Date   

Re: maximum shebang size exceeded, the maximum size is 128. [shebang-size]

Ross Burton
 

Is that with oe-core master-next?  There’s a sanity test patch there which is very relative.  The recipe is buggy 😊

 

From: openembedded-devel@... <openembedded-devel@...> on behalf of Khem Raj via lists.openembedded.org <raj.khem=gmail.com@...>
Date: Thursday, 30 June 2022 at 12:18
To: openembeded-devel <openembedded-devel@...>
Subject: [oe] maximum shebang size exceeded, the maximum size is 128. [shebang-size]

Hi All

I am seeing few build QA errors during do_populate_sysroot on native
packages predominantly perl packages failing with

maximum shebang size exceeded, the maximum size is 128. [shebang-size]

This is the list from meta-oe world builds

https://errors.yoctoproject.org/Errors/Build/147810/

This was working fine few weeks ago

Any ideas ?

Thanks
Khem

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: [meta-networking][kirkstone][PATCH] networkmanager: fix build with enabled ppp

Javier Viguera
 

 

 

From: Otavio Salvador <otavio.salvador@...>
Sent: Friday, July 1, 2022 13:45
To: Viguera, Javier <Javier.Viguera@...>
Cc: OpenEmbedded Devel List <openembedded-devel@...>; akuster808 <akuster808@...>
Subject: Re: [oe] [meta-networking][kirkstone][PATCH] networkmanager: fix build with enabled ppp

 

Please send it against master, first, then we can ask for backports.

 

It’s already on *master-next*

 

-- jviguera

 


Re: [meta-networking][kirkstone][PATCH] networkmanager: fix build with enabled ppp

Otavio Salvador
 



Em seg., 27 de jun. de 2022 às 10:39, Javier Viguera via lists.openembedded.org <javier.viguera=digi.com@...> escreveu:
If 'ppp' packageconfig option is enabled, but the build system does NOT
have pppd binary installed, the build fails with:

| Has header "pppd/pppd.h" : YES
| Program pppd /sbin/pppd /usr/sbin/pppd found: NO
|
| ../NetworkManager-1.36.2/meson.build:570:4: ERROR: Assert failed: pppd required but not found, please provide a valid pppd path or use -Dppp=false to disable it

This is due to meson trying to look for the 'pppd' binary in the build
system when it should not. If the build system does not contain pppd,
the build fails.

Signed-off-by: Javier Viguera <javier.viguera@...>

Please send it against master, first, then we can ask for backports.
 
--
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9 9981-7854          Mobile: +1 (347) 903-9750


[PATCH 3/3] python3-editables: remove (now in oe-core)

Ross Burton
 

As of 781da720 this is now in oe-core.

Signed-off-by: Ross Burton <ross.burton@...>
---
.../recipes-devtools/python/python3-editables_0.3.bb | 11 -----------
1 file changed, 11 deletions(-)
delete mode 100644 meta-python/recipes-devtools/python/python3-editables=
_0.3.bb

diff --git a/meta-python/recipes-devtools/python/python3-editables_0.3.bb=
b/meta-python/recipes-devtools/python/python3-editables_0.3.bb
deleted file mode 100644
index b42ff06872..0000000000
--- a/meta-python/recipes-devtools/python/python3-editables_0.3.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-SUMMARY =3D "A Python library for creating editable wheels"
-HOMEPAGE =3D "https://github.com/pfmoore/editables"
-SECTION =3D "devel/python"
-LICENSE =3D "MIT"
-LIC_FILES_CHKSUM =3D "file://LICENSE.txt;md5=3D41bc1be47b7bb8240db3ef928=
c7cb0bf"
-
-SRC_URI[sha256sum] =3D "167524e377358ed1f1374e61c268f0d7a4bf7dbd046c656f=
7b410cde16161b1a"
-
-inherit pypi python_setuptools_build_meta
-
-BBCLASSEXTEND =3D "native nativesdk"
--=20
2.25.1


[PATCH 2/3] python3-pathspec: remove (now in oe-core)

Ross Burton
 

As of 857f324 this is now in oe-core.

Signed-off-by: Ross Burton <ross.burton@...>
---
.../recipes-devtools/python/python3-pathspec_0.9.0.bb | 11 -----------
1 file changed, 11 deletions(-)
delete mode 100644 meta-python/recipes-devtools/python/python3-pathspec_=
0.9.0.bb

diff --git a/meta-python/recipes-devtools/python/python3-pathspec_0.9.0.b=
b b/meta-python/recipes-devtools/python/python3-pathspec_0.9.0.bb
deleted file mode 100644
index 641f1cfd87..0000000000
--- a/meta-python/recipes-devtools/python/python3-pathspec_0.9.0.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-SUMMARY =3D "Utility library for gitignore style pattern matching of fil=
e paths."
-HOMEPAGE =3D "https://github.com/cpburnz/python-path-specification"
-SECTION =3D "devel/python"
-LICENSE =3D "MPL-2.0"
-LIC_FILES_CHKSUM =3D "file://LICENSE;md5=3D815ca599c9df247a0c7f619bab123=
dad"
-
-SRC_URI[sha256sum] =3D "e564499435a2673d586f6b2130bb5b95f04a3ba06f81b8f8=
95b651a3c76aabb1"
-
-inherit pypi setuptools3
-
-BBCLASSEXTEND =3D "native nativesdk"
--=20
2.25.1


[PATCH 1/3] python3-hatchling: remove (now in oe-core)

Ross Burton
 

As of 846e80 this is now in oe-core.

Signed-off-by: Ross Burton <ross.burton@...>
---
meta-python/classes/python_hatchling.bbclass | 5 -----
.../python/python3-hatchling_1.3.0.bb | 21 -------------------
2 files changed, 26 deletions(-)
delete mode 100644 meta-python/classes/python_hatchling.bbclass
delete mode 100644 meta-python/recipes-devtools/python/python3-hatchling=
_1.3.0.bb

diff --git a/meta-python/classes/python_hatchling.bbclass b/meta-python/c=
lasses/python_hatchling.bbclass
deleted file mode 100644
index b3cbe23601..0000000000
--- a/meta-python/classes/python_hatchling.bbclass
+++ /dev/null
@@ -1,5 +0,0 @@
-inherit python_pep517 python3native python3-dir setuptools3-base
-
-DEPENDS +=3D "python3-hatchling-native"
-
-PEP517_BUILD_API =3D "hatchling.build"
diff --git a/meta-python/recipes-devtools/python/python3-hatchling_1.3.0.=
bb b/meta-python/recipes-devtools/python/python3-hatchling_1.3.0.bb
deleted file mode 100644
index a6550a9732..0000000000
--- a/meta-python/recipes-devtools/python/python3-hatchling_1.3.0.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-SUMMARY =3D "The extensible, standards compliant build backend used by H=
atch"
-HOMEPAGE =3D "https://hatch.pypa.io/latest/"
-LICENSE =3D "MIT"
-LIC_FILES_CHKSUM =3D "file://LICENSE.txt;md5=3Dcbe2fd33fc9297692812fc94b=
7d27fd9"
-
-inherit pypi python_hatchling
-
-DEPENDS +=3D "python3-pluggy-native python3-tomli-native python3-pathspe=
c-native python3-packaging-native python3-editables-native"
-DEPENDS:remove:class-native =3D "python3-hatchling-native"
-
-SRC_URI[sha256sum] =3D "1401d45d3dd6a5910f64d539acaa943486d5e8b7dda1a97f=
2b0040fdddc5b85e"
-
-# Until we have a proper tool to invoke PEP517 builds, hatchling can't
-# bootstrap itself automatically.
-PEP517_BUILD_API =3D "hatchling.ouroboros"
-
-do_compile:prepend() {
- export PYTHONPATH=3Dsrc
-}
-
-BBCLASSEXTEND =3D "native nativesdk"
--=20
2.25.1


