Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
574362648507 Linux 5.15.151
4a4eeb691253 mptcp: fix double-free on socket dismantle
cc5e34bc5b20 Revert "tls: rx: move counting TlsDecryptErrors for sync"
9d5932275b3b net: tls: fix async vs NIC crypto offload
68dbe92d677c bpf: Derive source IP addr via bpf_*_fib_lookup()
39b4ee40d204 bpf: Add table ID to bpf_fib_lookup BPF helper
75ca92271da5 bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
20f5aafe521c Revert "interconnect: Teach lockdep about icc_bw_lock order"
fe549d8e9763 Revert "interconnect: Fix locking for runpm vs reclaim"
ead68522455b gpio: fix resource unwinding order in error path
ea514ac5f1be gpiolib: Fix the error path order in gpiochip_add_data_with_key()
c21b5ad4e79d gpio: 74x164: Enable output pins after registers are reset
6c480d0f1318 af_unix: Drop oob_skb ref before purging queue in GC.
2f3ae0905a7e Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe"
22850c9950a4 fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
94965be37add cachefiles: fix memory leak in cachefiles_add_cache()
cc32ba2fdf3f mptcp: fix possible deadlock in subflow diag
af46c8a0d8db mptcp: push at DSS boundaries
5101e9f11a87 mptcp: add needs_id for netlink appending addr
4ba8702b23e3 mptcp: clean up harmless false expressions
f431a58cb933 selftests: mptcp: add missing kconfig for NF Filter in v6
5d7f2e7d213f selftests: mptcp: add missing kconfig for NF Filter
55366b9ae937 mptcp: rename timer related helper to less confusing names
833d068e776a mptcp: process pending subflow error on close
305078c2741f mptcp: move __mptcp_error_report in protocol.c
fbd16a1e4b14 x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
077952157636 pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
5f6e8930ca96 mmc: sdhci-xenon: fix PHY init clock stability
f4fae0a76ee2 mmc: sdhci-xenon: add timeout for PHY init complete
52af4f26c02f mmc: core: Fix eMMC initialization with 1-bit bus connection
4529c084a320 dmaengine: fsl-qdma: init irq after reg initialization
2dee8895a25e dmaengine: ptdma: use consistent DMA masks
106c1ac953a6 dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
ab2d68655d0f btrfs: dev-replace: properly validate device names
063715c33b4c wifi: nl80211: reject iftype change with mesh ID change
9376d059a705 gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
cbf67001d647 ALSA: firewire-lib: fix to check cycle continuity
7d930a4da179 tomoyo: fix UAF write bug in tomoyo_write_control()
5941a90c55d3 riscv: Sparse-Memory/vmemmap out-of-bounds fix
80b15346492b afs: Fix endless loop in directory parsing
20a4b5214f7b fbcon: always restore the old font data in fbcon_do_set_font()
5eac17127e85 ALSA: Drop leftover snd-rtctimer stuff from Makefile
e601ae81910c power: supply: bq27xxx-i2c: Do not free non existing IRQ
4b73473c050a efi/capsule-loader: fix incorrect allocation size
5bc8810b788a tls: decrement decrypt_pending if no async completion will be called
9ae48288fc8b tls: rx: use async as an in-out argument
bdb7fb29236a tls: rx: assume crypto always calls our callback
2ec59e165549 tls: rx: move counting TlsDecryptErrors for sync
b61dbb5ef449 tls: rx: don't track the async count
4fd23a600be9 tls: rx: factor out writing ContentType to cmsg
9876554897b3 tls: rx: wrap decryption arguments in a structure
d6c9c2a66c91 tls: rx: don't report text length from the bowels of decrypt
ffc8a2b82141 tls: rx: drop unnecessary arguments from tls_setup_from_iter()
1abd49fa1ffb tls: hw: rx: use return value of tls_device_decrypted() to carry status
432d40036f17 tls: rx: refactor decrypt_skb_update()
17d8bda2a6fd tls: rx: don't issue wake ups when data is decrypted
de0970d258ef tls: rx: don't store the decryption status in socket context
4c68bf84d162 tls: rx: don't store the record type in socket context
f1e71909373e igb: extend PTP timestamp adjustments to i211
a1227b27fccc rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
7c3f28599652 netfilter: bridge: confirm multicast packets before passing them up the stack
3e9cd8913635 netfilter: let reset rules clean out conntrack entries
c3a84f83d9e5 netfilter: make function op structures const
