* [OE-core][dunfell 00/14] Patch review
@ 2022-06-08 14:46 Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 01/14] Revert "openssl: Backport fix for ptest cert expiry" Steve Sakoman
` (13 more replies)
0 siblings, 14 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3760
The following changes since commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939:
openssl: Backport fix for ptest cert expiry (2022-06-07 11:33:46 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (1):
linux-yocto/5.4: update to v5.4.196
Hitendra Prajapati (2):
e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted
filesystem
pcre2: CVE-2022-1587 Out-of-bounds read
Marta Rybczynska (4):
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-check: add coverage statistics on recipes with/without CVEs
cve-update-db-native: make it possible to disable database updates
Richard Purdie (1):
libxslt: Mark CVE-2022-29824 as not applying
Robert Joslyn (2):
curl: Backport CVE fixes
curl: Fix CVE_CHECK_WHITELIST typo
Steve Sakoman (3):
Revert "openssl: Backport fix for ptest cert expiry"
openssl: backport fix for ptest certificate expiration
openssl: update the epoch time for ct_test ptest
omkar patil (1):
libxslt: Fix CVE-2021-30560
meta/classes/cve-check.bbclass | 86 ++-
meta/lib/oe/cve_check.py | 10 +
...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 +++++
...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 --
...611887cfac633aacc052b2e71a7f195418b8.patch | 29 +
.../openssl/openssl_1.1.1o.bb | 3 +-
.../recipes-core/meta/cve-update-db-native.bb | 6 +-
.../e2fsprogs/e2fsprogs/CVE-2022-1304.patch | 42 ++
.../e2fsprogs/e2fsprogs_1.45.7.bb | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../curl/curl/CVE-2022-27774-1.patch | 45 ++
.../curl/curl/CVE-2022-27774-2.patch | 80 +++
.../curl/curl/CVE-2022-27774-3.patch | 83 +++
.../curl/curl/CVE-2022-27774-4.patch | 35 +
.../curl/curl/CVE-2022-27781.patch | 46 ++
.../curl/curl/CVE-2022-27782-1.patch | 363 ++++++++++
.../curl/curl/CVE-2022-27782-2.patch | 71 ++
meta/recipes-support/curl/curl_7.69.1.bb | 9 +-
.../libpcre/libpcre2/CVE-2022-1587.patch | 660 ++++++++++++++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
.../libxslt/libxslt/CVE-2021-30560.patch | 201 ++++++
.../recipes-support/libxslt/libxslt_1.1.34.bb | 5 +
24 files changed, 1949 insertions(+), 110 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch
--
2.25.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [OE-core][dunfell 01/14] Revert "openssl: Backport fix for ptest cert expiry"
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 02/14] openssl: backport fix for ptest certificate expiration Steve Sakoman
` (12 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
Version 1.1.1 requires additional changes
This reverts commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939.
---
...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 -------------------
.../openssl/openssl_1.1.1o.bb | 1 -
2 files changed, 56 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch b/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
deleted file mode 100644
index 0249d4181b..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 770aea88c3888cc5cb3ebc94ffcef706c68bc1d2 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Wed, 1 Jun 2022 12:06:33 +0200
-Subject: [PATCH] Update expired SCT issuer certificate
-
-Fixes #15179
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-(Merged from https://github.com/openssl/openssl/pull/18444)
-
-Upstream-Status: Backport
-[Fixes ptest failures in OE-Core]
----
- test/certs/embeddedSCTs1_issuer.pem | 30 ++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
-index 1fa449d5a098..6aa9455f09ed 100644
---- a/test/certs/embeddedSCTs1_issuer.pem
-+++ b/test/certs/embeddedSCTs1_issuer.pem
-@@ -1,18 +1,18 @@
- -----BEGIN CERTIFICATE-----
--MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
-+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
- MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
--YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
--MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
--c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
--MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
--jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
--KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
--svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
--tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
--A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
--MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
--/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
--OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
--f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
--OwqULg==
-+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
-+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
-+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
-+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
-+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
-+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
-+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
-+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
-+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
-+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
-+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
-++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
-+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
-+Doud4XrO
- -----END CERTIFICATE-----
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
index b3dceb659b..c9cfc759c9 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
@@ -18,7 +18,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://afalg.patch \
file://reproducible.patch \
file://reproducibility.patch \
- file://770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch \
"
SRC_URI_append_class-nativesdk = " \
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 02/14] openssl: backport fix for ptest certificate expiration
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 01/14] Revert "openssl: Backport fix for ptest cert expiry" Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 03/14] openssl: update the epoch time for ct_test ptest Steve Sakoman
` (11 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
ptests in in openssl have started failing as test certificates have
expired. Backport a fix for this from upstream, replacing the test
certificates to allow the ptests to pass again.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 ++++++++++++++++++
.../openssl/openssl_1.1.1o.bb | 1 +
2 files changed, 193 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch b/meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
new file mode 100644
index 0000000000..438ecdcd32
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
@@ -0,0 +1,192 @@
+From 73db5d82489b3ec09ccc772dfcee14fef0e8e908 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 1 Jun 2022 12:47:44 +0200
+Subject: [PATCH] Update expired SCT certificates
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/18446)
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/73db5d82489b3ec09ccc772dfcee14fef0e8e908]
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ test/certs/embeddedSCTs1-key.pem | 38 ++++++++++++++++---------
+ test/certs/embeddedSCTs1.pem | 35 ++++++++++++-----------
+ test/certs/embeddedSCTs1.sct | 12 ++++----
+ test/certs/embeddedSCTs1_issuer-key.pem | 15 ++++++++++
+ test/certs/embeddedSCTs1_issuer.pem | 30 +++++++++----------
+ 5 files changed, 79 insertions(+), 51 deletions(-)
+ create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem
+
+diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
+index e3e66d55c510..28dd206dbe8d 100644
+--- a/test/certs/embeddedSCTs1-key.pem
++++ b/test/certs/embeddedSCTs1-key.pem
+@@ -1,15 +1,27 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
+-WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
+-EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
+-AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
+-PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
+-flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
+-X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
+-pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
+-b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
+-9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
+-83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
+-n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
+-1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
++MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw
++XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT
++48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ
++b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L
++eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG
++a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm
++tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf
++3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r
++zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF
++nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ
++XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw
++ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ
++S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi
++BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3
++2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn
++MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU
++JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn
++j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA
++jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu
++ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk
++3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P
++o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI
++fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1
++5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP
++RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4=
+ -----END RSA PRIVATE KEY-----
+diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem
+index d1e85120a043..d2a111fb8235 100644
+--- a/test/certs/embeddedSCTs1.pem
++++ b/test/certs/embeddedSCTs1.pem
+@@ -1,20 +1,21 @@
+ -----BEGIN CERTIFICATE-----
+-MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
++MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+ MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+-MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu
+-c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G
+-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/
+-BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk
+-EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw
+-FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q
+-Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD
+-VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w
+-DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK
+-BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L
+-vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw
+-KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG
+-SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE
+-oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr
+-5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg
++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy
++NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3
++DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK
++/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE
++FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI
++0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I
++QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S
++wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB
++CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I
++Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
++ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI
++/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB
++u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ
++BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR
++RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1
++IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W
++YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw==
+ -----END CERTIFICATE-----
+diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct
+index 59362dcee1f4..35c9eb9e3bed 100644
+--- a/test/certs/embeddedSCTs1.sct
++++ b/test/certs/embeddedSCTs1.sct
+@@ -2,11 +2,11 @@ Signed Certificate Timestamp:
+ Version : v1 (0x0)
+ Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
+ 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
+- Timestamp : Apr 5 17:04:16.275 2013 GMT
++ Timestamp : Jan 1 00:00:00.000 2020 GMT
+ Extensions: none
+ Signature : ecdsa-with-SHA256
+- 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
+- D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
+- E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
+- F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
+- 05:51:9D:89:ED:BF:08
+\ No newline at end of file
++ 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A:
++ D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4:
++ BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F:
++ 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7:
++ 60:EB:A8:AF:03:5E:C3
+\ No newline at end of file
+diff --git a/test/certs/embeddedSCTs1_issuer-key.pem b/test/certs/embeddedSCTs1_issuer-key.pem
+new file mode 100644
+index 000000000000..9326e38b1eb7
+--- /dev/null
++++ b/test/certs/embeddedSCTs1_issuer-key.pem
+@@ -0,0 +1,15 @@
++-----BEGIN RSA PRIVATE KEY-----
++MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR
++yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm
++JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB
++AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK
++QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL
++GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq
++r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr
++4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw
+++mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ
++b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY
++xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN
++lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei
++T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU=
++-----END RSA PRIVATE KEY-----
+diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
+index 1fa449d5a098..6aa9455f09ed 100644
+--- a/test/certs/embeddedSCTs1_issuer.pem
++++ b/test/certs/embeddedSCTs1_issuer.pem
+@@ -1,18 +1,18 @@
+ -----BEGIN CERTIFICATE-----
+-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
++MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+ MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
+-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
+-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
+-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
+-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
+-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
+-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
+-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
+-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
+-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
+-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
+-OwqULg==
++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
++ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
++YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
++gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
++0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
++SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
++acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
++wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
++CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
++MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
++AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
+++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
++2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
++Doud4XrO
+ -----END CERTIFICATE-----
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
index c9cfc759c9..b306414776 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://afalg.patch \
file://reproducible.patch \
file://reproducibility.patch \
+ file://73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch \
"
SRC_URI_append_class-nativesdk = " \
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 03/14] openssl: update the epoch time for ct_test ptest
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 01/14] Revert "openssl: Backport fix for ptest cert expiry" Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 02/14] openssl: backport fix for ptest certificate expiration Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 04/14] e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem Steve Sakoman
` (10 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
We are getting an additional ptest failure after fixing the expired certificates.
Backport a patch from upstream to fix this.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...611887cfac633aacc052b2e71a7f195418b8.patch | 29 +++++++++++++++++++
.../openssl/openssl_1.1.1o.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch b/meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
new file mode 100644
index 0000000000..832f651660
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
@@ -0,0 +1,29 @@
+From b7ce611887cfac633aacc052b2e71a7f195418b8 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 1 Jun 2022 13:06:46 +0200
+Subject: [PATCH] ct_test.c: Update the epoch time
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/18446)
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/b7ce611887cfac633aacc052b2e71a7f195418b8]
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ test/ct_test.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/ct_test.c b/test/ct_test.c
+index 78d11ca98cf7..535897d09a77 100644
+--- a/test/ct_test.c
++++ b/test/ct_test.c
+@@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name)
+ if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
+ goto end;
+ fixture->test_case_name = test_case_name;
+- fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */
++ fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */
+ if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new())
+ || !TEST_int_eq(
+ CTLOG_STORE_load_default_file(fixture->ctlog_store), 1))
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
index b306414776..e24467739f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://reproducible.patch \
file://reproducibility.patch \
file://73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch \
+ file://b7ce611887cfac633aacc052b2e71a7f195418b8.patch \
"
SRC_URI_append_class-nativesdk = " \
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 04/14] e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 03/14] openssl: update the epoch time for ct_test ptest Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 05/14] pcre2: CVE-2022-1587 Out-of-bounds read Steve Sakoman
` (9 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git
MR: 117430
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
ChangeID: e6db00c6e8375a2e869fd2e4ead61ca9149eb8fa
Description:
CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../e2fsprogs/e2fsprogs/CVE-2022-1304.patch | 42 +++++++++++++++++++
.../e2fsprogs/e2fsprogs_1.45.7.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
new file mode 100644
index 0000000000..34e2567b25
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
@@ -0,0 +1,42 @@
+From a66071ed6a0d1fa666d22dcb78fa6fcb3bf22df3 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 27 May 2022 14:01:50 +0530
+Subject: [PATCH] CVE-2022-1304
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76]
+CVE: CVE-2022-1304
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+---
+ lib/ext2fs/extent.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
+index ac3dbfec9..a1b1905cd 100644
+--- a/lib/ext2fs/extent.c
++++ b/lib/ext2fs/extent.c
+@@ -495,6 +495,10 @@ retry:
+ ext2fs_le16_to_cpu(eh->eh_entries);
+ newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max);
+
++ /* Make sure there is at least one extent present */
++ if (newpath->left <= 0)
++ return EXT2_ET_EXTENT_NO_DOWN;
++
+ if (path->left > 0) {
+ ix++;
+ newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block);
+@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags)
+
+ cp = path->curr;
+
++ /* Sanity check before memmove() */
++ if (path->left < 0)
++ return EXT2_ET_EXTENT_LEAF_BAD;
++
+ if (path->left) {
+ memmove(cp, cp + sizeof(struct ext3_extent_idx),
+ path->left * sizeof(struct ext3_extent_idx));
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb
index 3bc530e02b..3e6faf4cb8 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.7.bb
@@ -6,6 +6,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://mkdir_p.patch \
file://0001-configure.ac-correct-AM_GNU_GETTEXT.patch \
file://0001-intl-do-not-try-to-use-gettext-defines-that-no-longe.patch \
+ file://CVE-2022-1304.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 05/14] pcre2: CVE-2022-1587 Out-of-bounds read
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 04/14] e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 06/14] libxslt: Fix CVE-2021-30560 Steve Sakoman
` (8 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/PCRE2Project/pcre2
MR: 118031
Type: Security Fix
Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933
Description:
CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libpcre/libpcre2/CVE-2022-1587.patch | 660 ++++++++++++++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
2 files changed, 661 insertions(+)
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
new file mode 100644
index 0000000000..70f9f9f079
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
@@ -0,0 +1,660 @@
+From aa5aac0d209e3debf80fc2db924d9401fc50454b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 23 May 2022 14:11:11 +0530
+Subject: [PATCH] CVE-2022-1587
+
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0]
+CVE: CVE-2022-1587
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+---
+ ChangeLog | 3 +
+ src/pcre2_jit_compile.c | 290 ++++++++++++++++++++++++++--------------
+ src/pcre2_jit_test.c | 1 +
+ 3 files changed, 194 insertions(+), 100 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index b5d72dc..de82de9 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -4,6 +4,9 @@ Change Log for PCRE2
+ 23. Fixed a unicode properrty matching issue in JIT. The character was not
+ fully read in caseless matching.
