* [OE-core][kirkstone 00/10] Patch review
@ 2024-04-16 12:06 Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 01/10] cups: fix typo in CVE-2023-32360 backport patch Steve Sakoman
` (9 more replies)
0 siblings, 10 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 18
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6811
The following changes since commit 26a878cbfbb3bc7a6e892e105577ebf8138ce150:
common-licenses: Backport missing license (2024-04-02 08:04:42 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Stewart (1):
perl: ignore CVE-2023-47100
Jonathan GUILLOT (1):
cups: fix typo in CVE-2023-32360 backport patch
Khem Raj (1):
tcl: Add a way to skip ptests
Peter Marko (2):
openssl: patch CVE-2024-2511
ncurses: patch CVE-2023-50495
Ross Burton (2):
tcl: skip timing-dependent tests in run-ptest
tcl: skip async and event tests in run-ptest
Sana Kazi (1):
openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE
Steve Sakoman (1):
Revert "expat: fix CVE-2023-52425"
Vijay Anusuri (1):
xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081
.../openssh/openssh_8.9p1.bb | 5 +
.../openssl/openssl/CVE-2024-2511.patch | 122 ++++++++++
.../openssl/openssl_3.0.13.bb | 1 +
.../expat/expat/CVE-2023-52425-0001.patch | 40 ----
.../expat/expat/CVE-2023-52425-0002.patch | 87 -------
.../expat/expat/CVE-2023-52425-0003.patch | 222 ------------------
.../expat/expat/CVE-2023-52425-0004.patch | 42 ----
.../expat/expat/CVE-2023-52425-0005.patch | 69 ------
.../expat/expat/CVE-2023-52425-0006.patch | 67 ------
.../expat/expat/CVE-2023-52425-0007.patch | 159 -------------
.../expat/expat/CVE-2023-52425-0008.patch | 95 --------
.../expat/expat/CVE-2023-52425-0009.patch | 52 ----
.../expat/expat/CVE-2023-52425-0010.patch | 111 ---------
.../expat/expat/CVE-2023-52425-0011.patch | 89 -------
.../expat/expat/CVE-2023-52425-0012.patch | 87 -------
meta/recipes-core/expat/expat_2.5.0.bb | 12 -
.../ncurses/files/CVE-2023-50495.patch | 81 +++++++
.../ncurses/ncurses_6.3+20220423.bb | 1 +
meta/recipes-devtools/perl/perl_5.34.3.bb | 3 +
meta/recipes-devtools/tcltk/tcl/run-ptest | 6 +-
meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 5 +
.../cups/cups/CVE-2023-32360.patch | 2 +-
.../xserver-xorg/CVE-2024-31080.patch | 49 ++++
.../xserver-xorg/CVE-2024-31081.patch | 47 ++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
25 files changed, 322 insertions(+), 1134 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-50495.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch
--
2.34.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 01/10] cups: fix typo in CVE-2023-32360 backport patch
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100 Steve Sakoman
` (8 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Jonathan GUILLOT <jonathan@joggee.fr>
Typo prevents cupsd to start correctly with following error:
Unable to read "/etc/cups/cupsd.conf" due to errors.
Using `/usr/sbin/cupsd -t` to check the configuration:
Unknown authorization type Defaul on line 77 of /etc/cups/cupsd.conf.
Unknown Policy Limit directive AuthType on line 77 of /etc/cups/cupsd.conf.
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/cups/cups/CVE-2023-32360.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
index f1b0f9f918..c3db722f1f 100644
--- a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
+++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
@@ -27,7 +27,7 @@ index b258849..08f5070 100644
+ </Limit>
+
+ <Limit CUPS-Get-Document>
-+ AuthType Defaul
++ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 01/10] cups: fix typo in CVE-2023-32360 backport patch Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 03/10] openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE Steve Sakoman
` (7 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Alex Stewart <alex.stewart@ni.com>
CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/perl/perl_5.34.3.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb
index e8b518adc9..215990c8fa 100644
--- a/meta/recipes-devtools/perl/perl_5.34.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.3.bb
@@ -48,6 +48,9 @@ PACKAGECONFIG[gdbm] = ",-Ui_gdbm,gdbm"
# Don't generate comments in enc2xs output files. They are not reproducible
export ENC2XS_NO_COMMENTS = "1"
+# Duplicate of CVE-2023-47038, which has already been patched as of perl_5.34.3
+CVE_CHECK_IGNORE:append = " CVE-2023-47100"
+
do_configure:prepend() {
cp -rfp ${STAGING_DATADIR_NATIVE}/perl-cross/* ${S}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 03/10] openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 01/10] cups: fix typo in CVE-2023-32360 backport patch Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100 Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 04/10] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081 Steve Sakoman
` (6 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Sana Kazi <sanakazisk19@gmail.com>
Add CVE-2023-51767 to CVE_CHECK_IGNORE to avoid in cve-check reports
as upstream does not consider CVE-2023-51767 a bug underlying in
OpenSSH and does not intent to address it in OpenSSH.
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Sana Kazi <sana.kazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index bc8e2d81b8..6411a64eff 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -49,6 +49,11 @@ CVE_CHECK_IGNORE += "CVE-2014-9278"
# CVE only applies to some distributed RHEL binaries
CVE_CHECK_IGNORE += "CVE-2008-3844"
+# Upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and
+# does not intent to address it in OpenSSH
+# https://security-tracker.debian.org/tracker/CVE-2023-51767
+CVE_CHECK_IGNORE += "CVE-2023-51767"
+
PAM_SRC_URI = "file://sshd"
inherit manpages useradd update-rc.d update-alternatives systemd
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 04/10] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 03/10] openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 05/10] openssl: patch CVE-2024-2511 Steve Sakoman
` (5 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b
& https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xserver-xorg/CVE-2024-31080.patch | 49 +++++++++++++++++++
.../xserver-xorg/CVE-2024-31081.patch | 47 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
3 files changed, 98 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch
new file mode 100644
index 0000000000..40296903cd
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch
@@ -0,0 +1,49 @@
+From 96798fc1967491c80a4d0c8d9e0a80586cb2152b Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 22 Mar 2024 18:51:45 -0700
+Subject: [PATCH] Xi: ProcXIGetSelectedEvents needs to use unswapped length to
+ send reply
+
+CVE-2024-31080
+
+Reported-by: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762
+Fixes: 53e821ab4 ("Xi: add request processing for XIGetSelectedEvents.")
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b]
+CVE: CVE-2024-31080
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/xiselectev.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c
+index edcb8a0d36..ac14949871 100644
+--- a/Xi/xiselectev.c
++++ b/Xi/xiselectev.c
+@@ -349,6 +349,7 @@ ProcXIGetSelectedEvents(ClientPtr client)
+ InputClientsPtr others = NULL;
+ xXIEventMask *evmask = NULL;
+ DeviceIntPtr dev;
++ uint32_t length;
+
+ REQUEST(xXIGetSelectedEventsReq);
+ REQUEST_SIZE_MATCH(xXIGetSelectedEventsReq);
+@@ -418,10 +419,12 @@ ProcXIGetSelectedEvents(ClientPtr client)
+ }
+ }
+
++ /* save the value before SRepXIGetSelectedEvents swaps it */
++ length = reply.length;
+ WriteReplyToClient(client, sizeof(xXIGetSelectedEventsReply), &reply);
+
+ if (reply.num_masks)
+- WriteToClient(client, reply.length * 4, buffer);
++ WriteToClient(client, length * 4, buffer);
+
+ free(buffer);
+ return Success;
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch
new file mode 100644
index 0000000000..4380004700
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch
@@ -0,0 +1,47 @@
+From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 22 Mar 2024 18:56:27 -0700
+Subject: [PATCH] Xi: ProcXIPassiveGrabDevice needs to use unswapped length to
+ send reply
+
+CVE-2024-31081
+
+Fixes: d220d6907 ("Xi: add GrabButton and GrabKeysym code.")
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee]
+CVE: CVE-2024-31081
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/xipassivegrab.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
+index c9ac2f8553..896233bec2 100644
+--- a/Xi/xipassivegrab.c
++++ b/Xi/xipassivegrab.c
+@@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client)
+ GrabParameters param;
+ void *tmp;
+ int mask_len;
++ uint32_t length;
+
+ REQUEST(xXIPassiveGrabDeviceReq);
+ REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq,
+@@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client)
+ }
+ }
+
++ /* save the value before SRepXIPassiveGrabDevice swaps it */
++ length = rep.length;
+ WriteReplyToClient(client, sizeof(rep), &rep);
+ if (rep.num_modifiers)
+- WriteToClient(client, rep.length * 4, modifiers_failed);
++ WriteToClient(client, length * 4, modifiers_failed);
+
+ out:
+ free(modifiers_failed);
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index e62babd4cb..b9eed92103 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -16,6 +16,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2024-21886-2.patch \
file://CVE-2024-0408.patch \
file://CVE-2024-0409.patch \
+ file://CVE-2024-31080.patch \
+ file://CVE-2024-31081.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 05/10] openssl: patch CVE-2024-2511
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 04/10] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081 Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 06/10] ncurses: patch CVE-2023-50495 Steve Sakoman
` (4 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Patch: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
News: https://github.com/openssl/openssl/commit/daee101e39073d4b65a68faeb2f2de5ad7b05c36
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2024-2511.patch | 122 ++++++++++++++++++
.../openssl/openssl_3.0.13.bb | 1 +
2 files changed, 123 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
new file mode 100644
index 0000000000..8aea686205
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
@@ -0,0 +1,122 @@
+From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2024 15:43:53 +0000
+Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
+
+In TLSv1.3 we create a new session object for each ticket that we send.