[meta-filesystems][dunfell][PATCH 6/8] ntfs-3g-ntfsprogs: Fix CVE-2022-30786

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2022-30786

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch | 36 +++++++++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch | 45 +++++++++++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 2 +
3 files changed, 83 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch
new file mode 100644
index 000000000..9d485fed8
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch
@@ -0,0 +1,36 @@
+From 838b6e35b43062353998853eab50cd0675201ed7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 21 Sep 2021 10:54:50 +0200
+Subject: [PATCH] Made sure there is no null character in an attribute name
+
+When copying an attribute name which contains a null, it is truncated
+and this may lead to accessing non-allocated bytes when relying on the
+expected name length. Such names must therefore be rejected.
+
+CVE: CVE-2022-30786
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/attrib.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/libntfs-3g/attrib.c
++++ b/libntfs-3g/attrib.c
+@@ -426,7 +426,15 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni
+ na = ntfs_calloc(sizeof(ntfs_attr));
+ if (!na)
+ goto out;
++ if (!name_len)
++ name = (ntfschar*)NULL;
+ if (name && name != AT_UNNAMED && name != NTFS_INDEX_I30) {
++ /* A null char leads to a short name and unallocated bytes */
++ if (ntfs_ucsnlen(name, name_len) != name_len) {
++ ntfs_log_error("Null character in attribute name"
++ " of inode %lld\n",(long long)ni->mft_no);
++ goto err_out;
++ }
+ name = ntfs_ucsndup(name, name_len);
+ if (!name)
+ goto err_out;
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch
new file mode 100644
index 000000000..85a2971b4
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch
@@ -0,0 +1,45 @@
+From 5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Fri, 5 Nov 2021 08:41:20 +0100
+Subject: [PATCH] Made sure there is no null character in an attribute name
+ (bis)
+
+When copying an attribute name which contains a null, it is truncated
+and this may lead to accessing non-allocated bytes when relying on the
+expected name length. Such (illegal) names must therefore be rejected.
+
+CVE: CVE-2022-30786
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/attrib.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c
+index 51c8536f..efb91943 100644
+--- a/libntfs-3g/attrib.c
++++ b/libntfs-3g/attrib.c
+@@ -452,8 +452,19 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni, const ATTR_TYPES type,
+
+ if (!name) {
+ if (a->name_length) {
+- name = ntfs_ucsndup((ntfschar*)((u8*)a + le16_to_cpu(
+- a->name_offset)), a->name_length);
++ ntfschar *attr_name;
++
++ attr_name = (ntfschar*)((u8*)a
++ + le16_to_cpu(a->name_offset));
++ /* A null character leads to illegal memory access */
++ if (ntfs_ucsnlen(attr_name, a->name_length)
++ != a->name_length) {
++ ntfs_log_error("Null character in attribute"
++ " name in inode %lld\n",
++ (long long)ni->mft_no);
++ goto put_err_out;
++ }
++ name = ntfs_ucsndup(attr_name, a->name_length);
+ if (!name)
+ goto put_err_out;
+ newname = name;
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index ea8607e6d..f74e91c93 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -12,6 +12,8 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://CVE-2022-30783.patch \
file://CVE-2022-30784.patch \
file://CVE-2022-30785_30787.patch \
+ file://CVE-2022-30786-1.patch \
+ file://CVE-2022-30786-2.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 7/8] ntfs-3g-ntfsprogs: Fix CVE-2022-30788

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2022-30788

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch | 51 +++++++++++++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch | 30 +++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 2 +
3 files changed, 83 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
new file mode 100644
index 000000000..fc10af53f
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
@@ -0,0 +1,51 @@
+From a8818cf779d3a32f2f52337c6f258c16719625a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 21 Sep 2021 10:53:16 +0200
+Subject: [PATCH] Used a default usn when the former one cannot be retrieved
+
+When creating a new MFT record, the former seq_no and usn are retrieved
+to avoid the new one to be mistaken for the former one.
+This may not be possible when the record is used for the first time
+or after some bad error. In such situation use default values.
+
+CVE: CVE-2022-30788
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/mft.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/libntfs-3g/mft.c b/libntfs-3g/mft.c
+index d0a601ff..5052d1ec 100644
+--- a/libntfs-3g/mft.c
++++ b/libntfs-3g/mft.c
+@@ -5,7 +5,7 @@
+ * Copyright (c) 2004-2005 Richard Russon
+ * Copyright (c) 2004-2008 Szabolcs Szakacsits
+ * Copyright (c) 2005 Yura Pakhuchiy
+- * Copyright (c) 2014-2018 Jean-Pierre Andre
++ * Copyright (c) 2014-2021 Jean-Pierre Andre
+ *
+ * This program/include file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as published
+@@ -1529,8 +1529,17 @@ ntfs_inode *ntfs_mft_rec_alloc(ntfs_volume *vol, BOOL mft_data)
+ goto undo_mftbmp_alloc;
+ }
+
++ /*
++ * Retrieve the former seq_no and usn so that the new record
++ * cannot be mistaken for the former one.
++ * However the original record may just be garbage, so
++ * use some sensible value when they cannot be retrieved.
++ */
+ seq_no = m->sequence_number;
+- usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs));
++ if (le16_to_cpu(m->usa_ofs) <= (NTFS_BLOCK_SIZE - 2))
++ usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs & -2));
++ else
++ usn = const_cpu_to_le16(1);
+ if (ntfs_mft_record_layout(vol, bit, m)) {
+ ntfs_log_error("Failed to re-format mft record.\n");
+ free(m);
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch
new file mode 100644
index 000000000..4759296a2
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch
@@ -0,0 +1,30 @@
+From bce5734a757fd59d70a52f4d4fe9abe260629b3a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 10 May 2022 10:40:17 +0200
+Subject: [PATCH] Fixed operation on little endian data
+
+Forcing an even usa_of, in a recent security patch, must be made on cpu
+endian data.
+
+CVE: CVE-2022-30788
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/mft.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libntfs-3g/mft.c b/libntfs-3g/mft.c
+index 5052d1ec..aefbb5f1 100644
+--- a/libntfs-3g/mft.c
++++ b/libntfs-3g/mft.c
+@@ -1537,7 +1537,7 @@ ntfs_inode *ntfs_mft_rec_alloc(ntfs_volume *vol, BOOL mft_data)
+ */
+ seq_no = m->sequence_number;
+ if (le16_to_cpu(m->usa_ofs) <= (NTFS_BLOCK_SIZE - 2))
+- usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs & -2));
++ usn = *(le16*)((u8*)m + (le16_to_cpu(m->usa_ofs) & -2));
+ else
+ usn = const_cpu_to_le16(1);
+ if (ntfs_mft_record_layout(vol, bit, m)) {
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index f74e91c93..0da80f8ff 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -14,6 +14,8 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://CVE-2022-30785_30787.patch \
file://CVE-2022-30786-1.patch \
file://CVE-2022-30786-2.patch \
+ file://CVE-2022-30788-1.patch \
+ file://CVE-2022-30788-2.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 8/8] ntfs-3g-ntfsprogs: Fix CVE-2022-30789

