* [harkknott 01/23] python3-cerberus: Upgrade 1.3.3 -> 1.3.4
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 12:20 ` [oe] " Robert P. J. Day
2021-05-26 11:52 ` [harkknott 02/23] python3-robotframework: Upgrade 4.0.1 -> 4.0.2 Armin Kuster
` (21 subsequent siblings)
22 siblings, 1 reply; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Leon Anavi <leon.anavi@konsulko.com>
Upgrade to release 1.3.4:
- Reverts the unsatisfying fix for KeyError during import when
running with python optimisation level of 2
- instead a RuntimeError is thrown when Python is running with
optimization level 2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 87e6a453744180a0ddf31f47de96b47d8c47d677)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{python3-cerberus_1.3.3.bb => python3-cerberus_1.3.4.bb} | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-cerberus_1.3.3.bb => python3-cerberus_1.3.4.bb} (75%)
diff --git a/meta-python/recipes-devtools/python/python3-cerberus_1.3.3.bb b/meta-python/recipes-devtools/python/python3-cerberus_1.3.4.bb
similarity index 75%
rename from meta-python/recipes-devtools/python/python3-cerberus_1.3.3.bb
rename to meta-python/recipes-devtools/python/python3-cerberus_1.3.4.bb
index fa0bbb0aad..95934c6e42 100644
--- a/meta-python/recipes-devtools/python/python3-cerberus_1.3.3.bb
+++ b/meta-python/recipes-devtools/python/python3-cerberus_1.3.4.bb
@@ -4,8 +4,10 @@ SECTION = "devel/python"
LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=48f8e9432d0dac5e0e7a18211a0bacdb"
+RDEPENDS_${PN} += "python3-setuptools"
+
# The PyPI package uses a capital letter so we have to specify this explicitly
PYPI_PACKAGE = "Cerberus"
inherit pypi setuptools3
-SRC_URI[sha256sum] = "eec10585c33044fb7c69650bc5b68018dac0443753337e2b07684ee0f3c83329"
+SRC_URI[sha256sum] = "d1b21b3954b2498d9a79edf16b3170a3ac1021df88d197dc2ce5928ba519237c"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 02/23] python3-robotframework: Upgrade 4.0.1 -> 4.0.2
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
2021-05-26 11:52 ` [harkknott 01/23] python3-cerberus: Upgrade 1.3.3 -> 1.3.4 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 03/23] python3-django: upgrade 2.2.20 -> 2.2.22 Armin Kuster
` (20 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Leon Anavi <leon.anavi@konsulko.com>
Upgrade to release 4.0.2:
- Using Union containing generics as type hint causes an error
- Libdoc does not anymore work with resource files in PYTHONPATH
- Rebot removes sourcename attribute from <kw> in output.xml
- Run Keyword If Test Failed does not work correctly if it is not
first keyword in teardown and test is skipped
- Argument conversion problems when type hint is ABC
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 73d63dd3fecc192695514aad00341020ca08066f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...-robotframework_4.0.1.bb => python3-robotframework_4.0.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-robotframework_4.0.1.bb => python3-robotframework_4.0.2.bb} (91%)
diff --git a/meta-python/recipes-devtools/python/python3-robotframework_4.0.1.bb b/meta-python/recipes-devtools/python/python3-robotframework_4.0.2.bb
similarity index 91%
rename from meta-python/recipes-devtools/python/python3-robotframework_4.0.1.bb
rename to meta-python/recipes-devtools/python/python3-robotframework_4.0.2.bb
index 3e5d67e0a4..67ebe3ee69 100644
--- a/meta-python/recipes-devtools/python/python3-robotframework_4.0.1.bb
+++ b/meta-python/recipes-devtools/python/python3-robotframework_4.0.2.bb
@@ -13,7 +13,7 @@ inherit pypi setuptools3
PYPI_PACKAGE_EXT = "zip"
-SRC_URI[sha256sum] = "9fa609ceb78f67b1476edce8a7011b16bf3ab41c0fb8c211de6c99955eaf9fde"
+SRC_URI[sha256sum] = "efd39558219fddc86473d4d390aeaec60640d7a7567a15fd51c0576f20e46171"
RDEPENDS_${PN} += " \
${PYTHON_PN}-shell \
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 03/23] python3-django: upgrade 2.2.20 -> 2.2.22
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
2021-05-26 11:52 ` [harkknott 01/23] python3-cerberus: Upgrade 1.3.3 -> 1.3.4 Armin Kuster
2021-05-26 11:52 ` [harkknott 02/23] python3-robotframework: Upgrade 4.0.1 -> 4.0.2 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 04/23] python3-django: upgrade 3.2 -> 3.2.2 Armin Kuster
` (19 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Trevor Gamblin <trevor.gamblin@windriver.com>
Version 2.2.22 includes a fix for CVE-2021-32052.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit b26099fc156961ba252c3b6281f09799e91347ba)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{python3-django_2.2.20.bb => python3-django_2.2.22.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-python/recipes-devtools/python/{python3-django_2.2.20.bb => python3-django_2.2.22.bb} (41%)
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.20.bb b/meta-python/recipes-devtools/python/python3-django_2.2.22.bb
similarity index 41%
rename from meta-python/recipes-devtools/python/python3-django_2.2.20.bb
rename to meta-python/recipes-devtools/python/python3-django_2.2.22.bb
index 905d022a4f..a0b8840259 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.20.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.22.bb
@@ -1,8 +1,8 @@
require python-django.inc
inherit setuptools3
-SRC_URI[md5sum] = "947060d96ccc0a05e8049d839e541b25"
-SRC_URI[sha256sum] = "2569f9dc5f8e458a5e988b03d6b7a02bda59b006d6782f4ea0fd590ed7336a64"
+SRC_URI[md5sum] = "dca447b605dcabd924ac7ba17680cf73"
+SRC_URI[sha256sum] = "db2214db1c99017cbd971e58824e6f424375154fe358afc30e976f5b99fc6060"
RDEPENDS_${PN} += "\
${PYTHON_PN}-sqlparse \
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 04/23] python3-django: upgrade 3.2 -> 3.2.2
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (2 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 03/23] python3-django: upgrade 2.2.20 -> 2.2.22 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 05/23] python3-rfc3339-validator: Upgrade 0.1.3 -> 0.1.4 Armin Kuster
` (18 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Trevor Gamblin <trevor.gamblin@windriver.com>
Version 3.2.2 includes a fix for CVE-2021-32052.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit d97e1b7cfdcabc7d03e408c9888564551972e808)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../python/{python3-django_3.2.bb => python3-django_3.2.2.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-python/recipes-devtools/python/{python3-django_3.2.bb => python3-django_3.2.2.bb} (59%)
diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.bb b/meta-python/recipes-devtools/python/python3-django_3.2.2.bb
similarity index 59%
rename from meta-python/recipes-devtools/python/python3-django_3.2.bb
rename to meta-python/recipes-devtools/python/python3-django_3.2.2.bb
index e147e2f9d1..7deac2ca9b 100644
--- a/meta-python/recipes-devtools/python/python3-django_3.2.bb
+++ b/meta-python/recipes-devtools/python/python3-django_3.2.2.bb
@@ -1,7 +1,7 @@
require python-django.inc
inherit setuptools3
-SRC_URI[sha256sum] = "21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d"
+SRC_URI[sha256sum] = "0a1d195ad65c52bf275b8277b3d49680bd1137a5f55039a806f25f6b9752ce3d"
RDEPENDS_${PN} += "\
${PYTHON_PN}-sqlparse \
@@ -9,5 +9,5 @@ RDEPENDS_${PN} += "\
# Set DEFAULT_PREFERENCE so that the LTS version of django is built by
# default. To build the 3.x branch,
-# PREFERRED_VERSION_python3-django = "3.2" can be added to local.conf
+# PREFERRED_VERSION_python3-django = "3.2.2" can be added to local.conf
DEFAULT_PREFERENCE = "-1"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 05/23] python3-rfc3339-validator: Upgrade 0.1.3 -> 0.1.4
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (3 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 04/23] python3-django: upgrade 3.2 -> 3.2.2 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 06/23] python3-pymongo: Upgrade 3.11.3 -> 3.11.4 Armin Kuster
` (17 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Leon Anavi <leon.anavi@konsulko.com>
Upgrade to release 0.1.4:
- Fix test failure on darwin
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit b5fb8390df11253fc7b20cd7a31db136f1d19a5c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...39-validator_0.1.3.bb => python3-rfc3339-validator_0.1.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-rfc3339-validator_0.1.3.bb => python3-rfc3339-validator_0.1.4.bb} (83%)
diff --git a/meta-python/recipes-devtools/python/python3-rfc3339-validator_0.1.3.bb b/meta-python/recipes-devtools/python/python3-rfc3339-validator_0.1.4.bb
similarity index 83%
rename from meta-python/recipes-devtools/python/python3-rfc3339-validator_0.1.3.bb
rename to meta-python/recipes-devtools/python/python3-rfc3339-validator_0.1.4.bb
index a07a094479..f1064f327d 100644
--- a/meta-python/recipes-devtools/python/python3-rfc3339-validator_0.1.3.bb
+++ b/meta-python/recipes-devtools/python/python3-rfc3339-validator_0.1.4.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a21b13b5a996f08f7e0b088aa38ce9c6"
FILESEXTRAPATHS_prepend := "${THISDIR}/python-rfc3339-validator:"
-SRC_URI[sha256sum] = "7a578aa0740e9ee2b48356fe1f347139190c4c72e27f303b3617054efd15df32"
+SRC_URI[sha256sum] = "138a2abdf93304ad60530167e51d2dfb9549521a836871b88d7f4695d0022f6b"
PYPI_PACKAGE = "rfc3339_validator"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 06/23] python3-pymongo: Upgrade 3.11.3 -> 3.11.4
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (4 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 05/23] python3-rfc3339-validator: Upgrade 0.1.3 -> 0.1.4 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 07/23] uftrace: Fix a plthook crash on aarch64 with binutils2.35.1 and later versions on aarch64 Armin Kuster
` (16 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Leon Anavi <leon.anavi@konsulko.com>
Upgrade to release 3.11.4:
- Bug fix where a MongoClient would mistakenly attempt to create
minPoolSize connections to arbiter nodes
- Bug fix that prevented PyMongo from retrying writes after a
writeConcernError on MongoDB 4.4+
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit dcb9ecc1e5720c9614b1cd27575e1e4886dff5c1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{python3-pymongo_3.11.3.bb => python3-pymongo_3.11.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-pymongo_3.11.3.bb => python3-pymongo_3.11.4.bb} (91%)
diff --git a/meta-python/recipes-devtools/python/python3-pymongo_3.11.3.bb b/meta-python/recipes-devtools/python/python3-pymongo_3.11.4.bb
similarity index 91%
rename from meta-python/recipes-devtools/python/python3-pymongo_3.11.3.bb
rename to meta-python/recipes-devtools/python/python3-pymongo_3.11.4.bb
index 3549adce7c..0c07344cb4 100644
--- a/meta-python/recipes-devtools/python/python3-pymongo_3.11.3.bb
+++ b/meta-python/recipes-devtools/python/python3-pymongo_3.11.4.bb
@@ -8,7 +8,7 @@ HOMEPAGE = "http://github.com/mongodb/mongo-python-driver"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
-SRC_URI[sha256sum] = "db5098587f58fbf8582d9bda2462762b367207246d3e19623782fb449c3c5fcc"
+SRC_URI[sha256sum] = "539d4cb1b16b57026999c53e5aab857fe706e70ae5310cc8c232479923f932e6"
inherit pypi setuptools3
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 07/23] uftrace: Fix a plthook crash on aarch64 with binutils2.35.1 and later versions on aarch64
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (5 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 06/23] python3-pymongo: Upgrade 3.11.3 -> 3.11.4 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 08/23] exiv2: Fix CVE-2021-29457 Armin Kuster
` (15 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54feab11a1866435107df366005b50aba3b8d1cd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...error-on-aarch64-with-binutils2.35.1.patch | 27 -----------
...thook-crash-on-aarch64-with-binutils.patch | 47 +++++++++++++++++++
.../recipes-devtools/uftrace/uftrace_0.9.4.bb | 2 +-
3 files changed, 48 insertions(+), 28 deletions(-)
delete mode 100644 meta-oe/recipes-devtools/uftrace/uftrace/0001-Fix-error-on-aarch64-with-binutils2.35.1.patch
create mode 100644 meta-oe/recipes-devtools/uftrace/uftrace/0001-aarch64-Fix-a-plthook-crash-on-aarch64-with-binutils.patch
diff --git a/meta-oe/recipes-devtools/uftrace/uftrace/0001-Fix-error-on-aarch64-with-binutils2.35.1.patch b/meta-oe/recipes-devtools/uftrace/uftrace/0001-Fix-error-on-aarch64-with-binutils2.35.1.patch
deleted file mode 100644
index ac17cf433f..0000000000
--- a/meta-oe/recipes-devtools/uftrace/uftrace/0001-Fix-error-on-aarch64-with-binutils2.35.1.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 0bc502989822506af308a559ac1cd52af82cac03 Mon Sep 17 00:00:00 2001
-From: Lei Maohui <leimaohui@cn.fujitsu.com>
-Date: Wed, 14 Apr 2021 09:35:35 +0900
-Subject: [PATCH] Fix error on aarch64 with binutils2.35.1.