+We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
+use then the new session will be added to the session cache. However, if
+early data is not in use (and therefore anti-replay protection is being
+used), then multiple threads could be resuming from the same session
+simultaneously. If this happens and a problem occurs on one of the threads,
+then the original session object could be marked as not_resumable. When we
+duplicate the session object this not_resumable status gets copied into the
+new session object. The new session object is then added to the session
+cache even though it is not_resumable.
+
+Subsequently, another bug means that the session_id_length is set to 0 for
+sessions that are marked as not_resumable - even though that session is
+still in the cache. Once this happens the session can never be removed from
+the cache. When that object gets to be the session cache tail object the
+cache never shrinks again and grows indefinitely.
+
+CVE-2024-2511
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24044)
+
+(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce)
+
+CVE: CVE-2024-2511
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ssl/ssl_lib.c | 5 +++--
+ ssl/ssl_sess.c | 28 ++++++++++++++++++++++------
+ ssl/statem/statem_srvr.c | 5 ++---
+ 3 files changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 2c8479eb5fc69..eed649c6fdee9 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode)
+
+ /*
+ * If the session_id_length is 0, we are not supposed to cache it, and it
+- * would be rather hard to do anyway :-)
++ * would be rather hard to do anyway :-). Also if the session has already
++ * been marked as not_resumable we should not cache it for later reuse.
+ */
+- if (s->session->session_id_length == 0)
++ if (s->session->session_id_length == 0 || s->session->not_resumable)
+ return;
+
+ /*
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index d836b33ed0e81..75adbd9e52b40 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void)
+ return ss;
+ }
+
+-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+-{
+- return ssl_session_dup(src, 1);
+-}
+-
+ /*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
+ {
+ SSL_SESSION *dest;
+
+@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+ return NULL;
+ }
+
++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
++{
++ return ssl_session_dup_intern(src, 1);
++}
++
++/*
++ * Used internally when duplicating a session which might be already shared.
++ * We will have resumed the original session. Subsequently we might have marked
++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
++ * resume from.
++ */
++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++{
++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
++
++ if (sess != NULL)
++ sess->not_resumable = 0;
++
++ return sess;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+ if (len)
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index a9e67f9d32a77..6c942e6bcec29 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+ * so the following won't overwrite an ID that we're supposed
+ * to send back.
+ */
+- if (s->session->not_resumable ||
+- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+- && !s->hit))
++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
++ && !s->hit)
+ s->session->session_id_length = 0;
+
+ if (usetls13) {
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb
index 5e43fdc2de..3b253ddde0 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2024-2511.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 06/10] ncurses: patch CVE-2023-50495
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 05/10] openssl: patch CVE-2024-2511 Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 07/10] Revert "expat: fix CVE-2023-52425" Steve Sakoman
` (3 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
backport relevant parts from
https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ncurses/files/CVE-2023-50495.patch | 81 +++++++++++++++++++
.../ncurses/ncurses_6.3+20220423.bb | 1 +
2 files changed, 82 insertions(+)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-50495.patch
diff --git a/meta/recipes-core/ncurses/files/CVE-2023-50495.patch b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
new file mode 100644
index 0000000000..e5a8f43b01
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch
@@ -0,0 +1,81 @@
+commit ebc08cff36689eec54edc1ce2de6ebac826bd6cd
+Author: Peter Marko <peter.marko@siemens.com>
+Date: Fri Apr 12 23:56:25 2024 +0200
+
+check return value of _nc_save_str(), in special case for tic where
+extended capabilities are processed but the terminal description was
+not initialized (report by Ziqiao Kong).
+
+Only parts relevant for this CVE was extracted from upstream patch.
+
+CVE: CVE-2023-45853
+Upstream-Status: Backport [https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+---
+ ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++-------
+ 1 file changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index a77cd0b..8ac02ac 100644
+--- a/ncurses/tinfo/parse_entry.c
++++ b/ncurses/tinfo/parse_entry.c
+@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ /* Well, we are given a cancel for a name that we don't recognize */
+ return _nc_extend_names(entryp, name, STRING);
+ default:
+- return 0;
++ return NULL;
+ }
+
+ /* Adjust the 'offset' (insertion-point) to keep the lists of extended
+@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ for (last = (unsigned) (max - 1); last > tindex; last--)
+
+ if (!found) {
++ char *saved;
++
++ if ((saved = _nc_save_str(name)) == NULL)
++ return NULL;
++
+ switch (token_type) {
+ case BOOLEAN:
+ tp->ext_Booleans++;
+@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ TYPE_REALLOC(char *, actual, tp->ext_Names);
+ while (--actual > offset)
+ tp->ext_Names[actual] = tp->ext_Names[actual - 1];
+- tp->ext_Names[offset] = _nc_save_str(name);
++ tp->ext_Names[offset] = saved;
+ }
+
+ temp.nte_name = tp->ext_Names[offset];
+@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
+ bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
+ if (is_use || is_tc) {
++ char *saved;
++
+ if (!VALID_STRING(_nc_curr_token.tk_valstring)
+ || _nc_curr_token.tk_valstring[0] == '\0') {
+ _nc_warning("missing name for use-clause");
+@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ _nc_curr_token.tk_valstring);
+ continue;
+ }
+- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+- entryp->uses[entryp->nuses].line = _nc_curr_line;
+- entryp->nuses++;
+- if (entryp->nuses > 1 && is_tc) {
+- BAD_TC_USAGE
++ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
++ entryp->uses[entryp->nuses].name = saved;
++ entryp->uses[entryp->nuses].line = _nc_curr_line;
++ entryp->nuses++;
++ if (entryp->nuses > 1 && is_tc) {
++ BAD_TC_USAGE
++ }
+ }
+ } else {
+ /* normal token lookup */
diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index a34a7bdfdc..da1e6d838d 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://0001-tic-hang.patch \
file://0002-configure-reproducible.patch \
file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
file://CVE-2023-29491.patch \
+ file://CVE-2023-50495.patch \
"
# commit id corresponds to the revision in package version
SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 07/10] Revert "expat: fix CVE-2023-52425"
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 06/10] ncurses: patch CVE-2023-50495 Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 08/10] tcl: Add a way to skip ptests Steve Sakoman
` (2 subsequent siblings)
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
This reverts commit 1bdcd10930a2998f6bbe56b3ba4c9b6c91203b39.
Causes ptest failures:
{'expat': ['test_accounting_precision',
'test_return_ns_triplet',
'test_column_number_after_parse',
'test_default_current',
'test_external_entity_values']}
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../expat/expat/CVE-2023-52425-0001.patch | 40 ----
.../expat/expat/CVE-2023-52425-0002.patch | 87 -------
.../expat/expat/CVE-2023-52425-0003.patch | 222 ------------------
.../expat/expat/CVE-2023-52425-0004.patch | 42 ----
.../expat/expat/CVE-2023-52425-0005.patch | 69 ------
.../expat/expat/CVE-2023-52425-0006.patch | 67 ------
.../expat/expat/CVE-2023-52425-0007.patch | 159 -------------
.../expat/expat/CVE-2023-52425-0008.patch | 95 --------
.../expat/expat/CVE-2023-52425-0009.patch | 52 ----
.../expat/expat/CVE-2023-52425-0010.patch | 111 ---------
.../expat/expat/CVE-2023-52425-0011.patch | 89 -------
.../expat/expat/CVE-2023-52425-0012.patch | 87 -------
meta/recipes-core/expat/expat_2.5.0.bb | 12 -
13 files changed, 1132 deletions(-)
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
delete mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
deleted file mode 100644
index 4e21ade018..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From d5b02e96ab95d2a7ae0aea72d00054b9d036d76d Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Thu, 9 Nov 2023 19:28:05 +0100
-Subject: [PATCH] xmlwf: Document argument "-q"
-
-Rebased-and-adapted-by: Snild Dolkow <snild@sony.com>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d5b02e96ab95d2a7ae0aea72d00054b9d036d76d]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- doc/xmlwf.xml | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/doc/xmlwf.xml b/doc/xmlwf.xml
-index 9603abf..3d35393 100644
---- a/doc/xmlwf.xml
-+++ b/doc/xmlwf.xml
-@@ -313,6 +313,16 @@ supports both.
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term><option>-q</option></term>
-+ <listitem>
-+ <para>
-+ Disable reparse deferral, and allow quadratic parse runtime
-+ on large tokens (default: reparse deferral enabled).
