[gatesgarth][PATCH 00/22] gatesgarth review request

[gatesgarth][PATCH 00/22] gatesgarth review request

[Anuj Mittal]

Next set of changes for gatesgarth. This also includes patches that are
already in gatesgarth-next as well. Please review. Builds cleanly on
autobuilder.

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1549

The following changes since commit b1eb390bbcb995c0da70478e17f9170721c75341:

  scripts/buildhistory_analysis: Avoid tracebacks from file comparision code (2020-10-30 12:37:53 +0000)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib anujm/gatesgarth

Alexander Kanavin (1):
  apt: remove host contamination with gtest

Chee Yang Lee (2):
  bluez5: fix CVE-2020-27153
  ruby: fix CVE-2020-25613

Jose Quaresma (12):
  gstreamer1.0: Fix reproducibility issue around libcap
  gstreamer1.0: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3
  gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3
  gst-validate: Update 1.16.2 -> Update 1.16.3

Khem Raj (1):
  qemuboot.bbclass: Fix a typo

Mark Jonas (2):
  libsdl2: Fix directfb syntax error
  libsdl2: Fix directfb SDL_RenderFillRect

Mingli Yu (1):
  update_udev_hwdb: clean hwdb.bin

Yann E. MORIN (2):
  common-licenses: add bzip2-1.0.4
  recipes-core/busybox: fixup licensing information

Yongxin Liu (1):
  grub: clean up CVE patches

 meta/classes/qemuboot.bbclass                 |   2 +-
 meta/files/common-licenses/bzip2-1.0.4        |  43 ++++++
 ...08-calloc-Use-calloc-at-most-places.patch} |  10 +-
 ...ow-checking-primitives-where-we-do-.patch} |  10 +-
 ...e-after-free-when-redefining-a-func.patch} |  10 +-
 ...r-overflows-in-initrd-size-handling.patch} |  10 +-
 ...we-always-have-an-overflow-checking.patch} |   0
 ...d-LVM-cache-logical-volume-handling.patch} |   0
 ...-arithmetic-primitives-that-check-f.patch} |   0
 ...sed-fields-from-grub_script_functio.patch} |   0
 meta/recipes-bsp/grub/grub2.inc               |  16 +-
 .../bluez5/bluez5/CVE-2020-27153.patch        | 146 ++++++++++++++++++
 .../bluez5/bluez5_5.54.bb                     |   2 +
 meta/recipes-core/busybox/busybox.inc         |   7 +-
 ...t-configure-packages-on-installation.patch |   2 +-
 ...-init-tables-from-dpkg-configuration.patch |   2 +-
 ...n-dpkg-configure-a-at-the-end-of-our.patch |   2 +-
 ...ibapt-do-not-use-gtest-from-the-host.patch |  40 +++++
 meta/recipes-devtools/apt/apt_1.8.2.1.bb      |   1 +
 .../ruby/ruby/CVE-2020-25613.patch            |  40 +++++
 meta/recipes-devtools/ruby/ruby_2.7.1.bb      |   1 +
 .../libsdl2/directfb-renderfillrect-fix.patch |  33 ++++
 ...ectfb-spurious-curly-brace-missing-e.patch |  49 ++++++
 .../libsdl2/libsdl2_2.0.12.bb                 |   2 +
 ...idate_1.16.2.bb => gst-validate_1.16.3.bb} |   4 +-
 ...1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} |   4 +-
 ...x_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} |   4 +-
 ....bb => gstreamer1.0-plugins-bad_1.16.3.bb} |   4 +-
 ...bb => gstreamer1.0-plugins-base_1.16.3.bb} |   4 +-
 ...bb => gstreamer1.0-plugins-good_1.16.3.bb} |   4 +-
 ...bb => gstreamer1.0-plugins-ugly_1.16.3.bb} |   4 +-
 ...son.build-fix-builds-with-python-3.8.patch |  24 ---
 ....16.2.bb => gstreamer1.0-python_1.16.3.bb} |   8 +-
 ....bb => gstreamer1.0-rtsp-server_1.16.3.bb} |   4 +-
 ...1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} |   4 +-
 .../gstreamer/gstreamer1.0/capfix.patch       |  37 -----
 ...er1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} |   9 +-
 scripts/postinst-intercepts/update_udev_hwdb  |   1 +
 38 files changed, 427 insertions(+), 116 deletions(-)
 create mode 100644 meta/files/common-licenses/bzip2-1.0.4
 rename meta/recipes-bsp/grub/files/{0003-calloc-Use-calloc-at-most-places.patch => CVE-2020-14308-calloc-Use-calloc-at-most-places.patch} (99%)
 rename meta/recipes-bsp/grub/files/{0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch => CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch} (99%)
 rename meta/recipes-bsp/grub/files/{0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch => CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch} (95%)
 rename meta/recipes-bsp/grub/files/{0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch => CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch} (96%)
 rename meta/recipes-bsp/grub/files/{0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch => calloc-Make-sure-we-always-have-an-overflow-checking.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0002-lvm-Add-LVM-cache-logical-volume-handling.patch => lvm-Add-LVM-cache-logical-volume-handling.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch => safemath-Add-some-arithmetic-primitives-that-check-f.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0006-script-Remove-unused-fields-from-grub_script_functio.patch => script-Remove-unused-fields-from-grub_script_functio.patch} (100%)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
 create mode 100644 meta/recipes-devtools/apt/apt/0001-test-libapt-do-not-use-gtest-from-the-host.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
 rename meta/recipes-multimedia/gstreamer/{gst-validate_1.16.2.bb => gst-validate_1.16.3.bb} (87%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} (92%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.16.2.bb => gstreamer1.0-plugins-bad_1.16.3.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.16.2.bb => gstreamer1.0-plugins-base_1.16.3.bb} (96%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.16.2.bb => gstreamer1.0-plugins-good_1.16.3.bb} (96%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.16.2.bb => gstreamer1.0-plugins-ugly_1.16.3.bb} (90%)
 delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.16.2.bb => gstreamer1.0-python_1.16.3.bb} (80%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.16.2.bb => gstreamer1.0-rtsp-server_1.16.3.bb} (86%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} (93%)
 delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} (90%)

-- 
2.28.0

[gatesgarth][PATCH 01/22] gstreamer1.0: Fix reproducibility issue around libcap

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

Currently gstreamer configuration depends libcap and on whether
setcap is found on the host system.

Removing libcap from DEPENDS and only use it when the 'setcap' is enabled.

    * 0004-capfix.patch
      Removed as the same goals can be achieved only with the PACKAGECONFIG 'setcap'

(From OE-Core rev: 7691d3f963dc02570b5092db8f061c4d327b277a)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../gstreamer/gstreamer1.0/capfix.patch       | 37 -------------------
 .../gstreamer/gstreamer1.0_1.16.2.bb          |  5 +--
 2 files changed, 2 insertions(+), 40 deletions(-)
 delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
deleted file mode 100644
index 7ca3d5ad4a..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Currently gstreamer configuration depends on whether setcap is found on the host
-system. Turn this into a configure option to make builds deterinistic.
-
-RP 2020/2/19
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Pending
-
-Index: gstreamer-1.16.1/libs/gst/helpers/meson.build
-===================================================================
---- gstreamer-1.16.1.orig/libs/gst/helpers/meson.build
-+++ gstreamer-1.16.1/libs/gst/helpers/meson.build
-@@ -73,7 +73,12 @@ if have_ptp
-     endif
-   endif
- 
--  setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
-+  setcap_feature = get_option('setcap')
-+  if setcap_feature.disabled()
-+    setcap = find_program('dontexist', required : false)
-+  else
-+    setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
-+  endif
- 
-   # user/group to change to in gst-ptp-helper
-   ptp_helper_setuid_user = get_option('ptp-helper-setuid-user')
-Index: gstreamer-1.16.1/meson_options.txt
-===================================================================
---- gstreamer-1.16.1.orig/meson_options.txt
-+++ gstreamer-1.16.1/meson_options.txt
-@@ -26,6 +26,7 @@ option('libunwind', type : 'feature', va
- option('libdw', type : 'feature', value : 'auto', description : 'Use libdw to generate better backtraces from libunwind')
- option('dbghelp', type : 'feature', value : 'auto', description : 'Use dbghelp to generate backtraces')
- option('bash-completion', type : 'feature', value : 'auto', description : 'Install bash completion files')
-+option('setcap', type : 'feature', value : 'auto', description : 'Use setcap')
- 
- # Common feature options
- option('examples', type : 'feature', value : 'auto', yield : true)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
index 50a872e292..9d92fe1439 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
@@ -6,7 +6,7 @@ BUGTRACKER = "https://bugzilla.gnome.org/enter_bug.cgi?product=Gstreamer"
 SECTION = "multimedia"
 LICENSE = "LGPLv2+"
 
-DEPENDS = "glib-2.0 glib-2.0-native libcap libxml2 bison-native flex-native"
+DEPENDS = "glib-2.0 glib-2.0-native libxml2 bison-native flex-native"
 
 inherit meson pkgconfig gettext upstream-version-is-even gobject-introspection gtk-doc
 
@@ -21,7 +21,6 @@ SRC_URI = " \
     file://0002-meson-build-gir-even-when-cross-compiling-if-introsp.patch \
     file://0003-meson-Add-valgrind-feature.patch \
     file://0004-meson-Add-option-for-installed-tests.patch \
-    file://capfix.patch \
 "
 SRC_URI[md5sum] = "0e661ed5bdf1d8996e430228d022628e"
 SRC_URI[sha256sum] = "e3f044246783fd685439647373fa13ba14f7ab0b346eadd06437092f8419e94e"
@@ -40,7 +39,7 @@ PACKAGECONFIG[unwind] = "-Dlibunwind=enabled,-Dlibunwind=disabled,libunwind"
 PACKAGECONFIG[dw] = "-Dlibdw=enabled,-Dlibdw=disabled,elfutils"
 PACKAGECONFIG[bash-completion] = "-Dbash-completion=enabled,-Dbash-completion=disabled,bash-completion"
 PACKAGECONFIG[tools] = "-Dtools=enabled,-Dtools=disabled"
-PACKAGECONFIG[setcap] = "-Dsetcap=enabled,-Dsetcap=disabled,libcap libcap-native"
+PACKAGECONFIG[setcap] = ",,libcap libcap-native"
 
 # TODO: put this in a gettext.bbclass patch
 def gettext_oemeson(d):
-- 
2.28.0

[gatesgarth][PATCH 02/22] gstreamer1.0: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: d24f8ac481082cdb07f141508a2caf964167aec4)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../{gstreamer1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb}        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} (95%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
index 9d92fe1439..66ad3e3381 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
@@ -22,8 +22,8 @@ SRC_URI = " \
     file://0003-meson-Add-valgrind-feature.patch \
     file://0004-meson-Add-option-for-installed-tests.patch \
 "
-SRC_URI[md5sum] = "0e661ed5bdf1d8996e430228d022628e"
-SRC_URI[sha256sum] = "e3f044246783fd685439647373fa13ba14f7ab0b346eadd06437092f8419e94e"
+SRC_URI[md5sum] = "beecf6965a17fb17fa3b262fd36df70a"
+SRC_URI[sha256sum] = "692f037968e454e508b0f71d9674e2e26c78475021407fcf8193b1c7e59543c7"
 
 PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
                    check \
-- 
2.28.0

[gatesgarth][PATCH 03/22] gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: c38eefb0693b771a97ab7dc15103cb5be6a003f7)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...ins-base_1.16.2.bb => gstreamer1.0-plugins-base_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.16.2.bb => gstreamer1.0-plugins-base_1.16.3.bb} (96%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
similarity index 96%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
index 6563b6f738..a4f4772c1c 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
@@ -13,8 +13,8 @@ SRC_URI = " \
             file://0005-viv-fb-Make-sure-config.h-is-included.patch \
             file://0009-glimagesink-Downrank-to-marginal.patch \
             "
-SRC_URI[md5sum] = "3fdb32823535799a748c1fc14f978e2c"
-SRC_URI[sha256sum] = "b13e73e2fe74a4166552f9577c3dcb24bed077021b9c7fa600d910ec6987816a"
+SRC_URI[md5sum] = "e3ddb1bae9fb510b49a295f212f1e6e4"
+SRC_URI[sha256sum] = "9f02678b0bbbcc9eff107d3bd89d83ce92fec2154cd607c7c8bd34dc7fee491c"
 
 S = "${WORKDIR}/gst-plugins-base-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 04/22] gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: 0c9cdf7961e0991c5d25f18954bbd8fe243df225)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...ins-good_1.16.2.bb => gstreamer1.0-plugins-good_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.16.2.bb => gstreamer1.0-plugins-good_1.16.3.bb} (96%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
similarity index 96%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
index 17c9421394..75dd029109 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
@@ -6,8 +6,8 @@ SRC_URI = " \
             file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
             "
 
