[OE-core][dunfell 0/9] Patch review

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2570

The following changes since commit fcc609d3bafef2f63039dc54c0fd0eaf062710a1:

  rt-tests: set branch name in SRC_URI (2021-09-08 04:50:47 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Armin Kuster (2):
  xserver-xorg: Security fix for CVE-2020-14360/-25712
  go: Several Security fixes

Ovidiu Panait (2):
  dbus-test: Remove EXTRA_OECONF_X configs
  dbus,dbus-test: Move common parts to dbus.inc

Richard Purdie (2):
  flex: Add CVE-2019-6293 to exclusions for checks
  go: Exclude CVE-2021-29923 from report list

Wang Mingyu (3):
  dbus: upgrade 1.12.16 -> 1.12.18
  dbus-test: upgrade 1.12.16 -> 1.12.18
  dbus: upgrade 1.12.18 -> 1.12.20

 .../distro/include/cve-extra-exclusions.inc   |   4 -
 ...s-test_1.12.16.bb => dbus-test_1.12.20.bb} |  42 +----
 meta/recipes-core/dbus/dbus.inc               |  34 ++++
 .../dbus/dbus/CVE-2020-12049.patch            |  78 ---------
 .../dbus/{dbus_1.12.16.bb => dbus_1.12.20.bb} |  40 +----
 meta/recipes-devtools/flex/flex_2.6.4.bb      |   5 +
 meta/recipes-devtools/go/go-1.14.inc          |   9 ++
 .../go/go-1.14/CVE-2021-33196.patch           | 124 ++++++++++++++
 .../go/go-1.14/CVE-2021-33197.patch           | 152 ++++++++++++++++++
 .../go/go-1.14/CVE-2021-34558.patch           |  51 ++++++
 .../xserver-xorg/CVE-2020-14360.patch         | 132 +++++++++++++++
 .../xserver-xorg/CVE-2020-25712.patch         | 102 ++++++++++++
 .../xorg-xserver/xserver-xorg_1.20.8.bb       |   2 +
 13 files changed, 624 insertions(+), 151 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.20.bb} (51%)
 create mode 100644 meta/recipes-core/dbus/dbus.inc
 delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
 rename meta/recipes-core/dbus/{dbus_1.12.16.bb => dbus_1.12.20.bb} (75%)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch

-- 
2.25.1

[OE-core][dunfell 1/9] dbus: upgrade 1.12.16 -> 1.12.18

[Steve Sakoman]

From: Wang Mingyu <wangmy@cn.fujitsu.com>

(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028)
[Bug fix only update, drop cve patch now included

a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18
8bc1381819 fdpass test: Assert that we don't leak file descriptors
272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix
31297172f1 Update NEWS
041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container
55b3f71376 Update NEWS
ced04aabc7 doxygen: fix example for dbus_message_append_args
3e40637b10 Update NEWS
3e0ea34966 cmake: Add X11 include path for tools
d0992805d7 doc: replace dbus-send's --address with --peer and --bus
dd32f6b617 Update NEWS
d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12'
2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors
df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12'
beb79b94fb doc: Fix environment variable name in dbus-daemon(1)
eab5d4a420 Start 1.12.18 development]
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dbus/dbus/CVE-2020-12049.patch            | 78 -------------------
 .../dbus/{dbus_1.12.16.bb => dbus_1.12.18.bb} |  5 +-
 2 files changed, 2 insertions(+), 81 deletions(-)
 delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
 rename meta/recipes-core/dbus/{dbus_1.12.16.bb => dbus_1.12.18.bb} (97%)

diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
deleted file mode 100644
index ac7a4b7a71..0000000000
--- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@collabora.com>
-Date: Thu, 16 Apr 2020 14:45:11 +0100
-Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
-
-MSG_CTRUNC indicates that we have received fewer fds that we should
-have done because the buffer was too small, but we were treating it
-as though it indicated that we received *no* fds. If we received any,
-we still have to make sure we close them, otherwise they will be leaked.
-
-On the system bus, if an attacker can induce us to leak fds in this
-way, that's a local denial of service via resource exhaustion.
-
-Reported-by: Kevin Backhouse, GitHub Security Lab
-Fixes: dbus#294
-Fixes: CVE-2020-12049
-Fixes: GHSL-2020-057
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
-CVE: CVE-2020-12049
-Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
----
- dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
- 1 file changed, 20 insertions(+), 12 deletions(-)
-
-diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
-index b5fc2466..b176dae1 100644
---- a/dbus/dbus-sysdeps-unix.c
-+++ b/dbus/dbus-sysdeps-unix.c
-@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket        fd,
-       struct cmsghdr *cm;
-       dbus_bool_t found = FALSE;
- 
--      if (m.msg_flags & MSG_CTRUNC)
--        {
--          /* Hmm, apparently the control data was truncated. The bad
--             thing is that we might have completely lost a couple of fds
--             without chance to recover them. Hence let's treat this as a
--             serious error. */
--
--          errno = ENOSPC;
--          _dbus_string_set_length (buffer, start);
--          return -1;
--        }
--
-       for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
-         if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
-           {
-@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket        fd,
-       if (!found)
-         *n_fds = 0;
- 
-+      if (m.msg_flags & MSG_CTRUNC)
-+        {
-+          unsigned int i;
-+
-+          /* Hmm, apparently the control data was truncated. The bad
-+             thing is that we might have completely lost a couple of fds
-+             without chance to recover them. Hence let's treat this as a
-+             serious error. */
-+
-+          /* We still need to close whatever fds we *did* receive,
-+           * otherwise they'll never get closed. (CVE-2020-12049) */
-+          for (i = 0; i < *n_fds; i++)
-+            close (fds[i]);
-+
-+          *n_fds = 0;
-+          errno = ENOSPC;
-+          _dbus_string_set_length (buffer, start);
-+          return -1;
-+        }
-+
-       /* put length back (doesn't actually realloc) */
-       _dbus_string_set_length (buffer, start + bytes_read);
- 
--- 
-2.25.1
-
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb
similarity index 97%
rename from meta/recipes-core/dbus/dbus_1.12.16.bb
rename to meta/recipes-core/dbus/dbus_1.12.18.bb
index 10d1b34448..2fcb3079ad 100644
--- a/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.18.bb
@@ -16,11 +16,10 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
            file://tmpdir.patch \
            file://dbus-1.init \
            file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-           file://CVE-2020-12049.patch \
 "
 
-SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
-SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
 
 inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
 
-- 
2.25.1

[OE-core][dunfell 2/9] dbus-test: upgrade 1.12.16 -> 1.12.18

[Steve Sakoman]

From: Wang Mingyu <wangmy@cn.fujitsu.com>

(From OE-Core rev: 839695e0c1b0c0fcfbb924c2b174c4a638067a32)

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5cbf053481642a820b9f4c6bed9ac79246719087)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.18.bb}       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.18.bb} (95%)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.16.bb b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
similarity index 95%
rename from meta/recipes-core/dbus/dbus-test_1.12.16.bb
rename to meta/recipes-core/dbus/dbus-test_1.12.18.bb
index bea0e74ed0..0063dcce67 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -16,8 +16,8 @@ SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
            file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
            "
 
-SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
-SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
 
 S="${WORKDIR}/dbus-${PV}"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
-- 
2.25.1

[OE-core][dunfell 3/9] dbus-test: Remove EXTRA_OECONF_X configs

[Steve Sakoman]

From: Ovidiu Panait <ovidiu.panait@windriver.com>

X specific configs are already handled through PACKAGECONFIG:
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
...
PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x
                      --disable-x11-autolaunch, virtual/libx11 libsm"

Remove duplicated EXTRA_OECONF_X args.

