* [OE-core][kirkstone 00/11] Patch review
@ 2023-01-12 2:33 Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 01/11] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace Steve Sakoman
` (10 more replies)
0 siblings, 11 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
Please review these patches for kirkstone and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4779
The following changes since commit 96d9b5ba9bdb394c2a0b67bf0067a01578178e50:
oeqa/concurrencytest: Add number of failures to summary output (2023-01-04 05:08:37 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (2):
libarchive: upgrade 3.6.1 -> 3.6.2
devtool: process local files only for the main branch
Changqing Li (1):
base.bbclass: Fix way to check ccache path
Hitendra Prajapati (1):
systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with
a long backtrace
Jose Quaresma (2):
Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change
test"
gstreamer1.0: Fix race conditions in gstbin tests
Luis (1):
rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
Martin Jansa (1):
systemd: backport another change from v252 to fix build with
CVE-2022-45873.patch
Narpat Mali (1):
ffmpeg: fix for CVE-2022-3109
Pavel Zhukov (1):
oeqa/rpm.py: Increase timeout and add debug output
Wang Mingyu (1):
bind: upgrade 9.18.9 -> 9.18.10
.../devtool/devtool-test-local/file3 | 1 +
.../devtool/devtool-test-local_6.03.bb | 3 +
.../devtool/devtool-test-localonly.bb | 3 +
.../devtool/devtool-test-localonly/file3 | 1 +
meta/classes/base.bbclass | 2 +-
meta/classes/rm_work.bbclass | 15 +-
meta/lib/oeqa/runtime/cases/rpm.py | 23 +-
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.9 => bind-9.18.10}/bind9 | 0
.../{bind-9.18.9 => bind-9.18.10}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.9.bb => bind_9.18.10.bb} | 2 +-
...w-json_variant_dump-to-return-an-err.patch | 60 ++++
.../systemd/systemd/CVE-2022-45873.patch | 124 ++++++++
meta/recipes-core/systemd/systemd_250.5.bb | 2 +
.../libarchive/CVE-2022-36227.patch | 42 ---
...ibarchive_3.6.1.bb => libarchive_3.6.2.bb} | 8 +-
...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
...005-bin-Fix-race-conditions-in-tests.patch | 300 ++++++++++++++++++
...bin-test_watch_for_state_change-test.patch | 107 -------
.../gstreamer/gstreamer1.0_1.20.5.bb | 2 +-
scripts/lib/devtool/standard.py | 38 ++-
28 files changed, 590 insertions(+), 190 deletions(-)
create mode 100644 meta-selftest/recipes-test/devtool/devtool-test-local/file3
create mode 100644 meta-selftest/recipes-test/devtool/devtool-test-localonly/file3
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.9.bb => bind_9.18.10.bb} (97%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
delete mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2022-36227.patch
rename meta/recipes-extended/libarchive/{libarchive_3.6.1.bb => libarchive_3.6.2.bb} (92%)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 01/11] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 02/11] systemd: backport another change from v252 to fix build with CVE-2022-45873.patch Steve Sakoman
` (9 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../systemd/systemd/CVE-2022-45873.patch | 124 ++++++++++++++++++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
2 files changed, 125 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch b/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
new file mode 100644
index 0000000000..94bd22ca43
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
@@ -0,0 +1,124 @@
+From 076b807be472630692c5348c60d0c2b7b28ad437 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 18 Oct 2022 18:23:53 +0200
+Subject: [PATCH] coredump: avoid deadlock when passing processed backtrace
+ data
+
+We would deadlock when passing the data back from the forked-off process that
+was doing backtrace generation back to the coredump parent. This is because we
+fork the child and wait for it to exit. The child tries to write too much data
+to the output pipe, and and after the first 64k blocks on the parent because
+the pipe is full. The bug surfaced in Fedora because of a combination of four
+factors:
+- 87707784c70dc9894ec613df0a6e75e732a362a3 was backported to v251.5, which
+ allowed coredump processing to be successful.
+- 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a was NOT backported, so the output
+ was very verbose.
+- Fedora has the ELF package metadata available, so a lot of output can be
+ generated. Most other distros just don't have the information.
+- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
+ are generated for it.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.
+
+The code is changed to try to write data opportunistically. If we get partial
+information, that is still logged. In is generally better to log partial
+backtrace information than nothing at all.
+
+Upstream-Status: Backport [https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437]
+CVE: CVE-2022-45873
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/shared/elf-util.c | 37 +++++++++++++++++++++++++++++++------
+ 1 file changed, 31 insertions(+), 6 deletions(-)
+
+diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
+index 6d9fcfbbf2..bd27507346 100644
+--- a/src/shared/elf-util.c
++++ b/src/shared/elf-util.c
+@@ -30,6 +30,9 @@
+ #define THREADS_MAX 64
+ #define ELF_PACKAGE_METADATA_ID 0xcafe1a7e
+
++/* The amount of data we're willing to write to each of the output pipes. */
++#define COREDUMP_PIPE_MAX (1024*1024U)
++
+ static void *dw_dl = NULL;
+ static void *elf_dl = NULL;
+
+@@ -700,13 +703,13 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
+ return r;
+
+ if (ret) {
+- r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC));
++ r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC|O_NONBLOCK));
+ if (r < 0)
+ return r;
+ }
+
+ if (ret_package_metadata) {
+- r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC));
++ r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC|O_NONBLOCK));
+ if (r < 0)
+ return r;
+ }
+@@ -750,8 +753,24 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
+ goto child_fail;
+
+ if (buf) {
+- r = loop_write(return_pipe[1], buf, strlen(buf), false);
+- if (r < 0)
++ size_t len = strlen(buf);
++
++ if (len > COREDUMP_PIPE_MAX) {
++ /* This is iffy. A backtrace can be a few hundred kilobytes, but too much is
++ * too much. Let's log a warning and ignore the rest. */
++ log_warning("Generated backtrace is %zu bytes (more than the limit of %u bytes), backtrace will be truncated.",
++ len, COREDUMP_PIPE_MAX);
++ len = COREDUMP_PIPE_MAX;
++ }
++
++ /* Bump the space for the returned string.
++ * Failure is ignored, because partial output is still useful. */
++ (void) fcntl(return_pipe[1], F_SETPIPE_SZ, len);
++
++ r = loop_write(return_pipe[1], buf, len, false);
++ if (r == -EAGAIN)
++ log_warning("Write failed, backtrace will be truncated.");
++ else if (r < 0)
+ goto child_fail;
+
+ return_pipe[1] = safe_close(return_pipe[1]);
+@@ -760,13 +779,19 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
+ if (package_metadata) {
+ _cleanup_fclose_ FILE *json_out = NULL;
+
++ /* Bump the space for the returned string. We don't know how much space we'll need in
++ * advance, so we'll just try to write as much as possible and maybe fail later. */
++ (void) fcntl(json_pipe[1], F_SETPIPE_SZ, COREDUMP_PIPE_MAX);
++
+ json_out = take_fdopen(&json_pipe[1], "w");
+ if (!json_out) {
+ r = -errno;
+ goto child_fail;
+ }
+
+- json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
++ r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
++ if (r < 0)
++ log_warning_errno(r, "Failed to write JSON package metadata, ignoring: %m");
+ }
+
+ _exit(EXIT_SUCCESS);
+@@ -801,7 +826,7 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
+
+ r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL);
+ if (r < 0 && r != -EINVAL) /* EINVAL: json was empty, so we got nothing, but that's ok */
+- return r;
++ log_warning_errno(r, "Failed to read or parse json metadata, ignoring: %m");
+ }
+
+ if (ret)
+--
+2.25.1
+
diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb
index ab349b7307..acca49c3cb 100644
--- a/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/meta/recipes-core/systemd/systemd_250.5.bb
@@ -26,6 +26,7 @@ SRC_URI += "file://touchscreen.rules \
file://0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \
file://0001-resolve-Use-sockaddr-pointer-type-for-bind.patch \
file://CVE-2022-3821.patch \
+ file://CVE-2022-45873.patch \
"
# patches needed by musl
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 02/11] systemd: backport another change from v252 to fix build with CVE-2022-45873.patch
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 01/11] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109 Steve Sakoman
` (8 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
* CVE-2022-45873.patch was backported from systemd/main, but it doesn't
build without another change from v252 when elfutils PACKAGECONFIG is
enabled.