-SRC_URI[md5sum] = "bd025f8f14974f94b75ac69a9d1b9c93"
-SRC_URI[sha256sum] = "40bb3bafda25c0b739c8fc36e48380fccf61c4d3f83747e97ac3f9b0171b1319"
+SRC_URI[md5sum] = "c79b6c2f8eaadb2bb66615b694db399e"
+SRC_URI[sha256sum] = "d3a23a3fe73de673f591b7655494990c9e8a0e22a3c70d6f1dbf50198b29f85f"
 
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 05/22] gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: ee8e7a9fb8f3d29357598b2a533bb44da12d6099)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...ugins-bad_1.16.2.bb => gstreamer1.0-plugins-bad_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.16.2.bb => gstreamer1.0-plugins-bad_1.16.3.bb} (98%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb
similarity index 98%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb
index 99176b2571..ffbaaf425a 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb
@@ -8,8 +8,8 @@ SRC_URI = " \
     file://ensure-valid-sentinels-for-gst_structure_get-etc.patch \
     file://opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
 "
-SRC_URI[md5sum] = "ccc7404230afddec723bbdb63c89feec"
-SRC_URI[sha256sum] = "f1cb7aa2389569a5343661aae473f0a940a90b872001824bc47fa8072a041e74"
+SRC_URI[md5sum] = "8969ea1aec3411c13d0e7dd27ccaaef1"
+SRC_URI[sha256sum] = "84efe57011658f0a53a5d5b20f64ef109f5105dccb0808c21e069e946673514d"
 
 S = "${WORKDIR}/gst-plugins-bad-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 06/22] gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: 0fec6a473695d9ae794593f7cea98d05ef959d7a)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...ins-ugly_1.16.2.bb => gstreamer1.0-plugins-ugly_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.16.2.bb => gstreamer1.0-plugins-ugly_1.16.3.bb} (90%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb
similarity index 90%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb
index be10800389..d9ec82d887 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb
@@ -9,8 +9,8 @@ LICENSE_FLAGS = "commercial"
 SRC_URI = " \
             https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
             "
-SRC_URI[md5sum] = "10283ff5ef1e34d462dde77042e329bd"
-SRC_URI[sha256sum] = "5500415b865e8b62775d4742cbb9f37146a50caecfc0e7a6fc0160d3c560fbca"
+SRC_URI[md5sum] = "b025125a6c928024cbd300cc27b5d712"
+SRC_URI[sha256sum] = "403c21688065f41e53008874402b5c07832567cc1309a60df597eab7ff5843f0"
 
 S = "${WORKDIR}/gst-plugins-ugly-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 07/22] gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: af7cf7c37b4ea30592529442c72f22309cb577c5)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...reamer1.0-libav_1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} (90%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb
similarity index 90%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb
index 2fdefc925e..98355a1b75 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb
@@ -10,8 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz \
            "
-SRC_URI[md5sum] = "eacebd0136ede3a9bd3672eeb338806b"
-SRC_URI[sha256sum] = "c724f612700c15a933c7356fbeabb0bb9571fb5538f8b1b54d4d2d94188deef2"
+SRC_URI[md5sum] = "d08fb5429f102d5a3f1eca3dee2a0add"
+SRC_URI[sha256sum] = "d10c5eb1a00a91de97c85c0956c663aa6e99d268195cdec4534c179b831538ec"
 
 S = "${WORKDIR}/gst-libav-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 08/22] gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: 8a04f7326539980f83731846db3de4af9ee1a2f0)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...reamer1.0-vaapi_1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} (93%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb
similarity index 93%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb
index 1bedf25128..9d9b1b8757 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb
@@ -12,8 +12,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.x
            file://0001-vaapsink-downgrade-to-marginal.patch \
            "
 
-SRC_URI[md5sum] = "13f7cb6a64bde24e67f563377487dcce"
-SRC_URI[sha256sum] = "191de7b0ab64a85dd0875c990721e7be95518f60e2a9106beca162004ed7c601"
+SRC_URI[md5sum] = "8c9b5a4d20afc04bc5e1536e81511f27"
+SRC_URI[sha256sum] = "77200b3c183fe97cd987deb5544e615873cff5e98ec87573583771e5f1fb9ebe"
 
 S = "${WORKDIR}/${REALPN}-${PV}"
 DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
-- 
2.28.0

[gatesgarth][PATCH 09/22] gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: 75b4e0c2ad5827b5eea9e810fd03bcfc53582873)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...sp-server_1.16.2.bb => gstreamer1.0-rtsp-server_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.16.2.bb => gstreamer1.0-rtsp-server_1.16.3.bb} (86%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb
similarity index 86%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb
index 02c3c83840..5f1b1d44fa 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb
@@ -12,8 +12,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.x
            file://0001-meson-build-gir-even-when-cross-compiling-if-introsp.patch \
            "
 
-SRC_URI[md5sum] = "8a998725820c771ba45be6e18bfdf73a"
-SRC_URI[sha256sum] = "de07a2837b3b04820ce68264a4909f70c221b85dbff0cede7926e9cdbb1dc26e"
+SRC_URI[md5sum] = "f0d8263c9d61f6f05b59ae0f676a6406"
+SRC_URI[sha256sum] = "67886b872826d513c58f88d559d4dc4aa63382d03fb64ceac91a09537fe6fea0"
 
 S = "${WORKDIR}/${PNREAL}-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 10/22] gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: e091bfead5907cc13c237d7464c50efe8810d6cd)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...{gstreamer1.0-omx_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} (92%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb
similarity index 92%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb
index f1bdbd235d..1aa13cf73c 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
 
-SRC_URI[md5sum] = "6362786d2b6cce34de08c86b7847f782"
-SRC_URI[sha256sum] = "11ed411a2eba75610d72331eeb14ff05e2df28f4fd05cb69225a88bec6d27439"
+SRC_URI[md5sum] = "d4d89dd44362c1d262186c60437cdbee"
+SRC_URI[sha256sum] = "60603b7889528ef8539d36cb3284b648c46aa0cf980a28cba4d3fe3a44988ff9"
 
 S = "${WORKDIR}/gst-omx-${PV}"
 
-- 
2.28.0

[gatesgarth][PATCH 11/22] gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: dc9c8ca89e9d7429deac696c9995135706b9a548)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...son.build-fix-builds-with-python-3.8.patch | 24 -------------------
 ....16.2.bb => gstreamer1.0-python_1.16.3.bb} |  8 +++----
 2 files changed, 3 insertions(+), 29 deletions(-)
 delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.16.2.bb => gstreamer1.0-python_1.16.3.bb} (80%)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
deleted file mode 100644
index 053108ad50..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 61cfd1b49dc82baf14bb36d88b6c5be7b8c3d23a Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Mon, 2 Dec 2019 18:16:41 +0100
-Subject: [PATCH] meson.build: fix builds with python 3.8
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gst-python/merge_requests/14]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 1da81d5..3e0db38 100644
---- a/meson.build
-+++ b/meson.build
-@@ -24,7 +24,7 @@ pygobject_dep = dependency('pygobject-3.0', fallback: ['pygobject', 'pygobject_d
- 
- pymod = import('python')
- python = pymod.find_installation(get_option('python'))
--python_dep = python.dependency(required : true)
-+python_dep = dependency('python3-embed', required : true)
- 
- python_abi_flags = python.get_variable('ABIFLAGS', '')
- pylib_loc = get_option('libpython-dir')
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb
similarity index 80%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb
index 9e024eb9f3..14b34a2808 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb
@@ -5,11 +5,9 @@ SECTION = "multimedia"
 LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
 
-SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
-           file://0001-meson.build-fix-builds-with-python-3.8.patch \
-           "
-SRC_URI[md5sum] = "6ac709767334d8d0a71cb4e016f6abeb"
-SRC_URI[sha256sum] = "208df3148d73d9f416d016564737585d8ea763d91201732d44b5fe688c6288a8"
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
+SRC_URI[md5sum] = "326f4f4c23e2477bf3d5839c465a42ca"
+SRC_URI[sha256sum] = "36a00a256c25ccaaa9b965a6f09d6158dfb77558145ab6b25809938732c7161f"
 
 DEPENDS = "gstreamer1.0 python3-pygobject"
 RDEPENDS_${PN} += "gstreamer1.0 python3-pygobject"
-- 
2.28.0

[gatesgarth][PATCH 12/22] gst-validate: Update 1.16.2 -> Update 1.16.3

[Anuj Mittal]

From: Jose Quaresma <quaresma.jose@gmail.com>

(From OE-Core rev: a153bd3eeffa40554884d3a50cf6f78b57416749)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../{gst-validate_1.16.2.bb => gst-validate_1.16.3.bb}        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gst-validate_1.16.2.bb => gst-validate_1.16.3.bb} (87%)

diff --git a/meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gst-validate_1.16.3.bb
similarity index 87%
rename from meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gst-validate_1.16.3.bb
index 35492fe861..ef42abbdd7 100644
--- a/meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-validate_1.16.3.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 SRC_URI = "https://gstreamer.freedesktop.org/src/${BPN}/${BP}.tar.xz \
            file://0001-connect-has-a-different-signature-on-musl.patch \
            "
-SRC_URI[md5sum] = "688f42c52d62e8c5e506df911553fb2c"
-SRC_URI[sha256sum] = "4861ccb9326200e74d98007e316b387d48dd49f072e0b78cb9d3303fdecfeeca"
+SRC_URI[md5sum] = "740a436f5b9bf17ea7de0e62c92ec264"
+SRC_URI[sha256sum] = "c2064e887324af6aa476ca669234936711f253b29042f617f1d9f2597c4bf92b"
 
 DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
 RRECOMMENDS_${PN} = "git"
-- 
2.28.0

[gatesgarth][PATCH 13/22] bluez5: fix CVE-2020-27153

[Anuj Mittal]

From: Chee Yang Lee <chee.yang.lee@intel.com>

(From OE-Core rev: 4b0688bb8abb2fb8a620541207d40e90e4bf16f9)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../bluez5/bluez5/CVE-2020-27153.patch        | 146 ++++++++++++++++++
 .../bluez5/bluez5_5.54.bb                     |   2 +
 2 files changed, 148 insertions(+)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch

diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
new file mode 100644
index 0000000000..7b06dd2071
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
@@ -0,0 +1,146 @@
+From 1cd644db8c23a2f530ddb93cebed7dacc5f5721a Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 15 Jul 2020 18:25:37 -0700
+Subject: [PATCH] shared/att: Fix possible crash on disconnect
+
+If there are pending request while disconnecting they would be notified
+but clients may endup being freed in the proccess which will then be
+calling bt_att_cancel to cancal its requests causing the following
+trace:
+
+Invalid read of size 4
+   at 0x1D894C: enable_ccc_callback (gatt-client.c:1627)
+   by 0x1D247B: disc_att_send_op (att.c:417)
+   by 0x1CCC17: queue_remove_all (queue.c:354)
+   by 0x1D47B7: disconnect_cb (att.c:635)
+   by 0x1E0707: watch_callback (io-glib.c:170)
+   by 0x48E963B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6400.4)
+   by 0x48E9AC7: ??? (in /usr/lib/libglib-2.0.so.0.6400.4)
+   by 0x48E9ECF: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6400.4)
+   by 0x1E0E97: mainloop_run (mainloop-glib.c:79)
+   by 0x1E13B3: mainloop_run_with_signal (mainloop-notify.c:201)
+   by 0x12BC3B: main (main.c:770)
+ Address 0x7d40a28 is 24 bytes inside a block of size 32 free'd
+   at 0x484A2E0: free (vg_replace_malloc.c:540)
+   by 0x1CCC17: queue_remove_all (queue.c:354)
+   by 0x1CCC83: queue_destroy (queue.c:73)
+   by 0x1D7DD7: bt_gatt_client_free (gatt-client.c:2209)
+   by 0x16497B: batt_free (battery.c:77)
+   by 0x16497B: batt_remove (battery.c:286)
+   by 0x1A0013: service_remove (service.c:176)
+   by 0x1A9B7B: device_remove_gatt_service (device.c:3691)
+   by 0x1A9B7B: gatt_service_removed (device.c:3805)
+   by 0x1CC90B: queue_foreach (queue.c:220)
+   by 0x1DE27B: notify_service_changed.isra.0.part.0 (gatt-db.c:369)
+   by 0x1DE387: notify_service_changed (gatt-db.c:361)
+   by 0x1DE387: gatt_db_service_destroy (gatt-db.c:385)
+   by 0x1DE3EF: gatt_db_remove_service (gatt-db.c:519)
+   by 0x1D674F: discovery_op_complete (gatt-client.c:388)
+   by 0x1D6877: discover_primary_cb (gatt-client.c:1260)
+   by 0x1E220B: discovery_op_complete (gatt-helpers.c:628)
+   by 0x1E249B: read_by_grp_type_cb (gatt-helpers.c:730)
+   by 0x1D247B: disc_att_send_op (att.c:417)
+   by 0x1CCC17: queue_remove_all (queue.c:354)
+   by 0x1D47B7: disconnect_cb (att.c:635)
+
+Upstream-Status: Backport
+[https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a]
+CVE: CVE-2020-27153
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ src/shared/att.c | 46 ++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 40 insertions(+), 6 deletions(-)
+
+diff --git a/src/shared/att.c b/src/shared/att.c
+index ed3af2920..58f23dfcb 100644
+--- a/src/shared/att.c
++++ b/src/shared/att.c
+@@ -84,6 +84,7 @@ struct bt_att {
+ 	struct queue *req_queue;	/* Queued ATT protocol requests */
+ 	struct queue *ind_queue;	/* Queued ATT protocol indications */
+ 	struct queue *write_queue;	/* Queue of PDUs ready to send */
++	bool in_disc;			/* Cleanup queues on disconnect_cb */
+ 
+ 	bt_att_timeout_func_t timeout_callback;
+ 	bt_att_destroy_func_t timeout_destroy;
+@@ -222,8 +223,10 @@ static void destroy_att_send_op(void *data)
+ 	free(op);
+ }
+ 
+-static void cancel_att_send_op(struct att_send_op *op)
++static void cancel_att_send_op(void *data)
+ {
++	struct att_send_op *op = data;
++
+ 	if (op->destroy)
+ 		op->destroy(op->user_data);
+ 
+@@ -631,11 +634,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
+ 	/* Dettach channel */
+ 	queue_remove(att->chans, chan);
+ 
+-	/* Notify request callbacks */
+-	queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
+-	queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
+-	queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
+-
+ 	if (chan->pending_req) {
+ 		disc_att_send_op(chan->pending_req);
+ 		chan->pending_req = NULL;
+@@ -654,6 +652,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
+ 
+ 	bt_att_ref(att);
+ 
++	att->in_disc = true;
++
++	/* Notify request callbacks */
++	queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
++	queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
++	queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
++
++	att->in_disc = false;
++
+ 	queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
+ 
+ 	bt_att_unregister_all(att);
+@@ -1574,6 +1581,30 @@ bool bt_att_chan_cancel(struct bt_att_chan *chan, unsigned int id)
+ 	return true;
+ }
+ 
++static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
++{
++	struct att_send_op *op;
++
++	op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
++	if (op)
++		goto done;
++
++	op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
++	if (op)
++		goto done;
++
++	op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
++
++done:
++	if (!op)
++		return false;
++
++	/* Just cancel since disconnect_cb will be cleaning up */
++	cancel_att_send_op(op);
++
++	return true;
++}
++
+ bool bt_att_cancel(struct bt_att *att, unsigned int id)
+ {
+ 	const struct queue_entry *entry;
+@@ -1591,6 +1622,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
+ 			return true;
+ 	}
+ 
++	if (att->in_disc)
++		return bt_att_disc_cancel(att, id);
++
+ 	op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
+ 	if (op)
+ 		goto done;
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
index 260eee1402..9a21f14fae 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
@@ -1,5 +1,7 @@
 require bluez5.inc
 
+SRC_URI += " file://CVE-2020-27153.patch"
+
 SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
 SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
 
-- 
2.28.0

[gatesgarth][PATCH 14/22] ruby: fix CVE-2020-25613

[Anuj Mittal]

From: Chee Yang Lee <chee.yang.lee@intel.com>

(From OE-Core rev: 4e02862b4fcfbf3a9cace8a35e355f156d26ed37)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../ruby/ruby/CVE-2020-25613.patch            | 40 +++++++++++++++++++
 meta/recipes-devtools/ruby/ruby_2.7.1.bb      |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch b/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
new file mode 100644
index 0000000000..1abcb7547e
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
@@ -0,0 +1,40 @@
+From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001
+From: Yusuke Endoh <mame@ruby-lang.org>
+Date: Tue, 29 Sep 2020 13:15:58 +0900
+Subject: [PATCH] Make it more strict to interpret some headers
+
+Some regexps were too tolerant.
+
+Upstream-Status: Backport
+[https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7]
+CVE: CVE-2020-25613
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/webrick/httprequest.rb | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
+index 294bd91..d34eac7 100644
+--- a/lib/webrick/httprequest.rb
++++ b/lib/webrick/httprequest.rb
+@@ -227,9 +227,9 @@ def parse(socket=nil)
+         raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
+       end
+ 
+-      if /close/io =~ self["connection"]
++      if /\Aclose\z/io =~ self["connection"]
+         @keep_alive = false
+-      elsif /keep-alive/io =~ self["connection"]
++      elsif /\Akeep-alive\z/io =~ self["connection"]
+         @keep_alive = true
+       elsif @http_version < "1.1"
+         @keep_alive = false
+@@ -508,7 +508,7 @@ def read_body(socket, block)
+       return unless socket
+       if tc = self['transfer-encoding']
+         case tc
+-        when /chunked/io then read_chunked(socket, block)
++        when /\Achunked\z/io then read_chunked(socket, block)
+         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
+         end
+       elsif self['content-length'] || @remaining_size
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.1.bb b/meta/recipes-devtools/ruby/ruby_2.7.1.bb
index 3dd9fb0a62..f87686f6f7 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.1.bb
@@ -6,6 +6,7 @@ SRC_URI += " \
            file://remove_has_include_macros.patch \
            file://run-ptest \
            file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \
+           file://CVE-2020-25613.patch \
            "
 
 SRC_URI[md5sum] = "debb9c325bf65021214451660f46e909"
-- 
2.28.0

[gatesgarth][PATCH 15/22] libsdl2: Fix directfb syntax error

[Anuj Mittal]

From: Mark Jonas <toertel@gmail.com>

Build of libsdl2 with directfb is broken due to a spurious '}' and a
missing 'E' since version 2.0.12. The upstream is already fixed.

(From OE-Core rev: 8963daba093c3c5e2c60e1e4e057862971b84cb0)

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e9871de010d79cb93aeb48d8d56bac62c09e347)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...ectfb-spurious-curly-brace-missing-e.patch | 49 +++++++++++++++++++
 .../libsdl2/libsdl2_2.0.12.bb                 |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch b/meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
new file mode 100644
index 0000000000..aa351a89ba
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/directfb-spurious-curly-brace-missing-e.patch
@@ -0,0 +1,49 @@
+# HG changeset patch
+# User Fabrice Fontaine <fontaine.fabrice@gmail.com>
+# Date 1585069551 25200
+# Node ID 769f800952179633ec6c3e6bc1bc1d40e401750a
+# Parent  63387e8920f58f608288f247824ec5f4c286691f
+src/video/directfb/SDL_DirectFB_render.c: fix build
+Build with directfb is broken due to a spurious '}' and a missing 'E'
+since version 2.0.12 and https://hg.libsdl.org/SDL/rev/2d5b5a5ccbfb:
+
+/home/buildroot/autobuild/run/instance-2/output-1/build/sdl2-2.0.12/src/video/directfb/SDL_DirectFB_render.c: In function 'SetBlendMode':
+/home/buildroot/autobuild/run/instance-2/output-1/build/sdl2-2.0.12/src/video/directfb/SDL_DirectFB_render.c:202:9: error: case label not within a switch statement
+  202 |         case SDL_BLENDMODE_MUL:
+      |         ^~~~
+
+/home/buildroot/autobuild/run/instance-2/output-1/build/sdl2-2.0.12/src/video/directfb/SDL_DirectFB_render.c:205:67: error: 'DSBF_DSTCOLOR' undeclared (first use in this function); did you mean 'DSBF_DESTCOLOR'?
+  205 |             SDL_DFB_CHECK(destsurf->SetSrcBlendFunction(destsurf, DSBF_DSTCOLOR));
+      |                                                                   ^~~~~~~~~~~~~
+
+Fixes:
+ - http://autobuild.buildroot.org/results/83ccefee68c2800c0544e6f40fa8bc8ee6b67b77
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+--
+
+The patch was imported from the libsdl Mercurial repository
+(https://hg.libsdl.org/SDL) as of changeset id 769f80095217.
+
+Upstream-Status: Backport
+
+Signed-off-by: Mark Jonas <toertel@gmail.com>
+
+
+diff -r 63387e8920f5 -r 769f80095217 src/video/directfb/SDL_DirectFB_render.c
+--- a/src/video/directfb/SDL_DirectFB_render.c	Mon Mar 23 14:10:25 2020 -0700
++++ b/src/video/directfb/SDL_DirectFB_render.c	Tue Mar 24 10:05:51 2020 -0700
+@@ -198,11 +198,10 @@
+             SDL_DFB_CHECK(destsurf->SetDstBlendFunction(destsurf, DSBF_SRCCOLOR));
+
+             break;
+-        }
+         case SDL_BLENDMODE_MUL:
+             data->blitFlags = DSBLIT_BLEND_ALPHACHANNEL;
+             data->drawFlags = DSDRAW_BLEND;
+-            SDL_DFB_CHECK(destsurf->SetSrcBlendFunction(destsurf, DSBF_DSTCOLOR));
++            SDL_DFB_CHECK(destsurf->SetSrcBlendFunction(destsurf, DSBF_DESTCOLOR));
+             SDL_DFB_CHECK(destsurf->SetDstBlendFunction(destsurf, DSBF_INVSRCALPHA));
+
+             break;
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index 83dce86801..8ecf161f69 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -18,6 +18,7 @@ PROVIDES = "virtual/libsdl2"
 
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
            file://more-gen-depends.patch \
+           file://directfb-spurious-curly-brace-missing-e.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
-- 
2.28.0

[gatesgarth][PATCH 16/22] libsdl2: Fix directfb SDL_RenderFillRect

[Anuj Mittal]

From: Mark Jonas <toertel@gmail.com>

Refactoring of SDL2 internal API has broken SDL_RenderFillRect for
DirectFB. The problem has already been fixed upstream.

(From OE-Core rev: a7c8dfc1f9beebeb9da7f61b323d85fba82ec1cb)

Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9565315265d4c5a17a27317d721ce5598523efc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../libsdl2/directfb-renderfillrect-fix.patch | 33 +++++++++++++++++++
 .../libsdl2/libsdl2_2.0.12.bb                 |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch b/meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
new file mode 100644
index 0000000000..83d4f4b1ec
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/directfb-renderfillrect-fix.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Sam Lantinga <slouken@libsdl.org>
+# Date 1590793369 25200
+# Node ID a90089f75990e8b07a1dcf931c5f8a580ae343bf
+# Parent  a9b4bd264f3cbedc4f3287b3ec6b32311370ba85
+Fixed bug 5146 - SDL_RenderFillRect doesn't work in DirectFB
+
+Lacky
+
+It looks like refactoring of SDL2 internal API has broken SDL_RenderFillRect for DirectFB. In new version function SDL_RenderFillRect returns 0, but rectangle is not visible.
+
+Replacing "count" with "len" in the argument list for SDL_memcpy in DirectFB_QueueFillRects fixes problem.
+
+--
+
+The patch was imported from the libsdl Mercurial repository
+(https://hg.libsdl.org/SDL) as of changeset id a90089f75990.
+
+Upstream-Status: Backport
+
+Signed-off-by: Mark Jonas <toertel@gmail.com>
+
+diff -r a9b4bd264f3c -r a90089f75990 src/video/directfb/SDL_DirectFB_render.c
+--- a/src/video/directfb/SDL_DirectFB_render.c	Thu May 21 00:06:09 2020 -0400
++++ b/src/video/directfb/SDL_DirectFB_render.c	Fri May 29 16:02:49 2020 -0700
+@@ -626,7 +626,7 @@
+     }
+
+     cmd->data.draw.count = count;
+-    SDL_memcpy(verts, rects, count);
++    SDL_memcpy(verts, rects, len);
+     return 0;
+ }
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index 8ecf161f69..0b75eb0c1d 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -19,6 +19,7 @@ PROVIDES = "virtual/libsdl2"
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
            file://more-gen-depends.patch \
            file://directfb-spurious-curly-brace-missing-e.patch \
+           file://directfb-renderfillrect-fix.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
-- 
2.28.0

[gatesgarth][PATCH 17/22] grub: clean up CVE patches

[Anuj Mittal]

From: Yongxin Liu <yongxin.liu@windriver.com>

Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").

1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.

Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...14308-calloc-Use-calloc-at-most-places.patch} | 10 +++++++---
 ...rflow-checking-primitives-where-we-do-.patch} | 10 +++++++---
 ...-use-after-free-when-redefining-a-func.patch} | 10 +++++++---
 ...eger-overflows-in-initrd-size-handling.patch} | 10 +++++++---
 ...re-we-always-have-an-overflow-checking.patch} |  0
 ...-Add-LVM-cache-logical-volume-handling.patch} |  0
 ...ome-arithmetic-primitives-that-check-f.patch} |  0
 ...unused-fields-from-grub_script_functio.patch} |  0
 meta/recipes-bsp/grub/grub2.inc                  | 16 ++++++++--------
 9 files changed, 36 insertions(+), 20 deletions(-)
 rename meta/recipes-bsp/grub/files/{0003-calloc-Use-calloc-at-most-places.patch => CVE-2020-14308-calloc-Use-calloc-at-most-places.patch} (99%)
 rename meta/recipes-bsp/grub/files/{0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch => CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch} (99%)
 rename meta/recipes-bsp/grub/files/{0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch => CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch} (95%)
 rename meta/recipes-bsp/grub/files/{0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch => CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch} (96%)
 rename meta/recipes-bsp/grub/files/{0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch => calloc-Make-sure-we-always-have-an-overflow-checking.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0002-lvm-Add-LVM-cache-logical-volume-handling.patch => lvm-Add-LVM-cache-logical-volume-handling.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch => safemath-Add-some-arithmetic-primitives-that-check-f.patch} (100%)
 rename meta/recipes-bsp/grub/files/{0006-script-Remove-unused-fields-from-grub_script_functio.patch => script-Remove-unused-fields-from-grub_script_functio.patch} (100%)

diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
similarity index 99%
rename from meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
index eb3e42c3af..637e368cb0 100644
--- a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
@@ -19,11 +19,15 @@ Among other issues, this fixes:
 
 Fixes: CVE-2020-14308
 
-Upstream-Status: Backport [commit f725fa7cb2ece547c5af01eeeecfe8d95802ed41
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Peter Jones <pjones@redhat.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14308
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
+
 [YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04]
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
similarity index 99%
rename from meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
index 146602cd3e..896a2145d4 100644
--- a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
@@ -26,11 +26,15 @@ Among other issues, this fixes:
 
 Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
 
-Upstream-Status: Backport [commit 3f05d693d1274965ffbe4ba99080dc2c570944c6
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Peter Jones <pjones@redhat.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6
+
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
  grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
similarity index 95%
rename from meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
index fedfc5d203..329e554a68 100644
--- a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
@@ -19,11 +19,15 @@ dependent on the current behaviour without being broken.
 
 Fixes: CVE-2020-15706
 
-Upstream-Status: Backport [commit 426f57383d647406ae9c628c472059c27cd6e040
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-15706
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040
+
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
  grub-core/script/execute.c  |  2 ++
diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
similarity index 96%
rename from meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
rename to meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
index 0731f0ec53..d4f9300c0a 100644
--- a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
@@ -7,12 +7,16 @@ These could be triggered by a crafted filesystem with very large files.
 
 Fixes: CVE-2020-15707
 
-Upstream-Status: Backport [commit e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
-from https://git.savannah.gnu.org/git/grub.git]
-
 Signed-off-by: Colin Watson <cjwatson@debian.org>
 Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-15707
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
+
 Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
 ---
  grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++-------------
diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
rename to meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
rename to meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
rename to meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
similarity index 100%
rename from meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
rename to meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7c53193ebd..ff17dbe8b7 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -19,14 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://grub-module-explicitly-keeps-symbole-.module_license.patch \
            file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
            file://CVE-2020-10713.patch \
-           file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch \
-           file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \
-           file://0003-calloc-Use-calloc-at-most-places.patch \
-           file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch \
-           file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
-           file://0006-script-Remove-unused-fields-from-grub_script_functio.patch \
-           file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
-           file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
+           file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \
+           file://lvm-Add-LVM-cache-logical-volume-handling.patch \
+           file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \
+           file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \
+           file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
+           file://script-Remove-unused-fields-from-grub_script_functio.patch \
+           file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
+           file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
 "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
-- 
2.28.0

[gatesgarth][PATCH 18/22] qemuboot.bbclass: Fix a typo

[Anuj Mittal]

From: Khem Raj <raj.khem@gmail.com>

(From OE-Core rev: 2b5fb66344432390aa0cc199ad3f9ec2a4da26bb)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aea9a37ae327d1685cf2473a9f8f84e22352f5ec)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/classes/qemuboot.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/qemuboot.bbclass b/meta/classes/qemuboot.bbclass
index 824676216e..4b7532b304 100644
--- a/meta/classes/qemuboot.bbclass
+++ b/meta/classes/qemuboot.bbclass
@@ -43,7 +43,7 @@
 #                          QB_NETWORK_DEVICE_prepend might be used, since Qemu enumerates the eth*
 #                          devices in reverse order to -device arguments.
 #
-# QB_TAP_OPT: netowrk option for 'tap' mode, e.g.,
+# QB_TAP_OPT: network option for 'tap' mode, e.g.,
 #             "-netdev tap,id=net0,ifname=@TAP@,script=no,downscript=no"
 #              Note, runqemu will replace "@TAP@" with the one which is used, such as tap0, tap1 ...
 #
-- 
2.28.0

[gatesgarth][PATCH 19/22] common-licenses: add bzip2-1.0.4

[Anuj Mittal]

From: "Yann E. MORIN" <yann.morin.1998@free.fr>

The bzip2 license changes with each version; the changes are subtle, but
that makes it a different license everytime:
  - copyright year
  - authorship identification and address
  - version of the release
  - date of the release

Although we currently only have bzip2 and pbzip2 packages, we're going
to need this license for busybox, which uses code from bzip2-1.0.4.

Add it, as copied from the upstream bzip2 git tree at tag 'bzip2-1.0.4'
(commit f10a33538e9bab6deb61779b3d8aae168824ef48).

(From OE-Core rev: f303c31b813f371737c9a9d7a93e9f920f84e75a)

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3f62ed09d09c606cf28480c1258d900f449e621)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/files/common-licenses/bzip2-1.0.4 | 43 ++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 meta/files/common-licenses/bzip2-1.0.4

diff --git a/meta/files/common-licenses/bzip2-1.0.4 b/meta/files/common-licenses/bzip2-1.0.4
new file mode 100644
index 0000000000..4458e35bb5
--- /dev/null
+++ b/meta/files/common-licenses/bzip2-1.0.4
@@ -0,0 +1,43 @@
+
+--------------------------------------------------------------------------
+
+This program, "bzip2", the associated library "libbzip2", and all
+documentation, are copyright (C) 1996-2006 Julian R Seward.  All
+rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. The origin of this software must not be misrepresented; you must 
+   not claim that you wrote the original software.  If you use this 
+   software in a product, an acknowledgment in the product 
+   documentation would be appreciated but is not required.
+
+3. Altered source versions must be plainly marked as such, and must
+   not be misrepresented as being the original software.
+
+4. The name of the author may not be used to endorse or promote 
+   products derived from this software without specific prior written 
+   permission.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Julian Seward, Cambridge, UK.
+jseward@bzip.org
+bzip2/libbzip2 version 1.0.4 of 20 December 2006
+
+--------------------------------------------------------------------------
-- 
2.28.0

[gatesgarth][PATCH 20/22] recipes-core/busybox: fixup licensing information

[Anuj Mittal]

From: "Yann E. MORIN" <yann.morin.1998@free.fr>

Commit 7d32417b4d (busybox: Correct the name of the bzip2 license)
changes the licesne from 'bzip2' to 'bzip2-1.0.6' on the rationale
that the 'bzip2 license was renamed from "bzip2" to "bzip2-1.0.6"
[...] to match the official SPDX identifier.'

Though the above is true for the bzip2 and pbzip2 packages, the bzip2
code bundled in busybox is a copy from the bzip2 1.0.4 version, not the
1.0.6 version.

As such, using bzip2-1.0.6 is wrong.

Unfortunately, there is no official SPDX license identifier for this
bzip2 1.0.4 version, so we just mimick the existing ones (bzip2-1.0.5
and bzip2-1.0.6) by using bzip2-1.0.4.

Also, there is a license file attached to that, so we add it to the
list.

(From OE-Core rev: 6238ee3ecd385cbadd8e75eb8b22a96d9cb13639)

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Alexandre BELLONI <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0776bf6600c42cec2961d3f6d33c8c9c09cbb1ce)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-core/busybox/busybox.inc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 45aaa2b41c..e0522be729 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -5,10 +5,11 @@ BUGTRACKER = "https://bugs.busybox.net/"
 
 DEPENDS += "kern-tools-native virtual/crypt"
 
-# bzip2 applet in busybox is based on lightly-modified bzip2 source
+# bzip2 applet in busybox is based on lightly-modified bzip2-1.0.4 source
 # the GPL is version 2 only
-LICENSE = "GPLv2 & bzip2-1.0.6"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb"
+LICENSE = "GPLv2 & bzip2-1.0.4"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb \
+                    file://archival/libarchive/bz/LICENSE;md5=28e3301eae987e8cfe19988e98383dae"
 
 SECTION = "base"
 
-- 
2.28.0

[gatesgarth][PATCH 21/22] apt: remove host contamination with gtest

[Anuj Mittal]

From: Alexander Kanavin <alex.kanavin@gmail.com>

(From OE-Core rev: 41aa60cdb1e26617e1eeac95a6ffcdd6561c539f)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 600cb136cd3ed474f3e890297f4768071358fc13)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...t-configure-packages-on-installation.patch |  2 +-
 ...-init-tables-from-dpkg-configuration.patch |  2 +-
 ...n-dpkg-configure-a-at-the-end-of-our.patch |  2 +-
 ...ibapt-do-not-use-gtest-from-the-host.patch | 40 +++++++++++++++++++
 meta/recipes-devtools/apt/apt_1.8.2.1.bb      |  1 +
 5 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/apt/apt/0001-test-libapt-do-not-use-gtest-from-the-host.patch

diff --git a/meta/recipes-devtools/apt/apt/0001-Do-not-configure-packages-on-installation.patch b/meta/recipes-devtools/apt/apt/0001-Do-not-configure-packages-on-installation.patch
index 2322bd8e78..81b328a2ee 100644
--- a/meta/recipes-devtools/apt/apt/0001-Do-not-configure-packages-on-installation.patch
+++ b/meta/recipes-devtools/apt/apt/0001-Do-not-configure-packages-on-installation.patch
@@ -1,4 +1,4 @@
-From 1ad21140787a6b8b0f774f75b50444d2c30a56f6 Mon Sep 17 00:00:00 2001
+From 96d23fc57d1ff9c851d563d6d6a6c4752dc4f1b6 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Thu, 21 May 2020 20:28:12 +0000
 Subject: [PATCH] Do not configure packages on installation
diff --git a/meta/recipes-devtools/apt/apt/0001-Do-not-init-tables-from-dpkg-configuration.patch b/meta/recipes-devtools/apt/apt/0001-Do-not-init-tables-from-dpkg-configuration.patch
index d3d3ab026d..1417153e81 100644
--- a/meta/recipes-devtools/apt/apt/0001-Do-not-init-tables-from-dpkg-configuration.patch
+++ b/meta/recipes-devtools/apt/apt/0001-Do-not-init-tables-from-dpkg-configuration.patch
@@ -1,4 +1,4 @@
-From b18d7aa7d71b53b86bac21cd1d8c3accabb28f2b Mon Sep 17 00:00:00 2001
+From bf45c314867e5fb12141803fba06f3e45679d628 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 10 May 2019 16:47:38 +0200
 Subject: [PATCH] Do not init tables from dpkg configuration
diff --git a/meta/recipes-devtools/apt/apt/0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch b/meta/recipes-devtools/apt/apt/0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch
index 8c4cc04503..37f969690c 100644
--- a/meta/recipes-devtools/apt/apt/0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch
+++ b/meta/recipes-devtools/apt/apt/0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch
@@ -1,4 +1,4 @@
-From 742fbb243f99e940c3e6b31296f7f416f550a57a Mon Sep 17 00:00:00 2001
+From 34700bebc52659e7e3eecd252f65bd36e669eee8 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Thu, 21 May 2020 20:13:25 +0000
 Subject: [PATCH] Revert "always run 'dpkg --configure -a' at the end of our
diff --git a/meta/recipes-devtools/apt/apt/0001-test-libapt-do-not-use-gtest-from-the-host.patch b/meta/recipes-devtools/apt/apt/0001-test-libapt-do-not-use-gtest-from-the-host.patch
new file mode 100644
index 0000000000..503b5a5c0b
--- /dev/null
+++ b/meta/recipes-devtools/apt/apt/0001-test-libapt-do-not-use-gtest-from-the-host.patch
@@ -0,0 +1,40 @@
+From 28e389a0d1275e7693df84a7d4a58b28364be1a9 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Thu, 22 Oct 2020 17:33:38 +0200
+Subject: [PATCH] test/libapt: do not use gtest from the host
+
+This really does not work when cross-compiling.
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ test/libapt/CMakeLists.txt | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/test/libapt/CMakeLists.txt b/test/libapt/CMakeLists.txt
+index 035ff07..280b83c 100644
+--- a/test/libapt/CMakeLists.txt
++++ b/test/libapt/CMakeLists.txt
+@@ -6,22 +6,6 @@ find_path(GTEST_ROOT src/gtest.cc
+ find_package(GTest)
+ set(GTEST_DEPENDENCIES)
+ 
+-if(NOT GTEST_FOUND AND EXISTS ${GTEST_ROOT})
+-   include(ExternalProject)
+-   ExternalProject_Add(gtest PREFIX ./gtest
+-                             SOURCE_DIR ${GTEST_ROOT}
+-                             INSTALL_COMMAND true)
+-
+-   link_directories(${CMAKE_CURRENT_BINARY_DIR}/gtest/src/gtest-build)
+-
+-   set(GTEST_LIBRARIES "-lgtest")
+-   set(GTEST_DEPENDENCIES "gtest")
+-   set(GTEST_FOUND TRUE)
+-   find_path(GTEST_INCLUDE_DIRS NAMES gtest/gtest.h PATHS ${GTEST_ROOT}/include)
+-
+-   message(STATUS "Found GTest at ${GTEST_ROOT}, headers at ${GTEST_INCLUDE_DIRS}")
+-endif()
+-
+ if(GTEST_FOUND)
+    # gtest produces some warnings with the set of warnings we activate,
+    # so disable the offending warnings while compiling tests for now
diff --git a/meta/recipes-devtools/apt/apt_1.8.2.1.bb b/meta/recipes-devtools/apt/apt_1.8.2.1.bb
index bd1f4f39c3..de0e150a2e 100644
--- a/meta/recipes-devtools/apt/apt_1.8.2.1.bb
+++ b/meta/recipes-devtools/apt/apt_1.8.2.1.bb
@@ -8,6 +8,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/a/apt/${BPN}_${PV}.tar.xz \
            file://0001-Disable-documentation-directory-altogether.patch \
            file://0001-Fix-musl-build.patch \
            file://0001-CMakeLists.txt-avoid-changing-install-paths-based-on.patch \
+           file://0001-test-libapt-do-not-use-gtest-from-the-host.patch \
            "
      
