @@ -19,7 +21,7 @@ inherit autotools pkgconfig EXTRA_OECONF = "--disable-gssapi" do_install:append() { - chown root:root ${D}${sysconfdir}/netconfig + test -e ${D}${sysconfdir}/netconfig && chown root:root ${D}${sysconfdir}/netconfig } BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb index 8d2e77e011..838881f238 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb @@ -19,7 +19,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://lighttpd \ " -SRC_URI[sha256sum] = "e1489d9fa7496fbf2e071c338b593b2300d38c23f1e5967e52c9ef482e1b0e26" +SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358" DEPENDS = "virtual/crypt" diff --git a/meta/recipes-extended/logrotate/logrotate_3.20.1.bb b/meta/recipes-extended/logrotate/logrotate_3.20.1.bb index 35977535aa..3df6ebd26d 100644 --- a/meta/recipes-extended/logrotate/logrotate_3.20.1.bb +++ b/meta/recipes-extended/logrotate/logrotate_3.20.1.bb @@ -67,7 +67,6 @@ do_install(){ install -p -m 644 ${S}/examples/logrotate.conf ${D}${sysconfdir}/logrotate.conf install -p -m 644 ${S}/examples/btmp ${D}${sysconfdir}/logrotate.d/btmp install -p -m 644 ${S}/examples/wtmp ${D}${sysconfdir}/logrotate.d/wtmp - touch ${D}${localstatedir}/lib/logrotate.status if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${systemd_system_unitdir} diff --git a/meta/recipes-extended/lsof/lsof_4.94.0.bb b/meta/recipes-extended/lsof/lsof_4.94.0.bb index c2b8bc839b..d50959d73c 100644 --- a/meta/recipes-extended/lsof/lsof_4.94.0.bb +++ b/meta/recipes-extended/lsof/lsof_4.94.0.bb @@ -19,6 +19,15 @@ SRCREV = "005e014e1abdadb2493d8b3ce87b37a2c0a2351d" S = "${WORKDIR}/git" + +inherit update-alternatives + +ALTERNATIVE:${PN} = "lsof" +ALTERNATIVE_LINK_NAME[lsof] = "${sbindir}/lsof" +# Make our priority higher than busybox +ALTERNATIVE_PRIORITY = "100" + + export LSOF_INCLUDE = "${STAGING_INCDIR}" do_configure () { diff --git a/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch b/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch new file mode 100644 index 0000000000..b4879221ad --- /dev/null +++ b/meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch @@ -0,0 +1,89 @@ +From 9851deb86ef257a98d7433280161d8ca685aa669 Mon Sep 17 00:00:00 2001 +From: Li Wang <liwang@redhat.com> +Date: Tue, 29 Mar 2022 13:03:51 +0800 +Subject: [PATCH] clock_gettime04: set threshold based on the clock resolution + +This is to get rid of the intermittent failures in clock_gettime04, +which are likely caused by different clock tick rates on platforms. +Here give two thresholds (in milliseconds) for comparison, one for +COARSE clock and one for the rest. + +Error log: + clock_gettime04.c:163: TFAIL: CLOCK_REALTIME_COARSE(syscall with old kernel spec): + Difference between successive readings greater than 5 ms (1): 10 + clock_gettime04.c:163: TFAIL: CLOCK_MONOTONIC_COARSE(vDSO with old kernel spec): + Difference between successive readings greater than 5 ms (2): 10 + +From Waiman Long: + That failure happens for CLOCK_REALTIME_COARSE which is a faster but less + precise version of CLOCK_REALTIME. The time resolution is actually a clock + tick. Since arm64 has a HZ rate of 100. That means each tick is 10ms. So a + CLOCK_REALTIME_COARSE threshold of 5ms is probably not enough. I would say + in the case of CLOCK_REALTIME_COARSE, we have to increase the threshold based + on the clock tick rate of the system. This is more a test failure than is + an inherent problem in the kernel. + +Fixes #898 + +Upstream-Status: Backport +[https://github.com/linux-test-project/ltp/commit/9851deb86ef257a98d7433280161d8ca685aa669] + +Reported-by: Eirik Fuller <efuller@redhat.com> +Signed-off-by: Li Wang <liwang@redhat.com> +Cc: Waiman Long <llong@redhat.com> +Cc: Viresh Kumar <viresh.kumar@linaro.org> +Reviewed-by: Cyril Hrubis <chrubis@suse.cz> +Acked-by: Waiman Long <longman@redhat.com> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + .../syscalls/clock_gettime/clock_gettime04.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c b/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c +index a8d2c5b38..c279da79e 100644 +--- a/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c ++++ b/testcases/kernel/syscalls/clock_gettime/clock_gettime04.c +@@ -35,7 +35,7 @@ clockid_t clks[] = { + }; + + static gettime_t ptr_vdso_gettime, ptr_vdso_gettime64; +-static long long delta = 5; ++static long long delta, precise_delta, coarse_delta; + + static inline int do_vdso_gettime(gettime_t vdso, clockid_t clk_id, void *ts) + { +@@ -92,9 +92,18 @@ static struct time64_variants variants[] = { + + static void setup(void) + { ++ struct timespec res; ++ ++ clock_getres(CLOCK_REALTIME, &res); ++ precise_delta = 5 + res.tv_nsec / 1000000; ++ ++ clock_getres(CLOCK_REALTIME_COARSE, &res); ++ coarse_delta = 5 + res.tv_nsec / 1000000; ++ + if (tst_is_virt(VIRT_ANY)) { + tst_res(TINFO, "Running in a virtual machine, multiply the delta by 10."); +- delta *= 10; ++ precise_delta *= 10; ++ coarse_delta *= 10; + } + + find_clock_gettime_vdso(&ptr_vdso_gettime, &ptr_vdso_gettime64); +@@ -108,6 +117,11 @@ static void run(unsigned int i) + int count = 10000, ret; + unsigned int j; + ++ if (clks[i] == CLOCK_REALTIME_COARSE || clks[i] == CLOCK_MONOTONIC_COARSE) ++ delta = coarse_delta; ++ else ++ delta = precise_delta; ++ + do { + for (j = 0; j < ARRAY_SIZE(variants); j++) { + /* Refresh time in start */ +-- +2.34.1 + diff --git a/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch b/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch new file mode 100644 index 0000000000..94dd418f36 --- /dev/null +++ b/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch @@ -0,0 +1,58 @@ +From de988c9b5605a711b306c4203545b8d761875177 Mon Sep 17 00:00:00 2001 +From: Jan Stancek <jstancek@redhat.com> +Date: Mon, 31 Jan 2022 12:00:46 +0100 +Subject: [PATCH] syscalls/pread02: extend buffer to avoid glibc overflow + detection + +Test started failing with recent glibc (glibc-2.34.9000-38.fc36), +which detects that buffer in pread is potentially too small: + tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s + *** buffer overflow detected ***: terminated + tst_test.c:1484: TBROK: Test killed by SIGIOT/SIGABRT! + +(gdb) bt + #0 __pthread_kill_implementation at pthread_kill.c:44 + #1 0x00007ffff7e46f73 in __pthread_kill_internal at pthread_kill.c:78 + #2 0x00007ffff7df6a36 in __GI_raise at ../sysdeps/posix/raise.c:26 + #3 0x00007ffff7de082f in __GI_abort () at abort.c:79 + #4 0x00007ffff7e3b01e in __libc_message at ../sysdeps/posix/libc_fatal.c:155 + #5 0x00007ffff7ed945a in __GI___fortify_fail at fortify_fail.c:26 + #6 0x00007ffff7ed7dc6 in __GI___chk_fail () at chk_fail.c:28 + #7 0x00007ffff7ed8214 in __pread_chk at pread_chk.c:26 + #8 0x0000000000404d1a in pread at /usr/include/bits/unistd.h:74 + #9 verify_pread (n=<optimized out>) at pread02.c:44 + #10 0x000000000040dc19 in run_tests () at tst_test.c:1246 + #11 testrun () at tst_test.c:1331 + #12 fork_testrun () at tst_test.c:1462 + #13 0x000000000040e9a1 in tst_run_tcases + #14 0x0000000000404bde in main + +Extend it to number of bytes we are trying to read from fd. + +Upstream-Status: Backport +[https://github.com/linux-test-project/ltp/commit/de988c9b5605a711b306c4203545b8d761875177] + +Signed-off-by: Jan Stancek <jstancek@redhat.com> +Acked-by: Petr Vorel <pvorel@suse.cz> +Reviewed-by: Cyril Hrubis <chrubis@suse.cz> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + testcases/kernel/syscalls/pread/pread02.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testcases/kernel/syscalls/pread/pread02.c b/testcases/kernel/syscalls/pread/pread02.c +index de2a81fff..fda5fd190 100644 +--- a/testcases/kernel/syscalls/pread/pread02.c ++++ b/testcases/kernel/syscalls/pread/pread02.c +@@ -39,7 +39,7 @@ struct test_case_t { + static void verify_pread(unsigned int n) + { + struct test_case_t *tc = &tcases[n]; +- char buf; ++ char buf[K1]; + + TST_EXP_FAIL2(pread(*tc->fd, &buf, tc->nb, tc->offst), tc->exp_errno, + "pread(%d, %zu, %ld) %s", *tc->fd, tc->nb, tc->offst, tc->desc); +-- +2.34.1 + diff --git a/meta/recipes-extended/ltp/ltp_20220121.bb b/meta/recipes-extended/ltp/ltp_20220121.bb index 8a13dcf9d0..51e8db4f1e 100644 --- a/meta/recipes-extended/ltp/ltp_20220121.bb +++ b/meta/recipes-extended/ltp/ltp_20220121.bb @@ -28,6 +28,8 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=ht file://0001-Remove-OOM-tests-from-runtest-mm.patch \ file://0001-metadata-parse.sh-sort-filelist-for-reproducibility.patch \ file://disable_hanging_tests.patch \ + file://0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch \ + file://0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch new file mode 100644 index 0000000000..cea435f83b --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch @@ -0,0 +1,148 @@ +From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:07 -0600 +Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container() + +Move the function up so that the function declaration is not necessary +and remove the unused arguments to the function. + +No functional changes are intended but will help with a bug fix in the +next patch. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 88 ++++++++++++++++++++++++----------------------------- + 1 file changed, 39 insertions(+), 49 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 3f304cd..65cf727 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -503,13 +503,6 @@ struct ddf_super { + static int load_super_ddf_all(struct supertype *st, int fd, + void **sbp, char *devname); + static int get_svd_state(const struct ddf_super *, const struct vcl *); +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose); + + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, +@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks, + return 1; + } + ++static int ++validate_geometry_ddf_container(struct supertype *st, ++ int level, int raiddisks, ++ unsigned long long data_offset, ++ char *dev, unsigned long long *freesize, ++ int verbose) ++{ ++ int fd; ++ unsigned long long ldsize; ++ ++ if (level != LEVEL_CONTAINER) ++ return 0; ++ if (!dev) ++ return 1; ++ ++ fd = dev_open(dev, O_RDONLY|O_EXCL); ++ if (fd < 0) { ++ if (verbose) ++ pr_err("ddf: Cannot open %s: %s\n", ++ dev, strerror(errno)); ++ return 0; ++ } ++ if (!get_dev_size(fd, dev, &ldsize)) { ++ close(fd); ++ return 0; ++ } ++ close(fd); ++ if (freesize) { ++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); ++ if (*freesize == 0) ++ return 0; ++ } ++ ++ return 1; ++} ++ + static int validate_geometry_ddf(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st, + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { + /* Must be a fresh device to add to a container */ +- return validate_geometry_ddf_container(st, level, layout, +- raiddisks, *chunk, +- size, data_offset, dev, +- freesize, +- verbose); ++ return validate_geometry_ddf_container(st, level, raiddisks, ++ data_offset, dev, ++ freesize, verbose); + } + + if (!dev) { +@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st, + return 1; + } + +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose) +-{ +- int fd; +- unsigned long long ldsize; +- +- if (level != LEVEL_CONTAINER) +- return 0; +- if (!dev) +- return 1; +- +- fd = dev_open(dev, O_RDONLY|O_EXCL); +- if (fd < 0) { +- if (verbose) +- pr_err("ddf: Cannot open %s: %s\n", +- dev, strerror(errno)); +- return 0; +- } +- if (!get_dev_size(fd, dev, &ldsize)) { +- close(fd); +- return 0; +- } +- close(fd); +- if (freesize) { +- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); +- if (*freesize == 0) +- return 0; +- } +- +- return 1; +-} +- + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +-- +2.39.1 + diff --git a/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch b/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch new file mode 100644 index 0000000000..186d1e76f2 --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch @@ -0,0 +1,45 @@ +From 41edf6f45895193f4a523cb0a08d639c9ff9ccc9 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:12 -0600 +Subject: [PATCH] mdadm: Fix optional --write-behind parameter + +The commit noted below changed the behaviour of --write-behind to +require an argument. This broke the 06wrmostly test with the error: + + mdadm: Invalid value for maximum outstanding write-behind writes: (null). + Must be between 0 and 16383. + +To fix this, check if optarg is NULL before parising it, as the origial +code did. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=41edf6f45895193f4a523cb0a08d639c9ff9ccc9] + +Fixes: 60815698c0ac ("Refactor parse_num and use it to parse optarg.") +Cc: Mateusz Grzonka <mateusz.grzonka@intel.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + mdadm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mdadm.c b/mdadm.c +index d0c5e6de..56722ed9 100644 +--- a/mdadm.c ++++ b/mdadm.c +@@ -1201,8 +1201,9 @@ int main(int argc, char *argv[]) + case O(BUILD, WriteBehind): + case O(CREATE, WriteBehind): + s.write_behind = DEFAULT_MAX_WRITE_BEHIND; +- if (parse_num(&s.write_behind, optarg) != 0 || +- s.write_behind < 0 || s.write_behind > 16383) { ++ if (optarg && ++ (parse_num(&s.write_behind, optarg) != 0 || ++ s.write_behind < 0 || s.write_behind > 16383)) { + pr_err("Invalid value for maximum outstanding write-behind writes: %s.\n\tMust be between 0 and 16383.\n", + optarg); + exit(2); +-- +2.25.1 + diff --git a/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch b/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch new file mode 100644 index 0000000000..1c95834a7e --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch @@ -0,0 +1,41 @@ +From 7539254342bc591717b0051734cc6c09c1b88640 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:13 -0600 +Subject: [PATCH] tests/00raid0: add a test that validates raid0 with layout + fails for 0.9 + +329dfc28debb disallows the creation of raid0 with layouts for 0.9 +metadata. This test confirms the new behavior. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7539254342bc591717b0051734cc6c09c1b88640] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index 8bc18985..e6b21cc4 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -6,11 +6,9 @@ check raid0 + testdev $md0 3 $mdsize2_l 512 + mdadm -S $md0 + +-# now with version-0.90 superblock ++# verify raid0 with layouts fail for 0.90 + mdadm -CR $md0 -e0.90 -l0 -n4 $dev0 $dev1 $dev2 $dev3 +-check raid0 +-testdev $md0 4 $mdsize0 512 +-mdadm -S $md0 ++check opposite_result + + # now with no superblock + mdadm -B $md0 -l0 -n5 $dev0 $dev1 $dev2 $dev3 $dev4 +-- +2.25.1 + diff --git a/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch b/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch new file mode 100644 index 0000000000..c621c082e8 --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch @@ -0,0 +1,39 @@ +From 39b381252c32275079344d30de18b76fda4bba26 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 27 Jul 2022 15:52:45 -0600 +Subject: [PATCH] tests/00readonly: Run udevadm settle before setting ro + +In some recent kernel versions, 00readonly fails with: + + mdadm: failed to set readonly for /dev/md0: Device or resource busy + ERROR: array is not read-only! + +This was traced down to a race condition with udev holding a reference +to the block device at the same time as trying to set it read only. + +To fix this, call udevadm settle before setting the array read only. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=39b381252c32275079344d30de18b76fda4bba26] + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jsorensen@fb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00readonly | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/00readonly b/tests/00readonly +index 39202487..afe243b3 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -12,6 +12,7 @@ do + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync + check $level ++ udevadm settle + mdadm -ro $md0 + check readonly + state=$(cat /sys/block/md0/md/array_state) +-- +2.25.1 + diff --git a/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch b/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch new file mode 100644 index 0000000000..1a7104b76d --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch @@ -0,0 +1,33 @@ +From a2c832465fc75202e244327b2081231dfa974617 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:16 -0600 +Subject: [PATCH] tests/02lineargrow: clear the superblock at every iteration + +This fixes 02lineargrow test as prior metadata causes --add operation +to misbehave. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=a2c832465fc75202e244327b2081231dfa974617] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/02lineargrow | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/02lineargrow b/tests/02lineargrow +index e05c219d..595bf9f2 100644 +--- a/tests/02lineargrow ++++ b/tests/02lineargrow +@@ -20,4 +20,6 @@ do + testdev $md0 3 $sz 1 + + mdadm -S $md0 ++ mdadm --zero /dev/loop2 ++ mdadm --zero /dev/loop3 + done +-- +2.25.1 + diff --git a/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch b/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch new file mode 100644 index 0000000000..9098fb2540 --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch @@ -0,0 +1,41 @@ +From de045db607b1ac4b70fc2a8878463e029c2ab1dc Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:15 -0600 +Subject: [PATCH] tests/04update-metadata: avoid passing chunk size to raid1 + +'04update-metadata' test fails with error, "specifying chunk size is +forbidden for this level" added by commit, 5b30a34aa4b5e. Hence, +correcting the test to ignore passing chunk size to raid1. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=de045db607b1ac4b70fc2a8878463e029c2ab1dc] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +[logang@deltatee.com: fix if/then style and dropped unrelated hunk] +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/04update-metadata | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 08c14af7..2b72a303 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -11,7 +11,11 @@ dlist="$dev0 $dev1 $dev2 $dev3" + for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} +- mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ if [[ $l == 'raid1' ]]; then ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 $dlist ++ else ++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist ++ fi + testdev $md0 $s 19904 64 + mdadm -S $md0 + mdadm -A $md0 --update=metadata $dlist +-- +2.25.1 + diff --git a/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch b/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch new file mode 100644 index 0000000000..d2e7d8ee50 --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch @@ -0,0 +1,102 @@ +From 14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7 Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Date: Wed, 22 Jun 2022 14:25:14 -0600 +Subject: [PATCH] tests: fix raid0 tests for 0.90 metadata + +Some of the test cases fail because raid0 creation fails with the error, +"0.90 metadata does not support layouts for RAID0" added by commit, +329dfc28debb. Fix some of the test cases by switching from raid0 to +linear level for 0.9 metadata where possible. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7] + +Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com> +Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + tests/00raid0 | 4 ++-- + tests/00readonly | 4 ++++ + tests/03r0assem | 6 +++--- + tests/04r0update | 4 ++-- + tests/04update-metadata | 2 +- + 5 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/tests/00raid0 b/tests/00raid0 +index e6b21cc4..9b8896cb 100644 +--- a/tests/00raid0 ++++ b/tests/00raid0 +@@ -20,8 +20,8 @@ mdadm -S $md0 + # now same again with different chunk size + for chunk in 4 32 256 + do +- mdadm -CR $md0 -e0.90 -l raid0 --chunk $chunk -n3 $dev0 $dev1 $dev2 +- check raid0 ++ mdadm -CR $md0 -e0.90 -l linear --chunk $chunk -n3 $dev0 $dev1 $dev2 ++ check linear + testdev $md0 3 $mdsize0 $chunk + mdadm -S $md0 + +diff --git a/tests/00readonly b/tests/00readonly +index 28b0fa13..39202487 100644 +--- a/tests/00readonly ++++ b/tests/00readonly +@@ -4,6 +4,10 @@ for metadata in 0.9 1.0 1.1 1.2 + do + for level in linear raid0 raid1 raid4 raid5 raid6 raid10 + do ++ if [[ $metadata == "0.9" && $level == "raid0" ]]; ++ then ++ continue ++ fi + mdadm -CR $md0 -l $level -n 4 --metadata=$metadata \ + $dev1 $dev2 $dev3 $dev4 --assume-clean + check nosync +diff --git a/tests/03r0assem b/tests/03r0assem +index 6744e322..44df0645 100644 +--- a/tests/03r0assem ++++ b/tests/03r0assem +@@ -68,9 +68,9 @@ mdadm -S $md2 + ### Now for version 0... + + mdadm --zero-superblock $dev0 $dev1 $dev2 +-mdadm -CR $md2 -l0 --metadata=0.90 -n3 $dev0 $dev1 $dev2 +-check raid0 +-tst="testdev $md2 3 $mdsize0 512" ++mdadm -CR $md2 -llinear --metadata=0.90 -n3 $dev0 $dev1 $dev2 ++check linear ++tst="testdev $md2 3 $mdsize0 1" + $tst + + uuid=`mdadm -Db $md2 | sed 's/.*UUID=//'` +diff --git a/tests/04r0update b/tests/04r0update +index 73ee3b9f..b95efb06 100644 +--- a/tests/04r0update ++++ b/tests/04r0update +@@ -1,7 +1,7 @@ + + # create a raid0, re-assemble with a different super-minor +-mdadm -CR -e 0.90 $md0 -l0 -n3 $dev0 $dev1 $dev2 +-testdev $md0 3 $mdsize0 512 ++mdadm -CR -e 0.90 $md0 -llinear -n3 $dev0 $dev1 $dev2 ++testdev $md0 3 $mdsize0 1 + minor1=`mdadm -E $dev0 | sed -n -e 's/.*Preferred Minor : //p'` + mdadm -S /dev/md0 + +diff --git a/tests/04update-metadata b/tests/04update-metadata +index 232fc1ff..08c14af7 100644 +--- a/tests/04update-metadata ++++ b/tests/04update-metadata +@@ -8,7 +8,7 @@ set -xe + + dlist="$dev0 $dev1 $dev2 $dev3" + +-for ls in raid0/4 linear/4 raid1/1 raid5/3 raid6/2 ++for ls in linear/4 raid1/1 raid5/3 raid6/2 + do + s=${ls#*/} l=${ls%/*} + mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist +-- +2.25.1 + diff --git a/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch new file mode 100644 index 0000000000..fafe88b49c --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch @@ -0,0 +1,56 @@ +From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:08 -0600 +Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in + validate_geometry_ddf() + +A relatively recent patch added a call to validate_geometry() in +Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL. + +This causes some ddf tests to segfault which aborts the test suite. + +To fix this, avoid dereferencing chunk when the level is +LEVEL_CONTAINER or LEVEL_NONE. + +Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container") +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 65cf727..3ef1293 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st, + * If given BVDs, we make an SVD, changing all the GUIDs in the process. + */ + +- if (*chunk == UnSet) +- *chunk = DEFAULT_CHUNK; +- + if (level == LEVEL_NONE) + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { +@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st, + freesize, verbose); + } + ++ if (*chunk == UnSet) ++ *chunk = DEFAULT_CHUNK; ++ + if (!dev) { + mdu_array_info_t array = { + .level = level, +-- +2.39.1 + diff --git a/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch new file mode 100644 index 0000000000..a954ab027a --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch @@ -0,0 +1,91 @@ +From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:09 -0600 +Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork + +The test 07reshape-grow fails most of the time. But it succeeds around +1 in 5 times. When it does succeed, it causes the tests to die because +mdadm has segfaulted. + +The segfault was caused by mdadm attempting to repoen a file +descriptor that was already closed. The backtrace of the segfault +was: + + #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101 + #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956 + #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0) + at util.c:1072 + #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079 + #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244 + #5 0x000056146e329f36 in start_array (mdfd=4, + mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860, + st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0, + bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5, + sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90, + clean=1, avail=0x56146fc78720 "\001\001\001\001\001", + start_partial_ok=0, err_ok=0, was_forced=0) + at Assemble.c:1206 + #6 0x000056146e32c36e in Assemble (st=0x56146fc78660, + mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70, + devlist=0x56146fc6e2d0, c=0x7ffc55342e90) + at Assemble.c:1914 + #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238) + at mdadm.c:1510 + +The file descriptor was closed early in Grow_continue(). The noted commit +moved the close() call to close the fd above the fork which caused the +parent process to return with a closed fd. + +This meant reshape_array() and Grow_continue() would return in the parent +with the fd forked. The fd would eventually be passed to reopen_mddev() +which returned an unhandled NULL from fd2devnm() which would then be +dereferenced in devnm2devid. + +Fix this by moving the close() call below the fork. This appears to +fix the 07revert-grow test. While we're at it, switch to using +close_fd() to invalidate the file descriptor. + +Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time") +Cc: Alex Wu <alexwu@synology.com> +Cc: BingJing Chang <bingjingc@synology.com> +Cc: Danny Shih <dannyshih@synology.com> +Cc: ChangSyun Peng <allenpeng@synology.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + Grow.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Grow.c b/Grow.c +index 9c6fc95..a8e4e83 100644 +--- a/Grow.c ++++ b/Grow.c +@@ -3501,7 +3501,6 @@ started: + return 0; + } + +- close(fd); + /* Now we just need to kick off the reshape and watch, while + * handling backups of the data... + * This is all done by a forked background process. +@@ -3522,6 +3521,9 @@ started: + break; + } + ++ /* Close unused file descriptor in the forked process */ ++ close_fd(&fd); ++ + /* If another array on the same devices is busy, the + * reshape will wait for them. This would mean that + * the first section that we suspend will stay suspended +-- +2.39.1 + diff --git a/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch new file mode 100644 index 0000000000..72cb40f782 --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch @@ -0,0 +1,42 @@ +From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:10 -0600 +Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks + +Not all struct superswitch implement a get_bad_blocks() function, +yet mdmon seems to call it without checking for NULL and thus +occasionally segfaults in the test 10ddf-geometry. + +Fix this by checking for NULL before calling it. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + monitor.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/monitor.c b/monitor.c +index afc3e50..8e43c0d 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi) + struct md_bb *bb; + int i; + ++ if (!ss->get_bad_blocks) ++ return -1; ++ + /* + * Get a list of bad blocks for an array, then read list of + * acknowledged bad blocks from kernel and compare it against metadata +-- +2.39.1 + diff --git a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch new file mode 100644 index 0000000000..c55bfb125b --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch @@ -0,0 +1,128 @@ +From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:18 -0600 +Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures + +Add functionality to continue if a test marked as broken fails. + +To mark a test as broken, a file with the same name but with the suffix +'.broken' should exist. The first line in the file will be printed with +a KNOWN BROKEN message; the rest of the file can describe the how the +test is broken. + +Also adds --skip-broken and --skip-always-broken to skip all the tests +that have a .broken file or to skip all tests whose .broken file's first +line contains the keyword always. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3 + +[OP: adjusted context for mdadm-4.2] +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + test | 37 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 35 insertions(+), 2 deletions(-) + +diff --git a/test b/test +index 8f189d9..ee8fba1 100755 +--- a/test ++++ b/test +@@ -10,6 +10,8 @@ devlist= + + savelogs=0 + exitonerror=1 ++ctrl_c_error=0 ++skipbroken=0 + prefix='[0-9][0-9]' + + # use loop devices by default if doesn't specify --dev +@@ -35,6 +37,7 @@ die() { + + ctrl_c() { + exitonerror=1 ++ ctrl_c_error=1 + } + + # mdadm always adds --quiet, and we want to see any unexpected messages +@@ -79,8 +82,21 @@ mdadm() { + do_test() { + _script=$1 + _basename=`basename $_script` ++ _broken=0 ++ + if [ -f "$_script" ] + then ++ if [ -f "${_script}.broken" ]; then ++ _broken=1 ++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n') ++ if [ "$skipbroken" == "all" ]; then ++ return ++ elif [ "$skipbroken" == "always" ] && ++ [[ "$_broken_msg" == *always* ]]; then ++ return ++ fi ++ fi ++ + rm -f $targetdir/stderr + # this might have been reset: restore the default. + echo 2000 > /proc/sys/dev/raid/speed_limit_max +@@ -97,10 +113,15 @@ do_test() { + else + save_log fail + _fail=1 ++ if [ "$_broken" == "1" ]; then ++ echo " (KNOWN BROKEN TEST: $_broken_msg)" ++ fi + fi + [ "$savelogs" == "1" ] && + mv -f $targetdir/log $logdir/$_basename.log +- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1 ++ [ "$ctrl_c_error" == "1" ] && exit 1 ++ [ "$_fail" == "1" -a "$exitonerror" == "1" \ ++ -a "$_broken" == "0" ] && exit 1 + fi + } + +@@ -117,6 +138,8 @@ do_help() { + --logdir=directory Directory to save all logfiles in + --save-logs Usually use with --logdir together + --keep-going | --no-error Don't stop on error, ie. run all tests ++ --skip-broken Skip tests that are known to be broken ++ --skip-always-broken Skip tests that are known to always fail + --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk + --disks= Provide a bunch of physical devices for test + --volgroup=name LVM volume group for LVM test +@@ -211,6 +234,12 @@ parse_args() { + --keep-going | --no-error ) + exitonerror=0 + ;; ++ --skip-broken ) ++ skipbroken=all ++ ;; ++ --skip-always-broken ) ++ skipbroken=always ++ ;; + --disable-multipath ) + unset MULTIPATH + ;; +@@ -275,7 +304,11 @@ main() { + if [ $script == "$testdir/11spare-migration" ];then + continue + fi +- do_test $script ++ case $script in ++ *.broken) ;; ++ *) ++ do_test $script ++ esac + done + fi + +-- +2.39.1 + diff --git a/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch new file mode 100644 index 0000000000..115b23bac5 --- /dev/null +++ b/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch @@ -0,0 +1,454 @@ +From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:19 -0600 +Subject: [PATCH 6/6] tests: Add broken files for all broken tests + +Each broken file contains the rough frequency of brokeness as well +as a brief explanation of what happens when it breaks. Estimates +of failure rates are not statistically significant and can vary +run to run. + +This is really just a view from my window. Tests were done on a +small VM with the default loop devices, not real hardware. We've +seen different kernel configurations can cause bugs to appear as well +(ie. different block schedulers). It may also be that different race +conditions will be seen on machines with different performance +characteristics. + +These annotations were done with the kernel currently in md/md-next: + + facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()") + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + tests/01r5integ.broken | 7 ++++ + tests/01raid6integ.broken | 7 ++++ + tests/04r5swap.broken | 7 ++++ + tests/07autoassemble.broken | 8 ++++ + tests/07autodetect.broken | 5 +++ + tests/07changelevelintr.broken | 9 +++++ + tests/07changelevels.broken | 9 +++++ + tests/07reshape5intr.broken | 45 ++++++++++++++++++++++ + tests/07revert-grow.broken | 31 +++++++++++++++ + tests/07revert-shrink.broken | 9 +++++ + tests/07testreshape5.broken | 12 ++++++ + tests/09imsm-assemble.broken | 6 +++ + tests/09imsm-create-fail-rebuild.broken | 5 +++ + tests/09imsm-overlap.broken | 7 ++++ + tests/10ddf-assemble-missing.broken | 6 +++ + tests/10ddf-fail-create-race.broken | 7 ++++ + tests/10ddf-fail-two-spares.broken | 5 +++ + tests/10ddf-incremental-wrong-order.broken | 9 +++++ + tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++ + tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++ + tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++ + tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++ + tests/19raid6auto-repair.broken | 5 +++ + tests/19raid6repair.broken | 5 +++ + 24 files changed, 226 insertions(+) + create mode 100644 tests/01r5integ.broken + create mode 100644 tests/01raid6integ.broken + create mode 100644 tests/04r5swap.broken + create mode 100644 tests/07autoassemble.broken + create mode 100644 tests/07autodetect.broken + create mode 100644 tests/07changelevelintr.broken + create mode 100644 tests/07changelevels.broken + create mode 100644 tests/07reshape5intr.broken + create mode 100644 tests/07revert-grow.broken + create mode 100644 tests/07revert-shrink.broken + create mode 100644 tests/07testreshape5.broken + create mode 100644 tests/09imsm-assemble.broken + create mode 100644 tests/09imsm-create-fail-rebuild.broken + create mode 100644 tests/09imsm-overlap.broken + create mode 100644 tests/10ddf-assemble-missing.broken + create mode 100644 tests/10ddf-fail-create-race.broken + create mode 100644 tests/10ddf-fail-two-spares.broken + create mode 100644 tests/10ddf-incremental-wrong-order.broken + create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken + create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken + create mode 100644 tests/19raid6auto-repair.broken + create mode 100644 tests/19raid6repair.broken + +diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken +new file mode 100644 +index 0000000..2073763 +--- /dev/null ++++ b/tests/01r5integ.broken +@@ -0,0 +1,7 @@ ++fails rarely ++ ++Fails about 1 in every 30 runs with a sha mismatch error: ++ ++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match ++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3 ++ missing +diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken +new file mode 100644 +index 0000000..1df735f +--- /dev/null ++++ b/tests/01raid6integ.broken +@@ -0,0 +1,7 @@ ++fails infrequently ++ ++Fails about 1 in 5 with a sha mismatch: ++ ++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match ++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and ++ /dev/loop3 missing +diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken +new file mode 100644 +index 0000000..e38987d +--- /dev/null ++++ b/tests/04r5swap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 has no superblock - assembly aborted ++ ++ ERROR: no recovery happening +diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken +new file mode 100644 +index 0000000..8be0940 +--- /dev/null ++++ b/tests/07autoassemble.broken +@@ -0,0 +1,8 @@ ++always fails ++ ++Prints lots of messages, but the array doesn't assemble. Error ++possibly related to: ++ ++ mdadm: /dev/md/1 is busy - skipping ++ mdadm: no recogniseable superblock on /dev/md/testing:0 ++ mdadm: /dev/md/2 is busy - skipping +diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken +new file mode 100644 +index 0000000..294954a +--- /dev/null ++++ b/tests/07autodetect.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ ERROR: no resync happening +diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken +new file mode 100644 +index 0000000..284b490 +--- /dev/null ++++ b/tests/07changelevelintr.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 56832 ++ ++ ERROR: no reshape happening +diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken +new file mode 100644 +index 0000000..9b930d9 +--- /dev/null ++++ b/tests/07changelevels.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata ++ ++ ERROR: /dev/md0 isn't a block device. +diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken +new file mode 100644 +index 0000000..efe52a6 +--- /dev/null ++++ b/tests/07reshape5intr.broken +@@ -0,0 +1,45 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex ++held") ++ ++The new error is simply: ++ ++ ERROR: no reshape happening ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails infrequently ++ ++Fails roughly 1 in 4 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: cannot re-read metadata from /dev/loop6 - aborting ++ ++ ERROR: no reshape happening ++ ++Also have seen a random deadlock: ++ ++ INFO: task mdadm:109702 blocked for more than 30 seconds. ++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040 ++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. ++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000 ++ Call Trace: ++ <TASK> ++ __schedule+0x67e/0x13b0 ++ schedule+0x82/0x110 ++ mddev_suspend+0x2e1/0x330 ++ suspend_lo_store+0xbd/0x140 ++ md_attr_store+0xcb/0x130 ++ sysfs_kf_write+0x89/0xb0 ++ kernfs_fop_write_iter+0x202/0x2c0 ++ new_sync_write+0x222/0x330 ++ vfs_write+0x3bc/0x4d0 ++ ksys_write+0xd9/0x180 ++ __x64_sys_write+0x43/0x50 ++ do_syscall_64+0x3b/0x90 ++ entry_SYSCALL_64_after_hwframe+0x44/0xae +diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken +new file mode 100644 +index 0000000..9b6db86 +--- /dev/null ++++ b/tests/07revert-grow.broken +@@ -0,0 +1,31 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held") ++ ++The errors are: ++ ++ mdadm: No active reshape to revert on /dev/loop0 ++ ERROR: active raid5 not found ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails rarely ++ ++Fails about 1 in every 30 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory ++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument ++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it ++ (use --run to insist). ++ ++ grep: /sys/block/md*/md/sync_action: No such file or directory ++ ++ ERROR: active raid5 not found +diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken +new file mode 100644 +index 0000000..c33c39e +--- /dev/null ++++ b/tests/07revert-shrink.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 53760 ++ ++ ERROR: active raid5 not found +diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken +new file mode 100644 +index 0000000..a8ce03e +--- /dev/null ++++ b/tests/07testreshape5.broken +@@ -0,0 +1,12 @@ ++always fails ++ ++Test seems to run 'test_stripe' at $dir directory, but $dir is never ++set. If $dir is adjusted to $PWD, the test still fails with: ++ ++ mdadm: /dev/loop2 is not suitable for this array. ++ mdadm: create aborted ++ ++ return 1 ++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile ++ ++ echo cmp failed ++ cmp failed ++ ++ exit 2 +diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken +new file mode 100644 +index 0000000..a6d4d5c +--- /dev/null ++++ b/tests/09imsm-assemble.broken +@@ -0,0 +1,6 @@ ++fails infrequently ++ ++Fails roughly 1 in 10 runs with errors: ++ ++ mdadm: /dev/loop2 is still in use, cannot remove. ++ /dev/loop2 removal from /dev/md/container should have succeeded +diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken +new file mode 100644 +index 0000000..40c4b29 +--- /dev/null ++++ b/tests/09imsm-create-fail-rebuild.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ **Error**: Array size mismatch - expected 3072, actual 16384 +diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken +new file mode 100644 +index 0000000..e7ccab7 +--- /dev/null ++++ b/tests/09imsm-overlap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ /dev/md/vol3 failed check +diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken +new file mode 100644 +index 0000000..bfd8d10 +--- /dev/null ++++ b/tests/10ddf-assemble-missing.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with errors: ++ ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 +diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken +new file mode 100644 +index 0000000..6c0df02 +--- /dev/null ++++ b/tests/10ddf-fail-create-race.broken +@@ -0,0 +1,7 @@ ++usually fails ++ ++Fails about 9 out of 10 times with many errors: ++ ++ mdadm: cannot open MISSING: No such file or directory ++ ERROR: non-degraded array found ++ ERROR: disk 0 not marked as failed in meta data +diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken +new file mode 100644 +index 0000000..eeea56d +--- /dev/null ++++ b/tests/10ddf-fail-two-spares.broken +@@ -0,0 +1,5 @@ ++fails infrequently ++ ++Fails roughly 1 in 3 with error: ++ ++ ERROR: /dev/md/vol1 should be optimal in meta data +diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken +new file mode 100644 +index 0000000..a5af3ba +--- /dev/null ++++ b/tests/10ddf-incremental-wrong-order.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ERROR: sha1sum of /dev/md/vol0 has changed ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8 ++ ERROR: unexpected number of online disks on /dev/loop8 ++ ERROR: sha1sum of /dev/md/vol0 has changed +diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken +new file mode 100644 +index 0000000..4ef1d40 +--- /dev/null ++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk") +diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..89cd4e5 +--- /dev/null ++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..a27399f +--- /dev/null ++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken +@@ -0,0 +1,5 @@ ++fails rarely ++ ++Fails about 1 run in 100 with message: ++ ++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0 +diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken +new file mode 100644 +index 0000000..aa1982e +--- /dev/null ++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6auto-repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +-- +2.39.1 + diff --git a/meta/recipes-extended/mdadm/files/run-ptest b/meta/recipes-extended/mdadm/files/run-ptest index fae8071d43..2380c322a9 100644 --- a/meta/recipes-extended/mdadm/files/run-ptest +++ b/meta/recipes-extended/mdadm/files/run-ptest @@ -2,6 +2,6 @@ mkdir -p /mdadm-testing-dir # make the test continue to execute even one fail -dir=. ./test --keep-going --disable-integrity +dir=. ./test --keep-going --disable-integrity --skip-broken rm -rf /mdadm-testing-dir/* diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb index 19035caaec..e4b98f82c1 100644 --- a/meta/recipes-extended/mdadm/mdadm_4.2.bb +++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb @@ -24,6 +24,18 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-mdadm-skip-test-11spare-migration.patch \ file://0001-Fix-parsing-of-r-in-monitor-manager-mode.patch \ file://0001-Makefile-install-mdcheck.patch \ + file://0001-mdadm-Fix-optional-write-behind-parameter.patch \ + file://0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch \ + file://0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch \ + file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \ + file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \ + file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \ + file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \ + file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \ + file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \ + file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \ + file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \ + file://0006-tests-Add-broken-files-for-all-broken-tests.patch \ " SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d" @@ -93,10 +105,16 @@ do_install_ptest() { } RDEPENDS:${PN} += "bash" -RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs" +RDEPENDS:${PN}-ptest += " \ + bash \ + e2fsprogs-mke2fs \ + util-linux-lsblk \ + util-linux-losetup \ + util-linux-blockdev \ + strace \ +" RRECOMMENDS:${PN}-ptest += " \ coreutils \ - util-linux \ kernel-module-loop \ kernel-module-linear \ kernel-module-raid0 \ diff --git a/meta/recipes-extended/minicom/minicom/0001-Drop-superfluous-global-variable-definitions.patch b/meta/recipes-extended/minicom/minicom/0001-Drop-superfluous-global-variable-definitions.patch deleted file mode 100644 index 01b23898e7..0000000000 --- a/meta/recipes-extended/minicom/minicom/0001-Drop-superfluous-global-variable-definitions.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b65152ebc03832972115e6d98e50cb6190d01793 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com> -Date: Mon, 3 Feb 2020 13:18:13 +0100 -Subject: [PATCH 1/3] Drop superfluous global variable definitions - -The file minicom.c, by including the minicom.h header, already defines -the global variables 'dial_user' and 'dial_pass'. The object file -minicom.o is always linked to dial.o. Thus the definitions in dial.c -can be dropped. - -This fixes linking with gcc 10 which uses -fno-common by default, -disallowing multiple global variable definitions. - -Upstream-Status: Backport [https://salsa.debian.org/minicom-team/minicom/-/commit/db269bba2a68fde03f5df45ac8372a8f1248ca96] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/dial.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/dial.c b/src/dial.c -index eada5ee..d9d481f 100644 ---- a/src/dial.c -+++ b/src/dial.c -@@ -146,8 +146,6 @@ static int newtype; - /* Access to ".dialdir" denied? */ - static int dendd = 0; - static char *tagged; --char *dial_user; --char *dial_pass; - - /* Change the baud rate. Treat all characters in the given array as if - * they were key presses within the comm parameters dialog (C-A P) and --- -2.24.1 - diff --git a/meta/recipes-extended/minicom/minicom/0002-Drop-superfluous-global-variable-definitions.patch b/meta/recipes-extended/minicom/minicom/0002-Drop-superfluous-global-variable-definitions.patch deleted file mode 100644 index e86b470b7e..0000000000 --- a/meta/recipes-extended/minicom/minicom/0002-Drop-superfluous-global-variable-definitions.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 924bd2da3a00e030e29d82b74ef82900bd50b475 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com> -Date: Mon, 3 Feb 2020 13:18:33 +0100 -Subject: [PATCH 2/3] Drop superfluous global variable definitions - -The only place where the EXTERN macro mechanism is used to define the -global variables 'vt_outmap' and 'vt_inmap' is minicom.c (by defining -an empty EXTERN macro and including the minicom.h header). The file -vt100.c already defines these variables. The vt100.o object file is -always linked to minicom.o. Thus it is safe not to define the -variables in minicom.c and only declare them in the minicom.h header. - -This fixes linking with gcc 10 which uses -fno-common by default, -disallowing multiple global variable definitions. - -Upstream-Status: Backport [https://salsa.debian.org/minicom-team/minicom/-/commit/c69cad5b5dda85d361a3a0c1fddc65e933f26d11] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/minicom.