mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-04-30 21:32:13 +02:00

Author	SHA1	Message	Date
Virendra Thakur	2fef664dd9	expat: Fix CVE-2022-40674 Add patch file to fix CVE-2022-40674 Link: `4a32da87e9` (From OE-Core rev: 4efa4490becea956a62d45e1476f7b602be53eee) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Sana Kazi	915a752d37	sqlite3: Fix CVE-2021-20223 Fix CVE-2021-20223 for sqlite3 Link: `d1d43efa4f`.patch (From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84) Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Lee Chee Yang	a8ee7ba022	subversion: fix CVE-2021-28544 (From OE-Core rev: 7fdd4d2dc019071525349fbb153e2e80f6583217) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Richard Purdie	f9a63709b0	qemu: Add PACKAGECONFIG for brlapi (From OE-Core rev: f547c9610f8c17c3da9ca3f7a79902d2ffbfca49) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 482471a617e5f682416b7ec1a920dfaeac65f1a3) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Andrei Gherzan	9cc9232e31	qemu: Define libnfs PACKAGECONFIG The upstream qemu recipe uses host's pkg-config files as a solution to detecting host's SDL. This has a side effect of using other host libraries that are later queried by the configure script. This can get into a situation when the host provides libnfs (for example) and because later this dependency is not in place anymore, qemu will fail at runtime. This change adds a PACKAGECONFIG definition for libnfs that is disabled by default, in turn disabling the pkgconfig autodetection in configure. (From OE-Core rev: 9badcf0261f6b735d65a5498bb8fbb9979d7a07f) Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 42b364a25fdbc987c85dd46b8427045033924d99) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Chee Yang Lee	b44d209043	qemu: fix and ignore several CVEs backport fixes: CVE-2020-13754, backport patches as debian security tracker notes https://security-tracker.debian.org/tracker/CVE-2020-13754 CVE-2021-3713 CVE-2021-3748 CVE-2021-3930 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216, does not include qtest in patches, the qtest code were not available in v4.2. Ignore: CVE-2020-27661, issue introduced in v5.1.0-rc0 https://security-tracker.debian.org/tracker/CVE-2020-27661 (From OE-Core rev: 16a6e8530c4820f070973a1b4d64764c20706087) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Hitendra Prajapati	20087e04b3	connman: CVE-2022-32293 man-in-the-middle attack against a WISPR HTTP Source: https://git.kernel.org/pub/scm/network/connman/connman.git/ MR: 120508 Type: Security Fix Disposition: Backport from https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a ChangeID: 1583badc6de6bb8a7f63c06749b90b97caab5cdf Description: CVE-2022-32293 connman: man-in-the-middle attack against a WISPR HTTP. (From OE-Core rev: 86334559e3dcf30e07e2a10a58bbe40a2e8cc887) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Virendra Thakur	10c6b704c0	sqlite3: Fix CVE-2020-35527 Add patch file to fix CVE-2020-35527 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Virendra Thakur	8b52687223	sqlite3: Fix CVE-2020-35525 Add patch to fix CVE-2020-35525 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Richard Purdie	537de1798b	vim: Upgrade 9.0.0341 -> 9.0.0453 Includes fixes for CVE-2022-3099 and CVE-2022-3134. (From OE-Core rev: 46ba253059738dbd4de4bc7a7ac02a2585c498f5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d042923262130b6b96f703b5cd4184f659caeb92) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 18:41:14 +01:00
Chee Yang Lee	2fa8edea5a	go: fix and ignore several CVEs backport fixes: CVE-2021-27918 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 ignore: CVE-2022-29526 CVE-2022-30634 (From OE-Core rev: ddb09ccc3caebbd3cf643bb3bb3c198845050c69) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 18:41:14 +01:00
Chee Yang Lee	e49990f01e	gst-plugins-good: fix several CVE backport fix for: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 also set ignore at gstreamer1.0_1.16.3.bb (From OE-Core rev: c852d3e6742fe82b9f4ec84b077d6e1b0bfd021e) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 18:41:13 +01:00
