mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-03 05:49:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,992 Commits 38 Branches 619 Tags
2fa8edea5a7842beaa77f6e0bc90e57230275967
Commit Graph

42806 Commits

Author SHA1 Message Date
Chee Yang Lee
2fa8edea5a go: fix and ignore several CVEs 
backport fixes:
CVE-2021-27918
CVE-2021-36221
CVE-2021-39293
CVE-2021-41771

ignore:
CVE-2022-29526
CVE-2022-30634

(From OE-Core rev: ddb09ccc3caebbd3cf643bb3bb3c198845050c69)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 18:41:14 +01:00
Chee Yang Lee
e49990f01e gst-plugins-good: fix several CVE 
backport fix for:
CVE-2022-1920
CVE-2022-1921
CVE-2022-1922
CVE-2022-1923
CVE-2022-1924
CVE-2022-1925
CVE-2022-2122

also set ignore at gstreamer1.0_1.16.3.bb

(From OE-Core rev: c852d3e6742fe82b9f4ec84b077d6e1b0bfd021e)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 18:41:13 +01:00
Florin Diaconescu
aa19c8c35e binutils : CVE-2022-38533 
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

(From OE-Core rev: 2cf26e2e5a83d2b2efd01de34c11da07eeb9c8f9)

Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com
a69227932f systemd: Add 'no-dns-fallback' PACKAGECONFIG option 
systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then adding that value to systemd's PACKAGECONFIG, the output from
runtime 'resolvectl status' command no longer contains the following
line:

  Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

(From OE-Core rev: 2b300d6b9ec6288a99d9dacb24a86949caf99e55)

(From OE-Core rev: 834ccad676b3d8d58d1a66bbe813a331599435b4)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com
a14af03441 systemd: Fix unwritable /var/lock when no sysvinit handling 
Commit 8089cefed8 ("systemd: Add
PACKAGECONFIG for sysvinit") decoupled enabling of systemd's sysvinit
handling behavior behind a distinct PACKAGECONFIG feature.

This new option affects among other things the installing of
tmpfiles.d/legacy.conf, which is responsible for creating /run/lock
directory, which is pointed to by /var/lock symlink provided by
base-files package.

In case the option is not enabled, then base-files provided /var/lock
is a dangling symlink on resulting rootfs, causing problems with
certain Linux userspace components that rely on existence of writable
/var/lock directory. As an example:

  # fw_printenv
  Error opening lock file /var/lock/fw_printenv.lock

Since Filesystem Hierarchy Standard Version 3.0 states in
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s09.html that

  Lock files should be stored within the /var/lock directory structure.

Ensure the /run/lock directory is always created, so that lock files
can be stored under /var/lock also when 'sysvinit' handling is
disabled.

(From OE-Core rev: 85e5ee2c35cf5778c3aefda45f526e8f6a511131)

(From OE-Core rev: b8aa4d53b636bec55ad0ff4de764222662647859)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Chee Yang Lee
0781ad69b8 virglrenderer: fix CVE-2022-0135 
(From OE-Core rev: 5eea0b24c6fcd90aab0737c7a3f7431535a02890)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Chee Yang Lee
9ca32cf9ab gnutls: fix CVE-2021-4209 
(From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Chee Yang Lee
459d081bf8 connman: fix CVE-2022-32292 
(From OE-Core rev: 380b6fb2583f875aad0cb28c91b1531e63eb2eeb)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Yi Zhao
5e7c237200 tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-1354
https://security-tracker.debian.org/tracker/CVE-2022-1354

https://nvd.nist.gov/vuln/detail/CVE-2022-1355
https://security-tracker.debian.org/tracker/CVE-2022-1355

Patches from:

CVE-2022-1354:
87f580f390

CVE-2022-1355:
c1ae29f9eb

(From OE-Core rev: 6c373c041f1dd45458866408d1ca16d47cacbd86)

(From OE-Core rev: 8414d39f3f89cc1176bd55c9455ad942db8ea4b1)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Virendra Thakur
a98b309fe2 tiff: Fix for CVE-2022-2867/8/9 
Add Patch to fix CVE-2022-2867, CVE-2022-2868
CVE-2022-2869

(From OE-Core rev: 67df7488bf66183ffdb9f497f00ad291b79210d3)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Khan@kpit.com
b9c73d6591 python3: Fix CVE-2021-28861 for python3 
Add patch to fix CVE-2021-28861

CVE-2021-28861.patch
Link: 4dc2cae3ab

(From OE-Core rev: cbf57b25c78ea9d56863d9546b51fc2c88adb8cf)

Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-16 17:53:28 +01:00
Richard Purdie
0566db5c82 vim: Upgrade 9.0.0242 -> 9.0.0341 
Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

(From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:52 +01:00
Ross Burton
0bee2e95b7 cve-check: close cursors as soon as possible 
We can have multiple processes reading the database at the same time, and
cursors only release their locks when they're garbage collected.