+
++24. Fixed an issue affecting recursions in JIT caused by duplicated data
++transfers.
++
+
+ Version 10.34 21-November-2019
+ ------------------------------
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 5d43865..493c96d 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -407,6 +407,9 @@ typedef struct compiler_common {
+ /* Locals used by fast fail optimization. */
+ sljit_s32 fast_fail_start_ptr;
+ sljit_s32 fast_fail_end_ptr;
++ /* Variables used by recursive call generator. */
++ sljit_s32 recurse_bitset_size;
++ uint8_t *recurse_bitset;
+
+ /* Flipped and lower case tables. */
+ const sljit_u8 *fcc;
+@@ -2109,19 +2112,39 @@ for (i = 0; i < RECURSE_TMP_REG_COUNT; i++)
+
+ #undef RECURSE_TMP_REG_COUNT
+
++static BOOL recurse_check_bit(compiler_common *common, sljit_sw bit_index)
++{
++uint8_t *byte;
++uint8_t mask;
++
++SLJIT_ASSERT((bit_index & (sizeof(sljit_sw) - 1)) == 0);
++
++bit_index >>= SLJIT_WORD_SHIFT;
++
++mask = 1 << (bit_index & 0x7);
++byte = common->recurse_bitset + (bit_index >> 3);
++
++if (*byte & mask)
++ return FALSE;
++
++*byte |= mask;
++return TRUE;
++}
++
+ static int get_recurse_data_length(compiler_common *common, PCRE2_SPTR cc, PCRE2_SPTR ccend,
+ BOOL *needs_control_head, BOOL *has_quit, BOOL *has_accept)
+ {
+ int length = 1;
+-int size;
++int size, offset;
+ PCRE2_SPTR alternative;
+ BOOL quit_found = FALSE;
+ BOOL accept_found = FALSE;
+ BOOL setsom_found = FALSE;
+ BOOL setmark_found = FALSE;
+-BOOL capture_last_found = FALSE;
+ BOOL control_head_found = FALSE;
+
++memset(common->recurse_bitset, 0, common->recurse_bitset_size);
++
+ #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD
+ SLJIT_ASSERT(common->control_head_ptr != 0);
+ control_head_found = TRUE;
+@@ -2144,15 +2167,17 @@ while (cc < ccend)
+ setsom_found = TRUE;
+ if (common->mark_ptr != 0)
+ setmark_found = TRUE;
+- if (common->capture_last_ptr != 0)
+- capture_last_found = TRUE;
++ if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
++ length++;
+ cc += 1 + LINK_SIZE;
+ break;
+
+ case OP_KET:
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0)
+ {
+- length++;
++ if (recurse_check_bit(common, offset))
++ length++;
+ SLJIT_ASSERT(PRIVATE_DATA(cc + 1) != 0);
+ cc += PRIVATE_DATA(cc + 1);
+ }
+@@ -2169,39 +2194,55 @@ while (cc < ccend)
+ case OP_SBRA:
+ case OP_SBRAPOS:
+ case OP_SCOND:
+- length++;
+ SLJIT_ASSERT(PRIVATE_DATA(cc) != 0);
++ if (recurse_check_bit(common, PRIVATE_DATA(cc)))
++ length++;
+ cc += 1 + LINK_SIZE;
+ break;
+
+ case OP_CBRA:
+ case OP_SCBRA:
+- length += 2;
+- if (common->capture_last_ptr != 0)
+- capture_last_found = TRUE;
+- if (common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0)
++ offset = GET2(cc, 1 + LINK_SIZE);
++ if (recurse_check_bit(common, OVECTOR(offset << 1)))
++ {
++ SLJIT_ASSERT(recurse_check_bit(common, OVECTOR((offset << 1) + 1)));
++ length += 2;
++ }
++ if (common->optimized_cbracket[offset] == 0 && recurse_check_bit(common, OVECTOR_PRIV(offset)))
++ length++;
++ if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+ length++;
+ cc += 1 + LINK_SIZE + IMM2_SIZE;
+ break;
+
+ case OP_CBRAPOS:
+ case OP_SCBRAPOS:
+- length += 2 + 2;
+- if (common->capture_last_ptr != 0)
+- capture_last_found = TRUE;
++ offset = GET2(cc, 1 + LINK_SIZE);
++ if (recurse_check_bit(common, OVECTOR(offset << 1)))
++ {
++ SLJIT_ASSERT(recurse_check_bit(common, OVECTOR((offset << 1) + 1)));
++ length += 2;
++ }
++ if (recurse_check_bit(common, OVECTOR_PRIV(offset)))
++ length++;
++ if (recurse_check_bit(common, PRIVATE_DATA(cc)))
++ length++;
++ if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
++ length++;
+ cc += 1 + LINK_SIZE + IMM2_SIZE;
+ break;
+
+ case OP_COND:
+ /* Might be a hidden SCOND. */
+ alternative = cc + GET(cc, 1);
+- if (*alternative == OP_KETRMAX || *alternative == OP_KETRMIN)
++ if ((*alternative == OP_KETRMAX || *alternative == OP_KETRMIN) && recurse_check_bit(common, PRIVATE_DATA(cc)))
+ length++;
+ cc += 1 + LINK_SIZE;
+ break;
+
+ CASE_ITERATOR_PRIVATE_DATA_1
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
+ length++;
+ cc += 2;
+ #ifdef SUPPORT_UNICODE
+@@ -2210,8 +2251,12 @@ while (cc < ccend)
+ break;
+
+ CASE_ITERATOR_PRIVATE_DATA_2A
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
++ {
++ SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+ length += 2;
++ }
+ cc += 2;
+ #ifdef SUPPORT_UNICODE
+ if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+@@ -2219,8 +2264,12 @@ while (cc < ccend)
+ break;
+
+ CASE_ITERATOR_PRIVATE_DATA_2B
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
++ {
++ SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+ length += 2;
++ }
+ cc += 2 + IMM2_SIZE;
+ #ifdef SUPPORT_UNICODE
+ if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+@@ -2228,20 +2277,29 @@ while (cc < ccend)
+ break;
+
+ CASE_ITERATOR_TYPE_PRIVATE_DATA_1
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
+ length++;
+ cc += 1;
+ break;
+
+ CASE_ITERATOR_TYPE_PRIVATE_DATA_2A
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
++ {
++ SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+ length += 2;
++ }
+ cc += 1;
+ break;
+
+ CASE_ITERATOR_TYPE_PRIVATE_DATA_2B
+- if (PRIVATE_DATA(cc) != 0)
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
++ {
++ SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+ length += 2;
++ }
+ cc += 1 + IMM2_SIZE;
+ break;
+
+@@ -2253,7 +2311,9 @@ while (cc < ccend)
+ #else
+ size = 1 + 32 / (int)sizeof(PCRE2_UCHAR);
+ #endif
+- if (PRIVATE_DATA(cc) != 0)
++
++ offset = PRIVATE_DATA(cc);
++ if (offset != 0 && recurse_check_bit(common, offset))
+ length += get_class_iterator_size(cc + size);
+ cc += size;
+ break;
+@@ -2288,8 +2348,7 @@ while (cc < ccend)
+ case OP_THEN:
+ SLJIT_ASSERT(common->control_head_ptr != 0);
+ quit_found = TRUE;
+- if (!control_head_found)
+- control_head_found = TRUE;
++ control_head_found = TRUE;
+ cc++;
+ break;
+
+@@ -2309,8 +2368,6 @@ SLJIT_ASSERT(cc == ccend);
+
+ if (control_head_found)
+ length++;
+-if (capture_last_found)
+- length++;
+ if (quit_found)
+ {
+ if (setsom_found)
+@@ -2343,14 +2400,12 @@ sljit_sw shared_srcw[3];
+ sljit_sw kept_shared_srcw[2];
+ int private_count, shared_count, kept_shared_count;
+ int from_sp, base_reg, offset, i;
+-BOOL setsom_found = FALSE;
+-BOOL setmark_found = FALSE;
+-BOOL capture_last_found = FALSE;
+-BOOL control_head_found = FALSE;
++
++memset(common->recurse_bitset, 0, common->recurse_bitset_size);
+
+ #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD
+ SLJIT_ASSERT(common->control_head_ptr != 0);
+-control_head_found = TRUE;
++recurse_check_bit(common, common->control_head_ptr);
+ #endif
+
+ switch (type)
+@@ -2438,11 +2493,10 @@ while (cc < ccend)
+ {
+ case OP_SET_SOM:
+ SLJIT_ASSERT(common->has_set_som);
+- if (has_quit && !setsom_found)
++ if (has_quit && recurse_check_bit(common, OVECTOR(0)))
+ {
+ kept_shared_srcw[0] = OVECTOR(0);
+ kept_shared_count = 1;
+- setsom_found = TRUE;
+ }
+ cc += 1;
+ break;
+@@ -2450,33 +2504,31 @@ while (cc < ccend)
+ case OP_RECURSE:
+ if (has_quit)
+ {
+- if (common->has_set_som && !setsom_found)
++ if (common->has_set_som && recurse_check_bit(common, OVECTOR(0)))
+ {
+ kept_shared_srcw[0] = OVECTOR(0);
+ kept_shared_count = 1;
+- setsom_found = TRUE;
+ }
+- if (common->mark_ptr != 0 && !setmark_found)
++ if (common->mark_ptr != 0 && recurse_check_bit(common, common->mark_ptr))
+ {
+ kept_shared_srcw[kept_shared_count] = common->mark_ptr;
+ kept_shared_count++;
+- setmark_found = TRUE;
+ }
+ }
+- if (common->capture_last_ptr != 0 && !capture_last_found)
++ if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+ {
+ shared_srcw[0] = common->capture_last_ptr;
+ shared_count = 1;
+- capture_last_found = TRUE;
+ }
+ cc += 1 + LINK_SIZE;
+ break;
+
+ case OP_KET:
+- if (PRIVATE_DATA(cc) != 0)
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0)
+ {
+- private_count = 1;
+- private_srcw[0] = PRIVATE_DATA(cc);
++ if (recurse_check_bit(common, private_srcw[0]))
++ private_count = 1;
+ SLJIT_ASSERT(PRIVATE_DATA(cc + 1) != 0);
+ cc += PRIVATE_DATA(cc + 1);
+ }
+@@ -2493,50 +2545,66 @@ while (cc < ccend)
+ case OP_SBRA:
+ case OP_SBRAPOS:
+ case OP_SCOND:
+- private_count = 1;
+ private_srcw[0] = PRIVATE_DATA(cc);
++ if (recurse_check_bit(common, private_srcw[0]))
++ private_count = 1;
+ cc += 1 + LINK_SIZE;
+ break;
+
+ case OP_CBRA:
+ case OP_SCBRA:
+- offset = (GET2(cc, 1 + LINK_SIZE)) << 1;
+- shared_srcw[0] = OVECTOR(offset);
+- shared_srcw[1] = OVECTOR(offset + 1);
+- shared_count = 2;
++ offset = GET2(cc, 1 + LINK_SIZE);
++ shared_srcw[0] = OVECTOR(offset << 1);
++ if (recurse_check_bit(common, shared_srcw[0]))
++ {
++ shared_srcw[1] = shared_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, shared_srcw[1]));
++ shared_count = 2;
++ }
+
+- if (common->capture_last_ptr != 0 && !capture_last_found)
++ if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+ {
+- shared_srcw[2] = common->capture_last_ptr;
+- shared_count = 3;
+- capture_last_found = TRUE;
++ shared_srcw[shared_count] = common->capture_last_ptr;
++ shared_count++;
+ }
+
+- if (common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0)
++ if (common->optimized_cbracket[offset] == 0)
+ {
+- private_count = 1;
+- private_srcw[0] = OVECTOR_PRIV(GET2(cc, 1 + LINK_SIZE));
++ private_srcw[0] = OVECTOR_PRIV(offset);
++ if (recurse_check_bit(common, private_srcw[0]))
++ private_count = 1;
+ }
++
+ cc += 1 + LINK_SIZE + IMM2_SIZE;
+ break;
+
+ case OP_CBRAPOS:
+ case OP_SCBRAPOS:
+- offset = (GET2(cc, 1 + LINK_SIZE)) << 1;
+- shared_srcw[0] = OVECTOR(offset);
+- shared_srcw[1] = OVECTOR(offset + 1);
