Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
4410df70110f Linux 5.4.266
7d0f1fd80ad6 block: Don't invalidate pagecache for invalid falloc modes
a0678f504758 ring-buffer: Fix wake ups when buffer_percent is set to 100
508e2fdd978e smb: client: fix OOB in smbCalcSize()
644b956c946a usb: fotg210-hcd: delete an incorrect bounds test
a56a19e44b17 x86/alternatives: Sync core before enabling interrupts
4111986fb90e net: rfkill: gpio: set GPIO direction
5c375a83d1f9 net: 9p: avoid freeing uninit memory in p9pdu_vreadf
4e7f3899fb81 Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
a83debb52310 USB: serial: option: add Quectel RM500Q R13 firmware support
c82ba4cb44d1 USB: serial: option: add Foxconn T99W265 with new baseline
1f87ba56c43d USB: serial: option: add Quectel EG912Y module support
a59cb26bc188 USB: serial: ftdi_sio: update Actisense PIDs constant names
a70b1933fa54 wifi: cfg80211: fix certs build to not depend on file order
e8fb00205144 wifi: cfg80211: Add my certificate
8717fd6d0c30 iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()
45af72f149a8 iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table
4257c16c149d scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
e1b31edfe7d3 Input: ipaq-micro-keys - add error handling for devm_kmemdup
a85d6aa2b555 iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw
388c90c577d7 interconnect: Treat xlate() returning NULL node as an error
04c22233447d btrfs: do not allow non subvolume root targets for snapshot
3230a69e663b smb: client: fix NULL deref in asn1_ber_decoder()
0ccb39511a7f ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
6bcf819198d9 ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10
34e6c4c6a985 pinctrl: at91-pio4: use dedicated lock class for IRQ
624659563e26 i2c: aspeed: Handle the coalesced stop conditions with the start conditions.
47ae5242292d afs: Fix overwriting of result of DNS query
c04b7b28c9f0 net: check dev->gso_max_size in gso_features_check()
761ee09e9f5d net: warn if gso_type isn't set for a GSO SKB
eec7ef60d297 afs: Fix dynamic root lookup DNS check
82d64cbe487c afs: Fix the dynamic root's d_delete to always delete unused dentries
2b4600fb6967 net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
b10265532df7 net/rose: fix races in rose_kill_by_device()
ed4cb8a42ce9 ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
3f82a6a6d7ee net: sched: ife: fix potential use-after-free
f48e3337ab0b net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors
d07ef3a87064 net/mlx5: Fix fw tracer first block check
a46bb28fdbdf net/mlx5: improve some comments
333fd1095584 Revert "net/mlx5e: fix double free of encap_header"
7bd305f5f262 wifi: mac80211: mesh_plink: fix matches_local logic
76366b399a02 s390/vx: fix save/restore of fpu kernel context
f40d484e1614 reset: Fix crash when freeing non-existent optional resets
14d915ca5ae3 ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init
62ef5887dd45 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE
35e12efde04d ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
(From OE-Core rev: e0e46163ca061f71db3469bef90d0f44e16df77a)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating to the latest korg -stable release that comprises
the following commits:
16e6e107a688 Linux 5.4.264
06bcac5c5151 devcoredump: Send uevent once devcd is ready
c6a1282e530d devcoredump : Serialize devcd_del work
d99376b70247 smb: client: fix potential NULL deref in parse_dfs_referrals()
ab5813bb2071 cifs: Fix non-availability of dedup breaking generic/304
bdee8b2805b8 Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem"
dd9e851944aa tools headers UAPI: Sync linux/perf_event.h with the kernel sources
4a341627a109 drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
fe8402511ed8 psample: Require 'CAP_NET_ADMIN' when joining "packets" group
263bffd2b6aa genetlink: add CAP_NET_ADMIN test for multicast bind
a149fbadb9be netlink: don't call ->netlink_bind with table lock held
18824f592aad io_uring/af_unix: disable sending io_uring over sockets
32f4536c108f nilfs2: fix missing error check for sb_set_blocksize call
77a353924d8f KVM: s390/mm: Properly reset no-dat
1aee33d43d6c x86/CPU/AMD: Check vendor in the AMD microcode callback
3371eac21119 serial: 8250_omap: Add earlycon support for the AM654 UART controller
ce79cf407c64 serial: sc16is7xx: address RX timeout interrupt errata
d896c47f8cfc ARM: PL011: Fix DMA support
880b035bc64e usb: typec: class: fix typec_altmode_put_partner to put plugs
a9022cbdd0ae parport: Add support for Brainboxes IX/UC/PX parallel cards
fefc0559c58e usb: gadget: f_hid: fix report descriptor allocation