(From OE-Core rev: 7dc107b05a29f8a3e8903d73f84ef8069f68af6f)

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 036e3436e51a44de3fc9b4b8e5b1ff149e3aaa9d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/dbus/dbus-test_1.12.18.bb | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 0063dcce67..68fcdc847f 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -24,9 +24,6 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
 
 inherit autotools pkgconfig gettext ptest upstream-version-is-even
 
-EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}"
-EXTRA_OECONF_X_class-native = "--without-x"
-
 EXTRA_OECONF = "--enable-tests \
                 --enable-modular-tests \
                 --enable-installed-tests \
@@ -37,7 +34,6 @@ EXTRA_OECONF = "--enable-tests \
                 --disable-doxygen-docs \
                 --disable-libaudit \
                 --with-dbus-test-dir=${PTEST_PATH} \
-                ${EXTRA_OECONF_X} \
                 --enable-embedded-tests \
              "
 
-- 
2.25.1

[OE-core][dunfell 4/9] dbus,dbus-test: Move common parts to dbus.inc

[Steve Sakoman]

From: Ovidiu Panait <ovidiu.panait@windriver.com>

dbus and dbus-test share the same source code and base configuration options,
so factor out the common parts into dbus.inc.

This way we can eliminate the need to keep the two recipes in sync. When they
are not properly in sync (e.g. when dbus recipe has extra patches/config
options that are not duplicated in dbus-test) ptest testsuite will actually
test a slightly different codebase. This is due to the fact that dbus-test does
not run the testsuite against the system libdbus library, but instead it
generates a local libdbus.so that needs to configured/compiled as close as
possible to the system one.

(From OE-Core rev: 1cde2935526d2eec7d6b17a6c622647b0c132439)

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44ae5d8d6f26fda4ab1a3fef9fc49d74e4ac89f0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/dbus/dbus-test_1.12.18.bb | 38 +++++---------------
 meta/recipes-core/dbus/dbus.inc             | 34 ++++++++++++++++++
 meta/recipes-core/dbus/dbus_1.12.18.bb      | 39 +++------------------
 3 files changed, 47 insertions(+), 64 deletions(-)
 create mode 100644 meta/recipes-core/dbus/dbus.inc

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 68fcdc847f..755c841bad 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -1,53 +1,31 @@
 SUMMARY = "D-Bus test package (for D-bus functionality testing only)"
 HOMEPAGE = "http://dbus.freedesktop.org"
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
 
-DEPENDS = "dbus glib-2.0"
+require dbus.inc
 
-RDEPENDS_${PN}-dev = ""
+SRC_URI += "file://run-ptest \
+            file://python-config.patch \
+	    "
 
-SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
-           file://tmpdir.patch \
-           file://run-ptest \
-           file://python-config.patch \
-           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-           "
+DEPENDS = "dbus glib-2.0"
 
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+RDEPENDS_${PN}-dev = ""
 
 S="${WORKDIR}/dbus-${PV}"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
 
-inherit autotools pkgconfig gettext ptest upstream-version-is-even
+inherit ptest
 
-EXTRA_OECONF = "--enable-tests \
+EXTRA_OECONF += "--enable-tests \
                 --enable-modular-tests \
                 --enable-installed-tests \
                 --enable-checks \
                 --enable-asserts \
-                --enable-largefile \
-                --disable-xml-docs \
-                --disable-doxygen-docs \
-                --disable-libaudit \
                 --with-dbus-test-dir=${PTEST_PATH} \
                 --enable-embedded-tests \
              "
 
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
-PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
-
 do_install() {
     :
 }
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
new file mode 100644
index 0000000000..3bdb7ea4ff
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -0,0 +1,34 @@
+inherit autotools pkgconfig gettext upstream-version-is-even
+
+LICENSE = "AFL-2.1 | GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+           file://tmpdir.patch \
+           file://dbus-1.init \
+           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+"
+
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+
+EXTRA_OECONF = "--disable-xml-docs \
+                --disable-doxygen-docs \
+                --disable-libaudit \
+                --enable-largefile \
+                --with-system-socket=/run/dbus/system_bus_socket \
+                "
+EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
+EXTRA_OECONF_append_class-native = " --disable-selinux"
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
+                   user-session \
+                  "
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
+PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
+PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
+PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
diff --git a/meta/recipes-core/dbus/dbus_1.12.18.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb
index 2fcb3079ad..cf6f7dc0ef 100644
--- a/meta/recipes-core/dbus/dbus_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.18.bb
@@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus"
 DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed."
 HOMEPAGE = "https://dbus.freedesktop.org"
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+require dbus.inc
+
 DEPENDS = "expat virtual/libintl autoconf-archive"
 RDEPENDS_dbus_class-native = ""
 RDEPENDS_dbus_class-nativesdk = ""
@@ -12,16 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '',
 ALLOW_EMPTY_dbus-ptest = "1"
 RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest"
 
-SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
-           file://tmpdir.patch \
-           file://dbus-1.init \
-           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-"
-
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
-
-inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
+inherit useradd update-rc.d
 
 INITSCRIPT_NAME = "dbus-1"
 INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
@@ -92,27 +83,7 @@ pkg_postinst_dbus() {
 }
 
 
-EXTRA_OECONF = "--disable-tests \
-                --disable-xml-docs \
-                --disable-doxygen-docs \
-                --disable-libaudit \
-                --enable-largefile \
-                --with-system-socket=/run/dbus/system_bus_socket \
-                "
-
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-EXTRA_OECONF_append_class-native = " --disable-selinux"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
-                   user-session \
-                  "
-
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
+EXTRA_OECONF += "--disable-tests"
 
 do_install() {
 	autotools_do_install
-- 
2.25.1

[OE-core][dunfell 5/9] dbus: upgrade 1.12.18 -> 1.12.20

[Steve Sakoman]

From: Wang Mingyu <wangmy@cn.fujitsu.com>

Source: https://git.openembedded.org/openembedded-core
MR: 108825
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/dbus?id=bfaef91e77cd54e4f642e966903aac3f3291c325
ChangeID: bfaef91e77cd54e4f642e966903aac3f3291c325
Description:

Bugz only update
Includes fix for CVE-2020-35512

ab88811768 (HEAD, tag: dbus-1.12.20) v1.12.20
5757fd5480 Update NEWS
f3b2574f0c userdb: Reference-count DBusUserInfo, DBusGroupInfo <- cve fix
37b36d49a6 userdb: Make lookups return a const pointer
732284d530 Solaris and derivatives do not adjust cmsg_len on MSG_CTRUNC
1f8c42c7cd Start 1.12.20 development

(From OE-Core rev: bfaef91e77cd54e4f642e966903aac3f3291c325)

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bfaef91e77cd54e4f642e966903aac3f3291c325)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dbus/{dbus-test_1.12.18.bb => dbus-test_1.12.20.bb}       | 0
 meta/recipes-core/dbus/dbus.inc                               | 4 ++--
 meta/recipes-core/dbus/{dbus_1.12.18.bb => dbus_1.12.20.bb}   | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.18.bb => dbus-test_1.12.20.bb} (100%)
 rename meta/recipes-core/dbus/{dbus_1.12.18.bb => dbus_1.12.20.bb} (100%)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/meta/recipes-core/dbus/dbus-test_1.12.20.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus-test_1.12.18.bb
rename to meta/recipes-core/dbus/dbus-test_1.12.20.bb
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
index 3bdb7ea4ff..dcbcc0a9d6 100644
--- a/meta/recipes-core/dbus/dbus.inc
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -10,8 +10,8 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
            file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
 "
 
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4"
+SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe"
 
 EXTRA_OECONF = "--disable-xml-docs \
                 --disable-doxygen-docs \
diff --git a/meta/recipes-core/dbus/dbus_1.12.18.bb b/meta/recipes-core/dbus/dbus_1.12.20.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus_1.12.18.bb
rename to meta/recipes-core/dbus/dbus_1.12.20.bb
-- 
2.25.1

[OE-core][dunfell 6/9] flex: Add CVE-2019-6293 to exclusions for checks

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.

https://github.com/westes/flex/issues/414

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 4 ----
 meta/recipes-devtools/flex/flex_2.6.4.bb          | 5 +++++
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index cf07acce1d..a6f52b5de7 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -61,10 +61,6 @@ CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
 # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 # however qemu maintainers are sure the patch is incorrect and should not be applied.
 
-# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293
-# Upstream bug, still open: https://github.com/westes/flex/issues/414
-# Causes memory exhaustion so potential DoS but no buffer overflow, low priority
-
 # wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879
 # https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
 # No response upstream as of 2021/5/12
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb
index 1d43d2228a..50d3bf8de1 100644
--- a/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -26,6 +26,11 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4
 UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases"
 UPSTREAM_CHECK_REGEX = "flex-(?P<pver>\d+(\.\d+)+)\.tar"
 
+# Disputed - yes there is stack exhaustion but no bug and it is building the
+# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
+# https://github.com/westes/flex/issues/414
+CVE_CHECK_WHITELIST += "CVE-2019-6293"
+
 inherit autotools gettext texinfo ptest
 
 M4 = "${bindir}/m4"
-- 
2.25.1

[OE-core][dunfell 7/9] go: Exclude CVE-2021-29923 from report list

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.

https://github.com/golang/go/issues/30999#issuecomment-910470358

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 3dfd671d11..50136ca841 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -19,3 +19,9 @@ SRC_URI += "\
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
+
-- 
2.25.1

[OE-core][dunfell 8/9] xserver-xorg: Security fix for CVE-2020-14360/-25712

[Steve Sakoman]

From: Armin Kuster <akuster@mvista.com>

Source: https://gitlab.freedesktop.org/xorg/xserver
MR: 108223,
Type: Security Fix
Disposition: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b and https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
ChangeID: 496c2a2d80e4f8fff9b0d3148fca70c090cec31e
Description:

affects < 1.20.10
Fixes CVE-2020-14360 and  CVE-2020-25712

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2020-14360.patch         | 132 ++++++++++++++++++
 .../xserver-xorg/CVE-2020-25712.patch         | 102 ++++++++++++++
 .../xorg-xserver/xserver-xorg_1.20.8.bb       |   2 +
 3 files changed, 236 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
new file mode 100644
index 0000000000..e9ab42742e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
@@ -0,0 +1,132 @@
+From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 12 Nov 2020 19:15:07 +0100
+Subject: [PATCH] Check SetMap request length carefully.
+
+Avoid out of bounds memory accesses on too short request.
+
+ZDI-CAN 11572 /  CVE-2020-14360
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+Upstream-Status: Backport 
+https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
+CVE: CVE-2020-14360
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ xkb/xkb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 92 insertions(+)
+
+Index: xorg-server-1.20.8/xkb/xkb.c
+===================================================================
+--- xorg-server-1.20.8.orig/xkb/xkb.c
++++ xorg-server-1.20.8/xkb/xkb.c
+@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi,
+     return (char *) wire;
+ }
+ 
++#define _add_check_len(new) \
++    if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \
++    else len += new
++
++/**
++ * Check the length of the SetMap request
++ */
++static int
++_XkbSetMapCheckLength(xkbSetMapReq *req)
++{
++    size_t len = sz_xkbSetMapReq, req_len = req->length << 2;
++    xkbKeyTypeWireDesc *keytype;
++    xkbSymMapWireDesc *symmap;
++    BOOL preserve;
++    int i, map_count, nSyms;
++
++    if (req_len < len)
++        goto bad;
++    /* types */
++    if (req->present & XkbKeyTypesMask) {
++        keytype = (xkbKeyTypeWireDesc *)(req + 1);
++        for (i = 0; i < req->nTypes; i++) {
++            _add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc));
++            if (req->flags & XkbSetMapResizeTypes) {
++                _add_check_len(keytype->nMapEntries
++                               * sz_xkbKTSetMapEntryWireDesc);
++                preserve = keytype->preserve;
++                map_count = keytype->nMapEntries;
++                if (preserve) {
++                    _add_check_len(map_count * sz_xkbModsWireDesc);
++                }
++                keytype += 1;
++                keytype = (xkbKeyTypeWireDesc *)
++                          ((xkbKTSetMapEntryWireDesc *)keytype + map_count);
++                if (preserve)
++                    keytype = (xkbKeyTypeWireDesc *)
++                              ((xkbModsWireDesc *)keytype + map_count);
++            }
++        }
++    }
++    /* syms */
++    if (req->present & XkbKeySymsMask) {
++        symmap = (xkbSymMapWireDesc *)((char *)req + len);
++        for (i = 0; i < req->nKeySyms; i++) {
++            _add_check_len(sz_xkbSymMapWireDesc);
++            nSyms = symmap->nSyms;
++            _add_check_len(nSyms*sizeof(CARD32));
++            symmap += 1;
++            symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms);
++        }
++    }
++    /* actions */
++    if (req->present & XkbKeyActionsMask) {
++        _add_check_len(req->totalActs * sz_xkbActionWireDesc 
++                       + XkbPaddedSize(req->nKeyActs));
++    }
++    /* behaviours */
++    if (req->present & XkbKeyBehaviorsMask) {
++        _add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc);
++    }
++    /* vmods */
++    if (req->present & XkbVirtualModsMask) {
++        _add_check_len(XkbPaddedSize(Ones(req->virtualMods)));
++    }
++    /* explicit */
++    if (req->present & XkbExplicitComponentsMask) {
++        /* two bytes per non-zero explicit componen */
++        _add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16)));
++    }
++    /* modmap */
++    if (req->present & XkbModifierMapMask) {
++         /* two bytes per non-zero modmap component */
++        _add_check_len(XkbPaddedSize(req->totalModMapKeys * sizeof(CARD16)));
++    }
++    /* vmodmap */
++    if (req->present & XkbVirtualModMapMask) {
++        _add_check_len(req->totalVModMapKeys * sz_xkbVModMapWireDesc);
++    }
++    if (len == req_len)
++        return Success;
++bad:
++    ErrorF("[xkb] BOGUS LENGTH in SetMap: expected %ld got %ld\n",
++           len, req_len);
++    return BadLength;
++}
++
++
+ /**
+  * Check if the given request can be applied to the given device but don't
+  * actually do anything..
+@@ -2639,6 +2726,11 @@ ProcXkbSetMap(ClientPtr client)
+     CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess);
+     CHK_MASK_LEGAL(0x01, stuff->present, XkbAllMapComponentsMask);
+ 
++    /* first verify the request length carefully */
++    rc = _XkbSetMapCheckLength(stuff);
++    if (rc != Success)
++        return rc;
++
+     tmp = (char *) &stuff[1];
+ 
+     /* Check if we can to the SetMap on the requested device. If this
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
new file mode 100644
index 0000000000..f39f6b32b1
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
@@ -0,0 +1,102 @@
+From 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Sun, 11 Oct 2020 17:05:09 +0200
+Subject: [PATCH] Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap
+ overflows
+
+ZDI-CAN 11389 / CVE-2020-25712
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+Upstream-Status: Backport
+https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
+CVE: CVE-2020-25712
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ xkb/xkb.c | 26 +++++++++++++++++++++++---
+ 1 file changed, 23 insertions(+), 3 deletions(-)
+
+Index: xorg-server-1.20.8/xkb/xkb.c
+===================================================================
+--- xorg-server-1.20.8.orig/xkb/xkb.c
++++ xorg-server-1.20.8/xkb/xkb.c
+@@ -6625,7 +6625,9 @@ SetDeviceIndicators(char *wire,
+                     unsigned changed,
+                     int num,
+                     int *status_rtrn,
+-                    ClientPtr client, xkbExtensionDeviceNotify * ev)
++                    ClientPtr client,
++                    xkbExtensionDeviceNotify * ev,
++                    xkbSetDeviceInfoReq * stuff)
+ {
+     xkbDeviceLedsWireDesc *ledWire;
+     int i;
+@@ -6646,6 +6648,11 @@ SetDeviceIndicators(char *wire,
+         xkbIndicatorMapWireDesc *mapWire;
+         XkbSrvLedInfoPtr sli;
+ 
++        if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) {
++            *status_rtrn = BadLength;
++            return (char *) ledWire;
++        }
++
+         namec = mapc = statec = 0;
+         sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID,
+                                 XkbXI_IndicatorMapsMask);
+@@ -6664,6 +6671,10 @@ SetDeviceIndicators(char *wire,
+             memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom));
+             for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
+                 if (ledWire->namesPresent & bit) {
++                    if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) {
++                        *status_rtrn = BadLength;
++                        return (char *) atomWire;
++                    }
+                     sli->names[n] = (Atom) *atomWire;
+                     if (sli->names[n] == None)
+                         ledWire->namesPresent &= ~bit;
+@@ -6681,6 +6692,10 @@ SetDeviceIndicators(char *wire,
+         if (ledWire->mapsPresent) {
+             for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
+                 if (ledWire->mapsPresent & bit) {
++                    if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) {
++                        *status_rtrn = BadLength;
++                        return (char *) mapWire;
++                    }
+                     sli->maps[n].flags = mapWire->flags;
+                     sli->maps[n].which_groups = mapWire->whichGroups;
+                     sli->maps[n].groups = mapWire->groups;
+@@ -6760,7 +6775,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
+     ed.deviceID = dev->id;
+     wire = (char *) &stuff[1];
+     if (stuff->change & XkbXI_ButtonActionsMask) {
+-        int nBtns, sz, i;
++	int nBtns, sz, i;
+         XkbAction *acts;
+         DeviceIntPtr kbd;
+ 
+@@ -6772,7 +6787,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
+                 return BadAlloc;
+             dev->button->xkb_acts = acts;
+         }
++        if (stuff->firstBtn + stuff->nBtns > nBtns)
++            return BadValue;
+         sz = stuff->nBtns * SIZEOF(xkbActionWireDesc);
++        if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz))
++            return BadLength;
+         memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz);
+         wire += sz;
+         ed.reason |= XkbXI_ButtonActionsMask;
+@@ -6793,7 +6812,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client,
+         int status = Success;
+ 
+         wire = SetDeviceIndicators(wire, dev, stuff->change,
+-                                   stuff->nDeviceLedFBs, &status, client, &ed);
++                                   stuff->nDeviceLedFBs, &status, client, &ed,
++                                   stuff);
+         if (status != Success)
+             return status;
+     }
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
index 2af1b6f307..8c77c3756b 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
@@ -10,6 +10,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2020-14361.patch \
            file://CVE-2020-14362.patch \
            file://CVE-2020-14345.patch \
+           file://CVE-2020-14360.patch \
+           file://CVE-2020-25712.patch \
            "
 SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839"
 SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146"
-- 
2.25.1

