Updating to the latest korg -stable release that comprises
the following commits:
6849d8c4a61a Linux 5.4.238
eb7716a054a6 HID: uhid: Over-ride the default maximum data buffer value with our own
b687ac70e66a HID: core: Provide new max_buffer_size attribute to over-ride the default
144019e81396 PCI: Unify delay handling for reset and resume
d2130f37a4a0 s390/ipl: add missing intersection check to ipl_report handling
3f5a833dca66 serial: 8250_em: Fix UART port type
c5afb97d1b51 drm/i915: Don't use stolen memory for ring buffers with LLC
8d26a4fecce5 x86/mm: Fix use of uninitialized buffer in sme_enable()
a976ff743eb1 fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
ac58b88ccbbb ftrace: Fix invalid address access in lookup_rec() when index is 0
65e4c9a6d0c9 KVM: nVMX: add missing consistency checks for CR0 and CR4
6fe55dce9dd6 tracing: Make tracepoint lockdep check actually test something
780f69a2685b tracing: Check field value in hist_field_name()
f1e3a20c6019 interconnect: fix mem leak when freeing nodes
325608ab60fa tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
c16cbd8233d6 ext4: fix possible double unlock when moving a directory
6a1bd14d5e34 sh: intc: Avoid spurious sizeof-pointer-div warning
bbf5eada4334 drm/amdkfd: Fix an illegal memory access
2c96c52aeaa6 ext4: fix task hung in ext4_xattr_delete_inode
20ba6f8a8073 ext4: fail ext4_iget if special inode unallocated
ab519e29891d jffs2: correct logic when creating a hole in jffs2_write_begin
00bfc67c65a1 mmc: atmel-mci: fix race between stop command and start of next command
75f6faae2de6 media: m5mols: fix off-by-one loop termination error
9eb394919c97 hwmon: (ina3221) return prober error code
26c176ce9028 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
13efd488d398 hwmon: (adt7475) Fix masking of hysteresis registers
0d3095e958f0 hwmon: (adt7475) Display smoothing attributes in correct order
674fce59d61d ethernet: sun: add check for the mdesc_grab()
71da5991b643 net/iucv: Fix size of interrupt data
e0d07a3203c3 net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
5c06bd3de134 ipv4: Fix incorrect table ID in IOCTL path
c4fcfbf80c3c block: sunvdc: add check for mdesc_grab() returning NULL
04c394208831 nvmet: avoid potential UAF in nvmet_req_complete()
9fabdd79051a net: usb: smsc75xx: Limit packet length to skb->len
b0c202a8dc63 nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
668de67d4110 net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
5aaab217c8f5 net: tunnels: annotate lockless accesses to dev->needed_headroom
cba20ade78ef qed/qed_dev: guard against a possible division by zero
6e18f66b704b i40e: Fix kernel crash during reboot when adapter is in recovery mode
f0216046aeb8 ipvlan: Make skb->skb_iif track skb->dev for l3s mode
0f9c1f26d434 nfc: pn533: initialize struct pn533_out_arg properly
442aa78ed701 tcp: tcp_make_synack() can be called from process context
88c3d3bb6469 scsi: core: Fix a procfs host directory removal regression
4b4f5e34f08b scsi: core: Fix a comment in function scsi_host_dev_release()
0d59732f2a5b netfilter: nft_redir: correct value of inet type `.maxattrs`
90279211e96b ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
0b7057c52377 ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
5bb9fcaadb8c ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid
9efbdc743ded ALSA: hda - controller is in GPU on the DG1
fc52e51c2c30 ALSA: hda - add Intel DG1 PCI and HDMI ids
090305c36185 scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
b8849e31a056 docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
9e45e4571576 clk: HI655X: select REGMAP instead of depending on it
dac08e46f0ad drm/meson: fix 1px pink line on GXM when scaling video overlay
d7e48aa17a81 cifs: Move the in_send statistic to __smb_send_rqst()
06c208002d0d drm/panfrost: Don't sync rpm suspension after mmu flushing
c9900d1d86f0 xfrm: Allow transport-mode states with AF_UNSPEC selector
4008fb9ad474 ext4: fix cgroup writeback accounting with fs-layer encryption
(From OE-Core rev: 175d05d717b972d9b6bf36f170bc6cfa69b57dce)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This test will fail any time the host has libdrm > 2.4.107
(From OE-Core rev: e4b98a42970574296e0da06842691b9fc1ffc9a1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This will use default values when no distribution is set.