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2022-30789

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2022-30789.patch | 68 +++++++++++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 1 +
2 files changed, 69 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30789.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30789.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30789.patch
new file mode 100644
index 000000000..0ee3b7ae3
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30789.patch
@@ -0,0 +1,68 @@
+From 6efc1305c1951c1d72181f449f2fab68fa25fae8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Wed, 20 Oct 2021 09:53:28 +0200
+Subject: [PATCH] Made sure the client log data does not overflow from restart
+ page
+
+Strengthen the consistency check of the length of restart pages, and
+check that log client records are within such a restart page.
+
+CVE: CVE-2022-30789
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/logfile.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/libntfs-3g/logfile.c b/libntfs-3g/logfile.c
+index adc0557f..9c3155e7 100644
+--- a/libntfs-3g/logfile.c
++++ b/libntfs-3g/logfile.c
+@@ -287,9 +287,19 @@ static BOOL ntfs_check_log_client_array(RESTART_PAGE_HEADER *rp)
+ LOG_CLIENT_RECORD *ca, *cr;
+ u16 nr_clients, idx;
+ BOOL in_free_list, idx_is_first;
++ u32 offset_clients;
+
+ ntfs_log_trace("Entering.\n");
++ /* The restart area must be fully within page */
++ if ((le16_to_cpu(rp->restart_area_offset) + sizeof(RESTART_AREA))
++ > le32_to_cpu(rp->system_page_size))
++ goto err_out;
+ ra = (RESTART_AREA*)((u8*)rp + le16_to_cpu(rp->restart_area_offset));
++ offset_clients = le16_to_cpu(rp->restart_area_offset)
++ + le16_to_cpu(ra->client_array_offset);
++ /* The clients' records must begin within page */
++ if (offset_clients >= le32_to_cpu(rp->system_page_size))
++ goto err_out;
+ ca = (LOG_CLIENT_RECORD*)((u8*)ra +
+ le16_to_cpu(ra->client_array_offset));
+ /*
+@@ -308,6 +318,10 @@ static BOOL ntfs_check_log_client_array(RESTART_PAGE_HEADER *rp)
+ idx = le16_to_cpu(cr->next_client)) {
+ if (!nr_clients || idx >= le16_to_cpu(ra->log_clients))
+ goto err_out;
++ /* The client record must be fully within page */
++ if ((offset_clients + (idx + 1)*sizeof(LOG_CLIENT_RECORD))
++ > le32_to_cpu(rp->system_page_size))
++ goto err_out;
+ /* Set @cr to the current log client record. */
+ cr = ca + idx;
+ /* The first log client record must not have a prev_client. */
+@@ -380,7 +394,14 @@ static int ntfs_check_and_load_restart_page(ntfs_attr *log_na,
+ /*
+ * Allocate a buffer to store the whole restart page so we can multi
+ * sector transfer deprotect it.
++ * For safety, make sure this is consistent with the usa_count
++ * and shorter than the full log size
+ */
++ if ((le32_to_cpu(rp->system_page_size)
++ > (u32)(le16_to_cpu(rp->usa_count) - 1)*NTFS_BLOCK_SIZE)
++ || (le32_to_cpu(rp->system_page_size)
++ > le64_to_cpu(log_na->data_size)))
++ return (EINVAL);
+ trp = ntfs_malloc(le32_to_cpu(rp->system_page_size));
+ if (!trp)
+ return errno;
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index 0da80f8ff..c926d6ddd 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://CVE-2022-30786-2.patch \
file://CVE-2022-30788-1.patch \
file://CVE-2022-30788-2.patch \
+ file://CVE-2022-30789.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 5/8] ntfs-3g-ntfsprogs: Add Patch For Multiple CVE

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

Fixed CVE's:
CVE-2022-30785
CVE-2022-30787

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../CVE-2022-30785_30787.patch | 32 +++++++++++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch
new file mode 100644
index 000000000..ae71e8ccf
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch
@@ -0,0 +1,32 @@
+From fb28eef6f1c26170566187c1ab7dc913a13ea43c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 10 May 2022 10:48:18 +0200
+Subject: [PATCH] Hardened the checking of directory offset requested by a
+ readdir
+
+When asked for the next directory entries, make sure the chunk offset
+is within valid values, otherwise return no more entries in chunk.
+
+CVE: CVE-2022-30785
+CVE: CVE-2022-30787
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libfuse-lite/fuse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libfuse-lite/fuse.c b/libfuse-lite/fuse.c
+index 6f9242b7..3d653e63 100644
+--- a/libfuse-lite/fuse.c
++++ b/libfuse-lite/fuse.c
+@@ -2223,7 +2223,7 @@ static void fuse_lib_readdir(fuse_req_t req, fuse_ino_t ino, size_t size,
+ }
+ }
+ if (dh->filled) {
+- if (off < dh->len) {
++ if ((off >= 0) && (off < dh->len)) {
+ if (off + size > dh->len)
+ size = dh->len - off;
+ } else
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index 9e233e127..ea8607e6d 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://CVE-2021-46790.patch \
file://CVE-2022-30783.patch \
file://CVE-2022-30784.patch \
+ file://CVE-2022-30785_30787.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 3/8] ntfs-3g-ntfsprogs: Fix CVE-2022-30783

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2022-30783

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2022-30783.patch | 75 +++++++++++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 1 +
2 files changed, 76 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30783.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30783.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30783.patch
new file mode 100644
index 000000000..41f26503e
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30783.patch
@@ -0,0 +1,75 @@
+From 7f81935f32e58e8fec22bc46683b1b067469405f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 10 May 2022 10:44:34 +0200
+Subject: [PATCH] Returned an error code when the --help or --version options
+ are used
+
+Accepting --help or --version options may leave the ntfs-3g process in an
+unclean state, so reject them while processing options. Also reject
+them in libfuse-lite.
+
+CVE: CVE-2022-30783
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libfuse-lite/mount.c | 3 +--
+ src/ntfs-3g_common.c | 6 ++++++
+ src/ntfs-3g_common.h | 2 ++
+ 3 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/libfuse-lite/mount.c b/libfuse-lite/mount.c
+index 64adee7d..6ae29d8c 100644
+--- a/libfuse-lite/mount.c
++++ b/libfuse-lite/mount.c
+@@ -670,11 +670,10 @@ int fuse_kern_mount(const char *mountpoint, struct fuse_args *args)
+ fprintf(stderr, "fuse: 'allow_other' and 'allow_root' options are mutually exclusive\n");
+ goto out;
+ }
+- res = 0;
++ res = -1;
+ if (mo.ishelp)
+ goto out;
+
+- res = -1;
+ if (get_mnt_flag_opts(&mnt_opts, mo.flags) == -1)
+ goto out;
+ #ifndef __SOLARIS__
+diff --git a/src/ntfs-3g_common.c b/src/ntfs-3g_common.c
+index 7e3e93d2..29021dfc 100644
+--- a/src/ntfs-3g_common.c
++++ b/src/ntfs-3g_common.c
+@@ -128,6 +128,10 @@ const struct DEFOPTION optionlist[] = {
+ { "efs_raw", OPT_EFS_RAW, FLGOPT_BOGUS },
+ { "posix_nlink", OPT_POSIX_NLINK, FLGOPT_BOGUS },
+ { "special_files", OPT_SPECIAL_FILES, FLGOPT_STRING },
++ { "--help", OPT_HELP, FLGOPT_BOGUS },
++ { "-h", OPT_HELP, FLGOPT_BOGUS },
++ { "--version", OPT_VERSION, FLGOPT_BOGUS },
++ { "-V", OPT_VERSION, FLGOPT_BOGUS },
+ { (const char*)NULL, 0, 0 } /* end marker */
+ } ;
+
+@@ -521,6 +525,8 @@ char *parse_mount_options(ntfs_fuse_context_t *ctx,
+ * mounted or not.
+ * (falling through to default)
+ */
++ case OPT_HELP : /* Could lead to unclean condition */
++ case OPT_VERSION : /* Could lead to unclean condition */
+ default :
+ ntfs_log_error("'%s' is an unsupported option.\n",
+ poptl->name);
+diff --git a/src/ntfs-3g_common.h b/src/ntfs-3g_common.h
+index 4ed256a3..8ead5107 100644
+--- a/src/ntfs-3g_common.h
++++ b/src/ntfs-3g_common.h
+@@ -94,6 +94,8 @@ enum {
+ OPT_EFS_RAW,
+ OPT_POSIX_NLINK,
+ OPT_SPECIAL_FILES,
++ OPT_HELP,
++ OPT_VERSION,
+ } ;
+
+ /* Option flags */
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index ca8af163e..ccd18f86c 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \
SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
file://CVE-2021-46790.patch \
+ file://CVE-2022-30783.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 4/8] ntfs-3g-ntfsprogs: Fix CVE-2022-30784

