* [OE-core][dunfell 00/19] Patch review @ 2021-01-18 22:36 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 01/19] go.bbclass: don't stage test data with sources of dependencies Steve Sakoman ` (18 more replies) 0 siblings, 19 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core Please review this next set of patches for dunfell and have comments back by end of day Wednesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1763 The following changes since commit 72431ee8de5e3a53d259cebf420a7713ac9e1f14: mobile-broadband-provider-info: upgrade 20190618 ->20201225 (2021-01-08 03:57:37 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Adrian Herrera (1): scripts: oe-run-native, fix *-native directories Andrey Mozzhuhin (1): toolchain-shar-extract.sh: Handle special characters in script path Armin Kuster (2): xorg: Security fix for CVE-2020-14345 glibc: Security fix for CVE-2020-29573 Bruce Ashfield (1): linux-yocto/5.4: update to v5.4.87 Chris Laplante (1): systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found Joshua Watt (1): classes/waf: Add build and install arguments Lee Chee Yang (1): curl: fix CVE-2020-8231/8284/8285/8286 Mans Rullgard (1): boost: drop arm-intrinsics.patch Marek Vasut (2): meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script Michael Ho (1): license_image.bbclass: fix missing recipeinfo on self Mikko Rapeli (1): zip: whitelist CVE-2018-13410 and CVE-2018-13684 Robert Joslyn (1): ppp: Whitelist CVE-2020-15704 Ross Burton (1): waf: don't assume the waf intepretter is good Sakib Sajal (1): buildstats.bbclass: add functionality to collect build system stats Scott Murray (1): glibc: CVE-2019-25013 Thomas Perrot (1): go.bbclass: don't stage test data with sources of dependencies Tomasz Dziendzielski (1): lib/oe/utils: Return empty string in parallel_make meta/classes/buildstats.bbclass | 40 +- meta/classes/go.bbclass | 3 +- meta/classes/license_image.bbclass | 3 +- meta/classes/systemd.bbclass | 3 +- meta/classes/waf.bbclass | 18 +- meta/files/toolchain-shar-extract.sh | 12 +- meta/files/toolchain-shar-relocate.sh | 5 +- meta/lib/oe/utils.py | 2 +- meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 4 + .../glibc/glibc/CVE-2019-25013.patch | 135 ++ .../glibc/glibc/CVE-2020-29573.patch | 128 ++ meta/recipes-core/glibc/glibc_2.31.bb | 2 + meta/recipes-extended/zip/zip_3.0.bb | 6 + .../xserver-xorg/CVE-2020-14345.patch | 182 +++ .../xorg-xserver/xserver-xorg_1.20.8.bb | 1 + .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../boost/boost/arm-intrinsics.patch | 55 - meta/recipes-support/boost/boost_1.72.0.bb | 2 +- .../curl/curl/CVE-2020-8231.patch | 1092 +++++++++++++++++ .../curl/curl/CVE-2020-8284.patch | 209 ++++ .../curl/curl/CVE-2020-8285.patch | 260 ++++ .../curl/curl/CVE-2020-8286.patch | 133 ++ meta/recipes-support/curl/curl_7.69.1.bb | 4 + scripts/oe-run-native | 2 +- 26 files changed, 2244 insertions(+), 93 deletions(-) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-25013.patch create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-29573.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch delete mode 100644 meta/recipes-support/boost/boost/arm-intrinsics.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8231.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8284.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8285.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8286.patch -- 2.17.1 ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 01/19] go.bbclass: don't stage test data with sources of dependencies 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 02/19] meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex Steve Sakoman ` (17 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Thomas Perrot <thomas.perrot@bootlin.com> As for the sources the dependencies contain test data, ELF files and other binaries which aren't necessary for building and which lead to unnecessary QA warnings. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 7faea9766127fe4e1023c89b140cc98020655155) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/go.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/classes/go.bbclass b/meta/classes/go.bbclass index a9e31b50ea..e6c3591479 100644 --- a/meta/classes/go.bbclass +++ b/meta/classes/go.bbclass @@ -115,7 +115,8 @@ go_do_install() { install -d ${D}${libdir}/go/src/${GO_IMPORT} tar -C ${S}/src/${GO_IMPORT} -cf - --exclude-vcs --exclude '*.test' --exclude 'testdata' . | \ tar -C ${D}${libdir}/go/src/${GO_IMPORT} --no-same-owner -xf - - tar -C ${B} -cf - --exclude-vcs pkg | tar -C ${D}${libdir}/go --no-same-owner -xf - + tar -C ${B} -cf - --exclude-vcs --exclude '*.test' --exclude 'testdata' pkg | \ + tar -C ${D}${libdir}/go --no-same-owner -xf - if [ -n "`ls ${B}/${GO_BUILD_BINDIR}/`" ]; then install -d ${D}${bindir} -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 02/19] meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 01/19] go.bbclass: don't stage test data with sources of dependencies Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 03/19] meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script Steve Sakoman ` (16 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Marek Vasut <marex@denx.de> The $target_sdk_dir path might contain special characters, for example if the path is /opt/poky/3.2+snapshot . Prevent grep from interpreting those as part of the regex by using the -F parameter and multiple -e parameters to specify which strings to filter out. Also note that the previous regex was using asterisk as wildcard (e.g. environment-setup-*), but that should have been regex (e.g. environment-setup-.*, with dot) to match correctly, this is also fixed by this change. Fixes: 9721378688 ("toolchain-shar-template.sh: Make relocation optional.") Signed-off-by: Marek Vasut <marex@denx.de> Cc: Joshua Watt <JPEWhacker@gmail.com> Cc: Krzysztof Zawadzki <krzysztof.zawadzki@nokia.com> Cc: Randy Witt <randy.e.witt@linux.intel.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 19d9fa7ab6c851000bc5d24281739e1b2bb8f057) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/files/toolchain-shar-relocate.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh index e3c10018ef..9c358a53e2 100644 --- a/meta/files/toolchain-shar-relocate.sh +++ b/meta/files/toolchain-shar-relocate.sh @@ -56,7 +56,9 @@ for replace in "$target_sdk_dir -maxdepth 1" "$native_sysroot"; do $SUDO_EXEC find $replace -type f done | xargs -n100 file | grep ":.*\(ASCII\|script\|source\).*text" | \ awk -F':' '{printf "\"%s\"\n", $1}' | \ - grep -Ev "$target_sdk_dir/(environment-setup-*|relocate_sdk*|${0##*/})" | \ + grep -Fv -e "$target_sdk_dir/environment-setup-" \ + -e "$target_sdk_dir/relocate_sdk" \ + -e "$target_sdk_dir/${0##*/}" | \ xargs -n100 $SUDO_EXEC sed -i \ -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:g" \ -e "s:^#! */usr/bin/perl.*:#! /usr/bin/env perl:g" \ -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 03/19] meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 01/19] go.bbclass: don't stage test data with sources of dependencies Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 02/19] meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 04/19] systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found Steve Sakoman ` (15 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Marek Vasut <marex@denx.de> The toolchain-shar-extract.sh script updates the SDK relocation paths in post-relocate-setup.sh, so avoid doing this twice. This is generally not a problem, unless the SDK path is a subset of the SDK relocation path, in which case the resulting path is substituted twice. To trigger the issue, $ ./tmp/deploy/sdk/poky-glibc-x86_64-core-image-base-core2-64-qemux86-64-toolchain-3.2+snapshot.sh -y -d /home/oe/.local/opt/poky/3.2+snapshot which generates relocation path /home/oe/.local/home/oe/.local/opt/poky/3.2+snapshot instead of /home/oe/.local/opt/poky/3.2+snapshot Fixes: 93ec145f42 ("toolchain-shar-extract: Add post-relocate scripts") Signed-off-by: Marek Vasut <marex@denx.de> Cc: Joshua Watt <JPEWhacker@gmail.com> Cc: Krzysztof Zawadzki <krzysztof.zawadzki@nokia.com> Cc: Randy Witt <randy.e.witt@linux.intel.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5000aabe6ac336e7b424dafa1bf76271dee6a6f1) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/files/toolchain-shar-relocate.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh index 9c358a53e2..94d288ce05 100644 --- a/meta/files/toolchain-shar-relocate.sh +++ b/meta/files/toolchain-shar-relocate.sh @@ -58,6 +58,7 @@ done | xargs -n100 file | grep ":.*\(ASCII\|script\|source\).*text" | \ awk -F':' '{printf "\"%s\"\n", $1}' | \ grep -Fv -e "$target_sdk_dir/environment-setup-" \ -e "$target_sdk_dir/relocate_sdk" \ + -e "$target_sdk_dir/post-relocate-setup" \ -e "$target_sdk_dir/${0##*/}" | \ xargs -n100 $SUDO_EXEC sed -i \ -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:g" \ -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 04/19] systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (2 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 03/19] meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 05/19] license_image.bbclass: fix missing recipeinfo on self Steve Sakoman ` (14 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Chris Laplante <mostthingsweb@gmail.com> The previous message was fairly useless without diving into the bbclass. Signed-off-by: Chris Laplante <mostthingsweb@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ef6117b148be65536e89409a83cbfd22049c652e) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/systemd.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/classes/systemd.bbclass b/meta/classes/systemd.bbclass index 9e8a82c9f1..a4bff732b9 100644 --- a/meta/classes/systemd.bbclass +++ b/meta/classes/systemd.bbclass @@ -174,7 +174,8 @@ python systemd_populate_packages() { if path_found != '': systemd_add_files_and_parse(pkg_systemd, path_found, service, keys) else: - bb.fatal("SYSTEMD_SERVICE_%s value %s does not exist" % (pkg_systemd, service)) + bb.fatal("Didn't find service unit '{0}', specified in SYSTEMD_SERVICE_{1}. {2}".format( + service, pkg_systemd, "Also looked for service unit '{0}'.".format(base) if base is not None else "")) def systemd_create_presets(pkg, action): presetf = oe.path.join(d.getVar("PKGD"), d.getVar("systemd_unitdir"), "system-preset/98-%s.preset" % pkg) -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 05/19] license_image.bbclass: fix missing recipeinfo on self 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (3 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 04/19] systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 06/19] linux-yocto/5.4: update to v5.4.87 Steve Sakoman ` (13 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Michael Ho <Michael.Ho@bmw.de> Resolve a build bug where image recipes with a do_deploy task will fail. If the image recipe inheriting license_image.bbclass has a deploy task, then the function get_deployed_dependencies will add itself to the list of recipes to get license information for. However, image recipes don't generally deploy license info so this results in an error. File: '/nvme/poky/meta/classes/license_image.bbclass', lineno: 192, function: license_deployed_manifest ... Exception: FileNotFoundError: [Errno 2] No such file or directory: '/nvme/poky/build/tmp/deploy/licenses/core-image-minimal/recipeinfo' Add a corner case to exclude the originating image recipe from the list of dependencies to check. Signed-off-by: Michael Ho <Michael.Ho@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 13fb39e49e55a0bc7c78b0bfdc372163b3f9e70a) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/license_image.bbclass | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/classes/license_image.bbclass b/meta/classes/license_image.bbclass index acd8126f68..a69cc5f065 100644 --- a/meta/classes/license_image.bbclass +++ b/meta/classes/license_image.bbclass @@ -209,9 +209,10 @@ def get_deployed_dependencies(d): deploy = {} # Get all the dependencies for the current task (rootfs). taskdata = d.getVar("BB_TASKDEPDATA", False) + pn = d.getVar("PN", True) depends = list(set([dep[0] for dep in list(taskdata.values()) - if not dep[0].endswith("-native")])) + if not dep[0].endswith("-native") and not dep[0] == pn])) # To verify what was deployed it checks the rootfs dependencies against # the SSTATE_MANIFESTS for "deploy" task. -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 06/19] linux-yocto/5.4: update to v5.4.87 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (4 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 05/19] license_image.bbclass: fix missing recipeinfo on self Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 07/19] scripts: oe-run-native, fix *-native directories Steve Sakoman ` (12 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Bruce Ashfield <bruce.ashfield@gmail.com> Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: b3f656a592f3 Linux 5.4.87 41ae3e574ccf dm verity: skip verity work if I/O error when system is shutting down 8b3c00977264 ALSA: pcm: Clear the full allocated memory at hw_params 480abac78e03 tick/sched: Remove bogus boot "safety" check 1dab82dd202d um: ubd: Submit all data segments atomically d32747bb687d fs/namespace.c: WARN if mnt_count has become negative 9f4e8026d202 module: delay kobject uevent until after module init call 86db71810a27 f2fs: avoid race condition for shrinker count dbe184f6be1e NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode d52faa7fb12f i3c master: fix missing destroy_workqueue() on error in i3c_master_register 22f815627c64 powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() a95049c51417 rtc: pl031: fix resource leak in pl031_probe e2926630f653 quota: Don't overflow quota file offsets 1842dde0dd13 module: set MODULE_STATE_GOING state when a module fails to load 569da7c3d9a3 rtc: sun6i: Fix memleak in sun6i_rtc_clk_init 642c2d74c365 fcntl: Fix potential deadlock in send_sig{io, urg}() 5b2f1ad6b12b bfs: don't use WARNING: string when it's just info. 3a2a5e197a84 ALSA: rawmidi: Access runtime->avail always in spinlock 8d2204a05391 ALSA: seq: Use bool for snd_seq_queue internal flags 4250fe65b2e6 f2fs: fix shift-out-of-bounds in sanity_check_raw_super() 28a29e3a658a media: gp8psk: initialize stats at power control logic 750627d36f84 misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() 01be033cc127 reiserfs: add check for an invalid ih_entry_count 18e1101b0ee9 Bluetooth: hci_h5: close serdev device and free hu in h5_close b726f8602207 scsi: cxgb4i: Fix TLS dependency 57ba2c7a50bf cgroup: Fix memory leak when parsing multiple source parameters 8ddf02859c69 of: fix linker-section match-table corruption 8ec95e308418 null_blk: Fix zone size initialization 7c3d8d73bafd tools headers UAPI: Sync linux/const.h with the kernel headers 376c3111413c uapi: move constants from <linux/kernel.h> to <linux/const.h> af07e4dd0783 scsi: block: Fix a race in the runtime power management code 9ce7ac5ed53b jffs2: Fix NULL pointer dereference in rp_size fs option parsing 3a83e289e4b7 jffs2: Allow setting rp_size to zero during remounting ee78e7d93e35 powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() 7cb6087b4536 KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits 3d4a05894500 KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses d77c1ab54c9e KVM: x86: avoid incorrect writes to host MSR_IA32_SPEC_CTRL 11459136a107 ext4: don't remount read-only with errors=continue on reboot 6b0a4f603d5b btrfs: fix race when defragmenting leads to unnecessary IO 30aea96ff142 vfio/pci: Move dummy_resources_list init in vfio_pci_probe() 29c2d3e91e3d fscrypt: remove kernel-internal constants from UAPI header 34f000524d33 fscrypt: add fscrypt_is_nokey_name() eddc69467e39 f2fs: prevent creating duplicate encrypted filenames 6fe20a5204a6 ubifs: prevent creating duplicate encrypted filenames 3ebfed353afd ext4: prevent creating duplicate encrypted filenames faa72d97c3e3 thermal/drivers/cpufreq_cooling: Update cpufreq_state only if state has changed d3076d054f3e md/raid10: initialize r10_bio->read_slot before use. c71c512f4a65 net/sched: sch_taprio: reset child qdiscs before freeing them dfce803cd87d Linux 5.4.86 8302bd9afd4b x86/CPU/AMD: Save AMD NodeId as cpu_die_id 6001db0272da Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS" 33afcf723a0e rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time 7e0f7a293608 regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x be23b04074b1 PCI: Fix pci_slot_release() NULL pointer dereference b1f9419d5e6c platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 c16b5849352c libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels 68d139a97415 xenbus/xenbus_backend: Disallow pending watch messages d3eaea062b51 xen/xenbus: Count pending messages for each watch c45b0a8d2a68 xen/xenbus/xen_bus_type: Support will_handle watch callback 7da6db982e53 xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() eac0c12e329d xen/xenbus: Allow watches discard events before queueing 8f3f6de44f7c xen-blkback: set ring->xenblkd to NULL after kthread_stop() 383c60c16dd8 dma-buf/dma-resv: Respect num_fences when initializing the shared fence list. b16a6a46e0b2 device-dax/core: Fix memory leak when rmmod dax.ko f3ede933fbc7 clk: tegra: Do not return 0 on failure f133bfbe1201 clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 ca4fd0284cb3 clk: ingenic: Fix divider calculation with div tables 13e6b6259e6d pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler 2fb550de7563 md/cluster: fix deadlock when node is doing resync job 7523d147087b md/cluster: block reshape with remote resync job 27b58f6adad8 iio:adc:ti-ads124s08: Fix alignment and data leak issues. 2d7229c037d1 iio:adc:ti-ads124s08: Fix buffer being too long. d6ea1d559027 iio:imu:bmi160: Fix too large a buffer. 91b7b231f5e7 iio:pressure:mpl3115: Force alignment of buffer 9607d22e71d1 iio:magnetometer:mag3110: Fix alignment and data leak issues. 