1796ae6a7a8c mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
a1f29e995fd7 mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
05918dec9a1e gpiolib: sysfs: Fix error handling on failed export
152f51d159f3 perf: Fix perf_event_validate_size()
84ca356ec859 perf/core: Add a new read format to get a number of lost samples
07bdb1bd2476 arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
6109859f6982 arm64: dts: mediatek: mt7622: fix memory node warning check
148d8f0707fa packet: Move reference count in packet_sock to atomic_long_t
965cbc6b623a tracing: Fix a possible race when disabling buffered events
6f2e50961fe3 tracing: Fix incomplete locking when disabling buffered events
84302391d130 tracing: Always update snapshot buffer size
cb74e8fd6b2d nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
610ebc289582 ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
439166b1b2ee ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
4fe36f83f8d8 ARM: dts: imx: make gpt node name generic
69b669cc6389 ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
59348f148235 scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
8244ea916bfe tracing: Fix a warning when allocating buffered events fails
4713be844546 ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
febb7bbe290d hwmon: (acpi_power_meter) Fix 4.29 MW bug
ad4cf776678b RDMA/bnxt_re: Correct module description string
b4b89b7b2d4b bpf: sockmap, updating the sg structure should also update curr
7ffff0cc929f tcp: do not accept ACK of bytes we never sent
69431f609bf3 netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
c61c61d7e7de net: hns: fix fake link up on xge port
1ec21fde58da ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
e38cd53421ed arcnet: restoring support for multiple Sohard Arcnet cards
f26546731933 net: arcnet: com20020 fix error handling
d124c18267b1 net: arcnet: Fix RESET flag handling
9f5a25aa1bcc hv_netvsc: rndis_filter needs to select NLS
be1ab8bf0510 ipv6: fix potential NULL deref in fib6_add()
5cd05bbaaef4 of: dynamic: Fix of_reconfig_get_state_change() return value documentation
5cadae629e44 of: Add missing 'Return' section in kerneldoc comments
b31cb14cac85 of: Fix kerneldoc output formatting
36ce931a803b of: base: Fix some formatting issues and provide missing descriptions
8c4fcbe27a7a of/irq: Make of_msi_map_rid() PCI bus agnostic
ae374c57afeb of/irq: make of_msi_map_get_device_domain() bus agnostic
e5cfaab66295 of/iommu: Make of_map_rid() PCI agnostic
f7a85520087a ACPI/IORT: Make iort_msi_map_rid() PCI agnostic
da36a3ef32b4 ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic
d786067be2eb of: base: Add of_get_cpu_state_node() to get idle states for a CPU node
13f27a05377d drm/amdgpu: correct chunk_ptr to a pointer to chunk.
d162a5e6a51d kconfig: fix memory leak from range properties
d34644153050 tg3: Increment tx_dropped in tg3_tso_bug()
cd49b8e07d01 tg3: Move the [rt]x_dropped counters to tg3_napi
427deb5ba566 netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test
54d0d83a5350 hrtimers: Push pending hrtimers away from outgoing CPU earlier
34244ed6219a Linux 5.4.263
afa7b11ea8aa mmc: block: Retry commands in CQE error recovery
c8008304db1f mmc: core: convert comma to semicolon
33cc97d2493f mmc: cqhci: Fix task clearing in CQE error recovery
3e78540d98ce mmc: cqhci: Warn of halt or task clear failure
5b87f355462a mmc: cqhci: Increase recovery halt timeout
1a051c6d15aa cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
d497e1b2f5e5 cpufreq: imx6q: don't warn for disabling a non-existing frequency
b1a66a050f96 scsi: qla2xxx: Fix system crash due to bad pointer access
c1f97cc21eac scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
df0110425f42 scsi: core: Introduce the scsi_cmd_to_rq() function
66cd60553045 scsi: qla2xxx: Simplify the code for aborting SCSI commands
30511f37c997 ima: detect changes to the backing overlay file
8c85e455f7c9 ovl: skip overlayfs superblocks at global sync
157c8056abb5 ima: annotate iint mutex to avoid lockdep false positive warnings
a8038ae58145 fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
939012ee31d8 mtd: cfi_cmdset_0001: Byte swap OTP info
416dad018edd mtd: cfi_cmdset_0001: Support the absence of protection registers
21ad8c1c4fca s390/cmma: fix detection of DAT pages
c11027d333fd s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
f1db39b1541f smb3: fix touch -h of symlink
97d54b8005c0 net: ravb: Start TX queues after HW initialization succeeded
7023a293e981 net: ravb: Use pm_runtime_resume_and_get()
05aa8f3e3b77 ravb: Fix races between ravb_tx_timeout_work() and net related ops
d37609b52977 net: stmmac: xgmac: Disable FPE MMC interrupts