This might be the cause of random sqlite errors on the autobuilder, so
explicitly close the cursors when we're done with them.

(From OE-Core rev: 48742ddf4d0acd419c8ffb8f22124ed525efc2d9)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:52 +01:00
Joshua Watt
7ba4ed6f5f classes: cve-check: Get shared database lock 
The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.

[YOCTO #14899]

(From OE-Core rev: 374dd13db2c4fa92793f12c93d68d09304f77c17)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:52 +01:00
Ranjitsinh Rathod
85637f30f3 libarchive: Fix CVE-2021-31566 issue 
Add patch to fix CVE-2021-31566 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

(From OE-Core rev: 7028803d7d10c0b041a7bda16f9d9261f220459f)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:51 +01:00
Ranjitsinh Rathod
a5de603a1b libarchive: Fix CVE-2021-23177 issue 
Add patch to fix CVE-2021-23177 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

(From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:51 +01:00
Robert Joslyn
8f4bbd9359 curl: Backport patch for CVE-2022-35252 
https://curl.se/docs/CVE-2022-35252.html

(From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:51 +01:00
Hitendra Prajapati
d24759196a sqlite: CVE-2022-35737 assertion failure 
Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
	 CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.

(From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:51 +01:00
Anuj Mittal
e576212d25 cryptodev-module: fix build with 5.11+ kernels 
Backport patch to fix:

| cryptodev-module/1.10-r0/git/ioctl.c:875:4: error: implicit declaration of function 'ksys_close'; did you mean 'ksys_chown'? [-Werror=implicit-function-declaration]
|   875 |    ksys_close(fd);
|       |    ^~~~~~~~~~
|       |    ksys_chown
| cc1: some warnings being treated as errors

(From OE-Core rev: 653b03aa6fc8effd3b2215a7a0ba005979e78e9f)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Bruce Ashfield
b16301db9a linux-yocto/5.4: update to v5.4.210 
Updating  to the latest korg -stable release that comprises
the following commits:

    de0cd3ea700d Linux 5.4.210
    b58882c69f66 x86/speculation: Add LFENCE to RSB fill sequence
    f2f41ef0352d x86/speculation: Add RSB VM Exit protections
    3a0ef79c6abe macintosh/adb: fix oob read in do_adb_query() function
    54e1abbe8560 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    17c2356e467f selftests: KVM: Handle compiler optimizations in ucall
    170465715a60 KVM: Don't null dereference ops->destroy
    6098562ed9df selftests/bpf: Fix "dubious pointer arithmetic" test
    6a9b3f0f3bad selftests/bpf: Fix test_align verifier log patterns
    9d6f67365d9c bpf: Test_verifier, #70 error message updates for 32-bit right shift
    751f05bc6f95 selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    7c1134c7da99 bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    a8ba72bbeda5 ACPI: APEI: Better fix to avoid spamming the console with old error logs
    fa829bd4af43 ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    8ed6e5c5e23c ACPI: video: Force backlight native for some TongFang devices
    828f4c31684d thermal: Fix NULL pointer dereferences in of_thermal_ functions

(From OE-Core rev: 2663435831c0ef953fb7fe6c883f42cf0c86ae43)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Alexander Kanavin
beda483705 wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 
(From OE-Core rev: 8b69eafa5c624dfc169ee11ced685847332437fa)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 75386480abd1660a50c79d5987b77ccc43295511)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Alexander Kanavin
3d435421bc tzdata: upgrade 2022a -> 2022b 
(From OE-Core rev: b0a0abbcc5e631e693b9e896bd0fc9b9432dd297)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Alexander Kanavin
c4692956ea mobile-broadband-provider-info: upgrade 20220511 -> 20220725 
(From OE-Core rev: 5dd5130f9b13212a4f5e8b075ae1ecda868c5f28)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96185dac787e14fa9eb77d009653a2fd4d926e3f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Richard Purdie
1cf135da98 vim: Upgrade 9.0.0115 -> 9.0.0242 
Includes fixes for:

CVE-2022-2816
CVE-2022-2817
CVE-2022-2819
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2889

(From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Ernst Sjöstrand
fb9e6d51d4 cve-check: Don't use f-strings 
Since we're keeping cve-check aligned between the active branches,
and dunfell is supported on Python 3.5, we can't use f-strings.