+- shared_count = 2;
++ offset = GET2(cc, 1 + LINK_SIZE);
++ shared_srcw[0] = OVECTOR(offset << 1);
++ if (recurse_check_bit(common, shared_srcw[0]))
++ {
++ shared_srcw[1] = shared_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, shared_srcw[1]));
++ shared_count = 2;
++ }
+
+- if (common->capture_last_ptr != 0 && !capture_last_found)
++ if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+ {
+- shared_srcw[2] = common->capture_last_ptr;
+- shared_count = 3;
+- capture_last_found = TRUE;
++ shared_srcw[shared_count] = common->capture_last_ptr;
++ shared_count++;
+ }
+
+- private_count = 2;
+ private_srcw[0] = PRIVATE_DATA(cc);
+- private_srcw[1] = OVECTOR_PRIV(GET2(cc, 1 + LINK_SIZE));
++ if (recurse_check_bit(common, private_srcw[0]))
++ private_count = 1;
++
++ offset = OVECTOR_PRIV(offset);
++ if (recurse_check_bit(common, offset))
++ {
++ private_srcw[private_count] = offset;
++ private_count++;
++ }
+ cc += 1 + LINK_SIZE + IMM2_SIZE;
+ break;
+
+@@ -2545,18 +2613,17 @@ while (cc < ccend)
+ alternative = cc + GET(cc, 1);
+ if (*alternative == OP_KETRMAX || *alternative == OP_KETRMIN)
+ {
+- private_count = 1;
+ private_srcw[0] = PRIVATE_DATA(cc);
++ if (recurse_check_bit(common, private_srcw[0]))
++ private_count = 1;
+ }
+ cc += 1 + LINK_SIZE;
+ break;
+
+ CASE_ITERATOR_PRIVATE_DATA_1
+- if (PRIVATE_DATA(cc))
+- {
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+ private_count = 1;
+- private_srcw[0] = PRIVATE_DATA(cc);
+- }
+ cc += 2;
+ #ifdef SUPPORT_UNICODE
+ if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+@@ -2564,11 +2631,12 @@ while (cc < ccend)
+ break;
+
+ CASE_ITERATOR_PRIVATE_DATA_2A
+- if (PRIVATE_DATA(cc))
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+ {
+ private_count = 2;
+- private_srcw[0] = PRIVATE_DATA(cc);
+- private_srcw[1] = PRIVATE_DATA(cc) + sizeof(sljit_sw);
++ private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+ }
+ cc += 2;
+ #ifdef SUPPORT_UNICODE
+@@ -2577,11 +2645,12 @@ while (cc < ccend)
+ break;
+
+ CASE_ITERATOR_PRIVATE_DATA_2B
+- if (PRIVATE_DATA(cc))
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+ {
+ private_count = 2;
+- private_srcw[0] = PRIVATE_DATA(cc);
+- private_srcw[1] = PRIVATE_DATA(cc) + sizeof(sljit_sw);
++ private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+ }
+ cc += 2 + IMM2_SIZE;
+ #ifdef SUPPORT_UNICODE
+@@ -2590,30 +2659,30 @@ while (cc < ccend)
+ break;
+
+ CASE_ITERATOR_TYPE_PRIVATE_DATA_1
+- if (PRIVATE_DATA(cc))
+- {
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+ private_count = 1;
+- private_srcw[0] = PRIVATE_DATA(cc);
+- }
+ cc += 1;
+ break;
+
+ CASE_ITERATOR_TYPE_PRIVATE_DATA_2A
+- if (PRIVATE_DATA(cc))
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+ {
+ private_count = 2;
+- private_srcw[0] = PRIVATE_DATA(cc);
+ private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+ }
+ cc += 1;
+ break;
+
+ CASE_ITERATOR_TYPE_PRIVATE_DATA_2B
+- if (PRIVATE_DATA(cc))
++ private_srcw[0] = PRIVATE_DATA(cc);
++ if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+ {
+ private_count = 2;
+- private_srcw[0] = PRIVATE_DATA(cc);
+ private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+ }
+ cc += 1 + IMM2_SIZE;
+ break;
+@@ -2630,14 +2699,17 @@ while (cc < ccend)
+ switch(get_class_iterator_size(cc + i))
+ {
+ case 1:
+- private_count = 1;
+ private_srcw[0] = PRIVATE_DATA(cc);
+ break;
+
+ case 2:
+- private_count = 2;
+ private_srcw[0] = PRIVATE_DATA(cc);
+- private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++ if (recurse_check_bit(common, private_srcw[0]))
++ {
++ private_count = 2;
++ private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++ SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
++ }
+ break;
+
+ default:
+@@ -2652,28 +2724,25 @@ while (cc < ccend)
+ case OP_PRUNE_ARG:
+ case OP_THEN_ARG:
+ SLJIT_ASSERT(common->mark_ptr != 0);
+- if (has_quit && !setmark_found)
++ if (has_quit && recurse_check_bit(common, common->mark_ptr))
+ {
+ kept_shared_srcw[0] = common->mark_ptr;
+ kept_shared_count = 1;
+- setmark_found = TRUE;
+ }
+- if (common->control_head_ptr != 0 && !control_head_found)
++ if (common->control_head_ptr != 0 && recurse_check_bit(common, common->control_head_ptr))
+ {
+ shared_srcw[0] = common->control_head_ptr;
+ shared_count = 1;
+- control_head_found = TRUE;
+ }
+ cc += 1 + 2 + cc[1];
+ break;
+
+ case OP_THEN:
+ SLJIT_ASSERT(common->control_head_ptr != 0);
+- if (!control_head_found)
++ if (recurse_check_bit(common, common->control_head_ptr))
+ {
+ shared_srcw[0] = common->control_head_ptr;
+ shared_count = 1;
+- control_head_found = TRUE;
+ }
+ cc++;
+ break;
+@@ -2681,7 +2750,7 @@ while (cc < ccend)
+ default:
+ cc = next_opcode(common, cc);
+ SLJIT_ASSERT(cc != NULL);
+- break;
++ continue;
+ }
+
+ if (type != recurse_copy_shared_to_global && type != recurse_copy_kept_shared_to_global)
+@@ -13262,7 +13331,7 @@ SLJIT_ASSERT(!(common->req_char_ptr != 0 && common->start_used_ptr != 0));
+ common->cbra_ptr = OVECTOR_START + (re->top_bracket + 1) * 2 * sizeof(sljit_sw);
+
+ total_length = ccend - common->start;
+-common->private_data_ptrs = (sljit_s32 *)SLJIT_MALLOC(total_length * (sizeof(sljit_s32) + (common->has_then ? 1 : 0)), allocator_data);
++common->private_data_ptrs = (sljit_s32*)SLJIT_MALLOC(total_length * (sizeof(sljit_s32) + (common->has_then ? 1 : 0)), allocator_data);
+ if (!common->private_data_ptrs)
+ {
+ SLJIT_FREE(common->optimized_cbracket, allocator_data);
+@@ -13304,6 +13373,7 @@ if (!compiler)
+ common->compiler = compiler;
+
+ /* Main pcre_jit_exec entry. */
++LJIT_ASSERT((private_data_size & (sizeof(sljit_sw) - 1)) == 0);
+ sljit_emit_enter(compiler, 0, SLJIT_ARG1(SW), 5, 5, 0, 0, private_data_size);
+
+ /* Register init. */
+@@ -13524,20 +13594,40 @@ common->fast_fail_end_ptr = 0;
+ common->currententry = common->entries;
+ common->local_quit_available = TRUE;
+ quit_label = common->quit_label;
+-while (common->currententry != NULL)
++if (common->currententry != NULL)
+ {
+- /* Might add new entries. */
+- compile_recurse(common);
+- if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
++ /* A free bit for each private data. */
++ common->recurse_bitset_size = ((private_data_size / (int)sizeof(sljit_sw)) + 7) >> 3;
++ SLJIT_ASSERT(common->recurse_bitset_size > 0);
++ common->recurse_bitset = (sljit_u8*)SLJIT_MALLOC(common->recurse_bitset_size, allocator_data);;
++
++ if (common->recurse_bitset != NULL)
++ {
++ do
++ {
++ /* Might add new entries. */
++ compile_recurse(common);
++ if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
++ break;
++ flush_stubs(common);
++ common->currententry = common->currententry->next;
++ }
++ while (common->currententry != NULL);
++
++ SLJIT_FREE(common->recurse_bitset, allocator_data);
++ }
++
++ if (common->currententry != NULL)
+ {
++ /* The common->recurse_bitset has been freed. */
++ SLJIT_ASSERT(sljit_get_compiler_error(compiler) || common->recurse_bitset == NULL);
++
+ sljit_free_compiler(compiler);
+ SLJIT_FREE(common->optimized_cbracket, allocator_data);
+ SLJIT_FREE(common->private_data_ptrs, allocator_data);
+ PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
+ return PCRE2_ERROR_NOMEMORY;
+ }
+- flush_stubs(common);
+- common->currententry = common->currententry->next;
+ }
+ common->local_quit_available = FALSE;
+ common->quit_label = quit_label;
+diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c
+index 9df87fd..2f84834 100644
+--- a/src/pcre2_jit_test.c
++++ b/src/pcre2_jit_test.c
+@@ -746,6 +746,7 @@ static struct regression_test_case regression_test_cases[] = {
+ { MU, A, 0, 0, "((?(R)a|(?1)){1,3}?)M", "aaaM" },
+ { MU, A, 0, 0, "((.)(?:.|\\2(?1))){0}#(?1)#", "#aabbccdde# #aabbccddee#" },
+ { MU, A, 0, 0, "((.)(?:\\2|\\2{4}b)){0}#(?:(?1))+#", "#aaaab# #aaaaab#" },
++ { MU, A, 0, 0 | F_NOMATCH, "(?1)$((.|\\2xx){1,2})", "abc" },
+
+ /* 16 bit specific tests. */
+ { CM, A, 0, 0 | F_FORCECONV, "\xc3\xa1", "\xc3\x81\xc3\xa1" },
+--
+2.25.1
+
diff --git a/meta/recipes-support/libpcre/libpcre2_10.34.bb b/meta/recipes-support/libpcre/libpcre2_10.34.bb
index 213b946a54..254badf6f6 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.34.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.34.bb
@@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
file://CVE-2022-1586.patch \
+ file://CVE-2022-1587.patch \
"
SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366"
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 06/14] libxslt: Fix CVE-2021-30560
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 05/14] pcre2: CVE-2022-1587 Out-of-bounds read Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 07/14] libxslt: Mark CVE-2022-29824 as not applying Steve Sakoman
` (7 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: omkar patil <omkar.patil@kpit.com>
CVE: CVE-2021-30560
Signed-off-by: omkar patil <omkar.patil@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxslt/libxslt/CVE-2021-30560.patch | 201 ++++++++++++++++++
.../recipes-support/libxslt/libxslt_1.1.34.bb | 1 +
2 files changed, 202 insertions(+)
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch
diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch b/meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch
new file mode 100644
index 0000000000..614047ea7a
--- /dev/null
+++ b/meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch
@@ -0,0 +1,201 @@
+From 50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 12 Jun 2021 20:02:53 +0200
+Subject: [PATCH] Fix use-after-free in xsltApplyTemplates
+
+xsltApplyTemplates without a select expression could delete nodes in
+the source document.