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2022-30784

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2022-30784.patch | 74 +++++++++++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 1 +
2 files changed, 75 insertions(+)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30784.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30784.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30784.patch
new file mode 100644
index 000000000..ff4ee6df0
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30784.patch
@@ -0,0 +1,74 @@
+From 60717a846deaaea47e50ce58872869f7bd1103b5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 21 Sep 2021 10:56:06 +0200
+Subject: [PATCH] Avoided allocating and reading an attribute beyond its full
+ size
+
+Before reading a full attribute value for internal use, its expected
+length has been checked to be < 0x40000. However the allocated size
+in the runlist may be much bigger as a consequence of a bug or malice.
+To prevent malloc'ing excessive size, restrict the size of the last
+run to read to the needed length.
+
+CVE: CVE-2022-30784
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ libntfs-3g/attrib.c | 24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c
+index 00bfca84..51c8536f 100644
+--- a/libntfs-3g/attrib.c
++++ b/libntfs-3g/attrib.c
+@@ -216,6 +216,7 @@ s64 ntfs_get_attribute_value(const ntfs_volume *vol,
+ if (total + (rl[i].length << vol->cluster_size_bits) >=
+ sle64_to_cpu(a->data_size)) {
+ unsigned char *intbuf = NULL;
++ s64 intlth;
+ /*
+ * We have reached the last run so we were going to
+ * overflow when executing the ntfs_pread() which is
+@@ -229,8 +230,18 @@ s64 ntfs_get_attribute_value(const ntfs_volume *vol,
+ * We have reached the end of data size so we were
+ * going to overflow in the same fashion.
+ * Temporary fix: same as above.
++ *
++ * For safety, limit the amount to read to the
++ * needed size, knowing that the whole attribute
++ * size has been checked to be <= 0x40000.
+ */
+- intbuf = ntfs_malloc(rl[i].length << vol->cluster_size_bits);
++ intlth = (sle64_to_cpu(a->data_size) - total
++ + vol->cluster_size - 1)
++ >> vol->cluster_size_bits;
++ if (rl[i].length < intlth)
++ intlth = rl[i].length;
++ intbuf = (u8*)ntfs_malloc(intlth
++ << vol->cluster_size_bits);
+ if (!intbuf) {
+ free(rl);
+ return 0;
+@@ -246,14 +257,15 @@ s64 ntfs_get_attribute_value(const ntfs_volume *vol,
+ * - Yes we can, in sparse files! But not necessarily
+ * size of 16, just run length.
+ */
+- r = ntfs_pread(vol->dev, rl[i].lcn <<
+- vol->cluster_size_bits, rl[i].length <<
+- vol->cluster_size_bits, intbuf);
+- if (r != rl[i].length << vol->cluster_size_bits) {
++ r = ntfs_pread(vol->dev,
++ rl[i].lcn << vol->cluster_size_bits,
++ intlth << vol->cluster_size_bits,
++ intbuf);
++ if (r != intlth << vol->cluster_size_bits) {
+ #define ESTR "Error reading attribute value"
+ if (r == -1)
+ ntfs_log_perror(ESTR);
+- else if (r < rl[i].length <<
++ else if (r < intlth <<
+ vol->cluster_size_bits) {
+ ntfs_log_debug(ESTR ": Ran out of input data.\n");
+ errno = EIO;
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index ccd18f86c..9e233e127 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -10,6 +10,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
file://CVE-2021-46790.patch \
file://CVE-2022-30783.patch \
+ file://CVE-2022-30784.patch \
"

S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 1/8] ntfs-3g-ntfsprogs: upgrade to 2021.8.22

Ranjitsinh Rathod
 

From: Chen Qi <Qi.Chen@...>

This upgrade revolves a bunch of CVEs. See more details in:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp.

Fixed CVE's:
CVE-2021-33285
CVE-2021-33289
CVE-2021-33286
CVE-2021-35266
CVE-2021-33287
CVE-2021-35267
CVE-2021-35268
CVE-2021-35269
CVE-2021-39251
CVE-2021-39252
CVE-2021-39253
CVE-2021-39254
CVE-2021-39255
CVE-2021-39256
CVE-2021-39257
CVE-2021-39258
CVE-2021-39259
CVE-2021-39260
CVE-2021-39261
CVE-2021-39262
CVE-2021-39263

Signed-off-by: Chen Qi <Qi.Chen@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit 6791dc536444a1dd0f473653501ba43fc84704f2)

Signed-off-by: Omkar Patil <Omkar.Patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
...-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} (92%)

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
similarity index 92%
rename from meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
rename to meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index 6f5cb6cee..19b2d6ca2 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -10,8 +10,8 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
"
S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "d97474ae1954f772c6d2fa386a6f462c"
-SRC_URI[sha256sum] = "3e5a021d7b761261836dcb305370af299793eedbded731df3d6943802e1262d5"
+SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
+SRC_URI[sha256sum] = "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"

UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/"
UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 0/8] Multiple CVE Fixes

Ranjitsinh Rathod
 

There are following unpatched CVEs that fixing them individually
would be a much bigger problem than just doing the update.

