[oe][meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[oe][meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[Akash Hadke]

Delete libcroco recipe as it got added by mistake
from commit https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=522603beb6d88ad6ea443806bb986096d5b766e6

Actual recipe is present in poky.
https://git.yoctoproject.org/poky/tree/meta/recipes-support/libcroco/libcroco_0.6.13.bb?h=kirkstone

Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
---
 .../libcroco/libcroco/CVE-2020-12825.patch    | 190 ------------------
 .../libcroco/libcroco_0.6.13.bb               |  22 --
 2 files changed, 212 deletions(-)
 delete mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
 delete mode 100644 meta/recipes-support/libcroco/libcroco_0.6.13.bb

diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
deleted file mode 100644
index 8e58f7309..000000000
--- a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-From 203d62efefe6f79080863dda61593003b4c31f25 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Thu, 13 Aug 2020 20:03:05 -0500
-Subject: [PATCH] libcroco parser: limit recursion in block and any productions
-
-If we don't have any limits, we can recurse forever and overflow the
-stack.
-
-This is for CVE-2020-12825: Stack overflow in cr_parser_parse_any_core
-in cr-parser.c.
-
-Bug: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
-Patch from https://gitlab.gnome.org/Archive/libcroco/-/merge_requests/5
-
-CVE: CVE-2020-12825
-Upstream Status: Backport [https://gitlab.com/inkscape/inkscape/-/commit/203d62efefe6f79080863dda61593003b4c31f25.patch]
----
- src/cr-parser.c | 44 ++++++++++++++++++++-----------
- 1 file changed, 29 insertions(+), 15 deletions(-)
-
-diff --git a/src/cr-parser.c b/src/cr-parser.c
-index d85e71f0fc..cd7b6ebd4a 100644
---- a/src/cr-parser.c
-+++ b/src/cr-parser.c
-@@ -136,6 +136,8 @@ struct _CRParserPriv {
-
- #define CHARS_TAB_SIZE 12
-
-+#define RECURSIVE_CALLERS_LIMIT 100
-+
- /**
-  * IS_NUM:
-  *@a_char: the char to test.
-@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
-
- static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
-
--static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
-+static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
-+                                               guint      n_calls);
-
--static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
-+static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
-+                                                 guint      n_calls);
-
- static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
-
-@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
-         cr_parser_try_to_skip_spaces_and_comments (a_this);
-
-         do {
--                status = cr_parser_parse_any_core (a_this);
-+                status = cr_parser_parse_any_core (a_this, 0);
-         } while (status == CR_OK);
-
-         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
-@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
-                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
-                                       token);
-                 token = NULL;
--                status = cr_parser_parse_block_core (a_this);
-+                status = cr_parser_parse_block_core (a_this, 0);
-                 CHECK_PARSING_STATUS (status,
-                                       FALSE);
-                 goto done;
-@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
-
-         RECORD_INITIAL_POS (a_this, &init_pos);
-
--        status = cr_parser_parse_any_core (a_this);
-+        status = cr_parser_parse_any_core (a_this, 0);
-         CHECK_PARSING_STATUS (status, FALSE);
-
-         do {
--                status = cr_parser_parse_any_core (a_this);
-+                status = cr_parser_parse_any_core (a_this, 0);
-
-         } while (status == CR_OK);
-
-@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
-  *in chapter 4.1 of the css2 spec.
-  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
-  *@param a_this the current instance of #CRParser.
-+ *@param n_calls used to limit recursion depth
-  *FIXME: code this function.
-  */
- static enum CRStatus
--cr_parser_parse_block_core (CRParser * a_this)
-+cr_parser_parse_block_core (CRParser * a_this,
-+                            guint      n_calls)
- {
-         CRToken *token = NULL;
-         CRInputPos init_pos;
-@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this)
-
-         g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
-
-+        if (n_calls > RECURSIVE_CALLERS_LIMIT)
-+                return CR_ERROR;
-+
-         RECORD_INITIAL_POS (a_this, &init_pos);
-
-         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
-@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this)
-         } else if (token->type == CBO_TK) {
