Updating to the latest korg -stable release that comprises
the following commits:
24c4de4069cb Linux 5.15.126
aeb4db8ab7f1 PM: sleep: wakeirq: fix wake irq arming
b5d3a4251bd2 PM / wakeirq: support enabling wake-up irq after runtime_suspend called
a36b522767f3 soundwire: fix enumeration completion
7996facaf0ee soundwire: bus: pm_runtime_request_resume on peripheral attachment
c91c07ae0849 selftests/rseq: Play nice with binaries statically linked against glibc 2.35+
1cdb50faf7f7 selftests/rseq: check if libc rseq support is registered
0f1f471b91f4 drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
5058c1444040 powerpc/mm/altmap: Fix altmap boundary check
eb7a5e4d14c8 mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
70643e98cbc3 mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
1796b492f8cc mtd: rawnand: rockchip: fix oobfree offset and description
f6807b62fb0e mtd: rawnand: omap_elm: Fix incorrect type in assignment
596be6716bc5 ext2: Drop fragment support
0ccfe21949bc fs: Protect reconfiguration of sb read-write from racing writes
27d0f755d649 net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
fbe5a2fed815 Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
afd9a31b5aa4 fs/sysv: Null check to prevent null-ptr-deref bug
80ec112c1996 fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
0d6f639f1dcd file: reinstate f_pos locking optimization for regular files
b44d28b98f18 bpf, cpumap: Make sure kthread is running before map update returns
8089eb93d678 drm/ttm: check null pointer before accessing when swapping
ef0d07c66843 open: make RESOLVE_CACHED correctly test for O_TMPFILE
c81bdf8f9f2b bpf: Disable preemption in bpf_event_output
ae07cfe2b099 rbd: prevent busy loop when requesting exclusive lock
7978bcca4c1f wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
32ca6a55e10e net: tap_open(): set sk_uid from current_fsuid()
4ed3eed99ee6 net: tun_chr_open(): set sk_uid from current_fsuid()
adacc3a954fa arm64: dts: stratix10: fix incorrect I2C property for SCL signal
b92c88009da1 mtd: rawnand: meson: fix OOB available bytes for ECC
b0875c583e41 mtd: spinand: toshiba: Fix ecc_get_status
1c33ca1e1974 exfat: release s_lock before calling dir_emit()
8a34a242cf03 exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
a74878207b02 x86/CPU/AMD: Do not leak quotient data after a division by 0
b8f029fc4075 firmware: arm_scmi: Drop OF node reference in the transport channel setup
287c2c8677ed ceph: defer stopping mdsc delayed_work
98b521d10e73 USB: zaurus: Add ID for A-300/B-500/C-700
cd6872f2cf56 libceph: fix potential hang in ceph_osdc_notify()
e5f5b4a89809 scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
212a9a3c67be scsi: zfcp: Defer fc_rport blocking until after ADISC response
dac382725394 tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
4517782e1bc3 tcp_metrics: annotate data-races around tm->tcpm_net
e842a68667d4 tcp_metrics: annotate data-races around tm->tcpm_vals[]
d3184bea4ace tcp_metrics: annotate data-races around tm->tcpm_lock
9a7367cbe33d tcp_metrics: annotate data-races around tm->tcpm_stamp
6f6bd67f4894 tcp_metrics: fix addr_same() helper
b0acbcf1e7a1 prestera: fix fallback to previous version on same major version
d6d9d0f5a5e0 net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
c999fb1039dd net/mlx5: fs_core: Make find_closest_ft more generic
32ef2c0c6cf1 vxlan: Fix nexthop hash size
1bb54a21f4d9 ip6mr: Fix skb_under_panic in ip6mr_cache_report()
64e3affee288 s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
a0da2684db18 net: dcb: choose correct policy to parse DCB_ATTR_BCN
193333229aac net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
766c9dd00c5f net: korina: handle clk prepare error in korina_probe()
6cecfdf65053 net: ll_temac: fix error checking of irq_of_parse_and_map()
3761ff4f8670 net: ll_temac: Switch to use dev_err_probe() helper
5c534640a7da bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
79c3d81c9ad1 net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
9edf7955025a net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
262430dfc618 net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
b58d34068fd9 bpf, cpumap: Handle skb as well when clean up ptr_ring
f04f6d9b3b06 net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
2c55d4941518 net: add missing data-race annotation for sk_ll_usec
e934c50c48e2 net: add missing data-race annotations around sk->sk_peek_off
fdd8d8d54d6a net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
98f0d1db3a27 net: add missing READ_ONCE(sk->sk_sndbuf) annotation
0d1047b77b23 net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
6c058a1f67f0 net: annotate data-races around sk->sk_max_pacing_rate
2950c5ac65b3 qed: Fix scheduling in a tasklet while getting stats