* fixes:
| ../git/src/shared/elf-util.c: In function 'parse_elf_object':
| ../git/src/shared/elf-util.c:792:27: error: void value not ignored as it ought to be
| 792 | r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
| | ^
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...w-json_variant_dump-to-return-an-err.patch | 60 +++++++++++++++++++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
diff --git a/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch b/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
new file mode 100644
index 0000000000..b23b735507
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
@@ -0,0 +1,60 @@
+From 25492154b42f68a48752a7f61eaf1fb61e454e52 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 18 Oct 2022 18:09:06 +0200
+Subject: [PATCH] shared/json: allow json_variant_dump() to return an error
+
+Upstream-Status: Backport [https://github.com/systemd/systemd/commit/7922ead507e0d83e4ec72a8cbd2b67194766e58c]
+
+Needed to fix CVE-2022-45873.patch backported from systemd/main,
+otherwise it fails to build with:
+
+| ../git/src/shared/elf-util.c: In function 'parse_elf_object':
+| ../git/src/shared/elf-util.c:792:27: error: void value not ignored as it ought to be
+| 792 | r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
+| | ^
+
+Signed-off-by: Martin Jansa <martin2.jansa@lgepartner.com>
+---
+ src/shared/json.c | 7 ++++---
+ src/shared/json.h | 2 +-
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/shared/json.c b/src/shared/json.c
+index dff95eda26..81c05efe22 100644
+--- a/src/shared/json.c
++++ b/src/shared/json.c
+@@ -1792,9 +1792,9 @@ int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret) {
+ return (int) sz - 1;
+ }
+
+-void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
++int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
+ if (!v)
+- return;
++ return 0;
+
+ if (!f)
+ f = stdout;
+@@ -1820,7 +1820,8 @@ void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const cha
+ fputc('\n', f); /* In case of SSE add a second newline */
+
+ if (flags & JSON_FORMAT_FLUSH)
+- fflush(f);
++ return fflush_and_check(f);
++ return 0;
+ }
+
+ int json_variant_filter(JsonVariant **v, char **to_remove) {
+diff --git a/src/shared/json.h b/src/shared/json.h
+index 8760354b66..c712700763 100644
+--- a/src/shared/json.h
++++ b/src/shared/json.h
+@@ -187,7 +187,7 @@ typedef enum JsonFormatFlags {
+ } JsonFormatFlags;
+
+ int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret);
+-void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
++int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
+
+ int json_variant_filter(JsonVariant **v, char **to_remove);
+
diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb
index acca49c3cb..7df7bca4cc 100644
--- a/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/meta/recipes-core/systemd/systemd_250.5.bb
@@ -27,6 +27,7 @@ SRC_URI += "file://touchscreen.rules \
file://0001-resolve-Use-sockaddr-pointer-type-for-bind.patch \
file://CVE-2022-3821.patch \
file://CVE-2022-45873.patch \
+ file://0001-shared-json-allow-json_variant_dump-to-return-an-err.patch \
"
# patches needed by musl
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 01/11] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 02/11] systemd: backport another change from v252 to fix build with CVE-2022-45873.patch Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-16 12:00 ` Martin Jansa
2023-01-12 2:33 ` [OE-core][kirkstone 04/11] libarchive: upgrade 3.6.1 -> 3.6.2 Steve Sakoman
` (7 subsequent siblings)
10 siblings, 1 reply; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Narpat Mali <narpat.mali@windriver.com>
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of
the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
CVE: CVE-2022-3109
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
2 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
new file mode 100644
index 0000000000..94858a6cdd
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
@@ -0,0 +1,44 @@
+From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Tue, 15 Feb 2022 17:58:08 +0800
+Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
+
+Since the av_malloc() may fail and return NULL pointer,
+it is needed that the 's->edge_emu_buffer' should be checked
+whether the new allocation is success.
+
+Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
+Reviewed-by: Peter Ross <pross@xvid.org>
+Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+
+CVE: CVE-2022-3109
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ libavcodec/vp3.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
+index e9ab54d736..e2418eb6fa 100644
+--- a/libavcodec/vp3.c
++++ b/libavcodec/vp3.c
+@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
+ AV_GET_BUFFER_FLAG_REF)) < 0)
+ goto error;
+
+- if (!s->edge_emu_buffer)
++ if (!s->edge_emu_buffer) {
+ s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
++ if (!s->edge_emu_buffer) {
++ ret = AVERROR(ENOMEM);
++ goto error;
++ }
++ }
+
+ if (s->keyframe) {
+ if (!s->theora) {
+--
+2.34.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 95b4bf50ac..c5bebe9c2d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
- "
+ file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
+ "
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 04/11] libarchive: upgrade 3.6.1 -> 3.6.2
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109 Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 05/11] bind: upgrade 9.18.9 -> 9.18.10 Steve Sakoman
` (6 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Libarchive 3.6.2 is a bugfix and security release.
Important security fixes:
NULL pointer dereference vulnerability in archive_write.c (#1754, #1759, CVE-2022-36227)
Important bug fixes:
include ZSTD in Windows builds (#1688)
SSL fixes on Windows (#1714, #1723, #1724)
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Use --without-iconv as otherwise autotools write a bogus iconv
dependency into .pc file.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edce1bce81fe2f47fb2c5e2b94ebda73f95cbaea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 93b972845a28b62ea01ee0f4a1e043bd58fc0892)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libarchive/CVE-2022-36227.patch | 42 -------------------
...ibarchive_3.6.1.bb => libarchive_3.6.2.bb} | 8 ++--
2 files changed, 3 insertions(+), 47 deletions(-)
delete mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2022-36227.patch
rename meta/recipes-extended/libarchive/{libarchive_3.6.1.bb => libarchive_3.6.2.bb} (92%)
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2022-36227.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2022-36227.patch
deleted file mode 100644
index d0d143710c..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2022-36227.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From b5332ed6d59ba5113a0a2c67fd82b69fcd5cde68 Mon Sep 17 00:00:00 2001
-From: obiwac <obiwac@gmail.com>
-Date: Fri, 22 Jul 2022 22:41:10 +0200
-Subject: [PATCH] libarchive: CVE-2022-36227 Handle a `calloc` returning NULL
- (fixes #1754)
-
-Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5]
-CVE: CVE-2022-36227
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com
----
- libarchive/archive_write.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
-index 66592e8..27626b5 100644
---- a/libarchive/archive_write.c
-+++ b/libarchive/archive_write.c
-@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
- struct archive_write_filter *f;
-
- f = calloc(1, sizeof(*f));
-+
-+ if (f == NULL)
-+ return (NULL);
-+
- f->archive = _a;
- f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
- if (a->filter_first == NULL)
-@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
- a->client_data = client_data;
-
- client_filter = __archive_write_allocate_filter(_a);
-+
-+ if (client_filter == NULL)
-+ return (ARCHIVE_FATAL);
-+
- client_filter->open = archive_write_client_open;
- client_filter->write = archive_write_client_write;
- client_filter->close = archive_write_client_close;
---
-2.25.1
-
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
similarity index 92%
rename from meta/recipes-extended/libarchive/libarchive_3.6.1.bb
rename to meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index df9df5e0a6..acc84de9da 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -30,14 +30,12 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4,"
PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
-EXTRA_OECONF += "--enable-largefile"
+EXTRA_OECONF += "--enable-largefile --without-iconv"
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
- file://CVE-2022-36227.patch \
- "
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
-SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2"
+SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3"
inherit autotools update-alternatives pkgconfig
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 05/11] bind: upgrade 9.18.9 -> 9.18.10
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 04/11] libarchive: upgrade 3.6.1 -> 3.6.2 Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 06/11] base.bbclass: Fix way to check ccache path Steve Sakoman
` (5 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
==========
The key file IO locks objects would never get deleted from the hashtable due to
off-by-one error.