 SRC_URI_append_class-native = " \
-- 
2.28.0

[gatesgarth][PATCH 22/22] update_udev_hwdb: clean hwdb.bin

[Anuj Mittal]

From: Mingli Yu <mingli.yu@windriver.com>

Steps to reproduce:
echo "IMAGE_INSTALL_append = \" udev-hwdb lib32-udev-hwdb\"" >> conf/local.conf

When install both udev-hwdb and lib32-udev-hwdb as above,
there comes below do_populate_sdk error:
 $ bitbake core-image-sato  -c populate_sdk
 ERROR: Task (/path/core-image-sato.bb:do_populate_sdk) failed with exit code '134'
 NOTE: Tasks Summary: Attempted 5554 tasks of which 0 didn't need to be rerun and 1 failed.

 $ cat /path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/pseudo/pseudo.log
 [snip]
 inode mismatch: '/path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/sdk/image/usr/local/oecore-x86_64/sysroots/core2-64-poky-linux/lib/udev/hwdb.bin' ino 427383040 in db, 427383042 in request.
 [snip]

It is because both udev-hwdb and lib32-udev-hwdb will generate
${SDK_OUTPUT}/${SDKTARGETSYSROOT}/lib/udev/hwdb.bin during do_populate_sdk
and it triggers pseudo error.

So clean hwdb.bin before generate hwdb.bin to avoid conflict to
fix the above do_populate_sdk error.

(From OE-Core rev: c7472925feb53ce92c1799feba2b7a9104e3f38f)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 994ca65e6f828dd38e0d7d09fb5243147ba4e36b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 scripts/postinst-intercepts/update_udev_hwdb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/postinst-intercepts/update_udev_hwdb b/scripts/postinst-intercepts/update_udev_hwdb
index 102e99b947..8076b8ae6f 100644
--- a/scripts/postinst-intercepts/update_udev_hwdb
+++ b/scripts/postinst-intercepts/update_udev_hwdb
@@ -17,5 +17,6 @@ case "${PREFERRED_PROVIDER_udev}" in
 		;;
 esac
 
+rm -f $D${UDEVLIBDIR}/udev/hwdb.bin
 PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D $D${libexecdir}/${binprefix}udevadm hwdb --update --root $D ${UDEV_EXTRA_ARGS}
 chown root:root $D${UDEVLIBDIR}/udev/hwdb.bin
-- 
2.28.0

Re: [OE-core] [gatesgarth][PATCH 13/22] bluez5: fix CVE-2020-27153

[Steve Sakoman]

This morning I also submitted a patch to fix CVE-2020-27153 in dunfell
(bluez5: update to 5.55 to fix CVE-2020-27153):

https://lists.openembedded.org/g/openembedded-core/message/144343

5.55 seems to be a security/bug fix release so it seemed appropriate:

https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07

We should do the same fix in dunfell/gatesgarth, so I'd love to get
some feedback from the community on the preferred approach.

Steve

On Thu, Nov 5, 2020 at 8:28 PM Anuj Mittal <anuj.mittal@intel.com> wrote:
>
> From: Chee Yang Lee <chee.yang.lee@intel.com>
>
> (From OE-Core rev: 4b0688bb8abb2fb8a620541207d40e90e4bf16f9)
>
> Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
>  .../bluez5/bluez5/CVE-2020-27153.patch        | 146 ++++++++++++++++++
>  .../bluez5/bluez5_5.54.bb                     |   2 +
>  2 files changed, 148 insertions(+)
>  create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
>
> diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
> new file mode 100644
> index 0000000000..7b06dd2071
> --- /dev/null
> +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
> @@ -0,0 +1,146 @@
> +From 1cd644db8c23a2f530ddb93cebed7dacc5f5721a Mon Sep 17 00:00:00 2001
> +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> +Date: Wed, 15 Jul 2020 18:25:37 -0700
> +Subject: [PATCH] shared/att: Fix possible crash on disconnect
> +
> +If there are pending request while disconnecting they would be notified
> +but clients may endup being freed in the proccess which will then be
> +calling bt_att_cancel to cancal its requests causing the following
> +trace:
> +
> +Invalid read of size 4
> +   at 0x1D894C: enable_ccc_callback (gatt-client.c:1627)
> +   by 0x1D247B: disc_att_send_op (att.c:417)
> +   by 0x1CCC17: queue_remove_all (queue.c:354)
> +   by 0x1D47B7: disconnect_cb (att.c:635)
> +   by 0x1E0707: watch_callback (io-glib.c:170)
> +   by 0x48E963B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6400.4)
> +   by 0x48E9AC7: ??? (in /usr/lib/libglib-2.0.so.0.6400.4)
> +   by 0x48E9ECF: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6400.4)
> +   by 0x1E0E97: mainloop_run (mainloop-glib.c:79)
> +   by 0x1E13B3: mainloop_run_with_signal (mainloop-notify.c:201)
> +   by 0x12BC3B: main (main.c:770)
> + Address 0x7d40a28 is 24 bytes inside a block of size 32 free'd
> +   at 0x484A2E0: free (vg_replace_malloc.c:540)
> +   by 0x1CCC17: queue_remove_all (queue.c:354)
> +   by 0x1CCC83: queue_destroy (queue.c:73)
> +   by 0x1D7DD7: bt_gatt_client_free (gatt-client.c:2209)
> +   by 0x16497B: batt_free (battery.c:77)
> +   by 0x16497B: batt_remove (battery.c:286)
> +   by 0x1A0013: service_remove (service.c:176)
> +   by 0x1A9B7B: device_remove_gatt_service (device.c:3691)
> +   by 0x1A9B7B: gatt_service_removed (device.c:3805)
> +   by 0x1CC90B: queue_foreach (queue.c:220)
> +   by 0x1DE27B: notify_service_changed.isra.0.part.0 (gatt-db.c:369)
> +   by 0x1DE387: notify_service_changed (gatt-db.c:361)
> +   by 0x1DE387: gatt_db_service_destroy (gatt-db.c:385)
> +   by 0x1DE3EF: gatt_db_remove_service (gatt-db.c:519)
> +   by 0x1D674F: discovery_op_complete (gatt-client.c:388)
> +   by 0x1D6877: discover_primary_cb (gatt-client.c:1260)
> +   by 0x1E220B: discovery_op_complete (gatt-helpers.c:628)
> +   by 0x1E249B: read_by_grp_type_cb (gatt-helpers.c:730)
> +   by 0x1D247B: disc_att_send_op (att.c:417)
> +   by 0x1CCC17: queue_remove_all (queue.c:354)
> +   by 0x1D47B7: disconnect_cb (att.c:635)
> +
> +Upstream-Status: Backport
> +[https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a]
> +CVE: CVE-2020-27153
> +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
> +---
> + src/shared/att.c | 46 ++++++++++++++++++++++++++++++++++++++++------
> + 1 file changed, 40 insertions(+), 6 deletions(-)
> +
> +diff --git a/src/shared/att.c b/src/shared/att.c
> +index ed3af2920..58f23dfcb 100644
> +--- a/src/shared/att.c
> ++++ b/src/shared/att.c
> +@@ -84,6 +84,7 @@ struct bt_att {
> +       struct queue *req_queue;        /* Queued ATT protocol requests */
> +       struct queue *ind_queue;        /* Queued ATT protocol indications */
> +       struct queue *write_queue;      /* Queue of PDUs ready to send */
> ++      bool in_disc;                   /* Cleanup queues on disconnect_cb */
> +
> +       bt_att_timeout_func_t timeout_callback;
> +       bt_att_destroy_func_t timeout_destroy;
> +@@ -222,8 +223,10 @@ static void destroy_att_send_op(void *data)
> +       free(op);
> + }
> +
> +-static void cancel_att_send_op(struct att_send_op *op)
> ++static void cancel_att_send_op(void *data)
> + {
> ++      struct att_send_op *op = data;
> ++
> +       if (op->destroy)
> +               op->destroy(op->user_data);
> +
> +@@ -631,11 +634,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
> +       /* Dettach channel */
> +       queue_remove(att->chans, chan);
> +
> +-      /* Notify request callbacks */
> +-      queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
> +-      queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
> +-      queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
> +-
> +       if (chan->pending_req) {
> +               disc_att_send_op(chan->pending_req);
> +               chan->pending_req = NULL;
> +@@ -654,6 +652,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
> +
> +       bt_att_ref(att);
> +
> ++      att->in_disc = true;
> ++
> ++      /* Notify request callbacks */
> ++      queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
> ++      queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
> ++      queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
> ++
> ++      att->in_disc = false;
> ++
> +       queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
> +
> +       bt_att_unregister_all(att);
> +@@ -1574,6 +1581,30 @@ bool bt_att_chan_cancel(struct bt_att_chan *chan, unsigned int id)
> +       return true;
> + }
> +
> ++static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
> ++{
> ++      struct att_send_op *op;
> ++
> ++      op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
> ++      if (op)
> ++              goto done;
> ++
> ++      op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
> ++      if (op)
> ++              goto done;
> ++
> ++      op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
> ++
> ++done:
> ++      if (!op)
> ++              return false;
> ++
> ++      /* Just cancel since disconnect_cb will be cleaning up */
> ++      cancel_att_send_op(op);
> ++
> ++      return true;
> ++}
> ++
> + bool bt_att_cancel(struct bt_att *att, unsigned int id)
> + {
> +       const struct queue_entry *entry;
> +@@ -1591,6 +1622,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
> +                       return true;
> +       }
> +
> ++      if (att->in_disc)
> ++              return bt_att_disc_cancel(att, id);
> ++
> +       op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
> +       if (op)
> +               goto done;
> diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> index 260eee1402..9a21f14fae 100644
> --- a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> +++ b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> @@ -1,5 +1,7 @@
>  require bluez5.inc
>
> +SRC_URI += " file://CVE-2020-27153.patch"
> +
>  SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
>  SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
>
> --
> 2.28.0
>
>
> 
>

Re: [OE-core] [gatesgarth][PATCH 17/22] grub: clean up CVE patches

[Steve Sakoman]

On Thu, Nov 5, 2020 at 8:28 PM Anuj Mittal <anuj.mittal@intel.com> wrote:
>
> From: Yongxin Liu <yongxin.liu@windriver.com>
>
> Clean up several patches introduced in commit 6732918498 ("grub:fix
> several CVEs in grub 2.04").
>
> 1) Add CVE tags to individual patches.
> 2) Rename upstream patches and prefix them with CVE tags.
> 3) Add description of reference to upstream patch.
>
> Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

This hasn't hit master yet.  Do we have the same "master first" policy
for gatesgarth as we do for dunfell?