(From OE-Core rev: 4cc681fd66031c8355f69e53443536b31377eba9)

Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1821cf7464cbba521b55a9c128fe8812c0cc5eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Pawan Badganchi
211a3fd4db libxml2: Add fix for CVE-2016-3709 
Add below patch to fix CVE-2016-3709

CVE-2016-3709.patch
Link: c1ba6f54d3

(From OE-Core rev: b9312041e4c8d565ad1e1102f8634bcc913adfa7)

Signed-off-by: Pawan Badganchi<pawan.badganchi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Hitendra Prajapati
964b78a02d golang: CVE-2022-32189 a denial of service 
Source: https://github.com/golang/go
MR: 120634
Type: Security Fix
Disposition: Backport from 703c8ab7e5
ChangeID: 3ade323dd52a6b654358f6738a0b3411ccc6d3f8
Description:
	CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.

(From OE-Core rev: 9b3420c9a91059eb55754078bb1e733972e94489)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Hitendra Prajapati
1a1eceee49 golang: fix CVE-2022-30635 and CVE-2022-32148 
Source: https://github.com/golang/go
MR: 120628, 120631
Type: Security Fix
Disposition: Backport from ed2f33e1a7 && ed2f33e1a7
ChangeID: fbd8d61bdc2e9cb0cdbe9879e02aed218ee93dbe
Description:
Fixed CVE:
	1. CVE-2022-30635
	2. CVE-2022-32148

(From OE-Core rev: 2c4fb77f417464d9cd40f0ebd8cc52e6e6ca689e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Hitendra Prajapati
7d67a61029 golang: fix CVE-2022-30632 and CVE-2022-30633 
Source: https://github.com/golang/go
MR: 120622, 120625
Type: Security Fix
Disposition: Backport from 76f8b7304d && 2678d0c957
ChangeID: aabb29a6dd6a89842f451c95af228aaf66e58bb5
Description:
Fixed CVE:
	1. CVE-2022-30632
	2. CVE-2022-30633

(From OE-Core rev: 9ffaae887743d77839fb758657b1dec71a9b8880)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Hitendra Prajapati
8bc3443c08 golang: fix CVE-2022-30629 and CVE-2022-30631 
Source: https://github.com/golang/go
MR: 120613, 120613
Type: Security Fix
Disposition: Backport from c15a8e2dbb && 0117dee7dc
ChangeID: 366db775dec045d7b312b8da0436af36ab322046
Description:
Fixed CVE:
	1. CVE-2022-30629
	2. CVE-2022-30631

(From OE-Core rev: 6813a265c7c21e24636d07a6a8df16ef0cf7da50)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Hitendra Prajapati
dea6f2c847 libtiff: CVE-2022-34526 A stack overflow was discovered 
Source: https://gitlab.com/libtiff/libtiff
MR: 120545
Type: Security Fix
Disposition: Backport from 275735d035
ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387
Description:
          CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit.

(From OE-Core rev: 462d4a55a460c60a7b8c36fe3899e66f13835761)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-03 13:10:37 +01:00
Richard Purdie
4aad5914ef build-appliance-image: Update to dunfell head revision 
(From OE-Core rev: a3cba15142e98177119ef36c09f553d09acf35ef)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 16:07:08 +01:00
Shruthi Ravichandran
1fc880e165 initscripts: run umountnfs as a KILL script 
`rc` runs all the KILL scripts in a runlevel before the START scripts.
The umountnfs script is currently configured as a START script, and
runs after the networking KILL script. During shutdown, this causes a
~3 minute timeout after networking is shutdown when the system tries
to connect to and unmount any mounted network shares.
Fix this by changing the script configuration to "stop" so that it can
run before networking is stopped and unmount any network shares
safely.

(From OE-Core rev: e59c72d570102d72786e44c8ace69fd4d0e8e5ef)

Signed-off-by: Shruthi Ravichandran <shruthi.ravichandran@ni.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c419bd4537756e9f6c2fe6da3a9b798526e27eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:49 +01:00
Ming Liu
9243169d4f rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} 
This is to ensure host-user-contaminated.txt would be removed before
do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a
host-user-contaminated.txt file that generated from previous builds
could be used which is wrong.