a19952dbb5b6 qed: Fix kernel-doc warnings
6d8c259f4827 mISDN: hfcpci: Fix potential deadlock on &hc->lock
8dedcc6af341 net: sched: cls_u32: Fix match key mis-addressing
675d29de69c7 perf test uprobe_from_different_cu: Skip if there is no gcc
0f6e3d8d7f91 net: dsa: fix value check in bcm_sf2_sw_probe()
047508edd602 rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
cc9ebceaa6d0 bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
8f9a04c742e1 net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
00cecb0a8f9e net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
4c224ea31bed wifi: cfg80211: Fix return value in scan logic
8e72db3ffa5d KVM: s390: fix sthyi error handling
809edb4262f0 word-at-a-time: use the same return type for has_zero regardless of endianness
b7880809d75d arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
804e72062be4 iommu/arm-smmu-v3: Document nesting-related errata
744e6b80b830 iommu/arm-smmu-v3: Add explicit feature for nesting
fd86b5944215 iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
2de9f3dcfe63 iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
a850fa85d477 arm64: errata: Add detection for TRBE write to out-of-range
073699df4a09 arm64: errata: Add workaround for TSB flush failures
44b45e8161a5 net/mlx5: Free irqs only on shutdown callback
40601542c43c perf: Fix function pointer case
c12fa4ac8997 io_uring: gate iowait schedule on having pending requests
(From OE-Core rev: 0cb9289e67ad5da4c9612daf74aa8ff51c3c9c75)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Depending on the version of glibc, localtime_r() must
be preceded by a call to tzset() or it will ignore any
value of TZ in the environment. This problem will only
be seen when building file-native on outdated hosts.
(From OE-Core rev: c99d7fc46a1070b1c659ed16fbff6a3553aaf209)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 791145f3064d7807630d3591b9e7c7b2dc37152c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch for Libwebp 1.3.1 to fix CVE-2023-5129.
(From OE-Core rev: 852068debb268669699ad9a8dbe44907a19aa482)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This document was suggesting a way to version pre-releases
which doesn't match the latest recommendations from the
contributor guide.
(From yocto-docs rev: bb74a9f83b84fa0d2836ed09175cac3c671b1042)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace "duplicate" by "obsolete", more appropriate.
"duplicate" probably comes from the "--remove-duplicated"
option of the sstate-cache-management.sh script.
Improve other sentences too.
(From yocto-docs rev: e893d66999a97732780ff2b1ba6fb7e6e9d2eff7)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CC: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Take advantage of this edit to also fix alignment
issues in the sources.
(From yocto-docs rev: 6d17f91c3078b5aeb6fa4acab8c9a0ff8e962fa5)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Variable overrides in KCONFIG_CONFIG_COMMAND do not work as expected due
to double quote mismatches. The issue is reproducible in an environment
where gold is the default linker. Below is an example snippet of
run.do_terminal generated by do_menuconfig.
do_terminal() {
exec sh -c "make menuconfig CC="aarch64-webos-linux-gcc ..."
LD="aarch64-webos-linux-ld.bfd ..."
...
}
Although LD override is set to bfd correctly, it is not passed to make
and make menuconfig ends up with messages like:
| gold linker is not supported as it is not capable of linking the kernel proper.
| scripts/Kconfig.include:56: Sorry, this linker is not supported.
(From OE-Core rev: 9c483765db762dbe8020423c8778518612b7e5f7)
(From OE-Core rev: 75f8485d7862b08e2f96f919e992d203df6c8d9c)
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4664d2b79)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The gcc_multilib_setup function is a function that is run at the
do_configure step, so it's counted into the signature computation.
The MULTILIB_VARIANTS this function uses is also extracted to be
taken into consideration. After the change of setting MULTILIB_VARIANTS
explictly vardeps on MULTILIBS, the change of MULTILIBS changes the
signature, thus causing rebuilding. However, in case of gcc-crosssdk,
the setting of multilib should have no effect on it, as it's used
to build nativesdk packages, not the target packages. So ignore
MULTILIB_VARIANTS in signature computation. This fixes oe-selftest
case sstatetests.SStateHashSameSigs2.test_sstate_nativesdk_samesigs_multilib.
(From OE-Core rev: 537c71162a711dec32a63a657c4b101269a3e267)
(From OE-Core rev: 6b87f7c9e955abe5833820ee7eda9d525c77d2ea)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch is to ensure recipes get rebuilt correctly and avoid
incorrect sstate cache reuse when toggling multilib.
