strace ptests can run successfully with root user, there is no need to
run as "nobody". The ptest results are the same.
(From OE-Core rev: c20a5f83e9f0483f5458513eeaaec60436dd9d68)
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5ab213178c011152e29dfb0a80251c5e5ab79900)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ptest testsuite/panic-tests.sh of sed need to be run as a non-root user
so that the expected "sed: couldn't open temporary file <filename>:
Permission denied" error can be generated. After disabling default
shell for "nobody", a shell needs to be specified for running ptest.
(From OE-Core rev: 175001feb3b0e5b29cba94a8cdac18b429f84645)
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6d7216772f76af4429fdaaca518858cf014293f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since the commit fe26b2379ecd ("image.bbclass: Depend on
virtual/kernel:do_deploy"), the image.bbclass made building images
depend on virtual/kernel. For some images, including small initramfs,
this is not the case. Allow overriding this dependency in case
developers knows what they are doing.
(From OE-Core rev: 4caf244256e150fea19cd4f2ca04c13d95d49fee)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 55875f68212657167ac6dc26f5fd93eac24b098e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add some documentation about skipping the QA check related to missing
fstab entries or mount units for base mount points where the overlayfs
is mounted from.
Also add a short paragraph about adding a systemd unit dependency to
services in recipes, so that they are started only after the overlayfs
is mounted and ready.
No functional change.
(From OE-Core rev: 4611cbab3e9593937b64b6db48ef269de37c74db)
Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7adc49fa6fdbdf118f74e95193e80ae7ef019e27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Status updated but using the existing patch since it is functionally identical.
(From OE-Core rev: 9f2d85b383daeca5bbed601e4ff9ff01a8c3403f)
Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aab854a94e73e5035eb82fe1aafe970aaa296a54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE product name for PyPI packages is (usually) the same as the PyPI
package name (and not our recipe name), so use that as the default.
(From OE-Core rev: 80a1de36bc86a864d52292ef9770b77480f3c67b)
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61f6b0ad09bf87cdc2d3f08770b7c44cad1d0e58)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The trace tools are licensed under GPL-3.0-or-later but this wasn't
listed in LIC_FILES_CHKSUM. Fix that.
Ultimately we could disable that license if the trace PACKAGECONFIG is
disabled but I'll leave that to someone else if they're keen.
(From OE-Core rev: a27a0c3bceedf06de7ff8cae4a8fe4d2f6f514b8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f763b906ea10705d519c9eebb5ef1ebe87d49d7c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
if a setup is using RPM for packaging and there are multiple
recipes that install to ${nonarch_base_libdir}/firmware by using
install -d ${nonarch_base_libdir}/firmware, it will create installation
clashes on image install, as linux-firmware in before this patch
used mkdir -p, which creates different file mode bits (depending
on the current user's settings).
In a particular example
linux-fimware created /lib/firmware with 0600
while other-firmware-package created it with 0644
making the combination not installable by rpm backend
(From OE-Core rev: e16b9768a2e3eb931d11558f448149c16afa490b)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98bf3f427702687bf81ed759e7cde5d6d15e77eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for CVE-2022-1381, CVE-2022-1420.
(From OE-Core rev: d1c0db32383812531b857729c585b3305e781cd9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Security
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
Bug fixes
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
Improvements
Fix recovery from invalid HTML start tags
Build system, portability
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
(From OE-Core rev: 393b81058f3b970eb906a7f9daa842d8a0747700)
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4ba21f4012e8859fc793bec7df76e56eb8058ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes in XWayland 22.1.1 include:
- Not mapping the composite overlay window by default when running in rootless
mode. This is being done since a client trying to get the COW, the X Server
will map the window and block all pointer events.
- A change to the XWayland present queue code due to some Vulkan games/apps
running in windowed mode only running at 58 FPS when in fact at 60 FPS for
matching a 60Hz refresh rate. Incorrect calculation handling led to the MSC
ticking at ~58Hz.
- Fixing use-after-free bugs.
(From OE-Core rev: 8b8f53ebf6bc265d495154fea3050fe8d7fbd256)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aa0028e19651665f6671d7c57646cfc97c7ba763)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the first bug fix release in the stable 2.36 series.
What’s new in the WebKitGTK 2.36.1 release?
- Fix the build with accessibility disabled.
