Updating to the latest korg -stable release that comprises
the following commits:
f6f7927ac664 Linux 5.15.127
c597d8cb0d33 timers/nohz: Last resort update jiffies on nohz_full IRQ entry
b4d36e6c5dc4 timers/nohz: Switch to ONESHOT_STOPPED in the low-res handler when the tick is stopped
c3b954a51b64 tick: Detect and fix jiffies update stall
af99918f0e39 sch_netem: fix issues in netem_change() vs get_dist_table()
5d094d4e7b99 alpha: remove __init annotation from exported page_is_ram()
f8d6d25756ea scsi: qedf: Fix firmware halt over suspend and resume
85db1cd1744e scsi: qedi: Fix firmware halt over suspend and resume
e70469c28953 scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
6bc7f4c8c27d scsi: core: Fix possible memory leak if device_add() fails
461f8ac666fa scsi: snic: Fix possible memory leak if device_add() fails
171e117cdc0a scsi: 53c700: Check that command slot is not NULL
7a792b3d888a scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
0f52d7b78251 scsi: core: Fix legacy /proc parsing buffer overflow
b757ef99df39 netfilter: nf_tables: report use refcount overflow
9bdbbcf9d148 nvme-rdma: fix potential unbalanced freeze & unfreeze
d68f8ef6ef70 nvme-tcp: fix potential unbalanced freeze & unfreeze
ae6e21f8bb2a btrfs: set cache_block_group_error if we find an error
314135b7bae9 btrfs: reject invalid reloc tree root keys with stack dump
69dd147de419 btrfs: exit gracefully if reloc roots don't match
c40d4b60c58d btrfs: don't stop integrity writeback too early
555e126dd30b ibmvnic: Handle DMA unmapping of login buffs in release functions
34fcc823823a ibmvnic: Unmap DMA login rsp buffer on send login fail
cee62753cf2e ibmvnic: Enforce stronger sanity checks on login response
27e8db8380eb net/mlx5: Skip clock update work when device is in error state
f638fc2f7377 net/mlx5: Allow 0 for total host VFs
086a80eb6213 dmaengine: mcf-edma: Fix a potential un-allocated memory access
7e1dc94b2d50 nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID
608a4327c257 nexthop: Make nexthop bucket dump more efficient
4457300cfd84 nexthop: Fix infinite nexthop dump when using maximum nexthop ID
91307347d632 net: hns3: add wait until mac link down
094310eb2b93 net: hns3: refactor hclge_mac_link_status_wait for interface reuse
1ae9703c2e32 net: phy: at803x: remove set/get wol callbacks for AR8032
7d496cd83a9d RDMA/umem: Set iova in ODP flow
f78a4238a873 wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
26a27dd76054 drm/rockchip: Don't spam logs in atomic check
918c1e6843b7 IB/hfi1: Fix possible panic during hotplug remove
df21468bfdc8 iavf: fix potential races for FDIR filters
b1f985cf1c52 drivers: net: prevent tun_build_skb() to exceed the packet size limit
f239c9e1d98b dccp: fix data-race around dp->dccps_mss_cache
49a1fee22fae bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
789fcd94c9ca xsk: fix refcount underflow in error path
e95808121953 tunnels: fix kasan splat when generating ipv4 pmtu error
7903311b2cec net/packet: annotate data-races around tp->status
f4614e379bf9 mISDN: Update parameter type of dsp_cmx_send()
3961761af392 bpf, sockmap: Fix bug that strp_done cannot be called
20d53895d5c0 bpf, sockmap: Fix map type error in sock_map_del_link
a09c258cfa77 net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
85af0b226c0b selftests: forwarding: tc_flower: Relax success criterion
7b3fa99526f9 selftests: forwarding: Switch off timeout
e410f85ebca9 selftests: forwarding: Skip test when no interfaces are specified
4a4499452620 selftests: forwarding: ethtool_extended_state: Skip when using veth pairs
b8d216e9c607 selftests: forwarding: ethtool: Skip when using veth pairs
b9dfb80d9fb2 selftests: forwarding: Add a helper to skip test when using veth pairs
b973eb76dff3 selftests/rseq: Fix build with undefined __weak
b8b8db5857d4 drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
4c6767c8bf5e x86: Move gds_ucode_mitigated() declaration to header
f919cbc90441 x86/speculation: Add cpu_show_gds() prototype
9290ef14c96b x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
829409510d00 x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
c41a22b93d7c x86/srso: Fix build breakage with the LLVM linker
c2372b1559d4 usb: typec: tcpm: Fix response to vsafe0V event
f776b94ccdf0 usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
00cc14b52d6f usb: dwc3: Properly handle processing of pending events
7a11d1e2625b usb-storage: alauda: Fix uninit-value in alauda_check_media()
945e1b3c361b misc: rtsx: judge ASPM Mode to set PETXCFG Reg
03eebad96233 binder: fix memory leak in binder_init()
a8e2ae6296d5 iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
2df8ae1e42b8 iio: cros_ec: Fix the allocation size for cros_ec_command
a7cedc2b7612 io_uring: correct check for O_TMPFILE
697bc234632c selftests/bpf: Fix sk_assign on s390x
127277262110 selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code
ee701208f4cc selftests/bpf: make test_align selftest more robust
683d2969a082 bpf: aggressively forget precise markings during state checkpointing
2516deeb872a bpf: stop setting precise in current state
c47d0178ad86 bpf: allow precision tracking for programs with subprogs
3645510cf926 nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
36a3b560c78d radix tree test suite: fix incorrect allocation size for pthreads
8d10284243b7 hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100
3ad4ba2b6112 drm/amd/display: check attr flag before set cursor degamma on DCN3+
621204fca047 drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap()
64e6253f6489 drm/nouveau/gr: enable memory loads on helper invocation on all channels
bcd9eeb3a309 riscv,mmio: Fix readX()-to-delay() ordering
57772ae9b339 dmaengine: pl330: Return DMA_PAUSED when transaction is paused
3ca8f5c733c4 ipv6: adjust ndisc_is_useropt() to also return true for PIO
6cde60777675 mmc: moxart: read scr register without changing byte order
3f00757ab416 wireguard: allowedips: expand maximum node depth
aeb974907642 ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
595679098bdc ksmbd: validate command request size
(From OE-Core rev: b0dc6cea72d2c61babef286effbc2019b39dc3ea)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating to the latest korg -stable release that comprises
the following commits:
24c4de4069cb Linux 5.15.126
aeb4db8ab7f1 PM: sleep: wakeirq: fix wake irq arming
b5d3a4251bd2 PM / wakeirq: support enabling wake-up irq after runtime_suspend called
a36b522767f3 soundwire: fix enumeration completion
7996facaf0ee soundwire: bus: pm_runtime_request_resume on peripheral attachment
c91c07ae0849 selftests/rseq: Play nice with binaries statically linked against glibc 2.35+
1cdb50faf7f7 selftests/rseq: check if libc rseq support is registered
0f1f471b91f4 drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
5058c1444040 powerpc/mm/altmap: Fix altmap boundary check
eb7a5e4d14c8 mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
70643e98cbc3 mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
1796b492f8cc mtd: rawnand: rockchip: fix oobfree offset and description
f6807b62fb0e mtd: rawnand: omap_elm: Fix incorrect type in assignment
596be6716bc5 ext2: Drop fragment support
0ccfe21949bc fs: Protect reconfiguration of sb read-write from racing writes
27d0f755d649 net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
fbe5a2fed815 Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
afd9a31b5aa4 fs/sysv: Null check to prevent null-ptr-deref bug
80ec112c1996 fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
0d6f639f1dcd file: reinstate f_pos locking optimization for regular files
b44d28b98f18 bpf, cpumap: Make sure kthread is running before map update returns
8089eb93d678 drm/ttm: check null pointer before accessing when swapping
ef0d07c66843 open: make RESOLVE_CACHED correctly test for O_TMPFILE
c81bdf8f9f2b bpf: Disable preemption in bpf_event_output
ae07cfe2b099 rbd: prevent busy loop when requesting exclusive lock
7978bcca4c1f wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
32ca6a55e10e net: tap_open(): set sk_uid from current_fsuid()
4ed3eed99ee6 net: tun_chr_open(): set sk_uid from current_fsuid()
adacc3a954fa arm64: dts: stratix10: fix incorrect I2C property for SCL signal
b92c88009da1 mtd: rawnand: meson: fix OOB available bytes for ECC
b0875c583e41 mtd: spinand: toshiba: Fix ecc_get_status
1c33ca1e1974 exfat: release s_lock before calling dir_emit()
8a34a242cf03 exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
a74878207b02 x86/CPU/AMD: Do not leak quotient data after a division by 0
b8f029fc4075 firmware: arm_scmi: Drop OF node reference in the transport channel setup
287c2c8677ed ceph: defer stopping mdsc delayed_work
98b521d10e73 USB: zaurus: Add ID for A-300/B-500/C-700
cd6872f2cf56 libceph: fix potential hang in ceph_osdc_notify()
e5f5b4a89809 scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
212a9a3c67be scsi: zfcp: Defer fc_rport blocking until after ADISC response
dac382725394 tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
4517782e1bc3 tcp_metrics: annotate data-races around tm->tcpm_net
e842a68667d4 tcp_metrics: annotate data-races around tm->tcpm_vals[]
d3184bea4ace tcp_metrics: annotate data-races around tm->tcpm_lock
9a7367cbe33d tcp_metrics: annotate data-races around tm->tcpm_stamp
6f6bd67f4894 tcp_metrics: fix addr_same() helper
b0acbcf1e7a1 prestera: fix fallback to previous version on same major version
d6d9d0f5a5e0 net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
c999fb1039dd net/mlx5: fs_core: Make find_closest_ft more generic
32ef2c0c6cf1 vxlan: Fix nexthop hash size
1bb54a21f4d9 ip6mr: Fix skb_under_panic in ip6mr_cache_report()
64e3affee288 s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
a0da2684db18 net: dcb: choose correct policy to parse DCB_ATTR_BCN
193333229aac net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
766c9dd00c5f net: korina: handle clk prepare error in korina_probe()
6cecfdf65053 net: ll_temac: fix error checking of irq_of_parse_and_map()
3761ff4f8670 net: ll_temac: Switch to use dev_err_probe() helper
5c534640a7da bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
79c3d81c9ad1 net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
9edf7955025a net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
262430dfc618 net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
b58d34068fd9 bpf, cpumap: Handle skb as well when clean up ptr_ring
f04f6d9b3b06 net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
2c55d4941518 net: add missing data-race annotation for sk_ll_usec
e934c50c48e2 net: add missing data-race annotations around sk->sk_peek_off
fdd8d8d54d6a net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
98f0d1db3a27 net: add missing READ_ONCE(sk->sk_sndbuf) annotation
0d1047b77b23 net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
6c058a1f67f0 net: annotate data-races around sk->sk_max_pacing_rate
2950c5ac65b3 qed: Fix scheduling in a tasklet while getting stats
a19952dbb5b6 qed: Fix kernel-doc warnings
6d8c259f4827 mISDN: hfcpci: Fix potential deadlock on &hc->lock
8dedcc6af341 net: sched: cls_u32: Fix match key mis-addressing
675d29de69c7 perf test uprobe_from_different_cu: Skip if there is no gcc
0f6e3d8d7f91 net: dsa: fix value check in bcm_sf2_sw_probe()
047508edd602 rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
cc9ebceaa6d0 bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
8f9a04c742e1 net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
00cecb0a8f9e net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
4c224ea31bed wifi: cfg80211: Fix return value in scan logic
8e72db3ffa5d KVM: s390: fix sthyi error handling
809edb4262f0 word-at-a-time: use the same return type for has_zero regardless of endianness
b7880809d75d arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
804e72062be4 iommu/arm-smmu-v3: Document nesting-related errata
744e6b80b830 iommu/arm-smmu-v3: Add explicit feature for nesting
fd86b5944215 iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
2de9f3dcfe63 iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
a850fa85d477 arm64: errata: Add detection for TRBE write to out-of-range
073699df4a09 arm64: errata: Add workaround for TSB flush failures
44b45e8161a5 net/mlx5: Free irqs only on shutdown callback
40601542c43c perf: Fix function pointer case
c12fa4ac8997 io_uring: gate iowait schedule on having pending requests
(From OE-Core rev: 0cb9289e67ad5da4c9612daf74aa8ff51c3c9c75)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Depending on the version of glibc, localtime_r() must
be preceded by a call to tzset() or it will ignore any
value of TZ in the environment. This problem will only
be seen when building file-native on outdated hosts.
(From OE-Core rev: c99d7fc46a1070b1c659ed16fbff6a3553aaf209)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 791145f3064d7807630d3591b9e7c7b2dc37152c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch for Libwebp 1.3.1 to fix CVE-2023-5129.
(From OE-Core rev: 852068debb268669699ad9a8dbe44907a19aa482)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This document was suggesting a way to version pre-releases
which doesn't match the latest recommendations from the
contributor guide.
(From yocto-docs rev: bb74a9f83b84fa0d2836ed09175cac3c671b1042)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace "duplicate" by "obsolete", more appropriate.
"duplicate" probably comes from the "--remove-duplicated"
option of the sstate-cache-management.sh script.
Improve other sentences too.
(From yocto-docs rev: e893d66999a97732780ff2b1ba6fb7e6e9d2eff7)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CC: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Take advantage of this edit to also fix alignment
issues in the sources.
(From yocto-docs rev: 6d17f91c3078b5aeb6fa4acab8c9a0ff8e962fa5)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Variable overrides in KCONFIG_CONFIG_COMMAND do not work as expected due
to double quote mismatches. The issue is reproducible in an environment
where gold is the default linker. Below is an example snippet of
run.do_terminal generated by do_menuconfig.
do_terminal() {
exec sh -c "make menuconfig CC="aarch64-webos-linux-gcc ..."
LD="aarch64-webos-linux-ld.bfd ..."
...
}
Although LD override is set to bfd correctly, it is not passed to make
and make menuconfig ends up with messages like:
| gold linker is not supported as it is not capable of linking the kernel proper.
| scripts/Kconfig.include:56: Sorry, this linker is not supported.
(From OE-Core rev: 9c483765db762dbe8020423c8778518612b7e5f7)
(From OE-Core rev: 75f8485d7862b08e2f96f919e992d203df6c8d9c)
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4664d2b79)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The gcc_multilib_setup function is a function that is run at the
do_configure step, so it's counted into the signature computation.
The MULTILIB_VARIANTS this function uses is also extracted to be
taken into consideration. After the change of setting MULTILIB_VARIANTS
explictly vardeps on MULTILIBS, the change of MULTILIBS changes the
signature, thus causing rebuilding. However, in case of gcc-crosssdk,
the setting of multilib should have no effect on it, as it's used
to build nativesdk packages, not the target packages. So ignore
MULTILIB_VARIANTS in signature computation. This fixes oe-selftest
case sstatetests.SStateHashSameSigs2.test_sstate_nativesdk_samesigs_multilib.
(From OE-Core rev: 537c71162a711dec32a63a657c4b101269a3e267)
(From OE-Core rev: 6b87f7c9e955abe5833820ee7eda9d525c77d2ea)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch is to ensure recipes get rebuilt correctly and avoid
incorrect sstate cache reuse when toggling multilib.
The following steps show one example of such incorrect sstate cache reuse.
1. enable multilib && bitbake <some_image> -c populate_sdk
2. disable multilib && bitbake <some_image> -c populate_sdk
The error message is as below:
Error:
Problem: conflicting requests
- nothing provides binutils-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
- nothing provides gcc-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
- nothing provides gdb-cross-canadian-i686 needed by packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
(try to add '--skip-broken' to skip uninstallable packages)
We get this error because packagegroup-cross-canadian recipe is
not rebuilt when it should be.
Current codes have tracked the dependency to MULTILIB_VARIANTS, as
shown in the following chain:
RDEPENDS:packagegroup-cross-canadian-intel-x86-64 ->
all_multilib_tune_values -> MULTILIB_VARIANTS.
However, MULTILIB_VARIANTS cannot automatically depend on MULTILIBS.
See some results from 'bitbake-dumpsigs' below:
List of dependencies for variable MULTILIB_VARIANTS is ['extend_variants']
Variable MULTILIB_VARIANTS value is ${@extend_variants(d,'MULTILIBS','multilib')}
It's obvious that the value of MULTILIB_VARIANTS depend on the
value of MULTILIBS, so let's set this dependency manually.
(From OE-Core rev: 9f47d8eb51816d16078a23c0cef4d697555f913f)
(From OE-Core rev: 8ed254dd5e44d0685e5b952f724af08d75ce3d9d)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
drop patch which is already part of 5.1.3.
0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3964):
1eb002596e
0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch(CVE-2022-3965):
293dc39bca
ffmpeg-fix-vulkan.patch : 7268323193
(From OE-Core rev: aeee19cda946b67f33c7b7c02c86513676bc89bd)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
release notes:
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19
Security Fixes
Previously, sending a specially crafted message over the control channel
could cause the packet-parsing code to run out of available stack
memory, causing named to terminate unexpectedly. This has been fixed.
(CVE-2023-3341)
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing
this vulnerability to our attention. [GL #4152]
A flaw in the networking code handling DNS-over-TLS queries could cause
named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load. This has been fixed.