-
-WARN: child terminated by signal: 11: Segmentation fault
-
-Upstream-status: Pending
-
-Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
----
- arch/aarch64/mcount-arch.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/aarch64/mcount-arch.h b/arch/aarch64/mcount-arch.h
-index 69efe521..60c2c1ba 100644
---- a/arch/aarch64/mcount-arch.h
-+++ b/arch/aarch64/mcount-arch.h
-@@ -31,7 +31,7 @@ struct mcount_arch_context {
- double d[ARCH_MAX_FLOAT_REGS];
- };
-
--#define ARCH_PLT0_SIZE 32
-+#define ARCH_PLT0_SIZE 16
- #define ARCH_PLTHOOK_ADDR_OFFSET 0
-
- struct mcount_disasm_engine;
diff --git a/meta-oe/recipes-devtools/uftrace/uftrace/0001-aarch64-Fix-a-plthook-crash-on-aarch64-with-binutils.patch b/meta-oe/recipes-devtools/uftrace/uftrace/0001-aarch64-Fix-a-plthook-crash-on-aarch64-with-binutils.patch
new file mode 100644
index 0000000000..bf997d6e4b
--- /dev/null
+++ b/meta-oe/recipes-devtools/uftrace/uftrace/0001-aarch64-Fix-a-plthook-crash-on-aarch64-with-binutils.patch
@@ -0,0 +1,47 @@
+From 0851278471472c6be69a936cc3698aa50a646ffd Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@cn.fujitsu.com>
+Date: Wed, 12 May 2021 17:06:31 +0900
+Subject: [PATCH] aarch64: Fix a plthook crash on aarch64 with binutils2.35.1
+ and later versions
+
+plthook is always crashed in Ubuntu 20.10 aarch64, which uses binutils 2.35.1.
+Since the `plt_entsize` is not automatically set in this version, we have to
+explicitly set the value.
+
+This patch fixes the following problem.
+
+ $ uname -m
+ aarch64
+
+ $ cat /etc/os-release | grep PRETTY_NAME
+ PRETTY_NAME="Ubuntu 20.10"
+
+ $ gcc -pg tests/s-abc.c
+
+ $ uftrace record a.out
+ WARN: child terminated by signal: 7: Bus error
+
+Fixed: #1254
+
+Upstream-status: submitted [Sent to https://github.com/namhyung/uftrace/pull/1248]
+
+Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
+---
+ utils/symbol.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/utils/symbol.c b/utils/symbol.c
+index 29a1d295..01e52dab 100644
+--- a/utils/symbol.c
++++ b/utils/symbol.c
+@@ -560,6 +560,7 @@ int load_elf_dynsymtab(struct symtab *dsymtab, struct uftrace_elf_data *elf,
+ }
+ else if (elf->ehdr.e_machine == EM_AARCH64) {
+ plt_addr += 16; /* AARCH64 PLT0 size is 32 */
++ plt_entsize = 16;
+ }
+ else if (elf->ehdr.e_machine == EM_386) {
+ plt_entsize += 12;
+--
+2.25.1
+
diff --git a/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb b/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb
index 4b4fc831c3..a04fccca75 100644
--- a/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb
+++ b/meta-oe/recipes-devtools/uftrace/uftrace_0.9.4.bb
@@ -13,7 +13,7 @@ inherit autotools
PV .= "+git${SRCPV}"
SRCREV = "d648bbffedef529220896283fb59e35531c13804"
SRC_URI = "git://github.com/namhyung/${BPN} \
- file://0001-Fix-error-on-aarch64-with-binutils2.35.1.patch \
+ file://0001-aarch64-Fix-a-plthook-crash-on-aarch64-with-binutils.patch \
"
S = "${WORKDIR}/git"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 08/23] exiv2: Fix CVE-2021-29457
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (6 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 07/23] uftrace: Fix a plthook crash on aarch64 with binutils2.35.1 and later versions on aarch64 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 09/23] exiv2: Fix CVE-2021-29458 Armin Kuster
` (14 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/0230620e6ea5e2da0911318e07ce6e66d1ebdf22]
CVE: CVE-2021-29457
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be72693096cef671bf54bf1dd6ee8125614d064)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-29457.patch | 26 +++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 3 ++-
2 files changed, 28 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
new file mode 100644
index 0000000000..e5d069487c
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
@@ -0,0 +1,26 @@
+From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
+From: Pydera <pydera@mailbox.org>
+Date: Thu, 8 Apr 2021 17:36:16 +0200
+Subject: [PATCH] Fix out of buffer access in #1529
+
+---
+ src/jp2image.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 88ab9b2d6..12025f966 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
+ #endif
+ box.length = (uint32_t) (io_->size() - io_->tell() + 8);
+ }
+- if (box.length == 1)
++ if (box.length < 8)
+ {
+- // FIXME. Special case. the real box size is given in another place.
++ // box is broken, so there is nothing we can do here
++ throw Error(kerCorruptedMetadata);
+ }
+
+ // Read whole box : Box header + Box data (not fixed size - can be null).
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index ed1e8de5c2..a13db42edd 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -9,7 +9,8 @@ SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
inherit dos2unix
-SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch"
+SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
+ file://CVE-2021-29457.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 09/23] exiv2: Fix CVE-2021-29458
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (7 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 08/23] exiv2: Fix CVE-2021-29457 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 10/23] exiv2: Fix CVE-2021-29463 Armin Kuster
` (13 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1536/commits/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d]
CVE: CVE-2021-29458
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f0d83c14d9064ce1ee19b92d95c8daf790fe7488)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-29458.patch | 37 +++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 3 +-
2 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
new file mode 100644
index 0000000000..285f6fe4ce
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
@@ -0,0 +1,37 @@
+From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Fri, 9 Apr 2021 13:37:48 +0100
+Subject: [PATCH] Fix integer overflow.
