All of lore.kernel.org
 help / color / mirror / Atom feed
* [OE-core][dunfell 00/14] Patch review
@ 2022-05-11 18:19 Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Steve Sakoman
                   ` (13 more replies)
  0 siblings, 14 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

Please review this set of patches for dunfell and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3648

with the exception of the newly added meta-virt test (which has never
worked with dunfell)

The following changes since commit 7c0345ab1058a7e29d37f110923ecd368e102ed7:

  uninative: Upgrade to 3.6 with gcc 12 support (2022-05-09 11:51:55 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.192

Davide Gardenal (3):
  cve-check: add JSON format to summary output
  cve-check: fix symlinks where link and output path are equal
  rootfs-postcommands: fix symlinks where link and output path are equal

Marta Rybczynska (2):
  cve-update-db-native: update the CVE database once a day only
  cve-update-db-native: let the user to drive the update interval

Pawan Badganchi (2):
  fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
  libinput: Add fix for CVE-2022-1215

Portia (1):
  volatile-binds: Change DefaultDependencies from false to no

Richard Purdie (3):
  base: Avoid circular references to our own scripts
  scripts: Make git intercept global
  scripts/git: Ensure we don't have circular references

Ross Burton (1):
  cve-check: no need to depend on the fetch task

Steve Sakoman (1):
  busybox: fix CVE-2022-28391

 meta/classes/base.bbclass                     |   4 +
 meta/classes/cve-check.bbclass                |  72 ++--
 meta/classes/rootfs-postcommands.bbclass      |  14 +-
 ...tr-ensure-only-printable-characters-.patch |  38 ++
 ...e-all-printed-strings-with-printable.patch |  64 ++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   2 +
 .../recipes-core/meta/cve-update-db-native.bb |  13 +-
 .../files/volatile-binds.service.in           |   2 +-
 .../wayland/libinput/CVE-2022-1215.patch      | 360 ++++++++++++++++++
 .../wayland/libinput_1.15.2.bb                |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../fribidi/fribidi/CVE-2022-25308.patch      |  50 +++
 .../fribidi/fribidi/CVE-2022-25309.patch      |  31 ++
 .../fribidi/fribidi/CVE-2022-25310.patch      |  30 ++
 meta/recipes-support/fribidi/fribidi_1.0.9.bb |   3 +
 scripts/{git-intercept => }/git               |   9 +-
 18 files changed, 674 insertions(+), 55 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
 create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
 rename scripts/{git-intercept => }/git (52%)

-- 
2.25.1



^ permalink raw reply	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215 Steve Sakoman
                   ` (12 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Pawan Badganchi <badganchipv@gmail.com>

Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310

CVE-2022-25308.patch
Link: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1

CVE-2022-25309.patch
Link: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3

CVE-2022-25310.patch
Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f

Signed-off-by: Pawan Badganchi <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../fribidi/fribidi/CVE-2022-25308.patch      | 50 +++++++++++++++++++
 .../fribidi/fribidi/CVE-2022-25309.patch      | 31 ++++++++++++
 .../fribidi/fribidi/CVE-2022-25310.patch      | 30 +++++++++++
 meta/recipes-support/fribidi/fribidi_1.0.9.bb |  3 ++
 4 files changed, 114 insertions(+)
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch

diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
new file mode 100644
index 0000000000..8f2c2ade0e
--- /dev/null
+++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
@@ -0,0 +1,50 @@
+From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001
+From: Akira TAGOH <akira@tagoh.org>
+Date: Thu, 17 Feb 2022 17:30:12 +0900
+Subject: [PATCH] Fix the stack buffer overflow issue
+
+strlen() could returns 0. Without a conditional check for len,
+accessing S_ pointer with len - 1 may causes a stack buffer overflow.
+
+AddressSanitizer reports this like:
+==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0
+43b30 sp 0x7ffdce043b28
+READ of size 1 at 0x7ffdce043c1f thread T0
+    #0 0x403546 in main ../bin/fribidi-main.c:393
+    #1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f)
+    #2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648)
+    #3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4)
+
+Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame
+    #0 0x4022bf in main ../bin/fribidi-main.c:193
+
+  This frame has 5 object(s):
+    [32, 36) 'option_index' (line 233)
+    [48, 52) 'base' (line 386)
+    [64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this variable
+    [65328, 130328) 'outstring' (line 385)
+    [130592, 390592) 'logical' (line 384)
+
+This fixes https://github.com/fribidi/fribidi/issues/181
+
+CVE: CVE-2022-25308
+Upstream-Status: Backport [https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+
+---
+ bin/fribidi-main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c
+index 3cf9fe1..3ae4fb6 100644
+--- a/bin/fribidi-main.c
++++ b/bin/fribidi-main.c
+@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS
+ 	    S_[sizeof (S_) - 1] = 0;
+ 	    len = strlen (S_);
+ 	    /* chop */
+-	    if (S_[len - 1] == '\n')
++	    if (len > 0 && S_[len - 1] == '\n')
+ 	      {
+ 		len--;
+ 		S_[len] = '\0';
diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
new file mode 100644
index 0000000000..0efba3d05c
--- /dev/null
+++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
@@ -0,0 +1,31 @@
+From f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Mon Sep 17 00:00:00 2001
+From: Dov Grobgeld <dov.grobgeld@gmail.com>
+Date: Fri, 25 Mar 2022 09:09:49 +0300
+Subject: [PATCH] Protected against garbage in the CapRTL encoder
+
+CVE: CVE-2022-25309
+Upstream-Status: Backport [https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+
+---
+ lib/fribidi-char-sets-cap-rtl.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fribidi-char-sets-cap-rtl.c b/lib/fribidi-char-sets-cap-rtl.c
+index b0c0e4a..f74e010 100644
+--- a/lib/fribidi-char-sets-cap-rtl.c
++++ b/lib/fribidi-char-sets-cap-rtl.c
+@@ -232,7 +232,12 @@ fribidi_cap_rtl_to_unicode (
+ 	    }
+ 	}
+       else
+-	us[j++] = caprtl_to_unicode[(int) s[i]];
++      {
++        if ((int)s[i] < 0)
++          us[j++] = '?';
++        else
++          us[j++] = caprtl_to_unicode[(int) s[i]];
++      }
+     }
+ 
+   return j;
diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
new file mode 100644
index 0000000000..d79a82d648
--- /dev/null
+++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
@@ -0,0 +1,30 @@
+From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001
+From: Akira TAGOH <akira@tagoh.org>
+Date: Thu, 17 Feb 2022 19:06:10 +0900
+Subject: [PATCH] Fix SEGV issue in fribidi_remove_bidi_marks
+
+Escape from fribidi_remove_bidi_marks() immediately if str is null.
+
+This fixes https://github.com/fribidi/fribidi/issues/183
+
+CVE: CVE-2022-25310
+Upstream-Status: Backport [https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+
+---
+ lib/fribidi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/fribidi.c b/lib/fribidi.c
+index f5da0da..70bdab2 100644
+--- a/lib/fribidi.c
++++ b/lib/fribidi.c
+@@ -74,7 +74,7 @@ fribidi_remove_bidi_marks (
+   fribidi_boolean status = false;
+ 
+   if UNLIKELY
+-    (len == 0)
++    (len == 0 || str == NULL)
+     {
+       status = true;
+       goto out;
diff --git a/meta/recipes-support/fribidi/fribidi_1.0.9.bb b/meta/recipes-support/fribidi/fribidi_1.0.9.bb
index ac9ef88e27..62b7d72812 100644
--- a/meta/recipes-support/fribidi/fribidi_1.0.9.bb
+++ b/meta/recipes-support/fribidi/fribidi_1.0.9.bb
@@ -10,6 +10,9 @@ LICENSE = "LGPLv2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7"
 
 SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
+           file://CVE-2022-25308.patch \
+           file://CVE-2022-25309.patch \
+           file://CVE-2022-25310.patch \
            "
 SRC_URI[md5sum] = "1b767c259c3cd8e0c8496970f63c22dc"
 SRC_URI[sha256sum] = "c5e47ea9026fb60da1944da9888b4e0a18854a0e2410bbfe7ad90a054d36e0c7"
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391 Steve Sakoman
                   ` (11 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Pawan Badganchi <badganchipv@gmail.com>

Add below patch to fix CVE-2022-1215

CVE-2022-1215.patch
Link: https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28

Signed-off-by: Pawan Badganchi<badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../wayland/libinput/CVE-2022-1215.patch      | 360 ++++++++++++++++++
 .../wayland/libinput_1.15.2.bb                |   1 +
 2 files changed, 361 insertions(+)
 create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch

diff --git a/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch b/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
new file mode 100644
index 0000000000..313c0c5eb2
--- /dev/null
+++ b/meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
@@ -0,0 +1,360 @@
+From 2a8b8fde90d63d48ce09ddae44142674bbca1c28 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 30 Mar 2022 09:25:22 +1000
+Subject: [PATCH] evdev: strip the device name of format directives
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes a format string vulnerabilty.
+
+evdev_log_message() composes a format string consisting of a fixed
+prefix (including the rendered device name) and the passed-in format
+buffer. This format string is then passed with the arguments to the
+actual log handler, which usually and eventually ends up being printf.
+
+If the device name contains a printf-style format directive, these ended
+up in the format string and thus get interpreted correctly, e.g. for a
+device "Foo%sBar" the log message vs printf invocation ends up being:
+  evdev_log_message(device, "some message %s", "some argument");
+  printf("event9 - Foo%sBar: some message %s", "some argument");
+
+This can enable an attacker to execute malicious code with the
+privileges of the process using libinput.
+
+To exploit this, an attacker needs to be able to create a kernel device
+with a malicious name, e.g. through /dev/uinput or a Bluetooth device.
+
+To fix this, convert any potential format directives in the device name
+by duplicating percentages.
+
+Pre-rendering the device to avoid the issue altogether would be nicer
+but the current log level hooks do not easily allow for this. The device
+name is the only user-controlled part of the format string.
+
+A second potential issue is the sysname of the device which is also
+sanitized.
+
+This issue was found by Albin Eldstål-Ahrens and Benjamin Svensson from
+Assured AB, and independently by Lukas Lamster.
+
+Fixes #752
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+(cherry picked from commit a423d7d3269dc32a87384f79e29bb5ac021c83d1)
+
+CVE: CVE-2022-1215
+Upstream Status: Backport [https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+
+---
+ meson.build                        |  1 +
+ src/evdev.c                        | 31 +++++++++++------
+ src/evdev.h                        |  6 ++--
+ src/util-strings.h                 | 30 ++++++++++++++++
+ test/litest-device-format-string.c | 56 ++++++++++++++++++++++++++++++
+ test/litest.h                      |  1 +
+ test/test-utils.c                  | 26 ++++++++++++++
+ 7 files changed, 139 insertions(+), 12 deletions(-)
+ create mode 100644 test/litest-device-format-string.c
+
+diff --git a/meson.build b/meson.build
+index 90f528e6..1f6159e7 100644
+--- a/meson.build
++++ b/meson.build
+@@ -787,6 +787,7 @@
+ 		'test/litest-device-dell-canvas-totem-touch.c',
+ 		'test/litest-device-elantech-touchpad.c',
+ 		'test/litest-device-elan-tablet.c',
++		'test/litest-device-format-string.c',
+ 		'test/litest-device-generic-singletouch.c',
+ 		'test/litest-device-gpio-keys.c',
+ 		'test/litest-device-huion-pentablet.c',
+diff --git a/src/evdev.c b/src/evdev.c
+index 6d81f58f..d1c35c07 100644
+--- a/src/evdev.c
++++ b/src/evdev.c
+@@ -2356,19 +2356,19 @@ evdev_device_create(struct libinput_seat *seat,
+ 	struct libinput *libinput = seat->libinput;
+ 	struct evdev_device *device = NULL;
+ 	int rc;
+-	int fd;
++	int fd = -1;
+ 	int unhandled_device = 0;
+ 	const char *devnode = udev_device_get_devnode(udev_device);
+-	const char *sysname = udev_device_get_sysname(udev_device);
++	char *sysname = str_sanitize(udev_device_get_sysname(udev_device));
+ 
+ 	if (!devnode) {
+ 		log_info(libinput, "%s: no device node associated\n", sysname);
+-		return NULL;
++		goto err;
+ 	}
+ 
+ 	if (udev_device_should_be_ignored(udev_device)) {
+ 		log_debug(libinput, "%s: device is ignored\n", sysname);
+-		return NULL;
++		goto err;
+ 	}
+ 
+ 	/* Use non-blocking mode so that we can loop on read on
+@@ -2382,13 +2382,15 @@ evdev_device_create(struct libinput_seat *seat,
+ 			 sysname,
+ 			 devnode,
+ 			 strerror(-fd));
+-		return NULL;
++		goto err;
+ 	}
+ 
+ 	if (!evdev_device_have_same_syspath(udev_device, fd))
+ 		goto err;
+ 
+ 	device = zalloc(sizeof *device);
++	device->sysname = sysname;
++	sysname = NULL;
+ 
+ 	libinput_device_init(&device->base, seat);
+ 	libinput_seat_ref(seat);
+@@ -2411,6 +2413,9 @@ evdev_device_create(struct libinput_seat *seat,
+ 	device->dispatch = NULL;
+ 	device->fd = fd;
+ 	device->devname = libevdev_get_name(device->evdev);
++	/* the log_prefix_name is used as part of a printf format string and
++	 * must not contain % directives, see evdev_log_msg */
++	device->log_prefix_name = str_sanitize(device->devname);
+ 	device->scroll.threshold = 5.0; /* Default may be overridden */
+ 	device->scroll.direction_lock_threshold = 5.0; /* Default may be overridden */
+ 	device->scroll.direction = 0;
+@@ -2238,9 +2238,14 @@
+ 	return device;
+ 
+ err:
+-	close_restricted(libinput, fd);
+-	if (device)
+-		evdev_device_destroy(device);
++	if (fd >= 0) {
++		close_restricted(libinput, fd);