2cb39bea7085 netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook
84d3baab4b89 netfilter: nfnetlink_queue: silence bogus compiler warning
4225152bfb77 netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
af1a9a925e46 Bluetooth: Enforce validation on max value of connection interval
c3df637266df Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
4cd28dae8210 Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
da4569d450b1 Bluetooth: Avoid potential use-after-free in hci_error_reset
8e9955630117 stmmac: Clear variable when destroying workqueue
28bbdb4e1993 uapi: in6: replace temporary label with rfc9486
1e2cbdbdfa76 net: usb: dm9601: fix wrong return value in dm9601_mdio_read
9b1f5c003284 veth: try harder when allocating queue memory
914c73e7872d net: enable memcg accounting for veth queues
8d4d26f51ef0 lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected
8a54834c03c3 ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
f011c103e654 net: veth: clear GRO when clearing XDP even when down
bf3f0c4169be cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back
cbfd27689b5e tun: Fix xdp_rxq_info's queue_index when detaching
afec0c5cd2ed net: ip_tunnel: prevent perpetual headroom growth
c71ed29d15b1 netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
386bb2537e9b mtd: spinand: gigadevice: Fix the get ecc status issue
00b19ee0dcc1 netfilter: nf_tables: disallow timeout for anonymous sets
(From OE-Core rev: 32f2aba4c4e90b86c1e11ac54dedd6a015c219a6)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the sms_decode_address_field() function during the SMS
PDU decoding. It is assumed that the attack scenario is accessible from a compromised
modem, a malicious base station, or just SMS.
(From OE-Core rev: 996c03dfb5295ec38286dee37c70c700b88e0a1e)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_submit_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_submit_report().
(From OE-Core rev: 51cf006ac7b5b97e65864fb1cb6f5b47192c4ebf)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If DROPBEAR_RSAKEY_DIR has already been set before, e.g. by overwriting
the file dropbear.default, the line will still be appended a second time.
DROPBEAR_RSAKEY_DIR="/path/to/dropbear"
DROPBEAR_EXTRA_ARGS="-B"
DROPBEAR_RSAKEY_DIR=/var/lib/dropbear
(Backport of rev: 6045314d29)
(From OE-Core rev: 8a502301209ef144932ef5071c1a9b738db23270)
Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw has been discovered in GnuTLS where an application crash can be induced
when attempting to verify a specially crafted .pem bundle using the
"certtool --verify-chain" command.
(From OE-Core rev: e63819fbabbde3d12df06ae302da70ab990df26d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability
that exploits deterministic behavior in systems like GnuTLS, leading to
side-channel leaks. In specific scenarios, such as when using the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in
nonce size from 513 to 512 bits, exposing a potential timing side-channel.
(From OE-Core rev: 18c4f65934331da48c597201c33334578e91a45d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
nghttp2 is an implementation of the Hypertext Transfer Protocol
version 2 in C. The nghttp2 library prior to version 1.61.0 keeps
reading the unbounded number of HTTP/2 CONTINUATION frames even
after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0
mitigates this vulnerability by limiting the number of CONTINUATION
frames it accepts per stream. There is no workaround for this
vulnerability.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-28182
(From OE-Core rev: 85e65af4727695d61c225a5911325764f423c331)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-24576 only applies when invoking batch files (with the `bat` and `cmd` extensions) on Windows & No other platform or use is affected.
More details about CVE is here: https://nvd.nist.gov/vuln/detail/CVE-2024-24576
(From OE-Core rev: 44e0b6b028657d32de5971d6a42a88767ef8c710)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As reported by "make sphinx-lint"
Tabs are even removed in Makefile examples,
as Sphinx turns them to spaces anyway in the generated output.