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/minicom.h b/src/minicom.h -index 061c013..0f9693b 100644 ---- a/src/minicom.h -+++ b/src/minicom.h -@@ -141,7 +141,7 @@ EXTERN int sbcolor; /* Status Bar Background Color */ - EXTERN int st_attr; /* Status Bar attributes. */ - - /* jl 04.09.97 conversion tables */ --EXTERN unsigned char vt_outmap[256], vt_inmap[256]; -+extern unsigned char vt_outmap[256], vt_inmap[256]; - - /* MARK updated 02/17/95 - history buffer */ - EXTERN int num_hist_lines; /* History buffer size */ --- -2.24.1 - diff --git a/meta/recipes-extended/minicom/minicom/0003-Drop-superfluous-global-variable-definitions.patch b/meta/recipes-extended/minicom/minicom/0003-Drop-superfluous-global-variable-definitions.patch deleted file mode 100644 index 3225a0c32a..0000000000 --- a/meta/recipes-extended/minicom/minicom/0003-Drop-superfluous-global-variable-definitions.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a4fc603b3641d2efe31479116eb7ba66932901c7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com> -Date: Mon, 3 Feb 2020 13:21:41 +0100 -Subject: [PATCH 3/3] Drop superfluous global variable definitions - -The only place where the EXTERN macro mechanism is used to define the -global variables 'portfd_is_socket', 'portfd_is_connected' and -'portfd_sock_addr' is minicom.c (by defining an empty EXTERN macro and -including the minicom.h header). The source file sysdep1_s.c already -defines these variables. The sysdep1_s.o object file is always linked -to minicom.o. Thus it is safe to drop the definitions from minicom.c -and only declare the variables in the minicom.h header. - -This fixes linking with gcc 10 which uses -fno-common by default, -disallowing multiple global variable definitions. - -Upstream-Status: Backport [https://salsa.debian.org/minicom-team/minicom/-/commit/c8382374c5d340aa4115d527aed76e876ee5456b] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/minicom.h | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/minicom.h b/src/minicom.h -index 0f9693b..1e7cb8c 100644 ---- a/src/minicom.h -+++ b/src/minicom.h -@@ -113,9 +113,9 @@ EXTERN char *dial_user; /* Our username there */ - EXTERN char *dial_pass; /* Our password */ - - #ifdef USE_SOCKET --EXTERN int portfd_is_socket; /* File descriptor is a unix socket */ --EXTERN int portfd_is_connected; /* 1 if the socket is connected */ --EXTERN struct sockaddr_un portfd_sock_addr; /* the unix socket address */ -+extern int portfd_is_socket; /* File descriptor is a unix socket */ -+extern int portfd_is_connected; /* 1 if the socket is connected */ -+extern struct sockaddr_un portfd_sock_addr; /* the unix socket address */ - #define portfd_connected ((portfd_is_socket && !portfd_is_connected) \ - ? -1 : portfd) - #else --- -2.24.1 - diff --git a/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch b/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch index a4b3afd959..090ed5c1c9 100644 --- a/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch +++ b/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch @@ -1,4 +1,4 @@ -From 58245b859ffbcb1780575bf1b0a018d55e74e434 Mon Sep 17 00:00:00 2001 +From 08ba909500412611953aea0fa2fe0d8fe76b6e24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@googlemail.com> Date: Wed, 21 Sep 2016 21:14:40 +0200 Subject: [PATCH] detect gold as GNU linker too @@ -9,23 +9,21 @@ Content-Transfer-Encoding: 8bit Upstream-Status: Pending Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 03e8bda..c2fce51 100644 +index 468c718..cd93f30 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ AC_CHECK_SIZEOF([void *]) AC_MSG_CHECKING([for GNU ld]) - LD=`$CC -print-prog-name=ld 2>&5` + LD=$($CC -print-prog-name=ld 2>&5) --if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld"` = 0; then -+if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU "` = 0; then +-if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld") = 0; then ++if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ") = 0; then # Not GNU_LD="" AC_MSG_RESULT([no]) --- -2.5.5 - diff --git a/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch b/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch deleted file mode 100644 index ca235d5108..0000000000 --- a/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f60dc1063607ca1f201ba4cbda467d8af3f78f64 Mon Sep 17 00:00:00 2001 -From: Miroslav Lichvar <mlichvar@redhat.com> -Date: Tue, 1 Oct 2019 16:37:55 +0200 -Subject: [PATCH] don't ignore CFLAGS when building snack - -In addition to the flags returned by python-config --cflags, use the -user-specified CFLAGS when building the snack object. - -Upstream-Status: Backport from master -Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> ---- - Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index be5f87b..6facd5e 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -96,8 +96,8 @@ _snack.$(SOEXT): snack.c $(LIBNEWTSH) - PIFLAGS=`$$pyconfig --includes`; \ - PLDFLAGS=`$$pyconfig --ldflags`; \ - PLFLAGS=`$$pyconfig --libs`; \ -- echo $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -- $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -+ echo $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ -+ $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \ - echo $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \ - $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \ - done || : diff --git a/meta/recipes-extended/newt/libnewt_0.52.21.bb b/meta/recipes-extended/newt/libnewt_0.52.23.bb index 430e481b36..cd3731cf74 100644 --- a/meta/recipes-extended/newt/libnewt_0.52.21.bb +++ b/meta/recipes-extended/newt/libnewt_0.52.23.bb @@ -21,11 +21,9 @@ SRC_URI = "https://releases.pagure.org/newt/newt-${PV}.tar.gz \ file://cross_ar.patch \ file://Makefile.in-Add-tinfo-library-to-the-linking-librari.patch \ file://0001-detect-gold-as-GNU-linker-too.patch \ - file://0002-don-t-ignore-CFLAGS-when-building-snack.patch \ " -SRC_URI[md5sum] = "a0a5fd6b53bb167a65e15996b249ebb5" -SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac5abb31" +SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a" S = "${WORKDIR}/newt-${PV}" diff --git a/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch new file mode 100644 index 0000000000..94dcb04f0a --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch @@ -0,0 +1,108 @@ +From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 +From: Per Jessen <per@jessen.ch> +Date: Fri, 22 Apr 2022 18:15:36 +0200 +Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype + +When using scandir() to look for MOTD files to display, we wrongly +relied on all filesystems providing a filetype. This is a fix to divert +to lstat() when we have no filetype. To maintain MT safety, it isn't +possible to use lstat() in the scandir() filter function, so all of the +filtering has been moved to an additional loop after scanning all the +motd dirs. +Also, remove superfluous alphasort from scandir(), we are doing +a qsort() later. + +Resolves: https://github.com/linux-pam/linux-pam/issues/455 + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] + +Signed-off-by: Per Jessen <per@jessen.ch> +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- + 1 file changed, 40 insertions(+), 9 deletions(-) + +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index 6ac8cba2..5ca486e4 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) + } + } + +-static int filter_dirents(const struct dirent *d) +-{ +- return (d->d_type == DT_REG || d->d_type == DT_LNK); +-} +- + static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) + { +@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + + for (i = 0; i < num_motd_dirs; i++) { + int rv; +- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), +- filter_dirents, alphasort); ++ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", +@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + if (dirscans_size_total == 0) + goto out; + ++ /* filter out unwanted names, directories, and complement data with lstat() */ ++ for (i = 0; i < num_motd_dirs; i++) { ++ struct dirent **d = dirscans[i]; ++ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { ++ int rc; ++ char *fullpath; ++ struct stat s; ++ ++ switch(d[j]->d_type) { /* the filetype determines how to proceed */ ++ case DT_REG: /* regular files and */ ++ case DT_LNK: /* symlinks */ ++ continue; /* are good. */ ++ case DT_UNKNOWN: /* for file systems that do not provide */ ++ /* a filetype, we use lstat() */ ++ if (join_dir_strings(&fullpath, motd_dir_path_split[i], ++ d[j]->d_name) <= 0) ++ break; ++ rc = lstat(fullpath, &s); ++ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ ++ if (rc != 0) /* if the lstat() somehow failed */ ++ break; ++ ++ if (S_ISREG(s.st_mode) || /* regular files and */ ++ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ ++ break; ++ case DT_DIR: /* We don't want directories */ ++ default: /* nor anything else */ ++ break; ++ } ++ _pam_drop(d[j]); /* free memory */ ++ d[j] = NULL; /* indicate this one was dropped */ ++ dirscans_size_total--; ++ } ++ } ++ + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); +@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { +- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; +- i_dirnames++; ++ if (NULL != dirscans[i][j]) { ++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; ++ i_dirnames++; ++ } + } + } + +-- +2.39.0 + diff --git a/meta/recipes-extended/pam/libpam/99_pam b/meta/recipes-extended/pam/libpam/99_pam index 97e990d10b..a88247be13 100644 --- a/meta/recipes-extended/pam/libpam/99_pam +++ b/meta/recipes-extended/pam/libpam/99_pam @@ -1 +1 @@ -d root root 0755 /var/run/sepermit none +d root root 0755 /run/sepermit none diff --git a/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch new file mode 100644 index 0000000000..e7bf03f9f7 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch @@ -0,0 +1,205 @@ +From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <kukuk@suse.com> +Date: Thu, 24 Feb 2022 10:37:32 +0100 +Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf + +According to the manual page, the following entry is valid but does not +work: +-:root:ALL EXCEPT localhost + +See https://bugzilla.suse.com/show_bug.cgi?id=1019866 + +Patched is based on PR#226 from Josef Moellers + +Upstream-Status: Backport +CVE: CVE-2022-28321 + +Reference to upstream patch: +[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- + 1 file changed, 76 insertions(+), 19 deletions(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 277192b..bca424f 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + return NO; + } + +- /* Assume network/netmask with an IP of a host. */ ++ /* Assume network/netmask, IP address or hostname. */ + return network_netmask_match(pamh, tok, string, item); + } + +@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. +- * "NONE" token matches NULL string. ++ * "NONE" token matches NULL string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ +@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok +- * represents either a single ip (v4,v6) address or a network/netmask ++ * represents either a hostname, a single ip (v4,v6) address ++ * or a network/netmask + */ + static int + network_netmask_match (pam_handle_t *pamh, +@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, + char *netmask_ptr; + char netmask_string[MAXHOSTNAMELEN + 1]; + int addr_type; ++ struct addrinfo *ai = NULL; + + if (item->debug) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_DEBUG, + "network_netmask_match: tok=%s, item=%s", tok, string); ++ + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) + { +@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, + netmask_ptr = number_to_netmask(netmask, addr_type, + netmask_string, MAXHOSTNAMELEN); + } +- } ++ ++ /* ++ * Construct an addrinfo list from the IP address. ++ * This should not fail as the input is a correct IP address... ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ return NO; ++ } ++ } + else +- /* NO, then check if it is only an addr */ +- if (isipaddr(tok, NULL, NULL) != YES) ++ { ++ /* ++ * It is either an IP address or a hostname. ++ * Let getaddrinfo sort everything out ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); ++ + return NO; + } ++ netmask_ptr = NULL; ++ } + + if (isipaddr(string, NULL, NULL) != YES) + { +- /* Assume network/netmask with a name of a host. */ + struct addrinfo hint; + ++ /* Assume network/netmask with a name of a host. */ + memset (&hint, '\0', sizeof (hint)); + hint.ai_flags = AI_CANONNAME; + hint.ai_family = AF_UNSPEC; + + if (item->gai_rv != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else if (!item->res && + (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else + { + struct addrinfo *runp = item->res; ++ struct addrinfo *runp1; + + while (runp != NULL) + { + char buf[INET6_ADDRSTRLEN]; + +- DIAG_PUSH_IGNORE_CAST_ALIGN; +- inet_ntop (runp->ai_family, +- runp->ai_family == AF_INET +- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr +- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, +- buf, sizeof (buf)); +- DIAG_POP_IGNORE_CAST_ALIGN; ++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } + +- if (are_addresses_equal(buf, tok, netmask_ptr)) ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) + { +- return YES; ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ if (runp->ai_family != runp1->ai_family) ++ continue; ++ ++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } ++ ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } + } + runp = runp->ai_next; + } + } + } + else +- return (are_addresses_equal(string, tok, netmask_ptr)); ++ { ++ struct addrinfo *runp1; ++ ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } ++ } ++ ++ freeaddrinfo(ai); + + return NO; + } +-- +2.37.3 + diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-22365.patch b/meta/recipes-extended/pam/libpam/CVE-2024-22365.patch new file mode 100644 index 0000000000..e9e3a078e0 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2024-22365.patch @@ -0,0 +1,62 @@ +From 031bb5a5d0d950253b68138b498dc93be69a64cb Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner <matthias.gerstner@suse.de> +Date: Wed, 27 Dec 2023 14:01:59 +0100 +Subject: [PATCH] pam_namespace: protect_dir(): use O_DIRECTORY to prevent + local DoS situations + +Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs +being placed in user controlled directories, causing the PAM module to +block indefinitely during `openat()`. + +Pass O_DIRECTORY to cause the `openat()` to fail if the path does not +refer to a directory. + +With this the check whether the final path element is a directory +becomes unnecessary, drop it. + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb] +CVE: CVE-2024-22365 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + modules/pam_namespace/pam_namespace.c | 18 +----------------- + 1 file changed, 1 insertion(+), 17 deletions(-) + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 4d4188d..d6b1d3c 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -1103,7 +1103,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, + int dfd = AT_FDCWD; + int dfd_next; + int save_errno; +- int flags = O_RDONLY; ++ int flags = O_RDONLY | O_DIRECTORY; + int rv = -1; + struct stat st; + +@@ -1157,22 +1157,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, + rv = openat(dfd, dir, flags); + } + +- if (rv != -1) { +- if (fstat(rv, &st) != 0) { +- save_errno = errno; +- close(rv); +- rv = -1; +- errno = save_errno; +- goto error; +- } +- if (!S_ISDIR(st.st_mode)) { +- close(rv); +- errno = ENOTDIR; +- rv = -1; +- goto error; +- } +- } +- + if (flags & O_NOFOLLOW) { + /* we are inside user-owned dir - protect */ + if (protect_mount(rv, p, idata) == -1) { +-- +2.25.1 + diff --git a/meta/recipes-extended/pam/libpam_1.5.2.bb b/meta/recipes-extended/pam/libpam_1.5.2.bb index 081986ef43..20745aa837 100644 --- a/meta/recipes-extended/pam/libpam_1.5.2.bb +++ b/meta/recipes-extended/pam/libpam_1.5.2.bb @@ -24,6 +24,9 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux file://0001-run-xtests.sh-check-whether-files-exist.patch \ file://run-ptest \ file://pam-volatiles.conf \ + file://CVE-2022-28321-0002.patch \ + file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \ + file://CVE-2024-22365.patch \ " SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d" diff --git a/meta/recipes-extended/parted/files/run-ptest b/meta/recipes-extended/parted/files/run-ptest index c3d6fca339..096078967f 100644 --- a/meta/recipes-extended/parted/files/run-ptest +++ b/meta/recipes-extended/parted/files/run-ptest @@ -1,7 +1,7 @@ #!