+---
+ src/crwimage_int.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index aefaf22..2e3e507 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -559,7 +559,7 @@ namespace Exiv2 {
+ void CiffComponent::setValue(DataBuf buf)
+ {
+ if (isAllocated_) {
+- delete pData_;
++ delete[] pData_;
+ pData_ = 0;
+ size_ = 0;
+ }
+@@ -1167,7 +1167,11 @@ namespace Exiv2 {
+ pCrwMapping->crwDir_);
+ if (edX != edEnd || edY != edEnd || edO != edEnd) {
+ uint32_t size = 28;
+- if (cc && cc->size() > size) size = cc->size();
++ if (cc) {
++ if (cc->size() < size)
++ throw Error(kerCorruptedMetadata);
++ size = cc->size();
++ }
+ DataBuf buf(size);
+ std::memset(buf.pData_, 0x0, buf.size_);
+ if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
+--
+2.25.1
+
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index a13db42edd..1dc909eeb0 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -10,7 +10,8 @@ SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
inherit dos2unix
SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
- file://CVE-2021-29457.patch"
+ file://CVE-2021-29457.patch \
+ file://CVE-2021-29458.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 10/23] exiv2: Fix CVE-2021-29463
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (8 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 09/23] exiv2: Fix CVE-2021-29458 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 11/23] exiv2: Fix CVE-2021-3482 Armin Kuster
` (12 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b]
CVE: CVE-2021-29463
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8e63ac6c86852a12408c2415be073c71420758ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-29463.patch | 120 ++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 3 +-
2 files changed, 122 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
new file mode 100644
index 0000000000..5ab64a7d3e
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
@@ -0,0 +1,120 @@
+From 783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Mon, 19 Apr 2021 18:06:00 +0100
+Subject: [PATCH] Improve bound checking in WebPImage::doWriteMetadata()
+
+---
+ src/webpimage.cpp | 41 ++++++++++++++++++++++++++++++-----------
+ 1 file changed, 30 insertions(+), 11 deletions(-)
+
+diff --git a/src/webpimage.cpp b/src/webpimage.cpp
+index 4ddec544c..fee110bca 100644
+--- a/src/webpimage.cpp
++++ b/src/webpimage.cpp
+@@ -145,7 +145,7 @@ namespace Exiv2 {
+ DataBuf chunkId(WEBP_TAG_SIZE+1);
+ chunkId.pData_ [WEBP_TAG_SIZE] = '\0';
+
+- io_->read(data, WEBP_TAG_SIZE * 3);
++ readOrThrow(*io_, data, WEBP_TAG_SIZE * 3, Exiv2::kerCorruptedMetadata);
+ uint64_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian);
+
+ /* Set up header */
+@@ -185,13 +185,20 @@ namespace Exiv2 {
+ case we have any exif or xmp data, also check
+ for any chunks with alpha frame/layer set */
+ while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
+- io_->read(chunkId.pData_, WEBP_TAG_SIZE);
+- io_->read(size_buff, WEBP_TAG_SIZE);
+- long size = Exiv2::getULong(size_buff, littleEndian);
++ readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
++ readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
++ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
++
++ // Check that `size_u32` is safe to cast to `long`.
++ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
++ Exiv2::kerCorruptedMetadata);
++ const long size = static_cast<long>(size_u32);
+ DataBuf payload(size);
+- io_->read(payload.pData_, payload.size_);
+- byte c;
+- if ( payload.size_ % 2 ) io_->read(&c,1);
++ readOrThrow(*io_, payload.pData_, payload.size_, Exiv2::kerCorruptedMetadata);
++ if ( payload.size_ % 2 ) {
++ byte c;
++ readOrThrow(*io_, &c, 1, Exiv2::kerCorruptedMetadata);
++ }
+
+ /* Chunk with information about features
+ used in the file. */
+@@ -199,6 +206,7 @@ namespace Exiv2 {
+ has_vp8x = true;
+ }
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_size) {
++ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf[WEBP_TAG_SIZE];
+
+@@ -227,6 +235,7 @@ namespace Exiv2 {
+ }
+ #endif
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_size) {
++ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf[2];
+
+@@ -244,11 +253,13 @@ namespace Exiv2 {
+
+ /* Chunk with with lossless image data. */
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_alpha) {
++ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
+ if ((payload.pData_[4] & WEBP_VP8X_ALPHA_BIT) == WEBP_VP8X_ALPHA_BIT) {
+ has_alpha = true;
+ }
+ }
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_size) {
++ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf_w[2];
+ byte size_buf_h[3];
+@@ -276,11 +287,13 @@ namespace Exiv2 {
+
+ /* Chunk with animation frame. */
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_alpha) {
++ enforce(size >= 6, Exiv2::kerCorruptedMetadata);
+ if ((payload.pData_[5] & 0x2) == 0x2) {
+ has_alpha = true;
+ }
+ }
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_size) {
++ enforce(size >= 12, Exiv2::kerCorruptedMetadata);
+ has_size = true;
+ byte size_buf[WEBP_TAG_SIZE];
+
+@@ -309,16 +322,22 @@ namespace Exiv2 {
+
+ io_->seek(12, BasicIo::beg);
+ while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
+- io_->read(chunkId.pData_, 4);
+- io_->read(size_buff, 4);
++ readOrThrow(*io_, chunkId.pData_, 4, Exiv2::kerCorruptedMetadata);
++ readOrThrow(*io_, size_buff, 4, Exiv2::kerCorruptedMetadata);
++
++ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
+
+- long size = Exiv2::getULong(size_buff, littleEndian);
++ // Check that `size_u32` is safe to cast to `long`.
++ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
++ Exiv2::kerCorruptedMetadata);
++ const long size = static_cast<long>(size_u32);
+
+ DataBuf payload(size);
+- io_->read(payload.pData_, size);
++ readOrThrow(*io_, payload.pData_, size, Exiv2::kerCorruptedMetadata);
+ if ( io_->tell() % 2 ) io_->seek(+1,BasicIo::cur); // skip pad
+
+ if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X)) {
++ enforce(size >= 1, Exiv2::kerCorruptedMetadata);
+ if (has_icc){
+ payload.pData_[0] |= WEBP_VP8X_ICC_BIT;
+ } else {
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 1dc909eeb0..fb8d126198 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -11,7 +11,8 @@ SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994
inherit dos2unix
SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
file://CVE-2021-29457.patch \
- file://CVE-2021-29458.patch"
+ file://CVE-2021-29458.patch \
+ file://CVE-2021-29463.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 11/23] exiv2: Fix CVE-2021-3482
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (9 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 10/23] exiv2: Fix CVE-2021-29463 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 12/23] exiv2: Fix CVE-2021-29464 Armin Kuster
` (11 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp
can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1523/commits/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da]
CVE: CVE-2021-3482
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9e7c2c9713dc2824af2a33b0a3feb4f29e7f0269)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-3482.patch | 54 +++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 3 +-
2 files changed, 56 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
new file mode 100644
index 0000000000..e7c5e1b656
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
@@ -0,0 +1,54 @@
+From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001
+From: Robin Mills <robin@clanmills.com>
+Date: Mon, 5 Apr 2021 20:33:25 +0100
+Subject: [PATCH] fix_1522_jp2image_exif_asan
+
+---
+ src/jp2image.cpp | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index eb31cea4a..88ab9b2d6 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -28,6 +28,7 @@
+ #include "image.hpp"
+ #include "image_int.hpp"
+ #include "basicio.hpp"
++#include "enforce.hpp"
+ #include "error.hpp"
+ #include "futils.hpp"
+ #include "types.hpp"
+@@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m)
+ if (io_->error()) throw Error(kerFailedToReadImageData);
+ if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed);
+
+- if (rawData.size_ > 0)
++ if (rawData.size_ > 8) // "II*\0long"
+ {
+ // Find the position of Exif header in bytes array.