(From yocto-docs rev: fd1423141e7458ba557db465c171b0b4e9063987)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
To make it more obvious which directories are needed, pass only these to
*mkdir* and use the option `-p` to create the missing parents.
(From yocto-docs rev: 4ddcedca4b09e2c051b33a40659ffce1db2984f5)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As reported by "make sphinx-lint"
(From yocto-docs rev: 18d86626406fe07d4f62ef0b9168c0220b3dd90a)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Makes it possible to catch errors not reported by sphinx,
such as idle spaces. After customization, this should be used
to enforce our syntax conventions, such as two spaces after a "-"
character to introduce a list item.
Just run "make sphinx-lint".
(From yocto-docs rev: a735549a764f7cfebdc7534761b4d75dc523371a)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
reorder CVEs from alphabetical order to numerical order, align it
with text based release notes.
(From yocto-docs rev: a2ce17f656758db737c398263efa594604ca2271)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These test suites are full of timing-sensitive test cases, so skip
them too.
[ YOCTO #15321 ]
(From OE-Core rev: f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.
[ YOCTO #14825#14882#15081 ]
(From OE-Core rev: 161d336a6c57fddb36a0c4e8c2def84ce70128e3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Some tests hardcode assumptions on locales, which may not be present in
musl systems e.g., therefore add a way to skip such tests using -skip
option.
Skip unixInit-3* test on musl
(From OE-Core rev: a70f9039259d7d38c5a3e50f7003d3228d1ab692)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit fa66f1cee2d88c2276442e8b4aaeccde5490f9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add CVE-2023-51767 to CVE_CHECK_IGNORE to avoid in cve-check reports
as upstream does not consider CVE-2023-51767 a bug underlying in
OpenSSH and does not intent to address it in OpenSSH.
(From OE-Core rev: de4186610335201c69d8952d605bb291f4a7427c)
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Sana Kazi <sana.kazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.
(From OE-Core rev: 8df158f39f1eed1e3ae88ddf935c67e067b72525)
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Typo prevents cupsd to start correctly with following error:
Unable to read "/etc/cups/cupsd.conf" due to errors.
Using `/usr/sbin/cupsd -t` to check the configuration:
Unknown authorization type Defaul on line 77 of /etc/cups/cupsd.conf.
Unknown Policy Limit directive AuthType on line 77 of /etc/cups/cupsd.conf.
(From OE-Core rev: eab100205bc5cdffc5ccc7752e1ee5abd9ebb58a)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Try to particularly emphasize that it can be used to find
out why something rebuilds when it shouldn't.
(From yocto-docs rev: 1cd543e62e8f1b65e65108d919c2f481001e044c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The documentation of the variable SPDX_NAMESPACE_PREFIX does not exist.
This variable is used to change the prefix of some links in SPDX docs.
(From yocto-docs rev: 0055b7ea1cdf72359695e08fe6d2ca9a405fba51)
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
According to errors reported by "make stylecheck"
(From yocto-docs rev: b3aaf4523190f7528d49c29a9aea234bb1647eae)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* this is often confused to apply for e.g. meta-oe as well
where it doesn't apply as meta-oe has own ML mentioned
in README.
(From yocto-docs rev: 98102408fe5468529e040a138f09c8fbc5fe065a)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Allowing to remove nested parentheses in the text!
(From yocto-docs rev: a0ba062f8b31426f80ccd760e29b054405ee2a8e)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Instead of "manpage(s)" or "man page(s)".
To address one of the errors reported by "make stylecheck"
(From yocto-docs rev: f6e69f8877d1d33200993f21b448e7fa3cf7859b)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Plus a few text styling improvements, some reported by "make stylecheck"
(From yocto-docs rev: ce0e83716197773d8eae0c2f0edc1cf290ebd60f)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Use the "Vale" (https://vale.sh) tool to perform text style checks
Run "make stylecheck" to run the checks.
This just checks the text, not the Sphinx syntax style choices.
(From yocto-docs rev: e3e4ba2aa963d4d178c4e9e842e66f4ee4bd3736)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