+
+1. Text nodes with strippable whitespace
+
+Whitespace from input documents is already stripped, so there's no
+need to strip it again. Under certain circumstances, xsltApplyTemplates
+could be fooled into deleting text nodes that are still referenced,
+resulting in a use-after-free.
+
+2. The DTD
+
+The DTD was only unlinked, but there's no good reason to do this just
+now. Maybe it was meant as a micro-optimization.
+
+3. Unknown nodes
+
+Useless and dangerous as well, especially with XInclude nodes.
+See https://gitlab.gnome.org/GNOME/libxml2/-/issues/268
+
+Simply stop trying to uselessly delete nodes when applying a template.
+This part of the code is probably a leftover from a time where
+xsltApplyStripSpaces wasn't implemented yet. Also note that
+xsltApplyTemplates with a select expression never tried to delete
+nodes.
+
+Also stop xsltDefaultProcessOneNode from deleting nodes for the same
+reasons.
+
+This fixes CVE-2021-30560.
+
+CVE: CVE-2021-30560
+Upstream-Status: Backport [https://github.com/GNOME/libxslt/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8.patch]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com>
+
+---
+ libxslt/transform.c | 119 +++-----------------------------------------
+ 1 file changed, 7 insertions(+), 112 deletions(-)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 04522154..3aba354f 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1895,7 +1895,7 @@ static void
+ xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ xsltStackElemPtr params) {
+ xmlNodePtr copy;
+- xmlNodePtr delete = NULL, cur;
++ xmlNodePtr cur;
+ int nbchild = 0, oldSize;
+ int childno = 0, oldPos;
+ xsltTemplatePtr template;
+@@ -1968,54 +1968,13 @@ xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ return;
+ }
+ /*
+- * Handling of Elements: first pass, cleanup and counting
++ * Handling of Elements: first pass, counting
+ */
+ cur = node->children;
+ while (cur != NULL) {
+- switch (cur->type) {
+- case XML_TEXT_NODE:
+- case XML_CDATA_SECTION_NODE:
+- case XML_DOCUMENT_NODE:
+- case XML_HTML_DOCUMENT_NODE:
+- case XML_ELEMENT_NODE:
+- case XML_PI_NODE:
+- case XML_COMMENT_NODE:
+- nbchild++;
+- break;
+- case XML_DTD_NODE:
+- /* Unlink the DTD, it's still reachable using doc->intSubset */
+- if (cur->next != NULL)
+- cur->next->prev = cur->prev;
+- if (cur->prev != NULL)
+- cur->prev->next = cur->next;
+- break;
+- default:
+-#ifdef WITH_XSLT_DEBUG_PROCESS
+- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext,
+- "xsltDefaultProcessOneNode: skipping node type %d\n",
+- cur->type));
+-#endif
+- delete = cur;
+- }
++ if (IS_XSLT_REAL_NODE(cur))
++ nbchild++;
+ cur = cur->next;
+- if (delete != NULL) {
+-#ifdef WITH_XSLT_DEBUG_PROCESS
+- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext,
+- "xsltDefaultProcessOneNode: removing ignorable blank node\n"));
+-#endif
+- xmlUnlinkNode(delete);
+- xmlFreeNode(delete);
+- delete = NULL;
+- }
+- }
+- if (delete != NULL) {
+-#ifdef WITH_XSLT_DEBUG_PROCESS
+- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext,
+- "xsltDefaultProcessOneNode: removing ignorable blank node\n"));
+-#endif
+- xmlUnlinkNode(delete);
+- xmlFreeNode(delete);
+- delete = NULL;
+ }
+
+ /*
+@@ -4864,7 +4823,7 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ xsltStylePreCompPtr comp = (xsltStylePreCompPtr) castedComp;
+ #endif
+ int i;
+- xmlNodePtr cur, delNode = NULL, oldContextNode;
++ xmlNodePtr cur, oldContextNode;
+ xmlNodeSetPtr list = NULL, oldList;
+ xsltStackElemPtr withParams = NULL;
+ int oldXPProximityPosition, oldXPContextSize;
+@@ -4998,73 +4957,9 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ else
+ cur = NULL;
+ while (cur != NULL) {
+- switch (cur->type) {
+- case XML_TEXT_NODE:
+- if ((IS_BLANK_NODE(cur)) &&
+- (cur->parent != NULL) &&
+- (cur->parent->type == XML_ELEMENT_NODE) &&
+- (ctxt->style->stripSpaces != NULL)) {
+- const xmlChar *val;
+-
+- if (cur->parent->ns != NULL) {
+- val = (const xmlChar *)
+- xmlHashLookup2(ctxt->style->stripSpaces,
+- cur->parent->name,
+- cur->parent->ns->href);
+- if (val == NULL) {
+- val = (const xmlChar *)
+- xmlHashLookup2(ctxt->style->stripSpaces,
+- BAD_CAST "*",
+- cur->parent->ns->href);
+- }
+- } else {
+- val = (const xmlChar *)
+- xmlHashLookup2(ctxt->style->stripSpaces,
+- cur->parent->name, NULL);
+- }
+- if ((val != NULL) &&
+- (xmlStrEqual(val, (xmlChar *) "strip"))) {
+- delNode = cur;
+- break;
+- }
+- }
+- /* Intentional fall-through */
+- case XML_ELEMENT_NODE:
+- case XML_DOCUMENT_NODE:
+- case XML_HTML_DOCUMENT_NODE:
+- case XML_CDATA_SECTION_NODE:
+- case XML_PI_NODE:
+- case XML_COMMENT_NODE:
+- xmlXPathNodeSetAddUnique(list, cur);
+- break;
+- case XML_DTD_NODE:
+- /* Unlink the DTD, it's still reachable
+- * using doc->intSubset */
+- if (cur->next != NULL)
+- cur->next->prev = cur->prev;
+- if (cur->prev != NULL)
+- cur->prev->next = cur->next;
+- break;
+- case XML_NAMESPACE_DECL:
+- break;
+- default:
+-#ifdef WITH_XSLT_DEBUG_PROCESS
+- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext,
+- "xsltApplyTemplates: skipping cur type %d\n",
+- cur->type));
+-#endif
+- delNode = cur;
+- }
++ if (IS_XSLT_REAL_NODE(cur))
++ xmlXPathNodeSetAddUnique(list, cur);
+ cur = cur->next;
+- if (delNode != NULL) {
+-#ifdef WITH_XSLT_DEBUG_PROCESS
+- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext,
+- "xsltApplyTemplates: removing ignorable blank cur\n"));
+-#endif
+- xmlUnlinkNode(delNode);
+- xmlFreeNode(delNode);
+- delNode = NULL;
+- }
+ }
+ }
+
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.34.bb b/meta/recipes-support/libxslt/libxslt_1.1.34.bb
index 63cce6fe06..62afec5755 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.34.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.34.bb
@@ -14,6 +14,7 @@ SECTION = "libs"
DEPENDS = "libxml2"
SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
+ file://CVE-2021-30560.patch \
"
SRC_URI[md5sum] = "db8765c8d076f1b6caafd9f2542a304a"
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 07/14] libxslt: Mark CVE-2022-29824 as not applying
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 06/14] libxslt: Fix CVE-2021-30560 Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 08/14] curl: Backport CVE fixes Steve Sakoman
` (6 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We have libxml2 2.9.10 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.
(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)
Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/libxslt/libxslt_1.1.34.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.34.bb b/meta/recipes-support/libxslt/libxslt_1.1.34.bb
index 62afec5755..4755677bec 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.34.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.34.bb
@@ -22,6 +22,10 @@ SRC_URI[sha256sum] = "98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7
UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
+# We have libxml2 2.9.10 and we don't link statically with it anyway
+# so this isn't an issue.
+CVE_CHECK_WHITELIST += "CVE-2022-29824"
+
S = "${WORKDIR}/libxslt-${PV}"
BINCONFIG = "${bindir}/xslt-config"
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 08/14] curl: Backport CVE fixes
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 07/14] libxslt: Mark CVE-2022-29824 as not applying Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 09/14] curl: Fix CVE_CHECK_WHITELIST typo Steve Sakoman
` (5 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Robert Joslyn <robert.joslyn@redrectangle.org>
Backport patches to address CVE-2022-27774, CVE-2022-27781, and
CVE-2022-27782.
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../curl/curl/CVE-2022-27774-1.patch | 45 +++
.../curl/curl/CVE-2022-27774-2.patch | 80 ++++
.../curl/curl/CVE-2022-27774-3.patch | 83 ++++
.../curl/curl/CVE-2022-27774-4.patch | 35 ++
.../curl/curl/CVE-2022-27781.patch | 46 +++
.../curl/curl/CVE-2022-27782-1.patch | 363 ++++++++++++++++++
.../curl/curl/CVE-2022-27782-2.patch | 71 ++++
meta/recipes-support/curl/curl_7.69.1.bb | 7 +
8 files changed, 730 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-1.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
new file mode 100644
index 0000000000..063c11712a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
@@ -0,0 +1,45 @@
+From 2a797e099731facf62a2c675396334bc2ad3bc7c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 25 Apr 2022 16:24:33 +0200
+Subject: [PATCH] connect: store "conn_remote_port" in the info struct
+
+To make it available after the connection ended.
+
+Prerequisite for the patches that address CVE-2022-27774.
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/08b8ef4e726ba10f45081ecda5b3cea788d3c839]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/connect.c | 1 +
+ lib/urldata.h | 6 +++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index b3d4057..a977d67 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -624,6 +624,7 @@ void Curl_persistconninfo(struct connectdata *conn)
+ conn->data->info.conn_scheme = conn->handler->scheme;
+ conn->data->info.conn_protocol = conn->handler->protocol;
+ conn->data->info.conn_primary_port = conn->primary_port;
++ conn->data->info.conn_remote_port = conn->remote_port;
+ conn->data->info.conn_local_port = conn->local_port;
+ }
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index fafb7a3..ab1b267 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1148,7 +1148,11 @@ struct PureInfo {
+ reused, in the connection cache. */
+
+ char conn_primary_ip[MAX_IPADR_LEN];
+- long conn_primary_port;
++ long conn_primary_port; /* this is the destination port to the connection,
++ which might have been a proxy */
++ long conn_remote_port; /* this is the "remote port", which is the port
++ number of the used URL, independent of proxy or
++ not */
+ char conn_local_ip[MAX_IPADR_LEN];
+ long conn_local_port;
+ const char *conn_scheme;
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-2.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
new file mode 100644
index 0000000000..c64d614194
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
@@ -0,0 +1,80 @@
+From 5c2f3b3a5f115625134669d90d591de9c5aafc8e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 25 Apr 2022 16:24:33 +0200
+Subject: [PATCH] transfer: redirects to other protocols or ports clear auth
+
+... unless explicitly permitted.