Steve

> ---
>  ...14308-calloc-Use-calloc-at-most-places.patch} | 10 +++++++---
>  ...rflow-checking-primitives-where-we-do-.patch} | 10 +++++++---
>  ...-use-after-free-when-redefining-a-func.patch} | 10 +++++++---
>  ...eger-overflows-in-initrd-size-handling.patch} | 10 +++++++---
>  ...re-we-always-have-an-overflow-checking.patch} |  0
>  ...-Add-LVM-cache-logical-volume-handling.patch} |  0
>  ...ome-arithmetic-primitives-that-check-f.patch} |  0
>  ...unused-fields-from-grub_script_functio.patch} |  0
>  meta/recipes-bsp/grub/grub2.inc                  | 16 ++++++++--------
>  9 files changed, 36 insertions(+), 20 deletions(-)
>  rename meta/recipes-bsp/grub/files/{0003-calloc-Use-calloc-at-most-places.patch => CVE-2020-14308-calloc-Use-calloc-at-most-places.patch} (99%)
>  rename meta/recipes-bsp/grub/files/{0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch => CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch} (99%)
>  rename meta/recipes-bsp/grub/files/{0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch => CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch} (95%)
>  rename meta/recipes-bsp/grub/files/{0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch => CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch} (96%)
>  rename meta/recipes-bsp/grub/files/{0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch => calloc-Make-sure-we-always-have-an-overflow-checking.patch} (100%)
>  rename meta/recipes-bsp/grub/files/{0002-lvm-Add-LVM-cache-logical-volume-handling.patch => lvm-Add-LVM-cache-logical-volume-handling.patch} (100%)
>  rename meta/recipes-bsp/grub/files/{0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch => safemath-Add-some-arithmetic-primitives-that-check-f.patch} (100%)
>  rename meta/recipes-bsp/grub/files/{0006-script-Remove-unused-fields-from-grub_script_functio.patch => script-Remove-unused-fields-from-grub_script_functio.patch} (100%)
>
> diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
> similarity index 99%
> rename from meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
> rename to meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
> index eb3e42c3af..637e368cb0 100644
> --- a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-places.patch
> +++ b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-at-most-places.patch
> @@ -19,11 +19,15 @@ Among other issues, this fixes:
>
>  Fixes: CVE-2020-14308
>
> -Upstream-Status: Backport [commit f725fa7cb2ece547c5af01eeeecfe8d95802ed41
> -from https://git.savannah.gnu.org/git/grub.git]
> -
>  Signed-off-by: Peter Jones <pjones@redhat.com>
>  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2020-14308
> +
> +Reference to upstream patch:
> +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
> +
>  [YL: don't patch on grub-core/lib/json/json.c, which is not existing in grub 2.04]
>  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
>  ---
> diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> similarity index 99%
> rename from meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> rename to meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> index 146602cd3e..896a2145d4 100644
> --- a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> +++ b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> @@ -26,11 +26,15 @@ Among other issues, this fixes:
>
>  Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
>
> -Upstream-Status: Backport [commit 3f05d693d1274965ffbe4ba99080dc2c570944c6
> -from https://git.savannah.gnu.org/git/grub.git]
> -
>  Signed-off-by: Peter Jones <pjones@redhat.com>
>  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
> +
> +Reference to upstream patch:
> +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6
> +
>  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
>  ---
>   grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
> diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> similarity index 95%
> rename from meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> rename to meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> index fedfc5d203..329e554a68 100644
> --- a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> +++ b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> @@ -19,11 +19,15 @@ dependent on the current behaviour without being broken.
>
>  Fixes: CVE-2020-15706
>
> -Upstream-Status: Backport [commit 426f57383d647406ae9c628c472059c27cd6e040
> -from https://git.savannah.gnu.org/git/grub.git]
> -
>  Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
>  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2020-15706
> +
> +Reference to upstream patch:
> +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040
> +
>  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
>  ---
>   grub-core/script/execute.c  |  2 ++
> diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> similarity index 96%
> rename from meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> rename to meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> index 0731f0ec53..d4f9300c0a 100644
> --- a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> +++ b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> @@ -7,12 +7,16 @@ These could be triggered by a crafted filesystem with very large files.
>
>  Fixes: CVE-2020-15707
>
> -Upstream-Status: Backport [commit e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
> -from https://git.savannah.gnu.org/git/grub.git]
> -
>  Signed-off-by: Colin Watson <cjwatson@debian.org>
>  Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
>  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2020-15707
> +
> +Reference to upstream patch:
> +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
> +
>  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
>  ---
>   grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++-------------
> diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
> similarity index 100%
> rename from meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
> rename to meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-checking.patch
> diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
> similarity index 100%
> rename from meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-logical-volume-handling.patch
> rename to meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-volume-handling.patch
> diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
> similarity index 100%
> rename from meta/recipes-bsp/grub/files/0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
> rename to meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-f.patch
> diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch b/meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
> similarity index 100%
> rename from meta/recipes-bsp/grub/files/0006-script-Remove-unused-fields-from-grub_script_functio.patch
> rename to meta/recipes-bsp/grub/files/script-Remove-unused-fields-from-grub_script_functio.patch
> diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
> index 7c53193ebd..ff17dbe8b7 100644
> --- a/meta/recipes-bsp/grub/grub2.inc
> +++ b/meta/recipes-bsp/grub/grub2.inc
> @@ -19,14 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
>             file://grub-module-explicitly-keeps-symbole-.module_license.patch \
>             file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
>             file://CVE-2020-10713.patch \
> -           file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch \
> -           file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \
> -           file://0003-calloc-Use-calloc-at-most-places.patch \
> -           file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch \
> -           file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
> -           file://0006-script-Remove-unused-fields-from-grub_script_functio.patch \
> -           file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
> -           file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
> +           file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \
> +           file://lvm-Add-LVM-cache-logical-volume-handling.patch \
> +           file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \
> +           file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \
> +           file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch \
> +           file://script-Remove-unused-fields-from-grub_script_functio.patch \
> +           file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch \
> +           file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch \
>  "
>  SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
>  SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
> --
> 2.28.0
>
>
> 
>

Re: [OE-core] [gatesgarth][PATCH 22/22] update_udev_hwdb: clean hwdb.bin

[Steve Sakoman]

This is another patch I don't see in master -- just in case there is a
"master first" policy for gatesgarth.

Steve

On Thu, Nov 5, 2020 at 8:29 PM Anuj Mittal <anuj.mittal@intel.com> wrote:
>
> From: Mingli Yu <mingli.yu@windriver.com>
>
> Steps to reproduce:
> echo "IMAGE_INSTALL_append = \" udev-hwdb lib32-udev-hwdb\"" >> conf/local.conf
>
> When install both udev-hwdb and lib32-udev-hwdb as above,
> there comes below do_populate_sdk error:
>  $ bitbake core-image-sato  -c populate_sdk
>  ERROR: Task (/path/core-image-sato.bb:do_populate_sdk) failed with exit code '134'
>  NOTE: Tasks Summary: Attempted 5554 tasks of which 0 didn't need to be rerun and 1 failed.
>
>  $ cat /path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/pseudo/pseudo.log
>  [snip]
>  inode mismatch: '/path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/sdk/image/usr/local/oecore-x86_64/sysroots/core2-64-poky-linux/lib/udev/hwdb.bin' ino 427383040 in db, 427383042 in request.
>  [snip]
>
> It is because both udev-hwdb and lib32-udev-hwdb will generate
> ${SDK_OUTPUT}/${SDKTARGETSYSROOT}/lib/udev/hwdb.bin during do_populate_sdk
> and it triggers pseudo error.
>
> So clean hwdb.bin before generate hwdb.bin to avoid conflict to
> fix the above do_populate_sdk error.
>
> (From OE-Core rev: c7472925feb53ce92c1799feba2b7a9104e3f38f)
>
> Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 994ca65e6f828dd38e0d7d09fb5243147ba4e36b)
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> ---
>  scripts/postinst-intercepts/update_udev_hwdb | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/scripts/postinst-intercepts/update_udev_hwdb b/scripts/postinst-intercepts/update_udev_hwdb
> index 102e99b947..8076b8ae6f 100644
> --- a/scripts/postinst-intercepts/update_udev_hwdb
> +++ b/scripts/postinst-intercepts/update_udev_hwdb
> @@ -17,5 +17,6 @@ case "${PREFERRED_PROVIDER_udev}" in
>                 ;;
>  esac
>
> +rm -f $D${UDEVLIBDIR}/udev/hwdb.bin
>  PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D $D${libexecdir}/${binprefix}udevadm hwdb --update --root $D ${UDEV_EXTRA_ARGS}
>  chown root:root $D${UDEVLIBDIR}/udev/hwdb.bin
> --
> 2.28.0
>
>
> 
>

Re: [OE-core] [gatesgarth][PATCH 22/22] update_udev_hwdb: clean hwdb.bin

[Anuj Mittal]

Hi Steve,

On Fri, 2020-11-06 at 05:45 -1000, Steve Sakoman wrote:
> This is another patch I don't see in master -- just in case there is
> a
> "master first" policy for gatesgarth.
> 

Yes, it should be master first. I can see it here:

https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=994ca65e6f828dd38e0d7d09fb5243147ba4e36b

Thanks,

Anuj

> Steve
> 
> On Thu, Nov 5, 2020 at 8:29 PM Anuj Mittal <anuj.mittal@intel.com>
> wrote:
> > 
> > From: Mingli Yu <mingli.yu@windriver.com>
> > 
> > Steps to reproduce:
> > echo "IMAGE_INSTALL_append = \" udev-hwdb lib32-udev-hwdb\"" >>
> > conf/local.conf
> > 
> > When install both udev-hwdb and lib32-udev-hwdb as above,
> > there comes below do_populate_sdk error:
> >  $ bitbake core-image-sato  -c populate_sdk
> >  ERROR: Task (/path/core-image-sato.bb:do_populate_sdk) failed with
> > exit code '134'
> >  NOTE: Tasks Summary: Attempted 5554 tasks of which 0 didn't need
> > to be rerun and 1 failed.
> > 
> >  $ cat /path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-
> > r5/pseudo/pseudo.log
> >  [snip]
> >  inode mismatch: '/path/tmp/work/qemux86_64-poky-linux/core-image-
> > sato/1.0-r5/sdk/image/usr/local/oecore-x86_64/sysroots/core2-64-
> > poky-linux/lib/udev/hwdb.bin' ino 427383040 in db, 427383042 in
> > request.
> >  [snip]
> > 
> > It is because both udev-hwdb and lib32-udev-hwdb will generate
> > ${SDK_OUTPUT}/${SDKTARGETSYSROOT}/lib/udev/hwdb.bin during
> > do_populate_sdk
> > and it triggers pseudo error.
> > 
> > So clean hwdb.bin before generate hwdb.bin to avoid conflict to
> > fix the above do_populate_sdk error.
> > 
> > (From OE-Core rev: c7472925feb53ce92c1799feba2b7a9104e3f38f)
> > 
> > Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit
> > 994ca65e6f828dd38e0d7d09fb5243147ba4e36b)
> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> > ---
> >  scripts/postinst-intercepts/update_udev_hwdb | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/scripts/postinst-intercepts/update_udev_hwdb
> > b/scripts/postinst-intercepts/update_udev_hwdb
> > index 102e99b947..8076b8ae6f 100644
> > --- a/scripts/postinst-intercepts/update_udev_hwdb
> > +++ b/scripts/postinst-intercepts/update_udev_hwdb
> > @@ -17,5 +17,6 @@ case "${PREFERRED_PROVIDER_udev}" in
> >                 ;;
> >  esac
> > 
> > +rm -f $D${UDEVLIBDIR}/udev/hwdb.bin
> >  PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D
> > $D${libexecdir}/${binprefix}udevadm hwdb --update --root $D
> > ${UDEV_EXTRA_ARGS}
> >  chown root:root $D${UDEVLIBDIR}/udev/hwdb.bin
> > --
> > 2.28.0
> > 
> > 
> > 
> > 
> 
> 
> 

Re: [OE-core] [gatesgarth][PATCH 17/22] grub: clean up CVE patches

[Anuj Mittal]

Hi Steve

On Fri, 2020-11-06 at 05:14 -1000, Steve Sakoman wrote:
> On Thu, Nov 5, 2020 at 8:28 PM Anuj Mittal <anuj.mittal@intel.com>
> wrote:
> > 
> > From: Yongxin Liu <yongxin.liu@windriver.com>
> > 
> > Clean up several patches introduced in commit 6732918498 ("grub:fix
> > several CVEs in grub 2.04").
> > 
> > 1) Add CVE tags to individual patches.
> > 2) Rename upstream patches and prefix them with CVE tags.
> > 3) Add description of reference to upstream patch.
> > 
> > Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> 
> This hasn't hit master yet.  Do we have the same "master first"
> policy
> for gatesgarth as we do for dunfell?
> 

Yes, it should be master first. I included this one by mistake and will
drop it and include it later after it has been merged there. Thank you
for noticing.