[OE-core][dunfell 9/9] go: Several Security fixes

[Steve Sakoman]

From: Armin Kuster <akuster@mvista.com>

Source: golang.org
MR: 111958, 112390, 112393
Type: Security Fix
Disposition: Backport from https://github.com/golang/go.git
ChangeID: 662d021814f025b3d768a04864498486f94819a7
Description:

Affects < 1.16.5

Fixes:
CVE-2021-33196
CVE-2021-33197
CVE-2021-34558

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc          |   3 +
 .../go/go-1.14/CVE-2021-33196.patch           | 124 ++++++++++++++
 .../go/go-1.14/CVE-2021-33197.patch           | 152 ++++++++++++++++++
 .../go/go-1.14/CVE-2021-34558.patch           |  51 ++++++
 4 files changed, 330 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 50136ca841..abc6f42184 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -16,6 +16,9 @@ SRC_URI += "\
     file://0006-cmd-dist-separate-host-and-target-builds.patch \
     file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+    file://CVE-2021-34558.patch \
+    file://CVE-2021-33196.patch \
+    file://CVE-2021-33197.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
new file mode 100644
index 0000000000..2e2dc62c49
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
@@ -0,0 +1,124 @@
+From 74242baa4136c7a9132a8ccd9881354442788c8c Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <roland@golang.org>
+Date: Tue, 11 May 2021 11:31:31 -0700
+Subject: [PATCH] archive/zip: only preallocate File slice if reasonably sized
+
+Since the number of files in the EOCD record isn't validated, it isn't
+safe to preallocate Reader.Files using that field. A malformed archive
+can indicate it contains up to 1 << 128 - 1 files. We can still safely
+preallocate the slice by checking if the specified number of files in
+the archive is reasonable, given the size of the archive.
+
+Thanks to the OSS-Fuzz project for discovering this issue and to
+Emmanuel Odeke for reporting it.
+
+Fixes #46242
+Fixes CVE-2021-33196
+
+Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76
+Reviewed-on: https://go-review.googlesource.com/c/go/+/318909
+Trust: Roland Shoemaker <roland@golang.org>
+Trust: Katie Hockman <katie@golang.org>
+Trust: Joe Tsai <thebrokentoaster@gmail.com>
+Run-TryBot: Roland Shoemaker <roland@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-by: Katie Hockman <katie@golang.org>
+Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-33196
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/archive/zip/reader.go      | 10 +++++-
+ src/archive/zip/reader_test.go | 59 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 68 insertions(+), 1 deletion(-)
+
+Index: go/src/archive/zip/reader.go
+===================================================================
+--- go.orig/src/archive/zip/reader.go
++++ go/src/archive/zip/reader.go
+@@ -84,7 +84,15 @@ func (z *Reader) init(r io.ReaderAt, siz
+ 		return err
+ 	}
+ 	z.r = r
+-	z.File = make([]*File, 0, end.directoryRecords)
++	// Since the number of directory records is not validated, it is not
++	// safe to preallocate z.File without first checking that the specified
++	// number of files is reasonable, since a malformed archive may
++	// indicate it contains up to 1 << 128 - 1 files. Since each file has a
++	// header which will be _at least_ 30 bytes we can safely preallocate
++	// if (data size / 30) >= end.directoryRecords.
++	if (uint64(size)-end.directorySize)/30 >= end.directoryRecords {
++		z.File = make([]*File, 0, end.directoryRecords)
++	}
+ 	z.Comment = end.comment
+ 	rs := io.NewSectionReader(r, 0, size)
+ 	if _, err = rs.Seek(int64(end.directoryOffset), io.SeekStart); err != nil {
+Index: go/src/archive/zip/reader_test.go
+===================================================================
+--- go.orig/src/archive/zip/reader_test.go
++++ go/src/archive/zip/reader_test.go
+@@ -1070,3 +1070,62 @@ func TestIssue12449(t *testing.T) {
+ 		t.Errorf("Error reading the archive: %v", err)
+ 	}
+ }
++
++func TestCVE202133196(t *testing.T) {
++	// Archive that indicates it has 1 << 128 -1 files,
++	// this would previously cause a panic due to attempting
++	// to allocate a slice with 1 << 128 -1 elements.
++	data := []byte{
++		0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x08,
++		0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x02,
++		0x03, 0x62, 0x61, 0x65, 0x03, 0x04, 0x00, 0x00,
++		0xff, 0xff, 0x50, 0x4b, 0x07, 0x08, 0xbe, 0x20,
++		0x5c, 0x6c, 0x09, 0x00, 0x00, 0x00, 0x03, 0x00,
++		0x00, 0x00, 0x50, 0x4b, 0x01, 0x02, 0x14, 0x00,
++		0x14, 0x00, 0x08, 0x08, 0x08, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0xbe, 0x20, 0x5c, 0x6c, 0x09, 0x00,
++		0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00,
++		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++		0x01, 0x02, 0x03, 0x50, 0x4b, 0x06, 0x06, 0x2c,
++		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2d,
++		0x00, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
++		0xff, 0xff, 0xff, 0x31, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x50, 0x4b, 0x06, 0x07, 0x00,
++		0x00, 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50,
++		0x4b, 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0xff,
++		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++		0xff, 0xff, 0xff, 0x00, 0x00,
++	}
++	_, err := NewReader(bytes.NewReader(data), int64(len(data)))
++	if err != ErrFormat {
++		t.Fatalf("unexpected error, got: %v, want: %v", err, ErrFormat)
++	}
++
++	// Also check that an archive containing a handful of empty
++	// files doesn't cause an issue
++	b := bytes.NewBuffer(nil)
++	w := NewWriter(b)
++	for i := 0; i < 5; i++ {
++		_, err := w.Create("")
++		if err != nil {
++			t.Fatalf("Writer.Create failed: %s", err)
++		}
++	}
++	if err := w.Close(); err != nil {
++		t.Fatalf("Writer.Close failed: %s", err)
++	}
++	r, err := NewReader(bytes.NewReader(b.Bytes()), int64(b.Len()))
++	if err != nil {
++		t.Fatalf("NewReader failed: %s", err)
++	}
++	if len(r.File) != 5 {
++		t.Errorf("Archive has unexpected number of files, got %d, want 5", len(r.File))
++	}
++}
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch
new file mode 100644
index 0000000000..2052b1d3db
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch
@@ -0,0 +1,152 @@
+From cbd1ca84453fecf3825a6bb9f985823e8bc32b76 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Fri, 21 May 2021 14:02:30 -0400
+Subject: [PATCH] [release-branch.go1.15] net/http/httputil: always remove
+ hop-by-hop headers
+
+Previously, we'd fail to remove the Connection header from a request
+like this:
+
+    Connection:
+    Connection: x-header
+
+Updates #46313
+Fixes #46314
+Fixes CVE-2021-33197
+
+Change-Id: Ie3009e926ceecfa86dfa6bcc6fe14ff01086be7d
+Reviewed-on: https://go-review.googlesource.com/c/go/+/321929
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+Reviewed-by: Katie Hockman <katie@golang.org>
+Trust: Katie Hockman <katie@golang.org>
+Trust: Filippo Valsorda <filippo@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/323091