- Fix several crashes and rendering issues.
- Translation updates: Croatian.
(From OE-Core rev: cf336712afc3899ef45c7f2ef5f6b081223a1269)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4ed608d33fe5f38bc172e0cc6d938ffab184a47a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-27 - Version 3.38.3
Version 3.38.3 fixes a bug in the automatic-index and Bloom filter construction
logic that might cause SQLite to be overly aggressive in the use of ON clause
constraints, resulting in a incorret automatic-index or Bloom filter that excludes
some valid rows from output. The bug was introduced in version 3.38.0.
Other minor changes were tossed in to complete the patch.
(From OE-Core rev: c78ac7ef2d14a8b6167922a12e8c7f35c4b11bfb)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1efd89a4572bb2f39728fd53a1d4db944b06ff38)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
version 5.0.1:
- avcodec/exr: Avoid signed overflow in displayWindow
- avcodec/diracdec: avoid signed integer overflow in global mv
- avcodec/takdsp: Fix integer overflow in decorrelate_sf()
- avcodec/apedec: fix a integer overflow in long_filter_high_3800()
- avdevice/dshow: fix regression
- avfilter/vf_subtitles: pass storage size to libass
- avcodec/vp9_superframe_split_bsf: Don't read inexistent data
- avcodec/vp9_superframe_split_bsf: Discard invalid zero-sized frames
- avcodec/vp9_superframe_bsf: Check for existence of data before reading it
- avcodec/vp9_raw_reorder_bsf: Check for existence of data before reading it
- avformat/imf: fix packet pts, dts and muxing
- avformat/imf: open resources only when first needed
- avformat/imf: cosmetics
- avformat/imf_cpl: do not use filesize when reading XML file
- avformat/imfdec: Use proper logcontext
- avformat/imfdec: do not use filesize when reading XML file
- doc/utils: add missing 22.2 layout entry
- avcodec/av1: only set the private context pix_fmt field if get_pixel_format() succeeds
- avformat/aqtitledec: Skip unrepresentable durations
- avformat/cafdec: Do not store empty keys in read_info_chunk()
- avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before writing
- avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()
- avformat/mxfdec: Check count in mxf_read_strong_ref_array()
- avformat/hls: Check target_duration
- avcodec/pixlet: Avoid signed integer overflow in scaling in filterfn()
- avformat/matroskadec: Check pre_ns
- avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior
- avcodec/libuavs3d: Check ff_set_dimensions() for failure
- avcodec/speexdec: Align some comments
- avcodec/speexdec: Use correct doxygen comments
- avcodec/mjpegbdec: Set buf_size
- avformat/matroskadec: Use rounded down duration in get_cue_desc() check
- avcodec/argo: Check packet size
- avcodec/g729_parser: Check channels
- avformat/avidec: Check height
- avformat/rmdec: Better duplicate tags check
- avformat/mov: Disallow empty sidx
- avformat/argo_cvg:: Fix order of operations in error check in argo_cvg_write_trailer()
- avformat/argo_asf: Fix order of operations in error check in argo_asf_write_trailer()
- avcodec/movtextdec: add () to CMP() macro to avoid unexpected behavior
- avformat/matroskadec: Check duration
- avformat/mov: Corner case encryption error cleanup in mov_read_senc()
- avcodec/jpeglsdec: Fix if( code style
- avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error
- avcodec/motion_est: fix indention of ff_get_best_fcode()
- avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()
- avformat/hls: Use unsigned for iv computation
- avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned
- avformat/matroskadec: Check desc_bytes
- avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
- avformat/matroskadec: Fix infinite loop with bz decompression