7ccf772a8bad ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
f8b5b5d23605 Input: xpad - add HyperX Clutch Gladiate Support
6536698eea91 btrfs: make error messages more clear when getting a chunk map
4c6274cfd603 btrfs: send: ensure send_fd is writable
79ffc04aba7a btrfs: fix off-by-one when checking chunk map includes logical address
dd94ffab1b6d btrfs: add dmesg output for first mount and last unmount of a filesystem
30b807d73654 powerpc: Don't clobber f0/vs0 during fp|altivec register save
bb55decee202 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
729da56e01c9 dm verity: don't perform FEC for failed readahead IO
b515ed628447 dm-verity: align struct dm_verity_fec_io properly
d377e593d11e ALSA: hda/realtek: Add supported ALC257 for ChromeOS
47dd3917c48a ALSA: hda/realtek: Headset Mic VREF to 100%
88ce27f0a3f0 ALSA: hda: Disable power-save on KONTRON SinglePC
4a2d1399f848 mmc: block: Do not lose cache flush during CQE error recovery
4d7d14c69667 firewire: core: fix possible memory leak in create_units()
1eaa188f7fec pinctrl: avoid reload of p state in list iteration
40532b29138e io_uring: fix off-by one bvec index
9e7f410f6a43 USB: dwc3: qcom: fix wakeup after probe deferral
db62d193e69b USB: dwc3: qcom: fix resource leaks on probe deferral
ca44455362e3 usb: dwc3: set the dma max_seg_size
7a0b6fc6c3c2 USB: dwc2: write HCINT with INTMASK applied
d1c866356ddb USB: serial: option: don't claim interface 4 for ZTE MF290
38233a62d360 USB: serial: option: fix FM101R-GL defines
83be9405b33e USB: serial: option: add Fibocom L7xx modules
406fae6c799b bcache: prevent potential division by zero error
c00163256ac4 bcache: check return value from btree_node_alloc_replacement()
a658ee793011 dm-delay: fix a race between delay_presuspend and delay_bio
ef918a1ba40c hv_netvsc: Mark VF as slave before exposing it to user-mode
997d895fa495 hv_netvsc: Fix race of register_netdevice_notifier and VF register
f2a0c988d724 USB: serial: option: add Luat Air72*U series products
f1ac7789406e s390/dasd: protect device queue against concurrent access
300e96e171a9 bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce()
76f791b78da2 ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
78c1e3aa693b KVM: arm64: limit PMU version to PMUv3 for ARMv8.1
5d4f6d809efa arm64: cpufeature: Extract capped perfmon fields
32cfd5c3b843 ext4: make sure allocate pending entry not fail
70edeedd795a ext4: fix slab-use-after-free in ext4_es_insert_extent()
15a84cf4c785 ext4: using nofail preallocation in ext4_es_insert_extent()
80c8dcb09feb ext4: using nofail preallocation in ext4_es_insert_delayed_block()
be4684ee83f3 ext4: using nofail preallocation in ext4_es_remove_extent()
d809d1d2edc3 ext4: use pre-allocated es in __es_remove_extent()
059722ec6464 ext4: use pre-allocated es in __es_insert_extent()
53df96011a2f ext4: factor out __es_alloc_extent() and __es_free_extent()
c48b5fdd465e ext4: add a new helper to check if es must be kept
b9cd5c3afc37 MIPS: KVM: Fix a build warning about variable set but not used
afbedd6136cb nvmet: nul-terminate the NQNs passed in the connect command
84ac94bed02a nvmet: remove unnecessary ctrl parameter
07009245d3ba afs: Fix file locking on R/O volumes to operate in local mode
54ffe881d716 afs: Return ENOENT if no cell DNS record can be found
3680d10b4181 net: axienet: Fix check for partial TX checksum
a7e7b928049f amd-xgbe: propagate the correct speed and duplex status
c3a77c754e7f amd-xgbe: handle the corner-case during tx completion
895f1903ea09 amd-xgbe: handle corner-case during sfp hotplug
7fabd97a05fc arm/xen: fix xen_vcpu_info allocation alignment
9beba93f8ca7 net: usb: ax88179_178a: fix failed operations during ax88179_reset
fc23517c8797 ipv4: Correct/silence an endian warning in __ip_do_redirect
6fd145351d48 HID: fix HID device resource race between HID core and debugging support
2c8f79610431 HID: core: store the unique system identifier in hid_device
90b3df8b5b7d drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
bfdda8c9c58d ata: pata_isapnp: Add missing error check for devm_ioport_map()
9d980808f967 drm/panel: simple: Fix Innolux G101ICE-L01 timings
cc543bad78d5 drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
c2eadc1586e7 afs: Make error on cell lookup failure consistent with OpenAFS
7369371bb875 PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
518b7f7d87aa RDMA/irdma: Prevent zero-length STAG registration
d359886a7a80 driver core: Release all resources during unbind before updating device links
(From OE-Core rev: 46e99ac57dc1ae498eb54dbe36797d23439263d4)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Concept of gcc-source prevents cve-check to detect existing
CVE patch file.