+Run-TryBot: Katie Hockman <katie@golang.org>
+
+Upstream-Status: Backport
+CVE: CVE-2021-33197
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/net/http/httputil/reverseproxy.go      | 22 ++++----
+ src/net/http/httputil/reverseproxy_test.go | 63 +++++++++++++++++++++-
+ 2 files changed, 70 insertions(+), 15 deletions(-)
+
+Index: go/src/net/http/httputil/reverseproxy.go
+===================================================================
+--- go.orig/src/net/http/httputil/reverseproxy.go
++++ go/src/net/http/httputil/reverseproxy.go
+@@ -221,22 +221,18 @@ func (p *ReverseProxy) ServeHTTP(rw http
+ 	// important is "Connection" because we want a persistent
+ 	// connection, regardless of what the client sent to us.
+ 	for _, h := range hopHeaders {
+-		hv := outreq.Header.Get(h)
+-		if hv == "" {
+-			continue
+-		}
+-		if h == "Te" && hv == "trailers" {
+-			// Issue 21096: tell backend applications that
+-			// care about trailer support that we support
+-			// trailers. (We do, but we don't go out of
+-			// our way to advertise that unless the
+-			// incoming client request thought it was
+-			// worth mentioning)
+-			continue
+-		}
+ 		outreq.Header.Del(h)
+ 	}
+ 
++	// Issue 21096: tell backend applications that care about trailer support
++	// that we support trailers. (We do, but we don't go out of our way to
++	// advertise that unless the incoming client request thought it was worth
++	// mentioning.) Note that we look at req.Header, not outreq.Header, since
++	// the latter has passed through removeConnectionHeaders.
++	if httpguts.HeaderValuesContainsToken(req.Header["Te"], "trailers") {
++		outreq.Header.Set("Te", "trailers")
++	}
++
+ 	// After stripping all the hop-by-hop connection headers above, add back any
+ 	// necessary for protocol upgrades, such as for websockets.
+ 	if reqUpType != "" {
+Index: go/src/net/http/httputil/reverseproxy_test.go
+===================================================================
+--- go.orig/src/net/http/httputil/reverseproxy_test.go
++++ go/src/net/http/httputil/reverseproxy_test.go
+@@ -91,8 +91,9 @@ func TestReverseProxy(t *testing.T) {
+ 
+ 	getReq, _ := http.NewRequest("GET", frontend.URL, nil)
+ 	getReq.Host = "some-name"
+-	getReq.Header.Set("Connection", "close")
+-	getReq.Header.Set("Te", "trailers")
++	getReq.Header.Set("Connection", "close, TE")
++	getReq.Header.Add("Te", "foo")
++	getReq.Header.Add("Te", "bar, trailers")
+ 	getReq.Header.Set("Proxy-Connection", "should be deleted")
+ 	getReq.Header.Set("Upgrade", "foo")
+ 	getReq.Close = true
+@@ -236,6 +237,64 @@ func TestReverseProxyStripHeadersPresent
+ 	}
+ }
+ 
++func TestReverseProxyStripEmptyConnection(t *testing.T) {
++	// See Issue 46313.
++	const backendResponse = "I am the backend"
++
++	// someConnHeader is some arbitrary header to be declared as a hop-by-hop header
++	// in the Request's Connection header.
++	const someConnHeader = "X-Some-Conn-Header"
++
++	backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
++		if c := r.Header.Values("Connection"); len(c) != 0 {
++			t.Errorf("handler got header %q = %v; want empty", "Connection", c)
++		}
++		if c := r.Header.Get(someConnHeader); c != "" {
++			t.Errorf("handler got header %q = %q; want empty", someConnHeader, c)
++		}
++		w.Header().Add("Connection", "")
++		w.Header().Add("Connection", someConnHeader)
++		w.Header().Set(someConnHeader, "should be deleted")
++		io.WriteString(w, backendResponse)
++	}))
++	defer backend.Close()
++	backendURL, err := url.Parse(backend.URL)
++	if err != nil {
++		t.Fatal(err)
++	}
++	proxyHandler := NewSingleHostReverseProxy(backendURL)
++	frontend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
++		proxyHandler.ServeHTTP(w, r)
++		if c := r.Header.Get(someConnHeader); c != "should be deleted" {
++			t.Errorf("handler modified header %q = %q; want %q", someConnHeader, c, "should be deleted")
++		}
++	}))
++	defer frontend.Close()
++
++	getReq, _ := http.NewRequest("GET", frontend.URL, nil)
++	getReq.Header.Add("Connection", "")
++	getReq.Header.Add("Connection", someConnHeader)
++	getReq.Header.Set(someConnHeader, "should be deleted")
++	res, err := frontend.Client().Do(getReq)
++	if err != nil {
++		t.Fatalf("Get: %v", err)
++	}
++	defer res.Body.Close()
++	bodyBytes, err := ioutil.ReadAll(res.Body)
++	if err != nil {
++		t.Fatalf("reading body: %v", err)
++	}
++	if got, want := string(bodyBytes), backendResponse; got != want {
++		t.Errorf("got body %q; want %q", got, want)
++	}
++	if c := res.Header.Get("Connection"); c != "" {
++		t.Errorf("handler got header %q = %q; want empty", "Connection", c)
++	}
++	if c := res.Header.Get(someConnHeader); c != "" {
++		t.Errorf("handler got header %q = %q; want empty", someConnHeader, c)
++	}
++}
++
+ func TestXForwardedFor(t *testing.T) {
+ 	const prevForwardedFor = "client ip"
+ 	const backendResponse = "I am the backend"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch
new file mode 100644
index 0000000000..8fb346d622
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch
@@ -0,0 +1,51 @@
+From a98589711da5e9d935e8d690cfca92892e86d557 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <roland@golang.org>
+Date: Wed, 9 Jun 2021 11:31:27 -0700
+Subject: [PATCH] crypto/tls: test key type when casting
+
+When casting the certificate public key in generateClientKeyExchange,
+check the type is appropriate. This prevents a panic when a server
+agrees to a RSA based key exchange, but then sends an ECDSA (or
+other) certificate.
+
+Fixes #47143
+Fixes CVE-2021-34558
+
+Thanks to Imre Rad for reporting this issue.
+
+Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723
+Reviewed-by: Filippo Valsorda <valsorda@google.com>
+Reviewed-by: Katie Hockman <katiehockman@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/334031
+Trust: Filippo Valsorda <filippo@golang.org>
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
+
+Upstream-Status: Backport 
+https://github.com/golang/go/commit/a98589711da5e9d935e8d690cfca92892e86d557
+CVE: CVE-2021-34558
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/crypto/tls/key_agreement.go | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+Index: go/src/crypto/tls/key_agreement.go
+===================================================================
+--- go.orig/src/crypto/tls/key_agreement.go
++++ go/src/crypto/tls/key_agreement.go
+@@ -67,7 +67,11 @@ func (ka rsaKeyAgreement) generateClient
+ 		return nil, nil, err
+ 	}
+ 
+-	encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret)
++	rsaKey, ok := cert.PublicKey.(*rsa.PublicKey)
++	if !ok {
++		return nil, nil, errors.New("tls: server certificate contains incorrect key type for selected ciphersuite")
++	}
++	encrypted, err := rsa.EncryptPKCS1v15(config.rand(), rsaKey, preMasterSecret)
+ 	if err != nil {
+ 		return nil, nil, err
+ 	}
-- 
2.25.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Monday, February 26