- avformat/utils: keep chapter monotonicity on chapter updates
- avformat/mov: Check size before subtraction
- avcodec/cfhd: Avoid signed integer overflow in coeff
- avcodec/libdav1d: free the Dav1dData packet on dav1d_send_data() failure
- avcodec/h264_parser: don't alter decoder private data
- configure: link to libatomic when it's present
- fate/ffmpeg: add missing samples dependency to fate-shortest
(From OE-Core rev: ccb87ec2f13b72c1f43a2ad96cd446533da4a666)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 90f35ceb209a51dfe0cd29e1d8646fcc501b7269)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to latest stable branch release
Bug Fixes
- Previously, zone maintenance DNS queries retried forever if the destination
server was unreachable. These queries included outgoing NOTIFY messages,
refresh SOA queries, parental DS checks, and stub zone NS queries. For example,
if a zone had any nameservers with IPv6 addresses and a secondary server without
IPv6 connectivity, that server would keep trying to send a growing amount of
NOTIFY traffic over IPv6. This futile traffic was not logged. This excessive
retry behavior has been fixed. [GL #3242]
- A number of crashes and hangs which could be triggered in dig were identified and
addressed. [GL #3020] [GL #3128] [GL #3145] [GL #3184] [GL #3205] [GL #3244] [GL #3248]
- Invalid dnssec-policy definitions, where the defined keys did not cover both KSK
and ZSK roles for a given algorithm, were being accepted. These are now checked,
and the dnssec-policy is rejected if both roles are not present for all algorithms
in use. [GL #3142]
- Handling of TCP write timeouts has been improved to track the timeout for each TCP
write separately, leading to a faster connection teardown in case the other party
is not reading the data. [GL #3200]
(From OE-Core rev: 297215735613b1c9512780580da2f84cf013a603)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5398263c8e070110a045a5f8999712ba4be628de)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mesa 22.0.1 is a bug fix release which fixes bugs found since the 22.0.0 release:
freedreno: crash in PUBG
MSVC: Build failure in libmesa_util when targeting x86 32-bit
A crash in radeonsi driver
freedreno: deqp cts fails
Mesa 22.0.2 is a bug fix release which fixes bugs found since the 22.0.1 release:
Vulkan::Calling vkWaitForFences Timeout
Intel (CHT) - Uplink text rendering bugged out in Mesa 22.0
gen9atom gpu hang on dEQP-VK.spirv_assembly.instruction.graphics.float16.arithmetic_1
bad memory managment on panfrost RK3399 - cannot alocate more ram - fury unleashed
Broken rendering in Ryujinx on Tigerlake
intel: integer_mad_hi / integer_mad_sat / integer_mul_hi produce invalid results
Textures colors distortion in “Black Geyser: Couriers of Darkness” with radeonsi
ShaderStorageBlocksWriteAccess not set for spir-v shaders?
radeonsi dEQP-GLES3.functional.buffer.map.write.explicit_flush.* flake crashes
radv: nir validation error with invalid array access
Intel Iris Xe Geometry Flickering/Assets Disappearing
Rendering artifacts when playing Outer Wilds [Reproducible with latest ANV driver built from main]
Vulkan wsi leaks vk_sync object on every wsi_AcquireNextImageKHR call
panfrost(RK3399/T860): Emulationstation: broken, black or missing menus with v22.0.0
Plasma/KDE settings menus disappear on daily build
Square Artifacts Dragons Dogma
r300: Anmesia the dark descent corruption
Error compiling with LLVM-git/15
(From OE-Core rev: 34f6d4763fc3bad1382551fd863f96e556b5f6cc)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3e9444968fd47b3c8e0b2ee7b1b17f43a6bd56b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Latest stable branch update
Drop 0029-network-enable-KeepConfiguration-when-running-on-net.patch as
patch merged upstream.