-                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
-                 token = NULL;
--                status = cr_parser_parse_block_core (a_this);
-+                status = cr_parser_parse_block_core (a_this, n_calls + 1);
-                 CHECK_PARSING_STATUS (status, FALSE);
-                 goto parse_block_content;
-         } else {
-                 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
-                 token = NULL;
--                status = cr_parser_parse_any_core (a_this);
-+                status = cr_parser_parse_any_core (a_this, n_calls + 1);
-                 CHECK_PARSING_STATUS (status, FALSE);
-                 goto parse_block_content;
-         }
-@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this)
-                 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
-                                                token);
-                 token = NULL;
--                status = cr_parser_parse_block_core (a_this);
-+                status = cr_parser_parse_block_core (a_this, 0);
-                 CHECK_PARSING_STATUS (status, FALSE);
-                 ref++;
-                 goto continue_parsing;
-@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this)
-                 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
-                                                token);
-                 token = NULL;
--                status = cr_parser_parse_any_core (a_this);
-+                status = cr_parser_parse_any_core (a_this, 0);
-                 if (status == CR_OK) {
-                         ref++;
-                         goto continue_parsing;
-@@ -1162,10 +1162,12 @@
-  *        | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
-  *
-  *@param a_this the current instance of #CRParser.
-+ *@param n_calls used to limit recursion depth
-  *@return CR_OK upon successfull completion, an error code otherwise.
-  */
- static enum CRStatus
--cr_parser_parse_any_core (CRParser * a_this)
-+cr_parser_parse_any_core (CRParser * a_this,
-+                          guint      n_calls)
- {
-         CRToken *token1 = NULL,
-                 *token2 = NULL;
-@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this)
-
-         g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
-
-+        if (n_calls > RECURSIVE_CALLERS_LIMIT)
-+                return CR_ERROR;
-+
-         RECORD_INITIAL_POS (a_this, &init_pos);
-
-         status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
-@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this)
-                  *We consider parameter as being an "any*" production.
-                  */
-                 do {
--                        status = cr_parser_parse_any_core (a_this);
-+                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
-                 } while (status == CR_OK);
-
-                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
-@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this)
-                 }
-
-                 do {
--                        status = cr_parser_parse_any_core (a_this);
-+                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
-                 } while (status == CR_OK);
-
-                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
-@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this)
-                 }
-
-                 do {
--                        status = cr_parser_parse_any_core (a_this);
-+                        status = cr_parser_parse_any_core (a_this, n_calls + 1);
-                 } while (status == CR_OK);
-
-                 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
---
-GitLab
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/meta/recipes-support/libcroco/libcroco_0.6.13.bb
deleted file mode 100644
index fd5927e01..000000000
--- a/meta/recipes-support/libcroco/libcroco_0.6.13.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-SUMMARY = "Cascading Style Sheet (CSS) parsing and manipulation toolkit"
-HOMEPAGE = "http://www.gnome.org/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
-
-LICENSE = "LGPLv2 & LGPLv2.1"
-LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605 \
-                    file://src/cr-rgb.c;endline=22;md5=31d5f0944d556c8589d04ea6055fcc66 \
-                    file://tests/cr-test-utils.c;endline=21;md5=2382c27934cae1d3792fcb17a6142c4e"
-
-SECTION = "x11/utils"
-DEPENDS = "glib-2.0 libxml2 zlib"
-BBCLASSEXTEND = "native nativesdk"
-EXTRA_OECONF += "--enable-Bsymbolic=auto"
-
-BINCONFIG = "${bindir}/croco-0.6-config"
-
-inherit gnomebase gtk-doc binconfig-disabled
-
-SRC_URI += "file://CVE-2020-12825.patch"
-
-SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce"
-SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4"
-- 
2.25.1