+ long pos = ( (rawData.pData_[0] == rawData.pData_[1])
+@@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m)
+ position = io_->tell();
+ box.length = getLong((byte*)&box.length, bigEndian);
+ box.type = getLong((byte*)&box.type, bigEndian);
++ enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata);
+
+ if (bPrint) {
+ out << Internal::stringFormat("%8ld | %8ld | ", (size_t)(position - sizeof(box)),
+@@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m)
+ throw Error(kerInputDataReadFailed);
+
+ if (bPrint) {
+- out << Internal::binaryToString(makeSlice(rawData, 0, 40));
++ out << Internal::binaryToString(
++ makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_));
+ out.flush();
+ }
+ lf(out, bLF);
+
+- if (bIsExif && bRecursive && rawData.size_ > 0) {
++ if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
+ if ((rawData.pData_[0] == rawData.pData_[1]) &&
+ (rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) {
+ BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index fb8d126198..8c4c81799b 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -12,7 +12,8 @@ inherit dos2unix
SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
file://CVE-2021-29457.patch \
file://CVE-2021-29458.patch \
- file://CVE-2021-29463.patch"
+ file://CVE-2021-29463.patch \
+ file://CVE-2021-3482.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 12/23] exiv2: Fix CVE-2021-29464
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (10 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 11/23] exiv2: Fix CVE-2021-3482 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 13/23] exiv2: Fix CVE-2021-29470 Armin Kuster
` (10 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to gain code execution, if they can
trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54]
CVE: CVE-2021-29464
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c9470bdfaa1d33347ffaf25b3e18d2163667e18)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-29464.patch | 72 +++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 1 +
2 files changed, 73 insertions(+)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
new file mode 100644
index 0000000000..f0c482450c
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
@@ -0,0 +1,72 @@
+From 61734d8842cb9cc59437463e3bac54d6231d9487 Mon Sep 17 00:00:00 2001
+From: Wang Mingyu <wangmy@fujitsu.com>
+Date: Tue, 18 May 2021 10:52:54 +0900
+Subject: [PATCH] modify
+
+Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
+---
+ src/jp2image.cpp | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 52723a4..0ac4f50 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -643,11 +643,11 @@ static void boxes_check(size_t b,size_t m)
+ void Jp2Image::encodeJp2Header(const DataBuf& boxBuf,DataBuf& outBuf)
+ {
+ DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
+- int outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
+- int inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
++ long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
++ long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
+ Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
+- int32_t length = getLong((byte*)&pBox->length, bigEndian);
+- int32_t count = sizeof (Jp2BoxHeader);
++ uint32_t length = getLong((byte*)&pBox->length, bigEndian);
++ uint32_t count = sizeof (Jp2BoxHeader);
+ char* p = (char*) boxBuf.pData_;
+ bool bWroteColor = false ;
+
+@@ -664,6 +664,7 @@ static void boxes_check(size_t b,size_t m)
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "Jp2Image::encodeJp2Header subbox: "<< toAscii(subBox.type) << " length = " << subBox.length << std::endl;
+ #endif
++ enforce(subBox.length <= length - count, Exiv2::kerCorruptedMetadata);
+ count += subBox.length;
+ newBox.type = subBox.type;
+ } else {
+@@ -672,12 +673,13 @@ static void boxes_check(size_t b,size_t m)
+ count = length;
+ }
+
+- int32_t newlen = subBox.length;
++ uint32_t newlen = subBox.length;
+ if ( newBox.type == kJp2BoxTypeColorHeader ) {
+ bWroteColor = true ;
+ if ( ! iccProfileDefined() ) {
+ const char* pad = "\x01\x00\x00\x00\x00\x00\x10\x00\x00\x05\x1cuuid";
+ uint32_t psize = 15;
++ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
+ ul2Data((byte*)&newBox.length,psize ,bigEndian);
+ ul2Data((byte*)&newBox.type ,newBox.type,bigEndian);
+ ::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox));
+@@ -686,6 +688,7 @@ static void boxes_check(size_t b,size_t m)
+ } else {
+ const char* pad = "\0x02\x00\x00";
+ uint32_t psize = 3;
++ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
+ ul2Data((byte*)&newBox.length,psize+iccProfile_.size_,bigEndian);
+ ul2Data((byte*)&newBox.type,newBox.type,bigEndian);
+ ::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox) );
+@@ -694,6 +697,7 @@ static void boxes_check(size_t b,size_t m)
+ newlen = psize + iccProfile_.size_;
+ }
+ } else {
++ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
+ ::memcpy(output.pData_+outlen,boxBuf.pData_+inlen,subBox.length);
+ }
+
+--
+2.25.1
+
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 8c4c81799b..024f4c794a 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -13,6 +13,7 @@ SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.pat
file://CVE-2021-29457.patch \
file://CVE-2021-29458.patch \
file://CVE-2021-29463.patch \
+ file://CVE-2021-29464.patch \
file://CVE-2021-3482.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 13/23] exiv2: Fix CVE-2021-29470
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (11 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 12/23] exiv2: Fix CVE-2021-29464 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 14/23] exiv2: Fix CVE-2021-29473 Armin Kuster
` (9 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1581/commits/6628a69c036df2aa036290e6cd71767c159c79ed]
CVE: CVE-2021-29470
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bb1400efda77a7289ca20782172bfbe1f457f161)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-29470.patch | 32 +++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
new file mode 100644
index 0000000000..eedf9d79aa
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
@@ -0,0 +1,32 @@
+From 6628a69c036df2aa036290e6cd71767c159c79ed Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 21 Apr 2021 12:06:04 +0100
+Subject: [PATCH] Add more bounds checks in Jp2Image::encodeJp2Header
+---
+ src/jp2image.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index b424225..349a9f0 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m)
+ DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
+ long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
+ long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
++ enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
+ Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
+ uint32_t length = getLong((byte*)&pBox->length, bigEndian);
++ enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
+ uint32_t count = sizeof (Jp2BoxHeader);
+ char* p = (char*) boxBuf.pData_;
+ bool bWroteColor = false ;
+
+ while ( count < length || !bWroteColor ) {
++ enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
+ Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
+
+ // copy data. pointer could be into a memory mapped file which we will decode!