Fixed CVE's:
CVE-2021-33285
CVE-2021-33289
CVE-2021-33286
CVE-2021-35266
CVE-2021-33287
CVE-2021-35267
CVE-2021-35268
CVE-2021-35269
CVE-2021-39251
CVE-2021-39252
CVE-2021-39253
CVE-2021-39254
CVE-2021-39255
CVE-2021-39256
CVE-2021-39257
CVE-2021-39258
CVE-2021-39259
CVE-2021-39260
CVE-2021-39261
CVE-2021-39262
CVE-2021-39263

CVE-2022-30783
CVE-2022-30784
CVE-2022-30785
CVE-2022-30786
CVE-2022-30787
CVE-2022-30788
CVE-2022-30789

Chen Qi (1):
ntfs-3g-ntfsprogs: upgrade to 2021.8.22

Omkar Patil (7):
ntfs-3g-ntfsprogs: Fix CVE-2021-46790
ntfs-3g-ntfsprogs: Fix CVE-2022-30783
ntfs-3g-ntfsprogs: Fix CVE-2022-30784
ntfs-3g-ntfsprogs: Add Patch For Multiple CVE
ntfs-3g-ntfsprogs: Fix CVE-2022-30786
ntfs-3g-ntfsprogs: Fix CVE-2022-30788
ntfs-3g-ntfsprogs: Fix CVE-2022-30789

.../ntfs-3g-ntfsprogs/CVE-2021-46790.patch | 31 ++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30783.patch | 75 +++++++++++++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30784.patch | 74 ++++++++++++++++++
.../CVE-2022-30785_30787.patch | 32 ++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch | 36 +++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch | 45 +++++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch | 51 +++++++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch | 30 ++++++++
.../ntfs-3g-ntfsprogs/CVE-2022-30789.patch | 68 +++++++++++++++++
...3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} | 16 +++-
10 files changed, 455 insertions(+), 3 deletions(-)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2021-46790.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30783.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30784.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30785_30787.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-1.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30786-2.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-1.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30788-2.patch
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2022-30789.patch
rename meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} (77%)

--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


[meta-filesystems][dunfell][PATCH 2/8] ntfs-3g-ntfsprogs: Fix CVE-2021-46790

Ranjitsinh Rathod
 

From: Omkar Patil <omkar.patil@...>

CVE: CVE-2021-46790

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
---
.../ntfs-3g-ntfsprogs/CVE-2021-46790.patch | 31 +++++++++++++++++++
.../ntfs-3g-ntfsprogs_2021.8.22.bb | 4 ++-
2 files changed, 34 insertions(+), 1 deletion(-)
create mode 100644 meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2021-46790.patch

diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2021-46790.patch b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2021-46790.patch
new file mode 100644
index 000000000..e0bb1b77f
--- /dev/null
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs/CVE-2021-46790.patch
@@ -0,0 +1,31 @@
+From 96412e28e5c7ac2d15f1cff8c825330bbb60976e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@...>
+Date: Tue, 10 May 2022 10:30:24 +0200
+Subject: [PATCH] Fixed possible out-of-buffer condition in ntfsck
+
+A bad usa_count could lead to an out-of-buffer condition. Just avoid
+the issue and report the error, still not fix it.
+
+CVE: CVE-2021-46790
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/n/ntfs-3g/ntfs-3g_2021.8.22-3ubuntu1.1.debian.tar.xz]
+Comment: No change in any hunk
+Signed-off-by: Omkar Patil <Omkar.Patil@...>
+
+---
+ ntfsprogs/ntfsck.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ntfsprogs/ntfsck.c b/ntfsprogs/ntfsck.c
+index d49f3f96..8c126411 100644
+--- a/ntfsprogs/ntfsck.c
++++ b/ntfsprogs/ntfsck.c
+@@ -616,7 +616,8 @@ static BOOL check_file_record(u8 *buffer, u16 buflen)
+
+ // Remove update seq & check it.
+ usa = *(u16*)(buffer+usa_ofs); // The value that should be at the end of every sector.
+- assert_u32_equal(usa_count-1, buflen/NTFS_BLOCK_SIZE, "USA length");
++ if (assert_u32_equal(usa_count-1, buflen/NTFS_BLOCK_SIZE, "USA length"))
++ return (1);
+ for (i=1;i<usa_count;i++) {
+ u16 *fixup = (u16*)(buffer+NTFS_BLOCK_SIZE*i-2); // the value at the end of the sector.
+ u16 saved_val = *(u16*)(buffer+usa_ofs+2*i); // the actual data value that was saved in the us array.
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index 19b2d6ca2..ca8af163e 100644
--- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \

SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
-"
+ file://CVE-2021-46790.patch \
+ "
+
S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
SRC_URI[sha256sum] = "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
--
2.17.1

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.


Re: [meta-oe][PATCH] mariadb: Upgrade to 10.8.3

Yu, Mingli
 

Seems the zstd lib not recognized with clang through the log you pasted.
TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/mariadb/10.8.3-r0/recipe-sysroot-native/usr/lib/libzstd.so: file not recognized: file format not recognized clang-14: error: linker command failed with exit code 1 (use -v to see invocation)

I will look into this further.

Thanks,


From: Khem Raj <raj.khem@...>
Sent: Thursday, June 30, 2022 18:56
To: Yu, Mingli <Mingli.Yu@...>
Cc: openembeded-devel <openembedded-devel@...>
Subject: Re: [oe] [meta-oe][PATCH] mariadb: Upgrade to 10.8.3
 
[Please note: This e-mail is from an EXTERNAL e-mail address]

this fails to build where its not finding right zlib see

https://errors.yoctoproject.org/Errors/Details/659134/
https://errors.yoctoproject.org/Errors/Details/659124/