++		if (device) {
++			unhandled_device = device->seat_caps == 0;
++			evdev_device_destroy(device);
++		}
++            }
++        free(sysname);
+ 
+ 	return unhandled_device ? EVDEV_UNHANDLED_DEVICE :  NULL;
+ }
+@@ -2469,7 +2478,7 @@ evdev_device_get_output(struct evdev_device *device)
+ const char *
+ evdev_device_get_sysname(struct evdev_device *device)
+ {
+-	return udev_device_get_sysname(device->udev_device);
++	return device->sysname;
+ }
+ 
+ const char *
+@@ -3066,6 +3075,8 @@ evdev_device_destroy(struct evdev_device *device)
+ 	if (device->base.group)
+ 		libinput_device_group_unref(device->base.group);
+ 
++	free(device->log_prefix_name);
++	free(device->sysname);
+ 	free(device->output_name);
+ 	filter_destroy(device->pointer.filter);
+ 	libinput_timer_destroy(&device->scroll.timer);
+diff --git a/src/evdev.h b/src/evdev.h
+index c7d130f8..980c5943 100644
+--- a/src/evdev.h
++++ b/src/evdev.h
+@@ -169,6 +169,8 @@ struct evdev_device {
+ 	struct udev_device *udev_device;
+ 	char *output_name;
+ 	const char *devname;
++	char *log_prefix_name;
++	char *sysname;
+ 	bool was_removed;
+ 	int fd;
+ 	enum evdev_device_seat_capability seat_caps;
+@@ -786,7 +788,7 @@ evdev_log_msg(struct evdev_device *device,
+ 		 sizeof(buf),
+ 		 "%-7s - %s%s%s",
+ 		 evdev_device_get_sysname(device),
+-		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->devname : "",
++		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->log_prefix_name : "",
+ 		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  ": " : "",
+ 		 format);
+ 
+@@ -824,7 +826,7 @@ evdev_log_msg_ratelimit(struct evdev_device *device,
+ 		 sizeof(buf),
+ 		 "%-7s - %s%s%s",
+ 		 evdev_device_get_sysname(device),
+-		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->devname : "",
++		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  device->log_prefix_name : "",
+ 		 (priority > LIBINPUT_LOG_PRIORITY_DEBUG) ?  ": " : "",
+ 		 format);
+ 
+diff --git a/src/util-strings.h b/src/util-strings.h
+index 2a15fab3..d5a84146 100644
+--- a/src/util-strings.h
++++ b/src/util-strings.h
+@@ -42,6 +42,7 @@
+ #ifdef HAVE_XLOCALE_H
+ #include <xlocale.h>
+ #endif
++#include "util-macros.h"
+ 
+ #define streq(s1, s2) (strcmp((s1), (s2)) == 0)
+ #define strneq(s1, s2, n) (strncmp((s1), (s2), (n)) == 0)
+@@ -312,3 +313,31 @@
+ 	free(result);
+ 	return -1;
+ }
++
++/**
++ * Return a copy of str with all % converted to %% to make the string
++ * acceptable as printf format.
++ */
++static inline char *
++str_sanitize(const char *str)
++{
++	if (!str)
++		return NULL;
++
++	if (!strchr(str, '%'))
++		return strdup(str);
++
++	size_t slen = min(strlen(str), 512);
++	char *sanitized = zalloc(2 * slen + 1);
++	const char *src = str;
++	char *dst = sanitized;
++
++	for (size_t i = 0; i < slen; i++) {
++		if (*src == '%')
++			*dst++ = '%';
++		*dst++ = *src++;
++	}
++	*dst = '\0';
++
++	return sanitized;
++}
+diff --git a/test/litest-device-format-string.c b/test/litest-device-format-string.c
+new file mode 100644
+index 00000000..aed15db4
+--- /dev/null
++++ b/test/litest-device-format-string.c
+@@ -0,0 +1,56 @@
++
++/*
++ * Copyright © 2013 Red Hat, Inc.
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a
++ * copy of this software and associated documentation files (the "Software"),
++ * to deal in the Software without restriction, including without limitation
++ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
++ * and/or sell copies of the Software, and to permit persons to whom the
++ * Software is furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice (including the next
++ * paragraph) shall be included in all copies or substantial portions of the
++ * Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
++ * DEALINGS IN THE SOFTWARE.
++ */
++
++#include "config.h"
++
++#include "litest.h"
++#include "litest-int.h"
++
++static struct input_id input_id = {
++	.bustype = 0x3,
++	.vendor = 0x0123,
++	.product = 0x0456,
++};
++
++static int events[] = {
++	EV_KEY, BTN_LEFT,
++	EV_KEY, BTN_RIGHT,
++	EV_KEY, BTN_MIDDLE,
++	EV_REL, REL_X,
++	EV_REL, REL_Y,
++	EV_REL, REL_WHEEL,
++	EV_REL, REL_WHEEL_HI_RES,
++	-1 , -1,
++};
++
++TEST_DEVICE("mouse-format-string",
++	.type = LITEST_MOUSE_FORMAT_STRING,
++	.features = LITEST_RELATIVE | LITEST_BUTTON | LITEST_WHEEL,
++	.interface = NULL,
++
++	.name = "Evil %s %d %x Mouse %p %",
++	.id = &input_id,
++	.absinfo = NULL,
++	.events = events,
++)
+diff --git a/test/litest.h b/test/litest.h
+index 4982e516..1b1daa90 100644
+--- a/test/litest.h
++++ b/test/litest.h
+@@ -303,6 +303,7 @@
+ 	LITEST_ALPS_3FG,
+ 	LITEST_ELAN_TABLET,
+ 	LITEST_ABSINFO_OVERRIDE,
++        LITEST_MOUSE_FORMAT_STRING,
+ };
+ 
+ #define LITEST_DEVICELESS	-2
+diff --git a/test/test-utils.c b/test/test-utils.c
+index 989adecd..e80754be 100644
+--- a/test/test-utils.c
++++ b/test/test-utils.c
+@@ -1267,6 +1267,31 @@ START_TEST(strstartswith_test)
+ }
+ END_TEST
+ 
++START_TEST(strsanitize_test)
++{
++	struct strsanitize_test {
++		const char *string;
++		const char *expected;
++	} tests[] = {
++		{ "foobar", "foobar" },
++		{ "", "" },
++		{ "%", "%%" },
++		{ "%%%%", "%%%%%%%%" },
++		{ "x %s", "x %%s" },
++		{ "x %", "x %%" },
++		{ "%sx", "%%sx" },
++		{ "%s%s", "%%s%%s" },
++		{ NULL, NULL },
++	};
++
++	for (struct strsanitize_test *t = tests; t->string; t++) {
++		char *sanitized = str_sanitize(t->string);
++		ck_assert_str_eq(sanitized, t->expected);
++		free(sanitized);
++	}
++}
++END_TEST
++
+ START_TEST(list_test_insert)
+ {
+ 	struct list_test {
+@@ -1138,6 +1138,7 @@
+ 	tcase_add_test(tc, strsplit_test);
+ 	tcase_add_test(tc, kvsplit_double_test);
+ 	tcase_add_test(tc, strjoin_test);
++	tcase_add_test(tc, strsanitize_test);
+ 	tcase_add_test(tc, time_conversion);
+ 
+ 	tcase_add_test(tc, list_test_insert);
+
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/wayland/libinput_1.15.2.bb b/meta/recipes-graphics/wayland/libinput_1.15.2.bb
index 810532774e..d7927d132a 100644
--- a/meta/recipes-graphics/wayland/libinput_1.15.2.bb
+++ b/meta/recipes-graphics/wayland/libinput_1.15.2.bb
@@ -14,6 +14,7 @@ DEPENDS = "libevdev udev mtdev"
 
 SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz \
            file://determinism.patch \
+           file://CVE-2022-1215.patch \
            "
 SRC_URI[md5sum] = "eb6bd2907ad33d53954d70dfb881a643"
 SRC_URI[sha256sum] = "971c3fbfb624f95c911adeb2803c372e4e3647d1b98f278f660051f834597747"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215 Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192 Steve Sakoman
                   ` (10 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.

https://nvd.nist.gov/vuln/detail/CVE-2022-28391

Backported from kirkstone 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4.
2nd patch adjusted to apply on 1.31.1.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...tr-ensure-only-printable-characters-.patch | 38 +++++++++++
 ...e-all-printed-strings-with-printable.patch | 64 +++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |  2 +
 3 files changed, 104 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch

diff --git a/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
new file mode 100644
index 0000000000..18bf5f19e4
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
@@ -0,0 +1,38 @@
+From c7e181fdf58c392e06ab805e2c044c3e57d5445a Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Sun, 3 Apr 2022 12:14:33 +0000
+Subject: [PATCH] libbb: sockaddr2str: ensure only printable characters are
+ returned for the hostname part
+
+CVE: CVE-2022-28391
+Upstream-Status: Pending
+Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ libbb/xconnect.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libbb/xconnect.c b/libbb/xconnect.c
+index eb2871cb1..b5520bb21 100644
+--- a/libbb/xconnect.c
++++ b/libbb/xconnect.c
+@@ -501,8 +501,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ 	);
+ 	if (rc)
+ 		return NULL;
++	/* ensure host contains only printable characters */
+ 	if (flags & IGNORE_PORT)
+-		return xstrdup(host);
++		return xstrdup(printable_string(host));
+ #if ENABLE_FEATURE_IPV6
+ 	if (sa->sa_family == AF_INET6) {
+ 		if (strchr(host, ':')) /* heh, it's not a resolved hostname */
+@@ -513,7 +514,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ #endif
+ 	/* For now we don't support anything else, so it has to be INET */
+ 	/*if (sa->sa_family == AF_INET)*/
+-		return xasprintf("%s:%s", host, serv);
++		return xasprintf("%s:%s", printable_string(host), serv);
+ 	/*return xstrdup(host);*/
+ }
+ 
diff --git a/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
new file mode 100644
index 0000000000..2c9da33a51
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
@@ -0,0 +1,64 @@
+From f8ad7c331b25ba90fd296b37c443b4114cb196e2 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Sun, 3 Apr 2022 12:16:45 +0000
+Subject: [PATCH] nslookup: sanitize all printed strings with printable_string
+
+Otherwise, terminal sequences can be injected, which enables various terminal injection
+attacks from DNS results.
+
+MJ: One chunk wasn't applicable on 1.31.1 version, because parsing of
+SRV records was added only in newer 1.32.0 with:
+  commit 6b4960155e94076bf25518e4e268a7a5f849308e
+  Author: Jo-Philipp Wich <jo@mein.io>
+  Date:   Thu Jun 27 17:27:29 2019 +0200
+
+    nslookup: implement support for SRV records
+
+CVE: CVE-2022-28391
+Upstream-Status: Pending
+Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ networking/nslookup.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/networking/nslookup.c b/networking/nslookup.c
+index 24e09d4f0..89b9c8a13 100644
+--- a/networking/nslookup.c
++++ b/networking/nslookup.c
+@@ -404,7 +404,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 				//printf("Unable to uncompress domain: %s\n", strerror(errno));
+ 				return -1;
+ 			}
+-			printf(format, ns_rr_name(rr), dname);
++			printf(format, ns_rr_name(rr), printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_mx:
+@@ -419,7 +419,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 				//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
+ 				return -1;
+ 			}
+-			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
++			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_txt:
+@@ -431,7 +431,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 			if (n > 0) {
+ 				memset(dname, 0, sizeof(dname));
+ 				memcpy(dname, ns_rr_rdata(rr) + 1, n);
+-				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
++				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
+ 			}
+ 			break;
+ 
+@@ -461,7 +461,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 				return -1;
+ 			}
+ 
+-			printf("\tmail addr = %s\n", dname);
++			printf("\tmail addr = %s\n", printable_string(dname));
+ 			cp += n;
+ 
+ 			printf("\tserial = %lu\n", ns_get32(cp));
diff --git a/meta/recipes-core/busybox/busybox_1.31.1.bb b/meta/recipes-core/busybox/busybox_1.31.1.bb
index 38b448b3e1..d062f0f7dd 100644
--- a/meta/recipes-core/busybox/busybox_1.31.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.31.1.bb
@@ -55,6 +55,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://CVE-2021-42374.patch \
            file://CVE-2021-42376.patch \
            file://CVE-2021-423xx-awk.patch \
+           file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
+           file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
            "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (2 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391 Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task Steve Sakoman
                   ` (9 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    1d72b776f6dc Linux 5.4.192
    aa2a047b5842 mm, hugetlb: allow for "high" userspace addresses
    6a79b2433eb1 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
    b69e60f6fc00 tty: n_gsm: fix incorrect UA handling
    0f4be29febdc tty: n_gsm: fix wrong command frame length field encoding
    21cc640385b4 tty: n_gsm: fix wrong command retry handling
    49c40febd45c tty: n_gsm: fix missing explicit ldisc flush
    85522dcf0053 tty: n_gsm: fix insufficient txframe size
    563bb0f794ca netfilter: nft_socket: only do sk lookups when indev is available
    fae209521000 tty: n_gsm: fix malformed counter for out of frame data