Florin Diaconescu	aa19c8c35e	binutils : CVE-2022-38533 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] (From OE-Core rev: 2cf26e2e5a83d2b2efd01de34c11da07eeb9c8f9) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com	a69227932f	systemd: Add 'no-dns-fallback' PACKAGECONFIG option systemd defines a default set of fallback DNS servers in https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330 By adding a PACKAGECONFIG knob providing a convenient way to opt out, and then adding that value to systemd's PACKAGECONFIG, the output from runtime 'resolvectl status' command no longer contains the following line: Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google (From OE-Core rev: 2b300d6b9ec6288a99d9dacb24a86949caf99e55) (From OE-Core rev: 834ccad676b3d8d58d1a66bbe813a331599435b4) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com	a14af03441	systemd: Fix unwritable /var/lock when no sysvinit handling Commit `8089cefed8` ("systemd: Add PACKAGECONFIG for sysvinit") decoupled enabling of systemd's sysvinit handling behavior behind a distinct PACKAGECONFIG feature. This new option affects among other things the installing of tmpfiles.d/legacy.conf, which is responsible for creating /run/lock directory, which is pointed to by /var/lock symlink provided by base-files package. In case the option is not enabled, then base-files provided /var/lock is a dangling symlink on resulting rootfs, causing problems with certain Linux userspace components that rely on existence of writable /var/lock directory. As an example: # fw_printenv Error opening lock file /var/lock/fw_printenv.lock Since Filesystem Hierarchy Standard Version 3.0 states in https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s09.html that Lock files should be stored within the /var/lock directory structure. Ensure the /run/lock directory is always created, so that lock files can be stored under /var/lock also when 'sysvinit' handling is disabled. (From OE-Core rev: 85e5ee2c35cf5778c3aefda45f526e8f6a511131) (From OE-Core rev: b8aa4d53b636bec55ad0ff4de764222662647859) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Chee Yang Lee	0781ad69b8	virglrenderer: fix CVE-2022-0135 (From OE-Core rev: 5eea0b24c6fcd90aab0737c7a3f7431535a02890) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Chee Yang Lee	9ca32cf9ab	gnutls: fix CVE-2021-4209 (From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Chee Yang Lee	459d081bf8	connman: fix CVE-2022-32292 (From OE-Core rev: 380b6fb2583f875aad0cb28c91b1531e63eb2eeb) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Yi Zhao	5e7c237200	tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 References: https://nvd.nist.gov/vuln/detail/CVE-2022-1354 https://security-tracker.debian.org/tracker/CVE-2022-1354 https://nvd.nist.gov/vuln/detail/CVE-2022-1355 https://security-tracker.debian.org/tracker/CVE-2022-1355 Patches from: CVE-2022-1354: `87f580f390` CVE-2022-1355: `c1ae29f9eb` (From OE-Core rev: 6c373c041f1dd45458866408d1ca16d47cacbd86) (From OE-Core rev: 8414d39f3f89cc1176bd55c9455ad942db8ea4b1) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Virendra Thakur	a98b309fe2	tiff: Fix for CVE-2022-2867/8/9 Add Patch to fix CVE-2022-2867, CVE-2022-2868 CVE-2022-2869 (From OE-Core rev: 67df7488bf66183ffdb9f497f00ad291b79210d3) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Khan@kpit.com	b9c73d6591	python3: Fix CVE-2021-28861 for python3 Add patch to fix CVE-2021-28861 CVE-2021-28861.patch Link: `4dc2cae3ab` (From OE-Core rev: cbf57b25c78ea9d56863d9546b51fc2c88adb8cf) Signed-off-by: Riyaz Khan <rak3033@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Richard Purdie	0566db5c82	vim: Upgrade 9.0.0242 -> 9.0.0341 Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982. (From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:52 +01:00