On Tue, Jun 28, 2022 at 5:31 AM Yu, Mingli <mingli.yu@...> wrote:
>
> From: Mingli Yu <mingli.yu@...>
>
> Remove the backported patch mariadb-openssl3.patch as the logic
> is included in the new version.
>
> Add libzstd to RDEPENDS to fix below qa issue:
>  mariadb-10.8.3-r0 do_package_qa: QA Issue: /usr/lib64/plugin/zstd.so contained in package mariadb-server requires libzstd.so.1()(64bit), but no providers found in RDEPENDS:mariadb-server? [file-rdeps]
>
> Signed-off-by: Mingli Yu <mingli.yu@...>
> ---
>  ...ive_10.7.4.bb => mariadb-native_10.8.3.bb} |   0
>  meta-oe/recipes-dbs/mysql/mariadb.inc         |  12 +-
>  .../mysql/mariadb/mariadb-openssl3.patch      | 416 ------------------
>  .../{mariadb_10.7.4.bb => mariadb_10.8.3.bb}  |   0
>  4 files changed, 9 insertions(+), 419 deletions(-)
>  rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.7.4.bb => mariadb-native_10.8.3.bb} (100%)
>  delete mode 100644 meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch
>  rename meta-oe/recipes-dbs/mysql/{mariadb_10.7.4.bb => mariadb_10.8.3.bb} (100%)
>
> diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.8.3.bb
> similarity index 100%
> rename from meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb
> rename to meta-oe/recipes-dbs/mysql/mariadb-native_10.8.3.bb
> diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
> index 922373b63..4c072dbf7 100644
> --- a/meta-oe/recipes-dbs/mysql/mariadb.inc
> +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
> @@ -19,11 +19,10 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
>             file://ssize_t.patch \
>             file://mm_malloc.patch \
>             file://sys_futex.patch \
> -           file://mariadb-openssl3.patch \
>            "
>  SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch"
>
> -SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173"
> +SRC_URI[sha256sum] = "887eadc55176ac1ead1fccfc89ade4b5990ef192745ad4dcd879acb41c050892"
>
>  UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
>
> @@ -176,6 +175,13 @@ do_install() {
>      if [ -f ${D}${datadir}/doc/README ]; then
>          mv ${D}${datadir}/doc/README ${D}${datadir}/doc/${PN}/
>      fi
> +
> +    # mini-benchmark used for Gitlab-CI to run on every commit to catch
> +    # if there are severe performance regressions.
> +    # remove it to avoid introducing bash dependency
> +    if [ -f ${D}${datadir}/mysql/mini-benchmark ]; then
> +        rm -rf ${D}${datadir}/mysql/mini-benchmark
> +    fi
>      if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
>          pam_so=$(find ${D} -name pam_user_map.so)
>          if [ x"${pam_so}" != x ]; then
> @@ -206,7 +212,7 @@ RDEPENDS:${PN}-client = "perl perl-module-getopt-long perl-module-file-temp \
>  RDEPENDS:${PN}-server = "perl perl-module-getopt-long perl-module-data-dumper \
>      perl-module-file-basename perl-module-file-path perl-module-sys-hostname \
>      perl-module-file-copy perl-module-file-temp perl-module-posix \
> -    ${PN}-client ${PN}-setupdb libdbi-perl libdbd-mysql-perl lzo"
> +    ${PN}-client ${PN}-setupdb libdbi-perl libdbd-mysql-perl lzo libzstd"
>  RDEPENDS:${PN}-leftovers = "perl perl-module-cwd perl-module-benchmark perl-module-getopt-long \
>      perl-module-posix perl-module-data-dumper perl-module-sigtrap perl-module-threads \
>      perl-module-threads-shared perl-module-io-socket perl-module-sys-hostname perl-module-file-copy \
> diff --git a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch b/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch
> deleted file mode 100644
> index 878675f30..000000000
> --- a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch
> +++ /dev/null
> @@ -1,416 +0,0 @@
> -From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001
> -From: Vladislav Vaintroub <wlad@...>
> -Date: Mon, 8 Nov 2021 18:48:19 +0100
> -Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
> -
> -Summary of changes
> -
> -- MD_CTX_SIZE is increased
> -
> -- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
> -  to nobody knows where. The assumption made previously was that
> -  (since the function does not seem to be documented)
> -  was that it points to the last partial source block.
> -  Add own partial block buffer for NOPAD encryption instead
> -
> -- SECLEVEL in CipherString in openssl.cnf
> -  had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
> -
> -- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
> -  in addition to what was set in --ssl-cipher
> -
> -- ctx_buf buffer now must be aligned to 16 bytes with openssl(
> -  previously with WolfSSL only), ot crashes will happen
> -
> -- updated aes-t , to be better debuggable
> -  using function, rather than a huge multiline macro
> -  added test that does "nopad" encryption piece-wise, to test
> -  replacement of EVP_CIPHER_CTX_buf_noconst
> -
> -Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch
> -
> -Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e]
> -Signed-off-by: Khem Raj <raj.khem@...>
> -Signed-off-by: Mingli Yu <mingli.yu@...>
> ----
> - cmake/ssl.cmake                   |  21 +++++-
> - include/mysql/service_my_crypt.h  |   2 +-
> - include/ssl_compat.h              |   3 +-
> - mysql-test/lib/openssl.cnf        |   2 +-
> - mysql-test/main/ssl_cipher.result |   6 +-
> - mysql-test/main/ssl_cipher.test   |   2 +-
> - mysys_ssl/my_crypt.cc             |  46 +++++++-----
> - unittest/mysys/aes-t.c            | 121 ++++++++++++++++++++++--------
> - 8 files changed, 143 insertions(+), 60 deletions(-)
> -
> -diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
> -index a6793cf3..64c93ff9 100644
> ---- a/cmake/ssl.cmake
> -+++ b/cmake/ssl.cmake
> -@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
> -     ENDIF()
> -     FIND_PACKAGE(OpenSSL)
> -     SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
> --    IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
> -+    IF(OPENSSL_FOUND)
> -       SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
> -       INCLUDE(CheckSymbolExists)
> -       SET(SSL_SOURCES "")
> -@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
> -       SET(SSL_INTERNAL_INCLUDE_DIRS "")
> -       SET(SSL_DEFINES "-DHAVE_OPENSSL")
> -
> -+      FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
> -+        SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
> -+      ENDFOREACH()
> -+
> -+      # Silence "deprecated in OpenSSL 3.0"
> -+      IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
> -+         OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
> -+        SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
> -+        SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
> -+      ENDIF()
> -+
> -       SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
> -       SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
> --      SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
> -+
> -       CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
> -                           HAVE_ERR_remove_thread_state)
> -       CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
> -@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
> -                           HAVE_EncryptAes128Gcm)
> -       CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
> -                           HAVE_X509_check_host)
> --      SET(CMAKE_REQUIRED_INCLUDES)
> --      SET(CMAKE_REQUIRED_LIBRARIES)
> -+
> -+      FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
> -+        SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
> -+      ENDFOREACH()
> -     ELSE()
> -       IF(WITH_SSL STREQUAL "system")
> -         MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
> -diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
> -index 2a232117..bb038aaa 100644
> ---- a/include/mysql/service_my_crypt.h
> -+++ b/include/mysql/service_my_crypt.h
> -@@ -45,7 +45,7 @@ extern "C" {
> - /* The max key length of all supported algorithms */
> - #define MY_AES_MAX_KEY_LENGTH 32
> -
> --#define MY_AES_CTX_SIZE 656
> -+#define MY_AES_CTX_SIZE 672
> -
> - enum my_aes_mode {
> -     MY_AES_ECB, MY_AES_CBC
> -diff --git a/include/ssl_compat.h b/include/ssl_compat.h
> -index 8dc12254..6db1baab 100644
> ---- a/include/ssl_compat.h
> -+++ b/include/ssl_compat.h
> -@@ -24,7 +24,7 @@
> - #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
> - #define ERR_remove_state(X) ERR_clear_error()
> - #define EVP_CIPHER_CTX_SIZE 176
> --#define EVP_MD_CTX_SIZE 48
> -+#define EVP_MD_CTX_SIZE 72
> - #undef EVP_MD_CTX_init
> - #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
> - #undef EVP_CIPHER_CTX_init
> -@@ -77,7 +77,6 @@
> - #define DH_set0_pqg(D,P,Q,G)            ((D)->p= (P), (D)->g= (G))
> - #endif
> -
> --#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
> - #define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
> - #define EVP_CIPHER_CTX_SIZE             sizeof(EVP_CIPHER_CTX)
> -
> -diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf
> -index b9ab37ac..7cd6f748 100644
> ---- a/mysql-test/lib/openssl.cnf
> -+++ b/mysql-test/lib/openssl.cnf
> -@@ -9,4 +9,4 @@ ssl_conf = ssl_section
> - system_default = system_default_section
> -
> - [system_default_section]
> --CipherString = ALL:@SECLEVEL=1
> -+CipherString = ALL:@SECLEVEL=0
> -diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result
> -index 930d384e..66d817b7 100644
> ---- a/mysql-test/main/ssl_cipher.result
> -+++ b/mysql-test/main/ssl_cipher.result
> -@@ -61,8 +61,8 @@ connect  ssl_con,localhost,root,,,,,SSL;
> - SHOW STATUS LIKE 'Ssl_cipher';
> - Variable_name Value
> - Ssl_cipher    AES128-SHA
> --SHOW STATUS LIKE 'Ssl_cipher_list';
> --Variable_name Value
> --Ssl_cipher_list       AES128-SHA
> -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