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term><option>-r</option></term>
- <listitem>
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
deleted file mode 100644
index 8376727778..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 09fdf998e7cf3f8f9327e6602077791095aedd4d Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Thu, 9 Nov 2023 19:14:14 +0100
-Subject: [PATCH] xmlwf: Support disabling reparse deferral
-
-Rebased-and-adapted-by: Snild Dolkow <snild@sony.com>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/09fdf998e7cf3f8f9327e6602077791095aedd4d]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- xmlwf/xmlwf.c | 20 ++++++++++++++++++++
- xmlwf/xmlwf_helpgen.py | 4 ++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/xmlwf/xmlwf.c b/xmlwf/xmlwf.c
-index dd023a9..9a5441c 100644
---- a/xmlwf/xmlwf.c
-+++ b/xmlwf/xmlwf.c
-@@ -911,6 +911,9 @@ usage(const XML_Char *prog, int rc) {
- T("billion laughs attack protection:\n")
- T(" NOTE: If you ever need to increase these values for non-attack payload, please file a bug report.\n")
- T("\n")
-+ T("reparse deferral:\n")
-+ T(" -q disable reparse deferral, and allow [q]uadratic parse runtime with large tokens\n")
-+ T("\n")
- T(" -a FACTOR set maximum tolerated [a]mplification factor (default: 100.0)\n")
- T(" -b BYTES set number of output [b]ytes needed to activate (default: 8 MiB)\n")
- T("\n")
-@@ -967,6 +970,8 @@ tmain(int argc, XML_Char **argv) {
- unsigned long long attackThresholdBytes;
- XML_Bool attackThresholdGiven = XML_FALSE;
-
-+ XML_Bool disableDeferral = XML_FALSE;
-+
- int exitCode = XMLWF_EXIT_SUCCESS;
- enum XML_ParamEntityParsing paramEntityParsing
- = XML_PARAM_ENTITY_PARSING_NEVER;
-@@ -1091,6 +1096,11 @@ tmain(int argc, XML_Char **argv) {
- #endif
- break;
- }
-+ case T('q'): {
-+ disableDeferral = XML_TRUE;
-+ j++;
-+ break;
-+ }
- case T('\0'):
- if (j > 1) {
- i++;
-@@ -1136,6 +1146,16 @@ tmain(int argc, XML_Char **argv) {
- #endif
- }
-
-+ if (disableDeferral) {
-+ const XML_Bool success = XML_SetReparseDeferralEnabled(parser, XML_FALSE);
-+ if (! success) {
-+ // This prevents tperror(..) from reporting misleading "[..]: Success"
-+ errno = EINVAL;
-+ tperror(T("Failed to disable reparse deferral"));
-+ exit(XMLWF_EXIT_INTERNAL_ERROR);
-+ }
-+ }
-+
- if (requireStandalone)
- XML_SetNotStandaloneHandler(parser, notStandalone);
- XML_SetParamEntityParsing(parser, paramEntityParsing);
-diff --git a/xmlwf/xmlwf_helpgen.py b/xmlwf/xmlwf_helpgen.py
-index c2a527f..1bd0a0a 100755
---- a/xmlwf/xmlwf_helpgen.py
-+++ b/xmlwf/xmlwf_helpgen.py
-@@ -81,6 +81,10 @@ billion_laughs.add_argument('-a', metavar='FACTOR',
- help='set maximum tolerated [a]mplification factor (default: 100.0)')
- billion_laughs.add_argument('-b', metavar='BYTES', help='set number of output [b]ytes needed to activate (default: 8 MiB)')
-
-+reparse_deferral = parser.add_argument_group('reparse deferral')
-+reparse_deferral.add_argument('-q', metavar='FACTOR',
-+ help='disable reparse deferral, and allow [q]uadratic parse runtime with large tokens')
-+
- parser.add_argument('files', metavar='FILE', nargs='*', help='file to process (default: STDIN)')
-
- info = parser.add_argument_group('info arguments')
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
deleted file mode 100644
index e5c3606e19..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From 9cdf9b8d77d5c2c2a27d15fb68dd3f83cafb45a1 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Thu, 17 Aug 2023 16:25:26 +0200
-Subject: [PATCH] Skip parsing after repeated partials on the same token When
- the parse buffer contains the starting bytes of a token but not all of them,
- we cannot parse the token to completion. We call this a partial token. When
- this happens, the parse position is reset to the start of the token, and the
- parse() call returns. The client is then expected to provide more data and
- call parse() again.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In extreme cases, this means that the bytes of a token may be parsed
-many times: once for every buffer refill required before the full token
-is present in the buffer.
-
-Math:
- Assume there's a token of T bytes
- Assume the client fills the buffer in chunks of X bytes
- We'll try to parse X, 2X, 3X, 4X ... until mX == T (technically >=)
- That's (m²+m)X/2 = (T²/X+T)/2 bytes parsed (arithmetic progression)
- While it is alleviated by larger refills, this amounts to O(T²)
-
-Expat grows its internal buffer by doubling it when necessary, but has
-no way to inform the client about how much space is available. Instead,
-we add a heuristic that skips parsing when we've repeatedly stopped on
-an incomplete token. Specifically:
-
- * Only try to parse if we have a certain amount of data buffered
- * Every time we stop on an incomplete token, double the threshold
- * As soon as any token completes, the threshold is reset
-
-This means that when we get stuck on an incomplete token, the threshold
-grows exponentially, effectively making the client perform larger buffer
-fills, limiting how many times we can end up re-parsing the same bytes.
-
-Math:
- Assume there's a token of T bytes
- Assume the client fills the buffer in chunks of X bytes
- We'll try to parse X, 2X, 4X, 8X ... until (2^k)X == T (or larger)
- That's (2^(k+1)-1)X bytes parsed -- e.g. 15X if T = 8X
- This is equal to 2T-X, which amounts to O(T)
-
-We could've chosen a faster growth rate, e.g. 4 or 8. Those seem to
-increase performance further, at the cost of further increasing the
-risk of growing the buffer more than necessary. This can easily be
-adjusted in the future, if desired.
-
-This is all completely transparent to the client, except for:
-1. possible delay of some callbacks (when our heuristic overshoots)
-2. apps that never do isFinal=XML_TRUE could miss data at the end
-
-For the affected testdata, this change shows a 100-400x speedup.
-The recset.xml benchmark shows no clear change either way.
-
-Before:
-benchmark -n ../testdata/largefiles/recset.xml 65535 3
- 3 loops, with buffer size 65535. Average time per loop: 0.270223
-benchmark -n ../testdata/largefiles/aaaaaa_attr.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 15.033048
-benchmark -n ../testdata/largefiles/aaaaaa_cdata.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.018027
-benchmark -n ../testdata/largefiles/aaaaaa_comment.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 11.775362
-benchmark -n ../testdata/largefiles/aaaaaa_tag.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 11.711414
-benchmark -n ../testdata/largefiles/aaaaaa_text.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.019362
-
-After:
-./run.sh benchmark -n ../testdata/largefiles/recset.xml 65535 3
- 3 loops, with buffer size 65535. Average time per loop: 0.269030
-./run.sh benchmark -n ../testdata/largefiles/aaaaaa_attr.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.044794
-./run.sh benchmark -n ../testdata/largefiles/aaaaaa_cdata.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.016377
-./run.sh benchmark -n ../testdata/largefiles/aaaaaa_comment.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.027022
-./run.sh benchmark -n ../testdata/largefiles/aaaaaa_tag.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.099360
-./run.sh benchmark -n ../testdata/largefiles/aaaaaa_text.xml 4096 3
- 3 loops, with buffer size 4096. Average time per loop: 0.017956
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/9cdf9b8d77d5c2c2a27d15fb68dd3f83cafb45a1]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 58 +++++++++++++++++++++++++++++++++-----------------
- 1 file changed, 39 insertions(+), 19 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index bbffcaa..5695417 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -81,6 +81,7 @@
- # endif
- #endif
-
-+#include <stdbool.h>
- #include <stddef.h>
- #include <string.h> /* memset(), memcpy() */
- #include <assert.h>
-@@ -629,6 +630,7 @@ struct XML_ParserStruct {
- const char *m_bufferLim;
- XML_Index m_parseEndByteIndex;
- const char *m_parseEndPtr;
-+ size_t m_partialTokenBytesBefore; /* used in heuristic to avoid O(n^2) */
- XML_Char *m_dataBuf;
- XML_Char *m_dataBufEnd;
- XML_StartElementHandler m_startElementHandler;
-@@ -960,6 +962,32 @@ get_hash_secret_salt(XML_Parser parser) {
- return parser->m_hash_secret_salt;
- }
-
-+static enum XML_Error
-+callProcessor(XML_Parser parser, const char *start, const char *end,
-+ const char **endPtr) {
-+ const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start);
-+
-+ if (! parser->m_parsingStatus.finalBuffer) {
-+ // Heuristic: don't try to parse a partial token again until the amount of
-+ // available data has increased significantly.
-+ const size_t had_before = parser->m_partialTokenBytesBefore;
-+ const bool enough = (have_now >= 2 * had_before);
-+
-+ if (! enough) {
-+ *endPtr = start; // callers may expect this to be set
-+ return XML_ERROR_NONE;
-+ }
-+ }
-+ const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr);
-+ // if we consumed nothing, remember what we had on this parse attempt.
