This repository has been archived by the owner on Aug 15, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
- Loading branch information
1 parent
9ad1806
commit 7f53998
Showing
104 changed files
with
8,350 additions
and
771 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
meta-openbmc-mods/meta-common/classes/github-releases.bbclass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
GITHUB_BASE_URI ?= "https://github.com/${BPN}/${BPN}/releases/" | ||
UPSTREAM_CHECK_URI ?= "${GITHUB_BASE_URI}" | ||
UPSTREAM_CHECK_REGEX ?= "releases/tag/v?(?P<pver>\d+(\.\d+)+)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 53 additions & 0 deletions
53
meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/CVE-2023-1981.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 | ||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
Date: Thu, 17 Nov 2022 01:51:53 +0100 | ||
Subject: [PATCH] Emit error if requested service is not found | ||
|
||
It currently just crashes instead of replying with error. Check return | ||
value and emit error instead of passing NULL pointer to reply. | ||
|
||
Fixes #375 | ||
--- | ||
avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ | ||
1 file changed, 14 insertions(+), 6 deletions(-) | ||
|
||
diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c | ||
index 70d7687bc..406d0b441 100644 | ||
--- a/avahi-daemon/dbus-protocol.c | ||
+++ b/avahi-daemon/dbus-protocol.c | ||
@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM | ||
} | ||
|
||
t = avahi_alternative_host_name(n); | ||
- avahi_dbus_respond_string(c, m, t); | ||
- avahi_free(t); | ||
+ if (t) { | ||
+ avahi_dbus_respond_string(c, m, t); | ||
+ avahi_free(t); | ||
|
||
- return DBUS_HANDLER_RESULT_HANDLED; | ||
+ return DBUS_HANDLER_RESULT_HANDLED; | ||
+ } else { | ||
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); | ||
+ } | ||
} | ||
|
||
static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB | ||
} | ||
|
||
t = avahi_alternative_service_name(n); | ||
- avahi_dbus_respond_string(c, m, t); | ||
- avahi_free(t); | ||
+ if (t) { | ||
+ avahi_dbus_respond_string(c, m, t); | ||
+ avahi_free(t); | ||
|
||
- return DBUS_HANDLER_RESULT_HANDLED; | ||
+ return DBUS_HANDLER_RESULT_HANDLED; | ||
+ } else { | ||
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); | ||
+ } | ||
} | ||
|
||
static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { |
1 change: 1 addition & 0 deletions
1
meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi_%.bbappend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" | ||
|
||
SRC_URI += " \ | ||
file://CVE-2023-1981.patch \ | ||
" |
62 changes: 62 additions & 0 deletions
62
...ipes-connectivity/openssl/openssl/0003-Add-support-for-io_pgetevents_time64-syscall.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
From 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Mon Sep 17 00:00:00 2001 | ||
From: Alistair Francis <alistair.francis@wdc.com> | ||
Date: Thu, 29 Aug 2019 13:56:21 -0700 | ||
Subject: [PATCH] Add support for io_pgetevents_time64 syscall | ||
|
||
32-bit architectures that are y2038 safe don't include syscalls that use | ||
32-bit time_t. Instead these architectures have suffixed syscalls that | ||
always use a 64-bit time_t. In the case of the io_getevents syscall the | ||
syscall has been replaced with the io_pgetevents_time64 syscall instead. | ||
|
||
This patch changes the io_getevents() function to use the correct | ||
syscall based on the avaliable syscalls and the time_t size. We will | ||
only use the new 64-bit time_t syscall if the architecture is using a | ||
64-bit time_t. This is to avoid having to deal with 32/64-bit | ||
conversions and relying on a 64-bit timespec struct on 32-bit time_t | ||
platforms. As of Linux 5.3 there are no 32-bit time_t architectures | ||
without __NR_io_getevents. In the future if a 32-bit time_t architecture | ||
wants to use the 64-bit syscalls we can handle the conversion. | ||
|
||
This fixes build failures on 32-bit RISC-V. | ||
|
||
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> | ||
|
||
Reviewed-by: Richard Levitte <levitte@openssl.org> | ||
Reviewed-by: Paul Dale <paul.dale@oracle.com> | ||
(Merged from https://github.com/openssl/openssl/pull/9819) | ||
Upstream-Status: Accepted | ||
--- | ||
engines/e_afalg.c | 16 ++++++++++++++++ | ||
1 file changed, 16 insertions(+) | ||
|
||
diff --git a/engines/e_afalg.c b/engines/e_afalg.c | ||
index dacbe358cb..99516cb1bb 100644 | ||
--- a/engines/e_afalg.c | ||
+++ b/engines/e_afalg.c | ||
@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, | ||
struct io_event *events, | ||
struct timespec *timeout) | ||
{ | ||
+#if defined(__NR_io_getevents) | ||