/bin/sh -mkdir -p /etc/udev/mount.blacklist.d -echo /dev/sda1 >> /etc/udev/mount.blacklist.d/parted-tmp +mkdir -p /etc/udev/mount.ignorelist.d +echo /dev/sda1 >> /etc/udev/mount.ignorelist.d/parted-tmp rm -f tests/*.log make -C tests test-suite.log -rm /etc/udev/mount.blacklist.d/parted-tmp +rm /etc/udev/mount.ignorelist.d/parted-tmp diff --git a/meta/recipes-extended/procps/procps/CVE-2023-4016.patch b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch new file mode 100644 index 0000000000..c530b1cfea --- /dev/null +++ b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch @@ -0,0 +1,85 @@ +From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001 +From: Craig Small <csmall@dropbear.xyz> +Date: Thu, 10 Aug 2023 21:18:38 +1000 +Subject: [PATCH] ps: Fix possible buffer overflow in -C option + +ps allocates memory using malloc(length of arg * len of struct). +In certain strange circumstances, the arg length could be very large +and the multiplecation will overflow, allocating a small amount of +memory. + +Subsequent strncpy() will then write into unallocated memory. +The fix is to use calloc. It's slower but this is a one-time +allocation. Other malloc(x * y) calls have also been replaced +by calloc(x, y) + +References: + https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 + https://nvd.nist.gov/vuln/detail/CVE-2023-4016 + https://gitlab.com/procps-ng/procps/-/issues/297 + https://bugs.debian.org/1042887 + +Signed-off-by: Craig Small <csmall@dropbear.xyz> + +CVE: CVE-2023-4016 +Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> + +--- + NEWS | 1 + + ps/parser.c | 8 ++++---- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/NEWS b/NEWS +index b9509734..64fa3da8 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,5 @@ ++ * ps: Fix buffer overflow in -C option CVE-2023-4016 Debian #1042887, issue #297 ++ + procps-ng-3.3.17 + --------------- + * library: Incremented to 8:3:0 +diff --git a/ps/parser.c b/ps/parser.c +index 248aa741..15873dfa 100644 +--- a/ps/parser.c ++++ b/ps/parser.c +@@ -184,7 +184,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + const char *err; /* error code that could or did happen */ + /*** prepare to operate ***/ + node = malloc(sizeof(selection_node)); +- node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */ + node->n = 0; + buf = strdup(arg); + /*** sanity check and count items ***/ +@@ -205,6 +204,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + } while (*++walk); + if(need_item) goto parse_error; + node->n = items; ++ node->u = calloc(items, sizeof(sel_union)); + /*** actually parse the list ***/ + walk = buf; + while(items--){ +@@ -1031,15 +1031,15 @@ static const char *parse_trailing_pids(void){ + thisarg = ps_argc - 1; /* we must be at the end now */ + + pidnode = malloc(sizeof(selection_node)); +- pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ pidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */ + pidnode->n = 0; + + grpnode = malloc(sizeof(selection_node)); +- grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ grpnode->u = calloc(i,sizeof(sel_union)); /* waste is insignificant */ + grpnode->n = 0; + + sidnode = malloc(sizeof(selection_node)); +- sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ sidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */ + sidnode->n = 0; + + while(i--){ +-- +GitLab + diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb index 0f5575c9ab..897f28f187 100644 --- a/meta/recipes-extended/procps/procps_3.3.17.bb +++ b/meta/recipes-extended/procps/procps_3.3.17.bb @@ -16,6 +16,7 @@ SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ file://0001-w.c-correct-musl-builds.patch \ file://0002-proc-escape.c-add-missing-include.patch \ + file://CVE-2023-4016.patch \ " SRCREV = "19a508ea121c0c4ac6d0224575a036de745eaaf8" diff --git a/meta/recipes-extended/psmisc/psmisc.inc b/meta/recipes-extended/psmisc/psmisc.inc index 12539dad53..44b82bd325 100644 --- a/meta/recipes-extended/psmisc/psmisc.inc +++ b/meta/recipes-extended/psmisc/psmisc.inc @@ -54,3 +54,5 @@ ALTERNATIVE_PRIORITY = "90" ALTERNATIVE:killall = "killall" ALTERNATIVE:fuser = "fuser" + +ALTERNATIVE:pstree = "pstree" diff --git a/meta/recipes-extended/screen/screen/CVE-2023-24626.patch b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch new file mode 100644 index 0000000000..73caf9d81b --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch @@ -0,0 +1,40 @@ +From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 +From: Alexander Naumov <alexander_naumov@opensuse.org> +Date: Mon, 30 Jan 2023 17:22:25 +0200 +Subject: fix: missing signal sending permission check on failed query messages + +Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> + +CVE: CVE-2023-24626 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7] +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + socket.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/socket.c b/socket.c +index bb68b35..9d87445 100644 +--- a/socket.c ++++ b/socket.c +@@ -1285,11 +1285,16 @@ ReceiveMsg() + else + queryflag = -1; + +- Kill(m.m.command.apid, ++ if (CheckPid(m.m.command.apid)) { ++ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); ++ } ++ else { ++ Kill(m.m.command.apid, + (queryflag >= 0) + ? SIGCONT + : SIG_BYE); /* Send SIG_BYE if an error happened */ +- queryflag = -1; ++ queryflag = -1; ++ } + } + break; + case MSG_COMMAND: +-- +2.25.1 + diff --git a/meta/recipes-extended/screen/screen_4.9.0.bb b/meta/recipes-extended/screen/screen_4.9.0.bb index b36173b8de..19070d87d8 100644 --- a/meta/recipes-extended/screen/screen_4.9.0.bb +++ b/meta/recipes-extended/screen/screen_4.9.0.bb @@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0002-comm.h-now-depends-on-term.h.patch \ file://0001-fix-for-multijob-build.patch \ file://0001-Remove-more-compatibility-stuff.patch \ + file://CVE-2023-24626.patch \ " SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4" diff --git a/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch new file mode 100644 index 0000000000..6c04769713 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch @@ -0,0 +1,27 @@ +From aed5a184401fbbe901cb825be4004ced885b6f9a Mon Sep 17 00:00:00 2001 +From: Andrei Gherzan <andrei.gherzan@huawei.com> +Date: Wed, 24 Aug 2022 00:54:47 +0200 +Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl + +Upstream-Status: Inappropriate [issue reported at https://github.com/shadow-maint/shadow/issues/557] +Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com> +--- + lib/nss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/nss.c b/lib/nss.c +index af3e95a..74e0e16 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -57,7 +57,7 @@ void nss_init(char *nsswitch_path) { + // subid: files + nssfp = fopen(nsswitch_path, "r"); + if (!nssfp) { +- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); ++ //fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); + atomic_store(&nss_init_completed, true); + return; + } +-- +2.25.1 + diff --git a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch new file mode 100644 index 0000000000..ac08be515b --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch @@ -0,0 +1,65 @@ +From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Fri, 31 Mar 2023 14:46:50 +0200 +Subject: [PATCH] Overhaul valid_field() + +e5905c4b ("Added control character check") introduced checking for +control characters but had the logic inverted, so it rejects all +characters that are not control ones. + +Cast the character to `unsigned char` before passing to the character +checking functions to avoid UB. + +Use strpbrk(3) for the illegal character test and return early. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + lib/fields.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index fb51b582..53929248 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) + + /* For each character of field, search if it appears in the list + * of illegal characters. */ ++ if (illegal && NULL != strpbrk (field, illegal)) { ++ return -1; ++ } ++ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { +- if (strchr (illegal, *cp) != NULL) { ++ unsigned char c = *cp; ++ if (!isprint (c)) { ++ err = 1; ++ } ++ if (iscntrl (c)) { + err = -1; + break; + } + } + +- if (0 == err) { +- /* Search if there are non-printable or control characters */ +- for (cp = field; '\0' != *cp; cp++) { +- if (!isprint (*cp)) { +- err = 1; +- } +- if (!iscntrl (*cp)) { +- err = -1; +- break; +- } +- } +- } +- + return err; + } + +-- +2.34.1 + diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch new file mode 100644 index 0000000000..f53341d3fc --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch @@ -0,0 +1,53 @@ +From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 +From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> +Date: Thu, 23 Mar 2023 23:39:38 +0000 +Subject: [PATCH] Added control character check + +Added control character check, returning -1 (to "err") if control characters are present. + +CVE: CVE-2023-29383 +Upstream-Status: Backport + +Reference to upstream: +https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + lib/fields.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index 640be931..fb51b582 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -21,9 +21,9 @@ + * + * The supplied field is scanned for non-printable and other illegal + * characters. +- * + -1 is returned if an illegal character is present. +- * + 1 is returned if no illegal characters are present, but the field +- * contains a non-printable character. ++ * + -1 is returned if an illegal or control character is present. ++ * + 1 is returned if no illegal or control characters are present, ++ * but the field contains a non-printable character. + * + 0 is returned otherwise. + */ + int valid_field (const char *field, const char *illegal) +@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) + } + + if (0 == err) { +- /* Search if there are some non-printable characters */ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { + if (!isprint (*cp)) { + err = 1; ++ } ++ if (!iscntrl (*cp)) { ++ err = -1; + break; + } + } +-- +2.34.1 + diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch new file mode 100644 index 0000000000..2d3c462f4d --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch @@ -0,0 +1,36 @@ +From 58b6e97a9eef866e9e479fb781aaaf59fb11ef36 Mon Sep 17 00:00:00 2001 +From: Christian Göttsche <cgzones@googlemail.com> +Date: Mon Apr 25 12:17:40 2022 +0200 +Subject: [PATCH 1/2] passwd: erase password copy on all error branches + +CVE: CVE-2023-4641 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/58b6e97a9eef866e9e479fb781aaaf59fb11ef36] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + src/passwd.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/passwd.c b/src/passwd.c +index 80531ec..8c6f81a 100644 +--- a/src/passwd.c ++++ b/src/passwd.c +@@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw) + cp = getpass (_("New password: ")); + if (NULL == cp) { + memzero (orig, sizeof orig); ++ memzero (pass, sizeof pass); + return -1; + } + if (warned && (strcmp (pass, cp) != 0)) { +@@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw) + cp = getpass (_("Re-enter new password: ")); + if (NULL == cp) { + memzero (orig, sizeof orig); ++ memzero (pass, sizeof pass); + return -1; + } + if (strcmp (cp, pass) != 0) { +-- +2.40.0 diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641-0002.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641-0002.patch new file mode 100644 index 0000000000..a37379d7a0 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-4641-0002.patch @@ -0,0 +1,147 @@ +From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar <alx@kernel.org> +Date: Sat, 10 Jun 2023 16:20:05 +0200 +Subject: [PATCH 2/2] gpasswd(1): Fix password leak + +How to trigger this password leak? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When gpasswd(1) asks for the new password, it asks twice (as is usual +for confirming the new password). Each of those 2 password prompts +uses agetpass() to get the password. If the second agetpass() fails, +the first password, which has been copied into the 'static' buffer +'pass' via STRFCPY(), wasn't being zeroed. + +agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and +can fail for any of the following reasons: + +- malloc(3) or readpassphrase(3) failure. + + These are going to be difficult to trigger. Maybe getting the system + to the limits of memory utilization at that exact point, so that the + next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. + About readpassphrase(3), ENFILE and EINTR seem the only plausible + ones, and EINTR probably requires privilege or being the same user; + but I wouldn't discard ENFILE so easily, if a process starts opening + files. + +- The password is longer than PASS_MAX. + + The is plausible with physical access. However, at that point, a + keylogger will be a much simpler attack. + +And, the attacker must be able to know when the second password is being +introduced, which is not going to be easy. + +How to read the password after the leak? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Provoking the leak yourself at the right point by entering a very long +password is easy, and inspecting the process stack at that point should +be doable. Try to find some consistent patterns. + +Then, search for those patterns in free memory, right after the victim +leaks their password. + +Once you get the leak, a program should read all the free memory +searching for patterns that gpasswd(1) leaves nearby the leaked +password. + +On 6/10/23 03:14, Seth Arnold wrote: +> An attacker process wouldn't be able to use malloc(3) for this task. +> There's a handful of tools available for userspace to allocate memory: +> +> - brk / sbrk +> - mmap MAP_ANONYMOUS +> - mmap /dev/zero +> - mmap some other file +> - shm_open +> - shmget +> +> Most of these return only pages of zeros to a process. Using mmap of an +> existing file, you can get some of the contents of the file demand-loaded +> into the memory space on the first use. +> +> The MAP_UNINITIALIZED flag only works if the kernel was compiled with +> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. +> +> malloc(3) doesn't zero memory, to our collective frustration, but all the +> garbage in the allocations is from previous allocations in the current +> process. It isn't leftover from other processes. +> +> The avenues available for reading the memory: +> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) +> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) +> - ptrace (requires ptrace privileges, mediated by YAMA) +> - causing memory to be swapped to disk, and then inspecting the swap +> +> These all require a certain amount of privileges. + +How to fix it? +~~~~~~~~~~~~~~ + +memzero(), which internally calls explicit_bzero(3), or whatever +alternative the system provides with a slightly different name, will +make sure that the buffer is zeroed in memory, and optimizations are not +allowed to impede this zeroing. + +This is not really 100% effective, since compilers may place copies of +the string somewhere hidden in the stack. Those copies won't get zeroed +by explicit_bzero(3). However, that's arguably a compiler bug, since +compilers should make everything possible to avoid optimizing strings +that are later passed to explicit_bzero(3). But we all know that +sometimes it's impossible to have perfect knowledge in the compiler, so +this is plausible. Nevertheless, there's nothing we can do against such +issues, except minimizing the time such passwords are stored in plain +text. + +Security concerns +~~~~~~~~~~~~~~~~~ + +We believe this isn't easy to exploit. Nevertheless, and since the fix +is trivial, this fix should probably be applied soon, and backported to +all supported distributions, to prevent someone else having more +imagination than us to find a way. + +Affected versions +~~~~~~~~~~~~~~~~~ + +All. Bug introduced in shadow 19990709. That's the second commit in +the git history. + +Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") +Reported-by: Alejandro Colomar <alx@kernel.org> +Cc: Serge Hallyn <serge@hallyn.com> +Cc: Iker Pedrosa <ipedrosa@redhat.com> +Cc: Seth Arnold <seth.arnold@canonical.com> +Cc: Christian Brauner <christian@brauner.io> +Cc: Balint Reczey <rbalint@debian.org> +Cc: Sam James <sam@gentoo.org> +Cc: David Runge <dvzrv@archlinux.org> +Cc: Andreas Jaeger <aj@suse.de> +Cc: <~hallyn/shadow@lists.sr.ht> +Signed-off-by: Alejandro Colomar <alx@kernel.org> + +CVE: CVE-2023-4641 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + src/gpasswd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/gpasswd.c b/src/gpasswd.c +index c7c9477..00ca569 100644 +--- a/src/gpasswd.c ++++ b/src/gpasswd.c +@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) + strzero (cp); + cp = getpass (_("Re-enter new password: ")); + if (NULL == cp) { ++ memzero (pass, sizeof pass); + exit (1); + } + +-- +2.40.0 diff --git a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot index 8a68dd341a..09df77d2e7 100644 --- a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0 # # /etc/login.defs - Configuration control definitions for the shadow package. # diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index e05fa237a2..6580bd9166 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" LICENSE = "BSD-3-Clause | Artistic-1.0" -LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" +LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed" DEPENDS = "base-passwd" diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index f5fdf436f7..57b5002e8b 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -16,6 +16,10 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP} ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://shadow-relaxed-usernames.patch \ file://useradd \ + file://CVE-2023-29383.patch \ + file://0001-Overhaul-valid_field.patch \ + file://CVE-2023-4641-0001.patch \ + file://CVE-2023-4641-0002.patch \ " SRC_URI:append:class-target = " \ @@ -26,6 +30,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \ " SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ @@ -33,6 +38,7 @@ SRC_URI:append:class-nativesdk = " \ SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" + # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/chpasswd \ @@ -149,6 +155,13 @@ do_install:append() { # Handle link properly after rename, otherwise missing files would # lead rpm failed dependencies. ln -sf newgrp.${BPN} ${D}${bindir}/sg + + # usermod requires the subuid/subgid files to be in place before being + # able to use the -v/-V flags otherwise it fails: + # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V + install -d ${D}${sysconfdir} + touch ${D}${sysconfdir}/subuid + touch ${D}${sysconfdir}/subgid } PACKAGES =+ "${PN}-base" diff --git a/meta/recipes-extended/shadow/shadow_4.11.1.bb b/meta/recipes-extended/shadow/shadow_4.11.1.bb index 40b11345c9..d1a3fd5593 100644 --- a/meta/recipes-extended/shadow/shadow_4.11.1.bb +++ b/meta/recipes-extended/shadow/shadow_4.11.1.bb @@ -9,3 +9,6 @@ BBCLASSEXTEND = "native nativesdk" # Severity is low and marked as closed and won't fix. # https://bugzilla.redhat.com/show_bug.cgi?id=884658 CVE_CHECK_IGNORE += "CVE-2013-4235" + +# This is an issue for a different shadow +CVE_CHECK_IGNORE += "CVE-2016-15024" diff --git a/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch new file mode 100644 index 0000000000..fec8c524eb --- /dev/null +++ b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch @@ -0,0 +1,35 @@ +From 1d1801902a4944c6f5fa521c19b32fbac7342a0c Mon Sep 17 00:00:00 2001 +From: Colin Ian King <colin.i.king@gmail.com> +Date: Sat, 6 Aug 2022 13:05:59 +0000 +Subject: [PATCH] Makefile: avoid calling sync + +Original commit message: +Makefile: use ld-gold if it is available + +Speed up linking by using ld-gold if is available. Add build +time detection to see if compiler allows it + +MJ: backported only the "sync" removal from Makefile as calling + it from do_compile in the middle of big OE world build harms + the build time. + +Upstream-Status: Backport [V0.14.04 c10e5c3f9f5560a085279f4c4b399c2f34cb897d] + +Signed-off-by: Colin Ian King <colin.i.king@gmail.com> +Signed-off-by: Martin Jansa <martin.jansa@gmail.com> +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Makefile b/Makefile +index f8f71c54b..23db4c612 100644 +--- a/Makefile ++++ b/Makefile +@@ -425,7 +425,6 @@ OBJS += $(CONFIG_OBJS) + stress-ng: $(OBJS) + $(Q)echo "LD $@" + $(V)$(CC) $(CPPFLAGS) $(CFLAGS) $(OBJS) -lm $(LDFLAGS) -o $@ +- $(V)sync + + config.h: + +$(MAKE) -f Makefile.config STATIC=$(STATIC) -j diff --git a/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch new file mode 100644 index 0000000000..bb35b3030a --- /dev/null +++ b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch @@ -0,0 +1,43 @@ +From ea9ee4dd64ee88e03a959b2c694aa8feb53c7e78 Mon Sep 17 00:00:00 2001 +From: He Zhe <zhe.he@windriver.com> +Date: Wed, 28 Sep 2022 16:47:24 +0800 +Subject: [PATCH] stress-cpu: disable float128 math on powerpc64 to avoid + SIGILL + +float128 requires instructions of xsmaddqp and xsmsubqp which are added to +qemu since v7.0 by the following commit. +https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f + +While kirkstone is still at v6.2 and thus experiences SIGILL as follow +root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s +stress-ng: info: [972] setting to a 30 second run per stressor +stress-ng: info: [972] dispatching hogs: 2 cpu +stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL' +<snip> + +Upstream-Status: Inappropriate [This is specific to kirkstone since qemu on +master branch has upgraded to v7.1.] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + stress-cpu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/stress-cpu.c b/stress-cpu.c +index 0a08f1d1..2849e715 100644 +--- a/stress-cpu.c ++++ b/stress-cpu.c +@@ -41,6 +41,10 @@ + #undef HAVE_FLOAT_DECIMAL128 + #endif + ++#if defined(STRESS_ARCH_PPC64) ++#undef HAVE_FLOAT128 ++#endif ++ + #define GAMMA (0.57721566490153286060651209008240243104215933593992L) + #define OMEGA (0.56714329040978387299996866221035554975381578718651L) + #define PSI (3.35988566624317755317201130291892717968890513373197L) +-- +2.25.1 + diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb index fe177a4de0..72dafddaf8 100644 --- a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb +++ b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb @@ -5,7 +5,10 @@ HOMEPAGE = "https://github.com/ColinIanKing/stress-ng#readme" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master" +SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ + file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ + file://0001-Makefile-avoid-calling-sync.patch \ + " SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch b/meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch deleted file mode 100644 index f63ed553be..0000000000 --- a/meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f993c5c88faacc43971899aae2168ffb3e34dc80 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Fri, 24 Sep 2021 13:36:24 +0200 -Subject: [PATCH] lib/util/mksigname.c: correctly include header for out of - tree builds - -Upstream-Status: Submitted [https://github.com/sudo-project/sudo/pull/123] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - lib/util/mksigname.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/util/mksigname.c b/lib/util/mksigname.c -index de8b1ad..0a69e7e 100644 ---- a/lib/util/mksigname.c -+++ b/lib/util/mksigname.c -@@ -36,7 +36,7 @@ main(int argc, char *argv[]) - { - unsigned int i; - --#include "mksigname.h" -+#include "lib/util/mksigname.h" - - printf("const char *const sudo_sys_signame[] = {\n"); - for (i = 0; i < nitems(sudo_sys_signame); i++) { diff --git a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch index f4fc376bb8..041c717e00 100644 --- a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch +++ b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch @@ -1,4 +1,7 @@ -sudo.conf.in: fix conflict with multilib +From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 17 Nov 2020 11:13:40 +0800 +Subject: [PATCH] sudo.conf.in: fix conflict with multilib When pass ${libdir} to --libexecdir of sudo, it fails to install sudo and lib32-sudo at same time: @@ -12,12 +15,13 @@ Update the comments in sudo.conf.in to avoid the conflict. Signed-off-by: Kai Kang <kai.kang@windriver.com> Upstream-Status: Inappropriate [OE configuration specific] + --- examples/sudo.conf.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in -index 6535d3a..50afc8f 100644 +index 2187457..0908d24 100644 --- a/examples/sudo.conf.in +++ b/examples/sudo.conf.in @@ -4,7 +4,7 @@ @@ -33,8 +37,8 @@ index 6535d3a..50afc8f 100644 # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_intercept.so file. # --#Path intercept @plugindir@/sudo_intercept.so -+#Path intercept $plugindir/sudo_intercept.so +-#Path intercept @intercept_file@ ++#Path intercept $intercept_file # # Sudo noexec: @@ -42,8 +46,8 @@ index 6535d3a..50afc8f 100644 # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # --#Path noexec @plugindir@/sudo_noexec.so -+#Path noexec $plugindir/sudo_noexec.so +-#Path noexec @noexec_file@ ++#Path noexec $noexec_file # # Sudo plugin directory: @@ -55,7 +59,4 @@ index 6535d3a..50afc8f 100644 +#Path plugin_dir $plugindir # - # Sudo developer mode: --- -2.17.1 - + # Core dumps: diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 8947c46129..d3b6bf1ad8 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc @@ -4,11 +4,10 @@ HOMEPAGE = "http://www.sudo.ws" BUGTRACKER = "http://www.sudo.ws/bugs/" SECTION = "admin" LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=16cf60b466f3a0606427a7b624a3a670 \ +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \ file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \ file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \ file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \ - file://lib/util/getcwd.c;beginline=2;endline=27;md5=50f8d9667750e18dea4e84a935c12009 \ file://lib/util/glob.c;beginline=2;endline=31;md5=2852f68687544e3eb8a0a61665506f0e \ file://lib/util/snprintf.c;beginline=3;endline=33;md5=b70df6179969e38fcf68da91b53b8029 \ file://include/sudo_queue.h;beginline=2;endline=27;md5=ad578e9664d17a010b63e4bc0576ee8d \ @@ -29,12 +28,12 @@ EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor" EXTRA_OECONF:append:libc-musl = " --disable-hardening " do_compile:prepend () { - # Remove build host references from sudo_usage.h + # Remove build host references from config.h sed -i \ -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ -e 's,--build=${BUILD_SYS},,g' \ -e 's,--host=${HOST_SYS},,g' \ - ${B}/src/sudo_usage.h + ${B}/config.h } # Explicitly create ${localstatedir}/lib before do_install to ensure diff --git a/meta/recipes-extended/sudo/sudo_1.9.10.bb b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb index aa0d814ed7..431dfba3c2 100644 --- a/meta/recipes-extended/sudo/sudo_1.9.10.bb +++ b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb @@ -3,12 +3,11 @@ require sudo.inc SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ - file://0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch \ " PAM_SRC_URI = "file://sudo.pam" -SRC_URI[sha256sum] = "44a1461098e7c7b8e6ac597499c24fb2e43748c0c139a8b4944e57d1349a64f4" +SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8" DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" diff --git a/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch new file mode 100644 index 0000000000..6c7e7cea44 --- /dev/null +++ b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch @@ -0,0 +1,33 @@ +From b732dd0001c66f3ff1e0aef919c84ca9f0f81252 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg <troglobit@gmail.com> +Date: Sat, 22 Apr 2023 07:40:24 +0200 +Subject: [PATCH 1/2] syslogd.service: KillMode=process is not recommended, + drop + +The default 'control-group' ensures all processes started by sysklogd +are stopped when the service is stopped, this is what we want. + +Signed-off-by: Joachim Wiberg <troglobit@gmail.com> + +Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/c82c004de7e25e770039cba5d6a34c30dd548533] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + syslogd.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/syslogd.service.in b/syslogd.service.in +index 91e080a..d614c5f 100644 +--- a/syslogd.service.in ++++ b/syslogd.service.in +@@ -9,7 +9,6 @@ EnvironmentFile=-@SYSCONFDIR@/default/syslogd + ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS + StandardOutput=null + Restart=on-failure +-KillMode=process + + [Install] + WantedBy=multi-user.target +-- +2.25.1 + diff --git a/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch new file mode 100644 index 0000000000..78ae57eeeb --- /dev/null +++ b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch @@ -0,0 +1,75 @@ +From ba8156eab79784ef816958327e701923890e98f7 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg <troglobit@gmail.com> +Date: Sat, 22 Apr 2023 08:27:57 +0200 +Subject: [PATCH 2/2] Fix #62: early log messages lost when running in systemd + +This is a follow-up to d7576c7 which initially added support for running +in systemd based systems. Since the unit file sources the syslog.socket +we have /run/systemd/journal/syslog open already on descriptor 3. All +we need to do is verify that's the mode syslogd runs in. + +Signed-off-by: Joachim Wiberg <troglobit@gmail.com> + +Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/7ec64e5f9c1bc284792d028647fb36ef3e64dff7] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/syslogd.c | 21 +++++++++++++++------ + syslogd.service.in | 2 +- + 2 files changed, 16 insertions(+), 7 deletions(-) + +diff --git a/src/syslogd.c b/src/syslogd.c +index fa4303f..e96ca9a 100644 +--- a/src/syslogd.c ++++ b/src/syslogd.c +@@ -162,6 +162,7 @@ void untty(void); + static void parsemsg(const char *from, char *msg); + static int opensys(const char *file); + static void printsys(char *msg); ++static void unix_cb(int sd, void *arg); + static void logmsg(struct buf_msg *buffer); + static void fprintlog_first(struct filed *f, struct buf_msg *buffer); + static void fprintlog_successive(struct filed *f, int flags); +@@ -436,12 +437,20 @@ int main(int argc, char *argv[]) + .pe_serv = "syslog", + }); + +- /* Default to _PATH_LOG for the UNIX domain socket */ +- if (!pflag) +- addpeer(&(struct peer) { +- .pe_name = _PATH_LOG, +- .pe_mode = 0666, +- }); ++ /* Figure out where to read system log messages from */ ++ if (!pflag) { ++ /* Do we run under systemd-journald (Requires=syslog.socket)? */ ++ if (fcntl(3, F_GETFD) != -1) { ++ if (socket_register(3, NULL, unix_cb, NULL) == -1) ++ err(1, "failed registering syslog.socket (3)"); ++ } else { ++ /* Default to _PATH_LOG for the UNIX domain socket */ ++ addpeer(&(struct peer) { ++ .pe_name = _PATH_LOG, ++ .pe_mode = 0666, ++ }); ++ } ++ } + + if (!Foreground && !Debug) { + ppid = waitdaemon(30); +diff --git a/syslogd.service.in b/syslogd.service.in +index d614c5f..bc82af9 100644 +--- a/syslogd.service.in ++++ b/syslogd.service.in +@@ -6,7 +6,7 @@ Requires=syslog.socket + + [Service] + EnvironmentFile=-@SYSCONFDIR@/default/syslogd +-ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS ++ExecStart=@SBINDIR@/syslogd -F $SYSLOGD_OPTS + StandardOutput=null + Restart=on-failure + +-- +2.25.1 + diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb b/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb index 7043f3d391..0dc5ef93e2 100644 --- a/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb +++ b/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb @@ -12,6 +12,8 @@ inherit update-rc.d update-alternatives systemd autotools SRC_URI = "git://github.com/troglobit/sysklogd.git;branch=master;protocol=https \ file://sysklogd \ + file://0001-syslogd.service-KillMode-process-is-not-recommended-.patch \ + file://0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch \ " SRCREV = "03c2c9c68d5d02675326527774e7e9cba3490ba0" diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch new file mode 100644 index 0000000000..dce7b0d61f --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch @@ -0,0 +1,93 @@ +From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001 +From: Sebastien <seb@fedora-2.home> +Date: Sat, 15 Oct 2022 14:24:22 +0200 +Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074) + +allocate_structures function located in sa_common.c insufficiently +checks bounds before arithmetic multiplication allowing for an +overflow in the size allocated for the buffer representing system +activities. + +This patch checks that the post-multiplied value is not greater than +UINT_MAX. + +Signed-off-by: Sebastien <seb@fedora-2.home> + +Upstream-Status: Backport from +[https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + common.c | 25 +++++++++++++++++++++++++ + common.h | 2 ++ + sa_common.c | 6 ++++++ + 3 files changed, 33 insertions(+) + +diff --git a/common.c b/common.c +index 81c7762..1a84b05 100644 +--- a/common.c ++++ b/common.c +@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char + + return 0; + } ++ ++/* ++ *************************************************************************** ++ * Check if the multiplication of the 3 values may be greater than UINT_MAX. ++ * ++ * IN: ++ * @val1 First value. ++ * @val2 Second value. ++ * @val3 Third value. ++ *************************************************************************** ++ */ ++void check_overflow(size_t val1, size_t val2, size_t val3) ++{ ++ if ((unsigned long long) val1 * ++ (unsigned long long) val2 * ++ (unsigned long long) val3 > UINT_MAX) { ++#ifdef DEBUG ++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", ++ __FUNCTION__, ++ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); ++#endif ++ exit(4); ++ } ++} ++ + #endif /* SOURCE_SADC undefined */ +diff --git a/common.h b/common.h +index 55b6657..e8ab98a 100644 +--- a/common.h ++++ b/common.h +@@ -260,6 +260,8 @@ int check_dir + (char *); + + #ifndef SOURCE_SADC ++void check_overflow ++ (size_t, size_t, size_t); + int count_bits + (void *, int); + int count_csvalues +diff --git a/sa_common.c b/sa_common.c +index 3699a84..b2cec4a 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[]) + int i, j; + + for (i = 0; i < NR_ACT; i++) { ++ + if (act[i]->nr_ini > 0) { ++ ++ /* Look for a possible overflow */ ++ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, ++ (size_t) act[i]->nr2); ++ + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, + (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); +-- +2.34.1 + diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..3a12f7a3ed --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch @@ -0,0 +1,80 @@ +From e806a902cc90a0b87da00854de8d5fd8222540fc Mon Sep 17 00:00:00 2001 +From: Pavel Kopylov <pkopylov@> +Date: Wed, 17 May 2023 11:33:45 +0200 +Subject: [PATCH] Fix an overflow which is still possible for some values. + +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c] +CVE: CVE-2023-33204 + +Signed-off-by: Xiangyu Chen <xiangyu.chen@...> +Signed-off-by: Sanjay Chitroda <schitrod@...> +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + common.c | 18 ++++++++++-------- + common.h | 2 +- + sa_common.c | 4 ++-- + 3 files changed, 13 insertions(+), 11 deletions(-) + +diff --git a/common.c b/common.c +index db9b0ed..e05c5bb 100644 +--- a/common.c ++++ b/common.c +@@ -1640,17 +1640,19 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char + * @val3 Third value. + *************************************************************************** + */ +-void check_overflow(size_t val1, size_t val2, size_t val3) ++void check_overflow(unsigned int val1, unsigned int val2, ++ unsigned int val3) + { +- if ((unsigned long long) val1 * +- (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long) UINT_MAX / (unsigned long long) val1 < ++ (unsigned long long) val2) || ++ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) < ++ (unsigned long long) val3))) { + #ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, +- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif +- exit(4); ++ exit(4); + } + } + +diff --git a/common.h b/common.h +index 0ac5896..b2ffe9f 100644 +--- a/common.h ++++ b/common.h +@@ -256,7 +256,7 @@ int check_dir + + #ifndef SOURCE_SADC + void check_overflow +- (size_t, size_t, size_t); ++ (unsigned int, unsigned int, unsigned int); + int count_bits + (void *, int); + int count_csvalues +diff --git a/sa_common.c b/sa_common.c +index 1b8fcaa..1144cfe 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -452,8 +452,8 @@ void allocate_structures(struct activity *act[]) + if (act[i]->nr_ini > 0) { + + /* Look for a possible overflow */ +- check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, +- (size_t) act[i]->nr2); ++ check_overflow((unsigned int) act[i]->msize, (unsigned int) act[i]->nr_ini, ++ (unsigned int) act[i]->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, +-- +2.25.1 + diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb index fe3db4d8a5..f8a950e8a2 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb @@ -2,6 +2,8 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" - +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ + file://CVE-2022-39377.patch \ + file://CVE-2023-33204.patch \ + " SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.35.bb index 7307cd57a2..4dbd418b60 100644 --- a/meta/recipes-extended/tar/tar_1.34.bb +++ b/meta/recipes-extended/tar/tar_1.35.bb @@ -4,11 +4,11 @@ or disk archive, and can restore individual files from the archive." HOMEPAGE = "http://www.gnu.org/software/tar/" SECTION = "base" LICENSE = "GPL-3.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" +LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464" SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2" -SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff" +SRC_URI[sha256sum] = "7edb8886a3dc69420a1446e1e2d061922b642f1cf632d2cd0f9ee7e690775985" inherit autotools gettext texinfo diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch new file mode 100644 index 0000000000..ec793ac8ff --- /dev/null +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch @@ -0,0 +1,109 @@ +From 9c97b5db237a793e0d1b6b0241570bdc6e35ee24 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 7 Aug 2022 17:42:24 -0700 +Subject: [PATCH] Fix implicit-function-declaration warnings + +These are seen with clang-15+ + +Upstream-Status: Inappropriate [upstream is dead] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + hosts_access.c | 3 +++ + safe_finger.c | 1 + + shell_cmd.c | 3 +++ + tcpd.c | 2 +- + tcpdchk.c | 1 + + workarounds.c | 1 + + 6 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/hosts_access.c b/hosts_access.c +index 0133e5e..58697ea 100644 +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -33,6 +33,7 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + #include <netinet/in.h> + #include <arpa/inet.h> ++#include <rpcsvc/ypclnt.h> + #include <stdio.h> + #include <stdlib.h> + #include <syslog.h> +@@ -45,6 +46,8 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + + extern int errno; ++extern int match_pattern_ylo(const char *s, const char *pattern); ++extern unsigned long cidr_mask_addr(char* str); + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +diff --git a/safe_finger.c b/safe_finger.c +index 23afab1..a6458fb 100644 +--- a/safe_finger.c ++++ b/safe_finger.c +@@ -34,6 +34,7 @@ static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41"; + #include <syslog.h> + + extern void exit(); ++extern int pipe_stdin(char **argv); + + /* Local stuff */ + +diff --git a/shell_cmd.c b/shell_cmd.c +index 62d31bc..a566092 100644 +--- a/shell_cmd.c ++++ b/shell_cmd.c +@@ -16,10 +16,13 @@ static char sccsid[] = "@(#) shell_cmd.c 1.5 94/12/28 17:42:44"; + + #include <sys/types.h> + #include <sys/param.h> ++#include <sys/wait.h> ++#include <fcntl.h> + #include <signal.h> + #include <stdio.h> + #include <syslog.h> + #include <string.h> ++#include <unistd.h> + + extern void exit(); + +diff --git a/tcpd.c b/tcpd.c +index dc9ff17..4353caa 100644 +--- a/tcpd.c ++++ b/tcpd.c +@@ -46,7 +46,7 @@ void fix_options(struct request_info *); + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +-main(argc, argv) ++void main(argc, argv) + int argc; + char **argv; + { +diff --git a/tcpdchk.c b/tcpdchk.c +index 5dca8bd..67c12ce 100644 +--- a/tcpdchk.c ++++ b/tcpdchk.c +@@ -38,6 +38,7 @@ static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; + + extern int errno; + extern void exit(); ++extern unsigned long cidr_mask_addr(char* str); + extern int optind; + extern char *optarg; + +diff --git a/workarounds.c b/workarounds.c +index b22b378..6335049 100644 +--- a/workarounds.c ++++ b/workarounds.c +@@ -21,6 +21,7 @@ char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25"; + #include <stdio.h> + #include <syslog.h> + #include <string.h> ++#include <unistd.h> + + extern int errno; + +-- +2.37.1 + diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb b/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb index 814d7fd913..8137d257c8 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb @@ -50,6 +50,7 @@ SRC_URI = "http://ftp.porcupine.org/pub/security/tcp_wrappers_${PV}.tar.gz \ file://fix_warnings.patch \ file://fix_warnings2.patch \ file://0001-Remove-fgets-extern-declaration.patch \ + file://0001-Fix-implicit-function-declaration-warnings.patch \ " SRC_URI[md5sum] = "e6fa25f71226d090f34de3f6b122fb5a" diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index cdd1a2ac3c..4734adcc08 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,14 +6,15 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022a" +PV = "2024a" -SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ - http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ +SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ + http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ " -UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" +S = "${WORKDIR}/tz" -SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7" -SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664" +UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" +SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8" +SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" diff --git a/meta/recipes-extended/timezone/tzcode-native.bb b/meta/recipes-extended/timezone/tzcode-native.bb index e3582ba674..d0b23a9d80 100644 --- a/meta/recipes-extended/timezone/tzcode-native.bb +++ b/meta/recipes-extended/timezone/tzcode-native.bb @@ -1,10 +1,7 @@ require timezone.inc -# SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" -S = "${WORKDIR}" - inherit native EXTRA_OEMAKE += "cc='${CC}'" diff --git a/meta/recipes-extended/timezone/tzdata.bb b/meta/recipes-extended/timezone/tzdata.bb index 7f4322d867..dd1960ffa7 100644 --- a/meta/recipes-extended/timezone/tzdata.bb +++ b/meta/recipes-extended/timezone/tzdata.bb @@ -4,8 +4,6 @@ DEPENDS = "tzcode-native" inherit allarch -S = "${WORKDIR}" - DEFAULT_TIMEZONE ?= "Universal" INSTALL_TIMEZONE_FILE ?= "1" @@ -18,17 +16,21 @@ TZONES = " \ # "fat" is needed by e.g. MariaDB's mysql_tzinfo_to_sql ZIC_FMT ?= "slim" +do_configure[cleandirs] = "${B}" +B = "${WORKDIR}/build" + do_compile() { for zone in ${TZONES}; do - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null ${S}/${zone} - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null ${S}/${zone} - ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone} + ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone} done } do_install() { - install -d ${D}$exec_prefix ${D}${datadir}/zoneinfo - cp -pPR ${WORKDIR}$exec_prefix ${D}${base_prefix} + install -d ${D}${datadir}/zoneinfo + cp -pPR ${B}/zoneinfo/* ${D}${datadir}/zoneinfo + # libc is removing zoneinfo files from package cp -pP "${S}/zone.tab" ${D}${datadir}/zoneinfo cp -pP "${S}/zone1970.tab" ${D}${datadir}/zoneinfo diff --git a/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch b/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch new file mode 100644 index 0000000000..2fa7f481b7 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch @@ -0,0 +1,103 @@ +From 5cbf901b5c3b6a7d1d0ed91b6df4194bb6d25a40 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 15 Jun 2023 07:14:17 -0700 +Subject: [PATCH] unix/configure: fix detection for cross compilation + +We're doing cross compilation, running a cross-compiled problem +on host to detemine feature is not correct. So we change runtime +check into compile-time check to detect the features. + +Upstream-Status: Inactive-Upstream + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + unix/configure | 44 +++++++++++++++----------------------------- + 1 file changed, 15 insertions(+), 29 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 8fd82dd..68dee98 100755 +--- a/unix/configure ++++ b/unix/configure +@@ -259,6 +259,10 @@ cat > conftest.c << _EOF_ + #include <sys/stat.h> + #include <unistd.h> + #include <stdio.h> ++ ++_Static_assert(sizeof(off_t) < 8, "sizeof off_t < 8 failed"); ++_Static_assert(sizeof((struct stat){0}.st_size) < 8, "sizeof st_size < 8 failed"); ++ + int main() + { + off_t offset; +@@ -278,21 +282,10 @@ _EOF_ + # compile it + $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then +- echo -- no Large File Support ++ echo -- yes we have Large File Support! ++ CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT" + else +-# run it +- ./conftest +- r=$? +- if [ $r -eq 1 ]; then +- echo -- no Large File Support - no 64-bit off_t +- elif [ $r -eq 2 ]; then +- echo -- no Large File Support - no 64-bit stat +- elif [ $r -eq 3 ]; then +- echo -- yes we have Large File Support! +- CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT" +- else +- echo -- no Large File Support - conftest returned $r +- fi ++ echo -- no Large File Support + fi + + # Added 11/24/2005 EG +@@ -302,6 +295,11 @@ cat > conftest.c << _EOF_ + #include <stdlib.h> + #include <stdio.h> + #include <wchar.h> ++ ++#ifndef __STDC_ISO_10646__ ++#error "__STDC_ISO_10646__ not defined ++#endif ++ + int main() + { + size_t wsize; +@@ -327,19 +325,8 @@ if [ $? -ne 0 ]; then + echo "-- no Unicode (wchar_t) support" + else + # have wide char support +-# run it +- ./conftest +- r=$? +- if [ $r -eq 0 ]; then +- echo -- no Unicode wchar_t support - wchar_t allocation error +- elif [ $r -eq 1 ]; then +- echo -- no Unicode support - wchar_t encoding unspecified +- elif [ $r -eq 2 ]; then +- echo -- have wchar_t with known UCS encoding - enabling Unicode support! +- CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR" +- else +- echo "-- no Unicode (wchar_t) support - conftest returned $r" +- fi ++ echo -- have wchar_t with known UCS encoding - enabling Unicode support! ++ CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR" + fi + + echo "Check for setlocale support (needed for UNICODE Native check)" +@@ -418,8 +405,7 @@ temp_link="link_$$" + echo "int main() { lchmod(\"${temp_file}\", 0666); }" \ + ) > conftest.c + ln -s "${temp_link}" "${temp_file}" && \ +- $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null && \ +- ./conftest ++ $CC -Werror=implicit-function-declaration $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null + [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHMOD" + rm -f "${temp_file}" + +-- +2.34.1 + diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index f35856cf61..e3fffa30ab 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb @@ -31,6 +31,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://CVE-2021-4217.patch \ file://CVE-2022-0529.patch \ file://CVE-2022-0530.patch \ + file://0001-unix-configure-fix-detection-for-cross-compilation.