Thanks,

Anuj

> Steve
> 
> > ---
> >  ...14308-calloc-Use-calloc-at-most-places.patch} | 10 +++++++---
> >  ...rflow-checking-primitives-where-we-do-.patch} | 10 +++++++---
> >  ...-use-after-free-when-redefining-a-func.patch} | 10 +++++++---
> >  ...eger-overflows-in-initrd-size-handling.patch} | 10 +++++++---
> >  ...re-we-always-have-an-overflow-checking.patch} |  0
> >  ...-Add-LVM-cache-logical-volume-handling.patch} |  0
> >  ...ome-arithmetic-primitives-that-check-f.patch} |  0
> >  ...unused-fields-from-grub_script_functio.patch} |  0
> >  meta/recipes-bsp/grub/grub2.inc                  | 16 ++++++++----
> > ----
> >  9 files changed, 36 insertions(+), 20 deletions(-)
> >  rename meta/recipes-bsp/grub/files/{0003-calloc-Use-calloc-at-
> > most-places.patch => CVE-2020-14308-calloc-Use-calloc-at-most-
> > places.patch} (99%)
> >  rename meta/recipes-bsp/grub/files/{0005-malloc-Use-overflow-
> > checking-primitives-where-we-do-.patch => CVE-2020-14309-CVE-2020-
> > 14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-
> > we-do-.patch} (99%)
> >  rename meta/recipes-bsp/grub/files/{0007-script-Avoid-a-use-after-
> > free-when-redefining-a-func.patch => CVE-2020-15706-script-Avoid-a-
> > use-after-free-when-redefining-a-func.patch} (95%)
> >  rename meta/recipes-bsp/grub/files/{0008-linux-Fix-integer-
> > overflows-in-initrd-size-handling.patch => CVE-2020-15707-linux-
> > Fix-integer-overflows-in-initrd-size-handling.patch} (96%)
> >  rename meta/recipes-bsp/grub/files/{0001-calloc-Make-sure-we-
> > always-have-an-overflow-checking.patch => calloc-Make-sure-we-
> > always-have-an-overflow-checking.patch} (100%)
> >  rename meta/recipes-bsp/grub/files/{0002-lvm-Add-LVM-cache-
> > logical-volume-handling.patch => lvm-Add-LVM-cache-logical-volume-
> > handling.patch} (100%)
> >  rename meta/recipes-bsp/grub/files/{0004-safemath-Add-some-
> > arithmetic-primitives-that-check-f.patch => safemath-Add-some-
> > arithmetic-primitives-that-check-f.patch} (100%)
> >  rename meta/recipes-bsp/grub/files/{0006-script-Remove-unused-
> > fields-from-grub_script_functio.patch => script-Remove-unused-
> > fields-from-grub_script_functio.patch} (100%)
> > 
> > diff --git a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-
> > most-places.patch b/meta/recipes-bsp/grub/files/CVE-2020-14308-
> > calloc-Use-calloc-at-most-places.patch
> > similarity index 99%
> > rename from meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-
> > most-places.patch
> > rename to meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-
> > calloc-at-most-places.patch
> > index eb3e42c3af..637e368cb0 100644
> > --- a/meta/recipes-bsp/grub/files/0003-calloc-Use-calloc-at-most-
> > places.patch
> > +++ b/meta/recipes-bsp/grub/files/CVE-2020-14308-calloc-Use-calloc-
> > at-most-places.patch
> > @@ -19,11 +19,15 @@ Among other issues, this fixes:
> > 
> >  Fixes: CVE-2020-14308
> > 
> > -Upstream-Status: Backport [commit
> > f725fa7cb2ece547c5af01eeeecfe8d95802ed41
> > -from https://git.savannah.gnu.org/git/grub.git]
> > -
> >  Signed-off-by: Peter Jones <pjones@redhat.com>
> >  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> > +
> > +Upstream-Status: Backport
> > +CVE: CVE-2020-14308
> > +
> > +Reference to upstream patch:
> > +
> > https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
> > +
> >  [YL: don't patch on grub-core/lib/json/json.c, which is not
> > existing in grub 2.04]
> >  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
> >  ---
> > diff --git a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-
> > checking-primitives-where-we-do-.patch b/meta/recipes-
> > bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-
> > Use-overflow-checking-primitives-where-we-do-.patch
> > similarity index 99%
> > rename from meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-
> > checking-primitives-where-we-do-.patch
> > rename to meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-
> > 14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-
> > we-do-.patch
> > index 146602cd3e..896a2145d4 100644
> > --- a/meta/recipes-bsp/grub/files/0005-malloc-Use-overflow-
> > checking-primitives-where-we-do-.patch
> > +++ b/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-
> > CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-
> > .patch
> > @@ -26,11 +26,15 @@ Among other issues, this fixes:
> > 
> >  Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
> > 
> > -Upstream-Status: Backport [commit
> > 3f05d693d1274965ffbe4ba99080dc2c570944c6
> > -from https://git.savannah.gnu.org/git/grub.git]
> > -
> >  Signed-off-by: Peter Jones <pjones@redhat.com>
> >  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> > +
> > +Upstream-Status: Backport
> > +CVE: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311
> > +
> > +Reference to upstream patch:
> > +
> > https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3f05d693d1274965ffbe4ba99080dc2c570944c6
> > +
> >  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
> >  ---
> >   grub-core/commands/legacycfg.c | 29 +++++++++++++++++++-----
> > diff --git a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-
> > after-free-when-redefining-a-func.patch b/meta/recipes-
> > bsp/grub/files/CVE-2020-15706-script-Avoid-a-use-after-free-when-
> > redefining-a-func.patch
> > similarity index 95%
> > rename from meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-
> > after-free-when-redefining-a-func.patch
> > rename to meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-
> > a-use-after-free-when-redefining-a-func.patch
> > index fedfc5d203..329e554a68 100644
> > --- a/meta/recipes-bsp/grub/files/0007-script-Avoid-a-use-after-
> > free-when-redefining-a-func.patch
> > +++ b/meta/recipes-bsp/grub/files/CVE-2020-15706-script-Avoid-a-
> > use-after-free-when-redefining-a-func.patch
> > @@ -19,11 +19,15 @@ dependent on the current behaviour without
> > being broken.
> > 
> >  Fixes: CVE-2020-15706
> > 
> > -Upstream-Status: Backport [commit
> > 426f57383d647406ae9c628c472059c27cd6e040
> > -from https://git.savannah.gnu.org/git/grub.git]
> > -
> >  Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
> >  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> > +
> > +Upstream-Status: Backport
> > +CVE: CVE-2020-15706
> > +
> > +Reference to upstream patch:
> > +
> > https://git.savannah.gnu.org/cgit/grub.git/commit/?id=426f57383d647406ae9c628c472059c27cd6e040
> > +
> >  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
> >  ---
> >   grub-core/script/execute.c  |  2 ++
> > diff --git a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-
> > overflows-in-initrd-size-handling.patch b/meta/recipes-
> > bsp/grub/files/CVE-2020-15707-linux-Fix-integer-overflows-in-
> > initrd-size-handling.patch
> > similarity index 96%
> > rename from meta/recipes-bsp/grub/files/0008-linux-Fix-integer-
> > overflows-in-initrd-size-handling.patch
> > rename to meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-
> > integer-overflows-in-initrd-size-handling.patch
> > index 0731f0ec53..d4f9300c0a 100644
> > --- a/meta/recipes-bsp/grub/files/0008-linux-Fix-integer-overflows-
> > in-initrd-size-handling.patch
> > +++ b/meta/recipes-bsp/grub/files/CVE-2020-15707-linux-Fix-integer-
> > overflows-in-initrd-size-handling.patch
> > @@ -7,12 +7,16 @@ These could be triggered by a crafted filesystem
> > with very large files.
> > 
> >  Fixes: CVE-2020-15707
> > 
> > -Upstream-Status: Backport [commit
> > e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
> > -from https://git.savannah.gnu.org/git/grub.git]
> > -
> >  Signed-off-by: Colin Watson <cjwatson@debian.org>
> >  Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
> >  Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> > +
> > +Upstream-Status: Backport
> > +CVE: CVE-2020-15707
> > +
> > +Reference to upstream patch:
> > +
> > https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
> > +
> >  Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
> >  ---
> >   grub-core/loader/linux.c | 74
> > +++++++++++++++++++++++++++++++++++-------------
> > diff --git a/meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-
> > always-have-an-overflow-checking.patch b/meta/recipes-
> > bsp/grub/files/calloc-Make-sure-we-always-have-an-overflow-
> > checking.patch
> > similarity index 100%
> > rename from meta/recipes-bsp/grub/files/0001-calloc-Make-sure-we-
> > always-have-an-overflow-checking.patch
> > rename to meta/recipes-bsp/grub/files/calloc-Make-sure-we-always-
> > have-an-overflow-checking.patch
> > diff --git a/meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-
> > logical-volume-handling.patch b/meta/recipes-bsp/grub/files/lvm-
> > Add-LVM-cache-logical-volume-handling.patch
> > similarity index 100%
> > rename from meta/recipes-bsp/grub/files/0002-lvm-Add-LVM-cache-
> > logical-volume-handling.patch
> > rename to meta/recipes-bsp/grub/files/lvm-Add-LVM-cache-logical-
> > volume-handling.patch
> > diff --git a/meta/recipes-bsp/grub/files/0004-safemath-Add-some-
> > arithmetic-primitives-that-check-f.patch b/meta/recipes-
> > bsp/grub/files/safemath-Add-some-arithmetic-primitives-that-check-
> > f.patch
> > similarity index 100%
> > rename from meta/recipes-bsp/grub/files/0004-safemath-Add-some-
> > arithmetic-primitives-that-check-f.patch
> > rename to meta/recipes-bsp/grub/files/safemath-Add-some-arithmetic-
> > primitives-that-check-f.patch
> > diff --git a/meta/recipes-bsp/grub/files/0006-script-Remove-unused-
> > fields-from-grub_script_functio.patch b/meta/recipes-
> > bsp/grub/files/script-Remove-unused-fields-from-
> > grub_script_functio.patch
> > similarity index 100%
> > rename from meta/recipes-bsp/grub/files/0006-script-Remove-unused-
> > fields-from-grub_script_functio.patch
> > rename to meta/recipes-bsp/grub/files/script-Remove-unused-fields-
> > from-grub_script_functio.patch
> > diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-
> > bsp/grub/grub2.inc
> > index 7c53193ebd..ff17dbe8b7 100644
> > --- a/meta/recipes-bsp/grub/grub2.inc
> > +++ b/meta/recipes-bsp/grub/grub2.inc
> > @@ -19,14 +19,14 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz
> > \
> >             
> > file://grub-module-explicitly-keeps-symbole-.module_license.patch \
> >             
> > file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
> >             file://CVE-2020-10713.patch \
> > -           
> > file://0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
> >  \
> > -           
> > file://0002-lvm-Add-LVM-cache-logical-volume-handling.patch \
> > -           file://0003-calloc-Use-calloc-at-most-places.patch \
> > -           
> > file://0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
> >  \
> > -           
> > file://0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> >  \
> > -           
> > file://0006-script-Remove-unused-fields-from-grub_script_functio.patch
> >  \
> > -           
> > file://0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> >  \
> > -           
> > file://0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> >  \
> > +           
> > file://calloc-Make-sure-we-always-have-an-overflow-checking.patch \
> > +          
> > file://lvm-Add-LVM-cache-logical-volume-handling.patch \
> > +           
> > file://CVE-2020-14308-calloc-Use-calloc-at-most-places.patch \
> > +           
> > file://safemath-Add-some-arithmetic-primitives-that-check-f.patch \
> > +           
> > file://CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
> >  \
> > +           
> > file://script-Remove-unused-fields-from-grub_script_functio.patch \
> > +           
> > file://CVE-2020-15706-script-Avoid-a-use-after-free-when-redefining-a-func.patch
> >  \
> > +           
> > file://CVE-2020-15707-linux-Fix-integer-overflows-in-initrd-size-handling.patch
> >  \
> >  "
> >  SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
> >  SRC_URI[sha256sum] =
> > "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
> > --
> > 2.28.0
> > 
> > 
> > 
> > 

Re: [OE-core] [gatesgarth][PATCH 22/22] update_udev_hwdb: clean hwdb.bin

[Steve Sakoman]

On Fri, Nov 6, 2020 at 6:04 AM Mittal, Anuj <anuj.mittal@intel.com> wrote:
>
> Hi Steve,
>
> On Fri, 2020-11-06 at 05:45 -1000, Steve Sakoman wrote:
> > This is another patch I don't see in master -- just in case there is
> > a
> > "master first" policy for gatesgarth.
> >
>
> Yes, it should be master first. I can see it here:
>
> https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=994ca65e6f828dd38e0d7d09fb5243147ba4e36b

My bad!  I must have fat-fingered my search.

Sorry about that.