    cec2d0782a7b tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
    a6d9847a4f82 x86/cpu: Load microcode during restore_processor_state()
    9e9d12b81df6 net: ethernet: stmmac: fix write to sgmii_adapter_base
    10ba1ac9a22a drivers: net: hippi: Fix deadlock in rr_close()
    a8275219759e cifs: destage any unwritten data to the server before calling copychunk_write
    5335370366a3 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
    0ecc5304e80a ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
    781571034993 ASoC: wm8731: Disable the regulator when probing fails
    a71df406a6a5 tcp: fix F-RTO may not work correctly when receiving DSACK
    a4ed61e30e32 ixgbe: ensure IPsec VF<->PF compatibility
    406aaef0feae bnx2x: fix napi API usage sequence
    c3e7ea58608a tls: Skip tls_append_frag on zero copy size
    cd5cec3a0c8f drm/amd/display: Fix memory leak in dcn21_clock_source_create
    ffce11a39102 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
    3a179538bfd7 net: bcmgenet: hide status block before TX timestamping
    8ef6d60aa2f1 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
    194f474ad9b4 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
    e80054ea0cde tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
    685ff7d24487 ip_gre: Make o_seqno start from 0 in native mode
    69555bb27b2e net/smc: sync err code when tcp connection was refused
    daca23846eb3 net: hns3: add validity check for message data length
    7763a7956632 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
    f5bb5940d754 pinctrl: pistachio: fix use of irq_of_parse_and_map()
    d22fc603694b arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
    68f5200a1f60 ARM: dts: imx6ull-colibri: fix vqmmc regulator
    c45180375afd sctp: check asoc strreset_chunk in sctp_generate_reconf_event
    2cba635570d8 tcp: ensure to use the most recently sent skb when filling the rate sample
    3ea6190be92f tcp: md5: incorrect tcp_header_len for incoming connections
    2b9a13d98dfc bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
    2e7f70d324ef mtd: rawnand: Fix return value check of wait_for_completion_timeout
    2a36ba067b36 ipvs: correctly print the memory size of ip_vs_conn_tab
    abe86a10dc5c ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
    54212850e38f ARM: dts: am3517-evm: Fix misc pinmuxing
    bba67fe6b022 ARM: dts: Fix mmc order for omap3-gta04
    416e0f890732 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
    6ff7c1b827c8 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
    59bdaed5dd73 ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
    dbce8fc16a08 phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
    b7fc45354be6 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
    dd99939b70c4 phy: samsung: exynos5250-sata: fix missing device put in probe error paths
    6331b77fdc17 phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
    fccbc3168e5e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
    b8f0c19d4864 USB: Fix xhci event ring dequeue pointer ERDP update issue
    1f47c2625773 mtd: rawnand: fix ecc parameters for mt7622
    0405bd7f1888 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
    5f80b5c5f406 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    f6db63819db6 video: fbdev: udlfb: properly check endpoint type
    c00f3892f4f0 hex2bin: fix access beyond string end
    15b78a8e38e8 hex2bin: make the function hex_to_bin constant-time
    73f4668ee875 arch_topology: Do not set llc_sibling if llc_id is invalid
    a3cdd33ca163 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    89a5728b053c serial: 8250: Also set sticky MCR bits in console restoration
    42f749f2232a serial: imx: fix overrun interrupts in DMA mode
    d29c197df7fa usb: dwc3: gadget: Return proper request status
    0f3d081315c5 usb: dwc3: core: Fix tx/rx threshold settings
    e2ec7b1f6a06 usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
    debb276670b0 usb: gadget: uvc: Fix crash when encoding data for usb request
    324e67c3b2fc usb: typec: ucsi: Fix role swapping
    0366beb40239 usb: misc: fix improper handling of refcount in uss720_probe()
    2c97a2b5ef84 iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    e82c726c94ec iio: dac: ad5446: Fix read_raw not returning set value
    1aea30f87c65 iio: dac: ad5592r: Fix the missing return value.
    1e8716a5c087 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    b8d3a4681f28 xhci: stop polling roothubs after shutdown
    c8fbc2f875b6 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    68088dec9b3c USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    56cbdb9d958a USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    6b10dd966c12 USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    890fc65448ea USB: quirks: add STRING quirk for VCOM device
    c4b31d41f5f2 USB: quirks: add a Realtek card reader
    5666334ce3bf usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    b2589647008f lightnvm: disable the subsystem
    c9af90f0c6b8 hamradio: remove needs_free_netdev to avoid UAF
    7361a35bf330 hamradio: defer 6pack kfree after unregister_netdev
    7dea5913000c floppy: disable FDRAWCMD by default
    4426e6017f73 Linux 5.4.191
    3c946909a3ed Revert "net: micrel: fix KS8851_MLL Kconfig"
    c028b81d062e block/compat_ioctl: fix range check in BLKGETSIZE
    27da8d16e4f0 staging: ion: Prevent incorrect reference counting behavour
    cb158b152ea6 spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
    1b6ad2421084 jbd2: fix a potential race while discarding reserved buffers after an abort
    0b1ba14ab263 ext4: force overhead calculation if the s_overhead_cluster makes no sense
    425301ef608a ext4: fix overhead calculation to account for the reserved gdt blocks
    ea9c206111ea ext4, doc: fix incorrect h_reserved size
    259dc49deaa2 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
    faadbf7ac4f2 ext4: fix use-after-free in ext4_search_dir
    0309665eb244 ext4: fix symlink file size not match to file content
    ddfe3babc546 arm_pmu: Validate single/group leader events
    852b02d1f808 ARC: entry: fix syscall_trace_exit argument
    016ba7cbed57 e1000e: Fix possible overflow in LTR decoding