Ross Burton	0bee2e95b7	cve-check: close cursors as soon as possible We can have multiple processes reading the database at the same time, and cursors only release their locks when they're garbage collected. This might be the cause of random sqlite errors on the autobuilder, so explicitly close the cursors when we're done with them. (From OE-Core rev: 48742ddf4d0acd419c8ffb8f22124ed525efc2d9) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:52 +01:00
Joshua Watt	7ba4ed6f5f	classes: cve-check: Get shared database lock The CVE check database needs to have a shared lock acquired on it before it is accessed. This to prevent cve-update-db-native from deleting the database file out from underneath it. [YOCTO #14899] (From OE-Core rev: 374dd13db2c4fa92793f12c93d68d09304f77c17) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:52 +01:00
Ranjitsinh Rathod	85637f30f3	libarchive: Fix CVE-2021-31566 issue Add patch to fix CVE-2021-31566 issue for libarchive Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz (From OE-Core rev: 7028803d7d10c0b041a7bda16f9d9261f220459f) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +01:00
Ranjitsinh Rathod	a5de603a1b	libarchive: Fix CVE-2021-23177 issue Add patch to fix CVE-2021-23177 issue for libarchive Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz (From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +01:00
Robert Joslyn	8f4bbd9359	curl: Backport patch for CVE-2022-35252 https://curl.se/docs/CVE-2022-35252.html (From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +01:00
Hitendra Prajapati	d24759196a	sqlite: CVE-2022-35737 assertion failure Source: https://www.sqlite.org/ MR: 120541 Type: Security Fix Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7 ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda Description: CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4. (From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +01:00
Anuj Mittal	e576212d25	cryptodev-module: fix build with 5.11+ kernels Backport patch to fix: \| cryptodev-module/1.10-r0/git/ioctl.c:875:4: error: implicit declaration of function 'ksys_close'; did you mean 'ksys_chown'? [-Werror=implicit-function-declaration] \| 875 \| ksys_close(fd); \| \| ^~~~~~~~~~ \| \| ksys_chown \| cc1: some warnings being treated as errors (From OE-Core rev: 653b03aa6fc8effd3b2215a7a0ba005979e78e9f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Bruce Ashfield	b16301db9a	linux-yocto/5.4: update to v5.4.210 Updating to the latest korg -stable release that comprises the following commits: de0cd3ea700d Linux 5.4.210 b58882c69f66 x86/speculation: Add LFENCE to RSB fill sequence f2f41ef0352d x86/speculation: Add RSB VM Exit protections 3a0ef79c6abe macintosh/adb: fix oob read in do_adb_query() function 54e1abbe8560 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls 17c2356e467f selftests: KVM: Handle compiler optimizations in ucall 170465715a60 KVM: Don't null dereference ops->destroy 6098562ed9df selftests/bpf: Fix "dubious pointer arithmetic" test 6a9b3f0f3bad selftests/bpf: Fix test_align verifier log patterns 9d6f67365d9c bpf: Test_verifier, #70 error message updates for 32-bit right shift 751f05bc6f95 selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads 7c1134c7da99 bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() a8ba72bbeda5 ACPI: APEI: Better fix to avoid spamming the console with old error logs fa829bd4af43 ACPI: video: Shortening quirk list by identifying Clevo by board_name only 8ed6e5c5e23c ACPI: video: Force backlight native for some TongFang devices 828f4c31684d thermal: Fix NULL pointer dereferences in of_thermal_ functions (From OE-Core rev: 2663435831c0ef953fb7fe6c883f42cf0c86ae43) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Alexander Kanavin	beda483705	wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 (From OE-Core rev: 8b69eafa5c624dfc169ee11ced685847332437fa) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 75386480abd1660a50c79d5987b77ccc43295511) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Alexander Kanavin	3d435421bc	tzdata: upgrade 2022a -> 2022b (From OE-Core rev: b0a0abbcc5e631e693b9e896bd0fc9b9432dd297) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Alexander Kanavin	c4692956ea	mobile-broadband-provider-info: upgrade 20220511 -> 20220725 (From OE-Core rev: 5dd5130f9b13212a4f5e8b075ae1ecda868c5f28) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 96185dac787e14fa9eb77d009653a2fd4d926e3f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Richard Purdie	1cf135da98	vim: Upgrade 9.0.0115 -> 9.0.0242 Includes fixes for: CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 (From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Ernst Sjöstrand	fb9e6d51d4	cve-check: Don't use f-strings Since we're keeping cve-check aligned between the active branches, and dunfell is supported on Python 3.5, we can't use f-strings. (From OE-Core rev: 4cc681fd66031c8355f69e53443536b31377eba9) Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1821cf7464cbba521b55a9c128fe8812c0cc5eca) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Pawan Badganchi	211a3fd4db	libxml2: Add fix for CVE-2016-3709 Add below patch to fix CVE-2016-3709 CVE-2016-3709.patch Link: `c1ba6f54d3` (From OE-Core rev: b9312041e4c8d565ad1e1102f8634bcc913adfa7) Signed-off-by: Pawan Badganchi<pawan.badganchi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Hitendra Prajapati	964b78a02d	golang: CVE-2022-32189 a denial of service Source: https://github.com/golang/go MR: 120634 Type: Security Fix Disposition: Backport from `703c8ab7e5` ChangeID: 3ade323dd52a6b654358f6738a0b3411ccc6d3f8 Description: CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service. (From OE-Core rev: 9b3420c9a91059eb55754078bb1e733972e94489) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Hitendra Prajapati	1a1eceee49	golang: fix CVE-2022-30635 and CVE-2022-32148 Source: https://github.com/golang/go MR: 120628, 120631 Type: Security Fix Disposition: Backport from `ed2f33e1a7` && `ed2f33e1a7` ChangeID: fbd8d61bdc2e9cb0cdbe9879e02aed218ee93dbe Description: Fixed CVE: 1. CVE-2022-30635 2. CVE-2022-32148 (From OE-Core rev: 2c4fb77f417464d9cd40f0ebd8cc52e6e6ca689e) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Hitendra Prajapati	7d67a61029	golang: fix CVE-2022-30632 and CVE-2022-30633 Source: https://github.com/golang/go MR: 120622, 120625 Type: Security Fix Disposition: Backport from `76f8b7304d` && `2678d0c957` ChangeID: aabb29a6dd6a89842f451c95af228aaf66e58bb5 Description: Fixed CVE: 1. CVE-2022-30632 2. CVE-2022-30633 (From OE-Core rev: 9ffaae887743d77839fb758657b1dec71a9b8880) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Hitendra Prajapati	8bc3443c08	golang: fix CVE-2022-30629 and CVE-2022-30631 Source: https://github.com/golang/go MR: 120613, 120613 Type: Security Fix Disposition: Backport from `c15a8e2dbb` && `0117dee7dc` ChangeID: 366db775dec045d7b312b8da0436af36ab322046 Description: Fixed CVE: 1. CVE-2022-30629 2. CVE-2022-30631 (From OE-Core rev: 6813a265c7c21e24636d07a6a8df16ef0cf7da50) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Hitendra Prajapati	dea6f2c847	libtiff: CVE-2022-34526 A stack overflow was discovered Source: https://gitlab.com/libtiff/libtiff MR: 120545 Type: Security Fix Disposition: Backport from `275735d035` ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387 Description: CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit. (From OE-Core rev: 462d4a55a460c60a7b8c36fe3899e66f13835761) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Richard Purdie	4aad5914ef	build-appliance-image: Update to dunfell head revision (From OE-Core rev: a3cba15142e98177119ef36c09f553d09acf35ef) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 16:07:08 +01:00
Shruthi Ravichandran	1fc880e165	initscripts: run umountnfs as a KILL script `rc` runs all the KILL scripts in a runlevel before the START scripts. The umountnfs script is currently configured as a START script, and runs after the networking KILL script. During shutdown, this causes a ~3 minute timeout after networking is shutdown when the system tries to connect to and unmount any mounted network shares. Fix this by changing the script configuration to "stop" so that it can run before networking is stopped and unmount any network shares safely. (From OE-Core rev: e59c72d570102d72786e44c8ace69fd4d0e8e5ef) Signed-off-by: Shruthi Ravichandran <shruthi.ravichandran@ni.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c419bd4537756e9f6c2fe6da3a9b798526e27eca) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:49 +01:00