ANY responses could sometimes have the wrong TTL.
Speed up the named shutdown time by explicitly canceling all recursing ns_client
objects for
Removing a catalog zone from catalog-zones without also removing the referenced
zone could leave a dangling pointer. [GL #3683]
nslookup and host were not honoring the selected port in TCP mode. [GL #3721]
Deprecate alt-transfer-source, alt-transfer-source-v6 and
use-alt-transfer-source. [GL #3694]
Move the "final reference detached" log message from dns_zone unit to the
DEBUG(1) log level.
Fix assertion failure in isc_http API used by statschannel if the read callback
would be called on HTTP request that has been already closed.
Deduplicate time unit conversion factors.
Copy TLS identifier when setting up primaries for catalog member zones.
Deprecate 'auto-dnssec'. [GL #3667]
The decompression implementation in dns_name_fromwire() is now smaller and
faster. [GL #3655]
Use the current domain name when checking answers from a dual-stack-server.
Ensure 'named-checkconf -z' respects the check-wildcard option when loading a
zone. [GL #1905]
Deprecate 'coresize', 'datasize', 'files', and 'stacksize' named.conf options.
The view's zone table was not locked when it should have been leading to race
conditions when external extensions that manipulate the zone table where in use.
Some browsers (Firefox) send more than 10 HTTP headers. Bump the number of
allowed HTTP headers to 100. [GL #3670]
NXDOMAIN cache records are no longer retained in the cache after expiry,
even when serve-stale is in use. [GL #3386]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c093c38e247b522f279f616d16373795a4cdf89)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 410d69c684ba4eb6dd279a40436043259f94b6b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.9 => bind-9.18.10}/bind9 | 0
.../bind/{bind-9.18.9 => bind-9.18.10}/conf.patch | 0
.../bind/{bind-9.18.9 => bind-9.18.10}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.9 => bind-9.18.10}/named.service | 0
.../bind/{bind_9.18.9.bb => bind_9.18.10.bb} | 2 +-
10 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.9 => bind-9.18.10}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.9.bb => bind_9.18.10.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.10/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.10/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.10/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.10/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/bind9 b/meta/recipes-connectivity/bind/bind-9.18.10/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.10/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.10/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.10/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.10/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.10/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.10/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.10/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.10/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.10/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.9/named.service b/meta/recipes-connectivity/bind/bind-9.18.10/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.9/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.10/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.9.bb b/meta/recipes-connectivity/bind/bind_9.18.10.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.9.bb
rename to meta/recipes-connectivity/bind/bind_9.18.10.bb
index b95b900069..2432131f5c 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.9.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.10.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "6a9665998d568604460df0918fc8ccfad7d29388d4d842560c056cc211cbb243"
+SRC_URI[sha256sum] = "f415a92feb62568b50854a063cb231e257351f8672186d0ab031a49b3de2cac6"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 06/11] base.bbclass: Fix way to check ccache path
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 05/11] bind: upgrade 9.18.9 -> 9.18.10 Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 07/11] rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Steve Sakoman
` (4 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
The previous code had 2 issues:
1. make hosttools/ccache always link to host's ccache (/usr/bin/ccache)
even we have one buildtools
2. make hosttools/gcc etc, link to host's gcc event we have one
buildtools when keyword ccache in buildtools's path, eg:
/mnt/ccache/bin/buildtools
This patch is for fix above issues.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b7c81414cf252a7203d95703810a770184d7e4d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/base.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index cb9da78ab6..b15c5839b6 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -132,7 +132,7 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
# /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc)
# would return /usr/local/bin/ccache/gcc, but what we need is
# /usr/bin/gcc, this code can check and fix that.
- if "ccache" in srctool:
+ if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache':
srctool = bb.utils.which(path, tool, executable=True, direction=1)
if srctool:
os.symlink(srctool, desttool)
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 07/11] rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 06/11] base.bbclass: Fix way to check ccache path Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 08/11] oeqa/rpm.py: Increase timeout and add debug output Steve Sakoman
` (3 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Luis <luis.pinto.martins@gmail.com>
The do_rm_work() task is using the first available 'rm' binary
available in PATH to remove files and folders.
However, depending on the PATH setup and RECIPE_SYSROOT_NATIVE
contents, the function can be using the 'rm' binary available
in RECIPE_SYSROOT_NATIVE, a folder that will get removed.
This causes a sporadic race-condition when trying to access the
'rm' binary of a folder already deleted.
Solve this by exclusively using the HOSTTOOLS 'rm' binary, as
this folder will not get removed.
Signed-off-by: Luis Martins <luis.pinto.martins@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edcd9ad333bc4e504594e8af83e8cb7007d2e35c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/rm_work.bbclass | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index 8979714e62..f7ededff26 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -27,6 +27,13 @@ BB_SCHEDULER ?= "completion"
BB_TASK_IONICE_LEVEL:task-rm_work = "3.0"
do_rm_work () {
+ # Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH
+ # Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function
+ RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)"
+ if [ -z "${RM_BIN}" ]; then
+ bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data."
+ fi
+
# If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe.
for p in ${RM_WORK_EXCLUDE}; do
if [ "$p" = "${PN}" ]; then
@@ -73,7 +80,7 @@ do_rm_work () {
# sstate version since otherwise we'd need to leave 'plaindirs' around
# such as 'packages' and 'packages-split' and these can be large. No end
# of chain tasks depend directly on do_package anymore.
- rm -f -- $i;
+ "${RM_BIN}" -f -- $i;
;;
*_setscene*)
# Skip stamps which are already setscene versions
@@ -90,7 +97,7 @@ do_rm_work () {
;;
esac
done
- rm -f -- $i
+ "${RM_BIN}" -f -- $i
esac
done
@@ -100,9 +107,9 @@ do_rm_work () {
# Retain only logs and other files in temp, safely ignore
# failures of removing pseudo folers on NFS2/3 server.
if [ $dir = 'pseudo' ]; then
- rm -rf -- $dir 2> /dev/null || true
+ "${RM_BIN}" -rf -- $dir 2> /dev/null || true
elif ! echo "$excludes" | grep -q -w "$dir"; then
- rm -rf -- $dir
+ "${RM_BIN}" -rf -- $dir
fi
done
}
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 08/11] oeqa/rpm.py: Increase timeout and add debug output
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 07/11] rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 09/11] Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" Steve Sakoman
` (2 subsequent siblings)
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Pavel Zhukov <pavel@zhukoff.net>
[Yocto #14346]
Systemd may be slow in killing pam session sometimes [1][2]. It may cause rpm
test to fail because there's process (sd_pam) running and own by "test1" user
after timeout.