> -+VARIABLE_VALUE like '%AES128-SHA%'
> -+1
> - disconnect ssl_con;
> - connection default;
> -diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test
> -index 36549d76..d4cdcffb 100644
> ---- a/mysql-test/main/ssl_cipher.test
> -+++ b/mysql-test/main/ssl_cipher.test
> -@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA;
> - source include/restart_mysqld.inc;
> - connect (ssl_con,localhost,root,,,,,SSL);
> - SHOW STATUS LIKE 'Ssl_cipher';
> --SHOW STATUS LIKE 'Ssl_cipher_list';
> -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
> - disconnect ssl_con;
> - connection default;
> -diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
> -index e512eee9..4d7ebc7b 100644
> ---- a/mysys_ssl/my_crypt.cc
> -+++ b/mysys_ssl/my_crypt.cc
> -@@ -29,11 +29,7 @@
> - #include <ssl_compat.h>
> - #include <cstdint>
> -
> --#ifdef HAVE_WOLFSSL
> - #define CTX_ALIGN 16
> --#else
> --#define CTX_ALIGN 0
> --#endif
> -
> - class MyCTX
> - {
> -@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
> - {
> - public:
> -   const uchar *key;
> --  uint klen, buf_len;
> -+  uint klen, source_tail_len;
> -   uchar oiv[MY_AES_BLOCK_SIZE];
> -+  uchar source_tail[MY_AES_BLOCK_SIZE];
> -
> -   MyCTX_nopad() : MyCTX() { }
> -   ~MyCTX_nopad() { }
> -@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX
> -     compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
> -     this->key= key;
> -     this->klen= klen;
> --    this->buf_len= 0;
> -+    this->source_tail_len= 0;
> -     if (ivlen)
> -       memcpy(oiv, iv, ivlen);
> -     DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
> -@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX
> -     return res;
> -   }
> -
> -+  /** Update last partial source block, stored in source_tail array. */
> -+  void update_source_tail(const uchar* src, uint slen)
> -+  {
> -+    if (!slen)
> -+      return;
> -+    uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
> -+    if (new_tail_len)
> -+    {
> -+      if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
> -+      {
> -+        memcpy(source_tail + source_tail_len, src, slen);
> -+      }
> -+      else
> -+      {
> -+        DBUG_ASSERT(slen > new_tail_len);
> -+        memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
> -+      }
> -+    }
> -+    source_tail_len= new_tail_len;
> -+  }
> -+
> -   int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
> -   {
> --    buf_len+= slen;
> -+    update_source_tail(src, slen);
> -     return MyCTX::update(src, slen, dst, dlen);
> -   }
> -
> -   int finish(uchar *dst, uint *dlen)
> -   {
> --    buf_len %= MY_AES_BLOCK_SIZE;
> --    if (buf_len)
> -+    if (source_tail_len)
> -     {
> --      uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
> -       /*
> -         Not much we can do, block ciphers cannot encrypt data that aren't
> -         a multiple of the block length. At least not without padding.
> -         Let's do something CTR-like for the last partial block.
> --
> --        NOTE this assumes that there are only buf_len bytes in the buf.
> --        If OpenSSL will change that, we'll need to change the implementation
> --        of this class too.
> -       */
> -       uchar mask[MY_AES_BLOCK_SIZE];
> -       uint mlen;
> -@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX
> -         return rc;
> -       DBUG_ASSERT(mlen == sizeof(mask));
> -
> --      for (uint i=0; i < buf_len; i++)
> --        dst[i]= buf[i] ^ mask[i];
> -+      for (uint i=0; i < source_tail_len; i++)
> -+        dst[i]= source_tail[i] ^ mask[i];
> -     }
> --    *dlen= buf_len;
> -+    *dlen= source_tail_len;
> -     return MY_AES_OK;
> -   }
> - };
> -diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c
> -index 34704e06..cbec2760 100644
> ---- a/unittest/mysys/aes-t.c
> -+++ b/unittest/mysys/aes-t.c
> -@@ -21,27 +21,96 @@
> - #include <string.h>
> - #include <ctype.h>
> -
> --#define DO_TEST(mode, nopad, slen, fill, dlen, hash)                    \
> --  SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported")     \
> --  {                                                                     \
> --    memset(src, fill, src_len= slen);                                   \
> --    ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT,              \
> --                    src, src_len, dst, &dst_len,                        \
> --                    key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK,     \
> --      "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad");     \
> --    if (!nopad)                                                         \
> --      ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
> --    my_md5(md5, (char*)dst, dst_len);                                   \
> --    ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5");  \
> --    ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,              \
> --                    dst, dst_len, ddst, &ddst_len,                      \
> --                    key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK,     \
> --       "decrypt " #mode " %u", dst_len);                                \
> --    ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
> -+
> -+/** Test streaming encryption, bytewise update.*/
> -+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
> -+                 unsigned int slen, unsigned char *dst, unsigned int *dlen,
> -+                 const unsigned char *key, unsigned int klen,
> -+                 const unsigned char *iv, unsigned int ivlen)
> -+{
> -+  /* Allocate context on odd address on stack, in order to
> -+   catch misalignment errors.*/
> -+  void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
> -+
> -+  int res1, res2;
> -+  uint d1= 0, d2;
> -+  uint i;
> -+
> -+  if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
> -+    return res1;
> -+  for (i= 0; i < slen; i++)
> -+  {
> -+    uint tmp_d1=0;
> -+    res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
> -+    if (res1)
> -+      return res1;
> -+    d1+= tmp_d1;
> -+    dst+= tmp_d1;
> -+  }
> -+  res2= my_aes_crypt_finish(ctx, dst, &d2);
> -+  *dlen= d1 + d2;
> -+  return res1 ? res1 : res2;
> -+}
> -+
> -+
> -+#ifndef HAVE_EncryptAes128Ctr
> -+const uint MY_AES_CTR=0xDEADBEAF;
> -+#endif
> -+#ifndef HAVE_EncryptAes128Gcm
> -+const uint MY_AES_GCM=0xDEADBEAF;
> -+#endif
> -+
> -+#define MY_AES_UNSUPPORTED(x)  (x == 0xDEADBEAF)
> -+
> -+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
> -+                    char fill, size_t dlen, const char *hash)
> -+{
> -+  uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
> -+  uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
> -+  uchar src[1000], dst[1100], dst2[1100], ddst[1000];
> -+  uchar md5[MY_MD5_HASH_SIZE];
> -+  uint src_len, dst_len, dst_len2, ddst_len;
> -+  int result;
> -+
> -+  if (MY_AES_UNSUPPORTED(mode))
> -+  {
> -+    skip(nopad?7:6, "%s not supported", mode_str);
> -+    return;
> -+  }
> -+  memset(src, fill, src_len= slen);
> -+  result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
> -+                       dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
> -+  ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
> -+     nopad ? "nopad" : "pad");
> -+
> -+  if (nopad)
> -+  {
> -+    result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
> -+                                src_len, dst2, &dst_len2, key, sizeof(key),
> -+                                iv, sizeof(iv));
> -+    ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
> -+    /* Compare with non-bytewise encryption result*/
> -+    ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
> -+       "memcmp bytewise  %s %u", mode_str, src_len);
> -+  }
> -+  else
> -+  {
> -+    int dst_len_real= my_aes_get_size(mode, src_len);
> -+    ok(dst_len_real= dst_len, "my_aes_get_size");
> -   }
> -+  my_md5(md5, (char *) dst, dst_len);
> -+  ok(dst_len == dlen, "md5 len");
> -+  ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
> -+  result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
> -+                       dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
> -+                       sizeof(iv));
> -+
> -+  ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
> -+  ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
> -+}
> -
> --#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
> --#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
> -+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
> -+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
> -
> - /* useful macro for debugging */
> - #define PRINT_MD5()                                     \
> -@@ -53,25 +122,15 @@
> -     printf("\"\n");                                     \
> -   } while(0);
> -
> --#ifndef HAVE_EncryptAes128Ctr
> --const uint MY_AES_CTR=0xDEADBEAF;
> --#endif
> --#ifndef HAVE_EncryptAes128Gcm
> --const uint MY_AES_GCM=0xDEADBEAF;
> --#endif
> -
> - int
> - main(int argc __attribute__((unused)),char *argv[])
> - {
> --  uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
> --  uchar iv[16]=  {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
> --  uchar src[1000], dst[1100], ddst[1000];
> --  uchar md5[MY_MD5_HASH_SIZE];
> --  uint src_len, dst_len, ddst_len;
> -
> -   MY_INIT(argv[0]);
> -
> --  plan(87);
> -+  plan(122);
> -+
> -   DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
> -   DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
> -   DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
> ---
> -2.25.1
> -
> diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.8.3.bb
> similarity index 100%
> rename from meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb
> rename to meta-oe/recipes-dbs/mysql/mariadb_10.8.3.bb
> --
> 2.25.1
>
>
>
>