Steve

> > On Thu, Nov 5, 2020 at 8:29 PM Anuj Mittal <anuj.mittal@intel.com>
> > wrote:
> > >
> > > From: Mingli Yu <mingli.yu@windriver.com>
> > >
> > > Steps to reproduce:
> > > echo "IMAGE_INSTALL_append = \" udev-hwdb lib32-udev-hwdb\"" >>
> > > conf/local.conf
> > >
> > > When install both udev-hwdb and lib32-udev-hwdb as above,
> > > there comes below do_populate_sdk error:
> > >  $ bitbake core-image-sato  -c populate_sdk
> > >  ERROR: Task (/path/core-image-sato.bb:do_populate_sdk) failed with
> > > exit code '134'
> > >  NOTE: Tasks Summary: Attempted 5554 tasks of which 0 didn't need
> > > to be rerun and 1 failed.
> > >
> > >  $ cat /path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-
> > > r5/pseudo/pseudo.log
> > >  [snip]
> > >  inode mismatch: '/path/tmp/work/qemux86_64-poky-linux/core-image-
> > > sato/1.0-r5/sdk/image/usr/local/oecore-x86_64/sysroots/core2-64-
> > > poky-linux/lib/udev/hwdb.bin' ino 427383040 in db, 427383042 in
> > > request.
> > >  [snip]
> > >
> > > It is because both udev-hwdb and lib32-udev-hwdb will generate
> > > ${SDK_OUTPUT}/${SDKTARGETSYSROOT}/lib/udev/hwdb.bin during
> > > do_populate_sdk
> > > and it triggers pseudo error.
> > >
> > > So clean hwdb.bin before generate hwdb.bin to avoid conflict to
> > > fix the above do_populate_sdk error.
> > >
> > > (From OE-Core rev: c7472925feb53ce92c1799feba2b7a9104e3f38f)
> > >
> > > Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
> > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > > (cherry picked from commit
> > > 994ca65e6f828dd38e0d7d09fb5243147ba4e36b)
> > > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> > > ---
> > >  scripts/postinst-intercepts/update_udev_hwdb | 1 +
> > >  1 file changed, 1 insertion(+)
> > >
> > > diff --git a/scripts/postinst-intercepts/update_udev_hwdb
> > > b/scripts/postinst-intercepts/update_udev_hwdb
> > > index 102e99b947..8076b8ae6f 100644
> > > --- a/scripts/postinst-intercepts/update_udev_hwdb
> > > +++ b/scripts/postinst-intercepts/update_udev_hwdb
> > > @@ -17,5 +17,6 @@ case "${PREFERRED_PROVIDER_udev}" in
> > >                 ;;
> > >  esac
> > >
> > > +rm -f $D${UDEVLIBDIR}/udev/hwdb.bin
> > >  PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D
> > > $D${libexecdir}/${binprefix}udevadm hwdb --update --root $D
> > > ${UDEV_EXTRA_ARGS}
> > >  chown root:root $D${UDEVLIBDIR}/udev/hwdb.bin
> > > --
> > > 2.28.0
> > >
> > >
> > >
> > >
> >
> > 
> >
>

Re: [OE-core] [gatesgarth][PATCH 13/22] bluez5: fix CVE-2020-27153

[Anuj Mittal]

On Fri, 2020-11-06 at 05:12 -1000, Steve Sakoman wrote:
> This morning I also submitted a patch to fix CVE-2020-27153 in
> dunfell
> (bluez5: update to 5.55 to fix CVE-2020-27153):
> 
> https://lists.openembedded.org/g/openembedded-core/message/144343
> 
> 5.55 seems to be a security/bug fix release so it seemed appropriate:
> 
> https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
> 
> We should do the same fix in dunfell/gatesgarth, so I'd love to get
> some feedback from the community on the preferred approach.

I will drop the CVE patch from my request and take the version upgrade
too. I think we don't usually upgrade bluez in stable branch and other
LTS distros have the same policy. Even though this version has more
than 350 commits, it does seem to be a bug fix release so should be
okay I guess ...

Thanks,

Anuj

> 
> Steve
> 
> On Thu, Nov 5, 2020 at 8:28 PM Anuj Mittal <anuj.mittal@intel.com>
> wrote:
> > 
> > From: Chee Yang Lee <chee.yang.lee@intel.com>
> > 
> > (From OE-Core rev: 4b0688bb8abb2fb8a620541207d40e90e4bf16f9)
> > 
> > Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > ---
> >  .../bluez5/bluez5/CVE-2020-27153.patch        | 146
> > ++++++++++++++++++
> >  .../bluez5/bluez5_5.54.bb                     |   2 +
> >  2 files changed, 148 insertions(+)
> >  create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-
> > 2020-27153.patch
> > 
> > diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-
> > 27153.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-
> > 27153.patch
> > new file mode 100644
> > index 0000000000..7b06dd2071
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-27153.patch
> > @@ -0,0 +1,146 @@
> > +From 1cd644db8c23a2f530ddb93cebed7dacc5f5721a Mon Sep 17 00:00:00
> > 2001
> > +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> > +Date: Wed, 15 Jul 2020 18:25:37 -0700
> > +Subject: [PATCH] shared/att: Fix possible crash on disconnect
> > +
> > +If there are pending request while disconnecting they would be
> > notified
> > +but clients may endup being freed in the proccess which will then
> > be
> > +calling bt_att_cancel to cancal its requests causing the following
> > +trace:
> > +
> > +Invalid read of size 4
> > +   at 0x1D894C: enable_ccc_callback (gatt-client.c:1627)
> > +   by 0x1D247B: disc_att_send_op (att.c:417)
> > +   by 0x1CCC17: queue_remove_all (queue.c:354)
> > +   by 0x1D47B7: disconnect_cb (att.c:635)
> > +   by 0x1E0707: watch_callback (io-glib.c:170)
> > +   by 0x48E963B: g_main_context_dispatch (in /usr/lib/libglib-
> > 2.0.so.0.6400.4)
> > +   by 0x48E9AC7: ??? (in /usr/lib/libglib-2.0.so.0.6400.4)
> > +   by 0x48E9ECF: g_main_loop_run (in /usr/lib/libglib-
> > 2.0.so.0.6400.4)
> > +   by 0x1E0E97: mainloop_run (mainloop-glib.c:79)
> > +   by 0x1E13B3: mainloop_run_with_signal (mainloop-notify.c:201)
> > +   by 0x12BC3B: main (main.c:770)
> > + Address 0x7d40a28 is 24 bytes inside a block of size 32 free'd
> > +   at 0x484A2E0: free (vg_replace_malloc.c:540)
> > +   by 0x1CCC17: queue_remove_all (queue.c:354)
> > +   by 0x1CCC83: queue_destroy (queue.c:73)
> > +   by 0x1D7DD7: bt_gatt_client_free (gatt-client.c:2209)
> > +   by 0x16497B: batt_free (battery.c:77)
> > +   by 0x16497B: batt_remove (battery.c:286)
> > +   by 0x1A0013: service_remove (service.c:176)
> > +   by 0x1A9B7B: device_remove_gatt_service (device.c:3691)
> > +   by 0x1A9B7B: gatt_service_removed (device.c:3805)
> > +   by 0x1CC90B: queue_foreach (queue.c:220)
> > +   by 0x1DE27B: notify_service_changed.isra.0.part.0 (gatt-
> > db.c:369)
> > +   by 0x1DE387: notify_service_changed (gatt-db.c:361)
> > +   by 0x1DE387: gatt_db_service_destroy (gatt-db.c:385)
> > +   by 0x1DE3EF: gatt_db_remove_service (gatt-db.c:519)
> > +   by 0x1D674F: discovery_op_complete (gatt-client.c:388)
> > +   by 0x1D6877: discover_primary_cb (gatt-client.c:1260)
> > +   by 0x1E220B: discovery_op_complete (gatt-helpers.c:628)
> > +   by 0x1E249B: read_by_grp_type_cb (gatt-helpers.c:730)
> > +   by 0x1D247B: disc_att_send_op (att.c:417)
> > +   by 0x1CCC17: queue_remove_all (queue.c:354)
> > +   by 0x1D47B7: disconnect_cb (att.c:635)
> > +
> > +Upstream-Status: Backport
> > +[
> > https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
> > ]
> > +CVE: CVE-2020-27153
> > +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
> > +---
> > + src/shared/att.c | 46 ++++++++++++++++++++++++++++++++++++++++---
> > ---
> > + 1 file changed, 40 insertions(+), 6 deletions(-)
> > +
> > +diff --git a/src/shared/att.c b/src/shared/att.c
> > +index ed3af2920..58f23dfcb 100644
> > +--- a/src/shared/att.c
> > ++++ b/src/shared/att.c
> > +@@ -84,6 +84,7 @@ struct bt_att {
> > +       struct queue *req_queue;        /* Queued ATT protocol
> > requests */
> > +       struct queue *ind_queue;        /* Queued ATT protocol
> > indications */
> > +       struct queue *write_queue;      /* Queue of PDUs ready to
> > send */
> > ++      bool in_disc;                   /* Cleanup queues on
> > disconnect_cb */
> > +
> > +       bt_att_timeout_func_t timeout_callback;
> > +       bt_att_destroy_func_t timeout_destroy;
> > +@@ -222,8 +223,10 @@ static void destroy_att_send_op(void *data)
> > +       free(op);
> > + }
> > +
> > +-static void cancel_att_send_op(struct att_send_op *op)
> > ++static void cancel_att_send_op(void *data)
> > + {
> > ++      struct att_send_op *op = data;
> > ++
> > +       if (op->destroy)
> > +               op->destroy(op->user_data);
> > +
> > +@@ -631,11 +634,6 @@ static bool disconnect_cb(struct io *io, void
> > *user_data)
> > +       /* Dettach channel */
> > +       queue_remove(att->chans, chan);
> > +
> > +-      /* Notify request callbacks */
> > +-      queue_remove_all(att->req_queue, NULL, NULL,
> > disc_att_send_op);
> > +-      queue_remove_all(att->ind_queue, NULL, NULL,
> > disc_att_send_op);
> > +-      queue_remove_all(att->write_queue, NULL, NULL,
> > disc_att_send_op);
> > +-
> > +       if (chan->pending_req) {
> > +               disc_att_send_op(chan->pending_req);
> > +               chan->pending_req = NULL;
> > +@@ -654,6 +652,15 @@ static bool disconnect_cb(struct io *io, void
> > *user_data)
> > +
> > +       bt_att_ref(att);
> > +
> > ++      att->in_disc = true;
> > ++
> > ++      /* Notify request callbacks */
> > ++      queue_remove_all(att->req_queue, NULL, NULL,
> > disc_att_send_op);
> > ++      queue_remove_all(att->ind_queue, NULL, NULL,
> > disc_att_send_op);
> > ++      queue_remove_all(att->write_queue, NULL, NULL,
> > disc_att_send_op);
> > ++
> > ++      att->in_disc = false;
> > ++
> > +       queue_foreach(att->disconn_list, disconn_handler,
> > INT_TO_PTR(err));
> > +
> > +       bt_att_unregister_all(att);
> > +@@ -1574,6 +1581,30 @@ bool bt_att_chan_cancel(struct bt_att_chan
> > *chan, unsigned int id)
> > +       return true;
> > + }
> > +
> > ++static bool bt_att_disc_cancel(struct bt_att *att, unsigned int
> > id)
> > ++{
> > ++      struct att_send_op *op;
> > ++
> > ++      op = queue_find(att->req_queue, match_op_id,
> > UINT_TO_PTR(id));
> > ++      if (op)
> > ++              goto done;
> > ++
> > ++      op = queue_find(att->ind_queue, match_op_id,
> > UINT_TO_PTR(id));
> > ++      if (op)
> > ++              goto done;
> > ++
> > ++      op = queue_find(att->write_queue, match_op_id,
> > UINT_TO_PTR(id));
> > ++
> > ++done:
> > ++      if (!op)
> > ++              return false;
> > ++
> > ++      /* Just cancel since disconnect_cb will be cleaning up */
> > ++      cancel_att_send_op(op);
> > ++
> > ++      return true;
> > ++}
> > ++
> > + bool bt_att_cancel(struct bt_att *att, unsigned int id)
> > + {
> > +       const struct queue_entry *entry;
> > +@@ -1591,6 +1622,9 @@ bool bt_att_cancel(struct bt_att *att,
> > unsigned int id)
> > +                       return true;
> > +       }
> > +
> > ++      if (att->in_disc)
> > ++              return bt_att_disc_cancel(att, id);
> > ++
> > +       op = queue_remove_if(att->req_queue, match_op_id,
> > UINT_TO_PTR(id));
> > +       if (op)
> > +               goto done;
> > diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> > b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> > index 260eee1402..9a21f14fae 100644
> > --- a/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> > +++ b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
> > @@ -1,5 +1,7 @@
> >  require bluez5.inc
> > 
> > +SRC_URI += " file://CVE-2020-27153.patch"
> > +
> >  SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
> >  SRC_URI[sha256sum] =
> > "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
> > 
> > --
> > 2.28.0
> > 
> > 
> > 
> >