[YOCTO #15086]
(From OE-Core rev: 1a28c6cfe0e6c4b44d01778f8034231040c6d4ad)
Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 888fe63b46efceeff08dbe8c4f66fec33d06cb7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* otherwise it ends '<unknown>' inside esdk, because of parsing order:
# $METADATA_REVISION [3 operations]
# set /OE/build/test-D/conf/local.conf:43
# "f2da54ef432eac89b0f18eaad68e602b6990b5de"
# immediate /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:9
# "${@oe.buildcfg.detect_revision(d)}"
# set /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:10
# [vardepvalue] "${METADATA_REVISION}"
# pre-expansion value:
# "<unknown>"
METADATA_REVISION="<unknown>"
* This causes base-files.do_install and following tasks to have different
signatures between esdk and the build directory where this esdk was created:
bitbake-diffsigs {test-D,poky/build-uninative-disabled}/tmp/stamps/qemux86_64-poky-linux/base-files/*do_install*sigdata*
NOTE: Starting bitbake server...
basehash changed from 5b6981cf58bfd57d416b0e31611b73a26baae635dd1ac31c08d46f95064c3ffc to dbdce042da4d7813d632b6d1cc87a16f728ad20e55fecbc392830e6acf72babd
Variable METADATA_REVISION value changed from '<unknown>' to 'f2da54ef432eac89b0f18eaad68e602b6990b5de'
and an warning from "python3 /OE/build/test-D/ext-sdk-prepare.py" when eSDK is being prepared for use:
WARNING: The base-files:do_install sig is computed to be 83b9c9a6ef1145baac5a1e0d08814b9156af239c58fc42df95c25a9cd8a7f201,
but the sig is locked to 3dc22233059075978e5503691e98e79e7cc60db94259dfcd886bca2291c0add7 in SIGGEN_LOCKEDSIGS_t-qemux86-64
[RP: Add commit about why we need the override for future reference]
(From OE-Core rev: 8f0e2e505d11697d0a1280b0a77a3fe8d72a4d49)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 675ea7281c17f77bf5dea17cfd4d9da0928382a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is a bit of a compatibility issue more than anything. Some devices
get upset if the FAT file system contains less blocks than the
partition.
The fixed-size argument is currently respected by the partition creation
step but not by the file system creation step. Let's make it so the file
system respects this value as well.
(From OE-Core rev: 2126242c19b0c3dea12c605da8b24b08a9cb803f)
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d16301ccdfb97bf126738262eec594008c282df1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
perf has need for python setuptools when scripting is enabled
from 6.0.0 onwards it seems to throw an explicit error
(From OE-Core rev: cfdaa6afaca28dd91c9738a97bb21eab5dae2817)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit da3d00178809bbf7cc453401e0c5937796ebc2c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Due to signedness, the checksum is not computed when filesize is bigger
a 2GB. Pick a fix for this problem from CPIO ML, where the fix has been
posted for 5 years. Since CPIO upstream is effectively unresponsive and
any and all attempts to communicate with the maintainer and get the fix
applied upstream failed, add the fix here instead.
(From OE-Core rev: bfff138af4bdd356ac66571e6ad91c1a5599b935)
(From OE-Core rev: 0a8fb1c00e75e8434e0ef433d9074d54f038fba1)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The CVE product name for PyPI packages is (usually) the same as the PyPI
package name (and not our recipe name), so use that as the default.
(From OE-Core rev: 1c37b96cd4fdfad21bf24b8b883e371c3bca56de)
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61f6b0ad09bf87cdc2d3f08770b7c44cad1d0e58)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The upstream patch for CVE-2023-27534 does three things:
1) creates new path with dynbuf(dynamic buffer)
2) solves the tilde error which causes CVE-2023-27534
3) modifies the below added functionality to not add a trailing "/" to the user home dir if it already ends with one with dynbuf.
dynbuf functionalities are added in curl in later versions and are not essential to fix the vulnerability but does add extra feature in later versions.
This patch completes the 3rd task of the patch which was implemented without using dynbuf
Upstream-Status: Backport from [6c51adeb71]
(From OE-Core rev: df489f644e41108cf0e2ff55af7ce5e9bca40471)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652
Upstream-Status: Backport from 9db05711c9
(From OE-Core rev: 6747482316b8f7839a09bf041d8c11b559f84b44)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted
`.gitmodules` file with submodule URLs that are longer than 1024 characters can used
to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug
can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when
attempting to remove the configuration section associated with that submodule. When the
attacker injects configuration values which specify executables to run (such as
`core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,
2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running
`git submodule deinit` on untrusted repositories or without prior inspection of any
submodule sections in `$GIT_DIR/config`.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Upstream patches:
528290f8c629198213c9a5bb10fd5ee91cfe60853bb3d6bac5
(From OE-Core rev: db4c152441aebe4c04a7bb7aceb88d8941a6576b)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If a package with a postsints script requires ldconfig, the package class adds
a ldconfig postinst fragment to initialize it before. Systemd has its own
ldconfig.service to initialize it and sometimes if both services are running
at the same time in the first boot, the first one will work, but the second
one will fail with the following error:
ldconfig[141]: /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: No such file or directory
This commit adds a ordering dependency between them to make sure that only one
service is running at the same time.