    1217cf141b24 ASoC: soc-dapm: fix two incorrect uses of list iterator
    aa7070556087 openvswitch: fix OOB access in reserve_sfa_size()
    d24e0d9d691b xtensa: fix a7 clobbering in coprocessor context load/store
    4c26a96d0c29 xtensa: patch_text: Fixup last cpu should be master
    8d6937c1e093 powerpc/perf: Fix power9 event alternatives
    0dafb826ed70 drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
    013231f75fce KVM: PPC: Fix TCE handling for VFIO
    9cf05812cb10 drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
    4f08e85ca0fc drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    23f0ba5585a5 dma: at_xdmac: fix a missing check on list iterator
    a22f3c99268c ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    0441d3e95bca oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
    530d32ac52f7 EDAC/synopsys: Read the error count from the correct register
    91367af460da stat: fix inconsistency between struct stat and struct compat_stat
    837e319ebe62 scsi: qedi: Fix failed disconnect handling
    4b813ce289ed net: macb: Restart tx only if queue pointer is lagging
    a1419bee4dde drm/msm/mdp5: check the return of kzalloc()
    80b188da30aa dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
    46f9fa0a6632 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    12a753edd963 mt76: Fix undefined behavior due to shift overflowing the constant
    7c48a6e62ddb cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    435142fbdcc0 vxlan: fix error return code in vxlan_fdb_append
    99c2d9a52f37 ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
    3e28d157e5f2 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
    54be94d33660 reset: tegra-bpmp: Restore Handle errors in BPMP response
    0cb2c00dd1ab ARM: vexpress/spc: Avoid negative array index when !SMP
    3a5ad1b8db9f selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
    d37295129efa netlink: reset network and mac headers in netlink_dump()
    4c4f2a019ff9 l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
    8c5ca6492a86 net/sched: cls_u32: fix possible leak in u32_init_knode()
    f883def54654 net/packet: fix packet_sock xmit return value checking
    e1bc684c81f1 net/smc: Fix sock leak when release after smc_shutdown()
    f10e5c9f226c rxrpc: Restore removed timer deletion
    9a9c48159365 igc: Fix BUG: scheduling while atomic
    f9d5d17d234f igc: Fix infinite loop in release_swfw_sync
    6d6271dbbbe5 dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
    65c36555bd7d dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    ccf554d148eb ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
    6a20bf46c625 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    6a54979c7830 ALSA: usb-audio: Clear MIDI port active flag after draining
    9c99aacfb4c6 tcp: Fix potential use-after-free due to double kfree()
    5a4f3eba211a net/sched: cls_u32: fix netns refcount changes in u32_change()
    b01b700e0c5a tcp: fix race condition when creating child sockets from syncookies
    ebb3b84596bd gfs2: assign rgrp glock before compute_bitstructs
    660784e7194a can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
    2da11442a1e3 tracing: Dump stacktrace trigger to the corresponding instance
    bad7ed55756f mm: page_alloc: fix building error on -Werror=array-compare
    ac94e87675b2 etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 764a875699..bf5359d120 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "5b157591793811a9d226866d9f8acde817339fe9"
-SRCREV_meta ?= "6a12bea7312868626062fe8206ce3c5bcb7c9101"
+SRCREV_machine ?= "24d323fa0e17bcd62c9cfe1fd4153c304a06f38c"
+SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.190"
+LINUX_VERSION ?= "5.4.192"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 7be0f31eb0..dee636aca5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.190"
+LINUX_VERSION ?= "5.4.192"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "25567bdff9816844f3b9e09cdb490d7c7bfb4edb"
-SRCREV_machine ?= "36a8131ee4418c5f8883ff165833776746e61e84"
-SRCREV_meta ?= "6a12bea7312868626062fe8206ce3c5bcb7c9101"
+SRCREV_machine_qemuarm ?= "460de085c07ab1a221317e6804c13657456c5368"
+SRCREV_machine ?= "b414a2fc5ce5f68c33d297d9cde4fef5437b773b"
+SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 23a5abb2c6..680f40d208 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "c4efc0b0650c3d2a7a321a6ba5fe612b7d14bd3f"
-SRCREV_machine_qemuarm64 ?= "c5b5ccb7df29d44c4e3d71d0e2ccf3e8a462a7f0"
-SRCREV_machine_qemumips ?= "addad5fd9e5c386a4b06938ae73de42292d552be"
-SRCREV_machine_qemuppc ?= "ee0f3e8a7de91b0520da532f87f8deeb91a92e27"
-SRCREV_machine_qemuriscv64 ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44"
-SRCREV_machine_qemux86 ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44"
-SRCREV_machine_qemux86-64 ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44"
-SRCREV_machine_qemumips64 ?= "971edcacc688c0deb078f4643125c5c5372010c5"
-SRCREV_machine ?= "d9d6c6e0d0a9a52f9acd488036a5ed6409352f44"
-SRCREV_meta ?= "6a12bea7312868626062fe8206ce3c5bcb7c9101"
+SRCREV_machine_qemuarm ?= "68a2ce69aaf2e8d96eef4aaccd70fc0ef7368a46"
+SRCREV_machine_qemuarm64 ?= "acfed0930d37a714d705645ff7cfbfbd0ad040e7"
+SRCREV_machine_qemumips ?= "e7046a2c8972e925cd2e6ac7f392abe87cbec5f5"
+SRCREV_machine_qemuppc ?= "997e06e0af674c27627eaa76a60b2f63cb16f38d"
+SRCREV_machine_qemuriscv64 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
+SRCREV_machine_qemux86 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
+SRCREV_machine_qemux86-64 ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
+SRCREV_machine_qemumips64 ?= "7b526cde12d78604b6f1e1ad62da31dcb729f35f"
+SRCREV_machine ?= "85f0668fea1442bbcc2c8b1509d9f711b4b73649"
+SRCREV_meta ?= "3fecb08507e286d1458497faaf31d1a07cc7d373"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.190"
+LINUX_VERSION ?= "5.4.192"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (3 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192 Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only Steve Sakoman
                   ` (8 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Ross Burton <ross.burton@arm.com>

