From 9850bfc5515198d4a9cae90a696cfae1728f6146 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Fri, 14 Mar 2025 21:50:30 +0100 Subject: [PATCH] fluentbit: upgrade 3.2.1 -> 3.2.8 Handle CVE-2024-50608 and CVE-2024-50609 (in 3.2.7). Drop two patches addressed upstream. Refresh remaining patches. zstd is now bundled without possibility to unbundle. Signed-off-by: Peter Marko Signed-off-by: Khem Raj --- ...rivate-makefile-targets-in-CMakelist.patch | 10 ++-- ...ts.txt-Revise-init-manager-deduction.patch | 4 +- ...d-cmake-try_run-when-cross-compiling.patch | 42 -------------- ..._text.c-fix-wrong-pointer-assignment.patch | 56 ------------------- ...{fluentbit_3.2.1.bb => fluentbit_3.2.8.bb} | 11 ++-- 5 files changed, 11 insertions(+), 112 deletions(-) delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0004-wasm-avoid-cmake-try_run-when-cross-compiling.patch delete mode 100644 meta-oe/recipes-extended/fluentbit/fluentbit/0005-cprof_encode_text.c-fix-wrong-pointer-assignment.patch rename meta-oe/recipes-extended/fluentbit/{fluentbit_3.2.1.bb => fluentbit_3.2.8.bb} (94%) diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-lib-Do-not-use-private-makefile-targets-in-CMakelist.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-lib-Do-not-use-private-makefile-targets-in-CMakelist.patch index 642a73dac2..fae98f1f5d 100644 --- a/meta-oe/recipes-extended/fluentbit/fluentbit/0001-lib-Do-not-use-private-makefile-targets-in-CMakelist.patch +++ b/meta-oe/recipes-extended/fluentbit/fluentbit/0001-lib-Do-not-use-private-makefile-targets-in-CMakelist.patch @@ -70,8 +70,8 @@ diff --git a/lib/ctraces/CMakeLists.txt b/lib/ctraces/CMakeLists.txt index e47ba022d..0ddfd5f97 100644 --- a/lib/ctraces/CMakeLists.txt +++ b/lib/ctraces/CMakeLists.txt -@@ -30,12 +30,8 @@ set(CTR_VERSION_MINOR 5) - set(CTR_VERSION_PATCH 7) +@@ -30,12 +30,8 @@ set(CTR_VERSION_MINOR 6) + set(CTR_VERSION_PATCH 0) set(CTR_VERSION_STR "${CTR_VERSION_MAJOR}.${CTR_VERSION_MINOR}.${CTR_VERSION_PATCH}") -# Define __FILENAME__ consistently across Operating Systems @@ -95,9 +95,9 @@ index 028240bcc..b386cb726 100644 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -Wall -Wextra") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$$(subst ${CMAKE_SOURCE_DIR}/,,$$(abspath \$$<))\"'") -else() --set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__") - endif() -+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__") ++endif() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__") +-endif() # Monkey Version set(MK_VERSION_MAJOR 1) diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0003-CMakeLists.txt-Revise-init-manager-deduction.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0003-CMakeLists.txt-Revise-init-manager-deduction.patch index 4da1650bc1..8dd4da47ec 100644 --- a/meta-oe/recipes-extended/fluentbit/fluentbit/0003-CMakeLists.txt-Revise-init-manager-deduction.patch +++ b/meta-oe/recipes-extended/fluentbit/fluentbit/0003-CMakeLists.txt-Revise-init-manager-deduction.patch @@ -18,7 +18,7 @@ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8404b65c1..0c7876058 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt -@@ -540,7 +540,7 @@ if(FLB_BINARY) +@@ -546,7 +546,7 @@ if(FLB_BINARY) set(SYSTEMD_UNITDIR /lib/systemd/system) endif() @@ -27,7 +27,7 @@ index 8404b65c1..0c7876058 100644 set(FLB_SYSTEMD_SCRIPT "${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.service") configure_file( "${PROJECT_SOURCE_DIR}/init/systemd.in" -@@ -548,7 +548,7 @@ if(FLB_BINARY) +@@ -554,7 +554,7 @@ if(FLB_BINARY) ) install(FILES ${FLB_SYSTEMD_SCRIPT} COMPONENT binary DESTINATION ${SYSTEMD_UNITDIR}) install(DIRECTORY DESTINATION ${FLB_INSTALL_CONFDIR} COMPONENT binary) diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0004-wasm-avoid-cmake-try_run-when-cross-compiling.