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6590

The following changes since commit 7ab6087536bc67c63094f08f863dcd3d5e35b8e7:

  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES (2024-02-12 17:13:14 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (5):
  linux-yocto/5.4: update to v5.4.264
  linux-yocto/5.4: update to v5.4.265
  linux-yocto/5.4: update to v5.4.266
  linux-yocto/5.4: update to v5.4.267
  linux-yocto/5.4: update to v5.4.268

Peter Marko (1):
  gcc-shared-source: whitelist CVE-2023-4039

Richard Purdie (1):
  sstatesig: Allow exclusion of the root directory for do_package

Steve Sakoman (1):
  cve-exclusion_5.4.inc: update for 5.4.268

Tim Orling (1):
  vim: upgrade v9.0.2130 -> v9.0.2190

 meta/lib/oe/sstatesig.py                      |   5 +-
 .../gcc/gcc-shared-source.inc                 |   3 +
 .../linux/cve-exclusion_5.4.inc               | 199 +++++++++++++++++-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 7 files changed, 215 insertions(+), 32 deletions(-)

-- 
2.34.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5239

The following changes since commit d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c:

  go: fix CVE-2023-24537 Infinite loop in parsing (2023-04-21 04:15:45 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Christoph Lauer (1):
  populate_sdk_base: add zip options

Nikhil R (1):
  openssl: Fix CVE-2023-0464

Omkar Patil (2):
  openssl: Fix CVE-2023-0465
  openssl: Fix CVE-2023-0466

Shubham Kulkarni (1):
  go: Ignore CVE-2022-1705

Vijay Anusuri (2):
  sudo: Security fix for CVE-2023-28486 and CVE-2023-28487
  curl: Security fix CVE-2023-27533, CVE-2023-27535 and CVE-2023-27536

Virendra Thakur (1):
  qemu: Whitelist CVE-2023-0664

Vivek Kumbhar (1):
  go: fix CVE-2023-24534 denial of service from excessive memory
    allocation

 meta/classes/populate_sdk_base.bbclass        |   4 +-
 .../openssl/openssl/CVE-2023-0464.patch       | 226 ++++++
 .../openssl/openssl/CVE-2023-0465.patch       |  60 ++
 .../openssl/openssl/CVE-2023-0466.patch       |  82 +++
 .../openssl/openssl_1.1.1t.bb                 |   3 +
 meta/recipes-devtools/go/go-1.14.inc          |   4 +
 .../go/go-1.14/CVE-2023-24534.patch           | 200 ++++++
 meta/recipes-devtools/qemu/qemu.inc           |   5 +
 .../CVE-2023-28486_CVE-2023-28487-1.patch     | 646 ++++++++++++++++++
 .../CVE-2023-28486_CVE-2023-28487-2.patch     |  26 +
 meta/recipes-extended/sudo/sudo_1.8.32.bb     |   2 +
 .../curl/curl/CVE-2023-27533.patch            |  59 ++
 .../curl/curl/CVE-2023-27535-pre1.patch       | 236 +++++++
 .../curl/curl/CVE-2023-27535.patch            | 170 +++++
 .../curl/curl/CVE-2023-27536.patch            |  55 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |   4 +
 16 files changed, 1781 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24534.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch

-- 
2.34.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4330

The following changes since commit dbad46a0079843b380cf3dda6008b12ab9526688:

  build-appliance-image: Update to dunfell head revision (2022-10-06 23:23:20 +0100)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (2):
  dhcp: Fix CVE-2022-2928 & CVE-2022-2929
  qemu: CVE-2021-3750 hcd-ehci: DMA reentrancy issue leads to
    use-after-free