(From OE-Core rev: 1bc254e7969f3d5470bacf9ad9f065d38b7b7fde)
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e9d812e127dc6743f52f4881e509e8e2e833afe)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
BSD-4-Clause is only applicable to the {PN}-doc package as when I
check for the source code I find below files which only uses the
license BSD-4-Clause
~/sources/libbsd$ grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort
COPYING
man/arc4random.3bsd
man/getprogname.3bsd
man/tree.3bsd
~/sources/libbsd$ grep -rnB6 "BSD-4"
COPYING-9-Files:
COPYING-10- man/arc4random.3bsd
COPYING-11- man/tree.3bsd
COPYING-12-Copyright:
COPYING-13- Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
COPYING-14- All rights reserved.
COPYING:15:License: BSD-4-clause-Niels-Provos
(From OE-Core rev: 187f1588240a0eb5cc753c2114fd6c0cef66e14f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Exclude CVEs that are fixed in current linux-yocto version v5.4.237.
To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].
[1]: 86d5040aee
(From OE-Core rev: ec0f3e5869c596a308a164f93cb031e04034a8ed)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Avoid overwriting the read packet length after the initial test. Thus
move all the length checks which depends on the total length first
and do not use the total lenght from the IP packet afterwards.
Fixes CVE-2023-28488
Reported by Polina Smirnova <moe.hwr@gmail.com>
(From OE-Core rev: 47a9ae5592392bd10740e4571b06c8c739705058)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c
(From OE-Core rev: 24c87e674db9c1d4a8922c3af78a0004c061e70f)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add SDK_ZIP_OPTIONS to remove symbolic link creation in zip archive or add options, e.g. for encryption of the zip archive.
(From OE-Core rev: 04b62f9459b401c276255f166d0738b6f902a576)
(From OE-Core rev: b9e0c3ced645cab74b2488a26b8f656a94b2a6f5)
Signed-off-by: Christoph Lauer <christoph.lauer@xtronic.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A parsed MIME header is a map[string][]string. In the common case,
a header contains many one-element []string slices. To avoid
allocating a separate slice for each key, ReadMIMEHeader looks
ahead in the input to predict the number of keys that will be
parsed, and allocates a single []string of that length.
The individual slices are then allocated out of the larger one.
The prediction of the number of header keys was done by counting
newlines in the input buffer, which does not take into account
header continuation lines (where a header key/value spans multiple
lines) or the end of the header block and the start of the body.
This could lead to a substantial amount of overallocation, for
example when the body consists of nothing but a large block of
newlines.
Fix header key count prediction to take into account the end of
the headers (indicated by a blank line) and continuation lines
(starting with whitespace).
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
Fixes CVE-2023-24534
For #58975Fixes#59267
(From OE-Core rev: daa6aa9c7198a07322f1828a9db457fec86191cf)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix CVE-2023-0464 for openssl
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading
to a denial-of-service(DoS) attack on affected systems.
Link: https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
(From OE-Core rev: 0c50550e2c8fca3263776c2bb985a8c58b920b99)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
(From OE-Core rev: d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
encoding/xml: replace comments inside directives with a space
Backport from a9cfd55e2b
(From OE-Core rev: 76d855f3d2c250ac85ca6f24bf0e178fb32607f9)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is specific to Microsoft Windows, ignore it.
Patch fixing it (https://go-review.googlesource.com/c/go/+/446916)
also adds a redundant check to generic os/exec which
could be backported but it should not be necessary as
backport always takes a small risk to break old code.
(From OE-Core rev: 4263f3fda59aacb4f159d2dffb52e5f66249b5e4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below patch files to fix CVE-2023-26604
CVE-2023-26604-1.patch, CVE-2023-26604-2.patch and
CVE-2023-26604-3.patch and CVE-2023-26604-4.patch
make pager secure when under euid is changed or explicitly
requested
Reference:
CVE-2023-26604-1.patch:
612ebf6c91
CVE-2023-26604-2.patch:
1b5b507cd2
CVE-2023-26604-3.patch:
0a42426d79
CVE-2023-26604-4.patch:
b8f736b30e
(From OE-Core rev: 7880eb801dcee44a9e8920d249057492d1de6b12)
Signed-off-by: rajmohan r <rajmohan.r@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from bdf07c2e16
(From OE-Core rev: 70135bf04eb7173434a7240ddf11639d13aab003)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch for CVE-2021-3929 applied on dunfell returns a value for a
void function. This results in the following compiler warning/error:
hw/block/nvme.c:77:6: error: void function
'nvme_addr_read' should not return a value [-Wreturn-type]
return NVME_DATA_TRAS_ERROR;
^ ~~~~~~~~~~~~~~~~~~~~
In newer versions of qemu, the functions is changed to have a return
value, but that is not present in the version of qemu used in “dunfell”.
Backport some of the patches to correct this.
(From OE-Core rev: 4ad98f0b27615ad59ae61110657cf69004c61ef4)
Signed-off-by: Gaurav Gupta <gauragup@cisco.com>
Signed-off-by: Gaurav Gupta <gauragup@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