Increasing timeout to 2 mins and assert earlier with debug output if
there's such process(es). If increasing of timeout doesn't help we may
want to force deletion of the user as [2] suggests.
[1] https://github.com/systemd/systemd/issues/8598
[2] https://access.redhat.com/solutions/6969188
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 972fcc0ed1e0d36c3470071a9c667c5327c1ef78)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/runtime/cases/rpm.py | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/rpm.py b/meta/lib/oeqa/runtime/cases/rpm.py
index a4339116bf..5bdce3d522 100644
--- a/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/meta/lib/oeqa/runtime/cases/rpm.py
@@ -49,21 +49,20 @@ class RpmBasicTest(OERuntimeTestCase):
msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output)
self.assertEqual(status, 0, msg=msg)
- def check_no_process_for_user(u):
- _, output = self.target.run(self.tc.target_cmds['ps'])
- if u + ' ' in output:
- return False
- else:
- return True
+ def wait_for_no_process_for_user(u, timeout = 120):
+ timeout_at = time.time() + timeout
+ while time.time() < timeout_at:
+ _, output = self.target.run(self.tc.target_cmds['ps'])
+ if u + ' ' not in output:
+ return
+ time.sleep(1)
+ user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
+ msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
+ assertTrue(True, msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
- timeout = time.time() + 30
- while time.time() < timeout:
- if check_no_process_for_user(u):
- break
- else:
- time.sleep(1)
+ wait_for_no_process_for_user(u)
status, output = self.target.run('userdel -r %s' % u)
msg = 'Failed to erase user: %s' % output
self.assertTrue(status == 0, msg=msg)
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 09/11] Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 08/11] oeqa/rpm.py: Increase timeout and add debug output Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 10/11] gstreamer1.0: Fix race conditions in gstbin tests Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 11/11] devtool: process local files only for the main branch Steve Sakoman
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
This reverts commit 220a527d269f146bdabd66040b5bee7de9e3fd3f.
- Drop this patch and use the upstream solution
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9660045d07a2b492ac48a1f1b08aa4288b45d64a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...bin-test_watch_for_state_change-test.patch | 107 ------------------
.../gstreamer/gstreamer1.0_1.20.5.bb | 1 -
2 files changed, 108 deletions(-)
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
deleted file mode 100644
index f51df6d20b..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From b935abba3d8fa3ea1ce384c08e650afd8c20b78a Mon Sep 17 00:00:00 2001
-From: Claudius Heine <ch@denx.de>
-Date: Wed, 2 Feb 2022 13:47:02 +0100
-Subject: [PATCH] tests: remove gstbin:test_watch_for_state_change testcase
-
-This testcase seems to be flaky, and upstream marked it as such:
-https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/778
-
-This patch removes the testcase to avoid it interfering with out ptest.
-
-Signed-off-by: Claudius Heine <ch@denx.de>
-
-Upstream-Status: Inappropriate [needs proper upstream fix]
----
- tests/check/gst/gstbin.c | 69 -------------------
- 1 file changed, 69 deletions(-)
-
-diff --git a/tests/check/gst/gstbin.c b/tests/check/gst/gstbin.c
-index e366d5fe20..ac29d81474 100644
---- a/tests/check/gst/gstbin.c
-+++ b/tests/check/gst/gstbin.c
-@@ -691,74 +691,6 @@ GST_START_TEST (test_message_state_changed_children)
-
- GST_END_TEST;
-
--GST_START_TEST (test_watch_for_state_change)
--{
-- GstElement *src, *sink, *bin;
-- GstBus *bus;
-- GstStateChangeReturn ret;
--
-- bin = gst_element_factory_make ("bin", NULL);
-- fail_unless (bin != NULL, "Could not create bin");
--
-- bus = g_object_new (gst_bus_get_type (), NULL);
-- gst_object_ref_sink (bus);
-- gst_element_set_bus (GST_ELEMENT_CAST (bin), bus);
--
-- src = gst_element_factory_make ("fakesrc", NULL);
-- fail_if (src == NULL, "Could not create fakesrc");
-- sink = gst_element_factory_make ("fakesink", NULL);
-- fail_if (sink == NULL, "Could not create fakesink");
--
-- gst_bin_add (GST_BIN (bin), sink);
-- gst_bin_add (GST_BIN (bin), src);
--
-- fail_unless (gst_element_link (src, sink), "could not link src and sink");
--
-- /* change state, spawning two times three messages */
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
-- fail_unless (ret == GST_STATE_CHANGE_ASYNC);
-- ret =
-- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL,
-- GST_CLOCK_TIME_NONE);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- pop_state_changed (bus, 6);
-- pop_async_done (bus);
-- pop_latency (bus);
--
-- fail_unless (gst_bus_have_pending (bus) == FALSE,
-- "Unexpected messages on bus");
--
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- pop_state_changed (bus, 3);
--
-- /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
-- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
--
-- pop_state_changed (bus, 3);
-- if (ret == GST_STATE_CHANGE_ASYNC) {
-- pop_async_done (bus);
-- pop_latency (bus);
-- }
--
-- fail_unless (gst_bus_have_pending (bus) == FALSE,
-- "Unexpected messages on bus");
--
-- gst_bus_set_flushing (bus, TRUE);
--
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_NULL);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- /* clean up */
-- gst_object_unref (bus);
-- gst_object_unref (bin);
--}
--
--GST_END_TEST;
--
- GST_START_TEST (test_state_change_error_message)
- {
- GstElement *src, *sink, *bin;
-@@ -1956,7 +1888,6 @@ gst_bin_suite (void)
- tcase_add_test (tc_chain, test_message_state_changed);
- tcase_add_test (tc_chain, test_message_state_changed_child);
- tcase_add_test (tc_chain, test_message_state_changed_children);
-- tcase_add_test (tc_chain, test_watch_for_state_change);
- tcase_add_test (tc_chain, test_state_change_error_message);
- tcase_add_test (tc_chain, test_add_linked);
- tcase_add_test (tc_chain, test_add_self);
---
-2.33.1
-
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
index bb4dba3861..5a96764780 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
@@ -21,7 +21,6 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \
file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
- file://0005-tests-remove-gstbin-test_watch_for_state_change-test.patch \
"
SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 10/11] gstreamer1.0: Fix race conditions in gstbin tests
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 09/11] Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 11/11] devtool: process local files only for the main branch Steve Sakoman
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b57df3fe9c1623ba2f5a9a0e11a85dcdc77e76a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...005-bin-Fix-race-conditions-in-tests.patch | 300 ++++++++++++++++++
.../gstreamer/gstreamer1.0_1.20.5.bb | 1 +
2 files changed, 301 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
new file mode 100644
index 0000000000..f1fac2df57
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
@@ -0,0 +1,300 @@
+From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 21 Jun 2022 11:51:35 +0300
+Subject: [PATCH] bin: Fix race conditions in tests
+
+The latency messages are non-deterministic and can arrive before/after
+async-done or during state-changes as they are posted by e.g. sinks from
+their streaming thread but bins are finishing asynchronous state changes
+from a secondary helper thread.