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0004-wasm-avoid-cmake-try_run-when-cross-compiling.patch deleted file mode 100644 index b711b413bd..0000000000 --- a/meta-oe/recipes-extended/fluentbit/fluentbit/0004-wasm-avoid-cmake-try_run-when-cross-compiling.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 5f3bfd51851c6700b4dfd2ac25e83e5306b923f8 Mon Sep 17 00:00:00 2001 -From: Patrick Wicki -Date: Sat, 5 Oct 2024 21:36:12 +0200 -Subject: [PATCH] wasm: avoid cmake try_run when cross-compiling for x86 - -This fixes building the wasm micro runtime used when enabling wasm -support in fluentbit. -cmake try_run does not work when cross-compiling because the test program -cannot be executed: - -| CMake Error: try_run() invoked in cross-compiling mode, please set the following cache variables appropriately: -| TEST_WRGSBASE_RESULT (advanced) -| For details see .../fluentbit/3.1.9/build/TryRunResults.cmake -| Write linear memory base addr to x86 GS register disabled -| -- Configuring incomplete, errors occurred! - -Since we cannot run the test program, assume that the instruction is not -available and disable the option. - -This patch is no longer needed once fluentbit updates WAMR, as it's been -fixed in https://github.com/bytecodealliance/wasm-micro-runtime/pull/3066. - -Upstream-Status: Pending [https://github.com/fluent/fluent-bit/pull/8744] - -Signed-off-by: Patrick Wicki ---- - .../build-scripts/config_common.cmake | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake b/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake -index e73ebc85f..c2504e007 100644 ---- a/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake -+++ b/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake -@@ -408,7 +408,7 @@ if (WAMR_BUILD_STATIC_PGO EQUAL 1) - add_definitions (-DWASM_ENABLE_STATIC_PGO=1) - message (" AOT static PGO enabled") - endif () --if (WAMR_DISABLE_WRITE_GS_BASE EQUAL 1) -+if (WAMR_DISABLE_WRITE_GS_BASE EQUAL 1 OR CMAKE_CROSSCOMPILING) - add_definitions (-DWASM_DISABLE_WRITE_GS_BASE=1) - message (" Write linear memory base addr to x86 GS register disabled") - elseif (WAMR_BUILD_TARGET STREQUAL "X86_64" diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit/0005-cprof_encode_text.c-fix-wrong-pointer-assignment.patch b/meta-oe/recipes-extended/fluentbit/fluentbit/0005-cprof_encode_text.c-fix-wrong-pointer-assignment.patch deleted file mode 100644 index 1d2513aefb..0000000000 --- a/meta-oe/recipes-extended/fluentbit/fluentbit/0005-cprof_encode_text.c-fix-wrong-pointer-assignment.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 2e39a3cea7d03721298e90fad70560c541b092a5 Mon Sep 17 00:00:00 2001 -From: Thomas Devoogdt -Date: Sat, 16 Nov 2024 20:55:37 +0100 -Subject: [PATCH] cprof_encode_text.c: fix wrong pointer assignment - -Fix cprofiles build. - -Upstream-Status: Submitted [https://github.com/fluent/cprofiles/pull/3] - -Signed-off-by: Thomas Devoogdt -Signed-off-by: Patrick Wicki ---- - lib/cprofiles/src/cprof_encode_text.c | 6 +++--- - lib/cprofiles/src/cprof_profile.c | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/lib/cprofiles/src/cprof_encode_text.c