-+ if (*endPtr == start) {
-+ parser->m_partialTokenBytesBefore = have_now;
-+ } else {
-+ parser->m_partialTokenBytesBefore = 0;
-+ }
-+ return ret;
-+}
-+
- static XML_Bool /* only valid for root parser */
- startParsing(XML_Parser parser) {
- /* hash functions must be initialized before setContext() is called */
-@@ -1141,6 +1169,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
- parser->m_bufferEnd = parser->m_buffer;
- parser->m_parseEndByteIndex = 0;
- parser->m_parseEndPtr = NULL;
-+ parser->m_partialTokenBytesBefore = 0;
- parser->m_declElementType = NULL;
- parser->m_declAttributeId = NULL;
- parser->m_declEntity = NULL;
-@@ -1872,29 +1901,20 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
- to detect errors based on that fact.
- */
- parser->m_errorCode
-- = parser->m_processor(parser, parser->m_bufferPtr,
-- parser->m_parseEndPtr, &parser->m_bufferPtr);
-+ = callProcessor(parser, parser->m_bufferPtr, parser->m_parseEndPtr,
-+ &parser->m_bufferPtr);
-
- if (parser->m_errorCode == XML_ERROR_NONE) {
- switch (parser->m_parsingStatus.parsing) {
- case XML_SUSPENDED:
-- /* It is hard to be certain, but it seems that this case
-- * cannot occur. This code is cleaning up a previous parse
-- * with no new data (since len == 0). Changing the parsing
-- * state requires getting to execute a handler function, and
-- * there doesn't seem to be an opportunity for that while in
-- * this circumstance.
-- *
-- * Given the uncertainty, we retain the code but exclude it
-- * from coverage tests.
-- *
-- * LCOV_EXCL_START
-- */
-+ /* While we added no new data, the finalBuffer flag may have caused
-+ * us to parse previously-unparsed data in the internal buffer.
-+ * If that triggered a callback to the application, it would have
-+ * had an opportunity to suspend parsing. */
- XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr,
- parser->m_bufferPtr, &parser->m_position);
- parser->m_positionPtr = parser->m_bufferPtr;
- return XML_STATUS_SUSPENDED;
-- /* LCOV_EXCL_STOP */
- case XML_INITIALIZED:
- case XML_PARSING:
- parser->m_parsingStatus.parsing = XML_FINISHED;
-@@ -1924,7 +1944,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
- parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal;
-
- parser->m_errorCode
-- = parser->m_processor(parser, s, parser->m_parseEndPtr = s + len, &end);
-+ = callProcessor(parser, s, parser->m_parseEndPtr = s + len, &end);
-
- if (parser->m_errorCode != XML_ERROR_NONE) {
- parser->m_eventEndPtr = parser->m_eventPtr;
-@@ -2027,8 +2047,8 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) {
- parser->m_parseEndByteIndex += len;
- parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal;
-
-- parser->m_errorCode = parser->m_processor(
-- parser, start, parser->m_parseEndPtr, &parser->m_bufferPtr);
-+ parser->m_errorCode = callProcessor(parser, start, parser->m_parseEndPtr,
-+ &parser->m_bufferPtr);
-
- if (parser->m_errorCode != XML_ERROR_NONE) {
- parser->m_eventEndPtr = parser->m_eventPtr;
-@@ -2220,7 +2240,7 @@ XML_ResumeParser(XML_Parser parser) {
- }
- parser->m_parsingStatus.parsing = XML_PARSING;
-
-- parser->m_errorCode = parser->m_processor(
-+ parser->m_errorCode = callProcessor(
- parser, parser->m_bufferPtr, parser->m_parseEndPtr, &parser->m_bufferPtr);
-
- if (parser->m_errorCode != XML_ERROR_NONE) {
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
deleted file mode 100644
index 35e8e0b1e5..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 1b9d398517befeb944cbbadadf10992b07e96fa2 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Mon, 4 Sep 2023 17:21:14 +0200
-Subject: [PATCH] [PATCH] Don't update partial token heuristic on error
-
-Suggested-by: Sebastian Pipping <sebastian@pipping.org>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/1b9d398517befeb944cbbadadf10992b07e96fa2]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 5695417..5c66f54 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -979,11 +979,13 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
- }
- }
- const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr);
-- // if we consumed nothing, remember what we had on this parse attempt.
-- if (*endPtr == start) {
-- parser->m_partialTokenBytesBefore = have_now;
-- } else {
-- parser->m_partialTokenBytesBefore = 0;
-+ if (ret == XML_ERROR_NONE) {
-+ // if we consumed nothing, remember what we had on this parse attempt.
-+ if (*endPtr == start) {
-+ parser->m_partialTokenBytesBefore = have_now;
-+ } else {
-+ parser->m_partialTokenBytesBefore = 0;
-+ }
- }
- return ret;
- }
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
deleted file mode 100644
index d4e112db58..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 09957b8ced725b96a95acff150facda93f03afe1 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Thu, 26 Oct 2023 10:41:00 +0200
-Subject: [PATCH] Allow XML_GetBuffer() with len=0 on a fresh parser
-
-len=0 was previously OK if there had previously been a non-zero call.
-It makes sense to allow an application to work the same way on a
-newly-created parser, and not have to care if its incoming buffer
-happens to be 0.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/09957b8ced725b96a95acff150facda93f03afe1]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 5c66f54..5b112c6 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2095,7 +2095,8 @@ XML_GetBuffer(XML_Parser parser, int len) {
- default:;
- }
-
-- if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd)) {
-+ if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd)
-+ || parser->m_buffer == NULL) {
- #ifdef XML_CONTEXT_BYTES
- int keep;
- #endif /* defined XML_CONTEXT_BYTES */
-@@ -2118,8 +2119,9 @@ XML_GetBuffer(XML_Parser parser, int len) {
- }
- neededSize += keep;
- #endif /* defined XML_CONTEXT_BYTES */
-- if (neededSize
-- <= EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer)) {
-+ if (parser->m_buffer && parser->m_bufferPtr
-+ && neededSize
-+ <= EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer)) {
- #ifdef XML_CONTEXT_BYTES
- if (keep < EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer)) {
- int offset
-@@ -2133,14 +2135,12 @@ XML_GetBuffer(XML_Parser parser, int len) {
- parser->m_bufferPtr -= offset;
- }
- #else
-- if (parser->m_buffer && parser->m_bufferPtr) {
-- memmove(parser->m_buffer, parser->m_bufferPtr,
-- EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr));
-- parser->m_bufferEnd
-- = parser->m_buffer
-- + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr);
-- parser->m_bufferPtr = parser->m_buffer;
-- }
-+ memmove(parser->m_buffer, parser->m_bufferPtr,
-+ EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr));
-+ parser->m_bufferEnd
-+ = parser->m_buffer
-+ + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr);
-+ parser->m_bufferPtr = parser->m_buffer;
- #endif /* not defined XML_CONTEXT_BYTES */
- } else {
- char *newBuf;
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
deleted file mode 100644
index c1fb4893ed..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 9fe3672459c1bf10926b85f013aa1b623d855545 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Mon, 18 Sep 2023 20:32:55 +0200
-Subject: [PATCH] tests: Run both with and without partial token heuristic
-
-If we always run with the heuristic enabled, it may hide some bugs by
-grouping up input into bigger parse attempts.
-
-CI-fighting-assistance-by: Sebastian Pipping <sebastian@pipping.org>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/9fe3672459c1bf10926b85f013aa1b623d855545]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/internal.h | 3 +++
- lib/xmlparse.c | 5 ++++-
- 2 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/lib/internal.h b/lib/internal.h
-index 03c8fde..1df417f 100644
---- a/lib/internal.h
-+++ b/lib/internal.h
-@@ -31,6 +31,7 @@
- Copyright (c) 2016-2022 Sebastian Pipping <sebastian@pipping.org>
- Copyright (c) 2018 Yury Gribov <tetra2005@gmail.com>
- Copyright (c) 2019 David Loffredo <loffredo@steptools.com>
-+ Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com>
- Licensed under the MIT license:
-
- Permission is hereby granted, free of charge, to any person obtaining
-@@ -160,6 +161,8 @@ unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
- const char *unsignedCharToPrintable(unsigned char c);
- #endif
-
-+extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
-+ //
- #ifdef __cplusplus
- }
- #endif
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 5b112c6..be6dd92 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -615,6 +615,8 @@ static unsigned long getDebugLevel(const char *variableName,
- ? 0 \
- : ((*((pool)->ptr)++ = c), 1))
-
-+XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in runtests.c
-+ //
- struct XML_ParserStruct {
- /* The first member must be m_userData so that the XML_GetUserData
- macro works. */
-@@ -967,7 +969,8 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
- const char **endPtr) {
- const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start);
-
-- if (! parser->m_parsingStatus.finalBuffer) {
-+ if (g_reparseDeferralEnabledDefault
-+ && ! parser->m_parsingStatus.finalBuffer) {
- // Heuristic: don't try to parse a partial token again until the amount of
- // available data has increased significantly.