+
+To solve this, expect latency messages at any time and assert that we
+receive one at some point during the test.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643]
+Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
+---
+ .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------
+ 1 file changed, 92 insertions(+), 40 deletions(-)
+
+diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c
+index e366d5fe20f..88ff44db0c3 100644
+--- a/subprojects/gstreamer/tests/check/gst/gstbin.c
++++ b/subprojects/gstreamer/tests/check/gst/gstbin.c
+@@ -27,50 +27,95 @@
+ #include <gst/base/gstbasesrc.h>
+
+ static void
+-pop_async_done (GstBus * bus)
++pop_async_done (GstBus * bus, gboolean * had_latency)
+ {
+ GstMessage *message;
++ GstMessageType types = GST_MESSAGE_ASYNC_DONE;
++
++ if (!*had_latency)
++ types |= GST_MESSAGE_LATENCY;
+
+ GST_DEBUG ("popping async-done message");
+- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1);
+
+- fail_unless (message && GST_MESSAGE_TYPE (message)
+- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
++ do {
++ message = gst_bus_poll (bus, types, -1);
+
+- gst_message_unref (message);
+- GST_DEBUG ("popped message");
++ fail_unless (message);
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++
++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
++ fail_unless (*had_latency == FALSE);
++ *had_latency = TRUE;
++ gst_clear_message (&message);
++ types &= ~GST_MESSAGE_LATENCY;
++ continue;
++ }
++
++ fail_unless (GST_MESSAGE_TYPE (message)
++ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
++
++ gst_clear_message (&message);
++ break;
++ } while (TRUE);
+ }
+
+ static void
+-pop_latency (GstBus * bus)
++pop_latency (GstBus * bus, gboolean * had_latency)
+ {
+ GstMessage *message;
+
+- GST_DEBUG ("popping async-done message");
++ if (*had_latency)
++ return;
++
++ GST_DEBUG ("popping latency message");
+ message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1);
+
+- fail_unless (message && GST_MESSAGE_TYPE (message)
++ fail_unless (message);
++ fail_unless (GST_MESSAGE_TYPE (message)
+ == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY");
+
+- gst_message_unref (message);
+- GST_DEBUG ("popped message");
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++ gst_clear_message (&message);
++
++ *had_latency = TRUE;
+ }
+
+ static void
+-pop_state_changed (GstBus * bus, int count)
++pop_state_changed (GstBus * bus, int count, gboolean * had_latency)
+ {
+ GstMessage *message;
+-
++ GstMessageType types = GST_MESSAGE_STATE_CHANGED;
+ int i;
+
++ if (!*had_latency)
++ types |= GST_MESSAGE_LATENCY;
++
+ GST_DEBUG ("popping %d messages", count);
+ for (i = 0; i < count; ++i) {
+- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1);
+-
+- fail_unless (message && GST_MESSAGE_TYPE (message)
+- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED");
+-
+- gst_message_unref (message);
++ do {
++ message = gst_bus_poll (bus, types, -1);
++
++ fail_unless (message);
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++
++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
++ fail_unless (*had_latency == FALSE);
++ *had_latency = TRUE;
++ gst_clear_message (&message);
++ types &= ~GST_MESSAGE_LATENCY;
++ continue;
++ }
++
++ fail_unless (GST_MESSAGE_TYPE (message)
++ == GST_MESSAGE_STATE_CHANGED,
++ "did not get GST_MESSAGE_STATE_CHANGED");
++
++ gst_message_unref (message);
++ break;
++ } while (TRUE);
+ }
+ GST_DEBUG ("popped %d messages", count);
+ }
+@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children)
+ GstBus *bus;
+ GstStateChangeReturn ret;
+ GstState current, pending;
++ gboolean had_latency = FALSE;
+
+ pipeline = GST_PIPELINE (gst_pipeline_new (NULL));
+ fail_unless (pipeline != NULL, "Could not create pipeline");
+@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT (sink, "sink", 2);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ fail_if (gst_bus_have_pending (bus), "unexpected pending messages");
+
+ ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
+@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children)
+ * its state_change message */
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4);
+
+- pop_state_changed (bus, 3);
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_state_changed (bus, 3, &had_latency);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3);
+@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
+@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
+
+- pop_state_changed (bus, 6);
++ pop_state_changed (bus, 6, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT (src, "src", 1);
+@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change)
+ GstElement *src, *sink, *bin;
+ GstBus *bus;
+ GstStateChangeReturn ret;
++ gboolean had_latency = FALSE;
+
+ bin = gst_element_factory_make ("bin", NULL);
+ fail_unless (bin != NULL, "Could not create bin");
+@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change)
+ GST_CLOCK_TIME_NONE);
+ fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
+
+- pop_state_changed (bus, 6);
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_state_changed (bus, 6, &had_latency);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+
+ fail_unless (gst_bus_have_pending (bus) == FALSE,
+ "Unexpected messages on bus");
+@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change)
+ ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
+ fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+
++ had_latency = FALSE;
+ /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
+ ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
+ gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ if (ret == GST_STATE_CHANGE_ASYNC) {
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ }
+
+ fail_unless (gst_bus_have_pending (bus) == FALSE,
+@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ GstStateChangeReturn ret;
+ GstState current, pending;
+ GstBus *bus;
++ gboolean had_latency = FALSE;
+
+ pipeline = gst_pipeline_new (NULL);
+ fail_unless (pipeline != NULL, "Could not create pipeline");
+@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107);
+ #else
+
+- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
+ ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
+ 108);
+- pop_async_done (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ #endif
+ /* PAUSED => PLAYING */
+ GST_DEBUG ("popping PAUSED -> PLAYING messages");
+@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
+
+ /* TODO: do we need to check downwards state change order as well? */
+- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
+- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
+
+ while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
+ THREAD_SWITCH ();
+@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ GstStateChangeReturn ret;
+ GstState current, pending;
+ GstBus *bus;
++ gboolean had_latency = FALSE;
+
+ /* (2) Now again, but check other code path where we don't have
+ * a proper sink correctly flagged as such, but a 'semi-sink' */
+@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206);
+ ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207);
+ #else
+- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
+ ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
+ 208);
+- pop_async_done (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+
+ /* PAUSED => PLAYING */
+ GST_DEBUG ("popping PAUSED -> PLAYING messages");
+@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
+
+ /* TODO: do we need to check downwards state change order as well? */
+- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
+- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
+
+ GST_DEBUG ("waiting for pipeline to reach refcount 1");
+ while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
+--
+GitLab
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
index 5a96764780..ce9c1c116f 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
@@ -21,6 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \
file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
+ file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \
"
SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][kirkstone 11/11] devtool: process local files only for the main branch
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-01-12 2:33 ` [OE-core][kirkstone 10/11] gstreamer1.0: Fix race conditions in gstbin tests Steve Sakoman
@ 2023-01-12 2:33 ` Steve Sakoman
10 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-12 2:33 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
devtool modify/upgrade are not currently equipped to handle conditional local files
in SRC_URI, and provide only the main no-override set in a workspace under
source/component/oe-local-files/ (this is done via meta/classes/devtool-source.bbclass).
On the other hand, updating the changes from workspace into a recipe
is run iteratively against all overrides; this works for patches (as they
all are directed into their own override branches in the workspace
git source tree), but breaks down when trying to match local files
in a workspace against local files in overridden SRC_URI lists, resulting in
bad recipe breakage.
(there's an additional twist here: existing code has a guard against this
but the guard relies on metadata in workspace .bbappend that is only there
in modify operations, but not upgrades. This commit replaces the guard
with a general check that will work everywhere).
Implementing multiple sets of local files is significant work; let's for now
simply not touch local files in recipes except when on the no-override variant.