The only part of the cve-check task which needs files is the patch
examination, and typically these patches are local so fetch isn't needed.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 3dc8edd6611e7ad4abcece44ca4701eda7aeff94)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index a7156cbdfb..41b4eb2dbf 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -121,7 +121,7 @@ python do_cve_check () {
 
 }
 
-addtask cve_check before do_build after do_fetch
+addtask cve_check before do_build
 do_cve_check[depends] = "cve-update-db-native:do_fetch"
 do_cve_check[nostamp] = "1"
 
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (4 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval Steve Sakoman
                   ` (7 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Marta Rybczynska <rybczynska@gmail.com>

The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.

As the NVD database changes usually only once a day, we can just
update it less frequently.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 88f2fb1581a17b2cf59a694ca9afb89e38ed40b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 50052f8532..a6144979f0 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -42,10 +42,10 @@ python do_fetch() {
         if os.path.exists(db_file):
             os.remove(db_file)
 
-    # Don't refresh the database more than once an hour
+    # The NVD database changes once a day, so no need to update more frequently
     try:
         import time
-        if time.time() - os.path.getmtime(db_file) < (60*60):
+        if time.time() - os.path.getmtime(db_file) < (24*60*60):
             return
     except OSError:
         pass
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (5 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 08/14] cve-check: add JSON format to summary output Steve Sakoman
                   ` (6 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Marta Rybczynska <rybczynska@gmail.com>

Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
 - a positive value sets an interval (in seconds)
 - a zero ("0") forces the database update

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index a6144979f0..594bf947c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -12,6 +12,10 @@ deltask do_compile
 deltask do_install
 deltask do_populate_sysroot
 
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
+
 python () {
     if not bb.data.inherits_class("cve-check", d):
         raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -43,10 +47,15 @@ python do_fetch() {
             os.remove(db_file)
 
     # The NVD database changes once a day, so no need to update more frequently
+    # Allow the user to force-update
     try:
         import time
-        if time.time() - os.path.getmtime(db_file) < (24*60*60):
+        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+        if (update_interval < 0):
+            update_interval = 0
+        if time.time() - os.path.getmtime(db_file) < update_interval:
             return
+
     except OSError:
         pass
 
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 08/14] cve-check: add JSON format to summary output
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (6 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal Steve Sakoman
                   ` (5 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Davide Gardenal <davidegarde2000@gmail.com>

Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 51 ++++++++++++++++++++++------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 41b4eb2dbf..350ed8ec39 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -75,6 +75,30 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
 # set to "alphabetical" for version using single alphabetical character as increment release
 CVE_VERSION_SUFFIX ??= ""
 
+def generate_json_report(out_path, link_path):
+    if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
+        import json
+        from oe.cve_check import cve_check_merge_jsons
+
+        bb.note("Generating JSON CVE summary")
+        index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
+        summary = {"version":"1", "package": []}
+        with open(index_file) as f:
+            filename = f.readline()
+            while filename:
+                with open(filename.rstrip()) as j:
+                    data = json.load(j)
+                    cve_check_merge_jsons(summary, data)
+                filename = f.readline()
+
+        with open(out_path, "w") as f:
+            json.dump(summary, f, indent=2)
+
+        if link_path != out_path:
+            if os.path.exists(os.path.realpath(link_path)):
+                os.remove(link_path)
+            os.symlink(os.path.basename(out_path), link_path)
+
 python cve_save_summary_handler () {
     import shutil
     import datetime
@@ -97,6 +121,11 @@ python cve_save_summary_handler () {
             if os.path.exists(os.path.realpath(cvefile_link)):
                 os.remove(cvefile_link)
             os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+
+        json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
+        json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
+        generate_json_report(json_summary_name, json_summary_link_name)
+        bb.plain("CVE report summary created at: %s" % json_summary_link_name)
 }
 
 addhandler cve_save_summary_handler
@@ -170,25 +199,11 @@ python cve_check_write_rootfs_manifest () {
             os.symlink(os.path.basename(manifest_name), manifest_link)
             bb.plain("Image CVE report stored in: %s" % manifest_name)
 
-    if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
-        import json
+        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
+        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
         bb.note("Generating JSON CVE manifest")
-        deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
-        link_name = d.getVar("IMAGE_LINK_NAME")
-        manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
-        index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
-        manifest = {"version":"1", "package": []}
-        with open(index_file) as f:
-            filename = f.readline()
-            while filename:
-                with open(filename.rstrip()) as j:
-                    data = json.load(j)
-                    cve_check_merge_jsons(manifest, data)
-                filename = f.readline()
-
-        with open(manifest_name, "w") as f:
-            json.dump(manifest, f, indent=2)
-        bb.plain("Image CVE report stored in: %s" % manifest_name)
+        generate_json_report(json_summary_name, json_summary_link_name)
+        bb.plain("Image CVE JSON report stored in: %s" % link_path)
 }
 
 ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (7 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 08/14] cve-check: add JSON format to summary output Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no Steve Sakoman
                   ` (4 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Davide Gardenal <davidegarde2000@gmail.com>