- const size_t had_before = parser->m_partialTokenBytesBefore;
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
deleted file mode 100644
index e2fb35eae6..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-From 1d3162da8a85a398ab451aadd6c2ad19587e5a68 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Mon, 11 Sep 2023 15:31:24 +0200
-Subject: [PATCH] Add app setting for enabling/disabling reparse heuristic
-
-Suggested-by: Sebastian Pipping <sebastian@pipping.org>
-CI-fighting-assistance-by: Sebastian Pipping <sebastian@pipping.org>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/1d3162da8a85a398ab451aadd6c2ad19587e5a68]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- doc/reference.html | 30 ++++++++++++++++++++++++------
- lib/expat.h | 5 +++++
- lib/libexpat.def.cmake | 2 ++
- lib/xmlparse.c | 13 ++++++++++++-
- 4 files changed, 43 insertions(+), 7 deletions(-)
-
-diff --git a/doc/reference.html b/doc/reference.html
-index 9953aa7..7dd9370 100644
---- a/doc/reference.html
-+++ b/doc/reference.html
-@@ -151,10 +151,11 @@ interface.</p>
- </ul>
- </li>
- <li>
-- <a href="#billion-laughs">Billion Laughs Attack Protection</a>
-+ <a href="#attack-protection">Attack Protection</a>
- <ul>
- <li><a href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification">XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></li>
- <li><a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold">XML_SetBillionLaughsAttackProtectionActivationThreshold</a></li>
-+ <li><a href="#XML_SetReparseDeferralEnabled">XML_SetReparseDeferralEnabled</a></li>
- </ul>
- </li>
- <li><a href="#miscellaneous">Miscellaneous Functions</a>
-@@ -2123,11 +2124,7 @@ parse position may be before the beginning of the buffer.</p>
- return NULL.</p>
- </div>
-
--<h3><a name="billion-laughs">Billion Laughs Attack Protection</a></h3>
--
--<p>The functions in this section configure the built-in
-- protection against various forms of
-- <a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">billion laughs attacks</a>.</p>
-+<h3><a name="attack-protection">Attack Protection</a><a name="billion-laughs"></a></h3>
-
- <h4 id="XML_SetBillionLaughsAttackProtectionMaximumAmplification">XML_SetBillionLaughsAttackProtectionMaximumAmplification</h4>
- <pre class="fcndec">
-@@ -2215,6 +2212,27 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(XML_Parser p,
- </p>
- </div>
-
-+<h4 id="XML_SetReparseDeferralEnabled">XML_SetReparseDeferralEnabled</h4>
-+<pre class="fcndec">
-+/* Added in Expat 2.6.0. */
-+XML_Bool XMLCALL
-+XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
-+</pre>
-+<div class="fcndef">
-+ <p>
-+ Large tokens may require many parse calls before enough data is available for Expat to parse it in full.
-+ If Expat retried parsing the token on every parse call, parsing could take quadratic time.
-+ To avoid this, Expat only retries once a significant amount of new data is available.
-+ This function allows disabling this behavior.
-+ </p>
-+ <p>
-+ The <code>enabled</code> argument should be <code>XML_TRUE</code> or <code>XML_FALSE</code>.
-+ </p>
-+ <p>
-+ Returns <code>XML_TRUE</code> on success, and <code>XML_FALSE</code> on error.
-+ </p>
-+</div>
-+
- <h3><a name="miscellaneous">Miscellaneous functions</a></h3>
-
- <p>The functions in this section either obtain state information from
-diff --git a/lib/expat.h b/lib/expat.h
-index 9e64174..73dda6d 100644
---- a/lib/expat.h
-+++ b/lib/expat.h
-@@ -16,6 +16,7 @@
- Copyright (c) 2016 Thomas Beutlich <tc@tbeu.de>
- Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
- Copyright (c) 2022 Thijs Schreijer <thijs@thijsschreijer.nl>
-+ Copyright (c) 2023 Sony Corporation / Snild Dolkow <snild@sony.com>
- Licensed under the MIT license:
-
- Permission is hereby granted, free of charge, to any person obtaining
-@@ -1054,6 +1055,10 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
- XML_Parser parser, unsigned long long activationThresholdBytes);
- #endif
-
-+/* Added in Expat 2.6.0. */
-+XMLPARSEAPI(XML_Bool)
-+XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
-+
- /* Expat follows the semantic versioning convention.
- See http://semver.org.
- */
-diff --git a/lib/libexpat.def.cmake b/lib/libexpat.def.cmake
-index 61a4f00..10ee9cd 100644
---- a/lib/libexpat.def.cmake
-+++ b/lib/libexpat.def.cmake
-@@ -77,3 +77,5 @@ EXPORTS
- ; added with version 2.4.0
- @_EXPAT_COMMENT_DTD_OR_GE@ XML_SetBillionLaughsAttackProtectionActivationThreshold @69
- @_EXPAT_COMMENT_DTD_OR_GE@ XML_SetBillionLaughsAttackProtectionMaximumAmplification @70
-+; added with version 2.6.0
-+ XML_SetReparseDeferralEnabled @71
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index be6dd92..8cf32e0 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -633,6 +633,7 @@ struct XML_ParserStruct {
- XML_Index m_parseEndByteIndex;
- const char *m_parseEndPtr;
- size_t m_partialTokenBytesBefore; /* used in heuristic to avoid O(n^2) */
-+ XML_Bool m_reparseDeferralEnabled;
- XML_Char *m_dataBuf;
- XML_Char *m_dataBufEnd;
- XML_StartElementHandler m_startElementHandler;
-@@ -969,7 +970,7 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
- const char **endPtr) {
- const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start);
-
-- if (g_reparseDeferralEnabledDefault
-+ if (parser->m_reparseDeferralEnabled
- && ! parser->m_parsingStatus.finalBuffer) {
- // Heuristic: don't try to parse a partial token again until the amount of
- // available data has increased significantly.
-@@ -1175,6 +1176,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
- parser->m_parseEndByteIndex = 0;
- parser->m_parseEndPtr = NULL;
- parser->m_partialTokenBytesBefore = 0;
-+ parser->m_reparseDeferralEnabled = g_reparseDeferralEnabledDefault;
- parser->m_declElementType = NULL;
- parser->m_declAttributeId = NULL;
- parser->m_declEntity = NULL;
-@@ -2601,6 +2603,15 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
- }
- #endif /* XML_GE == 1 */
-
-+XML_Bool XMLCALL
-+XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled) {
-+ if (parser != NULL && (enabled == XML_TRUE || enabled == XML_FALSE)) {
-+ parser->m_reparseDeferralEnabled = enabled;
-+ return XML_TRUE;
-+ }
-+ return XML_FALSE;
-+}
-+
- /* Initially tag->rawName always points into the parse buffer;
- for those TAG instances opened while the current parse buffer was
- processed, and not yet closed, we need to store tag->rawName in a more
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
deleted file mode 100644
index fa25fcd2db..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From 8ddd8e86aa446d02eb8d398972d3b10d4cad908a Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Fri, 29 Sep 2023 10:14:59 +0200
-Subject: [PATCH] Try to parse even when incoming len is zero
-
-If the reparse deferral setting has changed, it may be possible to
-finish a token.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8ddd8e86aa446d02eb8d398972d3b10d4cad908a]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 55 ++++++++------------------------------------------
- 1 file changed, 8 insertions(+), 47 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 8cf32e0..f4ff66e 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1896,46 +1896,8 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
- parser->m_parsingStatus.parsing = XML_PARSING;
- }
-
-- if (len == 0) {
-- parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal;
-- if (! isFinal)
-- return XML_STATUS_OK;
-- parser->m_positionPtr = parser->m_bufferPtr;
-- parser->m_parseEndPtr = parser->m_bufferEnd;
--
-- /* If data are left over from last buffer, and we now know that these
-- data are the final chunk of input, then we have to check them again
-- to detect errors based on that fact.
-- */
-- parser->m_errorCode
-- = callProcessor(parser, parser->m_bufferPtr, parser->m_parseEndPtr,
-- &parser->m_bufferPtr);
--
-- if (parser->m_errorCode == XML_ERROR_NONE) {
-- switch (parser->m_parsingStatus.parsing) {
-- case XML_SUSPENDED:
-- /* While we added no new data, the finalBuffer flag may have caused
-- * us to parse previously-unparsed data in the internal buffer.
-- * If that triggered a callback to the application, it would have
-- * had an opportunity to suspend parsing. */
-- XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr,
-- parser->m_bufferPtr, &parser->m_position);
-- parser->m_positionPtr = parser->m_bufferPtr;
-- return XML_STATUS_SUSPENDED;
-- case XML_INITIALIZED:
-- case XML_PARSING:
-- parser->m_parsingStatus.parsing = XML_FINISHED;
-- /* fall through */
-- default:
-- return XML_STATUS_OK;
-- }
-- }
-- parser->m_eventEndPtr = parser->m_eventPtr;
-- parser->m_processor = errorProcessor;
-- return XML_STATUS_ERROR;
-- }
- #ifndef XML_CONTEXT_BYTES
-- else if (parser->m_bufferPtr == parser->m_bufferEnd) {
-+ if (parser->m_bufferPtr == parser->m_bufferEnd) {
- const char *end;
- int nLeftOver;
- enum XML_Status result;
-@@ -2006,15 +1968,14 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
- return result;
- }
- #endif /* not defined XML_CONTEXT_BYTES */
-- else {
-- void *buff = XML_GetBuffer(parser, len);
-- if (buff == NULL)
-- return XML_STATUS_ERROR;
-- else {
-- memcpy(buff, s, len);
-- return XML_ParseBuffer(parser, len, isFinal);
-- }
-+ void *buff = XML_GetBuffer(parser, len);
-+ if (buff == NULL)
-+ return XML_STATUS_ERROR;
-+ if (len > 0) {
-+ assert(s != NULL); // make sure s==NULL && len!=0 was rejected above
-+ memcpy(buff, s, len);
- }
-+ return XML_ParseBuffer(parser, len, isFinal);
- }
-
- enum XML_Status XMLCALL
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
deleted file mode 100644
index 9c1157faac..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From ad9c01be8ee5d3d5cac2bfd3949ad764541d35e7 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Thu, 26 Oct 2023 13:55:02 +0200
-Subject: [PATCH] Make external entity parser inherit partial token heuristic
- setting
-
-The test is essentially a copy of the existing test for the setter,
-adapted to run on the external parser instead of the original one.