Also, adjust the selftest cases to include conditional local files in sample
recipes, so the situation is covered by the tests.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3a8654b860fa98f94e80c3c3fff359ffed14bbe7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../devtool/devtool-test-local/file3 | 1 +
.../devtool/devtool-test-local_6.03.bb | 3 ++
.../devtool/devtool-test-localonly.bb | 3 ++
.../devtool/devtool-test-localonly/file3 | 1 +
scripts/lib/devtool/standard.py | 38 +++++++++++--------
5 files changed, 30 insertions(+), 16 deletions(-)
create mode 100644 meta-selftest/recipes-test/devtool/devtool-test-local/file3
create mode 100644 meta-selftest/recipes-test/devtool/devtool-test-localonly/file3
diff --git a/meta-selftest/recipes-test/devtool/devtool-test-local/file3 b/meta-selftest/recipes-test/devtool/devtool-test-local/file3
new file mode 100644
index 0000000000..0f30e9eec4
--- /dev/null
+++ b/meta-selftest/recipes-test/devtool/devtool-test-local/file3
@@ -0,0 +1 @@
+The third file.
diff --git a/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb b/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb
index 463cfe0a7a..d0fd697978 100644
--- a/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb
@@ -7,9 +7,12 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/syslinux-${PV}.tar.x
file://file1 \
file://file2"
+SRC_URI:append:class-native = " file://file3"
+
SRC_URI[md5sum] = "92a253df9211e9c20172796ecf388f13"
SRC_URI[sha256sum] = "26d3986d2bea109d5dc0e4f8c4822a459276cf021125e8c9f23c3cca5d8c850e"
S = "${WORKDIR}/syslinux-${PV}"
EXCLUDE_FROM_WORLD = "1"
+BBCLASSEXTEND = "native"
diff --git a/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb b/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb
index 3f7123cda0..e767619879 100644
--- a/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb
@@ -4,4 +4,7 @@ INHIBIT_DEFAULT_DEPS = "1"
SRC_URI = "file://file1 \
file://file2"
+SRC_URI:append:class-native = " file://file3"
+
EXCLUDE_FROM_WORLD = "1"
+BBCLASSEXTEND = "native"
diff --git a/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3 b/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3
new file mode 100644
index 0000000000..0f30e9eec4
--- /dev/null
+++ b/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3
@@ -0,0 +1 @@
+The third file.
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 4bbf9dd5a5..e2a8335a62 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -1409,6 +1409,18 @@ def _export_local_files(srctree, rd, destdir, srctreebase):
updated = OrderedDict()
added = OrderedDict()
removed = OrderedDict()
+
+ # Get current branch and return early with empty lists
+ # if on one of the override branches
+ # (local files are provided only for the main branch and processing
+ # them against lists from recipe overrides will result in mismatches
+ # and broken modifications to recipes).
+ stdout, _ = bb.process.run('git rev-parse --abbrev-ref HEAD',
+ cwd=srctree)
+ branchname = stdout.rstrip()
+ if branchname.startswith(override_branch_prefix):
+ return (updated, added, removed)
+
local_files_dir = os.path.join(srctreebase, 'oe-local-files')
git_files = _git_ls_tree(srctree)
if 'oe-local-files' in git_files:
@@ -1638,31 +1650,25 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil
tempdir = tempfile.mkdtemp(prefix='devtool')
try:
local_files_dir = tempfile.mkdtemp(dir=tempdir)
- if filter_patches:
- upd_f = {}
- new_f = {}
- del_f = {}
- else:
- upd_f, new_f, del_f = _export_local_files(srctree, rd, local_files_dir, srctreebase)
-
- remove_files = []
- if not no_remove:
- # Get all patches from source tree and check if any should be removed
- all_patches_dir = tempfile.mkdtemp(dir=tempdir)
- _, _, del_p = _export_patches(srctree, rd, initial_rev,
- all_patches_dir)
- # Remove deleted local files and patches
- remove_files = list(del_f.values()) + list(del_p.values())
+ upd_f, new_f, del_f = _export_local_files(srctree, rd, local_files_dir, srctreebase)
# Get updated patches from source tree
patches_dir = tempfile.mkdtemp(dir=tempdir)
upd_p, new_p, _ = _export_patches(srctree, rd, update_rev,
patches_dir, changed_revs)
+ # Get all patches from source tree and check if any should be removed
+ all_patches_dir = tempfile.mkdtemp(dir=tempdir)
+ _, _, del_p = _export_patches(srctree, rd, initial_rev,
+ all_patches_dir)
logger.debug('Pre-filtering: update: %s, new: %s' % (dict(upd_p), dict(new_p)))
if filter_patches:
new_p = OrderedDict()
upd_p = OrderedDict((k,v) for k,v in upd_p.items() if k in filter_patches)
- remove_files = [f for f in remove_files if f in filter_patches]
+ del_p = OrderedDict((k,v) for k,v in del_p.items() if k in filter_patches)
+ remove_files = []
+ if not no_remove:
+ # Remove deleted local files and patches
+ remove_files = list(del_f.values()) + list(del_p.values())
updatefiles = False
updaterecipe = False
destpath = None
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109
2023-01-12 2:33 ` [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109 Steve Sakoman
@ 2023-01-16 12:00 ` Martin Jansa
2023-01-16 14:32 ` Steve Sakoman
[not found] ` <173AD09A8D75CB5F.23170@lists.openembedded.org>
0 siblings, 2 replies; 16+ messages in thread
From: Martin Jansa @ 2023-01-16 12:00 UTC (permalink / raw)
To: Steve Sakoman, narpat.mali; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 4721 bytes --]
This patch doesn't apply cleanly on ffmpeg-5.0.1:
ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:
Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
patching file libavcodec/vp3.c
Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines).
The context lines in the patches can be updated with devtool:
devtool modify ffmpeg
devtool finish --force-patch-refresh ffmpeg <layer_path>
Don't forget to review changes done by devtool!
ERROR: ffmpeg-5.0.1-r0 do_patch: QA Issue: Patch log indicates that patches
do not apply cleanly. [patch-fuzz]
Narpat: Should I send a fix or will you handle that?
On Thu, Jan 12, 2023 at 3:33 AM Steve Sakoman <steve@sakoman.com> wrote:
> From: Narpat Mali <narpat.mali@windriver.com>
>
> An issue was discovered in the FFmpeg package, where vp3_decode_frame in
> libavcodec/vp3.c lacks check of
> the return value of av_malloc() and will cause a null pointer dereference,
> impacting availability.
>
> CVE: CVE-2022-3109
>
> Upstream-Status: Backport [
> https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
> ]
>
> Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> ...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++
> .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
> 2 files changed, 46 insertions(+), 1 deletion(-)
> create mode 100644
> meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
>
> diff --git
> a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> new file mode 100644
> index 0000000000..94858a6cdd
> --- /dev/null
> +++
> b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> @@ -0,0 +1,44 @@
> +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
> +From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> +Date: Tue, 15 Feb 2022 17:58:08 +0800
> +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
> +
> +Since the av_malloc() may fail and return NULL pointer,
> +it is needed that the 's->edge_emu_buffer' should be checked
> +whether the new allocation is success.