So whitelist this CVE in all recipes using gcc-source via this
include file.
(From OE-Core rev: 04511734c6dc8c7dda3a943b385cd273d012d8c7)
(From OE-Core rev: 037f640b9272ba055ee41eeb1e6e9b002faefe36)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d803ca6531)
Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add the hint to the test setup that runqemu-gen-tapdevs will need the
iptables package installed.
(From yocto-docs rev: f703ac90d4fe6f004997e963c0cfc98c223bc146)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake.
The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly
during do_compile the code. Due to this getting sporadic error like below,
fatal error: stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
As cmake already correctly initializes the variable from environment,
So we have to unset it in the toolchain file to avoid overwriting the
variable definition again.
(From OE-Core rev: 7ab6087536bc67c63094f08f863dcd3d5e35b8e7)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes [YOCTO #15383]
This bug was introduced into upstream when fixing CVE-2022-29154. It was
later discovered and fixed upstream but this fix didn't make it into
poky yet.
The added patch is taken from upstreams git repository:
fabef23bea
(From OE-Core rev: fb448f87c0b3906b91d453451083dc003ac94ebe)
Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
memory corruption when processing malformed terminfo data entries
loaded by setuid/setgid programs
CVE-2023-29491.patch change the --disable-root-environ configure option
behavior.
set --disable-root-environ in configuration options.
--disable-root-environ option with a few additional changes
to the code allows us to mitigate CVE-2023-29491 and avoid
other issues that involve the possibility of malicious use of
environment variables through setuid applications, and, therefore,
it was the fix chosen in order to resolve this vulnerability.
Reference:
https://ubuntu.com/security/CVE-2023-29491https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1
(From OE-Core rev: 041433f0767ae9112f6a74a7d7c93ce9b411792c)
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The original CVE-2023-29406.patch is not complete, causing docker
failures at runtime, backport a complementary fix from golang upstream.
(From OE-Core rev: bff621d5399e5ff2930d21f403bb2f274febd2e4)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE reports that apple had to upgrade curl because of other
already reported CVEs:
* CVE-2023-38039: not affected, introduced in 7.84.0
* CVE-2023-38545: patch already backported
* CVE-2023-38546: patch already backported
* CVE-2023-42915: reference to itself
(From OE-Core rev: 067740c834a98cd8f5cfff7f73418d18b8e1249a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.
Avoid this case by checking that the string has a length of at least one
byte.
Link: 8b45a3c4ca
(From OE-Core rev: 32e3618891295cec1ee5d4195998aa97f93b2207)
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Upstream-Status: Backport [40dbbd8de4]
(From OE-Core rev: a07cc0b6fa4a485f318fd2957e434b63f5907d7e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Running 'bitbake-layers layerindex-show-depends meta-filesystems' fails with:
```
Traceback (most recent call last):
File "<...>/poky/bitbake/bin/bitbake-layers", line 93, in <module>
ret = main()
File "<...>/poky/bitbake/bin/bitbake-layers", line 86, in main
return args.func(args)
File "<...>/poky/bitbake/lib/bblayers/layerindex.py", line 209, in do_layerindex_show_depends
self.do_layerindex_fetch(args)
File "<...>/poky/bitbake/lib/bblayers/layerindex.py", line 182, in do_layerindex_fetch
args.shallow)
AttributeError: 'Namespace' object has no attribute 'shallow'
```
Initialize the shallow attribute to fix it.
(Bitbake rev: 146cd25252ef065d09df0980b7dc670cb7e7b109)
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The yocto website has changed its structure. Update the section for
Accessing the Downloads page to match the new structure.
