* [hardknott][PATCH 0/7] Review request
@ 2021-08-15 15:56 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for hardknott. Two intermittent
and unrelated failures seen while testing - a valgrind ptest failure and
a bitbake timeout while running a oe-selftest.
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2434
Thanks,
Anuj
The following changes since commit 49868162a1a1d088fbaabeffcc2debcbfc17b026:
nettle: update 3.7.2 -> 3.7.3 (2021-08-09 10:19:38 +0800)
are available in the Git repository at:
git://push.openembedded.org/openembedded-core-contrib anujm/hardknott
Armin Kuster (1):
gnutls: Enable seccomp if FEATURE is set
Khem Raj (1):
gnutls: Point to staging area for finding seccomp libs and includes
Sakib Sajal (3):
qemu: fix CVE-2021-3582
qemu: fix CVE-2021-3607
qemu: fix CVE-2021-3608
Vinay Kumar (1):
glibc: Fix CVE-2021-35942
wangmy (1):
gnutls: upgrade 3.7.1 -> 3.7.2
.../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++
meta/recipes-core/glibc/glibc_2.33.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 3 ++
.../qemu/qemu/CVE-2021-3582.patch | 47 +++++++++++++++++++
.../qemu/qemu/CVE-2021-3607.patch | 43 +++++++++++++++++
.../qemu/qemu/CVE-2021-3608.patch | 43 +++++++++++++++++
.../{gnutls_3.7.1.bb => gnutls_3.7.2.bb} | 6 +--
7 files changed, 184 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
rename meta/recipes-support/gnutls/{gnutls_3.7.1.bb => gnutls_3.7.2.bb} (89%)
--
2.31.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582 Anuj Mittal
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: Vinay Kumar <vinay.m.engg@gmail.com>
Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
glibc-2.33 source.
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.33.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
new file mode 100644
index 0000000000..5cae1bc91c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
@@ -0,0 +1,44 @@
+From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Fri, 25 Jun 2021 15:02:47 +0200
+Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
+ 28011)
+
+Use strtoul instead of atoi so that overflow can be detected.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
+CVE: CVE-2021-35942
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ posix/wordexp-test.c | 1 +
+ posix/wordexp.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f93a546d7e..9df02dbbb3 100644
+--- a/posix/wordexp-test.c
++++ b/posix/wordexp-test.c
+@@ -183,6 +183,7 @@ struct test_case_struct
+ { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
+ { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
+ { 0, NULL, "", 0, 0, { NULL, }, IFS },
++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
+
+ /* Flags not already covered (testit() has special handling for these) */
+ { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index bcbe96e48d..1f3b09f721 100644
+--- a/posix/wordexp.c
++++ b/posix/wordexp.c
+@@ -1399,7 +1399,7 @@ envsubst:
+ /* Is it a numeric parameter? */
+ else if (isdigit (env[0]))
+ {
+- int n = atoi (env);
++ unsigned long n = strtoul (env, NULL, 10);
+
+ if (n >= __libc_argc)
+ /* Substitute NULL. */
+--
+2.17.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index bb35c50c98..7f516d2bbe 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -63,6 +63,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
file://CVE-2021-33574_1.patch \
file://CVE-2021-33574_2.patch \
+ file://CVE-2021-35942.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607 Anuj Mittal
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3582.patch | 47 +++++++++++++++++++
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index a22721004e..3cef5a2d7e 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -66,6 +66,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch \
file://CVE-2021-3527-1.patch \
file://CVE-2021-3527-2.patch \
+ file://CVE-2021-3582.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
new file mode 100644
index 0000000000..7a88e29384
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3582.patch
@@ -0,0 +1,47 @@
+From 284f191b4abad213aed04cb0458e1600fd18d7c4 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel@redhat.com>
+Date: Wed, 16 Jun 2021 14:06:00 +0300
+Subject: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device
+ (CVE-2021-3582)
+
+Ensure mremap boundaries not trusting the guest kernel to
+pass the correct buffer length.
+
+Fixes: CVE-2021-3582
+Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3582
+Upstream-Status: Backport [284f191b4abad213aed04cb0458e1600fd18d7c4]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
+index f59879e257..da7ddfa548 100644
+--- a/hw/rdma/vmw/pvrdma_cmd.c
++++ b/hw/rdma/vmw/pvrdma_cmd.c
+@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma,
+ return NULL;
+ }
+
++ length = ROUND_UP(length, TARGET_PAGE_SIZE);
++ if (nchunks * TARGET_PAGE_SIZE != length) {
++ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks,
++ (unsigned long)length);
++ return NULL;
++ }
++
+ dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE);
+ if (!dir) {
+ rdma_error_report("Failed to map to page directory");
+--
+2.25.1
+
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608 Anuj Mittal
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3607.patch | 43 +++++++++++++++++++
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 3cef5a2d7e..0849196650 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -67,6 +67,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-3527-1.patch \
file://CVE-2021-3527-2.patch \
file://CVE-2021-3582.patch \
+ file://CVE-2021-3607.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
new file mode 100644
index 0000000000..0547c74484
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3607.patch
@@ -0,0 +1,43 @@
+From 32e5703cfea07c91e6e84bcb0313f633bb146534 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Date: Wed, 30 Jun 2021 14:46:34 +0300
+Subject: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
+
+Check the guest passed a non zero page count
+for pvrdma device ring buffers.