> +
> +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
> +Reviewed-by: Peter Ross <pross@xvid.org>
> +Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> +
> +CVE: CVE-2022-3109
> +
> +Upstream-Status: Backport [
> https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
> ]
> +
> +Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> +---
> + libavcodec/vp3.c | 7 ++++++-
> + 1 file changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
> +index e9ab54d736..e2418eb6fa 100644
> +--- a/libavcodec/vp3.c
> ++++ b/libavcodec/vp3.c
> +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
> + AV_GET_BUFFER_FLAG_REF)) < 0)
> + goto error;
> +
> +- if (!s->edge_emu_buffer)
> ++ if (!s->edge_emu_buffer) {
> + s->edge_emu_buffer = av_malloc(9 *
> FFABS(s->current_frame.f->linesize[0]));
> ++ if (!s->edge_emu_buffer) {
> ++ ret = AVERROR(ENOMEM);
> ++ goto error;
> ++ }
> ++ }
> +
> + if (s->keyframe) {
> + if (!s->theora) {
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> index 95b4bf50ac..c5bebe9c2d 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> @@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz
> \
>
> file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
>
> file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
>
> file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
> - "
> + file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
> + "
>
> SRC_URI[sha256sum] =
> "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#175776):
> https://lists.openembedded.org/g/openembedded-core/message/175776
> Mute This Topic: https://lists.openembedded.org/mt/96215555/3617156
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> Martin.Jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 7193 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109
2023-01-16 12:00 ` Martin Jansa
@ 2023-01-16 14:32 ` Steve Sakoman
2023-01-16 14:45 ` Martin Jansa
[not found] ` <173AD09A8D75CB5F.23170@lists.openembedded.org>
1 sibling, 1 reply; 16+ messages in thread
From: Steve Sakoman @ 2023-01-16 14:32 UTC (permalink / raw)
To: Martin Jansa; +Cc: narpat.mali, openembedded-core
On Mon, Jan 16, 2023 at 2:00 AM Martin Jansa <martin.jansa@gmail.com> wrote:
>
> This patch doesn't apply cleanly on ffmpeg-5.0.1:
Thanks for the review Martin.
Not sure why this didn't show up in my testing! But since Richard
hasn't taken the pull request yet I will remove this patch from the
current pull request and move it to my next set of patches (along with
your fix).
Thanks!
Steve
>
> ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:
>
> Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> patching file libavcodec/vp3.c
> Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines).
>
>
> The context lines in the patches can be updated with devtool:
>
> devtool modify ffmpeg
> devtool finish --force-patch-refresh ffmpeg <layer_path>
>
> Don't forget to review changes done by devtool!
>
> ERROR: ffmpeg-5.0.1-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]
>
> Narpat: Should I send a fix or will you handle that?
>
> On Thu, Jan 12, 2023 at 3:33 AM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> From: Narpat Mali <narpat.mali@windriver.com>
>>
>> An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of
>> the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
>>
>> CVE: CVE-2022-3109
>>
>> Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
>>
>> Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>> ...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++
>> .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
>> 2 files changed, 46 insertions(+), 1 deletion(-)
>> create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
>>
>> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
>> new file mode 100644
>> index 0000000000..94858a6cdd
>> --- /dev/null
>> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
>> @@ -0,0 +1,44 @@
>> +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
>> +From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
>> +Date: Tue, 15 Feb 2022 17:58:08 +0800
>> +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
>> +
>> +Since the av_malloc() may fail and return NULL pointer,
>> +it is needed that the 's->edge_emu_buffer' should be checked
>> +whether the new allocation is success.
>> +
>> +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
>> +Reviewed-by: Peter Ross <pross@xvid.org>
>> +Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
>> +
>> +CVE: CVE-2022-3109
>> +
>> +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
>> +
>> +Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
>> +---
>> + libavcodec/vp3.c | 7 ++++++-
>> + 1 file changed, 6 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
>> +index e9ab54d736..e2418eb6fa 100644
>> +--- a/libavcodec/vp3.c
>> ++++ b/libavcodec/vp3.c
>> +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
>> + AV_GET_BUFFER_FLAG_REF)) < 0)
>> + goto error;
>> +
>> +- if (!s->edge_emu_buffer)
>> ++ if (!s->edge_emu_buffer) {
>> + s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
>> ++ if (!s->edge_emu_buffer) {
>> ++ ret = AVERROR(ENOMEM);
>> ++ goto error;
>> ++ }
>> ++ }
>> +
>> + if (s->keyframe) {
>> + if (!s->theora) {
>> +--
>> +2.34.1
>> +
>> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
>> index 95b4bf50ac..c5bebe9c2d 100644
>> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
>> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
>> @@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
>> file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
>> file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
>> file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
>> - "
>> + file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
>> + "
>>
>> SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
>>
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#175776): https://lists.openembedded.org/g/openembedded-core/message/175776
>> Mute This Topic: https://lists.openembedded.org/mt/96215555/3617156
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [Martin.Jansa@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109
[not found] ` <173AD09A8D75CB5F.23170@lists.openembedded.org>
@ 2023-01-16 14:39 ` Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-01-16 14:39 UTC (permalink / raw)
To: steve; +Cc: Martin Jansa, narpat.mali, openembedded-core
On Mon, Jan 16, 2023 at 4:32 AM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> On Mon, Jan 16, 2023 at 2:00 AM Martin Jansa <martin.jansa@gmail.com> wrote:
> >
> > This patch doesn't apply cleanly on ffmpeg-5.0.1:
>
> Thanks for the review Martin.
>
> Not sure why this didn't show up in my testing! But since Richard
> hasn't taken the pull request yet I will remove this patch from the
> current pull request and move it to my next set of patches (along with
> your fix).
Sigh, clearly I haven't had enough coffee yet this morning -- Richard
has indeed already taken the pull request!
I'll put your fix patch in the next set of patches for kirkstone and
send a new pull request right after testing.
Steve
> >
> > ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:
> >
> > Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> > patching file libavcodec/vp3.c
> > Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines).
> >
> >
> > The context lines in the patches can be updated with devtool:
> >
> > devtool modify ffmpeg
> > devtool finish --force-patch-refresh ffmpeg <layer_path>
> >
> > Don't forget to review changes done by devtool!
> >
> > ERROR: ffmpeg-5.0.1-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]
> >
> > Narpat: Should I send a fix or will you handle that?
> >
> > On Thu, Jan 12, 2023 at 3:33 AM Steve Sakoman <steve@sakoman.com> wrote:
> >>
> >> From: Narpat Mali <narpat.mali@windriver.com>
> >>
> >> An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of
> >> the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
> >>
> >> CVE: CVE-2022-3109
> >>
> >> Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
> >>
> >> Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> >> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> >> ---
> >> ...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++
> >> .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
> >> 2 files changed, 46 insertions(+), 1 deletion(-)
> >> create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> >>
> >> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> >> new file mode 100644
> >> index 0000000000..94858a6cdd
> >> --- /dev/null
> >> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> >> @@ -0,0 +1,44 @@
> >> +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
> >> +From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> >> +Date: Tue, 15 Feb 2022 17:58:08 +0800
> >> +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
> >> +
> >> +Since the av_malloc() may fail and return NULL pointer,
> >> +it is needed that the 's->edge_emu_buffer' should be checked
> >> +whether the new allocation is success.