+
+Bug: https://curl.se/docs/CVE-2022-27774.html
+Reported-by: Harry Sintonen
+Closes #8748
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/transfer.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 48 insertions(+), 1 deletion(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index 744e1c0..ac69d27 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1627,10 +1627,57 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else {
+-
+ uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
+ if(uc)
+ return Curl_uc_to_curlcode(uc);
++
++ /* Clear auth if this redirects to a different port number or protocol,
++ unless permitted */
++ if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {
++ char *portnum;
++ int port;
++ bool clear = FALSE;
++
++ if(data->set.use_port && data->state.allow_port)
++ /* a custom port is used */
++ port = (int)data->set.use_port;
++ else {
++ uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum,
++ CURLU_DEFAULT_PORT);
++ if(uc) {
++ free(newurl);
++ return Curl_uc_to_curlcode(uc);
++ }
++ port = atoi(portnum);
++ free(portnum);
++ }
++ if(port != data->info.conn_remote_port) {
++ infof(data, "Clear auth, redirects to port from %u to %u",
++ data->info.conn_remote_port, port);
++ clear = TRUE;
++ }
++ else {
++ char *scheme;
++ const struct Curl_handler *p;
++ uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0);
++ if(uc) {
++ free(newurl);
++ return Curl_uc_to_curlcode(uc);
++ }
++
++ p = Curl_builtin_scheme(scheme);
++ if(p && (p->protocol != data->info.conn_protocol)) {
++ infof(data, "Clear auth, redirects scheme from %s to %s",
++ data->info.conn_scheme, scheme);
++ clear = TRUE;
++ }
++ free(scheme);
++ }
++ if(clear) {
++ Curl_safefree(data->set.str[STRING_USERNAME]);
++ Curl_safefree(data->set.str[STRING_PASSWORD]);
++ }
++ }
+ }
+
+ if(type == FOLLOW_FAKE) {
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
new file mode 100644
index 0000000000..a585f6a8fa
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
@@ -0,0 +1,83 @@
+From 5dccf21ad49eed925e8f76b0cb844877239ce23d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 25 Apr 2022 17:59:15 +0200
+Subject: [PATCH] openssl: don't leak the SRP credentials in redirects either
+
+Follow-up to 620ea21410030
+
+Reported-by: Harry Sintonen
+Closes #8751
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/http.c | 10 +++++-----
+ lib/http.h | 6 ++++++
+ lib/vtls/openssl.c | 3 ++-
+ 3 files changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index 8b16c09..5291c07 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -732,10 +732,10 @@ output_auth_headers(struct connectdata *conn,
+ }
+
+ /*
+- * allow_auth_to_host() tells if autentication, cookies or other "sensitive
+- * data" can (still) be sent to this host.
++ * Curl_allow_auth_to_host() tells if authentication, cookies or other
++ * "sensitive data" can (still) be sent to this host.
+ */
+-static bool allow_auth_to_host(struct Curl_easy *data)
++bool Curl_allow_auth_to_host(struct Curl_easy *data)
+ {
+ struct connectdata *conn = data->conn;
+ return (!data->state.this_is_a_follow ||
+@@ -816,7 +816,7 @@ Curl_http_output_auth(struct connectdata *conn,
+
+ /* To prevent the user+password to get sent to other than the original host
+ due to a location-follow */
+- if(allow_auth_to_host(data)
++ if(Curl_allow_auth_to_host(data)
+ || conn->bits.netrc
+ )
+ result = output_auth_headers(conn, authhost, request, path, FALSE);
+@@ -1891,7 +1891,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
+ checkprefix("Cookie:", compare)) &&
+ /* be careful of sending this potentially sensitive header to
+ other hosts */
+- !allow_auth_to_host(data))
++ !Curl_allow_auth_to_host(data))
+ ;
+ else {
+ result = Curl_add_bufferf(&req_buffer, "%s\r\n", compare);
+diff --git a/lib/http.h b/lib/http.h
+index 4c1825f..4fbae1d 100644
+--- a/lib/http.h
++++ b/lib/http.h
+@@ -273,4 +273,10 @@ Curl_http_output_auth(struct connectdata *conn,
+ bool proxytunnel); /* TRUE if this is the request setting
+ up the proxy tunnel */
+
++/*
++ * Curl_allow_auth_to_host() tells if authentication, cookies or other
++ * "sensitive data" can (still) be sent to this host.
++ */
++bool Curl_allow_auth_to_host(struct Curl_easy *data);
++
+ #endif /* HEADER_CURL_HTTP_H */
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 006a8c8..a14cecc 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -2739,7 +2739,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ #endif
+
+ #ifdef USE_TLS_SRP
+- if(ssl_authtype == CURL_TLSAUTH_SRP) {
++ if((ssl_authtype == CURL_TLSAUTH_SRP) &&
++ Curl_allow_auth_to_host(data)) {
+ char * const ssl_username = SSL_SET_OPTION(username);
+
+ infof(data, "Using TLS-SRP username: %s\n", ssl_username);
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-4.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
new file mode 100644
index 0000000000..2258681cab
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
@@ -0,0 +1,35 @@
+From 7395752e2f7b87dc8c8f2a7137075e2da554aaea Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 26 Apr 2022 07:46:19 +0200
+Subject: [PATCH] gnutls: don't leak the SRP credentials in redirects
+
+Follow-up to 620ea21410030 and 139a54ed0a172a
+
+Reported-by: Harry Sintonen
+Closes #8752
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/093531556203decd92d92bccd431edbe5561781c]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/vtls/gtls.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 8c05102..3d0758d 100644
+--- a/lib/vtls/gtls.c
++++ b/lib/vtls/gtls.c
+@@ -581,11 +581,11 @@ gtls_connect_step1(struct connectdata *conn,
+ }
+
+ #ifdef USE_TLS_SRP
+- if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
++ if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
++ Curl_allow_auth_to_host(data)) {
+ infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
+
+- rc = gnutls_srp_allocate_client_credentials(
+- &BACKEND->srp_client_cred);
++ rc = gnutls_srp_allocate_client_credentials(&BACKEND->srp_client_cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
+ gnutls_strerror(rc));
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27781.patch b/meta/recipes-support/curl/curl/CVE-2022-27781.patch
new file mode 100644
index 0000000000..ea1bc22928
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27781.patch
@@ -0,0 +1,46 @@
+From 7a1f183039a6a6c9099a114f5e5c94777413c767 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 9 May 2022 10:07:15 +0200
+Subject: [PATCH] nss: return error if seemingly stuck in a cert loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2022-27781
+
+Reported-by: Florian Kohnhäuser
+Bug: https://curl.se/docs/CVE-2022-27781.html
+Closes #8822
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/vtls/nss.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 375c78b..86102f7 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -950,6 +950,9 @@ static void display_cert_info(struct Curl_easy *data,
+ PR_Free(common_name);
+ }
+
++/* A number of certs that will never occur in a real server handshake */
++#define TOO_MANY_CERTS 300
++
+ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+ {
+ CURLcode result = CURLE_OK;
+@@ -986,6 +989,11 @@ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
+ while(cert2) {
+ i++;
++ if(i >= TOO_MANY_CERTS) {
++ CERT_DestroyCertificate(cert2);
++ failf(data, "certificate loop");
++ return CURLE_SSL_CERTPROBLEM;
++ }
+ if(cert2->isRoot) {
+ CERT_DestroyCertificate(cert2);
+ break;
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27782-1.patch b/meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
new file mode 100644
index 0000000000..6b6d0e1938
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
@@ -0,0 +1,363 @@
+From 907a16c832d9ce0ffa7e9b2297548063095a7242 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 9 May 2022 23:13:53 +0200
+Subject: [PATCH] tls: check more TLS details for connection reuse
+
+CVE-2022-27782
+
+Reported-by: Harry Sintonen
+Bug: https://curl.se/docs/CVE-2022-27782.html
+Closes #8825
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/f18af4f874cecab82a9797e8c7541e0990c7a64c]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/setopt.c | 29 +++++++++++++++++------------
+ lib/url.c | 17 ++++++++++-------
+ lib/urldata.h | 13 +++++++------
+ lib/vtls/gtls.c | 30 ++++++++++++++++--------------
+ lib/vtls/mbedtls.c | 2 +-
+ lib/vtls/nss.c | 6 +++---
+ lib/vtls/openssl.c | 10 +++++-----
+ lib/vtls/vtls.c | 1 +
+ 8 files changed, 60 insertions(+), 48 deletions(-)
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 4648c87..bebb2e4 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -2130,6 +2130,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+
+ case CURLOPT_SSL_OPTIONS:
+ arg = va_arg(param, long);
++ data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
+ data->set.ssl.enable_beast =
+ (bool)((arg&CURLSSLOPT_ALLOW_BEAST) ? TRUE : FALSE);
+ data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
+@@ -2139,6 +2140,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+ #ifndef CURL_DISABLE_PROXY
+ case CURLOPT_PROXY_SSL_OPTIONS:
+ arg = va_arg(param, long);
++ data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
+ data->set.proxy_ssl.enable_beast =
+ (bool)((arg&CURLSSLOPT_ALLOW_BEAST) ? TRUE : FALSE);
+ data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
+@@ -2541,44 +2543,47 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+ case CURLOPT_TLSAUTH_USERNAME:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_ORIG],
+ va_arg(param, char *));
+- if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype)
+- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
++ if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] &&
++ !data->set.ssl.primary.authtype)
++ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_PROXY_TLSAUTH_USERNAME:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
+ va_arg(param, char *));
+ if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
+- !data->set.proxy_ssl.authtype)
+- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
++ !data->set.proxy_ssl.primary.authtype)
++ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to
++ SRP */
+ break;
+ case CURLOPT_TLSAUTH_PASSWORD:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_ORIG],
+ va_arg(param, char *));
+- if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype)
+- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
++ if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] &&
++ !data->set.ssl.primary.authtype)
++ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_PROXY_TLSAUTH_PASSWORD:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
+ va_arg(param, char *));
+ if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
+- !data->set.proxy_ssl.authtype)
+- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
++ !data->set.proxy_ssl.primary.authtype)
++ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
+ break;
+ case CURLOPT_TLSAUTH_TYPE:
+ argptr = va_arg(param, char *);
+ if(!argptr ||
+ strncasecompare(argptr, "SRP", strlen("SRP")))
+- data->set.ssl.authtype = CURL_TLSAUTH_SRP;
++ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP;
+ else
+- data->set.ssl.authtype = CURL_TLSAUTH_NONE;
++ data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE;
+ break;
+ case CURLOPT_PROXY_TLSAUTH_TYPE:
+ argptr = va_arg(param, char *);
+ if(!argptr ||
+ strncasecompare(argptr, "SRP", strlen("SRP")))
+- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
++ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP;
+ else
+- data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
++ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE;
+ break;
+ #endif
+ #ifdef USE_ARES
+diff --git a/lib/url.c b/lib/url.c
+index efa3dc7..6518be9 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -482,7 +482,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
+ set->ssl.primary.verifypeer = TRUE;
+ set->ssl.primary.verifyhost = TRUE;
+ #ifdef USE_TLS_SRP
+- set->ssl.authtype = CURL_TLSAUTH_NONE;
++ set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
+ #endif
+ set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
+ type */
+@@ -3594,8 +3594,9 @@ static CURLcode create_conn(struct Curl_easy *data,
+ data->set.proxy_ssl.primary.pinned_key =
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY];
+
+- data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
+- data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
++ data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
++ data->set.proxy_ssl.primary.CRLfile =
++ data->set.str[STRING_SSL_CRLFILE_PROXY];
+ data->set.ssl.cert = data->set.str[STRING_CERT_ORIG];
+ data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
+ data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE_ORIG];
+@@ -3609,10 +3610,12 @@ static CURLcode create_conn(struct Curl_easy *data,
+ data->set.ssl.primary.clientcert = data->set.str[STRING_CERT_ORIG];
+ data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
+ #ifdef USE_TLS_SRP
+- data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_ORIG];
+- data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
+- data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_ORIG];
+- data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
++ data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME_ORIG];
++ data->set.proxy_ssl.primary.username =
++ data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
++ data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD_ORIG];
++ data->set.proxy_ssl.primary.password =
++ data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
+ #endif
+
+ if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary,
+diff --git a/lib/urldata.h b/lib/urldata.h
+index ab1b267..ad0ef8f 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -231,6 +231,13 @@ struct ssl_primary_config {
+ char *cipher_list; /* list of ciphers to use */
+ char *cipher_list13; /* list of TLS 1.3 cipher suites to use */
+ char *pinned_key;
++ char *CRLfile; /* CRL to check certificate revocation */
++ #ifdef USE_TLS_SRP
++ char *username; /* TLS username (for, e.g., SRP) */
++ char *password; /* TLS password (for, e.g., SRP) */
++ enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
++ #endif
++ unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */
+ BIT(verifypeer); /* set TRUE if this is desired */
+ BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */
+ BIT(verifystatus); /* set TRUE if certificate status must be checked */
+@@ -240,7 +247,6 @@ struct ssl_primary_config {
+ struct ssl_config_data {
+ struct ssl_primary_config primary;
+ long certverifyresult; /* result from the certificate verification */
+- char *CRLfile; /* CRL to check certificate revocation */
+ curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
+ void *fsslctxp; /* parameter for call back */
+ char *cert; /* client certificate file name */
+@@ -248,11 +254,6 @@ struct ssl_config_data {
+ char *key; /* private key file name */
+ char *key_type; /* format for private key (default: PEM) */
+ char *key_passwd; /* plain text private key password */
+-#ifdef USE_TLS_SRP
+- char *username; /* TLS username (for, e.g., SRP) */
+- char *password; /* TLS password (for, e.g., SRP) */
+- enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
+-#endif
+ BIT(certinfo); /* gather lots of certificate info */
+ BIT(falsestart);
+ BIT(enable_beast); /* allow this flaw for interoperability's sake*/
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 3d0758d..92c301c 100644
+--- a/lib/vtls/gtls.c
++++ b/lib/vtls/gtls.c
+@@ -581,9 +581,10 @@ gtls_connect_step1(struct connectdata *conn,
+ }
+
+ #ifdef USE_TLS_SRP
+- if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
++ if((SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) &&
+ Curl_allow_auth_to_host(data)) {
+- infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
++ infof(data, "Using TLS-SRP username: %s\n",
++ SSL_SET_OPTION(primary.username));
+
+ rc = gnutls_srp_allocate_client_credentials(&BACKEND->srp_client_cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+@@ -593,8 +594,8 @@ gtls_connect_step1(struct connectdata *conn,
+ }
+
+ rc = gnutls_srp_set_client_credentials(BACKEND->srp_client_cred,
+- SSL_SET_OPTION(username),
+- SSL_SET_OPTION(password));
++ SSL_SET_OPTION(primary.username),
++ SSL_SET_OPTION(primary.password));
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_srp_set_client_cred() failed: %s",
+ gnutls_strerror(rc));
+@@ -648,19 +649,19 @@ gtls_connect_step1(struct connectdata *conn,
+ }
+ #endif
+
+- if(SSL_SET_OPTION(CRLfile)) {
++ if(SSL_SET_OPTION(primary.CRLfile)) {
+ /* set the CRL list file */
+ rc = gnutls_certificate_set_x509_crl_file(BACKEND->cred,
+- SSL_SET_OPTION(CRLfile),
++ SSL_SET_OPTION(primary.CRLfile),
+ GNUTLS_X509_FMT_PEM);
+ if(rc < 0) {
+ failf(data, "error reading crl file %s (%s)",
+- SSL_SET_OPTION(CRLfile), gnutls_strerror(rc));
++ SSL_SET_OPTION(primary.CRLfile), gnutls_strerror(rc));
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ else
+ infof(data, "found %d CRL in %s\n",
+- rc, SSL_SET_OPTION(CRLfile));
++ rc, SSL_SET_OPTION(primary.CRLfile));
+ }
+
+ /* Initialize TLS session as a client */
+@@ -879,7 +880,7 @@ gtls_connect_step1(struct connectdata *conn,
+
+ #ifdef USE_TLS_SRP
+ /* put the credentials to the current session */
+- if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
++ if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) {
+ rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
+ BACKEND->srp_client_cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+@@ -1061,8 +1062,8 @@ gtls_connect_step3(struct connectdata *conn,
+ SSL_CONN_CONFIG(verifyhost) ||
+ SSL_CONN_CONFIG(issuercert)) {
+ #ifdef USE_TLS_SRP
+- if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
+- && SSL_SET_OPTION(username) != NULL
++ if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP
++ && SSL_SET_OPTION(primary.username) != NULL
+ && !SSL_CONN_CONFIG(verifypeer)
+ && gnutls_cipher_get(session)) {
+ /* no peer cert, but auth is ok if we have SRP user and cipher and no
+@@ -1116,7 +1117,8 @@ gtls_connect_step3(struct connectdata *conn,
+ failf(data, "server certificate verification failed. CAfile: %s "
+ "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
+ "none",
+- SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
++ SSL_SET_OPTION(primary.CRLfile) ?
++ SSL_SET_OPTION(primary.CRLfile) : "none");
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else
+@@ -1703,8 +1705,8 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
+ gnutls_certificate_free_credentials(BACKEND->cred);
+
+ #ifdef USE_TLS_SRP
+- if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
+- && SSL_SET_OPTION(username) != NULL)
++ if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP
++ && SSL_SET_OPTION(primary.username) != NULL)
+ gnutls_srp_free_client_credentials(BACKEND->srp_client_cred);
+ #endif
+
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
+index 19df847..62d2b00 100644
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -245,7 +245,7 @@ mbed_connect_step1(struct connectdata *conn,
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+- const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
++ const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 86102f7..62fd7a2 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -1955,13 +1955,13 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+ }
+ }
+
+- if(SSL_SET_OPTION(CRLfile)) {
+- const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
++ if(SSL_SET_OPTION(primary.CRLfile)) {
++ const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile));
+ if(rv) {
+ result = rv;
+ goto error;
+ }
+- infof(data, " CRLfile: %s\n", SSL_SET_OPTION(CRLfile));
++ infof(data, " CRLfile: %s\n", SSL_SET_OPTION(primary.CRLfile));
+ }
+
+ if(SSL_SET_OPTION(cert)) {
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index a14cecc..ec5a8f5 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -2454,14 +2454,14 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ const long int ssl_version = SSL_CONN_CONFIG(version);
+ #ifdef USE_TLS_SRP
+- const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
++ const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype);
+ #endif
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+ const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
+ const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
+ const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+- const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
++ const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
+ char error_buffer[256];
+
+ DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
+@@ -2741,15 +2741,15 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ #ifdef USE_TLS_SRP
+ if((ssl_authtype == CURL_TLSAUTH_SRP) &&
+ Curl_allow_auth_to_host(data)) {
+- char * const ssl_username = SSL_SET_OPTION(username);
+-
++ char * const ssl_username = SSL_SET_OPTION(primary.username);
++ char * const ssl_password = SSL_SET_OPTION(primary.password);
+ infof(data, "Using TLS-SRP username: %s\n", ssl_username);
+
+ if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) {
+ failf(data, "Unable to set SRP user name");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+- if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) {
++ if(!SSL_CTX_set_srp_password(BACKEND->ctx, ssl_password)) {
+ failf(data, "failed setting SRP password");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index e38f74e..e8cb70f 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -89,6 +89,7 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
+ {
+ if((data->version == needle->version) &&
+ (data->version_max == needle->version_max) &&
++ (data->ssl_options == needle->ssl_options) &&
+ (data->verifypeer == needle->verifypeer) &&
+ (data->verifyhost == needle->verifyhost) &&
+ (data->verifystatus == needle->verifystatus) &&
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27782-2.patch b/meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
new file mode 100644
index 0000000000..3d56025210
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
@@ -0,0 +1,71 @@
+From 0a115a8903dffc7f723d1d4d71fb821d69eb8761 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 9 May 2022 23:13:53 +0200
+Subject: [PATCH] url: check SSH config match on connection reuse
+
+CVE-2022-27782
+
+Reported-by: Harry Sintonen
+Bug: https://curl.se/docs/CVE-2022-27782.html
+Closes #8825
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/url.c | 11 +++++++++++
+ lib/vssh/ssh.h | 6 +++---
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 6518be9..8da0245 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -1027,6 +1027,12 @@ static void prune_dead_connections(struct Curl_easy *data)
+ }
+ }
+
++static bool ssh_config_matches(struct connectdata *one,
++ struct connectdata *two)
++{
++ return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
++ Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
++}
+ /*
+ * Given one filled in connection struct (named needle), this function should
+ * detect if there already is one that has all the significant details
+@@ -1260,6 +1266,11 @@ ConnectionExists(struct Curl_easy *data,
+ }
+ }
+
++ if(get_protocol_family(needle->handler->protocol) == PROTO_FAMILY_SSH) {
++ if(!ssh_config_matches(needle, check))
++ continue;
++ }
++
+ if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) ||
+ needle->bits.tunnel_proxy) {
+ /* The requested connection does not use a HTTP proxy or it uses SSL or
+diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h
+index 0d4ee52..8f2632e 100644
+--- a/lib/vssh/ssh.h
++++ b/lib/vssh/ssh.h
+@@ -7,7 +7,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -120,8 +120,8 @@ struct ssh_conn {
+
+ /* common */
+ const char *passphrase; /* pass-phrase to use */
+- char *rsa_pub; /* path name */
+- char *rsa; /* path name */
++ char *rsa_pub; /* strdup'ed public key file */
++ char *rsa; /* strdup'ed private key file */
+ bool authed; /* the connection has been authenticated fine */
+ sshstate state; /* always use ssh.c:state() to change state! */
+ sshstate nextstate; /* the state to goto after stopping */
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index e850376ff8..b53b00cc38 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -28,6 +28,13 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2022-27776.patch \
file://CVE-2022-27775.patch \
file://CVE-2022-22576.patch \
+ file://CVE-2022-27774-1.patch \
+ file://CVE-2022-27774-2.patch \
+ file://CVE-2022-27774-3.patch \
+ file://CVE-2022-27774-4.patch \
+ file://CVE-2022-27781.patch \
+ file://CVE-2022-27782-1.patch \
+ file://CVE-2022-27782-2.patch \
"
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 09/14] curl: Fix CVE_CHECK_WHITELIST typo
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (7 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 08/14] curl: Backport CVE fixes Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 10/14] cve-check: move update_symlinks to a library Steve Sakoman
` (4 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Robert Joslyn <robert.joslyn@redrectangle.org>
Fix typo to properly whitelist CVE-2021-22945.
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/curl/curl_7.69.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index b53b00cc38..5a597a7dd9 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -42,7 +42,7 @@ SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a5
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
-CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-22945"
+CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-2021-22945"
# As per link https://security-tracker.debian.org/tracker/CVE-2021-22897
# and https://ubuntu.com/security/CVE-2021-22897
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 10/14] cve-check: move update_symlinks to a library
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (8 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 09/14] curl: Fix CVE_CHECK_WHITELIST typo Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 11/14] cve-check: write empty fragment files in the text mode Steve Sakoman
` (3 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
Move the function to a library, it could be useful in other places.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit debd37abcdde8788761ebdb4a05bc61f7394cbb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/cve-check.bbclass | 11 +++--------
meta/lib/oe/cve_check.py | 10 ++++++++++
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0111ec6ba8..2ab1720dc3 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -76,16 +76,10 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
# set to "alphabetical" for version using single alphabetical character as increment release
CVE_VERSION_SUFFIX ??= ""
-def update_symlinks(target_path, link_path):
- if link_path != target_path and os.path.exists(target_path):
- if os.path.exists(os.path.realpath(link_path)):
- os.remove(link_path)
- os.symlink(os.path.basename(target_path), link_path)
-
def generate_json_report(d, out_path, link_path):
if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
import json
- from oe.cve_check import cve_check_merge_jsons
+ from oe.cve_check import cve_check_merge_jsons, update_symlinks
bb.note("Generating JSON CVE summary")
index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
@@ -106,6 +100,7 @@ def generate_json_report(d, out_path, link_path):
python cve_save_summary_handler () {
import shutil
import datetime
+ from oe.cve_check import update_symlinks
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
@@ -174,7 +169,7 @@ python cve_check_write_rootfs_manifest () {
import shutil
import json
from oe.rootfs import image_list_installed_packages
- from oe.cve_check import cve_check_merge_jsons
+ from oe.cve_check import cve_check_merge_jsons, update_symlinks
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 1d3c775bbe..b17390de90 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -79,3 +79,13 @@ def cve_check_merge_jsons(output, data):
return
output["package"].append(data["package"][0])
+
+def update_symlinks(target_path, link_path):
+ """
+ Update a symbolic link link_path to point to target_path.