71a326dcd2a8 iio:light:st_uvis25: Fix timestamp alignment and prevent data leak. c18fc255187f iio:light:rpr0521: Fix timestamp alignment and prevent data leak. 860ab67cd81e iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume 0fa2b43b0a2a iio: buffer: Fix demux update 82af6e44b7d4 scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() 7ec7630548dc scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() 6822575cf204 scsi: qla2xxx: Fix crash during driver load on big endian machines 1b26af7e4c7f mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments c5f3e5ca8116 mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read 2aea2b22b6f9 mtd: parser: cmdline: Fix parsing of part-names with colons 4290a73c9d67 mtd: spinand: Fix OOB read b22739509dcb soc: qcom: smp2p: Safely acquire spinlock without IRQs ddcb518dee78 spi: atmel-quadspi: Fix AHB memory accesses 96f7bd39f56f spi: atmel-quadspi: Disable clock in probe error path 8f295baae53d spi: mt7621: Don't leak SPI master in probe error path 0818aab8a82b spi: mt7621: Disable clock in probe error path cad189512c38 spi: synquacer: Disable clock in probe error path 4051e5b7741b spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path 3c0e28f2881e spi: sc18is602: Don't leak SPI master in probe error path 819f9edaaeb9 spi: rb4xx: Don't leak SPI master in probe error path c5491ac11559 spi: pic32: Don't leak DMA channels in probe error path 3ea835ac604b spi: mxic: Don't leak SPI master in probe error path 0da7709f5ea3 spi: gpio: Don't leak SPI master in probe error path ee1d2aef1c13 spi: fsl: fix use of spisel_boot signal on MPC8309 614f2529c8ea spi: davinci: Fix use-after-free on unbind c6b9bfb0c477 spi: atmel-quadspi: Fix use-after-free on unbind bd6d736dbf36 spi: spi-sh: Fix use-after-free on unbind 17360c3af129 spi: pxa2xx: Fix use-after-free on unbind c5ae864c148c drm/i915: Fix mismatch between misplaced vma check and vma insert 1e684ad37047 drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() e1b1f10c3404 drm/amd/display: Fix memory leaks in S3 resume b966771b0d69 platform/x86: mlx-platform: remove an unused variable cbeb61258186 jfs: Fix array index bounds check in dbAdjTree 8ee70b6db882 jffs2: Fix ignoring mounting options problem during remounting 00e45efaf9ff jffs2: Fix GC exit abnormally ea1e4ba032c5 ubifs: wbuf: Don't leak kernel memory to flash 32825fe72cb3 SMB3: avoid confusing warning message on mount to Azure f22f743a2af2 ceph: fix race in concurrent __ceph_remove_cap invocations a7b014b54c16 um: Remove use of asprinf in umid.c 26d72a8460dc ima: Don't modify file descriptor mode on the fly a89b91fcb07c powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently 45bf367c8550 powerpc/powernv/memtrace: Don't leak kernel memory to user space 59334d821e8a powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU c7f66ad880a9 powerpc/mm: Fix verification of MMU_FTR_TYPE_44x 32e29541b5aa powerpc/8xx: Fix early debug when SMC1 is relocated 15c9e56b41d0 powerpc/xmon: Change printk() to pr_cont() c7b89d0d7186 powerpc/feature: Add CPU_FTR_NOEXECUTE to G2_LE 0f157acd436c powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter 30a58a3f7c85 powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at 3ee6a2bc1428 xprtrdma: Fix XDRBUF_SPARSE_PAGES support 2504e407a39f ARM: dts: at91: sama5d2: fix CAN message ram offset and size 789246b9afe8 ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES 6ee6e4e5a4cf KVM: arm64: Introduce handling of AArch32 TTBCR2 traps 8635f0fe06c5 ext4: fix deadlock with fs freezing and EA inodes c90a5f4851a8 ext4: fix a memory leak of ext4_free_data e21d630a2c0d btrfs: trim: fix underflow in trim length to prevent access beyond device boundary 1d11ed122f6f btrfs: do not shorten unpin len for caching block groups af7414836d88 USB: serial: keyspan_pda: fix write unthrottling 7dae22ba62b2 USB: serial: keyspan_pda: fix tx-unthrottle use-after-free f99817ab5821 USB: serial: keyspan_pda: fix write-wakeup use-after-free a07b690e1976 USB: serial: keyspan_pda: fix stalled writes 0f13247fabaf USB: serial: keyspan_pda: fix write deadlock ebd9857a5bd4 USB: serial: keyspan_pda: fix dropped unthrottle interrupts 89fb2b91a9da USB: serial: digi_acceleport: fix write-wakeup deadlocks 08c24438fb10 USB: serial: mos7720: fix parallel-port state restore 6eab3f646b1a cpuset: fix race between hotplug work and later CPU offline 066d115fdd29 EDAC/amd64: Fix PCI component registration f4ce4a53c4e4 EDAC/i10nm: Use readl() to access MMIO registers f9189a3bb5f9 crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata 36a58bda87cd crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() f26f0e7770a1 powerpc/perf: Exclude kernel samples while counting events in user space. 8096a2c6b9f6 perf/x86/intel: Fix rtm_abort_event encoding on Ice Lake aa3cce9ceff0 perf/x86/intel: Add event constraint for CYCLE_ACTIVITY.STALLS_MEM_ANY 1e3de428d155 staging: comedi: mf6x4: Fix AI end-of-conversion detection ee0bcb1721a5 ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams 5fbf84689f11 binder: add flag to clear buffer on txn complete a7c256a9fd18 s390/dasd: fix list corruption of lcu list 9c40d69a3be2 s390/dasd: fix list corruption of pavgroup group list 042683917f4b s390/dasd: prevent inconsistent LCU device data c8acd8d55bb9 s390/dasd: fix hanging device offline processing 3038bbd1bb33 s390/kexec_file: fix diag308 subcode when loading crash kernel c185f13918b4 s390/smp: perform initial CPU reset also for SMT siblings 48d3f12869ef ALSA: core: memalloc: add page alignment for iram cd3ff2a46d9c ALSA: usb-audio: Disable sample read check if firmware doesn't give back b1e3c2fb0fbe ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices 58cb166b1f8a ALSA: hda/realtek: Apply jack fixup for Quanta NL3 b61b2aa91f2b ALSA: hda/realtek: Add quirk for MSI-GP73 89d429ed2cdf ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G 0bf907442c5f ALSA: pcm: oss: Fix a few more UBSAN fixes 11cd11af4058 ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button da723248c5f8 ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 010a784a1a27 ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 0fc8e6b85680 ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop 52d09e0cdb78 ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg. 1ca2437530e5 ALSA: hda: Fix regressions on clear and reconfig sysfs 2c6c6001d077 ACPI: PNP: compare the string length in the matching_id() 772dd826a44b Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" b9d93a666656 PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() 670b1b7e0d53 ALSA: hda/ca0132 - Change Input Source enum strings. 8f827adb9bbc Input: cyapa_gen6 - fix out-of-bounds stack access 98c956a6d9f7 media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE f05ac76139e6 media: ipu3-cio2: Validate mbus format in setting subdev format 44cb512a020e media: ipu3-cio2: Serialise access to pad format a47bc844f436 media: ipu3-cio2: Return actual subdev format 7dc40e1f8044 media: ipu3-cio2: Remove traces of returned buffers d7e6b7b6a7f7 media: netup_unidvb: Don't leak SPI master in probe error path 0bfbb8393e51 media: sunxi-cir: ensure IR is handled when it is continuous 124dc7d4f4b6 media: gspca: Fix memory leak in probe f97b54c8152d vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU df308380cbf3 Input: goodix - add upside-down quirk for Teclast X98 Pro tablet 070bd3a8ac55 initramfs: fix clang build failure f252a9953249 Input: cros_ec_keyb - send 'scancodes' in addition to key events 2686041cef06 drm/amdkfd: Fix leak in dmabuf import dc06432d9304 drm/amd/display: Prevent bandwidth overflow ca49d919d79c lwt: Disable BH too in run_lwt_bpf() b8dfee234581 fix namespaced fscaps when !CONFIG_SECURITY 5350b833bb0a cfg80211: initialize rekey_data ec15d0700709 ARM: sunxi: Add machine match for the Allwinner V3 SoC d629b50f9fdc perf probe: Fix memory leak when synthesizing SDT probes cbcb176b6016 kconfig: fix return value of do_error_if() 6e8beb020d5c clk: sunxi-ng: Make sure divider tables have sentinel 3cdeedf801b5 clk: s2mps11: Fix a resource leak in error handling paths in the probe function ef56621a579a clk: at91: sam9x60: remove atmel,osc-bypass support e01dfcc08b55 virtio_ring: Fix two use after free bugs 2d65ff873d06 virtio_net: Fix error code in probe() 5f70910832c7 virtio_ring: Cut and paste bugs in vring_create_virtqueue_packed() 372f06cd6b89 qlcnic: Fix error code in probe c16e42c93241 perf record: Fix memory leak when using '--user-regs=?' to list registers ceadde18f69a pwm: lp3943: Dynamically allocate PWM chip base 6bf2ef4bd38d pwm: zx: Add missing cleanup in error path d4515a24a802 clk: ti: Fix memleak in ti_fapll_synth_setup 572eba1ce574 watchdog: coh901327: add COMMON_CLK dependency 2b1575e28906 watchdog: qcom: Avoid context switch in restart handler fad88d462596 libnvdimm/label: Return -ENXIO for no slot in __blk_label_update b6c680755d22 net: korina: fix return value 19e73c9ff0bf net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function 226bcdbb4a60 net: bcmgenet: Fix a resource leak in an error handling path in the probe functin efc570073cbe lan743x: fix rx_napi_poll/interrupt ping-pong 9f5b56b5a71d checkpatch: fix unescaped left brace b32c5e0ae6f7 mm: don't wake kswapd prematurely when watermark boosting is disabled c3bf90c6aac5 sparc: fix handling of page table constructor failure 6ef298e1cebd powerpc/ps3: use dma_mapping_error() d864e7e8270a nfc: s3fwrn5: Release the nfc firmware 7a3d6a5dfc78 RDMA/cma: Don't overwrite sgid_attr after device is released 2d01f3d75013 sunrpc: fix xs_read_xdr_buf for partial pages receive 4acbc03e4fed um: chan_xterm: Fix fd leak 1bbd5678c0b4 um: tty: Fix handling of close in tty lines 1355bbe3a717 um: Monitor error events in IRQ controller a37d283825a4 ubifs: Fix error return code in ubifs_init_authentication() d4dbcfb7e158 watchdog: Fix potential dereferencing of null pointer 4e091ff107be watchdog: sprd: check busy bit before new loading rather than after that 4c8cffffc926 watchdog: sprd: remove watchdog disable from resume fail path 4a4b31e8b5a7 watchdog: sirfsoc: Add missing dependency on HAS_IOMEM 4d5aea30c1cd watchdog: armada_37xx: Add missing dependency on HAS_IOMEM 849270acd7b6 irqchip/alpine-msi: Fix freeing of interrupts on allocation error path aca4d1bd7e19 ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() 297e48ccf166 mac80211: don't set set TDLS STA bandwidth wider than possible d07972d764e8 crypto: atmel-i2c - select CONFIG_BITREVERSE f71984fc4482 extcon: max77693: Fix modalias string a4fd2da3e85e mtd: rawnand: gpmi: Fix the random DMA timeout issue 86f6e53642fa mtd: rawnand: meson: Fix a resource leak in init 5e8715b2383a mtd: rawnand: gpmi: fix reference count leak in gpmi ops 9c5b041ba20a clk: tegra: Fix duplicated SE clock entry 1ba196a73c45 remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 6f597c451e07 remoteproc: qcom: fix reference leak in adsp_start f61bce4bc833 remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable 9b54e31fd08f RDMA/core: Do not indicate device ready when device enablement fails e6323070bdc7 can: m_can: m_can_config_endisable(): remove double clearing of clock stop request bit 6daf2d466380 erofs: avoid using generic_block_bmap 35e2bec96488 iwlwifi: mvm: hook up missing RX handlers 857b1403c3e5 s390/cio: fix use-after-free in ccw_device_destroy_console be4d879cb7c4 bus: fsl-mc: fix error return code in fsl_mc_object_allocate() 9b4f327c0746 platform/chrome: cros_ec_spi: Don't overwrite spi::mode 070c57885ec3 x86/kprobes: Restore BTF if the single-stepping is cancelled 353b19562a03 nfs_common: need lock during iterate through the list 48ed3e57ad58 nfsd: Fix message level for normal termination b4ac244716f3 speakup: fix uninitialized flush_lock 989d52723643 usb: oxu210hp-hcd: Fix memory leak in oxu_create 2addd726083f usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe 3f72486cecec powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S a696ed262e83 ASoC: amd: change clk_get() to devm_clk_get() and add missed checks 972db497be45 drm/mediatek: avoid dereferencing a null hdmi_phy on an error message ef55a3c384cc powerpc/pseries/hibernation: remove redundant cacheinfo update c4115721d1f0 powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops 570697132c2c platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems a247efe47743 scsi: fnic: Fix error return code in fnic_probe() 0e724f2e80ba seq_buf: Avoid type mismatch for seq_buf_init 0b93626d3965 scsi: pm80xx: Fix error return in pm8001_pci_probe() 79e14f1c323c scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe 172bb906202f arm64: dts: meson: g12a: x96-max: fix PHY deassert timing requirements 13f4c61d2f5c ARM: dts: meson: fix PHY deassert timing requirements 154105c0ba56 arm64: dts: meson: fix PHY deassert timing requirements 62b240d2644e Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() 097c4d9921b2 Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() 3d3caa8e971d cpufreq: scpi: Add missing MODULE_ALIAS 6e34c9478fe5 cpufreq: loongson1: Add missing MODULE_ALIAS 3e3feeb0d2ba cpufreq: sun50i: Add missing MODULE_DEVICE_TABLE ef802b5a5e26 cpufreq: st: Add missing MODULE_DEVICE_TABLE 742697643c94 cpufreq: qcom: Add missing MODULE_DEVICE_TABLE c9d204c02825 cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE f3754eec127d cpufreq: highbank: Add missing MODULE_DEVICE_TABLE e32836221017 cpufreq: ap806: Add missing MODULE_DEVICE_TABLE 3b6ba2fe6524 clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI b4219894d154 clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne e223cf39b928 phy: renesas: rcar-gen3-usb2: disable runtime pm in case of failure 675b3ba9cc96 dm ioctl: fix error return code in target_message d863d76536df ASoC: jz4740-i2s: add missed checks for clk_get() 1b760dc9d967 net/mlx5: Properly convey driver version to firmware a64822872957 MIPS: Don't round up kernel sections size for memblock_add() 33eeb395515d memstick: r592: Fix error return in r592_probe() e39b37d6a2ce arm64: dts: rockchip: Fix UART pull-ups on rk3328 33892a3797f1 pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() 08e22710601a bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() e02d218aa63d ARM: dts: at91: sama5d2: map securam as device da8890329599 iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt context d903b80e1abc clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() 742d5de6c2fc clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path 40f9ac2b0295 powerpc/64: Fix an EMIT_BUG_ENTRY in head_64.S 4968cc5ed0c0 powerpc/perf: Fix crash with is_sier_available when pmu is not set b0483a32d163 media: saa7146: fix array overflow in vidioc_s_audio() bfdf000e5dd9 hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable a0f07c9ad72d vfio-pci: Use io_remap_pfn_range() for PCI IO memory 5ac81a4e5fa3 selftests/seccomp: Update kernel config 0588b8a03469 NFS: switch nfsiod to be an UNBOUND workqueue. 1094bd2edaa2 lockd: don't use interval-based rebinding over TCP cbb0a57326b8 net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' a0842124422e NFSv4: Fix the alignment of page data in the getdeviceinfo reply 73892eef6d9e SUNRPC: xprt_load_transport() needs to support the netid "rdma6" 2823b8979375 NFSv4.2: condition READDIR's mask for security label based on LSM state 04e9c169810c SUNRPC: rpc_wake_up() should wake up tasks in the correct order a3ac7dd8b16b ath10k: Release some resources in an error handling path 6b6edd2c072b ath10k: Fix an error handling path e856abba7fca ath10k: Fix the parsing error in service available event f4935d3c7b57 platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init 3d64e8ce592b ARM: dts: at91: at91sam9rl: fix ADC triggers 09347a537cc7 soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() 8424a5b661ca arm64: dts: meson-sm1: fix typo in opp table f4951cb10668 arm64: dts: meson: fix spi-max-frequency on Khadas VIM2 49b563bfdd66 PCI: iproc: Fix out-of-bound array accesses 4ef5a46d2964 PCI: Fix overflow in command-line resource alignment requests 048b98083c27 PCI: Bounds-check command-line resource alignment requests 72577f162cae arm64: dts: qcom: c630: Polish i2c-hid devices a554b68baf27 arm64: dts: ls1028a: fix ENETC PTP clock input a85f3e7cb717 genirq/irqdomain: Don't try to free an interrupt that has no mapping 2f00dcc6ce7a power: supply: bq24190_charger: fix reference leak e230e193c966 power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching 8e9678d9d131 arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc 11f007a5583d arm64: dts: armada-3720-turris-mox: update ethernet-phy handle name 5a551ef11669 ARM: dts: Remove non-existent i2c1 from 98dx3236 15305a5b103d HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() ec30659ea631 slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 76170933d3da media: max2175: fix max2175_set_csm_mode() error code 5873beee8744 mips: cdmm: fix use-after-free in mips_cdmm_bus_discover 51795c385f73 media: imx214: Fix stop streaming ceff135b9d93 samples: bpf: Fix lwt_len_hist reusing previous BPF map 4dc1360203c4 platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration 3432883ae896 platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration c14a740743f7 media: siano: fix memory leak of debugfs members in smsdvb_hotplug 6b93d6c5a888 arm64: tegra: Fix DT binding for IO High Voltage entry b0f1878c2d88 dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() 46f8c7961168 cw1200: fix missing destroy_workqueue() on error in cw1200_init_common f2e7f608b274 rsi: fix error return code in rsi_reset_card() f7a6e378fc17 qtnfmac: fix error return code in qtnf_pcie_probe() d2b95947720d orinoco: Move context allocation after processing the skb e39908568b40 mmc: pxamci: Fix error return code in pxamci_probe 65f0d3c81c9f ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host c2aab53d1be5 ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host 8ce91557023e memstick: fix a double-free bug in memstick_check 4279ff6deaf3 RDMA/cxgb4: Validate the number of CQEs d3ff603c2e38 clk: meson: Kconfig: fix dependency for G12A 2fbd2b0dd7d1 Input: omap4-keypad - fix runtime PM error handling ff3a152243f8 drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe e16e8cde2bb1 soc: ti: Fix reference imbalance in knav_dma_probe 475b489b0713 soc: ti: knav_qmss: fix reference leak in knav_queue_probe 82b9934e1e7a spi: fix resource leak for drivers without .remove callback 70e19fccf680 crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe c549355105d9 crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd 3e08a61b2f94 EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId 0789349204a6 powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32 90b39366d834 