+--
+2.25.1
+
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 024f4c794a..2419bab352 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -14,6 +14,7 @@ SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.pat
file://CVE-2021-29458.patch \
file://CVE-2021-29463.patch \
file://CVE-2021-29464.patch \
+ file://CVE-2021-29470.patch \
file://CVE-2021-3482.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 14/23] exiv2: Fix CVE-2021-29473
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (12 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 13/23] exiv2: Fix CVE-2021-29470 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 15/23] libsdl: Fix CVE-2019-13616 Armin Kuster
` (8 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file.
An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2,
if they can trick the victim into running Exiv2 on a crafted image file.
Upstream-Status: Accepted [https://github.com/Exiv2/exiv2/pull/1587/commits/e6a0982f7cd9282052b6e3485a458d60629ffa0b]
CVE: CVE-2021-29473
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a9aecd2c32fc8f238f62ef70813e032b6b52c2f2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../exiv2/exiv2/CVE-2021-29473.patch | 21 +++++++++++++++++++
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb | 1 +
2 files changed, 22 insertions(+)
create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
new file mode 100644
index 0000000000..4afedf8e59
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
@@ -0,0 +1,21 @@
+From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Fri, 23 Apr 2021 11:44:44 +0100
+Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata().
+
+---
+ src/jp2image.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 1694fed27..ca8c9ddbb 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m)
+
+ case kJp2BoxTypeUuid:
+ {
++ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
+ if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
+ {
+ #ifdef EXIV2_DEBUG_MESSAGES
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 2419bab352..d5d9e62ff2 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -15,6 +15,7 @@ SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.pat
file://CVE-2021-29463.patch \
file://CVE-2021-29464.patch \
file://CVE-2021-29470.patch \
+ file://CVE-2021-29473.patch \
file://CVE-2021-3482.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 15/23] libsdl: Fix CVE-2019-13616
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (13 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 14/23] exiv2: Fix CVE-2021-29473 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 16/23] hostapd: fix building with CONFIG_TLS=internal Armin Kuster
` (7 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read
in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db]
CVE: CVE-2019-13616
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 57ae91d2914de96b1de69bfcb089a427ee3cb0ed)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../libsdl/libsdl-1.2.15/CVE-2019-13616.patch | 27 +++++++++++++++++++
.../recipes-graphics/libsdl/libsdl_1.2.15.bb | 1 +
2 files changed, 28 insertions(+)
create mode 100644 meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch
new file mode 100644
index 0000000000..2db67966cf
--- /dev/null
+++ b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch
@@ -0,0 +1,27 @@
+From 97fefd050976bbbfca9608499f6a7d9fb86e70db Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Jul 2019 11:00:00 -0700
+Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
+---
+ src/video/SDL_bmp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
+index 8eadc5f..5b5e12c 100644
+--- a/src/video/SDL_bmp.c
++++ b/src/video/SDL_bmp.c
+@@ -143,6 +143,11 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc)
+ (void) biYPelsPerMeter;
+ (void) biClrImportant;
+
++ if (biWidth <= 0 || biHeight == 0) {
++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;
+--
+2.25.1
+
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
index 7a01908322..d91a1856b4 100644
--- a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
+++ b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL-${PV}.tar.gz \
file://CVE-2019-7637.patch \
file://CVE-2019-7638.patch \
file://CVE-2019-7576.patch \
+ file://CVE-2019-13616.patch \
"
UPSTREAM_CHECK_REGEX = "SDL-(?P<pver>\d+(\.\d+)+)\.tar"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 16/23] hostapd: fix building with CONFIG_TLS=internal
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (14 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 15/23] libsdl: Fix CVE-2019-13616 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 17/23] opencv: remove tbb packageconfig for powerpc Armin Kuster
` (6 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Alexander Vickberg <wickbergster@gmail.com>
The patch recently added for CVE-2021-30004 broke compilation with
CONFIG_TLS=internal. This adds the necessary function to let it
compile again.
Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d6ef4170747d6668fa940328334055eef3e1e1d6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...001-Prepare-for-CVE-2021-30004.patch.patch | 45 +++++++++++++++++++
.../hostapd/hostapd_2.9.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch
new file mode 100644
index 0000000000..1bedb4f753
--- /dev/null
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd/0001-Prepare-for-CVE-2021-30004.patch.patch
@@ -0,0 +1,45 @@
+From 14fab0772db19297c82dd1b8612c9335369dce41 Mon Sep 17 00:00:00 2001
+From: Alexander Vickberg <wickbergster@gmail.com>
+Date: Mon, 17 May 2021 17:54:13 +0200
+Subject: [PATCH] Prepare for CVE-2021-30004.patch
+
+Without this building fails for CONFIG_TLS=internal
+
+Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
+---
+ src/tls/asn1.h | 6 ++++++
+ src/utils/includes.h | 1 +
+ 2 files changed, 7 insertions(+)
+
+diff --git a/src/tls/asn1.h b/src/tls/asn1.h
+index 6bd7df5..77b94ef 100644
+--- a/src/tls/asn1.h
++++ b/src/tls/asn1.h
+@@ -66,6 +66,12 @@ void asn1_oid_to_str(const struct asn1_oid *oid, char *buf, size_t len);
+ unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
+ int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
+
++static inline bool asn1_is_null(const struct asn1_hdr *hdr)
++{
++ return hdr->class == ASN1_CLASS_UNIVERSAL &&
++ hdr->tag == ASN1_TAG_NULL;
++}
++
+ extern struct asn1_oid asn1_sha1_oid;
+ extern struct asn1_oid asn1_sha256_oid;
+
+diff --git a/src/utils/includes.h b/src/utils/includes.h
+index 75513fc..741fc9c 100644
+--- a/src/utils/includes.h
++++ b/src/utils/includes.h
+@@ -18,6 +18,7 @@
+
