Compare commits

..

301 Commits

Author SHA1 Message Date
Richard Purdie
7f9b7f912e build-appliance-image: Update to dunfell head revision
(From OE-Core rev: dbad46a0079843b380cf3dda6008b12ab9526688)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-09 19:34:46 +01:00
Steve Sakoman
9ae9138497 poky.conf: bump version for 3.1.20 release
(From meta-yocto rev: 56e2baf3d5d51a0491fb295b8a0bcacacdd1e2f9)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:40:31 +01:00
Steve Sakoman
8cf3492f4c documentation: update for 3.1.20
(From yocto-docs rev: d2abea88ce793d2a31836cbffae096190dd54563)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:40:31 +01:00
Paul Barker
d7019b183d licenses: Handle newer SPDX license names
License names were updated in commit 2456f523cf (after the dunfell
release) to match the current SPDX license list. We don't want to do any
wholesale renaming on the dunfell stable branch but we should add
mappings for the newer '*-only' names to allow for layers which support
both dunfell and newer releases.

(From OE-Core rev: 2a646cbdaca914e6f2c76ccb75065a811a9f94de)

Signed-off-by: Paul Barker <paul.barker@sancloud.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:39:19 +01:00
Mathieu Dubois-Briand
4d8f22bc23 bind: Fix CVEs 2022-2795, 2022-38177, 2022-38178
(From OE-Core rev: 9632481dc14868c0f92572472834a2a0c4f46e2e)

Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:39:19 +01:00
Martin Jansa
028971709f create-pull-request: don't switch the git remote protocol to git://
Many git repos prefer https:// nowadays and many removed support
for git://.

This breaks the script when using github.com even when selected remote
is ssh (git@github.com:openembedded/...), it will re-write it to git://
before calling git pull-request causing:

openembedded-core $ scripts/create-pull-request -u github -b jansa/artifacts -o pull-kernel
NOTE: Assuming local branch HEAD, use -l to override.
fatal: unable to connect to github.com:
github.com[0: 140.82.121.3]: errno=Connection timed out

warn: No match for commit ea003bd026aa24bb4c8b7562f44ed6512e921259 found at git://github.com/shr-distribution/oe-core
warn: Are you sure you pushed 'jansa/artifacts' there?
ERROR: git request-pull reported an error

(From OE-Core rev: 7a08f2ae1c12e3511b409c4535d2eab83a27b64a)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64c466920b808c35d1ac87b47cf438bc79becea7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Shubham Kulkarni
aa449287a0 go: Add fix for CVE-2022-32190
Link: 2833550891

(From OE-Core rev: 3362bbb1a1ce599418dc8377043f7549f9327315)

Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Hitendra Prajapati
95ba88b935 golang: CVE-2022-27664 net/http: handle server errors after sending GOAWAY
Source: https://github.com/golang/go
MR: 121912
Type: Security Fix
Disposition: Backport from 5bc9106458
ChangeID: 0b76a92a774279d7bffc9d6fa05564dfd8371e8c
Description:
	 CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY.

(From OE-Core rev: 4e2f723a4288ad4839fac2769e487612252b1d40)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Richard Purdie
f50439feb5 vim: Upgrade 9.0.0541 -> 9.0.0598
Includes a fix for CVE-2022-3278.

(From OE-Core rev: bc13c16bec7a898ae3246e2a9ab586e8241af28e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98c40271692147873a622e168e8b2e90a9fcc54c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Hitendra Prajapati
e9ad2aab5c bluez: CVE-2022-39176 BlueZ allows physically proximate attackers
Source: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
MR: 122140
Type: Security Fix
Disposition: Backport from https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.6
ChangeID: b989c7670a9b2bd1d11221e981eab0d162f3271c
Description:
	 CVE-2022-39176 bluez: BlueZ allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Affects "bluez < 5.59"

(From OE-Core rev: 3750b576035d87633c69c0a5fc6de4854179f9b0)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Dmitry Baryshkov
fb7acc1b21 linux-firmware: package new Qualcomm firmware
Add packages for the new Qualcomm firmware released for Lenovo X13s
laptop.

The INSANE_SKIP:${PN} has to be provided to silent following warnings:

WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcadsp8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcslpi8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!