powerpc: Avoid broken GCC __attribute__((optimize)) 8f6e6ec101dd selftests/bpf: Fix broken riscv build 6f8c6e70738a spi: mxs: fix reference leak in mxs_spi_probe 5df04553ee8c usb/max3421: fix return error code in max3421_probe() e6405aad3592 Input: ads7846 - fix unaligned access on 7845 920c379029f9 Input: ads7846 - fix integer overflow on Rt calculation c7ac50927300 Input: ads7846 - fix race that causes missing releases 86398df4b283 drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() e8cd88c3ab00 video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() 953379fb7ba3 media: solo6x10: fix missing snd_card_free in error handling case c64d2e159829 scsi: core: Fix VPD LUN ID designator priorities efb57c87d8d8 ASoC: meson: fix COMPILE_TEST error 2c06ac46f81c media: v4l2-fwnode: Return -EINVAL for invalid bus-type d8d35c1ea883 media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() c8adf58057b6 media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() c5c403db137f media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() 06a3c11c173b media: tm6000: Fix sizeof() mismatches 1638c7e3985b staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c aa1d8b959455 staging: greybus: codecs: Fix reference counter leak in error handling 5daf659fdf47 crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() 38017f2c06cf MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA 9e779e6fae58 RDMa/mthca: Work around -Wenum-conversion warning 648b9dd270ff ASoC: arizona: Fix a wrong free in wm8997_probe 7e8200d44200 spi: sprd: fix reference leak in sprd_spi_remove c786bc725d8c ASoC: wm8998: Fix PM disable depth imbalance on error 06fa588c7921 selftest/bpf: Add missed ip6ip6 test back dab5973ada6b mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure 404aadf45c71 spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume 769c2fecefd1 spi: tegra114: fix reference leak in tegra spi ops 47595d68cee2 spi: tegra20-sflash: fix reference leak in tegra_sflash_resume f9e5e84eb49f spi: tegra20-slink: fix reference leak in slink ops of tegra20 0a3196271b40 spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe a2cf358aacf5 spi: spi-ti-qspi: fix reference leak in ti_qspi_setup 25b5a48adabf Bluetooth: hci_h5: fix memory leak in h5_close 5cf3c2e7892e Bluetooth: Fix null pointer dereference in hci_event_packet() d92b81fad01c arm64: dts: exynos: Correct psci compatible used on Exynos7 da8d84637522 arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7 8f14da44523c brcmfmac: Fix memory leak for unpaired brcmf_{alloc/free} 5c5b92c1d6ab spi: stm32: fix reference leak in stm32_spi_resume c807042f2d58 selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling ae54a6d99478 ASoC: pcm: DRAIN support reactivation 009a982ea25b spi: spi-mem: fix reference leak in spi_mem_access_start 68ad1bd244bd drm/msm/dsi_pll_10nm: restore VCO rate during restore_state 0a8f14baed8e f2fs: call f2fs_get_meta_page_retry for nat page 311da238f2f7 spi: img-spfi: fix reference leak in img_spfi_resume 4e20cee19c2e powerpc/64: Set up a kernel stack for secondaries before cpu_restore() 3988d96589d9 drm/amdgpu: fix build_coefficients() argument a4110e76e550 ARM: dts: aspeed: tiogapass: Remove vuart 129df833e15c ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode 9edff753ade7 crypto: inside-secure - Fix sizeof() mismatch 7044a69699f3 crypto: talitos - Fix return type of current_desc_hdr() 8a73ee0a0a1e crypto: talitos - Endianess in current_desc_hdr() b9b8429042bd drm/amdgpu: fix incorrect enum type 52f525f2bdc7 sched: Reenable interrupts in do_sched_yield() 35975f2e83a5 sched/deadline: Fix sched_dl_global_validate() a3ec54b95c1a x86/apic: Fix x2apic enablement without interrupt remapping b7ec74246c32 ARM: p2v: fix handling of LPAE translation in BE mode 0a72e7286c67 x86/mm/ident_map: Check for errors from ident_pud_init() 0fd78ab5ef71 RDMA/rxe: Compute PSN windows correctly 35f18561616f ARM: dts: aspeed: s2600wf: Fix VGA memory region location 4aae08a71e68 selinux: fix error initialization in inode_doinit_with_dentry() de49a51e7938 rtc: pcf2127: fix pcf2127_nvmem_read/write() returns 57df1b39d990 RDMA/bnxt_re: Set queue pair state when being queried e11c7d39fa7e Revert "i2c: i2c-qcom-geni: Fix DMA transfer race" 4b3ee79fbe77 soc: qcom: geni: More properly switch to DMA mode d3bed198333a soc: mediatek: Check if power domains can be powered on at boot time fcb0be5ba2e9 soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() 38cded30497a arm64: dts: renesas: cat875: Remove rxc-skew-ps from ethernet-phy node 14be28959f69 arm64: dts: renesas: hihope-rzg2-ex: Drop rxc-skew-ps from ethernet-phy node c2712546a6e0 drm/tve200: Fix handling of platform_get_irq() error f61e9dbb56ba drm/mcde: Fix handling of platform_get_irq() error 29f34feb3860 drm/aspeed: Fix Kconfig warning & subsequent build errors 37028b8bc53d drm/gma500: fix double free of gma_connector de630248e740 md: fix a warning caused by a race between concurrent md_ioctl()s 054be9aed847 crypto: af_alg - avoid undefined behavior accessing salg_name 5a225303a68f media: msi2500: assign SPI bus number dynamically 01182045346a quota: Sanity-check quota file headers on load df95ea1228cc Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() cda2f222e7e4 serial_core: Check for port state when tty is in error state 863cab3017bc HID: i2c-hid: add Vero K147 to descriptor override fd819f54065c scsi: megaraid_sas: Check user-provided offsets 152631f0273f coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf() 4c461e8d0e88 coresight: tmc-etr: Fix barrier packet insertion for perf buffer e81884d45a70 coresight: tmc-etr: Check if page is valid before dma_map_page() ec13738c6ec6 coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf() d923c0ec1292 ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU 43598dbdcbf0 ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410 2c6f6cd2cdfb ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU 4202cbbd2c4d usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul 8e19cfae3bb0 USB: gadget: f_rndis: fix bitrate for SuperSpeed and above 8c124b35a53b usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus 3389281e0e6e USB: gadget: f_midi: setup SuperSpeed Plus descriptors 0ddb1d96a5db USB: gadget: f_acm: add support for SuperSpeed Plus 9ad41aa399db USB: serial: option: add interface-number sanity check to flag handling 57e22590c41b usb: mtu3: fix memory corruption in mtu3_debugfs_regset() 80cb94507054 soc/tegra: fuse: Fix index bug in get_process_id 037c65990d76 kbuild: avoid split lines in .mod files a803ea15b0dc perf/x86/intel: Check PEBS status correctly 12db619c91d7 drm/amd/display: Init clock value by current vbios CLKs c137a880ae6c iwlwifi: pcie: add one missing entry for AX210 e124c5afaf88 dm table: Remove BUG_ON(in_interrupt()) 8a89abb26e30 scsi: mpt3sas: Increase IOCInit request timeout to 30s cd14a53938e0 vxlan: Copy needed_tailroom from lowerdev 0b9ce087f75b vxlan: Add needed_headroom for lower device 230290dca255 arm64: syscall: exit userspace before unmasking exceptions 34c07547dbe5 habanalabs: put devices before driver removal be063ce1004c drm/tegra: sor: Disable clocks on error in tegra_sor_init() 9b6ebb202bbb kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling d8baf15b2196 drm/tegra: replace idr_init() by idr_init_base() 76812738841c net: mvpp2: add mvpp2_phylink_to_port() helper 6aa270eb2f90 selftests: fix poll error in udpgro.sh 0e2b048ffe44 ixgbe: avoid premature Rx buffer reuse 75bbe7bd9003 i40e: avoid premature Rx buffer reuse b05fdd74ffb7 i40e: optimise prefetch page refcount 405bfd36f072 i40e: Refactor rx_bi accesses 6935f5385f75 RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait 2107658d6d62 selftests/bpf/test_offload.py: Reset ethtool features after failed setting 3b79aea56dff netfilter: nft_ct: Remove confirmation check for NFT_CT_ID 0a652b181d75 gpio: eic-sprd: break loop when getting NULL device resource 2ebb2df149d4 Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()" 64795af3bdc7 afs: Fix memory leak when mounting with multiple source parameters 6581512f0afc netfilter: nft_dynset: fix timeouts later than 23 days 810bc556e347 netfilter: nft_compat: make sure xtables destructors have run b17244cebb24 netfilter: x_tables: Switch synchronization to RCU 22faec182eec pinctrl: aspeed: Fix GPIO requests on pass-through banks f7e6636831df blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick 4f3e3fa6239d block: factor out requeue handling from dispatch code 9e54ca3d4f9d block: Simplify REQ_OP_ZONE_RESET_ALL handling 71e0f9c5c3df clk: renesas: r9a06g032: Drop __packed for portability 43a373488e92 can: softing: softing_netdev_open(): fix error handling 36f460d51ac5 xsk: Replace datagram_poll by sock_poll_wait 50ae52e07d2b xsk: Fix xsk_poll()'s return type 369ed255958f scsi: bnx2i: Requires MMU e190d1b3c4d2 gpio: mvebu: fix potential user-after-free on probe ec64dea576d5 gpio: zynq: fix reference leak in zynq_gpio functions 823f42bd6193 PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter 74e38f86ab53 ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin f7fbde0f0b14 ARM: dts: imx6qdl-wandboard-revd1: Remove PAD_GPIO_6 from enetgrp 4b008707bac4 ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY 76c475d5d788 ARM: dts: sun8i: v3s: fix GIC node memory range 9ebc986a2ea5 pinctrl: baytrail: Avoid clearing debounce value when turning it off e2556e022897 pinctrl: merrifield: Set default bias in case no particular value given 2ec85a7a5adf ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node 9f69f6f85288 ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator 389033996cec ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b29d1016f2761aefa15e38a86263fb03c46ec1d7) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++---------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 5d2b2d14bf..5fc444bfc9 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "baf3ccf7c7cfaf9515d8c8b3b639d7bbb0564594" -SRCREV_meta ?= "1c358e19696827b594de26a221f110fc2647dfa8" +SRCREV_machine ?= "b82b3d52ee94caf6165eda89d3294a561bfb4f0b" +SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.85" +LINUX_VERSION ?= "5.4.87" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index fea9ae26c1..05edcfa63d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.85" +LINUX_VERSION ?= "5.4.87" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "f7f4bcebdd599197cde6f1d1985cb1ef1f3e8a54" -SRCREV_machine ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_meta ?= "1c358e19696827b594de26a221f110fc2647dfa8" +SRCREV_machine_qemuarm ?= "18b82a8554b25c86cbf31af312765832edca3498" +SRCREV_machine ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 9ed1811098..6a2d96e8a0 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "888fe3a6f7776f5732c3c4cf4c862447e646c25e" -SRCREV_machine_qemuarm64 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_machine_qemumips ?= "459ad51fb16465be3d291217a10bcb9d055f5775" -SRCREV_machine_qemuppc ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_machine_qemuriscv64 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_machine_qemux86 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_machine_qemux86-64 ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_machine_qemumips64 ?= "7eff01977ef77715ebc3e5a126534c39fe4ac918" -SRCREV_machine ?= "4f2b484a791fac88262922aa26ddd5ac3df9720f" -SRCREV_meta ?= "1c358e19696827b594de26a221f110fc2647dfa8" +SRCREV_machine_qemuarm ?= "03f94e8a96d027da980f2cc2ad6e95bbb45e22c5" +SRCREV_machine_qemuarm64 ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_machine_qemumips ?= "0b055d3e2e8d41743b00cd84975ff383e35f1ae9" +SRCREV_machine_qemuppc ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_machine_qemuriscv64 ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_machine_qemux86 ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_machine_qemux86-64 ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_machine_qemumips64 ?= "126e385b2dd8580a266fe15907c3725d2da12458" +SRCREV_machine ?= "292d752af8e4015e40e7c523641983bac543e2b4" +SRCREV_meta ?= "bc855ca4626f33c38c1398d48c71df10334a9132" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.85" +LINUX_VERSION ?= "5.4.87" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 07/19] scripts: oe-run-native, fix *-native directories 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (5 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 06/19] linux-yocto/5.4: update to v5.4.87 Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats Steve Sakoman ` (11 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Adrian Herrera <adrian.herrera@arm.com> This fixes a crash with "find" when running a native tool and *-native directories do not exist under the binary directory in the sysroot. This happened because the directory wildcard was passed as part of the root directory. The directory wildcard is now passed by "-name", which returns an empty result if no matching directory. Signed-off-by: Adrian Herrera <adrian.herrera@arm.com> Change-Id: Iba7acd8bbd7e0beb4d25c984f6af7a4fd21486e6 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6c90ed0ad24b7d4f892e22e088b1578824eb1d3) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- scripts/oe-run-native | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/oe-run-native b/scripts/oe-run-native index 4e63e69cc4..22958d97e7 100755 --- a/scripts/oe-run-native +++ b/scripts/oe-run-native @@ -43,7 +43,7 @@ fi OLD_PATH=$PATH # look for a tool only in native sysroot -PATH=$OECORE_NATIVE_SYSROOT/usr/bin:$OECORE_NATIVE_SYSROOT/bin:$OECORE_NATIVE_SYSROOT/usr/sbin:$OECORE_NATIVE_SYSROOT/sbin$(find $OECORE_NATIVE_SYSROOT/usr/bin/*-native -maxdepth 1 -type d -printf ":%p") +PATH=$OECORE_NATIVE_SYSROOT/usr/bin:$OECORE_NATIVE_SYSROOT/bin:$OECORE_NATIVE_SYSROOT/usr/sbin:$OECORE_NATIVE_SYSROOT/sbin$(find $OECORE_NATIVE_SYSROOT/usr/bin -maxdepth 1 -name "*-native" -type d -printf ":%p") tool_find=`/usr/bin/which $tool 2>/dev/null` if [ -n "$tool_find" ] ; then -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (6 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 07/19] scripts: oe-run-native, fix *-native directories Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 23:34 ` Richard Purdie 2021-01-18 22:36 ` [OE-core][dunfell 09/19] toolchain-shar-extract.sh: Handle special characters in script path Steve Sakoman ` (10 subsequent siblings) 18 siblings, 1 reply; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Sakib Sajal <sakib.sajal@windriver.com> There are a number of timeout and hang defects where it would be useful to collect statistics about what is running on a build host when that condition occurs. This adds functionality to collect build system stats on a regular interval and/or on task failure. Both features are disabled by default. To enable logging on a regular interval, set: BB_HEARTBEAT_EVENT = "<interval>" BB_LOG_HOST_STAT_ON_INTERVAL = <boolean> Logs are stored in ${BUILDSTATS_BASE}/<build_name>/host_stats To enable logging on a task failure, set: BB_LOG_HOST_STAT_ON_FAILURE = "<boolean>" Logs are stored in ${BUILDSTATS_BASE}/<build_name>/build_stats The list of commands, along with the desired options, need to be specified in the BB_LOG_HOST_STAT_CMDS variable delimited by ; as such: BB_LOG_HOST_STAT_CMDS = "command1 ; command2 ;... ;" Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit edb7098e9e0a8978568a45057c1c3ad2c6cacd67) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/buildstats.bbclass | 40 ++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/meta/classes/buildstats.bbclass b/meta/classes/buildstats.bbclass index 2590c60c63..43472f1988 100644 --- a/meta/classes/buildstats.bbclass +++ b/meta/classes/buildstats.bbclass @@ -106,14 +106,46 @@ def write_task_data(status, logfile, e, d): f.write("Status: FAILED \n") f.write("Ended: %0.2f \n" % e.time) +def write_host_data(logfile, e, d): + import subprocess, os, datetime + cmds = d.getVar('BB_LOG_HOST_STAT_CMDS') + if cmds is None: + d.setVar("BB_LOG_HOST_STAT_ON_INTERVAL", "0") + d.setVar("BB_LOG_HOST_STAT_ON_FAILURE", "0") + bb.warn("buildstats: Collecting host data failed. Set BB_LOG_HOST_STAT_CMDS=\"command1 ; command2 ; ... \" in conf\/local.conf\n") + return + path = d.getVar("PATH") + opath = d.getVar("BB_ORIGENV", False).getVar("PATH") + ospath = os.environ['PATH'] + os.environ['PATH'] = path + ":" + opath + ":" + ospath + with open(logfile, "a") as f: + f.write("Event Time: %f\nDate: %s\n" % (e.time, datetime.datetime.now())) + for cmd in cmds.split(";"): + if len(cmd) == 0: + continue + try: + output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT, timeout=1).decode('utf-8') + except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as err: + output = "Error running command: %s\n%s\n" % (cmd, err) + f.write("%s\n%s\n" % (cmd, output)) + os.environ['PATH'] = ospath + python run_buildstats () { import bb.build import bb.event import time, subprocess, platform bn = d.getVar('BUILDNAME') - bsdir = os.path.join(d.getVar('BUILDSTATS_BASE'), bn) - taskdir = os.path.join(bsdir, d.getVar('PF')) + ######################################################################## + # bitbake fires HeartbeatEvent even before a build has been + # triggered, causing BUILDNAME to be None + ######################################################################## + if bn is not None: + bsdir = os.path.join(d.getVar('BUILDSTATS_BASE'), bn) + taskdir = os.path.join(bsdir, d.getVar('PF')) + if isinstance(e, bb.event.HeartbeatEvent) and bb.utils.to_boolean(d.getVar("BB_LOG_HOST_STAT_ON_INTERVAL")): + bb.utils.mkdirhier(bsdir) + write_host_data(os.path.join(bsdir, "host_stats"), e, d) if isinstance(e, bb.event.BuildStarted): ######################################################################## @@ -188,10 +220,12 @@ python run_buildstats () { build_status = os.path.join(bsdir, "build_stats") with open(build_status, "a") as f: f.write(d.expand("Failed at: ${PF} at task: %s \n" % e.task)) + if bb.utils.to_boolean(d.getVar("BB_LOG_HOST_STAT_ON_FAILURE")): + write_host_data(build_status, e, d) } addhandler run_buildstats -run_buildstats[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskStarted bb.build.TaskSucceeded bb.build.TaskFailed" +run_buildstats[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.event.HeartbeatEvent bb.build.TaskStarted bb.build.TaskSucceeded