+ #include <stdlib.h>
+ #include <stddef.h>
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <string.h>
+--
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
index e586018685..a9780bc6db 100644
--- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb
@@ -11,6 +11,7 @@ SRC_URI = " \
file://defconfig \
file://init \
file://hostapd.service \
+ file://0001-Prepare-for-CVE-2021-30004.patch.patch \
file://CVE-2019-16275.patch \
file://CVE-2019-5061.patch \
file://CVE-2021-0326.patch \
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 17/23] opencv: remove tbb packageconfig for powerpc
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (15 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 16/23] hostapd: fix building with CONFIG_TLS=internal Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 18/23] sysdig: disable building for ppc Armin Kuster
` (5 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Saul Wold <Saul.Wold@windriver.com>
Since tbb does not build for powerpc remove it from the enabled list
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e0581ad12f42427932e24abad97399c54f4b75f7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-support/opencv/opencv_4.5.2.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-oe/recipes-support/opencv/opencv_4.5.2.bb b/meta-oe/recipes-support/opencv/opencv_4.5.2.bb
index 311355bd7a..1dcd8586cd 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.5.2.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.5.2.bb
@@ -106,6 +106,9 @@ PACKAGECONFIG ??= "gapi python3 eigen jpeg png tiff v4l libv4l gstreamer samples
${@bb.utils.contains("DISTRO_FEATURES", "x11", "gtk", "", d)} \
${@bb.utils.contains("LICENSE_FLAGS_WHITELIST", "commercial", "libav", "", d)}"
+# TBB does not build for powerpc so disable that package config
+PACKAGECONFIG_remove_powerpc = "tbb"
+
PACKAGECONFIG[gapi] = "-DWITH_ADE=ON -Dade_DIR=${STAGING_LIBDIR},-DWITH_ADE=OFF,ade"
PACKAGECONFIG[amdblas] = "-DWITH_OPENCLAMDBLAS=ON,-DWITH_OPENCLAMDBLAS=OFF,libclamdblas,"
PACKAGECONFIG[amdfft] = "-DWITH_OPENCLAMDFFT=ON,-DWITH_OPENCLAMDFFT=OFF,libclamdfft,"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 18/23] sysdig: disable building for ppc
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (16 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 17/23] opencv: remove tbb packageconfig for powerpc Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 19/23] trace-cmd: Conflict resolution Armin Kuster
` (4 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Saul Wold <Saul.Wold@windriver.com>
Sysdig depends on tbb which no longer builds for powerpc
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 433603cb7dd0243856509a552ff354dbc0fccd95)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-extended/sysdig/sysdig_git.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-oe/recipes-extended/sysdig/sysdig_git.bb b/meta-oe/recipes-extended/sysdig/sysdig_git.bb
index d9da190578..f1b77070c1 100644
--- a/meta-oe/recipes-extended/sysdig/sysdig_git.bb
+++ b/meta-oe/recipes-extended/sysdig/sysdig_git.bb
@@ -14,6 +14,7 @@ JIT_mipsarchn32 = ""
JIT_mipsarchn64 = ""
JIT_riscv64 = ""
JIT_riscv32 = ""
+JIT_powerpc = ""
DEPENDS += "libb64 lua${JIT} zlib c-ares grpc-native grpc curl ncurses jsoncpp tbb jq openssl elfutils protobuf protobuf-native jq-native"
RDEPENDS_${PN} = "bash"
@@ -49,3 +50,4 @@ COMPATIBLE_HOST_libc-musl = "null"
COMPATIBLE_HOST_mips = "null"
COMPATIBLE_HOST_riscv64 = "null"
COMPATIBLE_HOST_riscv32 = "null"
+COMPATIBLE_HOST_powerpc = "null"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 19/23] trace-cmd: Conflict resolution
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (17 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 18/23] sysdig: disable building for ppc Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 20/23] postgresql: upgrade 13.2 -> 13.3 Armin Kuster
` (3 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: wangmy <wangmy@fujitsu.com>
perf(oe-core) also uses the doc included in plugins/, so package it in own subdirs of trace-cmd.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8402fdd6f6710effd763a0a9c06c83255e39722)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-kernel/trace-cmd/trace-cmd_2.9.1.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-oe/recipes-kernel/trace-cmd/trace-cmd_2.9.1.bb b/meta-oe/recipes-kernel/trace-cmd/trace-cmd_2.9.1.bb
index d39afff8e4..906ca2c1f3 100644
--- a/meta-oe/recipes-kernel/trace-cmd/trace-cmd_2.9.1.bb
+++ b/meta-oe/recipes-kernel/trace-cmd/trace-cmd_2.9.1.bb
@@ -12,6 +12,8 @@ S = "${WORKDIR}/git"
do_install() {
oe_runmake etcdir=${sysconfdir} DESTDIR=${D} install
+ mkdir -p ${D}${libdir}/traceevent/plugins/${BPN}
+ mv ${D}/${libdir}/traceevent/plugins/*.so ${D}${libdir}/traceevent/plugins/${BPN}/
}
FILES_${PN} += "${libdir}/traceevent/plugins"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 20/23] postgresql: upgrade 13.2 -> 13.3
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (18 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 19/23] trace-cmd: Conflict resolution Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 21/23] opencv: Disable tbb on riscv/musl Armin Kuster
` (2 subsequent siblings)
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: zangrc <zangrc.fnst@fujitsu.com>
Refresh the following patch:
0001-configure.in-bypass-autoconf-2.69-version-check.patch
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 48cb359db26f4fa0efb811c24a6306a56bf60483)
[Bug fix update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../0001-configure.in-bypass-autoconf-2.69-version-check.patch | 2 +-
.../postgresql/{postgresql_13.2.bb => postgresql_13.3.bb} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-dbs/postgresql/{postgresql_13.2.bb => postgresql_13.3.bb} (78%)
diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch
index 970d750b13..45f283a02b 100644
--- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch
+++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.in-bypass-autoconf-2.69-version-check.patch
@@ -16,7 +16,7 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
+++ b/configure.in
@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch un
- AC_INIT([PostgreSQL], [13.2], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
+ AC_INIT([PostgreSQL], [13.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
-Untested combinations of 'autoconf' and PostgreSQL versions are not
diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_13.2.bb b/meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb
similarity index 78%