Changes:
4a31fa2fb0 (tag: v250.5) hwdb: run "update-hwdb-autosuspend"
e92e2d0e3b hwdb: run "update-hwdb"
e1e4395775 hwdb: make sure "ninja update-hwdb" works on f35
1fe496fc3b hwdb: fix parser to work with newer pyparsing
32e7c65372 manager: prohibit clone3() in seccomp filters
45335a3eed nspawn: fix --ephemeral with --machine
79b86adcbd nspawn: fix locating config files with --ephemeral
c202d402d9 resolve: fix typo in dns_class_is_pseudo()
9f689fda54 sd-ipv4acd: actually drop the arp packet from one of the host interface
e3d57bc301 sd-event: make inotify event work after the process is forked
a5fc32fa34 sd-event: do not kill a child process from another child
c36ab05b4f sd-event: do not update signal fd after PID is changed
e006b56c18 sd-event: set pid to event source after all setup processes finished
d2e3b5a841 sd-event: rebreak comments
6673131917 core: fix dm-verity auto-discovery in MountImageUnit()
10ee46a2ca analyze: Fix verify exit status regression
df6253cbda hwdb: fix parsing options
9727b9ee7b core: command argument can be longer than PATH_MAX
12f05b856c network: ignore all errors in loading .network files
b5dfdf0301 analyze: fix offline check for syscal filter
8ed1490de6 analyze: fix offline check for 'native' syscall architecture
72d0c6b171 missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing
bba396d78c journal-remote: refuse to specify --trust option when gnutls is disabled
8d4c0d2383 calendarspec: fix possibly skips next elapse
d9ea8dab6d copy: use FLAGS_SET() in copy_xattr()
077ca08b38 journal: preserve acls when rotating user journals with NOCOW attribute set
25b3c48ec5 macro: account for negative values in DECIMAL_STR_WIDTH()
8f2f6a94d8 network: enable KeepConfiguration= when running on network filesystem
61649fbada stat-util: introduce path_is_network_fs()
3f6e62eccb network-generator: rename DHCP_TYPE_DHCP -> DHCP_TYPE_DHCP4
a7585a3a38 hwdb: Add AV production access to Elgado Stream Deck devices
18c0096ec2 Add AV production controllers to hwdb and add uaccess
2298094b2c packit: drop bfq patch
7cda67d4f4 packit: build on and use Fedora 36 spec file
056bae9f1b Packit: build SRPMs in Copr
6253eb576c journal-file: if we are going down, don't use event loop to schedule post
c901bc8680 journald: make sure SIGTERM handling doesn't get starved out
ed46ff2bd6 random-seed: hash together old seed and new seed before writing out file
6d3e2f0188 resolved: Allow test-resolved-stream to run concurrently
781b2b2e66 resolved: Read as much as possible per stream EPOLLIN event
03692af607 resolved: Avoid multiple SSL writes per DoT packet
3227f542a7 resolved: Make event flags logic robust for DoT
9c710c66c3 resolve: llmnr: fix never hit condition
d65808ef7e resolve: mention that dns_stream_update() needs to be called after dns_stream_take_read_packet()
b2f82f643a resolve: call dns_stream_take_read_packet() in on_stream_io()
fe4c208c98 resolve: make dns_stream_new() take on_packet and complete callbacks
f447648ae4 resolved: Test for DnsStream (plain TCP DNS and DoT)
88b4e8f74e resolved: Fix DoT timeout on multiple answer records
d5b871bdfe test: increase image size
c3aead5568 random-util: unify RANDOM_ALLOW_INSECURE and !RANDOM_BLOCK and simplify
(From OE-Core rev: 43e2cd211230ea32e4903f9891fda2e4b0f63cc4)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e07ba76fc78b44f338e574644a8ae3b6cddc9f08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This minor version include fixes for several CVEs
CVE: CVE-2022-1292
CVE: CVE-2022-1343
CVE: CVE-2022-1434
CVE: CVE-2022-1473
(From OE-Core rev: 62bc43a8ca705384fb60742f2f044f4355aaabca)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As a centos 8 spinoff, it lacks the same vgem kernel module.
(From OE-Core rev: 451605aa40482516c18cd1534feacb796516a785)
(From OE-Core rev: 66622dac0ed987162c740536f56973f17879198a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The autobuilder sstate was corrupted via incorrect equiavlences caused by
the security fix to git and the poor interaction that had with SCM version
checks under fakeroot/pseudo. Bump the versions to enable a clean slate
to work off.
(From OE-Core rev: 69f2d0822462e77d09b4781dcec41a0747e4d387)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b6672730372e130d4d72b683fc3150911964745)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently the signatures for do_packagedata don't reflect whether PRServ
was active or not. This means that if you have mxiing of PRServ usage and
non PRServ usage against the same sstate cache it can rarely become
corrupted with one referencing the other.
This likely doesn't happen in general but does on the autobuilder as PRServ
is tested. Add in some variables to ensure the binary state of PRServ being
enabled or disabled is tracked (but not the server value). We continue to
assume one PRServ is used per sstate cache.
(From OE-Core rev: 4c2f429d6876c29b17931daa039c4899aacd7234)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd660e5c3fb74f7c4b7b8e863f7143066ae22813)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Turns out this doesn't actually work, as git doesn't respect the environment
when reading the safe.directory configuration variable.
This reverts commit d4a5862ce8.