bb.build.TaskFailed" python runqueue_stats () { import buildstats -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* Re: [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats 2021-01-18 22:36 ` [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats Steve Sakoman @ 2021-01-18 23:34 ` Richard Purdie 2021-01-18 23:44 ` Steve Sakoman 0 siblings, 1 reply; 22+ messages in thread From: Richard Purdie @ 2021-01-18 23:34 UTC (permalink / raw) To: Steve Sakoman, openembedded-core On Mon, 2021-01-18 at 12:36 -1000, Steve Sakoman wrote: > From: Sakib Sajal <sakib.sajal@windriver.com> > > There are a number of timeout and hang defects where > it would be useful to collect statistics about what > is running on a build host when that condition occurs. > > This adds functionality to collect build system stats > on a regular interval and/or on task failure. Both > features are disabled by default. > > To enable logging on a regular interval, set: > BB_HEARTBEAT_EVENT = "<interval>" > BB_LOG_HOST_STAT_ON_INTERVAL = <boolean> > Logs are stored in ${BUILDSTATS_BASE}/<build_name>/host_stats > > To enable logging on a task failure, set: > BB_LOG_HOST_STAT_ON_FAILURE = "<boolean>" > Logs are stored in ${BUILDSTATS_BASE}/<build_name>/build_stats > > The list of commands, along with the desired options, need > to be specified in the BB_LOG_HOST_STAT_CMDS variable > delimited by ; as such: > BB_LOG_HOST_STAT_CMDS = "command1 ; command2 ;... ;" > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > (cherry picked from commit edb7098e9e0a8978568a45057c1c3ad2c6cacd67) > Signed-off-by: Steve Sakoman <steve@sakoman.com> > --- > meta/classes/buildstats.bbclass | 40 ++++++++++++++++++++++++++++++--- > 1 file changed, 37 insertions(+), 3 deletions(-) Not sure this is backport material. We should probably see how it goes in master and try using it there first? Cheers, Richard ^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats 2021-01-18 23:34 ` Richard Purdie @ 2021-01-18 23:44 ` Steve Sakoman 0 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 23:44 UTC (permalink / raw) To: Richard Purdie; +Cc: Patches and discussions about the oe-core layer On Mon, Jan 18, 2021 at 1:34 PM Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Mon, 2021-01-18 at 12:36 -1000, Steve Sakoman wrote: > > From: Sakib Sajal <sakib.sajal@windriver.com> > > > > There are a number of timeout and hang defects where > > it would be useful to collect statistics about what > > is running on a build host when that condition occurs. > > > > This adds functionality to collect build system stats > > on a regular interval and/or on task failure. Both > > features are disabled by default. > > > > To enable logging on a regular interval, set: > > BB_HEARTBEAT_EVENT = "<interval>" > > BB_LOG_HOST_STAT_ON_INTERVAL = <boolean> > > Logs are stored in ${BUILDSTATS_BASE}/<build_name>/host_stats > > > > To enable logging on a task failure, set: > > BB_LOG_HOST_STAT_ON_FAILURE = "<boolean>" > > Logs are stored in ${BUILDSTATS_BASE}/<build_name>/build_stats > > > > The list of commands, along with the desired options, need > > to be specified in the BB_LOG_HOST_STAT_CMDS variable > > delimited by ; as such: > > BB_LOG_HOST_STAT_CMDS = "command1 ; command2 ;... ;" > > > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > (cherry picked from commit edb7098e9e0a8978568a45057c1c3ad2c6cacd67) > > Signed-off-by: Steve Sakoman <steve@sakoman.com> > > --- > > meta/classes/buildstats.bbclass | 40 ++++++++++++++++++++++++++++++--- > > 1 file changed, 37 insertions(+), 3 deletions(-) > > Not sure this is backport material. We should probably see how it goes > in master and try using it there first? OK, I thought it was safe since the features are disabled by default. Seemed like something good to have if needed, but I'll remove this from the pull request and revisit later. Steve ^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 09/19] toolchain-shar-extract.sh: Handle special characters in script path 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (7 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 10/19] lib/oe/utils: Return empty string in parallel_make Steve Sakoman ` (9 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Andrey Mozzhuhin <amozzhuhin@yandex.ru> Extracting SDK archive may fail if the script is run using a path with special characters such as space or asterisk. This is because the shell interprets such characters after expanding the $0 variable. Added quotes to all uses of the shell variable $0 to fix this. Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0453acbbd45604537090ec7a3295b34309e6eecb) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/files/toolchain-shar-extract.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh index bea6d4189a..dd9342758b 100644 --- a/meta/files/toolchain-shar-extract.sh +++ b/meta/files/toolchain-shar-extract.sh @@ -95,7 +95,7 @@ while getopts ":yd:npDRSl" OPT; do listcontents=1 ;; *) - echo "Usage: $(basename $0) [-y] [-d <dir>]" + echo "Usage: $(basename "$0") [-y] [-d <dir>]" echo " -y Automatic yes to all prompts" echo " -d <dir> Install the SDK to <dir>" echo "======== Extensible SDK only options ============" @@ -111,17 +111,17 @@ while getopts ":yd:npDRSl" OPT; do esac done -payload_offset=$(($(grep -na -m1 "^MARKER:$" $0|cut -d':' -f1) + 1)) +payload_offset=$(($(grep -na -m1 "^MARKER:$" "$0"|cut -d':' -f1) + 1)) if [ "$listcontents" = "1" ] ; then if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then - tail -n +$payload_offset $0 > sdk.zip + tail -n +$payload_offset "$0" > sdk.zip if unzip -l sdk.zip;then rm sdk.zip else rm sdk.zip && exit 1 fi else - tail -n +$payload_offset $0| tar tvJ || exit 1 + tail -n +$payload_offset "$0"| tar tvJ || exit 1 fi exit fi @@ -242,14 +242,14 @@ fi printf "Extracting SDK..." if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then - tail -n +$payload_offset $0 > sdk.zip + tail -n +$payload_offset "$0" > sdk.zip if $SUDO_EXEC unzip $EXTRA_TAR_OPTIONS sdk.zip -d $target_sdk_dir;then rm sdk.zip else rm sdk.zip && exit 1 fi else - tail -n +$payload_offset $0| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1 + tail -n +$payload_offset "$0"| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1 fi echo "done" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 10/19] lib/oe/utils: Return empty string in parallel_make 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (8 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 09/19] toolchain-shar-extract.sh: Handle special characters in script path Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 11/19] boost: drop arm-intrinsics.patch Steve Sakoman ` (8 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com> In cmake.bbclass we set CMAKE_BUILD_PARALLEL_LEVEL using parallel_make function and if PARALLEL_MAKE is set to empty string then this variable is exported as "None" causing cmake to fail with: "'CMAKE_BUILD_PARALLEL_LEVEL' environment variable invalid number 'None' given." Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2f790ded554a52ac18d1c28002142f9c62abec8b) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/lib/oe/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py index 13f4271da0..83d298906b 100644 --- a/meta/lib/oe/utils.py +++ b/meta/lib/oe/utils.py @@ -193,7 +193,7 @@ def parallel_make(d, makeinst=False): return int(v) - return None + return '' def parallel_make_argument(d, fmt, limit=None, makeinst=False): """ -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 11/19] boost: drop arm-intrinsics.patch 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (9 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 10/19] lib/oe/utils: Return empty string in parallel_make Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 12/19] classes/waf: Add build and install arguments Steve Sakoman ` (7 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Mans Rullgard <mans@mansr.com> This patch makes gcc produce broken code. It is unclear why it is there in the first place. Drop it. Signed-off-by: Mans Rullgard <mans@mansr.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5f3cace37496fe1dc4fd045f688f7d441505c437) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../boost/boost/arm-intrinsics.patch | 55 ------------------- meta/recipes-support/boost/boost_1.72.0.bb | 2 +- 2 files changed, 1 insertion(+), 56 deletions(-) delete mode 100644 meta/recipes-support/boost/boost/arm-intrinsics.patch diff --git a/meta/recipes-support/boost/boost/arm-intrinsics.patch b/meta/recipes-support/boost/boost/arm-intrinsics.patch deleted file mode 100644 index fe85c69a82..0000000000 --- a/meta/recipes-support/boost/boost/arm-intrinsics.patch +++ /dev/null @@ -1,55 +0,0 @@ -Upstream-Status: Backport - -8/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com> - -diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp -index b6359b5..78b1cc2 100644 ---- a/boost/smart_ptr/detail/atomic_count_sync.hpp -+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp -@@ -33,17 +33,46 @@ public: - - long operator++() - { -+#ifdef __ARM_ARCH_7A__ -+ int v1, tmp; -+ asm volatile ("1: \n\t" -+ "ldrex %0, %1 \n\t" -+ "add %0 ,%0, #1 \n\t" -+ "strex %2, %0, %1 \n\t" -+ "cmp %2, #0 \n\t" -+ "bne 1b \n\t" -+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp) -+ ); -+#else - return __sync_add_and_fetch( &value_, 1 ); -+#endif - } - - long operator--() - { -+#ifdef __ARM_ARCH_7A__ -+ int v1, tmp; -+ asm volatile ("1: \n\t" -+ "ldrex %0, %1 \n\t" -+ "sub %0 ,%0, #1 \n\t" -+ "strex %2, %0, %1 \n\t" -+ "cmp %2, #0 \n\t" -+ "bne 1b \n\t" -+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp) -+ ); -+ return value_; -+#else - return __sync_add_and_fetch( &value_, -1 ); -+#endif - } - - operator long() const - { -+#if __ARM_ARCH_7A__ -+ return value_; -+#else - return __sync_fetch_and_add( &value_, 0 ); -+#endif - } - - private: diff --git a/meta/recipes-support/boost/boost_1.72.0.bb b/meta/recipes-support/boost/boost_1.72.0.bb index 51c84bc935..df1cc16937 100644 --- a/meta/recipes-support/boost/boost_1.72.0.bb +++ b/meta/recipes-support/boost/boost_1.72.0.bb @@ -1,7 +1,7 @@ require boost-${PV}.inc require boost.inc -SRC_URI += "file://arm-intrinsics.patch \ +SRC_URI += " \ file://boost-CVE-2012-2677.patch \ file://boost-math-disable-pch-for-gcc.patch \ file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \ -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 12/19] classes/waf: Add build and install arguments 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (10 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 11/19] boost: drop arm-intrinsics.patch Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 13/19] waf: don't assume the waf intepretter is good Steve Sakoman ` (6 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <JPEWhacker@gmail.com> Adds variables that can be used to allow a recipe to pass extra arguments to `waf build` and `waf install`. In most cases, you want to pass the same arguments to `build` and `install` (since install is a superset of `build`), so by default setting EXTRA_OEWAF_BUILD also affects `waf install`, but this can be overridded. (From OE-Core rev: 493e17a2f5cbbbe3b1e435dadb281b007bca2cbf) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 633652284b13dc78206f4cc8e81f29de44777b75) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/waf.bbclass | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass index 900244004e..309f625a40 100644 --- a/meta/classes/waf.bbclass +++ b/meta/classes/waf.bbclass @@ -5,6 +5,11 @@ B = "${WORKDIR}/build" EXTRA_OECONF_append = " ${PACKAGECONFIG_CONFARGS}" +EXTRA_OEWAF_BUILD ??= "" +# In most cases, you want to pass the same arguments to `waf build` and `waf +# install`, but you can override it if necessary +EXTRA_OEWAF_INSTALL ??= "${EXTRA_OEWAF_BUILD}" + def waflock_hash(d): # Calculates the hash used for the waf lock file. This should include # all of the user controllable inputs passed to waf configure. Note @@ -55,11 +60,11 @@ waf_do_configure() { do_compile[progress] = "outof:^\[\s*(\d+)/\s*(\d+)\]\s+" waf_do_compile() { - (cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)}) + (cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD}) } waf_do_install() { - (cd ${S} && ./waf install --destdir=${D}) + (cd ${S} && ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL}) } EXPORT_FUNCTIONS do_configure do_compile do_install -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 13/19] waf: don't assume the waf intepretter is good 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (11 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 12/19] classes/waf: Add build and install arguments Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 14/19] curl: fix CVE-2020-8231/8284/8285/8286 Steve Sakoman ` (5 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Ross Burton <ross@burtonini.com> Waf typically uses `python` as the intepretter but inside a task this does not exist. Typically this is solved by patching waf (see the glmark2 recipe) but not all versionf of Waf support Python 3 so we can't assume a specific interpretter. Instead, create a new variable WAF_PYTHON for the correct interpretter, and default this to `python3`. If the user has a recipe that needs Python 2 then this can be changed in the recipe. (From OE-Core rev: 802e80d35e6374b9b80f89068d00b84fe2d04ca1) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 85b6301c6190a1d1823de9bfe7285f7a7d15a46f) [Fixes build issue on Ubuntu 20 with mvp https://github.com/openembedded/meta-openembedded/issues/304 ] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/classes/waf.bbclass | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass index 309f625a40..8fa5063645 100644 --- a/meta/classes/waf.bbclass +++ b/meta/classes/waf.bbclass @@ -1,6 +1,10 @@ # avoids build breaks when using no-static-libs.inc DISABLE_STATIC = "" +# What Python interpretter to use. Defaults to Python 3 but can be +# overridden if required. +WAF_PYTHON ?= "python3" + B = "${WORKDIR}/build" EXTRA_OECONF_append = " ${PACKAGECONFIG_CONFARGS}" @@ -40,9 +44,10 @@ python waf_preconfigure() { import subprocess from distutils.version import StrictVersion subsrcdir = d.getVar('S') + python = d.getVar('WAF_PYTHON') wafbin = os.path.join(subsrcdir, 'waf') try: - result = subprocess.check_output([wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT) + result = subprocess.check_output([python, wafbin, '--version'], cwd=subsrcdir, stderr=subprocess.STDOUT) version = result.decode('utf-8').split()[1] if StrictVersion(version) >= StrictVersion("1.8.7"): d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}") @@ -55,16 +60,16 @@ python waf_preconfigure() { do_configure[prefuncs] += "waf_preconfigure" waf_do_configure() { - (cd ${S} && ./waf configure -o ${B} --prefix=${prefix} ${WAF_EXTRA_CONF} ${EXTRA_OECONF}) + (cd ${S} && ${WAF_PYTHON} ./waf configure -o ${B} --prefix=${prefix} ${WAF_EXTRA_CONF} ${EXTRA_OECONF}) } do_compile[progress] = "outof:^\[\s*(\d+)/\s*(\d+)\]\s+" waf_do_compile() { - (cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD}) + (cd ${S} && ${WAF_PYTHON} ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD}) } waf_do_install() { - (cd ${S} && ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL}) + (cd ${S} && ${WAF_PYTHON} ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL}) } EXPORT_FUNCTIONS do_configure do_compile do_install -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 14/19] curl: fix CVE-2020-8231/8284/8285/8286 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (12 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 13/19] waf: don't assume the waf intepretter is good Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 15/19] xorg: Security fix for CVE-2020-14345 Steve Sakoman ` (4 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Lee Chee Yang <chee.yang.lee@intel.com> backport CVE-2020-8284 fixes from upstream, but drop binary file tests/data/test1465. upstream fixes for CVE-2020-8231, CVE-2020-8285 and CVE-2020-8286 does not applies cleanly to 7.69.1, fedora have working patch hence import patch from Fedora. https://koji.fedoraproject.org/koji/rpminfo?rpmID=24270817 Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../curl/curl/CVE-2020-8231.patch | 1092 +++++++++++++++++ .../curl/curl/CVE-2020-8284.patch | 209 ++++ .../curl/curl/CVE-2020-8285.patch | 260 ++++ .../curl/curl/CVE-2020-8286.patch | 133 ++ meta/recipes-support/curl/curl_7.69.1.bb | 4 + 5 files changed, 1698 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8231.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8284.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8285.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8286.patch diff --git a/meta/recipes-support/curl/curl/CVE-2020-8231.patch b/meta/recipes-support/curl/curl/CVE-2020-8231.patch new file mode 100644 index 0000000000..51f40047f1 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8231.patch @@ -0,0 +1,1092 @@ +From c3359693e17fccdf2a04f0b908bc8f51cdc38133 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 27 Apr 2020 00:33:21 +0200 +Subject: [PATCH 1/3] conncache: various concept cleanups + +More connection cache accesses are protected by locks. + +CONNCACHE_* is a beter prefix for the connection cache lock macros. + +Curl_attach_connnection: now called as soon as there's a connection +struct available and before the connection is added to the connection +cache. + +Curl_disconnect: now assumes that the connection is already removed from +the connection cache. + +Ref: #4915 +Closes #5009 + +Upstream-commit: c06902713998d68202c5a764de910ba8d0e8f54d +Signed-off-by: Kamil Dudka <kdudka@redhat.com> + +Upstream-Status: Backport [import from fedora https://koji.fedoraproject.org/koji/fileinfo?rpmID=24270817&filename=0004-curl-7.69.1-CVE-2020-8231.patch ] +CVE: CVE-2020-8286 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + lib/conncache.c | 87 ++++++++++++++++++++----------------------- + lib/conncache.h | 9 ++--- + lib/hostip.c | 12 +++--- + lib/http_negotiate.h | 6 ++- + lib/http_ntlm.h | 6 ++- + lib/multi.c | 56 ++++++++++++++-------------- + lib/multiif.h | 1 + + lib/url.c | 69 ++++++++++++++++++---------------- + tests/data/test1554 | 14 +++++++ + tests/unit/unit1620.c | 6 +-- + 10 files changed, 139 insertions(+), 127 deletions(-) + +diff --git a/lib/conncache.c b/lib/conncache.c +index cbd3bb1..95fcea6 100644 +--- a/lib/conncache.c ++++ b/lib/conncache.c +@@ -49,53 +49,51 @@ static void conn_llist_dtor(void *user, void *element) + conn->bundle = NULL; + } + +-static CURLcode bundle_create(struct Curl_easy *data, +- struct connectbundle **cb_ptr) ++static CURLcode bundle_create(struct connectbundle **bundlep) + { +- (void)data; +- DEBUGASSERT(*cb_ptr == NULL); +- *cb_ptr = malloc(sizeof(struct connectbundle)); +- if(!