Ming Liu	9243169d4f	rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} This is to ensure host-user-contaminated.txt would be removed before do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a host-user-contaminated.txt file that generated from previous builds could be used which is wrong. (From OE-Core rev: 06cfa8be54c9aee23bd8570a370a974b463a0a1a) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:49 +01:00
Pascal Bach	f97bd9abe6	bin_package: install into base_prefix This makes the bin_package.bbclass work properly with the native class. (From OE-Core rev: 0bf78a8e0e1cf7e74b55aca4db0e62dd9dfa55ce) Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ad330b6d4b6e2ba051b5c6c437e07a183831f757) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:49 +01:00
Richard Purdie	59180eb474	kernel-arch: Fix buildpaths leaking into external module compiles Building external kernel modules like lttng-modules was showing build paths inside the debug symbols for the modules and breaking build reproducibility. Fix this by adding in the mapping needed to map the kernel build directory to something more approriate on target. (From OE-Core rev: c4d8834ed3d200f25f12fec8acfa2b954f3240e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b56dc9009ba93174de6bf4c01e17808ef249dc5c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:49 +01:00
Dmitry Baryshkov	2340b1dbb9	linux-firwmare: restore WHENCE_CHKSUM variable Restore WHENCE_CHKSUM variable which is used to hold the WHENCE file checksum. It is necessary to allow easily overriding it from local.conf if the devupstream version is selected: PREFERRED_VERSION_linux-firmware = "1:20220708+git%" SRCREV:class-devupstream = "${AUTOREV}" WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "abf1077491eeb261ecdcb680a34fc059" Without the WHENCE_CHECKSUM one would need to manually patch the LIC_FILES_CHKSUM variable to change the checksum of WHENC (e.g. using the anonymous python function or remove expression). (From OE-Core rev: ba997f02b2cb86aeaa308873727a9280d1f88b5b) Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 554be2af1e0a03a2d23032d48afbbe0913a45409) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:49 +01:00
Alexander Kanavin	0b85e5d610	linux-firmware: update 20220610 -> 20220708 License-Update: a few obsolete firmware were dropped (particularly i2400m and tda7706), file list updates. (From OE-Core rev: a151460d9234d6cd0bd1920c48aff8c78454931a) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e89fb37e13fcb832ee7d35e7d92d45eaca20689e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:49 +01:00
Randy MacLeod	ef2da8f28e	vim: update from 9.0.0063 to 9.0.0115 Drop crosscompile.patch which was merged as part of: 509695c1c (tag: v9.0.0065) patch 9.0.0065: \ cross-compiling doesn't work because of timer_create check Also drop: racefix.patch which may have been fixed upstream and is being tracked by: https://github.com/vim/vim/pull/10776 where upstream is asking if the different approach resolves the race condition. Let's see what's out there! (From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:48 +01:00
Richard Purdie	5373e681cf	vim: Upgrade 9.0.0021 -> 9.0.0063 Pulls in several CVE fixes. Added a patch to avoid timer_create cross compile issue (and submitted upstream). Also submit the race fix upstream. We disable timer_create in the native case since some systems have it and some don't so this makes us consistent. Change from master commit: we also disable timer_create in the target case since the function isn't available in our glibc. (From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:48 +01:00

1 2 3 4 5 ...

42816 Commits