-
-Suggested-by: Sebastian Pipping <sebastian@pipping.org>
-CI-fighting-assistance-by: Sebastian Pipping <sebastian@pipping.org>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/ad9c01be8ee5d3d5cac2bfd3949ad764541d35e7]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index f4ff66e..6746d70 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1346,6 +1346,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
- to worry which hash secrets each table has.
- */
- unsigned long oldhash_secret_salt;
-+ XML_Bool oldReparseDeferralEnabled;
-
- /* Validate the oldParser parameter before we pull everything out of it */
- if (oldParser == NULL)
-@@ -1390,6 +1391,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
- to worry which hash secrets each table has.
- */
- oldhash_secret_salt = parser->m_hash_secret_salt;
-+ oldReparseDeferralEnabled = parser->m_reparseDeferralEnabled;
-
- #ifdef XML_DTD
- if (! context)
-@@ -1442,6 +1444,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
- parser->m_defaultExpandInternalEntities = oldDefaultExpandInternalEntities;
- parser->m_ns_triplets = oldns_triplets;
- parser->m_hash_secret_salt = oldhash_secret_salt;
-+ parser->m_reparseDeferralEnabled = oldReparseDeferralEnabled;
- parser->m_parentParser = oldParser;
- #ifdef XML_DTD
- parser->m_paramEntityParsing = oldParamEntityParsing;
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
deleted file mode 100644
index 3fbf69de08..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 60b74209899a67d426d208662674b55a5eed918c Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Wed, 4 Oct 2023 16:00:14 +0200
-Subject: [PATCH] Bypass partial token heuristic when close to maximum buffer
- size
-
-For huge tokens, we may end up in a situation where the partial token
-parse deferral heuristic demands more bytes than Expat's maximum buffer
-size (currently ~half of INT_MAX) could fit.
-
-INT_MAX/2 is 1024 MiB on most systems. Clearly, a token of 950 MiB could
-fit in that buffer, but the reparse threshold might be such that
-callProcessor() will defer it, allowing the app to keep filling the
-buffer until XML_GetBuffer() eventually returns a memory error.
-
-By bypassing the heuristic when we're getting close to the maximum
-buffer size, it will once again be possible to parse tokens in the size
-range INT_MAX/2/ratio < size < INT_MAX/2 reliably.
-
-We subtract the last buffer fill size as a way to detect that the next
-XML_GetBuffer() call has a risk of returning a memory error -- assuming
-that the application is likely to keep using the same (or smaller) fill.
-
-We subtract XML_CONTEXT_BYTES because that's the maximum amount of bytes
-that could remain at the start of the buffer, preceding the partial
-token. Technically, it could be fewer bytes, but XML_CONTEXT_BYTES is
-normally small relative to INT_MAX, and is much simpler to use.
-
-Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/60b74209899a67d426d208662674b55a5eed918c]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 23 ++++++++++++++++++++++-
- 1 file changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 6746d70..32c57f6 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -205,6 +205,8 @@ typedef char ICHAR;
- /* Do safe (NULL-aware) pointer arithmetic */
- #define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0)
-
-+#define EXPAT_MIN(a, b) (((a) < (b)) ? (a) : (b))
-+
- #include "internal.h"
- #include "xmltok.h"
- #include "xmlrole.h"
-@@ -634,6 +636,7 @@ struct XML_ParserStruct {
- const char *m_parseEndPtr;
- size_t m_partialTokenBytesBefore; /* used in heuristic to avoid O(n^2) */
- XML_Bool m_reparseDeferralEnabled;
-+ int m_lastBufferRequestSize;
- XML_Char *m_dataBuf;
- XML_Char *m_dataBufEnd;
- XML_StartElementHandler m_startElementHandler;
-@@ -975,7 +978,18 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
- // Heuristic: don't try to parse a partial token again until the amount of
- // available data has increased significantly.
- const size_t had_before = parser->m_partialTokenBytesBefore;
-- const bool enough = (have_now >= 2 * had_before);
-+ // ...but *do* try anyway if we're close to reaching the max buffer size.
-+ size_t close_to_maxbuf = INT_MAX / 2 + (INT_MAX & 1); // round up
-+#if XML_CONTEXT_BYTES > 0
-+ // subtract XML_CONTEXT_BYTES, but don't go below zero
-+ close_to_maxbuf -= EXPAT_MIN(close_to_maxbuf, XML_CONTEXT_BYTES);
-+#endif
-+ // subtract the last buffer fill size, but don't go below zero
-+ // m_lastBufferRequestSize is never assigned a value < 0, so the cast is ok
-+ close_to_maxbuf
-+ -= EXPAT_MIN(close_to_maxbuf, (size_t)parser->m_lastBufferRequestSize);
-+ const bool enough
-+ = (have_now >= 2 * had_before) || (have_now > close_to_maxbuf);
-
- if (! enough) {
- *endPtr = start; // callers may expect this to be set
-@@ -1177,6 +1191,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
- parser->m_parseEndPtr = NULL;
- parser->m_partialTokenBytesBefore = 0;
- parser->m_reparseDeferralEnabled = g_reparseDeferralEnabledDefault;
-+ parser->m_lastBufferRequestSize = 0;
- parser->m_declElementType = NULL;
- parser->m_declAttributeId = NULL;
- parser->m_declEntity = NULL;
-@@ -1911,6 +1926,9 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
- parser->m_processor = errorProcessor;
- return XML_STATUS_ERROR;
- }
-+ // though this isn't a buffer request, we assume that `len` is the app's
-+ // preferred buffer fill size, and therefore save it here.
-+ parser->m_lastBufferRequestSize = len;
- parser->m_parseEndByteIndex += len;
- parser->m_positionPtr = s;
- parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal;
-@@ -2064,6 +2082,9 @@ XML_GetBuffer(XML_Parser parser, int len) {
- default:;
- }
-
-+ // whether or not the request succeeds, `len` seems to be the app's preferred
-+ // buffer fill size; remember it.
-+ parser->m_lastBufferRequestSize = len;
- if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd)
- || parser->m_buffer == NULL) {
- #ifdef XML_CONTEXT_BYTES
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
deleted file mode 100644
index 800aaff544..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 3d8141d26a3b01ff948e00956cb0723a89dadf7f Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Mon, 20 Nov 2023 16:11:24 +0100
-Subject: [PATCH] Bypass partial token heuristic when nearing full buffer
-
-...instead of only when approaching the maximum buffer size INT/2+1.
-
-We'd like to give applications a chance to finish parsing a large token
-before buffer reallocation, in case the reallocation fails.
-
-By bypassing the reparse deferral heuristic when getting close to the
-filling the buffer, we give them this chance -- if the whole token is
-present in the buffer, it will be parsed at that time.
-
-This may come at the cost of some extra reparse attempts. For a token
-of n bytes, these extra parses cause us to scan over a maximum of
-2n bytes (... + n/8 + n/4 + n/2 + n). Therefore, parsing of big tokens
-remains O(n) in regard how many bytes we scan in attempts to parse. The
-cost in reality is lower than that, since the reparses that happen due
-to the bypass will affect m_partialTokenBytesBefore, delaying the next
-ratio-based reparse. Furthermore, only the first token that "breaks
-through" a buffer ceiling takes that extra reparse attempt; subsequent
-large tokens will only bypass the heuristic if they manage to hit the
-new buffer ceiling.
-
-Note that this cost analysis depends on the assumption that Expat grows
-its buffer by doubling it (or, more generally, grows it exponentially).
-If this changes, the cost of this bypass may increase. Hopefully, this
-would be caught by test_big_tokens_take_linear_time or the new test.
-
-The bypass logic assumes that the application uses a consistent fill.
-If the app increases its fill size, it may miss the bypass (and the
-normal heuristic will apply). If the app decreases its fill size, the
-bypass may be hit multiple times for the same buffer size. The very
-worst case would be to always fill half of the remaining buffer space,
-in which case parsing of a large n-byte token becomes O(n log n).
-
-As an added bonus, the new test case should be faster than the old one,
-since it doesn't have to go all the way to 1GiB to check the behavior.
-
-Finally, this change necessitated a small modification to two existing
-tests related to reparse deferral. These tests are testing the deferral
-enabled setting, and assume that reparsing will not happen for any other
-reason. By pre-growing the buffer, we make sure that this new deferral
-does not affect those test cases.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/3d8141d26a3b01ff948e00956cb0723a89dadf7f]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 32c57f6..2830c1e 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -978,18 +978,18 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
- // Heuristic: don't try to parse a partial token again until the amount of
- // available data has increased significantly.
- const size_t had_before = parser->m_partialTokenBytesBefore;
-- // ...but *do* try anyway if we're close to reaching the max buffer size.
-- size_t close_to_maxbuf = INT_MAX / 2 + (INT_MAX & 1); // round up
-+ // ...but *do* try anyway if we're close to causing a reallocation.
-+ size_t available_buffer
-+ = EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
- #if XML_CONTEXT_BYTES > 0
-- // subtract XML_CONTEXT_BYTES, but don't go below zero
-- close_to_maxbuf -= EXPAT_MIN(close_to_maxbuf, XML_CONTEXT_BYTES);
-+ available_buffer -= EXPAT_MIN(available_buffer, XML_CONTEXT_BYTES);
- #endif
-- // subtract the last buffer fill size, but don't go below zero
-+ available_buffer
-+ += EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd);
- // m_lastBufferRequestSize is never assigned a value < 0, so the cast is ok
-- close_to_maxbuf
-- -= EXPAT_MIN(close_to_maxbuf, (size_t)parser->m_lastBufferRequestSize);
- const bool enough
-- = (have_now >= 2 * had_before) || (have_now > close_to_maxbuf);
-+ = (have_now >= 2 * had_before)
-+ || ((size_t)parser->m_lastBufferRequestSize > available_buffer);
-
- if (! enough) {
- *endPtr = start; // callers may expect this to be set
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch b/meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
deleted file mode 100644
index 8693e9449e..0000000000
--- a/meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 119ae277abaabd4d17b2e64300fec712ef403b28 Mon Sep 17 00:00:00 2001
-From: Snild Dolkow <snild@sony.com>
-Date: Thu, 28 Sep 2023 18:26:19 +0200
-Subject: [PATCH] Grow buffer based on current size Until now, the buffer size
- to grow to has been calculated based on the distance from the current parse
- position to the end of the buffer. This means that the size of any
- already-parsed data was not considered, leading to inconsistent buffer
- growth.
-
-There was also a special case in XML_Parse() when XML_CONTEXT_BYTES was
-zero, where the buffer size would be set to twice the incoming string
-length. This patch replaces this with an XML_GetBuffer() call.
-
-Growing the buffer based on its total size makes its growth consistent.
-
-The commit includes a test that checks that we can reach the max buffer
-size (usually INT_MAX/2 + 1) regardless of previously parsed content.
-
-GitHub CI couldn't allocate the full 1GiB with MinGW/wine32, though it
-works locally with the same compiler and wine version. As a workaround,
-the test tries to malloc 1GiB, and reduces `maxbuf` to 512MiB in case
-of failure.
-
-CVE: CVE-2023-52425
-
-Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/119ae277abaabd4d17b2e64300fec712ef403b28]
-
-Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
----
- lib/xmlparse.c | 33 ++++++++++++++++-----------------
- 1 file changed, 16 insertions(+), 17 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 2830c1e..81f9bb3 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1961,23 +1961,22 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) {
- &parser->m_position);
- nLeftOver = s + len - end;
- if (nLeftOver) {
-- if (parser->m_buffer == NULL
-- || nLeftOver > parser->m_bufferLim - parser->m_buffer) {
-- /* avoid _signed_ integer overflow */
-- char *temp = NULL;
-- const int bytesToAllocate = (int)((unsigned)len * 2U);
-- if (bytesToAllocate > 0) {
-- temp = (char *)REALLOC(parser, parser->m_buffer, bytesToAllocate);
-- }
-- if (temp == NULL) {
-- parser->m_errorCode = XML_ERROR_NO_MEMORY;
-- parser->m_eventPtr = parser->m_eventEndPtr = NULL;
-- parser->m_processor = errorProcessor;
-- return XML_STATUS_ERROR;
-- }
-- parser->m_buffer = temp;
-- parser->m_bufferLim = parser->m_buffer + bytesToAllocate;
-+ // Back up and restore the parsing status to avoid XML_ERROR_SUSPENDED
-+ // (and XML_ERROR_FINISHED) from XML_GetBuffer.
-+ const enum XML_Parsing originalStatus = parser->m_parsingStatus.parsing;
-+ parser->m_parsingStatus.parsing = XML_PARSING;
-+ void *const temp = XML_GetBuffer(parser, nLeftOver);
-+ parser->m_parsingStatus.parsing = originalStatus;
-+ if (temp == NULL) {
-+ // NOTE: parser->m_errorCode has already been set by XML_GetBuffer().
-+ parser->m_eventPtr = parser->m_eventEndPtr = NULL;
-+ parser->m_processor = errorProcessor;
-+ return XML_STATUS_ERROR;
- }
-+ // Since we know that the buffer was empty and XML_CONTEXT_BYTES is 0, we
-+ // don't have any data to preserve, and can copy straight into the start
-+ // of the buffer rather than the GetBuffer return pointer (which may be
-+ // pointing further into the allocated buffer).
- memcpy(parser->m_buffer, end, nLeftOver);
- }
- parser->m_bufferPtr = parser->m_buffer;
-@@ -2135,7 +2134,7 @@ XML_GetBuffer(XML_Parser parser, int len) {
- } else {
- char *newBuf;
- int bufferSize
-- = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferPtr);
-+ = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer);
- if (bufferSize == 0)
- bufferSize = INIT_BUFFER_SIZE;
- do {
---
-2.40.0
-
diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb
index b7b5cce925..31e989cfe2 100644
--- a/meta/recipes-core/expat/expat_2.5.0.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -22,18 +22,6 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
file://CVE-2023-52426-009.patch \
file://CVE-2023-52426-010.patch \
file://CVE-2023-52426-011.patch \
- file://CVE-2023-52425-0001.patch \
- file://CVE-2023-52425-0002.patch \
- file://CVE-2023-52425-0003.patch \
- file://CVE-2023-52425-0004.patch \
- file://CVE-2023-52425-0005.patch \
- file://CVE-2023-52425-0006.patch \
- file://CVE-2023-52425-0007.patch \
- file://CVE-2023-52425-0008.patch \
- file://CVE-2023-52425-0009.patch \
- file://CVE-2023-52425-0010.patch \
- file://CVE-2023-52425-0011.patch \
- file://CVE-2023-52425-0012.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 08/10] tcl: Add a way to skip ptests
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 07/10] Revert "expat: fix CVE-2023-52425" Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in run-ptest Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 10/10] tcl: skip async and event " Steve Sakoman
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Some tests hardcode assumptions on locales, which may not be present in
musl systems e.g., therefore add a way to skip such tests using -skip
option.
Skip unixInit-3* test on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit fa66f1cee2d88c2276442e8b4aaeccde5490f9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/tcltk/tcl/run-ptest | 4 ++--
meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 5 +++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index a62b703082..5b9127784e 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -3,9 +3,9 @@
# clock.test needs a timezone to be set
export TZ="Europe/London"
export TCL_LIBRARY=library
-
+SKIPPED_TESTS=
for i in `ls tests/*.test | awk -F/ '{print $2}'`; do
- ./tcltest tests/all.tcl -file $i >$i.log 2>&1
+ ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1
grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log
if [ $? -eq 0 ]; then
echo "FAIL: $i"
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index b591671868..f8f3d7dd3f 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@@ -89,6 +89,11 @@ do_install_ptest() {
cp -r ${S}/tests ${D}${PTEST_PATH}
}
+do_install_ptest:append:libc-musl () {
+ # Assumes locales other than provided by musl-locales
+ sed -i -e 's|SKIPPED_TESTS=|SKIPPED_TESTS="unixInit-3*"|' ${D}${PTEST_PATH}/run-ptest
+}
+
# Fix some paths that might be used by Tcl extensions
BINCONFIG_GLOB = "*Config.sh"
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in run-ptest
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 08/10] tcl: Add a way to skip ptests Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
2024-04-16 12:29 ` Patchtest results for " patchtest
2024-04-16 12:06 ` [OE-core][kirkstone 10/10] tcl: skip async and event " Steve Sakoman
9 siblings, 1 reply; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.
[ YOCTO #14825 #14882 #15081 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/tcltk/tcl/run-ptest | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index 5b9127784e..51e1e4aa7b 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -3,7 +3,11 @@
# clock.test needs a timezone to be set
export TZ="Europe/London"
export TCL_LIBRARY=library
-SKIPPED_TESTS=
+
+# Some tests are overly strict with timings and fail on loaded systems.
+# See bugs #14825 #14882 #15081.
+SKIPPED_TESTS='cmdMZ-6.6 exit-1.* socket-* socket_inet-*'
+
for i in `ls tests/*.test | awk -F/ '{print $2}'`; do
./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1
grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 10/10] tcl: skip async and event tests in run-ptest
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-04-16 12:06 ` [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in run-ptest Steve Sakoman
@ 2024-04-16 12:06 ` Steve Sakoman
9 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2024-04-16 12:06 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
These test suites are full of timing-sensitive test cases, so skip
them too.