The following steps show one example of such incorrect sstate cache reuse.
1. enable multilib && bitbake <some_image> -c populate_sdk
2. disable multilib && bitbake <some_image> -c populate_sdk
The error message is as below:
Error:
Problem: conflicting requests
- nothing provides binutils-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
- nothing provides gcc-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
- nothing provides gdb-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
(try to add '--skip-broken' to skip uninstallable packages)
We get this error because packagegroup-cross-canadian recipe is
not rebuilt when it should be.
Current codes have tracked the dependency to MULTILIB_VARIANTS, as
shown in the following chain:
RDEPENDS:packagegroup-cross-canadian-intel-x86-64 ->
all_multilib_tune_values -> MULTILIB_VARIANTS.
However, MULTILIB_VARIANTS cannot automatically depend on MULTILIBS.
See some results from 'bitbake-dumpsigs' below:
List of dependencies for variable MULTILIB_VARIANTS is ['extend_variants']
Variable MULTILIB_VARIANTS value is ${@extend_variants(d,'MULTILIBS','multilib')}
It's obvious that the value of MULTILIB_VARIANTS depend on the
value of MULTILIBS, so let's set this dependency manually.
(From OE-Core rev: 9f47d8eb51816d16078a23c0cef4d697555f913f)
(From OE-Core rev: 8ed254dd5e44d0685e5b952f724af08d75ce3d9d)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
drop patch which is already part of 5.1.3.
0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
1eb002596e
0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965):
293dc39bca
ffmpeg-fix-vulkan.patch : 7268323193
(From OE-Core rev: aeee19cda946b67f33c7b7c02c86513676bc89bd)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
(From OE-Core rev: 663397edba278184a736e97aa602d3f96d2d937a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
============
Deprecate the 'dialup' and 'heartbeat-interval' options.
Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
Mark a primary server as temporarily unreachable if the TCP connection attempt times out.
Don't process detach and close netmgr events when the netmgr has been paused.
(cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564)
(From OE-Core rev: 3cb92c8746f589ef74e337e5866378e04a8133ef)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and
CVE-2023-41040 fixes and other bugfixes.
Changelog:
==========
- WIP Quick doc by @LeoDaCoda in #1608
- Partial clean up wrt mypy and black by @bodograumann in #1617
- Disable merge_includes in config writers by @bodograumann in #1618
- feat: full typing for "progress" parameter in Repo class by @madebylydia in #1634
- Fix CVE-2023-40590 by @EliahKagan in #1636
- #1566 Creating a lock now uses python built-in "open()" method to work arou… by @HageMaster3108 in #1619
- util: close lockfile after opening successfully by @skshetry in #1639
- Bump actions/checkout from 3 to 4 by @dependabot in #1643
- Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @CosmosAtlas in #1645
- Fix CVE-2023-41040 by @facutuesca in #1644
- Only make config more permissive in tests that need it by @EliahKagan in #1648
- Added test for PR #1645 submodule path by @CosmosAtlas in #1647
- Fix Windows environment variable upcasing bug by @EliahKagan in #1650
- Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in #1654
- Better document env_case test/fixture and cwd by @EliahKagan in #1657
- Remove spurious executable permissions by @EliahKagan in #1658
- Fix up checks in Makefile and make them portable by @EliahKagan in #1661
- Fix URLs that were redirecting to another license by @EliahKagan in #1662
- Assorted small fixes/improvements to root dir docs by @EliahKagan in #1663
- Use venv instead of virtualenv in test_installation by @EliahKagan in #1664
- Omit py_modules in setup by @EliahKagan in #1665
- Don't track code coverage temporary files by @EliahKagan in #1666
- Configure tox by @EliahKagan in #1667
- Format tests with black and auto-exclude untracked paths by @EliahKagan in #1668
- Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in #1673
- Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in #1675
- Remove @NoEffect annotations by @EliahKagan in #1677
- Add more checks for the validity of refnames by @facutuesca in #1672
Note that the changes to the license file are just removal of excess whitespace
(the extra blank line at the end, and spaces appearing at the end of lines).
References:
https://github.com/gitpython-developers/GitPython/releaseshttps://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rste1af18377f
(From OE-Core rev: 931af3758a2d79aea534ab6d23db392ede7cc1bb)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The override syntax should be ":allarch" instead of "_allarch".
(From OE-Core rev: 72d3ecb22fea59d2520997b3f0a0651557d69ae7)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bea74c9942a3bb4f71aca0f722b4a7306ae52fb4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This includes multiple CVE fixes.
The license change is due to changes in maintainership, the license
itself is unchanged.