*cb_ptr) ++ DEBUGASSERT(*bundlep == NULL); ++ *bundlep = malloc(sizeof(struct connectbundle)); ++ if(!*bundlep) + return CURLE_OUT_OF_MEMORY; + +- (*cb_ptr)->num_connections = 0; +- (*cb_ptr)->multiuse = BUNDLE_UNKNOWN; ++ (*bundlep)->num_connections = 0; ++ (*bundlep)->multiuse = BUNDLE_UNKNOWN; + +- Curl_llist_init(&(*cb_ptr)->conn_list, (curl_llist_dtor) conn_llist_dtor); ++ Curl_llist_init(&(*bundlep)->conn_list, (curl_llist_dtor) conn_llist_dtor); + return CURLE_OK; + } + +-static void bundle_destroy(struct connectbundle *cb_ptr) ++static void bundle_destroy(struct connectbundle *bundle) + { +- if(!cb_ptr) ++ if(!bundle) + return; + +- Curl_llist_destroy(&cb_ptr->conn_list, NULL); ++ Curl_llist_destroy(&bundle->conn_list, NULL); + +- free(cb_ptr); ++ free(bundle); + } + + /* Add a connection to a bundle */ +-static void bundle_add_conn(struct connectbundle *cb_ptr, ++static void bundle_add_conn(struct connectbundle *bundle, + struct connectdata *conn) + { +- Curl_llist_insert_next(&cb_ptr->conn_list, cb_ptr->conn_list.tail, conn, ++ Curl_llist_insert_next(&bundle->conn_list, bundle->conn_list.tail, conn, + &conn->bundle_node); +- conn->bundle = cb_ptr; +- cb_ptr->num_connections++; ++ conn->bundle = bundle; ++ bundle->num_connections++; + } + + /* Remove a connection from a bundle */ +-static int bundle_remove_conn(struct connectbundle *cb_ptr, ++static int bundle_remove_conn(struct connectbundle *bundle, + struct connectdata *conn) + { + struct curl_llist_element *curr; + +- curr = cb_ptr->conn_list.head; ++ curr = bundle->conn_list.head; + while(curr) { + if(curr->ptr == conn) { +- Curl_llist_remove(&cb_ptr->conn_list, curr, NULL); +- cb_ptr->num_connections--; ++ Curl_llist_remove(&bundle->conn_list, curr, NULL); ++ bundle->num_connections--; + conn->bundle = NULL; + return 1; /* we removed a handle */ + } +@@ -162,20 +160,15 @@ static void hashkey(struct connectdata *conn, char *buf, + msnprintf(buf, len, "%ld%s", port, hostname); + } + +-void Curl_conncache_unlock(struct Curl_easy *data) +-{ +- CONN_UNLOCK(data); +-} +- + /* Returns number of connections currently held in the connection cache. + Locks/unlocks the cache itself! + */ + size_t Curl_conncache_size(struct Curl_easy *data) + { + size_t num; +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + num = data->state.conn_cache->num_conn; +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + return num; + } + +@@ -188,7 +181,7 @@ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, + const char **hostp) + { + struct connectbundle *bundle = NULL; +- CONN_LOCK(conn->data); ++ CONNCACHE_LOCK(conn->data); + if(connc) { + char key[HASHKEY_SIZE]; + hashkey(conn, key, sizeof(key), hostp); +@@ -235,8 +228,7 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, + struct connectdata *conn) + { + CURLcode result = CURLE_OK; +- struct connectbundle *bundle; +- struct connectbundle *new_bundle = NULL; ++ struct connectbundle *bundle = NULL; + struct Curl_easy *data = conn->data; + + /* *find_bundle() locks the connection cache */ +@@ -245,20 +237,19 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, + int rc; + char key[HASHKEY_SIZE]; + +- result = bundle_create(data, &new_bundle); ++ result = bundle_create(&bundle); + if(result) { + goto unlock; + } + + hashkey(conn, key, sizeof(key), NULL); +- rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle); ++ rc = conncache_add_bundle(data->state.conn_cache, key, bundle); + + if(!rc) { +- bundle_destroy(new_bundle); ++ bundle_destroy(bundle); + result = CURLE_OUT_OF_MEMORY; + goto unlock; + } +- bundle = new_bundle; + } + + bundle_add_conn(bundle, conn); +@@ -270,15 +261,17 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, + conn->connection_id, connc->num_conn)); + + unlock: +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + + return result; + } + + /* +- * Removes the connectdata object from the connection cache *and* clears the +- * ->data pointer association. Pass TRUE/FALSE in the 'lock' argument +- * depending on if the parent function already holds the lock or not. ++ * Removes the connectdata object from the connection cache, but does *not* ++ * clear the conn->data association. The transfer still owns this connection. ++ * ++ * Pass TRUE/FALSE in the 'lock' argument depending on if the parent function ++ * already holds the lock or not. + */ + void Curl_conncache_remove_conn(struct Curl_easy *data, + struct connectdata *conn, bool lock) +@@ -290,7 +283,7 @@ void Curl_conncache_remove_conn(struct Curl_easy *data, + due to a failed connection attempt, before being added to a bundle */ + if(bundle) { + if(lock) { +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + } + bundle_remove_conn(bundle, conn); + if(bundle->num_connections == 0) +@@ -301,9 +294,8 @@ void Curl_conncache_remove_conn(struct Curl_easy *data, + DEBUGF(infof(data, "The cache now contains %zu members\n", + connc->num_conn)); + } +- conn->data = NULL; /* clear the association */ + if(lock) { +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + } + } + } +@@ -332,7 +324,7 @@ bool Curl_conncache_foreach(struct Curl_easy *data, + if(!connc) + return FALSE; + +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + Curl_hash_start_iterate(&connc->hash, &iter); + + he = Curl_hash_next_element(&iter); +@@ -350,12 +342,12 @@ bool Curl_conncache_foreach(struct Curl_easy *data, + curr = curr->next; + + if(1 == func(conn, param)) { +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + return TRUE; + } + } + } +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + return FALSE; + } + +@@ -494,7 +486,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data) + + now = Curl_now(); + +- CONN_LOCK(data); ++ CONNCACHE_LOCK(data); + Curl_hash_start_iterate(&connc->hash, &iter); + + he = Curl_hash_next_element(&iter); +@@ -531,7 +523,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data) + connc->num_conn)); + conn_candidate->data = data; /* associate! */ + } +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + + return conn_candidate; + } +@@ -548,6 +540,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc) + sigpipe_ignore(conn->data, &pipe_st); + /* This will remove the connection from the cache */ + connclose(conn, "kill all"); ++ Curl_conncache_remove_conn(conn->data, conn, TRUE); + (void)Curl_disconnect(connc->closure_handle, conn, FALSE); + sigpipe_restore(&pipe_st); + +diff --git a/lib/conncache.h b/lib/conncache.h +index e3e4c9c..3dda21c 100644 +--- a/lib/conncache.h ++++ b/lib/conncache.h +@@ -45,21 +45,21 @@ struct conncache { + #ifdef CURLDEBUG + /* the debug versions of these macros make extra certain that the lock is + never doubly locked or unlocked */ +-#define CONN_LOCK(x) if((x)->share) { \ ++#define CONNCACHE_LOCK(x) if((x)->share) { \ + Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE); \ + DEBUGASSERT(!(x)->state.conncache_lock); \ + (x)->state.conncache_lock = TRUE; \ + } + +-#define CONN_UNLOCK(x) if((x)->share) { \ ++#define CONNCACHE_UNLOCK(x) if((x)->share) { \ + DEBUGASSERT((x)->state.conncache_lock); \ + (x)->state.conncache_lock = FALSE; \ + Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT); \ + } + #else +-#define CONN_LOCK(x) if((x)->share) \ ++#define CONNCACHE_LOCK(x) if((x)->share) \ + Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) +-#define CONN_UNLOCK(x) if((x)->share) \ ++#define CONNCACHE_UNLOCK(x) if((x)->share) \ + Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) + #endif + +@@ -77,7 +77,6 @@ void Curl_conncache_destroy(struct conncache *connc); + struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, + struct conncache *connc, + const char **hostp); +-void Curl_conncache_unlock(struct Curl_easy *data); + /* returns number of connections currently held in the connection cache */ + size_t Curl_conncache_size(struct Curl_easy *data); + +diff --git a/lib/hostip.c b/lib/hostip.c +index c0feb79..f5bb634 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -1085,10 +1085,12 @@ CURLcode Curl_once_resolved(struct connectdata *conn, + + result = Curl_setup_conn(conn, protocol_done); + +- if(result) +- /* We're not allowed to return failure with memory left allocated +- in the connectdata struct, free those here */ +- Curl_disconnect(conn->data, conn, TRUE); /* close the connection */ +- ++ if(result) { ++ struct Curl_easy *data = conn->data; ++ DEBUGASSERT(data); ++ Curl_detach_connnection(data); ++ Curl_conncache_remove_conn(data, conn, TRUE); ++ Curl_disconnect(data, conn, TRUE); ++ } + return result; + } +diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h +index 4f0ac16..a737f6f 100644 +--- a/lib/http_negotiate.h ++++ b/lib/http_negotiate.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. ++ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -33,6 +33,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy); + + void Curl_http_auth_cleanup_negotiate(struct connectdata *conn); + +-#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ ++#else /* !CURL_DISABLE_HTTP && USE_SPNEGO */ ++#define Curl_http_auth_cleanup_negotiate(x) ++#endif + + #endif /* HEADER_CURL_HTTP_NEGOTIATE_H */ +diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h +index 003714d..3ebdf97 100644 +--- a/lib/http_ntlm.h ++++ b/lib/http_ntlm.h +@@ -7,7 +7,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. ++ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -35,6 +35,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy); + + void Curl_http_auth_cleanup_ntlm(struct connectdata *conn); + +-#endif /* !CURL_DISABLE_HTTP && USE_NTLM */ ++#else /* !CURL_DISABLE_HTTP && USE_NTLM */ ++#define Curl_http_auth_cleanup_ntlm(x) ++#endif + + #endif /* HEADER_CURL_HTTP_NTLM_H */ +diff --git a/lib/multi.c b/lib/multi.c +index e10e752..273653d 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -79,7 +79,6 @@ static CURLMcode add_next_timeout(struct curltime now, + static CURLMcode multi_timeout(struct Curl_multi *multi, + long *timeout_ms); + static void process_pending_handles(struct Curl_multi *multi); +-static void detach_connnection(struct Curl_easy *data); + + #ifdef DEBUGBUILD + static const char * const statename[]={ +@@ -112,7 +111,7 @@ static void Curl_init_completed(struct Curl_easy *data) + + /* Important: reset the conn pointer so that we don't point to memory + that could be freed anytime */ +- detach_connnection(data); ++ Curl_detach_connnection(data); + Curl_expire_clear(data); /* stop all timers */ + } + +@@ -506,6 +505,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + easy handle is added */ + memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); + ++ CONNCACHE_LOCK(data); + /* The closure handle only ever has default timeouts set. To improve the + state somewhat we clone the timeouts from each added handle so that the + closure handle always has the same timeouts as the most recently added +@@ -515,6 +515,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + data->set.server_response_timeout; + data->state.conn_cache->closure_handle->set.no_signal = + data->set.no_signal; ++ CONNCACHE_UNLOCK(data); + + Curl_update_timer(multi); + return CURLM_OK; +@@ -589,14 +590,14 @@ static CURLcode multi_done(struct Curl_easy *data, + + process_pending_handles(data->multi); /* connection / multiplex */ + +- CONN_LOCK(data); +- detach_connnection(data); ++ CONNCACHE_LOCK(data); ++ Curl_detach_connnection(data); + if(CONN_INUSE(conn)) { + /* Stop if still used. */ + /* conn->data must not remain pointing to this transfer since it is going + away! Find another to own it! */ + conn->data = conn->easyq.head->ptr; +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + DEBUGF(infof(data, "Connection still in use %zu, " + "no more multi_done now!\n", + conn->easyq.size)); +@@ -647,7 +648,8 @@ static CURLcode multi_done(struct Curl_easy *data, + || (premature && !(conn->handler->flags & PROTOPT_STREAM))) { + CURLcode res2; + connclose(conn, "disconnecting"); +- CONN_UNLOCK(data); ++ Curl_conncache_remove_conn(data, conn, FALSE); ++ CONNCACHE_UNLOCK(data); + res2 = Curl_disconnect(data, conn, premature); + + /* If we had an error already, make sure we return that one. But +@@ -666,7 +668,7 @@ static CURLcode multi_done(struct Curl_easy *data, + conn->bits.conn_to_host ? conn->conn_to_host.dispname : + conn->host.dispname); + /* the connection is no longer in use by this transfer */ +- CONN_UNLOCK(data); ++ CONNCACHE_UNLOCK(data); + if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ + data->state.lastconnect = conn; +@@ -774,8 +776,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + vanish with this handle */ + + /* Remove the association between the connection and the handle */ +- if(data->conn) +- detach_connnection(data); ++ Curl_detach_connnection(data); + + #ifdef USE_LIBPSL + /* Remove the PSL association. */ +@@ -824,9 +825,13 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi) + return (multi && (multi->multiplexing)); + } + +-/* This is the only function that should clear data->conn. This will +- occasionally be called with the pointer already cleared. */ +-static void detach_connnection(struct Curl_easy *data) ++/* ++ * Curl_detach_connnection() removes the given transfer from the connection. ++ * ++ * This is the only function that should clear data->conn. This will ++ * occasionally be called with the data->conn pointer already cleared. ++ */ ++void Curl_detach_connnection(struct Curl_easy *data) + { + struct connectdata *conn = data->conn; + if(conn) +@@ -834,7 +839,11 @@ static void detach_connnection(struct Curl_easy *data) + data->conn = NULL; + } + +-/* This is the only function that should assign data->conn */ ++/* ++ * Curl_attach_connnection() attaches this transfer to this connection. ++ * ++ * This is the only function that should assign data->conn ++ */ + void Curl_attach_connnection(struct Curl_easy *data, + struct connectdata *conn) + { +@@ -1536,19 +1545,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + bool stream_error = FALSE; + rc = CURLM_OK; + +- DEBUGASSERT((data->mstate <= CURLM_STATE_CONNECT) || +- (data->mstate >= CURLM_STATE_DONE) || +- data->conn); +- if(!data->conn && +- data->mstate > CURLM_STATE_CONNECT && +- data->mstate < CURLM_STATE_DONE) { +- /* In all these states, the code will blindly access 'data->conn' +- so this is precaution that it isn't NULL. And it silences static +- analyzers. */ +- failf(data, "In state %d with no conn, bail out!\n", data->mstate); +- return CURLM_INTERNAL_ERROR; +- } +- + if(multi_ischanged(multi, TRUE)) { + DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n")); + process_pending_handles(multi); /* multiplexed */ +@@ -2231,8 +2227,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + * access free'd data, if the connection is free'd and the handle + * removed before we perform the processing in CURLM_STATE_COMPLETED + */ +- if(data->conn) +- detach_connnection(data); ++ Curl_detach_connnection(data); + } + + #ifndef CURL_DISABLE_FTP +@@ -2284,7 +2279,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + /* This is where we make sure that the conn pointer is reset. + We don't have to do this in every case block above where a + failure is detected */ +- detach_connnection(data); ++ Curl_detach_connnection(data); ++ ++ /* remove connection from cache */ ++ Curl_conncache_remove_conn(data, conn, TRUE); + + /* disconnect properly */ + Curl_disconnect(data, conn, dead_connection); +diff --git a/lib/multiif.h b/lib/multiif.h +index bde755e..c07587b 100644 +--- a/lib/multiif.h ++++ b/lib/multiif.h +@@ -33,6 +33,7 @@ void Curl_expire_done(struct Curl_easy *data, expire_id id); + void Curl_update_timer(struct Curl_multi *multi); + void Curl_attach_connnection(struct Curl_easy *data, + struct connectdata *conn); ++void Curl_detach_connnection(struct Curl_easy *data); + bool Curl_multiplex_wanted(const struct Curl_multi *multi); + void Curl_set_in_callback(struct Curl_easy *data, bool value); + bool Curl_is_in_callback(struct Curl_easy *easy); +diff --git a/lib/url.c b/lib/url.c +index a826f8a..4ed0623 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -679,9 +679,7 @@ static void conn_reset_all_postponed_data(struct connectdata *conn) + + static void conn_shutdown(struct connectdata *conn) + { +- if(!conn) +- return; +- ++ DEBUGASSERT(conn); + infof(conn->data, "Closing connection %ld\n", conn->connection_id); + DEBUGASSERT(conn->data); + +@@ -702,16 +700,11 @@ static void conn_shutdown(struct connectdata *conn) + Curl_closesocket(conn, conn->tempsock[0]); + if(CURL_SOCKET_BAD != conn->tempsock[1]) + Curl_closesocket(conn, conn->tempsock[1]); +- +- /* unlink ourselves. this should be called last since other shutdown +- procedures need a valid conn->data and this may clear it. */ +- Curl_conncache_remove_conn(conn->data, conn, TRUE); + } + + static void conn_free(struct connectdata *conn) + { +- if(!conn) +- return; ++ DEBUGASSERT(conn); + + Curl_free_idnconverted_hostname(&conn->host); + Curl_free_idnconverted_hostname(&conn->conn_to_host); +@@ -778,13 +771,17 @@ static void conn_free(struct connectdata *conn) + CURLcode Curl_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead_connection) + { +- if(!conn) +- return CURLE_OK; /* this is closed and fine already */ ++ /* there must be a connection to close */ ++ DEBUGASSERT(conn); + +- if(!data) { +- DEBUGF(infof(data, "DISCONNECT without easy handle, ignoring\n")); +- return CURLE_OK; +- } ++ /* it must be removed from the connection cache */ ++ DEBUGASSERT(!conn->bundle); ++ ++ /* there must be an associated transfer */ ++ DEBUGASSERT(data); ++ ++ /* the transfer must be detached from the connection */ ++ DEBUGASSERT(!data->conn); + + /* + * If this connection isn't marked to force-close, leave it open if there +@@ -800,16 +797,11 @@ CURLcode Curl_disconnect(struct Curl_easy *data, + conn->dns_entry = NULL; + } + +- Curl_hostcache_prune(data); /* kill old DNS cache entries */ +- +-#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) + /* Cleanup NTLM connection-related data */ + Curl_http_auth_cleanup_ntlm(conn); +-#endif +-#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) ++ + /* Cleanup NEGOTIATE connection-related data */ + Curl_http_auth_cleanup_negotiate(conn); +-#endif + + /* the protocol specific disconnect handler and conn_shutdown need a transfer + for the connection! */ +@@ -1006,8 +998,12 @@ static int call_extract_if_dead(struct connectdata *conn, void *param) + static void prune_dead_connections(struct Curl_easy *data) + { + struct curltime now = Curl_now(); +- timediff_t elapsed = ++ timediff_t elapsed; ++ ++ CONNCACHE_LOCK(data); ++ elapsed = + Curl_timediff(now, data->state.conn_cache->last_cleanup); ++ CONNCACHE_UNLOCK(data); + + if(elapsed >= 1000L) { + struct prunedead prune; +@@ -1015,10 +1011,17 @@ static void prune_dead_connections(struct Curl_easy *data) + prune.extracted = NULL; + while(Curl_conncache_foreach(data, data->state.conn_cache, &prune, + call_extract_if_dead)) { ++ /* unlocked */ ++ ++ /* remove connection from cache */ ++ Curl_conncache_remove_conn(data, prune.extracted, TRUE); ++ + /* disconnect it */ + (void)Curl_disconnect(data, prune.extracted, /* dead_connection */TRUE); + } ++ CONNCACHE_LOCK(data); + data->state.conn_cache->last_cleanup = now; ++ CONNCACHE_UNLOCK(data); + } + } + +@@ -1078,7 +1081,7 @@ ConnectionExists(struct Curl_easy *data, + if(data->set.pipewait) { + infof(data, "Server doesn't support multiplex yet, wait\n"); + *waitpipe = TRUE; +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + return FALSE; /* no re-use */ + } + +@@ -1402,11 +1405,12 @@ ConnectionExists(struct Curl_easy *data, + if(chosen) { + /* mark it as used before releasing the lock */ + chosen->data = data; /* own it! */ +- Curl_conncache_unlock(data); ++ Curl_attach_connnection(data, chosen); ++ CONNCACHE_UNLOCK(data); + *usethis = chosen; + return TRUE; /* yes, we found one to use! */ + } +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + + if(foundPendingCandidate && data->set.pipewait) { + infof(data, +@@ -3519,6 +3523,7 @@ static CURLcode create_conn(struct Curl_easy *data, + if(!result) { + conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */ + ++ Curl_attach_connnection(data, conn); + result = Curl_conncache_add_conn(data->state.conn_cache, conn); + if(result) + goto out; +@@ -3533,7 +3538,6 @@ static CURLcode create_conn(struct Curl_easy *data, + (void)conn->handler->done(conn, result, FALSE); + goto out; + } +- Curl_attach_connnection(data, conn); + Curl_setup_transfer(data, -1, -1, FALSE, -1); + } + +@@ -3683,7 +3687,7 @@ static CURLcode create_conn(struct Curl_easy *data, + + /* The bundle is full. Extract the oldest connection. */ + conn_candidate = Curl_conncache_extract_bundle(data, bundle); +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + + if(conn_candidate) + (void)Curl_disconnect(data, conn_candidate, +@@ -3695,7 +3699,7 @@ static CURLcode create_conn(struct Curl_easy *data, + } + } + else +- Curl_conncache_unlock(data); ++ CONNCACHE_UNLOCK(data); + + } + +@@ -3729,6 +3733,8 @@ static CURLcode create_conn(struct Curl_easy *data, + * This is a brand new connection, so let's store it in the connection + * cache of ours! + */ ++ Curl_attach_connnection(data, conn); ++ + result = Curl_conncache_add_conn(data->state.conn_cache, conn); + if(result) + goto out; +@@ -3883,7 +3889,7 @@ CURLcode Curl_connect(struct Curl_easy *data, + result = create_conn(data, &conn, asyncp); + + if(!result) { +- if(CONN_INUSE(conn)) ++ if(CONN_INUSE(conn) > 1) + /* multiplexed */ + *protocol_done = TRUE; + else if(!*asyncp) { +@@ -3900,11 +3906,10 @@ CURLcode Curl_connect(struct Curl_easy *data, + else if(result && conn) { + /* We're not allowed to return failure with memory left allocated in the + connectdata struct, free those here */ ++ Curl_detach_connnection(data); ++ Curl_conncache_remove_conn(data, conn, TRUE); + Curl_disconnect(data, conn, TRUE); + } +- else if(!result && !data->conn) +- /* FILE: transfers already have the connection attached */ +- Curl_attach_connnection(data, conn); + + return result; + } +diff --git a/tests/data/test1554 b/tests/data/test1554 +index 06f1897..d3926d9 100644 +--- a/tests/data/test1554 ++++ b/tests/data/test1554 +@@ -29,6 +29,12 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -40,6 +46,10 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -51,6 +61,10 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +diff --git a/tests/unit/unit1620.c b/tests/unit/unit1620.c +index 6e572c6..b23e5b9 100644 +--- a/tests/unit/unit1620.c ++++ b/tests/unit/unit1620.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. ++ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -73,10 +73,6 @@ UNITTEST_START + fail_unless(rc == CURLE_OK, + "Curl_parse_login_details() failed"); + +- rc = Curl_disconnect(empty, empty->conn, FALSE); +- fail_unless(rc == CURLE_OK, +- "Curl_disconnect() with dead_connection set FALSE failed"); +- + Curl_freeset(empty); + for(i = (enum dupstring)0; i < STRING_LAST; i++) { + fail_unless(empty->set.str[i] == NULL, +-- +2.25.4 + + +From 6830828c9eecd9ab14404f2f49f19b56dec62130 Mon Sep 17 00:00:00 2001 +From: Marc Aldorasi <marc@groundctl.com> +Date: Thu, 30 Jul 2020 14:16:17 -0400 +Subject: [PATCH 2/3] multi_remove_handle: close unused connect-only + connections + +Previously any connect-only connections in a multi handle would be kept +alive until the multi handle was closed. Since these connections cannot +be re-used, they can be marked for closure when the associated easy +handle is removed from the multi handle. + +Closes #5749 + +Upstream-commit: d5bb459ccf1fc5980ae4b95c05b4ecf6454a7599 +Signed-off-by: Kamil Dudka <kdudka@redhat.com> +--- + lib/multi.c | 34 ++++++++++++++++++++++++++++++---- + tests/data/test1554 | 6 ++++++ + 2 files changed, 36 insertions(+), 4 deletions(-) + +diff --git a/lib/multi.c b/lib/multi.c +index 249e360..f1371bd 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -682,6 +682,26 @@ static CURLcode multi_done(struct Curl_easy *data, + return result; + } + ++static int close_connect_only(struct connectdata *conn, void *param) ++{ ++ struct Curl_easy *data = param; ++ ++ if(data->state.lastconnect != conn) ++ return 0; ++ ++ if(conn->data != data) ++ return 1; ++ conn->data = NULL; ++ ++ if(!conn->bits.connect_only) ++ return 1; ++ ++ connclose(conn, "Removing connect-only easy handle"); ++ conn->bits.connect_only = FALSE; ++ ++ return 1; ++} ++ + CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + struct Curl_easy *data) + { +@@ -765,10 +785,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + multi_done() as that may actually call Curl_expire that uses this */ + Curl_llist_destroy(&data->state.timeoutlist, NULL); + +- /* as this was using a shared connection cache we clear the pointer to that +- since we're not part of that multi handle anymore */ +- data->state.conn_cache = NULL; +- + /* change state without using multistate(), only to make singlesocket() do + what we want */ + data->mstate = CURLM_STATE_COMPLETED; +@@ -778,12 +794,22 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + /* Remove the association between the connection and the handle */ + Curl_detach_connnection(data); + ++ if(data->state.lastconnect) { ++ /* Mark any connect-only connection for closure */ ++ Curl_conncache_foreach(data, data->state.conn_cache, ++ data, &close_connect_only); ++ } ++ + #ifdef USE_LIBPSL + /* Remove the PSL association. */ + if(data->psl == &multi->psl) + data->psl = NULL; + #endif + ++ /* as this was using a shared connection cache we clear the pointer to that ++ since we're not part of that multi handle anymore */ ++ data->state.conn_cache = NULL; ++ + data->multi = NULL; /* clear the association to this multi handle */ + + /* make sure there's no pending message in the queue sent from this easy +diff --git a/tests/data/test1554 b/tests/data/test1554 +index d3926d9..fffa6ad 100644 +--- a/tests/data/test1554 ++++ b/tests/data/test1554 +@@ -50,6 +50,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -65,6 +67,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + run 1: foobar and so on fun! + -> Mutex lock + <- Mutex unlock +@@ -74,6 +78,8 @@ run 1: foobar and so on fun! + <- Mutex unlock + -> Mutex lock + <- Mutex unlock ++-> Mutex lock ++<- Mutex unlock + </datacheck> + </reply> + +-- +2.25.4 + + +From 01148ee40dd913a169435b0f9ea90e6393821e70 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Sun, 16 Aug 2020 11:34:35 +0200 +Subject: [PATCH 3/3] Curl_easy: remember last connection by id, not by pointer + +CVE-2020-8231 + +Bug: https://curl.haxx.se/docs/CVE-2020-8231.html + +Reported-by: Marc Aldorasi +Closes #5824 + +Upstream-commit: 3c9e021f86872baae412a427e807fbfa2f3e8a22 +Signed-off-by: Kamil Dudka <kdudka@redhat.com> +--- + lib/connect.c | 19 ++++++++++--------- + lib/easy.c | 3 +-- + lib/multi.c | 9 +++++---- + lib/url.c | 2 +- + lib/urldata.h | 2 +- + 5 files changed, 18 insertions(+), 17 deletions(-) + +diff --git a/lib/connect.c b/lib/connect.c +index 29293f0..e1c5662 100644 +--- a/lib/connect.c ++++ b/lib/connect.c +@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */ + } + + struct connfind { +- struct connectdata *tofind; +- bool found; ++ long id_tofind; ++ struct connectdata *found; + }; + + static int conn_is_conn(struct connectdata *conn, void *param) + { + struct connfind *f = (struct connfind *)param; +- if(conn == f->tofind) { +- f->found = TRUE; ++ if(conn->connection_id == f->id_tofind) { ++ f->found = conn; + return 1; + } + return 0; +@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, + * - that is associated with a multi handle, and whose connection + * was detached with CURLOPT_CONNECT_ONLY + */ +- if(data->state.lastconnect && (data->multi_easy || data->multi)) { +- struct connectdata *c = data->state.lastconnect; ++ if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { ++ struct connectdata *c; + struct connfind find; +- find.tofind = data->state.lastconnect; +- find.found = FALSE; ++ find.id_tofind = data->state.lastconnect_id; ++ find.found = NULL; + + Curl_conncache_foreach(data, data->multi_easy? + &data->multi_easy->conn_cache: + &data->multi->conn_cache, &find, conn_is_conn); + + if(!find.found) { +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + return CURL_SOCKET_BAD; + } + ++ c = find.found; + if(connp) { + /* only store this if the caller cares for it */ + *connp = c; +diff --git a/lib/easy.c b/lib/easy.c +index 292cca7..a69eb9e 100644 +--- a/lib/easy.c ++++ b/lib/easy.c +@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) + + /* the connection cache is setup on demand */ + outcurl->state.conn_cache = NULL; +- +- outcurl->state.lastconnect = NULL; ++ outcurl->state.lastconnect_id = -1; + + outcurl->progress.flags = data->progress.flags; + outcurl->progress.callback = data->progress.callback; +diff --git a/lib/multi.c b/lib/multi.c +index f1371bd..778c537 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -453,6 +453,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + data->state.conn_cache = &data->share->conn_cache; + else + data->state.conn_cache = &multi->conn_cache; ++ data->state.lastconnect_id = -1; + + #ifdef USE_LIBPSL + /* Do the same for PSL. */ +@@ -671,11 +672,11 @@ static CURLcode multi_done(struct Curl_easy *data, + CONNCACHE_UNLOCK(data); + if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ +- data->state.lastconnect = conn; ++ data->state.lastconnect_id = conn->connection_id; + infof(data, "%s\n", buffer); + } + else +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + } + + Curl_free_request_state(data); +@@ -686,7 +687,7 @@ static int close_connect_only(struct connectdata *conn, void *param) + { + struct Curl_easy *data = param; + +- if(data->state.lastconnect != conn) ++ if(data->state.lastconnect_id != conn->connection_id) + return 0; + + if(conn->data != data) +@@ -794,7 +795,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, + /* Remove the association between the connection and the handle */ + Curl_detach_connnection(data); + +- if(data->state.lastconnect) { ++ if(data->state.lastconnect_id != -1) { + /* Mark any connect-only connection for closure */ + Curl_conncache_foreach(data, data->state.conn_cache, + data, &close_connect_only); +diff --git a/lib/url.c b/lib/url.c +index a1a6b69..2919a3d 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl) + Curl_initinfo(data); + + /* most recent connection is not yet defined */ +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + + data->progress.flags |= PGRS_HIDE; + data->state.current_speed = -1; /* init to negative == impossible */ +diff --git a/lib/urldata.h b/lib/urldata.h +index f80a02d..6d8eb69 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1332,7 +1332,7 @@ struct UrlState { + /* buffers to store authentication data in, as parsed from input options */ + struct curltime keeps_speed; /* for the progress meter really */ + +- struct connectdata *lastconnect; /* The last connection, NULL if undefined */ ++ long lastconnect_id; /* The last connection, -1 if undefined */ + + char *headerbuff; /* allocated buffer to store headers in */ + size_t headersize; /* size of the allocation */ +-- +2.25.4 + diff --git a/meta/recipes-support/curl/curl/CVE-2020-8284.patch b/meta/recipes-support/curl/curl/CVE-2020-8284.patch new file mode 100644 index 0000000000..ed6e8049a6 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8284.patch @@ -0,0 +1,209 @@ +From ec9cc725d598ac77de7b6df8afeec292b3c8ad46 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 24 Nov 2020 14:56:57 +0100 +Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default + +The command line tool also independently sets --ftp-skip-pasv-ip by +default. + +Ten test cases updated to adapt the modified --libcurl output. + +Bug: https://curl.se/docs/CVE-2020-8284.html +CVE-2020-8284 + +Reported-by: Varnavas Papaioannou + +Upstream-Status: Backport [https://github.com/curl/curl/commit/ec9cc725d598ac] +CVE: CVE-2020-8284 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + docs/cmdline-opts/ftp-skip-pasv-ip.d | 2 ++ + docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 | 8 +++++--- + lib/url.c | 1 + + src/tool_cfgable.c | 1 + + tests/data/test1400 | 1 + + tests/data/test1401 | 1 + + tests/data/test1402 | 1 + + tests/data/test1403 | 1 + + tests/data/test1404 | 1 + + tests/data/test1405 | 1 + + tests/data/test1406 | 1 + + tests/data/test1407 | 1 + + tests/data/test1420 | 1 + + 14 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d +index d6fd4589b1e..bcf4e7e62f2 100644 +--- a/docs/cmdline-opts/ftp-skip-pasv-ip.d ++++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d +@@ -10,4 +10,6 @@ to curl's PASV command when curl connects the data connection. Instead curl + will re-use the same IP address it already uses for the control + connection. + ++Since curl 7.74.0 this option is enabled by default. ++ + This option has no effect if PORT, EPRT or EPSV is used instead of PASV. +diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 +index d6217d0d8ca..fa87ddce769 100644 +--- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 ++++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 +@@ -5,7 +5,7 @@ + .\" * | (__| |_| | _ <| |___ + .\" * \___|\___/|_| \_\_____| + .\" * +-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. ++.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + .\" * + .\" * This software is licensed as described in the file COPYING, which + .\" * you should have received as part of this distribution. The terms +@@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port + number from the 227-response. + + This option thus allows libcurl to work around broken server installations +-that due to NATs, firewalls or incompetence report the wrong IP address back. ++that due to NATs, firewalls or incompetence report the wrong IP address ++back. Setting the option also reduces the risk for various sorts of client ++abuse by malicious servers. + + This option has no effect if PORT, EPRT or EPSV is used instead of PASV. + .SH DEFAULT +-0 ++1 since 7.74.0, was 0 before then. + .SH PROTOCOLS + FTP + .SH EXAMPLE +diff --git a/lib/url.c b/lib/url.c +index f8b2a0030de..2b0ba87ba87 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -497,6 +497,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) + set->ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */ + set->ftp_use_pret = FALSE; /* mainly useful for drftpd servers */ + set->ftp_filemethod = FTPFILE_MULTICWD; ++ set->ftp_skip_ip = TRUE; /* skip PASV IP by default */ + #endif + set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */ + +diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c +index c52d8e1c6bb..4c06d3557b7 100644 +--- a/src/tool_cfgable.c ++++ b/src/tool_cfgable.c +@@ -44,6 +44,7 @@ void config_init(struct OperationConfig *config) + config->tcp_nodelay = TRUE; /* enabled by default */ + config->happy_eyeballs_timeout_ms = CURL_HET_DEFAULT; + config->http09_allowed = FALSE; ++ config->ftp_skip_ip = TRUE; + } + + static void free_config_fields(struct OperationConfig *config) +diff --git a/tests/data/test1400 b/tests/data/test1400 +index 812ad0b88d9..b7060eca58e 100644 +--- a/tests/data/test1400 ++++ b/tests/data/test1400 +@@ -73,6 +73,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); + curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated +diff --git a/tests/data/test1401 b/tests/data/test1401 +index f93b3d637de..a2629683aff 100644 +--- a/tests/data/test1401 ++++ b/tests/data/test1401 +@@ -87,6 +87,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); + curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip"); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE | + (long)CURLPROTO_FTP | +diff --git a/tests/data/test1402 b/tests/data/test1402 +index 7593c516da1..1bd55cb4e3b 100644 +--- a/tests/data/test1402 ++++ b/tests/data/test1402 +@@ -78,6 +78,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); + curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated +diff --git a/tests/data/test1403 b/tests/data/test1403 +index ecb4dd3dcab..a7c9fcca322 100644 +--- a/tests/data/test1403 ++++ b/tests/data/test1403 +@@ -73,6 +73,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); + curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated +diff --git a/tests/data/test1404 b/tests/data/test1404 +index 97622b63948..1d8e8cf7779 100644 +--- a/tests/data/test1404 ++++ b/tests/data/test1404 +@@ -147,6 +147,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); + curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated +diff --git a/tests/data/test1405 b/tests/data/test1405 +index 2bac79eda74..b4087704f7b 100644 +--- a/tests/data/test1405 ++++ b/tests/data/test1405 +@@ -89,6 +89,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2); + curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated +diff --git a/tests/data/test1406 b/tests/data/test1406 +index 51a166adff2..38f68d11ee1 100644 +--- a/tests/data/test1406 ++++ b/tests/data/test1406 +@@ -79,6 +79,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_URL, "smtp://%HOSTIP:%SMTPPORT/1406"); + curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "sender@example.com"); + curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1); +diff --git a/tests/data/test1407 b/tests/data/test1407 +index f6879008fb2..a7e13ba7585 100644 +--- a/tests/data/test1407 ++++ b/tests/data/test1407 +@@ -62,6 +62,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 1L); + curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret"); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated +diff --git a/tests/data/test1420 b/tests/data/test1420 +index 057ecc4773a..4b8d7bbf418 100644 +--- a/tests/data/test1420 ++++ b/tests/data/test1420 +@@ -67,6 +67,7 @@ int main(int argc, char *argv[]) + curl_easy_setopt(hnd, CURLOPT_URL, "imap://%HOSTIP:%IMAPPORT/1420/;MAILINDEX=1"); + curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret"); + curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); ++ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); + curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); + + /* Here is a list of options the curl code used that cannot get generated + + diff --git a/meta/recipes-support/curl/curl/CVE-2020-8285.patch b/meta/recipes-support/curl/curl/CVE-2020-8285.patch new file mode 100644 index 0000000000..a66729b180 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8285.patch @@ -0,0 +1,260 @@ +From 6fda045b19a9066701b5e09cfa657a13a3accbf3 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Sat, 28 Nov 2020 00:27:21 +0100 +Subject: [PATCH] ftp: make wc_statemach loop instead of recurse + +CVE-2020-8285 + +Fixes #6255 +Bug: https://curl.se/docs/CVE-2020-8285.html +Reported-by: xnynx on github + +Upstream-commit: 69a358f2186e04cf44698b5100332cbf1ee7f01d +Signed-off-by: Kamil Dudka <kdudka@redhat.com> + +Upstream-Status: Backport [import from fedora https://koji.fedoraproject.org/koji/fileinfo?rpmID=24270817&filename=0006-curl-7.69.1-CVE-2020-8285.patch] +CVE: CVE-2020-8285 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + lib/ftp.c | 202 +++++++++++++++++++++++++++--------------------------- + 1 file changed, 102 insertions(+), 100 deletions(-) + +diff --git a/lib/ftp.c b/lib/ftp.c +index 57b22ad..3382772 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -3763,129 +3763,131 @@ static CURLcode init_wc_data(struct connectdata *conn) + return result; + } + +-/* This is called recursively */ + static CURLcode wc_statemach(struct connectdata *conn) + { + struct WildcardData * const wildcard = &(conn->data->wildcard); + CURLcode result = CURLE_OK; + +- switch(wildcard->state) { +- case CURLWC_INIT: +- result = init_wc_data(conn); +- if(wildcard->state == CURLWC_CLEAN) +- /* only listing! */ +- break; +- wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING; +- break; ++ for(;;) { ++ switch(wildcard->state) { ++ case CURLWC_INIT: ++ result = init_wc_data(conn); ++ if(wildcard->state == CURLWC_CLEAN) ++ /* only listing! */ ++ return result; ++ wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING; ++ return result; + +- case CURLWC_MATCHING: { +- /* In this state is LIST response successfully parsed, so lets restore +- previous WRITEFUNCTION callback and WRITEDATA pointer */ +- struct ftp_wc *ftpwc = wildcard->protdata; +- conn->data->set.fwrite_func = ftpwc->backup.write_function; +- conn->data->set.out = ftpwc->backup.file_descriptor; +- ftpwc->backup.write_function = ZERO_NULL; +- ftpwc->backup.file_descriptor = NULL; +- wildcard->state = CURLWC_DOWNLOADING; +- +- if(Curl_ftp_parselist_geterror(ftpwc->parser)) { +- /* error found in LIST parsing */ +- wildcard->state = CURLWC_CLEAN; +- return wc_statemach(conn); +- } +- if(wildcard->filelist.size == 0) { +- /* no corresponding file */ +- wildcard->state = CURLWC_CLEAN; +- return CURLE_REMOTE_FILE_NOT_FOUND; ++ case CURLWC_MATCHING: { ++ /* In this state is LIST response successfully parsed, so lets restore ++ previous WRITEFUNCTION callback and WRITEDATA pointer */ ++ struct ftp_wc *ftpwc = wildcard->protdata; ++ conn->data->set.fwrite_func = ftpwc->backup.write_function; ++ conn->data->set.out = ftpwc->backup.file_descriptor; ++ ftpwc->backup.write_function = ZERO_NULL; ++ ftpwc->backup.file_descriptor = NULL; ++ wildcard->state = CURLWC_DOWNLOADING; ++ ++ if(Curl_ftp_parselist_geterror(ftpwc->parser)) { ++ /* error found in LIST parsing */ ++ wildcard->state = CURLWC_CLEAN; ++ continue; ++ } ++ if(wildcard->filelist.size == 0) { ++ /* no corresponding file */ ++ wildcard->state = CURLWC_CLEAN; ++ return CURLE_REMOTE_FILE_NOT_FOUND; ++ } ++ continue; + } +- return wc_statemach(conn); +- } + +- case CURLWC_DOWNLOADING: { +- /* filelist has at least one file, lets get first one */ +- struct ftp_conn *ftpc = &conn->proto.ftpc; +- struct curl_fileinfo *finfo = wildcard->filelist.head->ptr; +- struct FTP *ftp = conn->data->req.protop; ++ case CURLWC_DOWNLOADING: { ++ /* filelist has at least one file, lets get first one */ ++ struct ftp_conn *ftpc = &conn->proto.ftpc; ++ struct curl_fileinfo *finfo = wildcard->filelist.head->ptr; ++ struct FTP *ftp = conn->data->req.protop; + +- char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename); +- if(!tmp_path) +- return CURLE_OUT_OF_MEMORY; ++ char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename); ++ if(!tmp_path) ++ return CURLE_OUT_OF_MEMORY; + +- /* switch default ftp->path and tmp_path */ +- free(ftp->pathalloc); +- ftp->pathalloc = ftp->path = tmp_path; +- +- infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename); +- if(conn->data->set.chunk_bgn) { +- long userresponse; +- Curl_set_in_callback(conn->data, true); +- userresponse = conn->data->set.chunk_bgn( +- finfo, wildcard->customptr, (int)wildcard->filelist.size); +- Curl_set_in_callback(conn->data, false); +- switch(userresponse) { +- case CURL_CHUNK_BGN_FUNC_SKIP: +- infof(conn->data, "Wildcard - \"%s\" skipped by user\n", +- finfo->filename); +- wildcard->state = CURLWC_SKIP; +- return wc_statemach(conn); +- case CURL_CHUNK_BGN_FUNC_FAIL: +- return CURLE_CHUNK_FAILED; ++ /* switch default ftp->path and tmp_path */ ++ free(ftp->pathalloc); ++ ftp->pathalloc = ftp->path = tmp_path; ++ ++ infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename); ++ if(conn->data->set.chunk_bgn) { ++ long userresponse; ++ Curl_set_in_callback(conn->data, true); ++ userresponse = conn->data->set.chunk_bgn( ++ finfo, wildcard->customptr, (int)wildcard->filelist.size); ++ Curl_set_in_callback(conn->data, false); ++ switch(userresponse) { ++ case CURL_CHUNK_BGN_FUNC_SKIP: ++ infof(conn->data, "Wildcard - \"%s\" skipped by user\n", ++ finfo->filename); ++ wildcard->state = CURLWC_SKIP; ++ continue; ++ case CURL_CHUNK_BGN_FUNC_FAIL: ++ return CURLE_CHUNK_FAILED; ++ } + } +- } + +- if(finfo->filetype != CURLFILETYPE_FILE) { +- wildcard->state = CURLWC_SKIP; +- return wc_statemach(conn); +- } ++ if(finfo->filetype != CURLFILETYPE_FILE) { ++ wildcard->state = CURLWC_SKIP; ++ continue; ++ } + +- if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE) +- ftpc->known_filesize = finfo->size; ++ if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE) ++ ftpc->known_filesize = finfo->size; + +- result = ftp_parse_url_path(conn); +- if(result) +- return result; ++ result = ftp_parse_url_path(conn); ++ if(result) ++ return result; + +- /* we don't need the Curl_fileinfo of first file anymore */ +- Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); ++ /* we don't need the Curl_fileinfo of first file anymore */ ++ Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); + +- if(wildcard->filelist.size == 0) { /* remains only one file to down. */ +- wildcard->state = CURLWC_CLEAN; +- /* after that will be ftp_do called once again and no transfer +- will be done because of CURLWC_CLEAN state */ +- return CURLE_OK; ++ if(wildcard->filelist.size == 0) { /* remains only one file to down. */ ++ wildcard->state = CURLWC_CLEAN; ++ /* after that will be ftp_do called once again and no transfer ++ will be done because of CURLWC_CLEAN state */ ++ return CURLE_OK; ++ } ++ return result; + } +- } break; + +- case CURLWC_SKIP: { +- if(conn->data->set.chunk_end) { +- Curl_set_in_callback(conn->data, true); +- conn->data->set.chunk_end(conn->data->wildcard.customptr); +- Curl_set_in_callback(conn->data, false); ++ case CURLWC_SKIP: { ++ if(conn->data->set.chunk_end) { ++ Curl_set_in_callback(conn->data, true); ++ conn->data->set.chunk_end(conn->data->wildcard.customptr); ++ Curl_set_in_callback(conn->data, false); ++ } ++ Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); ++ wildcard->state = (wildcard->filelist.size == 0) ? ++ CURLWC_CLEAN : CURLWC_DOWNLOADING; ++ continue; + } +- Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); +- wildcard->state = (wildcard->filelist.size == 0) ? +- CURLWC_CLEAN : CURLWC_DOWNLOADING; +- return wc_statemach(conn); +- } + +- case CURLWC_CLEAN: { +- struct ftp_wc *ftpwc = wildcard->protdata; +- result = CURLE_OK; +- if(ftpwc) +- result = Curl_ftp_parselist_geterror(ftpwc->parser); ++ case CURLWC_CLEAN: { ++ struct ftp_wc *ftpwc = wildcard->protdata; ++ result = CURLE_OK; ++ if(ftpwc) ++ result = Curl_ftp_parselist_geterror(ftpwc->parser); + +- wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE; +- } break; ++ wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE; ++ return result; ++ } + +- case CURLWC_DONE: +- case CURLWC_ERROR: +- case CURLWC_CLEAR: +- if(wildcard->dtor) +- wildcard->dtor(wildcard->protdata); +- break; ++ case CURLWC_DONE: ++ case CURLWC_ERROR: ++ case CURLWC_CLEAR: ++ if(wildcard->dtor) ++ wildcard->dtor(wildcard->protdata); ++ return result; ++ } + } +- +- return result; ++ /* UNREACHABLE */ + } + + /*********************************************************************** +-- +2.26.2 + diff --git a/meta/recipes-support/curl/curl/CVE-2020-8286.patch b/meta/recipes-support/curl/curl/CVE-2020-8286.patch new file mode 100644 index 0000000000..093562fe01 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8286.patch @@ -0,0 +1,133 @@ +From 43d1163b3730f715704240f7f6d31af289246873 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Wed, 2 Dec 2020 23:01:11 +0100 +Subject: [PATCH] openssl: make the OCSP verification verify the certificate id + +CVE-2020-8286 + +Reported by anonymous + +Bug: https://curl.se/docs/CVE-2020-8286.html + +Upstream-commit: d9d01672785b8ac04aab1abb6de95fe3072ae199 +Signed-off-by: Kamil Dudka <kdudka@redhat.com> + +Upstream-Status: Backport [import from fedora https://koji.fedoraproject.org/koji/fileinfo?rpmID=24270817&filename=0007-curl-7.71.1-CVE-2020-8286.patch ] +CVE: CVE-2020-8286 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + lib/vtls/openssl.c | 83 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 54 insertions(+), 29 deletions(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 1d09cad..bcfd83b 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -1717,6 +1717,11 @@ static CURLcode verifystatus(struct connectdata *conn, + OCSP_BASICRESP *br = NULL; + X509_STORE *st = NULL; + STACK_OF(X509) *ch = NULL; ++ X509 *cert; ++ OCSP_CERTID *id = NULL; ++ int cert_status, crl_reason; ++ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; ++ int ret; + + long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status); + +@@ -1785,43 +1790,63 @@ static CURLcode verifystatus(struct connectdata *conn, + goto end; + } + +- for(i = 0; i < OCSP_resp_count(br); i++) { +- int cert_status, crl_reason; +- OCSP_SINGLERESP *single = NULL; +- +- ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; ++ /* Compute the certificate's ID */ ++ cert = SSL_get_peer_certificate(BACKEND->handle); ++ if(!cert) { ++ failf(data, "Error getting peer certficate"); ++ result = CURLE_SSL_INVALIDCERTSTATUS; ++ goto end; ++ } + +- single = OCSP_resp_get0(br, i); +- if(!single) +- continue; ++ for(i = 0; i < sk_X509_num(ch); i++) { ++ X509 *issuer = sk_X509_value(ch, i); ++ if(X509_check_issued(issuer, cert) == X509_V_OK) { ++ id = OCSP_cert_to_id(EVP_sha1(), cert, issuer); ++ break; ++ } ++ } ++ X509_free(cert); + +- cert_status = OCSP_single_get0_status(single, &crl_reason, &rev, +- &thisupd, &nextupd); ++ if(!id) { ++ failf(data, "Error computing OCSP ID"); ++ result = CURLE_SSL_INVALIDCERTSTATUS; ++ goto end; ++ } + +- if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) { +- failf(data, "OCSP response has expired"); +- result = CURLE_SSL_INVALIDCERTSTATUS; +- goto end; +- } ++ /* Find the single OCSP response corresponding to the certificate ID */ ++ ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev, ++ &thisupd, &nextupd); ++ OCSP_CERTID_free(id); ++ if(ret != 1) { ++ failf(data, "Could not find certificate ID in OCSP response"); ++ result = CURLE_SSL_INVALIDCERTSTATUS; ++ goto end; ++ } + +- infof(data, "SSL certificate status: %s (%d)\n", +- OCSP_cert_status_str(cert_status), cert_status); ++ /* Validate the corresponding single OCSP response */ ++ if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) { ++ failf(data, "OCSP response has expired"); ++ result = CURLE_SSL_INVALIDCERTSTATUS; ++ goto end; ++ } + +- switch(cert_status) { +- case V_OCSP_CERTSTATUS_GOOD: +- break; ++ infof(data, "SSL certificate status: %s (%d)\n", ++ OCSP_cert_status_str(cert_status), cert_status); + +- case V_OCSP_CERTSTATUS_REVOKED: +- result = CURLE_SSL_INVALIDCERTSTATUS; ++ switch(cert_status) { ++ case V_OCSP_CERTSTATUS_GOOD: ++ break; + +- failf(data, "SSL certificate revocation reason: %s (%d)", +- OCSP_crl_reason_str(crl_reason), crl_reason); +- goto end; ++ case V_OCSP_CERTSTATUS_REVOKED: ++ result = CURLE_SSL_INVALIDCERTSTATUS; ++ failf(data, "SSL certificate revocation reason: %s (%d)", ++ OCSP_crl_reason_str(crl_reason), crl_reason); ++ goto end; + +- case V_OCSP_CERTSTATUS_UNKNOWN: +- result = CURLE_SSL_INVALIDCERTSTATUS; +- goto end; +- } ++ case V_OCSP_CERTSTATUS_UNKNOWN: ++ default: ++ result = CURLE_SSL_INVALIDCERTSTATUS; ++ goto end; + } + + end: +-- +2.26.2 + diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 239852db09..c3d629108a 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -9,6 +9,10 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ file://CVE-2020-8169.patch \ file://CVE-2020-8177.patch \ + file://CVE-2020-8231.patch \ + file://CVE-2020-8284.patch \ + file://CVE-2020-8285.patch \ + file://CVE-2020-8286.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 15/19] xorg: Security fix for CVE-2020-14345 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (13 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 14/19] curl: fix CVE-2020-8231/8284/8285/8286 Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 16/19] glibc: Security fix for CVE-2020-29573 Steve Sakoman ` (3 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Armin Kuster <akuster@mvista.com> Source: freedesktop.org MR: 105894 Type: Security Fix Disposition: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d ChangeID: 2c6b7553d8e5bc152258ad1794d95cb7d8b215eb Description: CVE-2020-14345 fix Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../xserver-xorg/CVE-2020-14345.patch | 182 ++++++++++++++++++ .../xorg-xserver/xserver-xorg_1.20.8.bb | 1 + 2 files changed, 183 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch new file mode 100644 index 0000000000..fb3a37c474 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch @@ -0,0 +1,182 @@ +From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 18 Aug 2020 14:46:32 +0200 +Subject: [PATCH] Correct bounds checking in XkbSetNames() + +CVE-2020-14345 / ZDI 11428 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> + +Upstream-Status: Backport +CVE: CVE-2020-14345 +Affects < 1.20.9 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 48 insertions(+) + +Index: xorg-server-1.20.8/xkb/xkb.c +=================================================================== +--- xorg-server-1.20.8.orig/xkb/xkb.c ++++ xorg-server-1.20.8/xkb/xkb.c +@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT; + #define CHK_REQ_KEY_RANGE(err,first,num,r) \ + CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue) + ++static Bool ++_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) { ++ char *cstuff = (char *)stuff; ++ char *cfrom = (char *)from; ++ char *cto = (char *)to; ++ ++ return cfrom < cto && ++ cfrom >= cstuff && ++ cfrom < cstuff + ((size_t)client->req_len << 2) && ++ cto >= cstuff && ++ cto <= cstuff + ((size_t)client->req_len << 2); ++} ++ + /***====================================================================***/ + + int +@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi + client->errorValue = _XkbErrCode2(0x04, stuff->firstType); + return BadAccess; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes)) ++ return BadLength; + old = tmp; + tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad); + if (!tmp) { +@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi + } + width = (CARD8 *) tmp; + tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels)); ++ if (!