rename from meta-oe/recipes-dbs/postgresql/postgresql_13.2.bb
rename to meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb
index ca8a6c7cee..862dd61bd6 100644
--- a/meta-oe/recipes-dbs/postgresql/postgresql_13.2.bb
+++ b/meta-oe/recipes-dbs/postgresql/postgresql_13.3.bb
@@ -9,4 +9,4 @@ SRC_URI += "\
file://0001-configure.in-bypass-autoconf-2.69-version-check.patch \
"
-SRC_URI[sha256sum] = "5fd7fcd08db86f5b2aed28fcfaf9ae0aca8e9428561ac547764c2a2b0f41adfc"
+SRC_URI[sha256sum] = "3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 21/23] opencv: Disable tbb on riscv/musl
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (19 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 20/23] postgresql: upgrade 13.2 -> 13.3 Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 22/23] libgtop: tidy up recipe Armin Kuster
2021-05-26 11:52 ` [harkknott 23/23] libgtop: fix do_compile error Armin Kuster
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Khem Raj <raj.khem@gmail.com>
getcontext|setcontext functionality is provided via libucontext for musl
but this library is not yet ported to RISCV
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a116630318789f08ebc6f350c37ef43f0884cb30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-support/opencv/opencv_4.5.2.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-oe/recipes-support/opencv/opencv_4.5.2.bb b/meta-oe/recipes-support/opencv/opencv_4.5.2.bb
index 1dcd8586cd..226bad5778 100644
--- a/meta-oe/recipes-support/opencv/opencv_4.5.2.bb
+++ b/meta-oe/recipes-support/opencv/opencv_4.5.2.bb
@@ -108,6 +108,9 @@ PACKAGECONFIG ??= "gapi python3 eigen jpeg png tiff v4l libv4l gstreamer samples
# TBB does not build for powerpc so disable that package config
PACKAGECONFIG_remove_powerpc = "tbb"
+# tbb now needs getcontect/setcontext which is not there for all arches on musl
+PACKAGECONFIG_remove_libc-musl_riscv64 = "tbb"
+PACKAGECONFIG_remove_libc-musl_riscv32 = "tbb"
PACKAGECONFIG[gapi] = "-DWITH_ADE=ON -Dade_DIR=${STAGING_LIBDIR},-DWITH_ADE=OFF,ade"
PACKAGECONFIG[amdblas] = "-DWITH_OPENCLAMDBLAS=ON,-DWITH_OPENCLAMDBLAS=OFF,libclamdblas,"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 22/23] libgtop: tidy up recipe
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (20 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 21/23] opencv: Disable tbb on riscv/musl Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
2021-05-26 11:52 ` [harkknott 23/23] libgtop: fix do_compile error Armin Kuster
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 55c0d740bc3553005b8a9e79b172231142c30d20)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb b/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb
index f0c9cdb0e2..63615e4331 100644
--- a/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb
+++ b/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb
@@ -1,4 +1,4 @@
-SUMMARY = "LibGTop2"
+SUMMARY = "A library for collecting system monitoring data"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
@@ -8,9 +8,6 @@ inherit gnomebase lib_package gtk-doc gobject-introspection gettext upstream-ver
inherit features_check
REQUIRED_DISTRO_FEATURES = "x11"
-SRC_URI[archive.md5sum] = "c6d67325cd97b2208b41e07e6cc7b947"
SRC_URI[archive.sha256sum] = "78f3274c0c79c434c03655c1b35edf7b95ec0421430897fb1345a98a265ed2d4"
DEPENDS = "glib-2.0 libxau"
-
-EXTRA_OEMAKE += "LIBGTOP_LIBS="
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread* [harkknott 23/23] libgtop: fix do_compile error
2021-05-26 11:52 [harkknott 00/23] Patch review Armin Kuster
` (21 preceding siblings ...)
2021-05-26 11:52 ` [harkknott 22/23] libgtop: tidy up recipe Armin Kuster
@ 2021-05-26 11:52 ` Armin Kuster
22 siblings, 0 replies; 25+ messages in thread
From: Armin Kuster @ 2021-05-26 11:52 UTC (permalink / raw)
To: openembedded-devel
From: Changqing Li <changqing.li@windriver.com>
On some distros, such as fedora32, cross compile failed with following
error since host library is used. undefined reference to
`stat64@GLIBC_2.33'
According doc of ld, set searchdir begins with "=", but not hardcoded
locations.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a6d1ddf7a9972008261bb84ff4196446d182c683)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...-fix-compile-error-for-cross-compile.patch | 37 +++++++++++++++++++
.../recipes-gnome/libgtop/libgtop_2.40.0.bb | 2 +
2 files changed, 39 insertions(+)
create mode 100644 meta-gnome/recipes-gnome/libgtop/libgtop/0001-fix-compile-error-for-cross-compile.patch
diff --git a/meta-gnome/recipes-gnome/libgtop/libgtop/0001-fix-compile-error-for-cross-compile.patch b/meta-gnome/recipes-gnome/libgtop/libgtop/0001-fix-compile-error-for-cross-compile.patch
new file mode 100644
index 0000000000..1bd6e101b5
--- /dev/null
+++ b/meta-gnome/recipes-gnome/libgtop/libgtop/0001-fix-compile-error-for-cross-compile.patch
@@ -0,0 +1,37 @@
+From e865a93000913b4597607289356114cd159f4e28 Mon Sep 17 00:00:00 2001
+From: Your Name <you@example.com>
+Date: Fri, 21 May 2021 03:02:29 +0000
+Subject: [PATCH] fix compile error for cross compile
+
+On some distros, such as fedora32, cross compile failed with following
+error since host library is used. undefined reference to
+`stat64@GLIBC_2.33'
+
+According doc of ld, set searchdir begins with "=", but not hardcoded
+locations.
+
+Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/libgtop/-/merge_requests/26]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 472f44b..ed6a4d7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -270,8 +270,8 @@ AC_ARG_ENABLE(fatal-warnings,
+ [Define to enable fatal warnings]))
+
+ dnl These definitions are expanded in make.
+-LIBGTOP_LIBS='-L$(libdir)'
+-LIBGTOP_INCS='-I$(includedir)/libgtop-2.0'
++LIBGTOP_LIBS='-L=$(libdir)'
++LIBGTOP_INCS='-I=$(includedir)/libgtop-2.0'
+
+ if test x$libgtop_have_sysinfo = xyes ; then
+ LIBGTOP_INCS="$LIBGTOP_INCS -DHAVE_LIBGTOP_SYSINFO"
+--
+2.26.2
+
diff --git a/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb b/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb
index 63615e4331..6d9398f4e4 100644
--- a/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb
+++ b/meta-gnome/recipes-gnome/libgtop/libgtop_2.40.0.bb
@@ -8,6 +8,8 @@ inherit gnomebase lib_package gtk-doc gobject-introspection gettext upstream-ver
inherit features_check
REQUIRED_DISTRO_FEATURES = "x11"
+SRC_URI += "file://0001-fix-compile-error-for-cross-compile.patch"
+
SRC_URI[archive.sha256sum] = "78f3274c0c79c434c03655c1b35edf7b95ec0421430897fb1345a98a265ed2d4"
DEPENDS = "glib-2.0 libxau"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread