Concept of gcc-source prevents cve-check to detect existing
CVE patch file.
So whitelist this CVE in all recipes using gcc-source via this
include file.
(From OE-Core rev: 04511734c6dc8c7dda3a943b385cd273d012d8c7)
(From OE-Core rev: 037f640b9272ba055ee41eeb1e6e9b002faefe36)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d803ca6531)
Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake.
The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly
during do_compile the code. Due to this getting sporadic error like below,
fatal error: stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
As cmake already correctly initializes the variable from environment,
So we have to unset it in the toolchain file to avoid overwriting the
variable definition again.
(From OE-Core rev: 7ab6087536bc67c63094f08f863dcd3d5e35b8e7)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes [YOCTO #15383]
This bug was introduced into upstream when fixing CVE-2022-29154. It was
later discovered and fixed upstream but this fix didn't make it into
poky yet.
The added patch is taken from upstreams git repository:
fabef23bea
(From OE-Core rev: fb448f87c0b3906b91d453451083dc003ac94ebe)
Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
memory corruption when processing malformed terminfo data entries
loaded by setuid/setgid programs
CVE-2023-29491.patch change the --disable-root-environ configure option
behavior.
set --disable-root-environ in configuration options.
--disable-root-environ option with a few additional changes
to the code allows us to mitigate CVE-2023-29491 and avoid
other issues that involve the possibility of malicious use of
environment variables through setuid applications, and, therefore,
it was the fix chosen in order to resolve this vulnerability.
Reference:
https://ubuntu.com/security/CVE-2023-29491https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1
(From OE-Core rev: 041433f0767ae9112f6a74a7d7c93ce9b411792c)
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The original CVE-2023-29406.patch is not complete, causing docker
failures at runtime, backport a complementary fix from golang upstream.
(From OE-Core rev: bff621d5399e5ff2930d21f403bb2f274febd2e4)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE reports that apple had to upgrade curl because of other
already reported CVEs:
* CVE-2023-38039: not affected, introduced in 7.84.0
* CVE-2023-38545: patch already backported
* CVE-2023-38546: patch already backported
* CVE-2023-42915: reference to itself
(From OE-Core rev: 067740c834a98cd8f5cfff7f73418d18b8e1249a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.
Avoid this case by checking that the string has a length of at least one
byte.
Link: 8b45a3c4ca
(From OE-Core rev: 32e3618891295cec1ee5d4195998aa97f93b2207)
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Upstream-Status: Backport [40dbbd8de4]
(From OE-Core rev: a07cc0b6fa4a485f318fd2957e434b63f5907d7e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: 5dc87309639e78195eb1283afc193f6eac63b044)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).
(From OE-Core rev: 03b766e42beb42a2085285308acbcf941f346b06)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sometimes NVD servers are unstable and return too many errors.
There is an option to have higher fetch attempts to increase the chances
of successfully fetching the CVE data.
Additionally, it also makes sense to progressively increase the delay
after a failed request to an already unstable or busy server.
The increase in delay is reset after every successful request and
the maximum delay is limited to 30 seconds.
Also, the logs are improved to give more clarity.
(From OE-Core rev: 9e03b7a9879fd16e32f4eccb78b438f6fa9db74d)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7101d654635b707e56b0dbae8c2146b312d211ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As per NVD, the public rate limit is 5 requests in 30s (6s delay).
Using an API key increases the limit to 50 requests in 30s (0.6s delay).
However, NVD still recommends sleeping for several seconds so that the
other legitimate requests are serviced without denial or interruption.
Keeping the default sleep at 6 seconds and 2 seconds with an API key.
For failures, the wait time is unchanged (6 seconds).
Reference: https://nvd.nist.gov/developers/start-here#RateLimits
(From OE-Core rev: eb5ab00be33a503205401541e88c32ba9da1d75c)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5c32e2941d1dc3d04a799a1b7cbd275c1ccc9e79)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sometimes NVD servers are unstable and return too many errors.
Last time we increased number of attempts from 3 to 5, but
further increasing is not reasonable as in normal case
too many retries is just abusive.
Keep retries low as default and allow to increase as needed.
(From OE-Core rev: ee2a6ade703317d09f7df60ef7ce300d8f868f54)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b6fd8043d83b99000054ab6ad2c745d07c6bcc1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This variable is not referenced in oe-core anymore.
(From OE-Core rev: 70676801f1f8fe498ff34fc1db72b6a3bf438d4a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 905b45a814cb33327503b793741c19b44c8550b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A bug in QEMU could cause a guest I/O operation otherwise
addressed to an arbitrary disk offset to be targeted to
offset 0 instead (potentially overwriting the VM's boot code).
This change is to fix CVE-2023-5088.
Link: 7d7512019f
(From OE-Core rev: df9e2d40c52b752940de61388997e485da56de0c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A malicious HTTP sender can use chunk extensions to cause a receiver
reading from a request or response body to read many more bytes from
the network than are in the body. A malicious HTTP client can further
exploit this to cause a server to automatically read a large amount
of data (up to about 1GiB) when a handler fails to read the entire
body of a request. Chunk extensions are a little-used HTTP feature
which permit including additional metadata in a request or response
body sent using the chunked encoding. The net/http chunked encoding
reader discards this metadata. A sender can exploit this by inserting
a large metadata segment with each byte transferred. The chunk reader
now produces an error if the ratio of real body to encoded bytes grows
too small.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-39326https://security-tracker.debian.org/tracker/CVE-2023-39326
(From OE-Core rev: 5b55648f3142762c9563289c1b19aa3b7de27164)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The target_dumper code is basically broken. It has been reading binary files
over the text base serial communication and runs at every command failure which
makes no sense. Each run might overwrite files from the previous run and the
output appears corrupted due to confusion from the binary data.
It isn't possible to cherry-pick "testimage: Drop target_dumper and most of monitor_dumper"
from master, so just make target_dumper and host_dumper empty functions.
For further details see:
https://lists.openembedded.org/g/openembedded-architecture/message/1888
(From OE-Core rev: 94e9019d2f170a26206c2774381a1d183313ecaa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
wtmp is filled with binary data which the run_serial command can't cope with.
Catting this results in confusion of the serial interface and potentially large
backlogs of data in the buffers which can hang qemu.
Exclude the problematic files from the command.
(From OE-Core rev: 05d9f9c6b27c0216fa4e349109ef42cf91bb4084)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 599ac08a6f6fb3f6a89a897c8e06367c63c2f979)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/5.4:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: rt: drop -stable migrate_disable
Date: Mon, 11 Dec 2023 08:50:52 -0500
The -rt branches already have a migrate disable mechanism, we
drop the -stable version to fix build issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: f29aff4a2a907f70c5397f9f1f7b5c1f8beb8647)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating to the latest korg -stable release that comprises
the following commits:
8e221b47173d Linux 5.4.262
b053223b7cf4 netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4)
c35df8b8c572 netfilter: nf_tables: disable toggling dormant table state more than once
e10f661adc55 netfilter: nf_tables: fix table flag updates
46c2947fcd71 netfilter: nftables: update table flags from the commit phase
b09e6ccf0d12 netfilter: nf_tables: double hook unregistration in netns path
b05a24cc453e netfilter: nf_tables: unregister flowtable hooks on netns exit
a995a68e8a3b netfilter: nf_tables: fix memleak when more than 255 elements expired
b95d7af657a8 netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
61a7b3de20e2 netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
03caf75da105 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
021d734c7eaa netfilter: nf_tables: defer gc run if previous batch is still pending
38ed6a5f836f netfilter: nf_tables: use correct lock to protect gc_list
4b6346dc1edf netfilter: nf_tables: GC transaction race with abort path
b76dcf466223 netfilter: nf_tables: GC transaction race with netns dismantle
29ff9b8efb84 netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
1398a0eee290 netfilter: nf_tables: remove busy mark and gc batch API
85520a1f1d87 netfilter: nft_set_hash: mark set element as dead when deleting from packet path
c357648929c8 netfilter: nf_tables: adapt set backend to use GC transaction API
bbdb3b65aa91 netfilter: nf_tables: GC transaction API to avoid race with control plane
1da4874d05da netfilter: nf_tables: don't skip expired elements during walk
acaee227cf79 netfilter: nft_set_rbtree: fix overlap expiration walk
899aa5638568 netfilter: nft_set_rbtree: fix null deref on element insertion
181859bdfb97 netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
3c7ec098e3b5 netfilter: nf_tables: drop map element references from preparation phase
6b880f3b2c04 netfilter: nftables: rename set element data activation/deactivation functions
e1eed9e0b5e8 netfilter: nf_tables: pass context to nft_set_destroy()
961c4511c757 tracing: Have trace_event_file have ref counters
7676a41d90c5 drm/amdgpu: fix error handling in amdgpu_bo_list_get()
36383005f1db ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
e95f74653dff ext4: correct the start block of counting reserved clusters
1fbfdcc3d65e ext4: correct return value of ext4_convert_meta_bg
dfdfd3f21830 ext4: correct offset of gdb backup in non meta_bg group to update_backups
85c12e80c474 ext4: apply umask if ACL support is disabled
d2aed8814f02 Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
b9e5f633b35d nfsd: fix file memleak on client_opens_release
339d7d40d3dc media: venus: hfi: add checks to handle capabilities from firmware
cab97cdd409a media: venus: hfi: fix the check to handle session buffer requirement
5d39d0c1f43f media: venus: hfi_parser: Add check to keep the number of codecs within range
497b12d47cc6 media: sharp: fix sharp encoding
92d8a0478fb3 media: lirc: drop trailing space from scancode transmit
cac054d10324 i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
b132e462363f net: dsa: lan9303: consequently nested-lock physical MDIO
229738d71702 Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
4074957ec6bb Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
356a2ee5fc36 Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
afe92b66a5d8 bluetooth: Add device 13d3:3571 to device tables
dc073a2626d3 bluetooth: Add device 0bda:887b to device tables
75d26f7f6118 Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
323710a6b4c6 Bluetooth: btusb: add Realtek 8822CE to usb_device_id table
981ee23b8d48 Bluetooth: btusb: Add flag to define wideband speech capability
0fe69c99cc13 tty: serial: meson: fix hard LOCKUP on crtscts mode
8f40bbf7dc01 serial: meson: Use platform_get_irq() to get the interrupt
a1113f2c9b2c tty: serial: meson: retrieve port FIFO size from DT
13391526d817 serial: meson: remove redundant initialization of variable id
6245d0d70fe8 ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
4ef452297de4 ALSA: info: Fix potential deadlock at disconnection
c7df9523fed2 parisc/pgtable: Do not drop upper 5 address bits of physical address
c32dfec86714 parisc: Prevent booting 64-bit kernels on PA1.x machines
d570d139cb38 i3c: master: cdns: Fix reading status register
ad6941b192ca mm/cma: use nth_page() in place of direct struct page manipulation
36512866607e dmaengine: stm32-mdma: correct desc prep when channel running
4a5c267d5700 mcb: fix error handling for different scenarios when parsing
25eb381a736e i2c: core: Run atomic i2c xfer when !preemptible
975b5ff33f9a kernel/reboot: emergency_restart: Set correct system_state
421f9ccc75c5 quota: explicitly forbid quota files from being encrypted
7d0c36cd2e65 jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
665c2f186b8c btrfs: don't arbitrarily slow down delalloc if we're committing
b5a8382cf829 PM: hibernate: Clean up sync_read handling in snapshot_write_next()
2b3cfdaa8833 PM: hibernate: Use __get_safe_page() rather than touching the list
612c17a90fce mmc: vub300: fix an error code
398940412e8d clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
0b2b22b706ec parisc/pdc: Add width field to struct pdc_model
012dba0ab814 PCI: keystone: Don't discard .probe() callback
9988c9dc3c8b PCI: keystone: Don't discard .remove() callback
a438322e0078 genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
683c562c434d mmc: meson-gx: Remove setting of CMD_CFG_ERROR
d894f9288cff ACPI: resource: Do IRQ override on TongFang GMxXGxx
7b15bc9b753f PCI/sysfs: Protect driver's D3cold preference from user space
78d3487b5b87 hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
6b21ae025b82 audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
c0d01f03aaac audit: don't take task_lock() in audit_exe_compare() code path
4d0a828775f0 KVM: x86: Ignore MSR_AMD64_TW_CFG access
5066faedd2f7 KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
268d17ab637a x86/cpu/hygon: Fix the CPU topology evaluation for real
acbc12b0b348 scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers
bae690510316 bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
6933bc9a5f77 randstruct: Fix gcc-plugin performance mode to stay in group
c94d05ac6937 media: venus: hfi: add checks to perform sanity on queue pointers
6d028ade9db7 cifs: spnego: add ';' in HOST_KEY_LEN
26415e35f669 tools/power/turbostat: Fix a knl bug
a49786297b83 macvlan: Don't propagate promisc change to lower dev in passthru
04cb9ab8ebc5 net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors
c740f4716a44 net/mlx5_core: Clean driver version and name
e4bdbcce8e02 net/mlx5e: fix double free of encap_header
5cc1f24f7333 net: stmmac: fix rx budget limit check
c4b712d1a814 net: stmmac: Rework stmmac_rx()
b2762d13dfae netfilter: nf_conntrack_bridge: initialize err to 0
fd51e7541ff6 net: ethernet: cortina: Fix MTU max setting
823bffdaac39 net: ethernet: cortina: Handle large frames
f5055d7345d6 net: ethernet: cortina: Fix max RX frame define
b4f0e605a508 bonding: stop the device in bond_setup_by_slave()
7ea0a719e578 ptp: annotate data-race around q->head and q->tail
89af55e0fa13 xen/events: fix delayed eoi list handling
db957a2f5481 ppp: limit MRU to 64K
f3b250d91993 tipc: Fix kernel-infoleak due to uninitialized TLV value
77236275d4cd net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
14c6cd41c851 tty: Fix uninit-value access in ppp_sync_receive()
4d2d30f0792b ipvlan: add ipvlan_route_v6_outbound() helper
ed53c1518811 NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
fe449f8b9727 wifi: iwlwifi: Use FW rate for non-data frames
eca19db60f99 pwm: Fix double shift bug
d996530ba92c ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
6d703922bc9e kgdb: Flush console before entering kgdb on panic
eac3e4760aa1 drm/amd/display: Avoid NULL dereference of timing generator
514565ff7fce media: cobalt: Use FIELD_GET() to extract Link Width
2bb42a27a92f gfs2: ignore negated quota changes
a251e20a2cbe media: vivid: avoid integer overflow
8f83c85ee882 media: gspca: cpia1: shift-out-of-bounds in set_flicker
a8f829886d47 i2c: sun6i-p2wi: Prevent potential division by zero
80876a07ca3b usb: gadget: f_ncm: Always set current gadget in ncm_bind()
460284dfb10b tty: vcc: Add check for kstrdup() in vcc_probe()
35b9435123ef HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
b549acf99982 scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
33906b36b15d atm: iphase: Do PCI error checks on own line
54f4dde8fa0c PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
2527775616f3 ALSA: hda: Fix possible null-ptr-deref when assigning a stream
953ed26a77c6 ARM: 9320/1: fix stack depot IRQ stack filter
7467ca10a5ff jfs: fix array-index-out-of-bounds in diAlloc