Re: [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[akash hadke]

[-- Attachment #1: Type: text/plain, Size: 111 bytes --]

Hello,

Can we consider this patch? Wrongly libcroco recipe is added in meta-oe, which needs to be removed.

[-- Attachment #2: Type: text/html, Size: 119 bytes --]

Re: [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[akash hadke]

[-- Attachment #1: Type: text/plain, Size: 58 bytes --]

Hi,

Can you please consider this patch?

BR,
Akash

[-- Attachment #2: Type: text/html, Size: 78 bytes --]

Re: [oe] [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[Ranjitsinh Rathod]

[-- Attachment #1.1: Type: text/plain, Size: 1635 bytes --]

Hi Armin,

Can you please check this and see if you can apply this commit in meta-openembedded kirkstone branch?


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__________________________________________
KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin>

[cid:f327e22f-637c-423c-9f94-2b6410f89e5a]<https://www.kpit.com/TheNewBrand>

________________________________
From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> on behalf of akash hadke via lists.openembedded.org <akash.hadke27=gmail.com@lists.openembedded.org>
Sent: Friday, January 5, 2024 2:57 PM
To: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org>
Subject: Re: [oe] [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi,

Can you please consider this patch?

BR,
Akash
This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

[-- Attachment #1.2: Type: text/html, Size: 5526 bytes --]

[-- Attachment #2: Outlook-ejzei3xw.png --]
[-- Type: image/png, Size: 22485 bytes --]

Re: [oe] [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[Ross Burton]

On 29 Jan 2024, at 11:31, Ranjitsinh Rathod via lists.openembedded.org <ranjitsinh.rathod=kpit.com@lists.openembedded.org> wrote:
> 
> Hi Armin,
> 
> Can you please check this and see if you can apply this commit in meta-openembedded kirkstone branch?

It would be unusual to delete a recipe from a stable branch.  Can you explain why this should happen?

Ross

Re: [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[Ranjitsinh Rathod]

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

Hi Ross,

Actually this recipe is from poky.
The actual recipe is present in poky.
https://git.yoctoproject.org/poky/tree/meta/recipes-support/libcroco/libcroco_0.6.13.bb?h=kirkstone

This is I assume added in meta-openembeded by mistake as part of this https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=522603beb6d88ad6ea443806bb986096d5b766e6 and so we want to delete this duplicate recipe.

We already have enough information in the commit message.

Thanks,
Ranjitsinh Rathod

[-- Attachment #2: Type: text/html, Size: 1437 bytes --]

Re: [oe] [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 1303 bytes --]

Aha, it's in completely unused "meta" directory inside meta-openembedded
repository not in meta-oe layer. So yes, it should be reverted to avoid
confusion.

On Tue, Feb 6, 2024 at 9:46 AM Ranjitsinh Rathod via lists.openembedded.org
<ranjitsinh.rathod=kpit.com@lists.openembedded.org> wrote:

> Hi Ross,
>
> Actually this recipe is from poky.
> The actual recipe is present in poky.
>
> https://git.yoctoproject.org/poky/tree/meta/recipes-support/libcroco/libcroco_0.6.13.bb?h=kirkstone
>
> This is I assume added in meta-openembeded by mistake as part of this
> https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=522603beb6d88ad6ea443806bb986096d5b766e6 and
> so we want to delete this duplicate recipe.
>
> We already have enough information in the commit message.
>
> Thanks,
> Ranjitsinh Rathod
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#108617):
> https://lists.openembedded.org/g/openembedded-devel/message/108617
> Mute This Topic: https://lists.openembedded.org/mt/102058937/3617156
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> martin.jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 3072 bytes --]

Re: [oe] [meta-oe][kirkstone][PATCH] libcroco: Delete the recipe

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 1540 bytes --]

I've sent revert with I think a bit better commit message.

On Tue, Feb 6, 2024 at 11:21 AM Martin Jansa via lists.openembedded.org
<martin.jansa=gmail.com@lists.openembedded.org> wrote:

> Aha, it's in completely unused "meta" directory inside meta-openembedded
> repository not in meta-oe layer. So yes, it should be reverted to avoid
> confusion.
>
> On Tue, Feb 6, 2024 at 9:46 AM Ranjitsinh Rathod via
> lists.openembedded.org <ranjitsinh.rathod=kpit.com@lists.openembedded.org>
> wrote:
>
>> Hi Ross,
>>
>> Actually this recipe is from poky.
>> The actual recipe is present in poky.
>>
>> https://git.yoctoproject.org/poky/tree/meta/recipes-support/libcroco/libcroco_0.6.13.bb?h=kirkstone
>>
>> This is I assume added in meta-openembeded by mistake as part of this
>> https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone-next&id=522603beb6d88ad6ea443806bb986096d5b766e6 and
>> so we want to delete this duplicate recipe.
>>
>> We already have enough information in the commit message.
>>
>> Thanks,
>> Ranjitsinh Rathod
>>
>>
>>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#108622):
> https://lists.openembedded.org/g/openembedded-devel/message/108622
> Mute This Topic: https://lists.openembedded.org/mt/102058937/3617156
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> martin.jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 3652 bytes --]