An if statement now checks if the link and output path are
the same, if they are then the link is not created,
otherwise it is.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 350ed8ec39..ac9f0fb22c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -117,10 +117,11 @@ python cve_save_summary_handler () {
 
         if cve_summary_file and os.path.exists(cve_summary_file):
             cvefile_link = os.path.join(cvelogpath, cve_summary_name)
-
-            if os.path.exists(os.path.realpath(cvefile_link)):
-                os.remove(cvefile_link)
-            os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+            # if the paths are the same don't create the link
+            if cvefile_link != cve_summary_file:
+                if os.path.exists(os.path.realpath(cvefile_link)):
+                    os.remove(cvefile_link)
+                os.symlink(os.path.basename(cve_summary_file), cvefile_link)
 
         json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
         json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
@@ -193,10 +194,12 @@ python cve_check_write_rootfs_manifest () {
 
         if manifest_name and os.path.exists(manifest_name):
             manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)
-            # If we already have another manifest, update symlinks
-            if os.path.exists(os.path.realpath(manifest_link)):
-                os.remove(manifest_link)
-            os.symlink(os.path.basename(manifest_name), manifest_link)
+            # if they are the same don't create the link
+            if manifest_link != manifest_name:
+                # If we already have another manifest, update symlinks
+                if os.path.exists(os.path.realpath(manifest_link)):
+                    os.remove(manifest_link)
+                os.symlink(os.path.basename(manifest_name), manifest_link)
             bb.plain("Image CVE report stored in: %s" % manifest_name)
 
         link_path = os.path.join(deploy_dir, "%s.json" % link_name)
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (8 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal Steve Sakoman
                   ` (3 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Portia <stephensportia@gmail.com>

The systemd-unit parameter DefaultDependencies changed from true/false
to yes/no. This changed in systemd in v242.

Signed-off-by: Portia Stephens <stephensportia@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 9da23a2b912edd043037a8e2e1047f7f3ba6886a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../recipes-core/volatile-binds/files/volatile-binds.service.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
index b23355a714..4b34ebd12d 100644
--- a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
+++ b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
@@ -1,6 +1,6 @@
 [Unit]
 Description=Bind mount volatile @where@
-DefaultDependencies=false
+DefaultDependencies=no
 Before=local-fs.target
 RequiresMountsFor=@whatparent@ @whereparent@
 ConditionPathIsReadWrite=@whatparent@
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (9 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts Steve Sakoman
                   ` (2 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Davide Gardenal <davidegarde2000@gmail.com>

When creating the manifest and the testdata.json links, if the link
name is equal to the output name the link is not created, otherwise
it is. This prevents a link-to-self in the first case.

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/rootfs-postcommands.bbclass | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index c43b9a9823..0fef52af40 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -267,9 +267,10 @@ python write_image_manifest () {
 
     if os.path.exists(manifest_name) and link_name:
         manifest_link = deploy_dir + "/" + link_name + ".manifest"
-        if os.path.lexists(manifest_link):
-            os.remove(manifest_link)
-        os.symlink(os.path.basename(manifest_name), manifest_link)
+        if manifest_link != manifest_name:
+            if os.path.lexists(manifest_link):
+                os.remove(manifest_link)
+            os.symlink(os.path.basename(manifest_name), manifest_link)
 }
 
 # Can be used to create /etc/timestamp during image construction to give a reasonably
@@ -339,9 +340,10 @@ python write_image_test_data() {
 
     if os.path.exists(testdata_name) and link_name:
         testdata_link = os.path.join(deploy_dir, "%s.testdata.json" % link_name)
-        if os.path.lexists(testdata_link):
-            os.remove(testdata_link)
-        os.symlink(os.path.basename(testdata_name), testdata_link)
+        if testdata_link != testdata_name:
+            if os.path.lexists(testdata_link):
+                os.remove(testdata_link)
+            os.symlink(os.path.basename(testdata_name), testdata_link)
 }
 write_image_test_data[vardepsexclude] += "TOPDIR"
 
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (10 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 13/14] scripts: Make git intercept global Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references Steve Sakoman
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We'd like to intercept git calls but we don't want circular references
and HOSTTOOLS currently sets them up. Tweak to avoid them.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/base.bbclass | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 9ed736b0e1..19604a4646 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -122,6 +122,10 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
     tools = d.getVar(toolsvar).split()
     origbbenv = d.getVar("BB_ORIGENV", False)
     path = origbbenv.getVar("PATH")
+    # Need to ignore our own scripts directories to avoid circular links
+    for p in path.split(":"):
+        if p.endswith("/scripts"):
+            path = path.replace(p, "/ignoreme")
     bb.utils.mkdirhier(dest)
     notfound = []
     for tool in tools:
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 13/14] scripts: Make git intercept global
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (11 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  2022-05-11 18:19 ` [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references Steve Sakoman
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The previous minimially invasive git intercept simply isn't enough. For example,
meson used in the igt-gpu-tools recipe hardcodes the path to git in the configure
step so at install time, changing PATH has no effect.

There are lots of interesting things we could do to try and avoid problems but
making the git intercept and dropping fakeroot privs for git global is probably
the least worst solution at this point. It will add slight overhead to git calls
but we don't make many so the overall impact is likely minimal.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af27c81eaf68ee681dcd9456a74cca6a9ab40bf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/{git-intercept => }/git | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename scripts/{git-intercept => }/git (100%)

diff --git a/scripts/git-intercept/git b/scripts/git
similarity index 100%
rename from scripts/git-intercept/git
rename to scripts/git
-- 
2.25.1



^ permalink raw reply	[flat|nested] 15+ messages in thread

* [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references
  2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
                   ` (12 preceding siblings ...)
  2022-05-11 18:19 ` [OE-core][dunfell 13/14] scripts: Make git intercept global Steve Sakoman
@ 2022-05-11 18:19 ` Steve Sakoman
  13 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This is horrible but I'm running out of better ideas. We hit circular reference
issues which we were trying to avoid in the core HOSTTOOLS code. When building
the eSDK, there can be two copies of the script.

Therefore assume git will never be in a directory called scripts. This
fixes eSDK build failures.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27de610ac30d4c81352efc794df7e9b1060f7a68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/git | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/scripts/git b/scripts/git
index 8adf5c9ecb..644055e540 100755
--- a/scripts/git
+++ b/scripts/git
@@ -10,7 +10,14 @@ os.environ['PSEUDO_UNLOAD'] = '1'
 
 # calculate path to the real 'git'
 path = os.environ['PATH']
-path = path.replace(os.path.dirname(sys.argv[0]), '')
+# we need to remove our path but also any other copy of this script which
+# may be present, e.g. eSDK.
+replacements = [os.path.dirname(sys.argv[0])]
+for p in path.split(":"):
+    if p.endswith("/scripts"):
+        replacements.append(p)
+for r in replacements:
+    path = path.replace(r, '/ignoreme')
 real_git = shutil.which('git', path=path)
 
 if len(sys.argv) == 1:
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2022-05-11 18:20 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 08/14] cve-check: add JSON format to summary output Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 13/14] scripts: Make git intercept global Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references Steve Sakoman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.