ecfb47f13b08 jfs: fix array-index-out-of-bounds in dbFindLeaf
32bd8f1cbcf8 fs/jfs: Add validity check for db_maxag and db_agpref
a81a56b4cbe3 fs/jfs: Add check for negative db_l2nbperpage
e18d266fb3f1 RDMA/hfi1: Use FIELD_GET() to extract Link Width
c9c133469730 crypto: pcrypt - Fix hungtask for PADATA_RESET
ddd6e5266343 selftests/efivarfs: create-read: fix a resource leak
437e0fa907ba drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
d50a56749e5a drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
c847379a5d00 drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
1f24c286f4a4 drm/komeda: drop all currently held locks if deadlock happens
5305ae0d4ad8 platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
3c4236f1b2a7 Bluetooth: Fix double free in hci_conn_cleanup
3cf391e4174a wifi: ath10k: Don't touch the CE interrupt registers after power up
252bde6b17b8 net: annotate data-races around sk->sk_dst_pending_confirm
73909810ac27 net: annotate data-races around sk->sk_tx_queue_mapping
bd653b07095a wifi: ath10k: fix clang-specific fortify warning
32cc96dc5f4e wifi: ath9k: fix clang-specific fortify warnings
efeae5f4972f wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
770da15be321 wifi: mac80211_hwsim: fix clang-specific fortify warning
cfe13e1486d4 x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
91f7467ac96a clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
da667a3f8e23 clocksource/drivers/timer-imx-gpt: Fix potential memory leak
788c0b3442ea perf/core: Bail out early if the request AUX area is out of bound
dcd85e3c9293 locking/ww_mutex/test: Fix potential workqueue corruption
ef379773e2e7 Linux 5.4.261
3542ef5c3748 btrfs: use u64 for buffer sizes in the tree search ioctls
7868e6151a6d Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
7be3aca8d73d fbdev: fsl-diu-fb: mark wr_reg_wa() static
6c66d737b272 fbdev: imsttfb: fix a resource leak in probe
b90c8dfd715f fbdev: imsttfb: Fix error path of imsttfb_probe()
4a6a3f1b3840 spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
157333513d14 drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
21858a75dc78 netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
ae99c5e16a83 netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs
11380557c236 netfilter: xt_recent: fix (increase) ipv6 literal buffer length
cce1d4668191 r8169: respect userspace disabling IFF_MULTICAST
e820e23338d1 tg3: power down device only on SYSTEM_POWER_OFF
f8065cde49b2 net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
592f934b7a22 net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
85513df59a3e Fix termination state for idr_for_each_entry_ul()
56cddb5e657f net: r8169: Disable multicast filter for RTL8168H and RTL8107E
e5a664ef4928 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
3af0af2f98f3 dccp: Call security_inet_conn_request() after setting IPv4 addresses.
afa49774d812 inet: shrink struct flowi_common
2199260c42e6 tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
cbdcdf42d15d llc: verify mac len before reading mac header
50d122536661 Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
e3677bfcbbcb pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
6e9b5295892e pwm: sti: Reduce number of allocations and drop usage of chip_data
19e45307f71f pwm: sti: Avoid conditional gotos
c4d5179e42b4 regmap: prevent noinc writes from clobbering cache
d62d868b30b8 media: dvb-usb-v2: af9035: fix missing unlock
7843a9bfbe13 media: s3c-camif: Avoid inappropriate kfree()
b35fdade92c5 media: bttv: fix use after free error due to btv->timeout timer
0bc0e36fccc2 pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
1502edd4a014 pcmcia: ds: fix refcount leak in pcmcia_device_add()
58d6fb6a933c pcmcia: cs: fix possible hung task and memory leak pccardd()
37212eede637 rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
204beeb509d3 i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
247ed618f534 powerpc/pseries: fix potential memory leak in init_cpu_associativity()
cee681d4b22b powerpc/imc-pmu: Use the correct spinlock initializer.