+ Remove the link and recreate it if exist and is different.
+ """
+ if link_path != target_path and os.path.exists(target_path):
+ if os.path.exists(os.path.realpath(link_path)):
+ os.remove(link_path)
+ os.symlink(os.path.basename(target_path), link_path)
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 11/14] cve-check: write empty fragment files in the text mode
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (9 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 10/14] cve-check: move update_symlinks to a library Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 12/14] cve-check: add coverage statistics on recipes with/without CVEs Steve Sakoman
` (2 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/cve-check.bbclass | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 2ab1720dc3..48f75456f2 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -471,23 +471,22 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
- if write_string:
- with open(cve_file, "w") as f:
- bb.note("Writing file %s with CVE information" % cve_file)
- f.write(write_string)
+ with open(cve_file, "w") as f:
+ bb.note("Writing file %s with CVE information" % cve_file)
+ f.write(write_string)
- if d.getVar("CVE_CHECK_COPY_FILES") == "1":
- deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
- bb.utils.mkdirhier(os.path.dirname(deploy_file))
- with open(deploy_file, "w") as f:
- f.write(write_string)
+ if d.getVar("CVE_CHECK_COPY_FILES") == "1":
+ deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
+ bb.utils.mkdirhier(os.path.dirname(deploy_file))
+ with open(deploy_file, "w") as f:
+ f.write(write_string)
- if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
- cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
- bb.utils.mkdirhier(cvelogpath)
+ if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+ cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+ bb.utils.mkdirhier(cvelogpath)
- with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
- f.write("%s" % write_string)
+ with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
+ f.write("%s" % write_string)
def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file):
"""
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 12/14] cve-check: add coverage statistics on recipes with/without CVEs
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (10 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 11/14] cve-check: write empty fragment files in the text mode Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 13/14] cve-update-db-native: make it possible to disable database updates Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 14/14] linux-yocto/5.4: update to v5.4.196 Steve Sakoman
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
Until now the CVE checker was giving information about CVEs found for
a product (or more products) contained in a recipe. However, there was
no easy way to find out which products or recipes have no CVEs. Having
no reported CVEs might mean there are simply none, but can also mean
a product name (CPE) mismatch.
This patch adds CVE_CHECK_COVERAGE option enabling a new type of
statistics. Then we use the new JSON format to report the information.
The legacy text mode report does not contain it.
This option is expected to help with an identification of recipes with
mismatched CPEs, issues in the database and more.
This work is based on [1], but adding the JSON format makes it easier
to implement, without additional result files.
[1] https://lists.openembedded.org/g/openembedded-core/message/159873
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d1849a1facd64fa0bcf8336a0ed5fbf71b2e3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/cve-check.bbclass | 48 ++++++++++++++++++++++++++--------
1 file changed, 37 insertions(+), 11 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 48f75456f2..894cebaaa4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -56,6 +56,9 @@ CVE_CHECK_FORMAT_TEXT ??= "1"
# Provide JSON output - disabled by default for backward compatibility
CVE_CHECK_FORMAT_JSON ??= "0"
+# Check for packages without CVEs (no issues or missing product name)
+CVE_CHECK_COVERAGE ??= "1"
+
# Whitelist for packages (PN)
CVE_CHECK_PN_WHITELIST ?= ""
@@ -137,10 +140,10 @@ python do_cve_check () {
patched_cves = get_patches_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
- whitelisted, patched, unpatched = check_cves(d, patched_cves)
- if patched or unpatched:
+ whitelisted, patched, unpatched, status = check_cves(d, patched_cves)
+ if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
cve_data = get_cve_info(d, patched + unpatched)
- cve_write_data(d, patched, unpatched, whitelisted, cve_data)
+ cve_write_data(d, patched, unpatched, whitelisted, cve_data, status)
else:
bb.note("No CVE database found, skipping CVE check")
@@ -312,17 +315,19 @@ def check_cves(d, patched_cves):
suffix = d.getVar("CVE_VERSION_SUFFIX")
cves_unpatched = []
+ cves_status = []
+ cves_in_recipe = False
# CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
products = d.getVar("CVE_PRODUCT").split()
# If this has been unset then we're not scanning for CVEs here (for example, image recipes)
if not products:
- return ([], [], [])
+ return ([], [], [], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
# If the recipe has been whitelisted we return empty lists
if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
bb.note("Recipe has been whitelisted, skipping check")
- return ([], [], [])
+ return ([], [], [], [])
cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
@@ -332,6 +337,7 @@ def check_cves(d, patched_cves):
# For each of the known product names (e.g. curl has CPEs using curl and libcurl)...
for product in products:
+ cves_in_product = False
if ":" in product:
vendor, product = product.split(":", 1)
else:
@@ -349,6 +355,11 @@ def check_cves(d, patched_cves):
elif cve in patched_cves:
bb.note("%s has been patched" % (cve))
continue
+ # Write status once only for each product
+ if not cves_in_product:
+ cves_status.append([product, True])
+ cves_in_product = True
+ cves_in_recipe = True
vulnerable = False
for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
@@ -395,9 +406,13 @@ def check_cves(d, patched_cves):
# TODO: not patched but not vulnerable
patched_cves.add(cve)
+ if not cves_in_product:
+ bb.note("No CVE records found for product %s, pn %s" % (product, pn))
+ cves_status.append([product, False])
+
conn.close()
- return (list(cve_whitelist), list(patched_cves), cves_unpatched)
+ return (list(cve_whitelist), list(patched_cves), cves_unpatched, cves_status)
def get_cve_info(d, cves):
"""
@@ -428,7 +443,6 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
CVE manifest if enabled.
"""
-
cve_file = d.getVar("CVE_CHECK_LOG")
fdir_name = d.getVar("FILE_DIRNAME")
layer = fdir_name.split("/")[-3]
@@ -442,6 +456,10 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
if include_layers and layer not in include_layers:
return
+ # Early exit, the text format does not report packages without CVEs
+ if not patched+unpatched:
+ return
+
nvd_link = "https://nvd.nist.gov/vuln/detail/"
write_string = ""
unpatched_cves = []
@@ -518,7 +536,7 @@ def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_fi
with open(index_path, "a+") as f:
f.write("%s\n" % fragment_path)
-def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
+def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
"""
Prepare CVE data for the JSON format, then write it.
"""
@@ -540,11 +558,19 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
unpatched_cves = []
+ product_data = []
+ for s in cve_status:
+ p = {"product": s[0], "cvesInRecord": "Yes"}
+ if s[1] == False:
+ p["cvesInRecord"] = "No"
+ product_data.append(p)
+
package_version = "%s%s" % (d.getVar("EXTENDPE"), d.getVar("PV"))
package_data = {
"name" : d.getVar("PN"),
"layer" : layer,
- "version" : package_version
+ "version" : package_version,
+ "products": product_data
}
cve_list = []
@@ -583,7 +609,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file)
-def cve_write_data(d, patched, unpatched, ignored, cve_data):
+def cve_write_data(d, patched, unpatched, ignored, cve_data, status):
"""
Write CVE data in each enabled format.
"""
@@ -591,4 +617,4 @@ def cve_write_data(d, patched, unpatched, ignored, cve_data):
if d.getVar("CVE_CHECK_FORMAT_TEXT") == "1":
cve_write_data_text(d, patched, unpatched, ignored, cve_data)
if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
- cve_write_data_json(d, patched, unpatched, ignored, cve_data)
+ cve_write_data_json(d, patched, unpatched, ignored, cve_data, status)
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 13/14] cve-update-db-native: make it possible to disable database updates
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (11 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 12/14] cve-check: add coverage statistics on recipes with/without CVEs Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 14/14] linux-yocto/5.4: update to v5.4.196 Steve Sakoman
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.
Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c2269240327c2a8f93b9e55354698f52c976f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 594bf947c8..a49f446a53 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -14,6 +14,7 @@ deltask do_populate_sysroot
# CVE database update interval, in seconds. By default: once a day (24*60*60).
# Use 0 to force the update
+# Use a negative value to skip the update
CVE_DB_UPDATE_INTERVAL ?= "86400"
python () {
@@ -51,8 +52,9 @@ python do_fetch() {
try:
import time
update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
- if (update_interval < 0):
- update_interval = 0
+ if update_interval < 0:
+ bb.note("CVE database update skipped")
+ return
if time.time() - os.path.getmtime(db_file) < update_interval:
return
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][dunfell 14/14] linux-yocto/5.4: update to v5.4.196
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (12 preceding siblings ...)