b/lib/cprofiles/src/cprof_encode_text.c -index 218a72b5b..ab2d6247d 100644 ---- a/lib/cprofiles/src/cprof_encode_text.c -+++ b/lib/cprofiles/src/cprof_encode_text.c -@@ -1909,7 +1909,7 @@ static int encode_cprof_resource_profiles( - struct cprof_resource_profiles *instance) { - int result; - struct cfl_list *iterator; -- struct cprof_scope_profile *scope_profile; -+ struct cprof_scope_profiles *scope_profiles; - - result = encode_string(context, - CFL_TRUE, -@@ -1958,11 +1958,11 @@ static int encode_cprof_resource_profiles( - - cfl_list_foreach(iterator, - &instance->scope_profiles) { -- scope_profile = cfl_list_entry( -+ scope_profiles = cfl_list_entry( - iterator, - struct cprof_scope_profiles, _head); - -- result = encode_cprof_scope_profiles(context, scope_profile); -+ result = encode_cprof_scope_profiles(context, scope_profiles); - - if (result != CPROF_ENCODE_TEXT_SUCCESS) { - return result; -diff --git a/lib/cprofiles/src/cprof_profile.c b/lib/cprofiles/src/cprof_profile.c -index 66d62b361..d059d0376 100644 ---- a/lib/cprofiles/src/cprof_profile.c -+++ b/lib/cprofiles/src/cprof_profile.c -@@ -98,7 +98,7 @@ void cprof_profile_destroy(struct cprof_profile *instance) - struct cfl_list *iterator_backup; - struct cprof_attribute_unit *attribute_unit; - struct cprof_value_type *value_type; -- struct cprof_mapping *location; -+ struct cprof_location *location; - struct cprof_function *function; - struct cfl_list *iterator; - struct cprof_mapping *mapping; diff --git a/meta-oe/recipes-extended/fluentbit/fluentbit_3.2.1.bb b/meta-oe/recipes-extended/fluentbit/fluentbit_3.2.8.bb similarity index 94% rename from meta-oe/recipes-extended/fluentbit/fluentbit_3.2.1.bb rename to meta-oe/recipes-extended/fluentbit/fluentbit_3.2.8.bb index 30a62dbc12..fbaee9e121 100644 --- a/meta-oe/recipes-extended/fluentbit/fluentbit_3.2.1.bb +++ b/meta-oe/recipes-extended/fluentbit/fluentbit_3.2.8.bb @@ -17,14 +17,12 @@ DEPENDS = "\ " DEPENDS:append:libc-musl = " fts" -SRCREV = "600b5a955b5ef7b9d025e0c128432260d0c6a5f1" +SRCREV = "d13e8e4ab2029fa92600b7d1d0da28f8dcc350eb" SRC_URI = "\ - git://github.com/fluent/fluent-bit.git;branch=master;protocol=https \ + git://github.com/fluent/fluent-bit.git;branch=3.2;protocol=https \ file://0001-lib-Do-not-use-private-makefile-targets-in-CMakelist.patch \ file://0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch \ file://0003-CMakeLists.txt-Revise-init-manager-deduction.patch \ - file://0004-wasm-avoid-cmake-try_run-when-cross-compiling.patch \ - file://0005-cprof_encode_text.c-fix-wrong-pointer-assignment.patch \ " SRC_URI:append:libc-musl = "\ file://0004-chunkio-Link-with-fts-library-with-musl.patch \ @@ -114,9 +112,8 @@ PACKAGECONFIG[windows-defaults] = "-DFLB_WINDOWS_DEFAULTS=Yes,-DFLB_WINDOWS_DEFA # individual plugins then to enable (e.g. using EXTRA_OECMAKE:append = " -DFLB_FOOBAR=ON") PACKAGECONFIG[minimal] = "-DFLB_MINIMAL=Yes,-DFLB_MINIMAL=No" -# Without zstd dependency, kafka plugin build fails at link attempt against native libzstd.so -PACKAGECONFIG[in-kafka] = "-DFLB_IN_KAFKA=ON,-DFLB_IN_KAFKA=OFF,librdkafka zstd curl" -PACKAGECONFIG[out-kafka] = "-DFLB_OUT_KAFKA=ON,-DFLB_OUT_KAFKA=OFF,librdkafka zstd curl" +PACKAGECONFIG[in-kafka] = "-DFLB_IN_KAFKA=ON,-DFLB_IN_KAFKA=OFF,librdkafka curl" +PACKAGECONFIG[out-kafka] = "-DFLB_OUT_KAFKA=ON,-DFLB_OUT_KAFKA=OFF,librdkafka curl" SYSTEMD_SERVICE:${PN} = "fluent-bit.service"