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch b/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch new file mode 100644 index 0000000000..8c419e1d11 --- /dev/null +++ b/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch @@ -0,0 +1,37 @@ +From ca1d379fa13c4055d42d2ff3a647b4397768efcd Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 23 Aug 2022 19:23:26 -0700 +Subject: [PATCH] shutdown: Do not guard sys/quota.h sys/swap.h and + sys/reboot.h with __GLIBC__ + +These headers are provided by uclibc/musl/glibc and bionic so we can +assume they are not needed to be glibc specific includes. This also +ensures that we get proper declaration of reboot() API + +Upstream-Status: Submitted [https://sourceforge.net/p/watchdog/patches/12/] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/shutdown.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/shutdown.c b/src/shutdown.c +index 1d9a857..6aea0d0 100644 +--- a/src/shutdown.c ++++ b/src/shutdown.c +@@ -29,13 +29,9 @@ + #include "extern.h" + #include "ext2_mnt.h" + +-#if defined __GLIBC__ + #include <sys/quota.h> + #include <sys/swap.h> + #include <sys/reboot.h> +-#else /* __GLIBC__ */ +-#include <linux/quota.h> +-#endif /* __GLIBC__ */ + + #include <unistd.h> + +-- +2.37.2 + diff --git a/meta/recipes-extended/watchdog/watchdog_5.16.bb b/meta/recipes-extended/watchdog/watchdog_5.16.bb index 1163846ed8..26fcc10487 100644 --- a/meta/recipes-extended/watchdog/watchdog_5.16.bb +++ b/meta/recipes-extended/watchdog/watchdog_5.16.bb @@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/watchdog/watchdog-${PV}.tar.gz \ file://watchdog.init \ file://wd_keepalive.init \ file://0001-wd_keepalive.service-use-run-instead-of-var-run.patch \ + file://0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch \ " SRC_URI[md5sum] = "1b4f51cabc64d1bee2fce7cdd626831f" diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc index 58cb5ca73d..30abaff7b7 100644 --- a/meta/recipes-extended/wget/wget.inc +++ b/meta/recipes-extended/wget/wget.inc @@ -7,7 +7,7 @@ FTP sites" HOMEPAGE = "https://www.gnu.org/software/wget/" SECTION = "console/network" LICENSE = "GPL-3.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=c678957b0c8e964aa6c70fd77641a71e" +LIC_FILES_CHKSUM = "file://COPYING;md5=6f65012d1daf98cb09b386cfb68df26b" inherit autotools gettext texinfo update-alternatives pkgconfig diff --git a/meta/recipes-extended/wget/wget_1.21.3.bb b/meta/recipes-extended/wget/wget_1.21.4.bb index f176a1546c..1d31b0116d 100644 --- a/meta/recipes-extended/wget/wget_1.21.3.bb +++ b/meta/recipes-extended/wget/wget_1.21.4.bb @@ -2,6 +2,6 @@ SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ file://0002-improve-reproducibility.patch \ " -SRC_URI[sha256sum] = "5726bb8bc5ca0f6dc7110f6416e4bb7019e2d2ff5bf93d1ca2ffcc6656f220e5" +SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c" require wget.inc diff --git a/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch new file mode 100644 index 0000000000..383634ad53 --- /dev/null +++ b/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch @@ -0,0 +1,165 @@ +From f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Mon Sep 17 00:00:00 2001 +From: Gabriel Corona <gabriel.corona@enst-bretagne.fr> +Date: Thu, 25 Aug 2022 23:51:45 +0200 +Subject: [PATCH] Disable special support for Thunderbird in xdg-email (fixes + CVE-2020-27748, CVE-2022-4055) + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780] +CVE: CVE-2022-4055 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + scripts/xdg-email.in | 108 ------------------------------------------- + 1 file changed, 108 deletions(-) + +diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in +index 13ba2d5..b700679 100644 +--- a/scripts/xdg-email.in ++++ b/scripts/xdg-email.in +@@ -30,76 +30,8 @@ _USAGE + + #@xdg-utils-common@ + +-run_thunderbird() +-{ +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY +- THUNDERBIRD="$1" +- MAILTO=$(echo "$2" | sed 's/^mailto://') +- echo "$MAILTO" | grep -qs "^?" +- if [ "$?" = "0" ] ; then +- MAILTO=$(echo "$MAILTO" | sed 's/^?//') +- else +- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') +- fi +- +- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') +- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) +- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- +- if [ -z "$TO" ] ; then +- NEWMAILTO= +- else +- NEWMAILTO="to='$TO'" +- fi +- if [ -n "$CC" ] ; then +- NEWMAILTO="${NEWMAILTO},cc='$CC'" +- fi +- if [ -n "$BCC" ] ; then +- NEWMAILTO="${NEWMAILTO},bcc='$BCC'" +- fi +- if [ -n "$SUBJECT" ] ; then +- NEWMAILTO="${NEWMAILTO},$SUBJECT" +- fi +- if [ -n "$BODY" ] ; then +- NEWMAILTO="${NEWMAILTO},$BODY" +- fi +- +- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') +- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" +- "$THUNDERBIRD" -compose "$NEWMAILTO" +- if [ $? -eq 0 ]; then +- exit_success +- else +- exit_failure_operation_failed +- fi +-} +- + open_kde() + { +- if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then +- local kreadconfig=kreadconfig$KDE_SESSION_VERSION +- else +- local kreadconfig=kreadconfig +- fi +- +- if which $kreadconfig >/dev/null 2>&1; then +- local profile=$($kreadconfig --file emaildefaults \ +- --group Defaults --key Profile) +- if [ -n "$profile" ]; then +- local client=$($kreadconfig --file emaildefaults \ +- --group "PROFILE_$profile" \ +- --key EmailClient \ +- | cut -d ' ' -f 1) +- +- if echo "$client" | grep -Eq 'thunderbird|icedove'; then +- run_thunderbird "$client" "$1" +- fi +- fi +- fi +- + local command + case "$KDE_SESSION_VERSION" in + '') command=kmailservice ;; +@@ -130,15 +62,6 @@ open_kde() + + open_gnome3() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -159,13 +82,6 @@ open_gnome3() + + open_gnome() + { +- local client +- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -231,15 +147,6 @@ open_flatpak() + + open_generic() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + xdg-open "$1" + local ret=$? + +@@ -364,21 +271,6 @@ while [ $# -gt 0 ] ; do + shift + ;; + +- --attach) +- if [ -z "$1" ] ; then +- exit_failure_syntax "file argument missing for --attach option" +- fi +- check_input_file "$1" +- file=`readlink -f "$1"` # Normalize path +- if [ -z "$file" ] || [ ! -f "$file" ] ; then +- exit_failure_file_missing "file '$1' does not exist" +- fi +- +- url_encode "$file" +- options="${options}attach=${result}&" +- shift +- ;; +- + -*) + exit_failure_syntax "unexpected option '$parm'" + ;; +-- +2.25.1 + diff --git a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index 73acf6b744..4d93180535 100644 --- a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ + file://CVE-2022-4055.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index 62ee70d244..897417314d 100644 --- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -30,6 +30,8 @@ INITSCRIPT_PARAMS = "defaults" PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-libwrap,,tcp-wrappers" +CFLAGS += "-D_GNU_SOURCE" + CONFFILES:${PN} = "${sysconfdir}/xinetd.conf" do_install:append() { diff --git a/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/meta/recipes-extended/xz/xz/CVE-2022-1271.patch deleted file mode 100644 index e43e73cf12..0000000000 --- a/meta/recipes-extended/xz/xz/CVE-2022-1271.patch +++ /dev/null @@ -1,96 +0,0 @@ -From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001 -From: Lasse Collin <lasse.collin@tukaani.org> -Date: Tue, 29 Mar 2022 19:19:12 +0300 -Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). - -Malicious filenames can make xzgrep to write to arbitrary files -or (with a GNU sed extension) lead to arbitrary code execution. - -xzgrep from XZ Utils versions up to and including 5.2.5 are -affected. 5.3.1alpha and 5.3.2alpha are affected as well. -This patch works for all of them. - -This bug was inherited from gzip's zgrep. gzip 1.12 includes -a fix for zgrep. - -The issue with the old sed script is that with multiple newlines, -the N-command will read the second line of input, then the -s-commands will be skipped because it's not the end of the -file yet, then a new sed cycle starts and the pattern space -is printed and emptied. So only the last line or two get escaped. - -One way to fix this would be to read all lines into the pattern -space first. However, the included fix is even simpler: All lines -except the last line get a backslash appended at the end. To ensure -that shell command substitution doesn't eat a possible trailing -newline, a colon is appended to the filename before escaping. -The colon is later used to separate the filename from the grep -output so it is fine to add it here instead of a few lines later. - -The old code also wasn't POSIX compliant as it used \n in the -replacement section of the s-command. Using \<newline> is the -POSIX compatible method. - -LC_ALL=C was added to the two critical sed commands. POSIX sed -manual recommends it when using sed to manipulate pathnames -because in other locales invalid multibyte sequences might -cause issues with some sed implementations. In case of GNU sed, -these particular sed scripts wouldn't have such problems but some -other scripts could have, see: - - info '(sed)Locale Considerations' - -This vulnerability was discovered by: -cleemy desu wayo working with Trend Micro Zero Day Initiative - -Thanks to Jim Meyering and Paul Eggert discussing the different -ways to fix this and for coordinating the patch release schedule -with gzip. - -Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch] -CVE: CVE-2022-1271 - -Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> ---- - src/scripts/xzgrep.in | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in -index 9db5c3a..f64dddb 100644 ---- a/src/scripts/xzgrep.in -+++ b/src/scripts/xzgrep.in -@@ -179,22 +179,26 @@ for i; do - { test $# -eq 1 || test $no_filename -eq 1; }; then - eval "$grep" - else -+ # Append a colon so that the last character will never be a newline -+ # which would otherwise get lost in shell command substitution. -+ i="$i:" -+ -+ # Escape & \ | and newlines only if such characters are present -+ # (speed optimization). - case $i in - (*' - '* | *'&'* | *'\'* | *'|'*) -- i=$(printf '%s\n' "$i" | -- sed ' -- $!N -- $s/[&\|]/\\&/g -- $s/\n/\\n/g -- ');; -+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; - esac -- sed_script="s|^|$i:|" -+ -+ # $i already ends with a colon so don't add it here. -+ sed_script="s|^|$i|" - - # Fail if grep or sed fails. - r=$( - exec 4>&1 -- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- -+ (eval "$grep" 4>&-; echo $? >&4) 3>&- | -+ LC_ALL=C sed "$sed_script" >&3 4>&- - ) || r=2 - exit $r - fi >&3 5>&- diff --git a/meta/recipes-extended/xz/xz_5.2.5.bb b/meta/recipes-extended/xz/xz_5.2.6.bb index 720e070f4a..3482622471 100644 --- a/meta/recipes-extended/xz/xz_5.2.5.bb +++ b/meta/recipes-extended/xz/xz_5.2.6.bb @@ -24,11 +24,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ " -SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \ - file://CVE-2022-1271.patch \ - " -SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717" -SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10" +SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" +SRC_URI[sha256sum] = "a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0" UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar" CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" diff --git a/meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch b/meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch new file mode 100644 index 0000000000..106f246a7c --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch @@ -0,0 +1,96 @@ +From 9916fc6f1f93f3e092e3c6937c30dc8137c26d34 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 15 Jun 2023 18:31:26 +0800 +Subject: [PATCH] unix/configure: use _Static_assert to do correct detection + +We're doing cross compilation, running a cross-compiled problem +on host to detemine feature is not correct. Use _Static_assert +to do the detection correctly. + +Upstream-Status: Inactive-Upstream + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + unix/configure | 42 ++++++++++++------------------------------ + 1 file changed, 12 insertions(+), 30 deletions(-) + +diff --git a/unix/configure b/unix/configure +index f2b3d02..f917086 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -361,6 +361,10 @@ cat > conftest.c << _EOF_ + #include <sys/stat.h> + #include <unistd.h> + #include <stdio.h> ++ ++_Static_assert(sizeof((struct stat){0}.st_uid) == 2, "sizeof st_uid is not 16 bit"); ++_Static_assert(sizeof((struct stat){0}.st_gid) == 2, "sizeof st_gid is not 16 bit"); ++ + int main() + { + struct stat s; +@@ -385,21 +389,7 @@ if [ $? -ne 0 ]; then + echo -- UID/GID test failed on compile - disabling old 16-bit UID/GID support + CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT" + else +-# run it +- ./conftest +- r=$? +- if [ $r -eq 1 ]; then +- echo -- UID not 2 bytes - disabling old 16-bit UID/GID support +- CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT" +- elif [ $r -eq 2 ]; then +- echo -- GID not 2 bytes - disabling old 16-bit UID/GID support +- CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT" +- elif [ $r -eq 3 ]; then +- echo -- 16-bit UIDs and GIDs - keeping old 16-bit UID/GID support +- else +- echo -- test failed - conftest returned $r - disabling old 16-bit UID/GID support +- CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT" +- fi ++ echo -- 16-bit UIDs and GIDs - keeping old 16-bit UID/GID support + fi + + +@@ -417,6 +407,10 @@ cat > conftest.c << _EOF_ + #include <sys/stat.h> + #include <unistd.h> + #include <stdio.h> ++ ++_Static_assert(sizeof(off_t) < 8, "sizeof off_t < 8 failed"); ++_Static_assert(sizeof((struct stat){0}.st_size) < 8, "sizeof st_size < 8 failed"); ++ + int main() + { + off_t offset; +@@ -436,24 +430,12 @@ _EOF_ + # compile it + $CC -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then +- echo -- no Large File Support ++ echo -- yes we have Large File Support! ++ CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT" + else +-# run it +- ./conftest +- r=$? +- if [ $r -eq 1 ]; then +- echo -- no Large File Support - no 64-bit off_t +- elif [ $r -eq 2 ]; then +- echo -- no Large File Support - no 64-bit stat +- elif [ $r -eq 3 ]; then +- echo -- yes we have Large File Support! +- CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT" +- else +- echo -- no Large File Support - conftest returned $r +- fi ++ echo -- no Large File Support + fi + +- + # Check for wide char for Unicode support + # Added 11/24/2005 EG + +-- +2.34.1 + diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index 07a67b9634..83e1e52e97 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://0001-configure-use-correct-CPP.patch \ file://0002-configure-support-PIC-code-build.patch \ file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \ + file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" |