(From OE-Core rev: 73087e3c4bf6792c37f0a9d8d006c09856d36b13)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e28dd48ffb84c8bb4356d889b70a4b876c8bbaf3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We'd like to intercept git calls but we don't want circular references
and HOSTTOOLS currently sets them up. Tweak to avoid them.
(From OE-Core rev: 9f4acb8d8b47349e7a4adbb25842a94c0947469a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fix for CVE-2022-24765 in git[1] breaks any use of git inside
pseudo. Add a simple test case to oe-selftest to verify that at least
basic uses of git work fine under pseudo.
[1] 8959555cee
(From OE-Core rev: 3fafd22233be8961801fa541969383b5b8444dee)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46822268040a23dbb81f71fe35aee8c2663a31f6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When creating the manifest and the testdata.json links, if the link
name is equal to the output name the link is not created, otherwise
it is. This prevents a link-to-self in the first case.
(From OE-Core rev: e69a1533dfb8ceb5b91610f2ab8b3da575fcc36e)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An if statement now checks if the link and output path are
the same, if they are then the link is not created,
otherwise it is.
(From OE-Core rev: 2fd7f3b7dc964b59b268dd4a34761f9f71f61c25)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.
(From OE-Core rev: 8a79c476706b25e5c707c65b4e46b6e940874bd6)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
- a positive value sets an interval (in seconds)
- a zero ("0") forces the database update
(From OE-Core rev: 0007dd0edb39123201a46886a4e71d001c118ddf)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.
As the NVD database changes usually only once a day, we can just
update it less frequently.
(From OE-Core rev: 27b1cb83ec666cc91930f2a7b5a6282fde77c730)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The only part of the cve-check task which needs files is the patch
examination, and typically these patches are local so fetch isn't needed.
(From OE-Core rev: a76b642736d78cd4dec0ae264da6d0ffd4e9aaf7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kernel commit:
commit 3d4b396a616d0d67bf95d6823ad1197f6247292e
Author: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon Oct 11 15:37:04 2021 +0200
landlock: Use square brackets around "landlock-ruleset"
commit aea0b9f2486da8497f35c7114b764bf55e17c7ea upstream.
Make the name of the anon inode fd "[landlock-ruleset]" instead of
"landlock-ruleset". This is minor but most anon inode fds already
carry square brackets around their name:
[eventfd]
[eventpoll]
[fanotify]
[fscontext]
[io_uring]
[pidfd]
[signalfd]
[timerfd]
[userfaultfd]
For the sake of consistency lets do the same for the landlock-ruleset anon
inode fd that comes with landlock. We did the same in
1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]")
for the new mount api.
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20211011133704.1704369-1-brauner@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changed the format of the landlock tracing. We need to update the strace
expected string to match.
Upstream-Status: Submitted [https://lists.strace.io/pipermail/strace-devel/2022-April/011064.html]
(From OE-Core rev: 0268bc1ed04212acdb5b08e57334ed367042c1a2)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf7d885aef06f6208533dd5fab45ee8e92d6d6d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
During the cleanup/refactoring of qemuarm* we dropped a PCI option
that is required for graphical boot. The configuration is fixed to
create a separate fragment, which just enabled the minimim and we
include it into qemuarma15 standard/preempt-rt.