2022-06-08 14:46 ` [OE-core][dunfell 13/14] cve-update-db-native: make it possible to disable database updates Steve Sakoman
@ 2022-06-08 14:46 ` Steve Sakoman
13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
04b092e4a01a Linux 5.4.196
dba1941f5bc3 afs: Fix afs_getattr() to refetch file status if callback break occurred
ef5374d532ca i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
10a221e2d3d8 x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
a12884ff4340 x86/xen: fix booting 32-bit pv guest
b2f140a9f980 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
060f38b1dfb4 ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
b38cf3cb17df firmware_loader: use kernel credentials when reading firmware
e14e3856e94d net: stmmac: disable Split Header (SPH) for Intel platforms
9ea8e6a8323e block: return ELEVATOR_DISCARD_MERGE if possible
36ac6caf742d Input: ili210x - fix reset timing
1c450bdf2e8c net: atlantic: verify hw_head_ lies within TX buffer ring
e5307704c4ad net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
91d8d7edf192 ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
dd5de66f5c8a selftests: add ping test with ping_group_range tuned
9919585e5f41 mac80211: fix rx reordering with non explicit / psmp ack policy
19e2cd737c16 scsi: qla2xxx: Fix missed DMA unmap for aborted commands
74168c2207a5 perf bench numa: Address compiler error on s390
d1915d9c9fa3 gpio: mvebu/pwm: Refuse requests with inverted polarity
3fdd67e83c42 gpio: gpio-vf610: do not touch other bits when set the target bit
1fe6dc5f5d19 net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
622be11fa385 igb: skip phy status check where unavailable
eb92a8ecce23 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
463a7b957db0 ARM: 9196/1: spectre-bhb: enable for Cortex-A15
1b93631c77c9 net: af_key: add check for pfkey_broadcast in function pfkey_process
c0be5fec786b net/mlx5e: Properly block LRO when XDP is enabled
3277789f332e NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
b368e07fb44d net/qla3xxx: Fix a test in ql_reset_work()
d672eee9e404 clk: at91: generated: consider range when calculating best rate
8cb1a05fe38b ice: fix possible under reporting of ethtool Tx and Rx statistics
dc64e8874e87 net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
32f779e6fbbe net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
1eb2d7858155 net/sched: act_pedit: sanitize shift argument before usage
50f70ee30236 net: macb: Increment rx bd head after allocating skb and buffer
a42ffe88332c ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
6493ff94c022 ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
fe2a9469eca0 dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
8cf6c24ed488 drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
8be06f62b426 crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
f4a093215b8e KVM: x86/mmu: Update number of zapped pages even if page list is stable
de8745182749 PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
3a12b2c413b2 Fix double fget() in vhost_net_set_backend()
dd0ea88b0a0f perf: Fix sys_perf_event_open() race against self
c8a5e14cb407 ALSA: wavefront: Proper check of get_user() error
2f8f6c393b11 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
975a0f14d5cd SUNRPC: Don't call connect() more than once on a TCP socket
aa4d71edd609 SUNRPC: Prevent immediate close+reconnect
2d6f096476e6 SUNRPC: Clean up scheduling of autoclose
f3fe8d13ac89 mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
def047ae1266 mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
f10260f35992 mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
1e93f939927d nilfs2: fix lockdep warnings during disk space reclamation
307d021b1a7f nilfs2: fix lockdep warnings in page operations for btree nodes
77b71a4c8767 ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
54f7358be14d platform/chrome: cros_ec_debugfs: detach log reader wq from devm
232128f6e60f drbd: remove usage of list iterator variable after loop
83abb076f473 MIPS: lantiq: check the return value of kzalloc()
e7947c031ffe rtc: mc146818-lib: Fix the AltCentury for AMD platforms
7be785032c05 nvme-multipath: fix hang when disk goes live over reconnect
ee0323cc8bbb ALSA: hda/realtek: Enable headset mic on Lenovo P360
c0d86f2a3c03 crypto: x86/chacha20 - Avoid spurious jumps to other functions
f0213894337a crypto: stm32 - fix reference leak in stm32_crc_remove
8c015cd52442 Input: stmfts - fix reference leak in stmfts_input_open
bb83a744bc67 Input: add bounds checking to input_set_capability()
4fd396695646 um: Cleanup syscall_handler_t definition/cast, fix warning
0c319b998835 rtc: fix use-after-free on device removal
05df3bdbc259 x86/xen: Make the secondary CPU idle tasks reliable
0d3817cb4ebe x86/xen: Make the boot CPU idle task reliable
67e2b62461b5 floppy: use a statically allocated error counter
0187300e6aa6 Linux 5.4.195
8fcefb43ecfc tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
6d80857c4fc7 ping: fix address binding wrt vrf
7845532adb53 arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
c0b735fef2af net: phy: Fix race condition on link status change
a60def756821 MIPS: fix build with gcc-12
a3112d5da17c drm/vmwgfx: Initialize drm_mode_fb_cmd2
463c7431490d cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
f25145c37c4e i40e: i40e_main: fix a missing check on list iterator
17c744716af5 drm/nouveau/tegra: Stop using iommu_present()
c8f567c46543 serial: 8250_mtk: Fix register address for XON/XOFF character
aa3ea7451bd6 serial: 8250_mtk: Fix UART_EFR register address
031fda28d0a6 slimbus: qcom: Fix IRQ check in qcom_slim_probe
7de6f3059629 USB: serial: option: add Fibocom MA510 modem
65732f62f730 USB: serial: option: add Fibocom L610 modem
6c78537f3e29 USB: serial: qcserial: add support for Sierra Wireless EM7590
e40d00494712 USB: serial: pl2303: add device id for HP LM930 Display
056a56f8fbfe usb: typec: tcpci: Don't skip cleanup in .remove() on error
457d9401b8c1 usb: cdc-wdm: fix reading stuck on device close
4d93303fd877 tty: n_gsm: fix mux activation issues in gsm_config()
6e34ee5b5b92 tcp: resalt the secret every 10 seconds
39c26fe93c76 net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
638bfbc84cca s390: disable -Warray-bounds
f66d3fa5089f ASoC: ops: Validate input values in snd_soc_put_volsw_range()
13b850a6cc80 ASoC: max98090: Generate notifications on changes for custom control
5c766c000a64 ASoC: max98090: Reject invalid values in custom control put()
22f6c68b4927 hwmon: (f71882fg) Fix negative temperature
208200e573bd gfs2: Fix filesystem block deallocation for short writes
42daae7d845c net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
e038c457bd12 net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
2ec2dd7d51a9 net/sched: act_pedit: really ensure the skb is writable
48c6a40e2f25 s390/lcs: fix variable dereferenced before check
467ddbbe7e74 s390/ctcm: fix potential memory leak
2cbce0110070 s390/ctcm: fix variable dereferenced before check
1c40e85d0aa0 hwmon: (ltq-cputemp) restrict it to SOC_XWAY
0a778db9319f dim: initialize all struct fields
522986cc39c1 mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
0729594cb788 netlink: do not reset transport header in netlink_recvmsg()
33ce32587c44 drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
5809a1c53049 ipv4: drop dst in multicast routing path
c9d75e87f45b net: Fix features skip in for_each_netdev_feature()
5c9057670504 mac80211: Reset MBSSID parameters upon connection
cfe74fd41f18 hwmon: (tmp401) Add OF device ID table
3915341a935f batman-adv: Don't skb_split skbuffs with frag_list
90659487578c Linux 5.4.194
2f4e0bf651e3 mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
e4db0c3ce0c5 mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
ea9cad1c5d95 mm: fix missing cache flush for all tail pages of compound page
45c05171d6e3 Bluetooth: Fix the creation of hdev->name
f52c4c067aa5 KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
c1bdf1e6e706 x86: kprobes: Prohibit probing on instruction which has emulate prefix
6af6427a9600 x86: xen: insn: Decode Xen and KVM emulate-prefix signature
c67a4a91f5e1 x86: xen: kvm: Gather the definition of emulate prefixes
4c39e1ace3dc x86/asm: Allow to pass macros to __ASM_FORM()
29afcd5af012 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
ea65a7d76c00 arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
5755f946a89f can: grcan: only use the NAPI poll budget for RX
caba5c13a892 can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
76b64c690f03 nfp: bpf: silence bitwise vs. logical OR warning
86ccefb83ede drm/i915: Cast remain to unsigned long in eb_relocate_vma
de542bd76541 drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
e6ff94d31c53 block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
f668da98ad83 MIPS: Use address-of operator on section symbols
01565c91b789 Linux 5.4.193
8a7f92053dc9 mmc: rtsx: add 74 Clocks in power on flow
d789b9891761 PCI: aardvark: Fix reading MSI interrupt number
253bc43ca5b7 PCI: aardvark: Clear all MSIs at setup
786dc86c8434 dm: interlock pending dm_io and dm_wait_for_bios_completion
ad1393b92e50 dm: fix mempool NULL pointer race when completing IO
40bcd39a0093 tcp: make sure treq->af_specific is initialized
9661bf674d6a ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
37b12c16beb6 ALSA: pcm: Fix races among concurrent prealloc proc writes
2a559eec81ac ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
08d1807f097a ALSA: pcm: Fix races among concurrent read/write and buffer changes
fbeb492694ce ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
f098f8b9820f mm: fix unexpected zeroed page mapping with zram swap
c7337efd1d11 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
9588ac2eddc2 net: ipv6: ensure we call ipv6_mc_down() at most once
367b49086b41 KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
c2fadf2d0ab4 x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
8b78939f4b0b kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
f455c8e657e3 NFSv4: Don't invalidate inode attributes on delegation return
89e7a625ec5c drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
1d14c1c7a3bd net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
2b99ff4c3e3e btrfs: always log symlinks in full mode
dc4784489426 smsc911x: allow using IRQ0
cff6cb162f7a bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
64ece01adb42 selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
52401926c863 net: emaclite: Add error handling for of_address_to_resource()
354cac1e392b net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
0510b6ccfb4f net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
102986592ffd RDMA/siw: Fix a condition race issue in MPA request processing
e6ae21eb948a ASoC: dmaengine: Restore NULL prepare_slave_config() callback
df3ea6cc1af5 hwmon: (adt7470) Fix warning on module removal
01d4363dd717 NFC: netlink: fix sleep in atomic bug when firmware download timeout
33d3e76fc7a7 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
85aecdef77f9 nfc: replace improper check device_is_registered() in netlink related functions
da9eb43b9a56 can: grcan: use ofdev->dev when allocating DMA memory
8b451b7d7e95 can: grcan: grcan_close(): fix deadlock
8f4246450a95 s390/dasd: Fix read inconsistency for ESE DASD devices
91193a2c2f4f s390/dasd: Fix read for ESE with blksize < 4k
1aa75808edd8 s390/dasd: prevent double format of tracks for ESE devices
061a424dd1c4 s390/dasd: fix data corruption for ESE devices
860db6cdc5be ASoC: meson: Fix event generation for G12A tohdmi mux
d4864e8c4ba8 ASoC: wm8958: Fix change notifications for DSP controls
6723ab2ed8bb ASoC: da7219: Fix change notifications for tone generator frequency
ac5894fb8626 genirq: Synchronize interrupt thread startup
8624e2c5af95 ACPICA: Always create namespace nodes using acpi_ns_create_node()
27183539cfac firewire: core: extend card->lock in fw_core_handle_bus_reset
2fefc6259861 firewire: remove check of list iterator against head past the loop body
34b9b9182911 firewire: fix potential uaf in outbound_phy_packet_callback()
f6b6e9336936 Revert "SUNRPC: attempt AF_LOCAL connect on setup"
d403ff32e566 gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
94842485b4ec ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
73ce49fa59a7 parisc: Merge model and model name into one line in /proc/cpuinfo
0d5bb59858c6 MIPS: Fix CP0 counter erratum detection for R4k CPUs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index bf5359d120..0ef18c0b77 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "24d323fa0e17bcd62c9cfe1fd4153c304a06f38c"
-SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373"
+SRCREV_machine ?= "5a2ea5a1decb40650f6e447af2dc02579b3a5521"
+SRCREV_meta ?= "9b55ffe3d137121be67c99a60bfdb3c6af47fae2"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.192"
+LINUX_VERSION ?= "5.4.196"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index dee636aca5..9b41d280a7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.192"
+LINUX_VERSION ?= "5.4.196"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "460de085c07ab1a221317e6804c13657456c5368"
-SRCREV_machine ?= "b414a2fc5ce5f68c33d297d9cde4fef5437b773b"
-SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373"
+SRCREV_machine_qemuarm ?= "bae8f843b4f6520a8deb813616669951a5bf58ca"
+SRCREV_machine ?= "4e04a0f737355772b02dd4225e3b579204ce41c0"
+SRCREV_meta ?= "9b55ffe3d137121be67c99a60bfdb3c6af47fae2"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 680f40d208..11e7ff6a21 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "68a2ce69aaf2e8d96eef4aaccd70fc0ef7368a46"
-SRCREV_machine_qemuarm64 ?= "acfed0930d37a714d705645ff7cfbfbd0ad040e7"
-SRCREV_machine_qemumips ?= "e7046a2c8972e925cd2e6ac7f392abe87cbec5f5"
-SRCREV_machine_qemuppc ?= "997e06e0af674c27627eaa76a60b2f63cb16f38d"
-SRCREV_machine_qemuriscv64 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
-SRCREV_machine_qemux86 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
-SRCREV_machine_qemux86-64 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
-SRCREV_machine_qemumips64 ?= "7b526cde12d78604b6f1e1ad62da31dcb729f35f"
-SRCREV_machine ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
-SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373"
+SRCREV_machine_qemuarm ?= "7efd457b777ad4b9029594f2770c5f9e3cc6b88e"
+SRCREV_machine_qemuarm64 ?= "4416c0026b35a6d2c9b03e27bfdbb9cb08cf84d2"
+SRCREV_machine_qemumips ?= "7d4e3a8bdcdae2e56640db0d4a739000665ad0cf"
+SRCREV_machine_qemuppc ?= "f0ed4149f804120d6c4b7fd5b9fb49287136b4d5"
+SRCREV_machine_qemuriscv64 ?= "740afe0923aca19768b11bff283a31dbdf9509e9"
+SRCREV_machine_qemux86 ?= "740afe0923aca19768b11bff283a31dbdf9509e9"
+SRCREV_machine_qemux86-64 ?= "740afe0923aca19768b11bff283a31dbdf9509e9"
+SRCREV_machine_qemumips64 ?= "14c090645b3e8c432dc1de659189af76d7fc7825"
+SRCREV_machine ?= "740afe0923aca19768b11bff283a31dbdf9509e9"
+SRCREV_meta ?= "9b55ffe3d137121be67c99a60bfdb3c6af47fae2"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.192"
+LINUX_VERSION ?= "5.4.196"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
end of thread, other threads:[~2022-06-08 14:47 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-08 14:46 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 01/14] Revert "openssl: Backport fix for ptest cert expiry" Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 02/14] openssl: backport fix for ptest certificate expiration Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 03/14] openssl: update the epoch time for ct_test ptest Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 04/14] e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 05/14] pcre2: CVE-2022-1587 Out-of-bounds read Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 06/14] libxslt: Fix CVE-2021-30560 Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 07/14] libxslt: Mark CVE-2022-29824 as not applying Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 08/14] curl: Backport CVE fixes Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 09/14] curl: Fix CVE_CHECK_WHITELIST typo Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 10/14] cve-check: move update_symlinks to a library Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 11/14] cve-check: write empty fragment files in the text mode Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 12/14] cve-check: add coverage statistics on recipes with/without CVEs Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 13/14] cve-update-db-native: make it possible to disable database updates Steve Sakoman
2022-06-08 14:46 ` [OE-core][dunfell 14/14] linux-yocto/5.4: update to v5.4.196 Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.