(From yocto-docs rev: f9a3b59c130d498c02dfdc016958c92ac74737a7)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: 5dc87309639e78195eb1283afc193f6eac63b044)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).
(From OE-Core rev: 03b766e42beb42a2085285308acbcf941f346b06)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sometimes NVD servers are unstable and return too many errors.
There is an option to have higher fetch attempts to increase the chances
of successfully fetching the CVE data.
Additionally, it also makes sense to progressively increase the delay
after a failed request to an already unstable or busy server.
The increase in delay is reset after every successful request and
the maximum delay is limited to 30 seconds.
Also, the logs are improved to give more clarity.
(From OE-Core rev: 9e03b7a9879fd16e32f4eccb78b438f6fa9db74d)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7101d654635b707e56b0dbae8c2146b312d211ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As per NVD, the public rate limit is 5 requests in 30s (6s delay).
Using an API key increases the limit to 50 requests in 30s (0.6s delay).
However, NVD still recommends sleeping for several seconds so that the
other legitimate requests are serviced without denial or interruption.
Keeping the default sleep at 6 seconds and 2 seconds with an API key.
For failures, the wait time is unchanged (6 seconds).
Reference: https://nvd.nist.gov/developers/start-here#RateLimits
(From OE-Core rev: eb5ab00be33a503205401541e88c32ba9da1d75c)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5c32e2941d1dc3d04a799a1b7cbd275c1ccc9e79)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sometimes NVD servers are unstable and return too many errors.
Last time we increased number of attempts from 3 to 5, but
further increasing is not reasonable as in normal case
too many retries is just abusive.
Keep retries low as default and allow to increase as needed.
(From OE-Core rev: ee2a6ade703317d09f7df60ef7ce300d8f868f54)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b6fd8043d83b99000054ab6ad2c745d07c6bcc1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This variable is not referenced in oe-core anymore.
(From OE-Core rev: 70676801f1f8fe498ff34fc1db72b6a3bf438d4a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 905b45a814cb33327503b793741c19b44c8550b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A bug in QEMU could cause a guest I/O operation otherwise
addressed to an arbitrary disk offset to be targeted to
offset 0 instead (potentially overwriting the VM's boot code).
This change is to fix CVE-2023-5088.
Link: 7d7512019f
(From OE-Core rev: df9e2d40c52b752940de61388997e485da56de0c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A malicious HTTP sender can use chunk extensions to cause a receiver
reading from a request or response body to read many more bytes from
the network than are in the body. A malicious HTTP client can further
exploit this to cause a server to automatically read a large amount
of data (up to about 1GiB) when a handler fails to read the entire
body of a request. Chunk extensions are a little-used HTTP feature
which permit including additional metadata in a request or response
body sent using the chunked encoding. The net/http chunked encoding
reader discards this metadata. A sender can exploit this by inserting
a large metadata segment with each byte transferred. The chunk reader
now produces an error if the ratio of real body to encoded bytes grows
too small.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-39326https://security-tracker.debian.org/tracker/CVE-2023-39326
(From OE-Core rev: 5b55648f3142762c9563289c1b19aa3b7de27164)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A recipe variable handles its dependencies even on the "contains"
variables within the "inline Python expressions" like bb.utils.filter().
And it also handles those in the append operator correctly, but the
problem is that it does not so in the remove operator.
Fix it by adding the missing dependencies every time the remove
operator has been handled.
Also add a test case to check if the override operators handle
dependencies correctly.
(Bitbake rev: 48799c68b69b7921c809e0fc970303866643eb2a)
Signed-off-by: Insu Park <insu0.park@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry-picked from master: b90520eedb1dbc7f6a3928d089fe74fafb864eb5
- Conflicts in data.py are resolved as the master branch moved
handle_contains() and handle_remove() out of the try block
and added the 3rd argument, "exclusions", to handle_contains().
- The test code in codeparser.py are modified as the master branch
added three more arguments to the build_dependencies().
Signed-off-by: Insu Park <insu0.park@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The target_dumper code is basically broken. It has been reading binary files
over the text base serial communication and runs at every command failure which
makes no sense. Each run might overwrite files from the previous run and the
output appears corrupted due to confusion from the binary data.
It isn't possible to cherry-pick "testimage: Drop target_dumper and most of monitor_dumper"
from master, so just make target_dumper and host_dumper empty functions.
For further details see:
https://lists.openembedded.org/g/openembedded-architecture/message/1888
(From OE-Core rev: 94e9019d2f170a26206c2774381a1d183313ecaa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