Integrating the following commit(s) to linux-yocto/5.15:
fcf48627ea5 qemuarma15: include pci-of-generic support
(From OE-Core rev: ccd27ea8b8e179b7eb0526ed1416ca674c9d295e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 375366bd16619b14f718f96a9235d0936cae97ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
45451e8015a9 Linux 5.15.36
bb906d15a99e arm64: dts: qcom: add IPA qcom,qmp property
1ea01e64632f block/compat_ioctl: fix range check in BLKGETSIZE
6a3c609feb11 spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
b1b8f39c2475 jbd2: fix a potential race while discarding reserved buffers after an abort
2e25c46c6eef netfilter: nft_ct: fix use after free when attaching zone template
2b273d1fd18e ext4: force overhead calculation if the s_overhead_cluster makes no sense
52ca84a3edd1 ext4: fix overhead calculation to account for the reserved gdt blocks
6b952563934c ext4, doc: fix incorrect h_reserved size
9b90003771e5 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
e3912775b476 ext4: fix use-after-free in ext4_search_dir
8bb5676b49d3 ext4: fix symlink file size not match to file content
ba50ea456f49 ext4: fix fallocate to use file_modified to update permissions consistently
67e4860eeed8 netfilter: conntrack: avoid useless indirection during conntrack destruction
bcba40bd36d7 netfilter: conntrack: convert to refcount_t api
4bbd693d9f0a KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs
8b2da9690489 KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
a41b3243a6de KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race
2b4417acd3c6 KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog
87d95ff0ca27 arm_pmu: Validate single/group leader events
4d98fbb26683 ARC: entry: fix syscall_trace_exit argument
7b69c07beb23 e1000e: Fix possible overflow in LTR decoding
73a0b4c5c0bd ASoC: soc-dapm: fix two incorrect uses of list iterator
571a67b0d8a4 gpio: Request interrupts after IRQ is initialized
e411af98013d openvswitch: fix OOB access in reserve_sfa_size()
bac4cadeb718 xtensa: fix a7 clobbering in coprocessor context load/store
91335ca9ebe7 xtensa: patch_text: Fixup last cpu should be master
49952e31e50d perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event
04ecea282b42 perf script: Always allow field 'data_src' for auxtrace
a92335b4b189 powerpc/perf: Fix power10 event alternatives
7a56867c5ef3 powerpc/perf: Fix power9 event alternatives
53c4a9ff225b drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
9dc46d2e3723 KVM: PPC: Fix TCE handling for VFIO
76614b111867 drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
7981351a916e drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
56637084e8a5 perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled
b1b929468229 sched/pelt: Fix attach_entity_load_avg() corner case
914473a07088 scsi: sr: Do not leak information in ioctl
f0cfae3e0d3a Input: omap4-keypad - fix pm_runtime_get_sync() error checking
232541989a1a net: atlantic: invert deep par in pm functions, preventing null derefs
6b8af9f96749 dmaengine: imx-sdma: fix init of uart scripts
1a8d1665cff1 dma: at_xdmac: fix a missing check on list iterator
d10a711d4db6 ata: pata_marvell: Check the 'bmdma_addr' beforing reading
48b2ab1a960a mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
41ba681c6373 oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
9dcb65cdf312 mm, hugetlb: allow for "high" userspace addresses
07bdd207774c memcg: sync flush only if periodic flush is delayed
9c71b29d55d4 mm/memory-failure.c: skip huge_zero_page in memory_failure()
b81291922f8b EDAC/synopsys: Read the error count from the correct register
87dd813bd2c3 nvme-pci: disable namespace identifiers for Qemu controllers
dab2f477e15a nvme-pci: disable namespace identifiers for the MAXIO MAP1002/1202
25f37ed22a9e nvme: add a quirk to disable namespace identifiers
4a9f9f1791f3 VFS: filename_create(): fix incorrect intent.
773ca67ffc96 stat: fix inconsistency between struct stat and struct compat_stat
80c713a894c3 scsi: qedi: Fix failed disconnect handling
c7f4f3016fea scsi: iscsi: Fix NOP handling during conn recovery
e4efe868aa14 scsi: iscsi: Merge suspend fields
740411ee2f94 scsi: iscsi: Release endpoint ID when its freed
123a52eb610d net: macb: Restart tx only if queue pointer is lagging
bc663ff8cae3 drm/msm/mdp5: check the return of kzalloc()
5fe864539caf dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
48e1db2c3d42 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
e25b350e2521 mt76: Fix undefined behavior due to shift overflowing the constant
a7a651d5a525 net: atlantic: Avoid out-of-bounds indexing
213330bafd02 cifs: Check the IOCB_DIRECT flag, not O_DIRECT
6085e24fd972 vxlan: fix error return code in vxlan_fdb_append