John Edward Broadbent (1):
  externalsrc: git submodule--helper list unsupported

Michael Halstead (1):
  uninative: Upgrade to 3.7 to work with glibc 2.36

Richard Purdie (1):
  qemu: Avoid accidental librdmacm linkage

Steve Sakoman (3):
  selftest: skip virgl test on ubuntu 22.04
  qemu: Avoid accidental libvdeplug linkage
  qemu: Add PACKAGECONFIG for rbd

Tim Orling (1):
  python3: upgrade 3.8.13 -> 3.8.14

 meta/classes/externalsrc.bbclass              |  19 +-
 meta/conf/distro/include/yocto-uninative.inc  |  10 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |   2 +
 .../dhcp/dhcp/CVE-2022-2928.patch             | 120 ++++++++++++
 .../dhcp/dhcp/CVE-2022-2929.patch             |  40 ++++
 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |   2 +
 .../python/python3/CVE-2021-28861.patch       | 135 -------------
 .../{python3_3.8.13.bb => python3_3.8.14.bb}  |   5 +-
 meta/recipes-devtools/qemu/qemu.inc           |   4 +
 .../qemu/qemu/CVE-2021-3750.patch             | 180 ++++++++++++++++++
 10 files changed, 365 insertions(+), 152 deletions(-)
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2022-2928.patch
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2022-2929.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2021-28861.patch
 rename meta/recipes-devtools/python/{python3_3.8.13.bb => python3_3.8.14.bb} (98%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3750.patch

-- 
2.25.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4224

The following changes since commit c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4:

  vim: Upgrade 9.0.0242 -> 9.0.0341 (2022-09-07 04:40:43 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Chee Yang Lee (3):
  connman: fix CVE-2022-32292
  gnutls: fix CVE-2021-4209
  virglrenderer: fix CVE-2022-0135

Florin Diaconescu (1):
  binutils : CVE-2022-38533

Khan@kpit.com (1):
  python3: Fix CVE-2021-28861 for python3

Virendra Thakur (1):
  tiff: Fix for CVE-2022-2867/8/9

Yi Zhao (1):
  tiff: Security fixes CVE-2022-1354 and CVE-2022-1355

niko.mauno@vaisala.com (2):
  systemd: Fix unwritable /var/lock when no sysvinit handling
  systemd: Add 'no-dns-fallback' PACKAGECONFIG option

 .../connman/connman/CVE-2022-32292.patch      |  37 +++
 .../connman/connman_1.37.bb                   |   1 +
 .../systemd/systemd/00-create-volatile.conf   |   1 +
 meta/recipes-core/systemd/systemd_244.5.bb    |   1 +
 .../binutils/binutils-2.34.inc                |   1 +
 .../binutils/binutils/CVE-2022-38533.patch    |  37 +++
 .../python/python3/CVE-2021-28861.patch       | 135 +++++++++++
 .../recipes-devtools/python/python3_3.8.13.bb |   1 +
 .../virglrenderer/CVE-2022-0135.patch         | 100 +++++++++
 .../virglrenderer/virglrenderer_0.8.2.bb      |   1 +
 ...022-2867-CVE-2022-2868-CVE-2022-2869.patch | 159 +++++++++++++
 .../libtiff/tiff/CVE-2022-1354.patch          | 212 ++++++++++++++++++
 .../libtiff/tiff/CVE-2022-1355.patch          |  62 +++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   3 +
 .../gnutls/gnutls/CVE-2021-4209.patch         |  37 +++
 meta/recipes-support/gnutls/gnutls_3.6.14.bb  |   1 +
 16 files changed, 789 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-28861.patch
 create mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/CVE-2022-0135.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2867-CVE-2022-2868-CVE-2022-2869.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch

-- 
2.25.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by end
of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3677

The following changes since commit 0f6ae13d76129d96f788b7ede312cfc361ee2bda:

  scripts/git: Ensure we don't have circular references (2022-05-10 08:23:12 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20220411 -> 20220509

Konrad Weihmann (1):
  linux-firmware: replace mkdir by install

Ranjitsinh Rathod (4):
  tiff: Add patches to fix multiple CVEs
  freetype: Fix CVEs for freetype
  git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE
  openssl: Minor security upgrade 1.1.1n to 1.1.1o

Richard Purdie (1):
  vim: Upgrade 8.2.4681 -> 8.2.4912

Sana Kazi (1):
  curl: Fix CVEs for curl

Steve Sakoman (1):
  selftest: skip virgl test on alma 8.6

 meta/lib/oeqa/selftest/cases/runtime_test.py  |   2 +
 .../{openssl_1.1.1n.bb => openssl_1.1.1o.bb}  |   2 +-
 meta/recipes-devtools/git/git.inc             |   2 +-
 .../freetype/freetype/CVE-2022-27404.patch    |  33 ++++
 .../freetype/freetype/CVE-2022-27405.patch    |  38 +++++
 .../freetype/freetype/CVE-2022-27406.patch    |  31 ++++
 .../freetype/freetype_2.10.1.bb               |   3 +
 ...01-Makefile-replace-mkdir-by-install.patch |  84 ++++++++++
 ...20220411.bb => linux-firmware_20220509.bb} |   9 +-
 .../libtiff/files/CVE-2022-0865.patch         |  39 +++++
 .../libtiff/files/CVE-2022-0907.patch         |  94 +++++++++++
 .../libtiff/files/CVE-2022-0908.patch         |  34 ++++
 .../libtiff/files/CVE-2022-0909.patch         |  37 +++++
 .../libtiff/files/CVE-2022-0924.patch         |  58 +++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   5 +
 .../curl/curl/CVE-2022-22576.patch            | 148 ++++++++++++++++++
 .../curl/curl/CVE-2022-27775.patch            |  39 +++++
 .../curl/curl/CVE-2022-27776.patch            | 114 ++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   3 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 20 files changed, 772 insertions(+), 7 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1n.bb => openssl_1.1.1o.bb} (98%)
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch
 create mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220411.bb => linux-firmware_20220509.bb} (99%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0865.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0908.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0909.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0924.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-22576.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27775.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27776.patch

-- 
2.25.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3600

with the exception of the meta-virtualization test which was just added
to a-full:

https://autobuilder.yoctoproject.org/typhoon/#/builders/128/builds/19

Note that the test passed for qemuarm and qemuarm64, but failed for qemux86-64.

I tried to refrain from commenting that the test was added by someone with an
arm.com address, but I couldn't help myself ;-) (looking at you Ross!)

I'm not going to hold up the review process on this, since this is a newly added test.

Any help fixing this for qemux86-64 would be much appreciated.