[ YOCTO #15321 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/tcltk/tcl/run-ptest | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest
index 51e1e4aa7b..87e025fce1 100644
--- a/meta/recipes-devtools/tcltk/tcl/run-ptest
+++ b/meta/recipes-devtools/tcltk/tcl/run-ptest
@@ -5,8 +5,8 @@ export TZ="Europe/London"
export TCL_LIBRARY=library
# Some tests are overly strict with timings and fail on loaded systems.
-# See bugs #14825 #14882 #15081.
-SKIPPED_TESTS='cmdMZ-6.6 exit-1.* socket-* socket_inet-*'
+# See bugs #14825 #14882 #15081 #15321.
+SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-*'
for i in `ls tests/*.test | awk -F/ '{print $2}'`; do
./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1
--
2.34.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Patchtest results for [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in run-ptest
2024-04-16 12:06 ` [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in run-ptest Steve Sakoman
@ 2024-04-16 12:29 ` patchtest
0 siblings, 0 replies; 15+ messages in thread
From: patchtest @ 2024-04-16 12:29 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3086 bytes --]
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/kirkstone-09-10-tcl-skip-timing-dependent-tests-in-run-ptest.patch
FAIL: test bugzilla entry format: Bugzilla issue ID is not correctly formatted - specify it with format: "[YOCTO #<bugzilla ID>]" (test_mbox.TestMbox.test_bugzilla_entry_format)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)
SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: pretest src uri left files: Patch cannot be merged (test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore)
SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: Patch cannot be merged (test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)
---
Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
^ permalink raw reply [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 00/10] Patch review
@ 2023-10-18 15:48 Steve Sakoman
0 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2023-10-18 15:48 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, October 20
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6064
with the exception of a known vim reproducibilty error in the vim-common
package where depending on worker we are seeing either:
"Content-Type:·text/plain;·charset=CP1251\n"
or
"Content-Type:·text/plain;·charset=cp1251\n"
The issue is still under investigation, but is unrelated to this patch set.
The following changes since commit 2572b32e729831762790ebfbf930a1140657faea:
apt: add missing <cstdint> for uint16_t (2023-10-13 05:32:41 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Armin Kuster (1):
binutils: CVE-2022-48063
Chaitanya Vadrevu (3):
binutils: Fix CVE-2022-47695
binutils: Mark CVE-2022-47673 as patched
binutils: Mark CVE-2022-47696 as patched
Deepthi Hemraj (2):
binutils: Fix CVE-2022-47008
binutils: Fix CVE-2022-47011
Hitendra Prajapati (1):
libtiff: Add fix for tiffcrop CVE-2023-1916
Quentin Schulz (1):
uboot-extlinux-config.bbclass: fix missed override syntax migration
Siddharth Doshi (2):
tiff: Security fix for CVE-2023-40745
libxpm: upgrade to 3.5.17
meta/classes/uboot-extlinux-config.bbclass | 2 +-
.../binutils/binutils-2.38.inc | 4 +
.../binutils/0022-CVE-2023-25584-3.patch | 2 +
.../binutils/0025-CVE-2023-25588.patch | 2 +
.../binutils/0027-CVE-2022-47008.patch | 67 +++++++++++++
.../binutils/0028-CVE-2022-47011.patch | 35 +++++++
.../binutils/0031-CVE-2022-47695.patch | 58 +++++++++++
.../binutils/binutils/CVE-2022-48063.patch | 48 +++++++++
.../{libxpm_3.5.16.bb => libxpm_3.5.17.bb} | 2 +-
.../libtiff/tiff/CVE-2023-1916.patch | 99 +++++++++++++++++++
.../libtiff/tiff/CVE-2023-40745.patch | 34 +++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
12 files changed, 353 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0031-CVE-2022-47695.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.16.bb => libxpm_3.5.17.bb} (88%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-1916.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-40745.patch
--
2.34.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 00/10] Patch review
@ 2023-10-03 19:36 Steve Sakoman
0 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2023-10-03 19:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday, October 5
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5984
except for the meta-aws test, which breaks due to recent commits there. Maintainer notified.
The following changes since commit 7e177848f97eb9958619c28b5e5dadee12f67507:
kernel.bbclass: Add force flag to rm calls (2023-09-27 06:09:46 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (5):
linux-yocto/5.10: update to v5.10.189
linux-yocto/5.10: update to v5.10.191
linux-yocto/5.10: update to v5.10.192
linux-yocto/5.10: update to v5.10.194
linux-yocto/5.10: update to v5.10.197
Martin Jansa (2):
ccache: fix build with gcc-13
fontcache.bbclass: avoid native recipes depending on target fontconfig
Narpat Mali (1):
python3-jinja2: fix for the ptest result format
Peter Marko (1):
json-c: define CVE_VERSION
Shubham Kulkarni (1):
go: Update fix for CVE-2023-24538 & CVE-2023-39318
meta/classes/fontcache.bbclass | 1 +
...x-FTBFS-with-not-yet-released-GCC-13.patch | 92 +++
meta/recipes-devtools/ccache/ccache_4.6.bb | 4 +-
meta/recipes-devtools/go/go-1.17.13.inc | 3 +-
.../go/go-1.18/CVE-2023-24538_1.patch | 597 ++++++++++++++++++
...023-24538.patch => CVE-2023-24538_2.patch} | 175 ++++-
.../go/go-1.21/CVE-2023-39318.patch | 44 +-
meta/recipes-devtools/json-c/json-c_0.15.bb | 3 +
.../python/python3-jinja2/run-ptest | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
12 files changed, 921 insertions(+), 38 deletions(-)
create mode 100644 meta/recipes-devtools/ccache/ccache/0001-build-Fix-FTBFS-with-not-yet-released-GCC-13.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24538_1.patch
rename meta/recipes-devtools/go/go-1.18/{CVE-2023-24538.patch => CVE-2023-24538_2.patch} (53%)
--
2.34.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [OE-core][kirkstone 00/10] Patch review
@ 2023-08-03 14:04 Steve Sakoman
0 siblings, 0 replies; 15+ messages in thread
From: Steve Sakoman @ 2023-08-03 14:04 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Saturday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5680
The following changes since commit dc2e760591c5ed3c999222f235484829426c71a7:
util-linux: add alternative links for ipcs,ipcrm (2023-07-31 08:12:27 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (3):
qemu: fix CVE-2023-3301
qemu: fix CVE-2023-3255
qemu: fix CVE-2023-2861
Peter Marko (3):
libpcre2: patch CVE-2022-41409
libarchive: ignore CVE-2023-30571
openssl: Upgrade 3.0.9 -> 3.0.10
Sakib Sajal (2):
go: fix CVE-2023-24536
go: fix CVE-2023-24531
Sundeep KOKKONDA (1):
gcc : upgrade to v11.4
Yuta Hayama (1):
cve-update-nvd2-native: always pass str for json.loads()
meta/conf/distro/include/maintainers.inc | 2 +-
.../{openssl_3.0.9.bb => openssl_3.0.10.bb} | 2 +-
.../meta/cve-update-nvd2-native.bb | 2 +-
.../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
.../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 20 +-
...rm-add-armv9-a-architecture-to-march.patch | 54 +--
...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 ++---
...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
.../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
.../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
meta/recipes-devtools/go/go-1.17.13.inc | 7 +-
.../go/go-1.19/CVE-2023-24536_1.patch | 137 +++++++
.../go/go-1.19/CVE-2023-24536_2.patch | 187 ++++++++++
.../go/go-1.19/CVE-2023-24536_3.patch | 349 ++++++++++++++++++
.../go/go-1.21/CVE-2023-24531_1.patch | 252 +++++++++++++
.../go/go-1.21/CVE-2023-24531_2.patch | 47 +++
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../qemu/qemu/CVE-2023-2861.patch | 172 +++++++++
.../qemu/qemu/CVE-2023-3255.patch | 64 ++++
.../qemu/qemu/CVE-2023-3301.patch | 60 +++
.../libarchive/libarchive_3.6.2.bb | 3 +
.../libpcre/libpcre2/CVE-2022-41409.patch | 75 ++++
.../recipes-support/libpcre/libpcre2_10.40.bb | 1 +
31 files changed, 1451 insertions(+), 100 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.9.bb => openssl_3.0.10.bb} (99%)
rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-24536_1.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-24536_2.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-24536_3.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-24531_1.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-24531_2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3255.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3301.patch
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch
--
2.34.1
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2024-04-16 12:29 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-16 12:06 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 01/10] cups: fix typo in CVE-2023-32360 backport patch Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100 Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 03/10] openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 04/10] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081 Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 05/10] openssl: patch CVE-2024-2511 Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 06/10] ncurses: patch CVE-2023-50495 Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 07/10] Revert "expat: fix CVE-2023-52425" Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 08/10] tcl: Add a way to skip ptests Steve Sakoman
2024-04-16 12:06 ` [OE-core][kirkstone 09/10] tcl: skip timing-dependent tests in run-ptest Steve Sakoman
2024-04-16 12:29 ` Patchtest results for " patchtest
2024-04-16 12:06 ` [OE-core][kirkstone 10/10] tcl: skip async and event " Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-10-18 15:48 [OE-core][kirkstone 00/10] Patch review Steve Sakoman
2023-10-03 19:36 Steve Sakoman
2023-08-03 14:04 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).