(CVE-2023-4236)
ISC would like to thank Robert Story from USC/ISI Root Server Operations
for bringing this vulnerability to our attention. [GL #4242]
Removed Features
The dnssec-must-be-secure option has been deprecated and will be removed
in a future release. [GL #4263]
Feature Changes
If the server command is specified, nsupdate now honors the nsupdate -v
option for SOA queries by sending both the UPDATE request and the
initial query over TCP. [GL #1181]
Bug Fixes
The value of the If-Modified-Since header in the statistics channel was
not being correctly validated for its length, potentially allowing an
authorized user to trigger a buffer overflow. Ensuring the statistics
channel is configured correctly to grant access exclusively to
authorized users is essential (see the statistics-channels block
definition and usage section). [GL #4124]
This issue was reported independently by Eric Sesterhenn of X41 D-Sec
GmbH and Cameron Whitehead.
The Content-Length header in the statistics channel was lacking proper
bounds checking. A negative or excessively large value could potentially
trigger an integer overflow and result in an assertion failure. [GL
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
Several memory leaks caused by not clearing the OpenSSL error stack were
fixed. [GL #4159]
This issue was reported by Eric Sesterhenn of X41 D-Sec GmbH.
The introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs
UPDATE policies accidentally caused named to return SERVFAIL responses
to deletion requests for non-existent PTR and SRV records. This has been
fixed. [GL #4280]
The stale-refresh-time feature was mistakenly disabled when the server
cache was flushed by rndc flush. This has been fixed. [GL #4278]
BIND’s memory consumption has been improved by implementing dedicated
jemalloc memory arenas for sending buffers. This optimization ensures
that memory usage is more efficient and better manages the return of
memory pages to the operating system. [GL #4038]
Previously, partial writes in the TLS DNS code were not accounted for
correctly, which could have led to DNS message corruption. This has been
fixed. [GL #4255]
Known Issues
There are no new known issues with this release. See above for a list of
all known issues affecting this BIND 9 branch.
(From OE-Core rev: 663397edba278184a736e97aa602d3f96d2d937a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
============
Deprecate the 'dialup' and 'heartbeat-interval' options.
Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured.
Mark a primary server as temporarily unreachable if the TCP connection attempt times out.
Don't process detach and close netmgr events when the netmgr has been paused.
(cherry-pick from commit e78ec619beea6e541b2d83a5dc845ce57ff12564)
(From OE-Core rev: 3cb92c8746f589ef74e337e5866378e04a8133ef)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The delta between 3.1.32 & 3.1.37 contains the CVE-2023-40590 and
CVE-2023-41040 fixes and other bugfixes.
Changelog:
==========
- WIP Quick doc by @LeoDaCoda in #1608
- Partial clean up wrt mypy and black by @bodograumann in #1617
- Disable merge_includes in config writers by @bodograumann in #1618
- feat: full typing for "progress" parameter in Repo class by @madebylydia in #1634
- Fix CVE-2023-40590 by @EliahKagan in #1636
- #1566 Creating a lock now uses python built-in "open()" method to work arou… by @HageMaster3108 in #1619
- util: close lockfile after opening successfully by @skshetry in #1639
- Bump actions/checkout from 3 to 4 by @dependabot in #1643
- Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @CosmosAtlas in #1645
- Fix CVE-2023-41040 by @facutuesca in #1644
- Only make config more permissive in tests that need it by @EliahKagan in #1648
- Added test for PR #1645 submodule path by @CosmosAtlas in #1647
- Fix Windows environment variable upcasing bug by @EliahKagan in #1650
- Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in #1654
- Better document env_case test/fixture and cwd by @EliahKagan in #1657
- Remove spurious executable permissions by @EliahKagan in #1658
- Fix up checks in Makefile and make them portable by @EliahKagan in #1661
- Fix URLs that were redirecting to another license by @EliahKagan in #1662
- Assorted small fixes/improvements to root dir docs by @EliahKagan in #1663
- Use venv instead of virtualenv in test_installation by @EliahKagan in #1664
- Omit py_modules in setup by @EliahKagan in #1665
- Don't track code coverage temporary files by @EliahKagan in #1666
- Configure tox by @EliahKagan in #1667
- Format tests with black and auto-exclude untracked paths by @EliahKagan in #1668
- Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in #1673
- Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in #1675
- Remove @NoEffect annotations by @EliahKagan in #1677
- Add more checks for the validity of refnames by @facutuesca in #1672
Note that the changes to the license file are just removal of excess whitespace
(the extra blank line at the end, and spaces appearing at the end of lines).
References:
https://github.com/gitpython-developers/GitPython/releaseshttps://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rste1af18377f
(From OE-Core rev: 931af3758a2d79aea534ab6d23db392ede7cc1bb)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The override syntax should be ":allarch" instead of "_allarch".
(From OE-Core rev: 72d3ecb22fea59d2520997b3f0a0651557d69ae7)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bea74c9942a3bb4f71aca0f722b4a7306ae52fb4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This includes multiple CVE fixes.
The license change is due to changes in maintainership, the license
itself is unchanged.
(From OE-Core rev: a90e3d1bac7c965e357103c05bf31fd804b87c0b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91e66b93a0c0928f0c2cfe78e22898a6c9800f34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the QEMU built-in VNC server. When a client connects
to the VNC server, QEMU checks whether the current number of connections
crosses a certain threshold and if so, cleans up the previous connection.
If the previous connection happens to be in the handshake phase and fails,
QEMU cleans up the connection again, resulting in a NULL pointer dereference
issue. This could allow a remote unauthenticated client to cause a denial
of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3354
(From OE-Core rev: 8f0b34f7ad5ef842d60c9b93ce2c6142d3249890)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
":term:`Initramfs`" in bold text appears verbatim (no link is created).
The term link is present elsewhere in the text so remove the extra
markup.
(From yocto-docs rev: fc8e220290414dab45299d0ac829c8c461b1903c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- Update according to changes in SANITY_TESTED_DISTROS
(meta-poky/conf/distro/poky.conf)
- No longer declare as "Supported" the distributions versions
which are End of Life for their vendors, as some of them
(Ubuntu for example) ship updates to subscribers only,
which the Yocto Project has no access to.
- List distribution versions which were previously tested
for the branch of the Yocto Project being considered.
(From yocto-docs rev: fd5113b7e20844a44a2c9da37e1bc10034d46cfe)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add in stable updates to glibc 2.38 to fix malloc bugs
(From OE-Core rev: 055b7acd73a591cb529629a780558cc0f5b19456)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39f987fcb20ad7c0e45425b9f508d463c50ce0c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport and rebase patch to fix CVE-2023-32435 for webkitgtk 2.38.6:
* drop the patches for the files WasmAirIRGenerator64.cpp and
WasmAirIRGeneratorBase.h which are involved in 2.40.0
* drop test cases as well
CVE: CVE-2023-32435
(From OE-Core rev: c54f98d35f2cb276dc49a5ccd4813ccc34c6f668)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch to fix CVE-2023-32439 for webkitgtk.
CVE: CVE-2023-32439
(From OE-Core rev: 71edb4ec115208950ae5da5305b5fd75823121ec)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests due to receipt of the
`GOAWAY` frame skips de-allocation of the bookkeeping structure
and pending compressed header. The error return [code path] is
taken if connection is already marked for not sending more
requests due to `GOAWAY` frame. The clean-up code is right after
the return statement, causing memory leak. Denial of service
through memory exhaustion. This vulnerability was patched in
versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-35945https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
(From OE-Core rev: 18277a43f7fd6522a67f194f40595bc378468733)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From OE-Core rev: ff2288cd466c46c4e2cac24498b260037dba5071)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
vim 8.3 has been out for a long time, so this comment is obsolete.
However we still need UPSTREAM_VERSION_UNKNOWN, since we ignore
the last digit of the upstream version number.
Test result:
$ devtool check-upgrade-status vim
...
INFO: vim 9.0.1592 UNKNOWN Tom Rini <trini@konsulko.com> c0370529c027abc5b1698d53fcfb8c02a0c515da
(From OE-Core rev: 65f5de85c3f488136d1ec2b1f7fe8d8426d6c5b3)
(From OE-Core rev: 981fa51afe040550c7c351fff028553d4bbbd1ca)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 868a19357841470eb55fb7f1c4ab1af09dea99ed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We need to ensure this recipe doesn't have dependencies on others. The SPDX
classes/tasks introduce dependenies quilt-native and patch-native which can
introduce races on files in the sysroots. Avoid the races by removing the
tasks we don't need.
[YOCTO #15186]
(From OE-Core rev: a3e2e156c602e7fabf0024a6c9dc4603d327f08b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a5dc278b077edba8f4099f0f6dfb97e97f680320)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