[meta-python] [PATCH] python3-zeroconf: upgrade 0.38.6 -> 0.38.7

wangmy
 

Changelog:
==========
Performance improvements for parsing incoming packet data (#1076)

Signed-off-by: Wang Mingyu <wangmy@...>
---
.../{python3-zeroconf_0.38.6.bb => python3-zeroconf_0.38.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-zeroconf_0.38.6.bb => python3-zeroconf_0.38.7.bb} (80%)

diff --git a/meta-python/recipes-devtools/python/python3-zeroconf_0.38.6.bb b/meta-python/recipes-devtools/python/python3-zeroconf_0.38.7.bb
similarity index 80%
rename from meta-python/recipes-devtools/python/python3-zeroconf_0.38.6.bb
rename to meta-python/recipes-devtools/python/python3-zeroconf_0.38.7.bb
index bf97e4ff9..3f67f5fc8 100644
--- a/meta-python/recipes-devtools/python/python3-zeroconf_0.38.6.bb
+++ b/meta-python/recipes-devtools/python/python3-zeroconf_0.38.7.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/jstasiak/python-zeroconf"
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bb705b228ea4a14ea2728215b780d80"

-SRC_URI[sha256sum] = "c98f87a9145c58ad544cf1708b5eb2f444d40cd5defc69c88eeaac0527a28795"
+SRC_URI[sha256sum] = "eaee2293e5f4e6d249f6155f9d3cca1668cb22b2545995ea72c6a03b4b7706d4"

inherit pypi setuptools3

--
2.25.1


[meta-python] [PATCH] python3-pandas: upgrade 1.4.2 -> 1.4.3

wangmy
 

Signed-off-by: Wang Mingyu <wangmy@...>
---
.../python/{python3-pandas_1.4.2.bb => python3-pandas_1.4.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-pandas_1.4.2.bb => python3-pandas_1.4.3.bb} (89%)

diff --git a/meta-python/recipes-devtools/python/python3-pandas_1.4.2.bb b/meta-python/recipes-devtools/python/python3-pandas_1.4.3.bb
similarity index 89%
rename from meta-python/recipes-devtools/python/python3-pandas_1.4.2.bb
rename to meta-python/recipes-devtools/python/python3-pandas_1.4.3.bb
index 6d0f669d5..2d3333c3e 100644
--- a/meta-python/recipes-devtools/python/python3-pandas_1.4.2.bb
+++ b/meta-python/recipes-devtools/python/python3-pandas_1.4.3.bb
@@ -6,7 +6,7 @@ HOMEPAGE = "http://pandas.pydata.org/"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3f23c5c092b74d245d48eeef72bc3fd2"

-SRC_URI[sha256sum] = "92bc1fc585f1463ca827b45535957815b7deb218c549b7c18402c322c7549a12"
+SRC_URI[sha256sum] = "2ff7788468e75917574f080cd4681b27e1a7bf36461fe968b49a87b5a54d007c"

inherit pypi setuptools3

--
2.25.1


[meta-python] [PATCH] python3-jmespath: upgrade 1.0.0 -> 1.0.1

wangmy
 

Signed-off-by: Wang Mingyu <wangmy@...>
---
.../{python3-jmespath_1.0.0.bb => python3-jmespath_1.0.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-jmespath_1.0.0.bb => python3-jmespath_1.0.1.bb} (81%)

diff --git a/meta-python/recipes-devtools/python/python3-jmespath_1.0.0.bb b/meta-python/recipes-devtools/python/python3-jmespath_1.0.1.bb
similarity index 81%
rename from meta-python/recipes-devtools/python/python3-jmespath_1.0.0.bb
rename to meta-python/recipes-devtools/python/python3-jmespath_1.0.1.bb
index f454d6462..73f5f4d02 100644
--- a/meta-python/recipes-devtools/python/python3-jmespath_1.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-jmespath_1.0.1.bb
@@ -4,7 +4,7 @@ SECTION = "devel/python"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2683790f5fabb41a3f75b70558799eb4"

-SRC_URI[sha256sum] = "a490e280edd1f57d6de88636992d05b71e97d69a26a19f058ecf7d304474bf5e"
+SRC_URI[sha256sum] = "90261b206d6defd58fdd5e85f478bf633a2901798906be2ad389150c5c60edbe"

inherit pypi setuptools3

--
2.25.1


[meta-python] [PATCH] python3-ifaddr: upgrade 0.1.7 -> 0.2.0

wangmy
 

Signed-off-by: Wang Mingyu <wangmy@...>
---
.../python/{python3-ifaddr_0.1.7.bb => python3-ifaddr_0.2.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-ifaddr_0.1.7.bb => python3-ifaddr_0.2.0.bb} (77%)

diff --git a/meta-python/recipes-devtools/python/python3-ifaddr_0.1.7.bb b/meta-python/recipes-devtools/python/python3-ifaddr_0.2.0.bb
similarity index 77%
rename from meta-python/recipes-devtools/python/python3-ifaddr_0.1.7.bb
rename to meta-python/recipes-devtools/python/python3-ifaddr_0.2.0.bb
index b73063eaa..6c97c374e 100644
--- a/meta-python/recipes-devtools/python/python3-ifaddr_0.1.7.bb
+++ b/meta-python/recipes-devtools/python/python3-ifaddr_0.2.0.bb
@@ -5,7 +5,7 @@ LICENSE = "MIT"

LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8debe8d42320ec0ff24665319b625a5e"

-SRC_URI[sha256sum] = "1f9e8a6ca6f16db5a37d3356f07b6e52344f6f9f7e806d618537731669eb1a94"
+SRC_URI[sha256sum] = "cc0cbfcaabf765d44595825fb96a99bb12c79716b73b44330ea38ee2b0c4aed4"

inherit pypi setuptools3

--
2.25.1

2201 - 2220 of 99863