> >> +
> >> +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
> >> +Reviewed-by: Peter Ross <pross@xvid.org>
> >> +Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> >> +
> >> +CVE: CVE-2022-3109
> >> +
> >> +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
> >> +
> >> +Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> >> +---
> >> + libavcodec/vp3.c | 7 ++++++-
> >> + 1 file changed, 6 insertions(+), 1 deletion(-)
> >> +
> >> +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
> >> +index e9ab54d736..e2418eb6fa 100644
> >> +--- a/libavcodec/vp3.c
> >> ++++ b/libavcodec/vp3.c
> >> +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
> >> + AV_GET_BUFFER_FLAG_REF)) < 0)
> >> + goto error;
> >> +
> >> +- if (!s->edge_emu_buffer)
> >> ++ if (!s->edge_emu_buffer) {
> >> + s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
> >> ++ if (!s->edge_emu_buffer) {
> >> ++ ret = AVERROR(ENOMEM);
> >> ++ goto error;
> >> ++ }
> >> ++ }
> >> +
> >> + if (s->keyframe) {
> >> + if (!s->theora) {
> >> +--
> >> +2.34.1
> >> +
> >> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> >> index 95b4bf50ac..c5bebe9c2d 100644
> >> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> >> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> >> @@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
> >> file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
> >> file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
> >> file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
> >> - "
> >> + file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
> >> + "
> >>
> >> SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
> >>
> >> --
> >> 2.25.1
> >>
> >>
> >>
> >>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#175987): https://lists.openembedded.org/g/openembedded-core/message/175987
> Mute This Topic: https://lists.openembedded.org/mt/96215555/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109
2023-01-16 14:32 ` Steve Sakoman
@ 2023-01-16 14:45 ` Martin Jansa
0 siblings, 0 replies; 16+ messages in thread
From: Martin Jansa @ 2023-01-16 14:45 UTC (permalink / raw)
To: Steve Sakoman; +Cc: narpat.mali, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 6072 bytes --]
> Not sure why this didn't show up in my testing!
It's shown only when do_patch task is really executed and it doesn't cause
the do_patch to fail completely. So it's possible that you've built it once
with the warning/error shown and then the next time you were doing the
final test for kirkstone it was just re-using ffmpeg from sstate (without
the need to re-executed do_patch again).
Maybe we should consider this issue to be fatal for do_fetch when
patch-fuzz is in ERROR_QA (I even thought it was working like that at some
time).
Regards,
On Mon, Jan 16, 2023 at 3:32 PM Steve Sakoman <steve@sakoman.com> wrote:
> On Mon, Jan 16, 2023 at 2:00 AM Martin Jansa <martin.jansa@gmail.com>
> wrote:
> >
> > This patch doesn't apply cleanly on ffmpeg-5.0.1:
>
> Thanks for the review Martin.
>
> Not sure why this didn't show up in my testing! But since Richard
> hasn't taken the pull request yet I will remove this patch from the
> current pull request and move it to my next set of patches (along with
> your fix).
>
> Thanks!
>
> Steve
>
> >
> > ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:
> >
> > Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> > patching file libavcodec/vp3.c
> > Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines).
> >
> >
> > The context lines in the patches can be updated with devtool:
> >
> > devtool modify ffmpeg
> > devtool finish --force-patch-refresh ffmpeg <layer_path>
> >
> > Don't forget to review changes done by devtool!
> >
> > ERROR: ffmpeg-5.0.1-r0 do_patch: QA Issue: Patch log indicates that
> patches do not apply cleanly. [patch-fuzz]
> >
> > Narpat: Should I send a fix or will you handle that?
> >
> > On Thu, Jan 12, 2023 at 3:33 AM Steve Sakoman <steve@sakoman.com> wrote:
> >>
> >> From: Narpat Mali <narpat.mali@windriver.com>
> >>
> >> An issue was discovered in the FFmpeg package, where vp3_decode_frame
> in libavcodec/vp3.c lacks check of
> >> the return value of av_malloc() and will cause a null pointer
> dereference, impacting availability.
> >>
> >> CVE: CVE-2022-3109
> >>
> >> Upstream-Status: Backport [
> https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
> ]
> >>
> >> Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> >> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> >> ---
> >> ...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++
> >> .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
> >> 2 files changed, 46 insertions(+), 1 deletion(-)
> >> create mode 100644
> meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> >>
> >> diff --git
> a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> >> new file mode 100644
> >> index 0000000000..94858a6cdd
> >> --- /dev/null
> >> +++
> b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> >> @@ -0,0 +1,44 @@
> >> +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
> >> +From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> >> +Date: Tue, 15 Feb 2022 17:58:08 +0800
> >> +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
> >> +
> >> +Since the av_malloc() may fail and return NULL pointer,
> >> +it is needed that the 's->edge_emu_buffer' should be checked
> >> +whether the new allocation is success.
> >> +
> >> +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
> >> +Reviewed-by: Peter Ross <pross@xvid.org>
> >> +Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> >> +
> >> +CVE: CVE-2022-3109
> >> +
> >> +Upstream-Status: Backport [
> https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
> ]
> >> +
> >> +Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> >> +---
> >> + libavcodec/vp3.c | 7 ++++++-
> >> + 1 file changed, 6 insertions(+), 1 deletion(-)
> >> +
> >> +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
> >> +index e9ab54d736..e2418eb6fa 100644
> >> +--- a/libavcodec/vp3.c
> >> ++++ b/libavcodec/vp3.c
> >> +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext
> *avctx,
> >> + AV_GET_BUFFER_FLAG_REF)) < 0)
> >> + goto error;
> >> +
> >> +- if (!s->edge_emu_buffer)
> >> ++ if (!s->edge_emu_buffer) {
> >> + s->edge_emu_buffer = av_malloc(9 *
> FFABS(s->current_frame.f->linesize[0]));
> >> ++ if (!s->edge_emu_buffer) {
> >> ++ ret = AVERROR(ENOMEM);
> >> ++ goto error;
> >> ++ }
> >> ++ }
> >> +
> >> + if (s->keyframe) {
> >> + if (!s->theora) {
> >> +--
> >> +2.34.1
> >> +
> >> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> >> index 95b4bf50ac..c5bebe9c2d 100644
> >> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> >> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> >> @@ -26,7 +26,8 @@ SRC_URI = "
> https://www.ffmpeg.org/releases/${BP}.tar.xz \
> >>
> file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
> >>
> file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
> >>
> file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
> >> - "
> >> +
> file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
> >> + "
> >>
> >> SRC_URI[sha256sum] =
> "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
> >>
> >> --
> >> 2.25.1
> >>
> >>
> >> -=-=-=-=-=-=-=-=-=-=-=-
> >> Links: You receive all messages sent to this group.
> >> View/Reply Online (#175776):
> https://lists.openembedded.org/g/openembedded-core/message/175776
> >> Mute This Topic: https://lists.openembedded.org/mt/96215555/3617156
> >> Group Owner: openembedded-core+owner@lists.openembedded.org
> >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> Martin.Jansa@gmail.com]
> >> -=-=-=-=-=-=-=-=-=-=-=-
> >>
>
[-- Attachment #2: Type: text/html, Size: 9414 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2023-01-16 14:45 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-12 2:33 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 01/11] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 02/11] systemd: backport another change from v252 to fix build with CVE-2022-45873.patch Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109 Steve Sakoman
2023-01-16 12:00 ` Martin Jansa
2023-01-16 14:32 ` Steve Sakoman
2023-01-16 14:45 ` Martin Jansa
[not found] ` <173AD09A8D75CB5F.23170@lists.openembedded.org>
2023-01-16 14:39 ` Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 04/11] libarchive: upgrade 3.6.1 -> 3.6.2 Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 05/11] bind: upgrade 9.18.9 -> 9.18.10 Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 06/11] base.bbclass: Fix way to check ccache path Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 07/11] rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 08/11] oeqa/rpm.py: Increase timeout and add debug output Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 09/11] Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test" Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 10/11] gstreamer1.0: Fix race conditions in gstbin tests Steve Sakoman
2023-01-12 2:33 ` [OE-core][kirkstone 11/11] devtool: process local files only for the main branch Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.