(From OE-Core rev: 06cfa8be54c9aee23bd8570a370a974b463a0a1a)

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:49 +01:00
Pascal Bach
f97bd9abe6 bin_package: install into base_prefix 
This makes the bin_package.bbclass work properly with the native class.

(From OE-Core rev: 0bf78a8e0e1cf7e74b55aca4db0e62dd9dfa55ce)

Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad330b6d4b6e2ba051b5c6c437e07a183831f757)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:49 +01:00
Richard Purdie
59180eb474 kernel-arch: Fix buildpaths leaking into external module compiles 
Building external kernel modules like lttng-modules was showing build paths
inside the debug symbols for the modules and breaking build reproducibility.

Fix this by adding in the mapping needed to map the kernel build directory
to something more approriate on target.

(From OE-Core rev: c4d8834ed3d200f25f12fec8acfa2b954f3240e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b56dc9009ba93174de6bf4c01e17808ef249dc5c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:49 +01:00
Dmitry Baryshkov
2340b1dbb9 linux-firwmare: restore WHENCE_CHKSUM variable 
Restore WHENCE_CHKSUM variable which is used to hold the WHENCE file
checksum. It is necessary to allow easily overriding it from local.conf
if the devupstream version is selected:

PREFERRED_VERSION_linux-firmware = "1:20220708+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "abf1077491eeb261ecdcb680a34fc059"

Without the WHENCE_CHECKSUM one would need to manually patch the
LIC_FILES_CHKSUM variable to change the checksum of WHENC (e.g. using
the anonymous python function or remove expression).

(From OE-Core rev: ba997f02b2cb86aeaa308873727a9280d1f88b5b)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 554be2af1e0a03a2d23032d48afbbe0913a45409)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:49 +01:00
Alexander Kanavin
0b85e5d610 linux-firmware: update 20220610 -> 20220708 
License-Update: a few obsolete firmware were dropped
(particularly i2400m and tda7706), file list updates.

(From OE-Core rev: a151460d9234d6cd0bd1920c48aff8c78454931a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e89fb37e13fcb832ee7d35e7d92d45eaca20689e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:49 +01:00
Randy MacLeod
ef2da8f28e vim: update from 9.0.0063 to 9.0.0115 
Drop crosscompile.patch which was merged as part of:
   509695c1c (tag: v9.0.0065) patch 9.0.0065: \
      cross-compiling doesn't work because of timer_create check

Also drop: racefix.patch which may have been fixed upstream
and is being tracked by:
   https://github.com/vim/vim/pull/10776
where upstream is asking if the different approach resolves the
race condition. Let's see what's out there!

(From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35)

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:48 +01:00
Richard Purdie
5373e681cf vim: Upgrade 9.0.0021 -> 9.0.0063 
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.

Change from master commit: we also disable timer_create in the target case
since the function isn't available in our glibc.

(From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:48 +01:00
Hitendra Prajapati
98dd6e4cac zlib: CVE-2022-37434 a heap-based buffer over-read 
Source: https://github.com/madler/zlib
MR: 120531
Type: Security Fix
Disposition: Backport from eff308af42 & 1eb7682f84
ChangeID: 364c17d74213c64fe40b9b37ee78aa172ff93acf
Description:
          CVE-2022-37434 zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

(From OE-Core rev: 10ed7cf347d9e73b29e4a3f6ef77e0a4b08e350b)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:48 +01:00
Hitendra Prajapati
ae4acc9f81 gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify 
Source: https://gitlab.com/gnutls/gnutls
MR: 120421
Type: Security Fix
Disposition: Backport from ce37f9eb26
ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5
Description:
          CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify.

(From OE-Core rev: 4cac37913d08f433668778e788f01e009dbb94bd)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:48 +01:00
Hitendra Prajapati
cfd2eaa0e1 qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write 
Source: https://git.qemu.org/?p=qemu.git;
MR: 107558
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
ChangeID: c5d25422f43edb7d8728118eb482eba09474ef2c
Description:
          CVE-2020-27821 qemu: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c.