dc5804b47b66 powerpc/xive: Fix endian conversion size
b6cffe8dd7cd modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
90ab33735e2e f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
9f20b06214dc dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
688326e2cf9e USB: usbip: fix stub_dev hub disconnect
b003b7a7d42e tools: iio: iio_generic_buffer ensure alignment
7a64d15db7aa tools: iio: iio_generic_buffer: Fix some integer type and calculation
db6d5b9ff6e8 tools: iio: privatize globals and functions in iio_generic_buffer.c file
55b90e4c406a misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
ed9b2ad3b9ca dmaengine: ti: edma: handle irq_of_parse_and_map() errors
64c47749fc75 usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
4050f13f71f2 tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
ba46faaa49c5 leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
abfd682fc5f0 ledtrig-cpu: Limit to 8 CPUs
f6c3b7a4ce51 leds: pwm: Don't disable the PWM when the LED should be off
cd6f50115fab leds: pwm: convert to atomic PWM API
9686f771c096 leds: pwm: simplify if condition
87b1ee831ddf mfd: dln2: Fix double put in dln2_probe
b843d2cd134b ASoC: ams-delta.c: use component after check
4634c9cc726d ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
66888e6953f8 sh: bios: Revive earlyprintk support
fdcbe9ce7bf3 RDMA/hfi1: Workaround truncation compilation error
01698922f5d3 scsi: ufs: core: Leave space for '\0' in utf8 desc string
3c61391a31a6 ext4: move 'ix' sanity check to corrent position
454e6493bbda ARM: 9321/1: memset: cast the constant byte to unsigned char
727203e6e7e7 hid: cp2112: Fix duplicate workqueue initialization
48bb2931f24c HID: cp2112: Use irqchip template
7b62cf90d0ea crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
090e89c71620 crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
40ba3fa21250 nd_btt: Make BTT lanes preemptible
68655462f8be sched/rt: Provide migrate_disable/enable() inlines
d14a373fe559 libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value
f5d95a39683e hwrng: geode - fix accessing registers
e4e4d4abb82b clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
ce11e445d0ae firmware: ti_sci: Mark driver as non removable
5d97cc0b491e firmware: ti_sci: Replace HTTP links with HTTPS ones
cc1a1dcb411f soc: qcom: llcc: Handle a second device without data corruption
813fdddde20f soc: qcom: Rename llcc-slice to llcc-qcom
077010717b52 soc: qcom: llcc cleanup to get rid of sdm845 specific driver file
3da50ee512e2 ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
6b464d9414e3 arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
64d990086065 drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
ddc42881f170 drm/radeon: possible buffer overflow
4a29f0f7a1b7 drm/rockchip: vop: Fix call to crtc reset helper
824f0f4f93c6 drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
eaf62ea6504f hwmon: (coretemp) Fix potentially truncated sysfs attribute name
9fb0eed09e14 platform/x86: wmi: Fix opening of char device
22117b77eecb platform/x86: wmi: remove unnecessary initializations
1607ea8a8161 platform/x86: wmi: Fix probe failure when failing to register WMI devices
d1461f0c9ca0 clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
e8ae4b49dd9c clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
cfa68e0ac5dc clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
2705c5b97f50 clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
fbe466f06d4e clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
8ae911637b0b clk: npcm7xx: Fix incorrect kfree
cbcf67b0bc5d clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
3d38bc4bab88 clk: imx: Select MXC_CLK for CLK_IMX8QXP
ae98b5ef991a clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
15f335494bb3 clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents
141ccc127230 clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
dbf13624b2de regmap: debugfs: Fix a erroneous check after snprintf()
af50165c1218 ipvlan: properly track tx_errors
76304c749e05 net: add DEV_STATS_READ() helper
4482b250c895 ipv6: avoid atomic fragment on GSO packets
19d527337870 ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
5105d46146f2 tcp: fix cookie_init_timestamp() overflows
e4e819bdc8f3 tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp
7ab8aa73002c chtls: fix tp->rcv_tstamp initialization
75bbf6e93462 r8169: fix rare issue with broken rx after link-down on RTL8125
282342bc47c6 r8169: use tp_to_dev instead of open code
3091ab943dfc thermal: core: prevent potential string overflow
35854733ae67 can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
b53be254d30f can: dev: can_restart(): don't crash kernel if carrier is OK
a29f012a27cf wifi: rtlwifi: fix EDCA limit set by BT coexistence
bed72a332f02 tcp_metrics: do not create an entry from tcp_init_metrics()
f3902c0e6f08 tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
b78f2b7774a0 tcp_metrics: add missing barriers on delete
af0fe2c2ff4d wifi: mt76: mt7603: rework/fix rx pse hang check
a2e99dbdc127 wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
c9b929f7932b tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
25eaef1d0d0e i40e: fix potential memory leaks in i40e_remove()
09ce728c9e27 genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
3718a48ef495 vfs: fix readahead(2) on block devices
(From OE-Core rev: a1e332f095eec1cb7a386a14c9ff4ce59594901a)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