_XkbCheckRequestBounds(client, stuff, width, tmp)) ++ return BadLength; + type = &xkb->map->types[stuff->firstKTLevel]; + for (i = 0; i < stuff->nKTLevels; i++, type++) { + if (width[i] == 0) +@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi + type->num_levels, width[i]); + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i])) ++ return BadLength; + tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad); + if (!tmp) { + client->errorValue = bad; +@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi + client->errorValue = 0x08; + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + Ones(stuff->indicators))) ++ return BadLength; + tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators, + client->swapped, &bad); + if (!tmp) { +@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi + client->errorValue = 0x09; + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + Ones(stuff->virtualMods))) ++ return BadLength; + tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods, + (CARD32) stuff->virtualMods, + client->swapped, &bad); +@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi + client->errorValue = 0x0a; + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + Ones(stuff->groupNames))) ++ return BadLength; + tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups, + (CARD32) stuff->groupNames, + client->swapped, &bad); +@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, Devi + stuff->nKeys); + return BadValue; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys)) ++ return BadLength; + tmp += stuff->nKeys; + } + if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) { ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + (stuff->nKeyAliases * 2))) ++ return BadLength; + tmp += stuff->nKeyAliases * 2; + } + if (stuff->which & XkbRGNamesMask) { +@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi + client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups); + return BadValue; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + stuff->nRadioGroups)) ++ return BadLength; + tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad); + if (!tmp) { + client->errorValue = bad; +@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client) + /* check device-independent stuff */ + tmp = (CARD32 *) &stuff[1]; + ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbKeycodesNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbGeometryNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbSymbolsNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbPhysSymbolsNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbTypesNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbCompatNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb index 51d959f86c..2af1b6f307 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb @@ -9,6 +9,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2020-14346.patch \ file://CVE-2020-14361.patch \ file://CVE-2020-14362.patch \ + file://CVE-2020-14345.patch \ " SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839" SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 16/19] glibc: Security fix for CVE-2020-29573 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (14 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 15/19] xorg: Security fix for CVE-2020-14345 Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 17/19] glibc: CVE-2019-25013 Steve Sakoman ` (2 subsequent siblings) 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Armin Kuster <akuster@mvista.com> Source: glibc.org MR: 107580 Type: Security Fix Disposition: Backport from https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61 ChangeID: 7bc5edb2e1947ac0774a453000a1568bbe3bb7d2 Description: Fixedup to match 2.31 context. ldbl2mpn.c is in i386 for this version Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../glibc/glibc/CVE-2020-29573.patch | 128 ++++++++++++++++++ meta/recipes-core/glibc/glibc_2.31.bb | 1 + 2 files changed, 129 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-29573.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch new file mode 100644 index 0000000000..1e75f2d29d --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch @@ -0,0 +1,128 @@ +From 681900d29683722b1cb0a8e565a0585846ec5a61 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Tue, 22 Sep 2020 19:07:48 +0200 +Subject: [PATCH] x86: Harden printf against non-normal long double values (bug + 26649) + +The behavior of isnan/__builtin_isnan on bit patterns that do not +correspond to something that the CPU would produce from valid inputs +is currently under-defined in the toolchain. (The GCC built-in and +glibc disagree.) + +The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c +assumes the GCC behavior that returns true for non-normal numbers +which are not specified as NaN. (The glibc implementation returns +false for such numbers.) + +At present, passing non-normal numbers to __mpn_extract_long_double +causes this function to produce irregularly shaped multi-precision +integers, triggering undefined behavior in __printf_fp_l. + +With GCC 10 and glibc 2.32, this behavior is not visible because +__builtin_isnan is used, which avoids calling +__mpn_extract_long_double in this case. This commit updates the +implementation of __mpn_extract_long_double so that regularly shaped +multi-precision integers are produced in this case, avoiding +undefined behavior in __printf_fp_l. + +Upstream-Status: Backport [git://sourceware.org/git/glibc.git] +CVE: CVE-2020-29573 +Signed-off-By: Armin Kuster <akuster@mvista.com> + +--- + sysdeps/x86/Makefile | 4 ++ + sysdeps/x86/ldbl2mpn.c | 8 ++++ + sysdeps/x86/tst-ldbl-nonnormal-printf.c | 52 +++++++++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 sysdeps/x86/tst-ldbl-nonnormal-printf.c + +Index: git/sysdeps/x86/Makefile +=================================================================== +--- git.orig/sysdeps/x86/Makefile ++++ git/sysdeps/x86/Makefile +@@ -9,6 +9,10 @@ tests += tst-get-cpu-features tst-get-cp + tests-static += tst-get-cpu-features-static + endif + ++ifeq ($(subdir),math) ++tests += tst-ldbl-nonnormal-printf ++endif # $(subdir) == math ++ + ifeq ($(subdir),setjmp) + gen-as-const-headers += jmp_buf-ssp.sym + sysdep_routines += __longjmp_cancel +Index: git/sysdeps/x86/tst-ldbl-nonnormal-printf.c +=================================================================== +--- /dev/null ++++ git/sysdeps/x86/tst-ldbl-nonnormal-printf.c +@@ -0,0 +1,52 @@ ++/* Test printf with x86-specific non-normal long double value. ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <stdio.h> ++#include <string.h> ++#include <support/check.h> ++ ++/* Fill the stack with non-zero values. This makes a crash in ++ snprintf more likely. */ ++static void __attribute__ ((noinline, noclone)) ++fill_stack (void) ++{ ++ char buffer[65536]; ++ memset (buffer, 0xc0, sizeof (buffer)); ++ asm ("" ::: "memory"); ++} ++ ++static int ++do_test (void) ++{ ++ fill_stack (); ++ ++ long double value; ++ memcpy (&value, "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04", 10); ++ ++ char buf[30]; ++ int ret = snprintf (buf, sizeof (buf), "%Lg", value); ++ TEST_COMPARE (ret, strlen (buf)); ++ if (strcmp (buf, "nan") != 0) ++ /* If snprintf does not recognize the non-normal number as a NaN, ++ it has added the missing explicit MSB. */ ++ TEST_COMPARE_STRING (buf, "3.02201e-4624"); ++ return 0; ++} ++ ++#include <support/test-driver.c> +Index: git/sysdeps/i386/ldbl2mpn.c +=================================================================== +--- git.orig/sysdeps/i386/ldbl2mpn.c ++++ git/sysdeps/i386/ldbl2mpn.c +@@ -115,6 +115,12 @@ __mpn_extract_long_double (mp_ptr res_pt + && res_ptr[N - 1] == 0) + /* Pseudo zero. */ + *expt = 0; +- ++ else ++ /* The sign bit is explicit, but add it in case it is missing in ++ the input. Otherwise, callers will not be able to produce the ++ expected multi-precision integer layout by shifting the sign ++ bit into the MSB. */ ++ res_ptr[N - 1] |= (mp_limb_t) 1 << (LDBL_MANT_DIG - 1 ++ - ((N - 1) * BITS_PER_MP_LIMB)); + return N; + } diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 3a0d60abf8..067d4de64a 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -42,6 +42,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0028-inject-file-assembly-directives.patch \ file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ file://CVE-2020-29562.patch \ + file://CVE-2020-29573.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 17/19] glibc: CVE-2019-25013 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (15 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 16/19] glibc: Security fix for CVE-2020-29573 Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 18/19] zip: whitelist CVE-2018-13410 and CVE-2018-13684 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 19/19] ppp: Whitelist CVE-2020-15704 Steve Sakoman 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Scott Murray <scott.murray@konsulko.com> Source: openembedded.org MR: 107928 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=53d149df4d8832e34ace2470c31ddc688176faf7 ChangeID: 462441a4a91cb481401e170876c25dcdbd00f1e0 Description: * CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-25013 * upstream tracking: https://sourceware.org/bugzilla/show_bug.cgi?id=24973 * patch from upstream: https://sourceware.org/git/?p=glibc.git;a=patch; h=ee7a3144c9922808181009b7b3e50e852fb4999b (From OE-Core rev: 53d149df4d8832e34ace2470c31ddc688176faf7) Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 164b3e63612b40e984aec19c5a54c8ae408725ec) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../glibc/glibc/CVE-2019-25013.patch | 135 ++++++++++++++++++ meta/recipes-core/glibc/glibc_2.31.bb | 1 + 2 files changed, 136 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-25013.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch new file mode 100644 index 0000000000..73df1da868 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch @@ -0,0 +1,135 @@ +From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@suse.de> +Date: Mon, 21 Dec 2020 08:56:43 +0530 +Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973) + +The byte 0xfe as input to the EUC-KR conversion denotes a user-defined +area and is not allowed. The from_euc_kr function used to skip two bytes +when told to skip over the unknown designation, potentially running over +the buffer end. + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b] +CVE: CVE-2019-25013 +Signed-off-by: Scott Murray <scott.murray@konsulko.com> +[Refreshed for Dundell context; Makefile changes] +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + iconvdata/Makefile | 3 ++- + iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++ + iconvdata/euc-kr.c | 6 +---- + iconvdata/ksc5601.h | 6 ++--- + 4 files changed, 59 insertions(+), 9 deletions(-) + create mode 100644 iconvdata/bug-iconv13.c + +Index: git/iconvdata/Makefile +=================================================================== +--- git.orig/iconvdata/Makefile ++++ git/iconvdata/Makefile +@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules + ifeq (yes,$(build-shared)) + tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ +- bug-iconv10 bug-iconv11 bug-iconv12 ++ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 + ifeq ($(have-thread-library),yes) + tests += bug-iconv3 + endif +Index: git/iconvdata/bug-iconv13.c +=================================================================== +--- /dev/null ++++ git/iconvdata/bug-iconv13.c +@@ -0,0 +1,53 @@ ++/* bug 24973: Test EUC-KR module ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <errno.h> ++#include <iconv.h> ++#include <stdio.h> ++#include <support/check.h> ++ ++static int ++do_test (void) ++{ ++ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR"); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined ++ areas, which are not allowed and should be skipped over due to ++ //IGNORE. The trailing 0xfe also is an incomplete sequence, which ++ should be checked first. */ ++ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' }; ++ char *inptr = input; ++ size_t insize = sizeof (input); ++ char output[4]; ++ char *outptr = output; ++ size_t outsize = sizeof (output); ++ ++ /* This used to crash due to buffer overrun. */ ++ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1); ++ TEST_VERIFY (errno == EINVAL); ++ /* The conversion should produce one character, the converted null ++ character. */ ++ TEST_VERIFY (sizeof (output) - outsize == 1); ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) != -1); ++ ++ return 0; ++} ++ ++#include <support/test-driver.c> +Index: git/iconvdata/euc-kr.c +=================================================================== +--- git.orig/iconvdata/euc-kr.c ++++ git/iconvdata/euc-kr.c +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c + \ + if (ch <= 0x9f) \ + ++inptr; \ +- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \ +- user-defined areas. */ \ +- else if (__builtin_expect (ch == 0xa0, 0) \ +- || __builtin_expect (ch > 0xfe, 0) \ +- || __builtin_expect (ch == 0xc9, 0)) \ ++ else if (__glibc_unlikely (ch == 0xa0)) \ + { \ + /* This is illegal. */ \ + STANDARD_FROM_LOOP_ERR_HANDLER (1); \ +Index: git/iconvdata/ksc5601.h +=================================================================== +--- git.orig/iconvdata/ksc5601.h ++++ git/iconvdata/ksc5601.h +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s + unsigned char ch2; + int idx; + ++ if (avail < 2) ++ return 0; ++ + /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ + + if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e + || (ch - offset) == 0x49) + return __UNKNOWN_10646_CHAR; + +- if (avail < 2) +- return 0; +- + ch2 = (*s)[1]; + if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) + return __UNKNOWN_10646_CHAR; diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 067d4de64a..b75bbb4196 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ file://CVE-2020-29562.patch \ file://CVE-2020-29573.patch \ + file://CVE-2019-25013.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 18/19] zip: whitelist CVE-2018-13410 and CVE-2018-13684 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (16 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 17/19] glibc: CVE-2019-25013 Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 19/19] ppp: Whitelist CVE-2020-15704 Steve Sakoman 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Mikko Rapeli <mikko.rapeli@bmw.de> https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and also Debian considers it not a vulnerability: https://security-tracker.debian.org/tracker/CVE-2018-13410 http://seclists.org/fulldisclosure/2018/Jul/24 "Negligible security impact, would involve that a untrusted party controls the -TT value." https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this: https://security-tracker.debian.org/tracker/CVE-2018-13684 "NOT-FOR-US: smart contract implementation for ZIP" Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 06b72a91b6dcf63fed437fd2105c59e922ba6525) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/zip/zip_3.0.bb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index c00a932763..97e5e57533 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -19,6 +19,12 @@ UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37" SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369" +# Disputed and also Debian doesn't consider a vulnerability +CVE_CHECK_WHITELIST += "CVE-2018-13410" + +# Not for zip but for smart contract implementation for it +CVE_CHECK_WHITELIST += "CVE-2018-13684" + # zip.inc sets CFLAGS, but what Makefile actually uses is # CFLAGS_NOOPT. It will also force -O3 optimization, overriding # whatever we set. -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 19/19] ppp: Whitelist CVE-2020-15704 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman ` (17 preceding siblings ...) 2021-01-18 22:36 ` [OE-core][dunfell 18/19] zip: whitelist CVE-2018-13410 and CVE-2018-13684 Steve Sakoman @ 2021-01-18 22:36 ` Steve Sakoman 18 siblings, 0 replies; 22+ messages in thread From: Steve Sakoman @ 2021-01-18 22:36 UTC (permalink / raw) To: openembedded-core From: Robert Joslyn <robert.joslyn@redrectangle.org> This CVE only applies to the load_ppp_generic_if_needed patch applied by Ubuntu. This patch is not used by OpenEmbedded, so the CVE does not apply. Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 60c56dd0bd..76c1cc62a7 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -42,6 +42,10 @@ SRC_URI_append_libc-musl = "\ SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a" SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30" +# This CVE is specific to a patch applied by Ubuntu that is not used by +# OpenEmbedded. +CVE_CHECK_WHITELIST += "CVE-2020-15704" + inherit autotools-brokensep systemd TARGET_CC_ARCH += " ${LDFLAGS}" -- 2.17.1 ^ permalink raw reply related [flat|nested] 22+ messages in thread
end of thread, other threads:[~2021-01-18 23:44 UTC | newest] Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-01-18 22:36 [OE-core][dunfell 00/19] Patch review Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 01/19] go.bbclass: don't stage test data with sources of dependencies Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 02/19] meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 03/19] meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 04/19] systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 05/19] license_image.bbclass: fix missing recipeinfo on self Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 06/19] linux-yocto/5.4: update to v5.4.87 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 07/19] scripts: oe-run-native, fix *-native directories Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 08/19] buildstats.bbclass: add functionality to collect build system stats Steve Sakoman 2021-01-18 23:34 ` Richard Purdie 2021-01-18 23:44 ` Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 09/19] toolchain-shar-extract.sh: Handle special characters in script path Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 10/19] lib/oe/utils: Return empty string in parallel_make Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 11/19] boost: drop arm-intrinsics.patch Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 12/19] classes/waf: Add build and install arguments Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 13/19] waf: don't assume the waf intepretter is good Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 14/19] curl: fix CVE-2020-8231/8284/8285/8286 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 15/19] xorg: Security fix for CVE-2020-14345 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 16/19] glibc: Security fix for CVE-2020-29573 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 17/19] glibc: CVE-2019-25013 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 18/19] zip: whitelist CVE-2018-13410 and CVE-2018-13684 Steve Sakoman 2021-01-18 22:36 ` [OE-core][dunfell 19/19] ppp: Whitelist CVE-2020-15704 Steve Sakoman
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.