(From OE-Core rev: 198bd53bdc77d2b01dae19993bde79f03f4dd02c)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-22 14:29:48 +01:00
Jose Quaresma
5b956ef359 gstreamer1.0: use the correct meson option for the capabilities 
(From OE-Core rev: ac6ea1a96645d2a4dd54660256603f0b191bb4d3)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baeab0f51ecc19fb85101c4bd472f0650231d0de)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00
Martin Jansa
54846f581e libxml2: Port gentest.py to Python-3 
* but it still won't work well on hosts without libxml2, make
  sure to use pre-generated testapi.c in do_compile_ptest

* this is reproducible with SOURCE_DATE_EPOCH set to 0 which
  e.g. meta-updater still sets by default for DISTROs which
  use it :(, see https://github.com/uptane/meta-updater/pull/35

(From OE-Core rev: 2f78dbcb300e7deae6cf39263e874ee8776d7a7b)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00
Steve Sakoman
b361f2a931 selftest: skip virgl test on fedora 36 
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 33d006ed8d93ea4c185d6b28a72b2d252fbb5ae1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00
Alex Kiernan
0c3dfb682d openssh: Add openssh-sftp-server to openssh RDEPENDS 
OpenSSH 9.0 uses sftp by default as the transport for scp, add in
sftp-server so that this works as expected for users, rather than being
left with a confusing "scp: Connection closed" message.

(From OE-Core rev: 788e2c6bccc58e5a88b33fa91ea3c3ffec7611ca)

Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be61b9dac78f0d85c870a0d8304fb4b536ec4bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00
Khem Raj
7c7fc0de71 libmodule-build-perl: Use env utility to find perl interpreter 
Fixes
ERROR: QA Issue: : /work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/sysroot-destdir/work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/recipe-sysroot-native/usr/bin/config_data maximum shebang size exceeded, the maximum size is 128. [shebang-size]

(From OE-Core rev: f11ed8c8fd78b88a50f382df419afff6ccde02a0)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54ecb2d3f2523293383103cbe590ebdd037ee483)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00
Richard Purdie
354f571f61 insane: Fix buildpaths test to work with special devices 
If enabled, the buildpaths test hangs in psplash as it tries to open
a fifo and read from it, hanging indefinitely.

Tweak the test to ignore fifo/socket/device files.

(From OE-Core rev: 0106c6a629d0a9f07d76ffaad2dc92e48021e1b0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2567edb7e0a8c5ca9a88d6940491bf33bfe0eff9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00
Bruce Ashfield
883102b9b8 linux-yocto/5.4: update to v5.4.209 
Updating  to the latest korg -stable release that comprises
the following commits:

    8d8935e76f6f Linux 5.4.209
    0b0088e47587 scsi: core: Fix race between handling STS_RESOURCE and completion
    85fe8623f061 mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
    d5a596c148b3 ARM: crypto: comment out gcc warning that breaks clang builds
    8d6dab81ee3d sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    a49282eca8ab sfc: disable softirqs for ptp TX
    7799f742f24b perf symbol: Correct address for bss symbols
    388b3f14ff60 virtio-net: fix the race between refill work and close
    52be29e8b645 netfilter: nf_queue: do not allow packet truncation below transport header offset
    8e0ed463dbd5 sctp: fix sleep in atomic context bug in timer handlers
    bc135e464dee i40e: Fix interface init with MSI interrupts (no MSI-X)
    46462e26e65f tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    d42f68a9ceb4 tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    c2b57a4d3ff6 Documentation: fix sctp_wmem in ip-sysctl.rst
    2d30375343b6 tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    5d235c2fc295 tcp: Fix a data-race around sysctl_tcp_autocorking.
    e02c7ee5a430 tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    558a2949608f tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    fb200869eabe net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    e20dd1b0e0ea igmp: Fix data-races around sysctl_igmp_qrv.
    73e5a0b59129 ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    421e5dd1f12e net: ping6: Fix memleak in ipv6_renew_options().
    3d492b008b3d tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    dfdc635d55f9 tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    d62e255ecc33 scsi: ufs: host: Hold reference returned by of_parse_phandle()
    b1343528c7ae ice: do not setup vlan for loopback VSI
    15d019860159 ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    cd23a2ad7b7c tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    f9a03fd8ed31 tcp: Fix a data-race around sysctl_tcp_frto.
    3be498bcf6ea tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    f4b83df01105 tcp: Fix a data-race around sysctl_tcp_app_win.
    f240d0cad26c tcp: Fix data-races around sysctl_tcp_dsack.
    b9f937d3d54d s390/archrandom: prevent CPACF trng invocations in interrupt context
    911904c577e0 ntfs: fix use-after-free in ntfs_ucsncmp()
    098e07ef0059 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put

(From OE-Core rev: bd55001d9f895c7d52fedc7d1d2eb7b2ad7032b1)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-08-18 17:52:23 +01:00