Steve

The following changes since commit bb3fc61f0d7f7bcd77ef194b76f4fdd8a7ff6aa5:

  scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng (2022-04-27 05:00:00 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Chen Qi (1):
  cases/buildepoxy.py: fix typo

Khem Raj (1):
  busybox: Use base_bindir instead of hardcoding /bin path

Paul Gortmaker (1):
  install/devshell: Introduce git intercept script due to fakeroot
    issues

Peter Kjellerstedt (1):
  devshell.bbclass: Allow devshell & pydevshell to use the network

Rahul Kumar (1):
  neard: Switch SRC_URI to git repo

Richard Purdie (2):
  base: Drop git intercept
  uninative: Upgrade to 3.6 with gcc 12 support

Ross Burton (2):
  python3: ignore CVE-2015-20107
  bitbake.conf: mark all directories as safe for git to read

 meta/classes/devshell.bbclass                 |  4 ++++
 meta/conf/bitbake.conf                        |  8 ++++++++
 meta/conf/distro/include/yocto-uninative.inc  |  8 ++++----
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |  2 +-
 meta/recipes-connectivity/neard/neard_0.16.bb | 13 +++++++------
 meta/recipes-core/busybox/busybox.inc         |  2 +-
 .../recipes-devtools/python/python3_3.8.13.bb |  3 +++
 scripts/git-intercept/git                     | 19 +++++++++++++++++++
 8 files changed, 47 insertions(+), 12 deletions(-)
 create mode 100755 scripts/git-intercept/git

-- 
2.25.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3552

except for a known intermittent issue (the infamous ping issue), which passed on
subsequent re-test:

https://autobuilder.yoctoproject.org/typhoon/#/builders/63/builds/5054

The following changes since commit 8fd5133fc7f6bc84193ec6fcbc1746c59bfc8caf:

  libxshmfence: Correct LICENSE to HPND (2022-04-18 12:13:17 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (5):
  linux-yocto/5.4: update to v5.4.182
  linux-yocto/5.4: update to v5.4.183
  linux-yocto/5.4: update to v5.4.186
  linux-yocto/5.4: update to v5.4.188
  linux-yocto/5.4: update to v5.4.190

Peter Kjellerstedt (1):
  u-boot: Correct the SRC_URI

Steve Sakoman (1):
  git update from 2.24.3 to 2.24.4

wangmy (1):
  linux-firmware: upgrade 20220310 -> 20220411

zhengruoqin (1):
  wireless-regdb: upgrade 2022.02.18 -> 2022.04.08

 meta/recipes-bsp/u-boot/u-boot-common.inc     |   4 +-
 .../git/files/CVE-2021-21300.patch            | 305 ------------------
 meta/recipes-devtools/git/git.inc             |   1 -
 .../git/{git_2.24.3.bb => git_2.24.4.bb}      |   4 +-
 ...20220310.bb => linux-firmware_20220411.bb} |   4 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 ....02.18.bb => wireless-regdb_2022.04.08.bb} |   2 +-
 9 files changed, 25 insertions(+), 331 deletions(-)
 delete mode 100644 meta/recipes-devtools/git/files/CVE-2021-21300.patch
 rename meta/recipes-devtools/git/{git_2.24.3.bb => git_2.24.4.bb} (51%)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220310.bb => linux-firmware_20220411.bb} (99%)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.02.18.bb => wireless-regdb_2022.04.08.bb} (94%)

-- 
2.25.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
Wednesday end of day.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1648

The following changes since commit 071806feb195961e59069f778c9ae8f27a739d9a:

  e2fsprogs: Fix a ptest permissions determinism issue (2020-11-30 12:05:57 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (8):
  linux-yocto/5.4: update to v5.4.71
  linux-yocto/5.4: update to v5.4.72
  linux-yocto/5.4: update to v5.4.73
  linux-yocto/5.4: config cleanup / warnings
  linux-yocto/5.4: update to v5.4.75
  linux-yocto/5.4: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit
    arches with 64bit time_t
  linux-yocto/5.4: update to v5.4.78
  lttng-modules: add post 2.11.6 patches

Lee Chee Yang (1):
  go: update to 1.14.12

 meta/recipes-devtools/go/go-1.14.inc          |   5 +-
 ...t-CGO_LDFLAGS-to-appear-in-go-ldflag.patch |  98 ++++++
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 ...ncpy-equals-destination-size-warning.patch |  42 +++
 ...jtool-Rename-frame.h-objtool.h-v5.10.patch |  88 +++++
 ...oints-output-proper-root-owner-for-t.patch | 316 ++++++++++++++++++
 ...rdered-extent-tracepoint-take-btrfs_.patch | 179 ++++++++++
 ...ext4-fast-commit-recovery-path-v5.10.patch |  91 +++++
 ...intr-vectoring-info-and-error-code-t.patch | 124 +++++++
 ...x86-mmu-Add-TDP-MMU-PF-handler-v5.10.patch |  82 +++++
 ...Return-unique-RET_PF_-values-if-the-.patch |  71 ++++
 ...int-Optimize-using-static_call-v5.10.patch | 155 +++++++++
 ...-fix-include-order-for-older-kernels.patch |  31 ++
 .../0011-Add-release-maintainer-script.patch  |  59 ++++
 .../0012-Improve-the-release-script.patch     | 173 ++++++++++
 ...fix-ext4-fast-commit-recovery-path-v.patch |  32 ++
 ...-fix-include-order-for-older-kernels.patch |  32 ++
 ...fix-tracepoint-Optimize-using-static.patch |  46 +++
 ...ion-range-for-trace_find_free_extent.patch |  30 ++
 .../lttng/lttng-modules_2.11.6.bb             |  16 +
 22 files changed, 1686 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.14/0010-cmd-go-permit-CGO_LDFLAGS-to-appear-in-go-ldflag.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-strncpy-equals-destination-size-warning.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-objtool-Rename-frame.h-objtool.h-v5.10.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-btrfs-tracepoints-output-proper-root-owner-for-t.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0004-fix-btrfs-make-ordered-extent-tracepoint-take-btrfs_.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0005-fix-ext4-fast-commit-recovery-path-v5.10.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0006-fix-KVM-x86-Add-intr-vectoring-info-and-error-code-t.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0007-fix-kvm-x86-mmu-Add-TDP-MMU-PF-handler-v5.10.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0008-fix-KVM-x86-mmu-Return-unique-RET_PF_-values-if-the-.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0009-fix-tracepoint-Optimize-using-static_call-v5.10.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0010-fix-include-order-for-older-kernels.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0011-Add-release-maintainer-script.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0012-Improve-the-release-script.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0013-fix-backport-of-fix-ext4-fast-commit-recovery-path-v.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0014-Revert-fix-include-order-for-older-kernels.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0015-fix-backport-of-fix-tracepoint-Optimize-using-static.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0016-fix-adjust-version-range-for-trace_find_free_extent.patch

-- 
2.17.1

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

PLease review this next set of patches for dunfell and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1603

The following changes since commit b4a92a20a683a74423fd5a833d5c016f63dba2b4:

  freetype: fix CVE-2020-15999, backport from 2.10.4 (2020-11-13 05:57:16 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (2):
  ptest-runner: fix upstream version check
  glib-2.0: correct build with latest meson

Anibal Limon (1):
  ptest-runner: Bump to 2.4.0

Joshua Watt (3):
  classes/reproducible: Move to library code
  lib/oe/reproducible: Fix error when no git HEAD
  lib/oe/reproducible.py: Fix git HEAD check

Khem Raj (1):
  ptest-runner: Backport patch to fix inappropriate ioctl error

Mark Jonas (1):
  libbsd: Remove BSD-4-Clause from main package

Mingli Yu (1):
  python3: add ldconfig rdepends for python3-ctypes

 meta/classes/reproducible_build.bbclass       |  90 +--------------
 meta/lib/oe/reproducible.py                   | 104 ++++++++++++++++++
 .../glib-2.0/meson.cross.d/common-linux       |   2 +-
 meta/recipes-devtools/python/python3_3.8.2.bb |   1 +
 meta/recipes-support/libbsd/libbsd_0.10.0.bb  |   3 +-
 ...-runner_2.3.2.bb => ptest-runner_2.4.0.bb} |   5 +-
 6 files changed, 114 insertions(+), 91 deletions(-)
 create mode 100644 meta/lib/oe/reproducible.py
 rename meta/recipes-support/ptest-runner/{ptest-runner_2.3.2.bb => ptest-runner_2.4.0.bb} (87%)

-- 
2.17.1