+
+Fixes: CVE-2021-3607
+Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3607
+Upstream-Status: Backport [32e5703cfea07c91e6e84bcb0313f633bb146534]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_main.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
+index 84ae8024fc..7c0c3551a8 100644
+--- a/hw/rdma/vmw/pvrdma_main.c
++++ b/hw/rdma/vmw/pvrdma_main.c
+@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state,
+ uint64_t *dir, *tbl;
+ int rc = 0;
+
++ if (!num_pages) {
++ rdma_error_report("Ring pages count must be strictly positive");
++ return -EINVAL;
++ }
++
+ dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
+ if (!dir) {
+ rdma_error_report("Failed to map to page directory (ring %s)", name);
+--
+2.25.1
+
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
` (2 preceding siblings ...)
2021-08-15 15:56 ` [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set Anuj Mittal
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3608.patch | 43 +++++++++++++++++++
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 0849196650..c3eecea9d4 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -68,6 +68,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-3527-2.patch \
file://CVE-2021-3582.patch \
file://CVE-2021-3607.patch \
+ file://CVE-2021-3608.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
new file mode 100644
index 0000000000..22d68b025d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3608.patch
@@ -0,0 +1,43 @@
+From 66ae37d8cc313f89272e711174a846a229bcdbd3 Mon Sep 17 00:00:00 2001
+From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Date: Wed, 30 Jun 2021 14:52:46 +0300
+Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do not unmap uninitialized dma addresses.
+
+Fixes: CVE-2021-3608
+Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
+Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
+Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+
+CVE: CVE-2021-3608
+Upstream-Status: Backport [66ae37d8cc313f89272e711174a846a229bcdbd3]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/rdma/vmw/pvrdma_dev_ring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
+index 074ac59b84..42130667a7 100644
+--- a/hw/rdma/vmw/pvrdma_dev_ring.c
++++ b/hw/rdma/vmw/pvrdma_dev_ring.c
+@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev,
+ qatomic_set(&ring->ring_state->cons_head, 0);
+ */
+ ring->npages = npages;
+- ring->pages = g_malloc(npages * sizeof(void *));
++ ring->pages = g_malloc0(npages * sizeof(void *));
+
+ for (i = 0; i < npages; i++) {
+ if (!tbl[i]) {
+--
+2.25.1
+
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
` (3 preceding siblings ...)
2021-08-15 15:56 ` [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608 Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2 Anuj Mittal
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f2527b5567252c7da4fbd863e119c8114e6debcd)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-support/gnutls/gnutls_3.7.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
index 51d472c828..3e1958c969 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
@@ -27,7 +27,7 @@ SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
-PACKAGECONFIG ??= "libidn"
+PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}"
# You must also have CONFIG_SECCOMP enabled in the kernel for
# seccomp to work.
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
` (4 preceding siblings ...)
2021-08-15 15:56 ` [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2 Anuj Mittal
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
This ensures that if libseccomp is installed on build host then it does
not resort to use it.
Fixes
checking for libseccomp... (cached) yes
checking how to link with libseccomp... /usr/lib/libseccomp.so
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3751ac58720a500e3b749b2296922d7c82db49a1)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-support/gnutls/gnutls_3.7.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
index 3e1958c969..350d0a018b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
@@ -31,7 +31,7 @@ PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}"
# You must also have CONFIG_SECCOMP enabled in the kernel for
# seccomp to work.
-PACKAGECONFIG[seccomp] = "ac_cv_libseccomp=yes,ac_cv_libseccomp=no,libseccomp"
+PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp"
PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2"
PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
` (5 preceding siblings ...)
2021-08-15 15:56 ` [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes Anuj Mittal
@ 2021-08-15 15:56 ` Anuj Mittal
6 siblings, 0 replies; 8+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:56 UTC (permalink / raw)
To: openembedded-core
From: wangmy <wangmy@fujitsu.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3593a4c47d5e8faccb27c7cd975f18f90b9cd86f)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../recipes-support/gnutls/{gnutls_3.7.1.bb => gnutls_3.7.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/gnutls/{gnutls_3.7.1.bb => gnutls_3.7.2.bb} (96%)
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.2.bb
similarity index 96%
rename from meta/recipes-support/gnutls/gnutls_3.7.1.bb
rename to meta/recipes-support/gnutls/gnutls_3.7.2.bb
index 350d0a018b..430d1f2d7d 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.2.bb
@@ -23,7 +23,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://arm_eabi.patch \
"
-SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f"
+SRC_URI[sha256sum] = "646e6c5a9a185faa4cea796d378a1ba8e1148dbb197ca6605f95986a25af2752"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-08-15 15:57 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-15 15:56 [hardknott][PATCH 0/7] Review request Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 1/7] glibc: Fix CVE-2021-35942 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 2/7] qemu: fix CVE-2021-3582 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 3/7] qemu: fix CVE-2021-3607 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 4/7] qemu: fix CVE-2021-3608 Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 5/7] gnutls: Enable seccomp if FEATURE is set Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 6/7] gnutls: Point to staging area for finding seccomp libs and includes Anuj Mittal
2021-08-15 15:56 ` [hardknott][PATCH 7/7] gnutls: upgrade 3.7.1 -> 3.7.2 Anuj Mittal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.