return syscall(__NR_io_getevents, ctx, min, max, events, timeout); | ||
+#elif defined(__NR_io_pgetevents_time64) | ||
+ /* Let's only support the 64 suffix syscalls for 64-bit time_t. | ||
+ * This simplifies the code for us as we don't need to use a 64-bit | ||
+ * version of timespec with a 32-bit time_t and handle converting | ||
+ * between 64-bit and 32-bit times and check for overflows. | ||
+ */ | ||
+ if (sizeof(timeout->tv_sec) == 8) | ||
+ return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL); | ||
+ else { | ||
+ errno = ENOSYS; | ||
+ return -1; | ||
+ } | ||
+#else | ||
+# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64." | ||
+#endif | ||
} | ||
|
||
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, | ||
-- | ||
2.30.1 | ||
|
99 changes: 99 additions & 0 deletions
99
...es-connectivity/openssl/openssl/0004-Fixup-support-for-io_pgetevents_time64-syscall.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
From e5499a3cac1e823c3e0697e8667e952317b70cc8 Mon Sep 17 00:00:00 2001 | ||
From: Alistair Francis <alistair.francis@wdc.com> | ||
Date: Thu, 4 Mar 2021 12:10:11 -0500 | ||
Subject: [PATCH] Fixup support for io_pgetevents_time64 syscall | ||
|
||
This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc | ||
"Add support for io_pgetevents_time64 syscall" that didn't correctly | ||
work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V. | ||
|
||
For a full discussion of the issue see: | ||
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc | ||
|
||
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> | ||
|
||
Reviewed-by: Tomas Mraz <tomas@openssl.org> | ||
Reviewed-by: Paul Dale <pauli@openssl.org> | ||
(Merged from https://github.com/openssl/openssl/pull/14432) | ||
Upstream-Status: Accepted | ||
--- | ||
engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++----------- | ||
1 file changed, 42 insertions(+), 13 deletions(-) | ||
|
||
diff --git a/engines/e_afalg.c b/engines/e_afalg.c | ||
index 9480d7c24b..4e9d67db2d 100644 | ||
--- a/engines/e_afalg.c | ||
+++ b/engines/e_afalg.c | ||
@@ -124,27 +124,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb) | ||
return syscall(__NR_io_submit, ctx, n, iocb); | ||
} | ||
|
||
+/* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */ | ||
+struct __timespec32 | ||
+{ | ||
+ __kernel_long_t tv_sec; | ||
+ __kernel_long_t tv_nsec; | ||
+}; | ||
+ | ||
static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, | ||
struct io_event *events, | ||
struct timespec *timeout) | ||
{ | ||
+#if defined(__NR_io_pgetevents_time64) | ||
+ /* Check if we are a 32-bit architecture with a 64-bit time_t */ | ||
+ if (sizeof(*timeout) != sizeof(struct __timespec32)) { | ||
+ int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events, | ||
+ timeout, NULL); | ||
+ if (ret == 0 || errno != ENOSYS) | ||
+ return ret; | ||
+ } | ||
+#endif | ||
+ | ||
#if defined(__NR_io_getevents) | ||
- return syscall(__NR_io_getevents, ctx, min, max, events, timeout); | ||
-#elif defined(__NR_io_pgetevents_time64) | ||
- /* Let's only support the 64 suffix syscalls for 64-bit time_t. | ||
- * This simplifies the code for us as we don't need to use a 64-bit | ||
- * version of timespec with a 32-bit time_t and handle converting | ||
- * between 64-bit and 32-bit times and check for overflows. | ||
- */ | ||
- if (sizeof(timeout->tv_sec) == 8) | ||
- return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL); | ||
+ if (sizeof(*timeout) == sizeof(struct __timespec32)) | ||
+ /* | ||
+ * time_t matches our architecture length, we can just use | ||
+ * __NR_io_getevents | ||
+ */ | ||
+ return syscall(__NR_io_getevents, ctx, min, max, events, timeout); | ||
else { | ||
- errno = ENOSYS; | ||
- return -1; | ||
+ /* | ||
+ * We don't have __NR_io_pgetevents_time64, but we are using a | ||
+ * 64-bit time_t on a 32-bit architecture. If we can fit the | ||
+ * timeout value in a 32-bit time_t, then let's do that | ||
+ * and then use the __NR_io_getevents syscall. | ||
+ */ | ||
+ if (timeout && timeout->tv_sec == (long)timeout->tv_sec) { | ||
+ struct __timespec32 ts32; | ||
+ | ||
+ ts32.tv_sec = (__kernel_long_t) timeout->tv_sec; | ||
+ ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec; | ||
+ | ||
+ return syscall(__NR_io_getevents, ctx, min, max, events, ts32); | ||
+ } else { | ||
+ return syscall(__NR_io_getevents, ctx, min, max, events, NULL); | ||
+ } | ||
} | ||
-#else | ||
-# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64." | ||
#endif | ||
+ | ||
+ errno = ENOSYS; | ||
+ return -1; | ||
} | ||
|
||
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, | ||
-- | ||
2.30.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.