32fe43df71c5 arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes
f0ba965e4783 drm/msm/disp: check the return value of kzalloc()
b78d40339568 ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
9d441c2e2ad1 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
4426116b2e02 reset: tegra-bpmp: Restore Handle errors in BPMP response
a6ec9d95c205 reset: renesas: Check return value of reset_control_deassert()
70fa727835f9 ARM: vexpress/spc: Avoid negative array index when !SMP
d3acd3f9f80e arm64: mm: fix p?d_leaf()
ec9cb700cbf7 selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
6b9a418d3850 dmaengine: idxd: skip clearing device context when device is read-only
49047fa486b3 dmaengine: idxd: add RO check for wq max_transfer_size write
6c30e099b978 dmaengine: idxd: add RO check for wq max_batch_size write
e83acf93919b net: stmmac: Use readl_poll_timeout_atomic() in atomic state
79957134ca1d drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails
f3552c37593a netlink: reset network and mac headers in netlink_dump()
93581ae1f980 net: mscc: ocelot: fix broken IP multicast flooding
6a5ca57d5acd net: dsa: hellcreek: Calculate checksums in tagger
40ebaf7365b0 can: isotp: stop timeout monitoring when no first frame was sent
652a5405396d ipv6: make ip6_rt_gc_expire an atomic_t
d23fe66eb7b0 l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
58bdbd121a34 net/sched: cls_u32: fix possible leak in u32_init_knode()
1b4fb109cc53 net: restore alpha order to Ethernet devices in config
d5049ef1f671 ip6_gre: Fix skb_under_panic in __gre6_xmit()
3cc2f6b71eb6 ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ab26f1136757 net/packet: fix packet_sock xmit return value checking
b355ca6a915f net/smc: Fix sock leak when release after smc_shutdown()
8fe1bf23c96b rxrpc: Restore removed timer deletion
09da8cf94588 ALSA: hda/hdmi: fix warning about PCM count when used with SOF
c7c71b3e4764 igc: Fix suspending when PTM is active
da323d0d6aaa igc: Fix BUG: scheduling while atomic
b3ce7d3a1742 igc: Fix infinite loop in release_swfw_sync
8920a03a3a15 spi: cadence-quadspi: fix incorrect supports_op() return value
a583f2f3c878 esp: limit skb_page_frag_refill use to a single page
76900a136b1a spi: spi-mtk-nor: initialize spi controller after resume
84e77e72367f dmaengine: dw-edma: Fix unaligned 64bit access
d18fb19c1c8e dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
8932d9ee4b9f dmaengine: imx-sdma: Fix error checking in sdma_event_remap
a8be4586352b dmaengine: idxd: fix device cleanup on disable
6168532a08ef ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
053bd9604f05 ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
9a4c63e7332c ASoC: rk817: Use devm_clk_get() in rk817_platform_probe
bc15442cc99f ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create()
bc7d0133181e ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
236785649ad2 ALSA: hda/realtek: Add quirk for Clevo NP70PNP
aaa22e5b526d ALSA: usb-audio: Clear MIDI port active flag after draining
ba9e9a794fd1 net/sched: cls_u32: fix netns refcount changes in u32_change()
8dfec6e0a62d scsi: ufs: core: scsi_get_lba() error fix
c2d0cdf8ad06 gfs2: assign rgrp glock before compute_bitstructs
a52e73bef254 mm, kfence: support kmem_dump_obj() for KFENCE objects
3876c574e4cc perf tools: Fix segfault accessing sample_id xyarray
77a467983bff mm: page_alloc: fix building error on -Werror=array-compare
3177d047e58a etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
3f7b1a87ac75 arm64/mm: drop HAVE_ARCH_PFN_VALID
c01430cf5b87 dma-mapping: remove bogus test for pfn_valid from dma_map_resource
155ae0547cb8 xfs: return errors in xfs_fs_sync_fs
935745abcf4c vfs: make sync_filesystem return errors from ->sync_fs
6eb927ee189f block: simplify the block device syncing code
7877e7a5a52e block: remove __sync_blockdev
4b7617ae04de fs: remove __sync_filesystem
(From OE-Core rev: f967efa7f28d67c8f47e879fb96696b29bd7621b)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 02149163c8643cec5fd8ef9c7b8a2f5af06519ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Integrating the following commit(s) to linux-yocto/5.15:
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
The revert of commit [fbdev: Hot-unplug firmware fb devices on forced
removal] was done to fix powerpc fbdev issues. Upstream went in a
different direction, which means that our fbdev routines have conflicts
with -stable updates.
The fix for the fbdev is in -stable, so we drob our reverted commit,
such that 5.15 builds again, and fbdev is functional.
(From OE-Core rev: f648a6b4a4f5c4e99ea93e802b2ca7284f52f72d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6da0cde02dd6a315a7eb34cb0bc691cf622eba05)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