(From OE-Core rev: a90e3d1bac7c965e357103c05bf31fd804b87c0b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91e66b93a0c0928f0c2cfe78e22898a6c9800f34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the QEMU built-in VNC server. When a client connects
to the VNC server, QEMU checks whether the current number of connections
crosses a certain threshold and if so, cleans up the previous connection.
If the previous connection happens to be in the handshake phase and fails,
QEMU cleans up the connection again, resulting in a NULL pointer dereference
issue. This could allow a remote unauthenticated client to cause a denial
of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3354
(From OE-Core rev: 8f0b34f7ad5ef842d60c9b93ce2c6142d3249890)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
":term:`Initramfs`" in bold text appears verbatim (no link is created).
The term link is present elsewhere in the text so remove the extra
markup.
(From yocto-docs rev: fc8e220290414dab45299d0ac829c8c461b1903c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- Update according to changes in SANITY_TESTED_DISTROS
(meta-poky/conf/distro/poky.conf)
- No longer declare as "Supported" the distributions versions
which are End of Life for their vendors, as some of them
(Ubuntu for example) ship updates to subscribers only,
which the Yocto Project has no access to.
- List distribution versions which were previously tested
for the branch of the Yocto Project being considered.
(From yocto-docs rev: fd5113b7e20844a44a2c9da37e1bc10034d46cfe)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add in stable updates to glibc 2.38 to fix malloc bugs
(From OE-Core rev: 055b7acd73a591cb529629a780558cc0f5b19456)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39f987fcb20ad7c0e45425b9f508d463c50ce0c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport and rebase patch to fix CVE-2023-32435 for webkitgtk 2.38.6:
* drop the patches for the files WasmAirIRGenerator64.cpp and
WasmAirIRGeneratorBase.h which are involved in 2.40.0
* drop test cases as well
CVE: CVE-2023-32435
(From OE-Core rev: c54f98d35f2cb276dc49a5ccd4813ccc34c6f668)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch to fix CVE-2023-32439 for webkitgtk.
CVE: CVE-2023-32439
(From OE-Core rev: 71edb4ec115208950ae5da5305b5fd75823121ec)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests due to receipt of the
`GOAWAY` frame skips de-allocation of the bookkeeping structure
and pending compressed header. The error return [code path] is
taken if connection is already marked for not sending more
requests due to `GOAWAY` frame. The clean-up code is right after
the return statement, causing memory leak. Denial of service
through memory exhaustion. This vulnerability was patched in
versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-35945https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
(From OE-Core rev: 18277a43f7fd6522a67f194f40595bc378468733)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From OE-Core rev: ff2288cd466c46c4e2cac24498b260037dba5071)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
vim 8.3 has been out for a long time, so this comment is obsolete.
However we still need UPSTREAM_VERSION_UNKNOWN, since we ignore
the last digit of the upstream version number.
Test result:
$ devtool check-upgrade-status vim
...
INFO: vim 9.0.1592 UNKNOWN Tom Rini <trini@konsulko.com> c0370529c027abc5b1698d53fcfb8c02a0c515da
(From OE-Core rev: 65f5de85c3f488136d1ec2b1f7fe8d8426d6c5b3)
(From OE-Core rev: 981fa51afe040550c7c351fff028553d4bbbd1ca)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 868a19357841470eb55fb7f1c4ab1af09dea99ed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We need to ensure this recipe doesn't have dependencies on others. The SPDX
classes/tasks introduce dependenies quilt-native and patch-native which can
introduce races on files in the sysroots. Avoid the races by removing the
tasks we don't need.
[YOCTO #15186]
(From OE-Core rev: a3e2e156c602e7fabf0024a6c9dc4603d327f08b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a5dc278b077edba8f4099f0f6dfb97e97f680320)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
04update-uuid and 07revert-inplace tests are unreliable and fail intermittently
on the autobuilder (BZ#15181 and BZ#15159). Unfortunately, the failures cannot
be reproduced locally and the logs cannot be retrieved from the AB.
Mark the testcases as BROKEN to skip them when running ptest.
(From OE-Core rev: f39988353743e35418a730bfd6b9a9b68d946641)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eb219aff7cfe1cff1da93107ac7b22c678c0000f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The kickstart parser defaults fstype to "vfat". This leads to an attempt
to create an empty file system even for regions configured with "--no-table"
if used without fstype when no --sourceparams given.
The fix tests for fstype "none" or no_table in Partition prepare method.
This will omit the file system creation an the potential error for small
region with --no-table option.
(From OE-Core rev: 47b395fe2dc393e82d0a42cfab96d134c1397a43)
Signed-off-by: Markus Niebel <Markus.Niebel@ew.tq-group.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit db771a4cd36bf291a8b68edfd905e03243f2c8b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