(From OE-Core rev: 6227efbf03d2e7ca773ab29177705203f2550722)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af9924a3da0569e90c2d3abe030584456e66229b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Dmitry Baryshkov
1956baac10 linux-firmware: package new Qualcomm firmware
Create separate packages with firmware files for APQ8096 SoC and for
Adreno 2xx/4xx. Include A330 firmware into the 3xx package.

(From OE-Core rev: 705de0a585b9e6343075eb6af41b8f8972ee327d)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a0cb8f9131d1f238dc150e583a7ff816645765f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Dmitry Baryshkov
ca1c4e7a76 linux-firmware: upgrade 20220708 -> 20220913
License-Update: additional files
(From OE-Core rev: a8efbea09f851e9ef72a1ec387077d9eda5335c6)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68ce822b765a7b67f8cc8590688860cc2530cf04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Robert Joslyn
35aaf7eadd tzdata: Update from 2022b to 2022c
(From OE-Core rev: efcb0b30244007545ab8b0231e003271dcd7fab2)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ecf88d151f265e5efb8e1dde5aba3ee2a8b76d8d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Richard Purdie
483ab0979f vim: Upgrade 9.0.453 -> 9.0.541
Includes a fix for CVE-2022-3234.

(From OE-Core rev: dabda290f3d40a9ef4f2b5720634280f712f554d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Minjae Kim
243a95b193 inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd
Fix telnetd crash if the first two bytes of a new connection
are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).

CVE: CVE-2022-39028

(From OE-Core rev: 1c385e70d4bfab2334361ba82f29988bb11d6902)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Bruce Ashfield
d7194226b1 linux-yocto/5.4: update to v5.4.213
Updating  to the latest korg -stable release that comprises
the following commits:

    7e17397001a9 Linux 5.4.213
    077041e486fe MIPS: loongson32: ls1c: Fix hang during startup
    4e8d7039cf52 x86/nospec: Fix i386 RSB stuffing
    64f9755b408b sch_sfb: Also store skb len before calling child enqueue
    9d3237b5906c tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    19816a021468 nvme-tcp: fix UAF when detecting digest errors
    a4f0d34580b6 RDMA/mlx5: Set local port to one when accessing counters
    3df71e11a477 ipv6: sr: fix out-of-bounds read when setting HMAC data.
    e7f78835d551 RDMA/siw: Pass a pointer to virt_to_page()
    5332a0945148 i40e: Fix kernel crash during module removal
    d488e2baf2ef tipc: fix shift wrapping bug in map_get()
    279c7668e354 sch_sfb: Don't assume the skb is still around after enqueueing to child
    a2f0ff5beee5 afs: Use the operation issue time instead of the reply time for callbacks
    8077a50c8cce rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    36f7b71f8ad8 netfilter: nf_conntrack_irc: Fix forged IP logic
    323b6847e509 netfilter: br_netfilter: Drop dst references before setting.
    367a655f074b RDMA/hns: Fix supported page size
    57b2897ec3ff soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    87fe1703bada RDMA/cma: Fix arguments order in net device validation
    d80ad9991198 regulator: core: Clean up on enable failure
    c108e2035151 ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    e192a08f6534 smb3: missing inode locks in punch hole
    59c6902a96b4 cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    13d67aadb1c9 cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
    059516952cc9 cgroup: Optimize single thread migration
    d0e7be0dc9f2 scsi: lpfc: Add missing destroy_workqueue() in error path
    5682c94644fd scsi: mpt3sas: Fix use-after-free warning
    8d66989b5f7b nvmet: fix a use-after-free
    9fc8c5fa4230 debugfs: add debugfs_lookup_and_remove()
    0d895d2bb120 kprobes: Prohibit probes in gate area
    0492798bf8df ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
    e275cf331824 ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    45321a7d02b7 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    adbbc1a8c5ac drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    e1955cdd3122 fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    fcab25a6b0ac arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
    a3714415c449 parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    dcf54e6cae9e parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    c72d97146fc5 drm/radeon: add a force flush to delay work when radeon
    ae2c6cc8fb21 drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    bca46f2295fa drm/gem: Fix GEM handle release errors
    bd2a3bff310e scsi: megaraid_sas: Fix double kfree()
    944f276cbce4 USB: serial: ch341: fix disabled rx timer on older devices
    f0003ab97a07 USB: serial: ch341: fix lost character on LCR updates
    d288c6383a8e usb: dwc3: disable USB core PHY management
    9c670d0bb144 usb: dwc3: fix PHY disable sequence
    9ab0c653ef03 btrfs: harden identification of a stale device
    4e5ba186d9cf drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    3af1316df747 ALSA: seq: Fix data-race at module auto-loading
    4fa63d526c87 ALSA: seq: oss: Fix data-race for max_midi_devs access
    82a86f82bc67 net: mac802154: Fix a condition in the receive path
    d228b897b813 ip: fix triggering of 'icmp redirect'
    66689c5c02ac wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    1142f04f920c driver core: Don't probe devices after bus_type.match() probe deferral
    bb87fe79bc2c usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    df1875084898 USB: core: Prevent nested device-reset calls
    87b47c7f9f95 s390: fix nospec table alignments
    b604e79fba12 s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    33f8f8302473 usb-storage: Add ignore-residue quirk for NXP PN7462AU
    e2e153bb6d69 USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    8ef85884f441 usb: dwc2: fix wrong order of phy_power_on and phy_init
    08f27a242898 usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    1abdc68b49c7 USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    3cd8e3448eac USB: serial: option: add Quectel EM060K modem
    b988c14d7c82 USB: serial: option: add support for OPPO R11 diag port
    234fd17306cb USB: serial: cp210x: add Decagon UCA device id
    0143b573612f xhci: Add grace period after xHC start to prevent premature runtime suspend.
    c7e5a90eee5f thunderbolt: Use the actual buffer in tb_async_error()
    cb2684e906f9 gpio: pca953x: Add mutex_lock for regcache sync in PM
    7756eb1ed124 hwmon: (gpio-fan) Fix array out of bounds access
    979fe68b2e39 clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    389a45dc06dd Input: rk805-pwrkey - fix module autoloading
    1929a5275ecb clk: core: Fix runtime PM sequence in clk_core_unprepare()
    577b32abfd51 Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    582e87c6bbf2 clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    5d4acadcdf26 drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    bc37b0570220 usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    30d0901b307f binder: fix UAF of ref->proc caused by race condition
    b30dd08fd5aa USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    f8632b8bb53e misc: fastrpc: fix memory corruption on open
    ec186b9f4aa2 misc: fastrpc: fix memory corruption on probe
    0d90ef874966 iio: adc: mcp3911: use correct formula for AD conversion
    d186c65599bf Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    a6b7e8d97530 tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
    1cf1930369c9 vt: Clear selection before changing the font
    214877169e5b powerpc: align syscall table for ppc32
    d0aac7146e96 staging: rtl8712: fix use after free bugs
    a65a2a33c6d0 serial: fsl_lpuart: RS485 RTS polariy is inverse
    ae5e8d0baa0a net/smc: Remove redundant refcount increase
    47e679431613 Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    91ecfbcd8dc1 tcp: annotate data-race around challenge_timestamp
    f8a94fdf0288 sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    0946ff31d1a8 kcm: fix strp_init() order and cleanup
    02986e1bb63e ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    fffa19b5e58c net: sched: tbf: don't call qdisc_put() while holding tree lock
    e1ba258dac0b Revert "xhci: turn off port power in shutdown"
    2dca3c61269b wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    bed12d7531df ieee802154/adf7242: defer destroy_workqueue call
    ddc6e823218f iio: adc: mcp3911: make use of the sign bit
    630a97e4da75 platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    765497cc748d drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    fced8363b460 drm/msm/dsi: fix the inconsistent indenting
    83b25f9eb243 net: dp83822: disable false carrier interrupt
    007541bc27c2 Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    96f09cd54472 fs: only do a memory barrier for the first set_buffer_uptodate()
    d51e1682faec net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()
    f4c4637a3836 wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
    8028ff4cdbb3 efi: capsule-loader: Fix use-after-free in efi_capsule_write

(From OE-Core rev: ef38f7acee3f0ae400138fa60f4695a86dffc16e)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Bruce Ashfield
134ac61730 linux-yocto/5.4: update to v5.4.212
Updating  to the latest korg -stable release that comprises
the following commits:

    d6deb370b5a5 Linux 5.4.212
    0052348329c9 net: neigh: don't call kfree_skb() under spin_lock_irqsave()
    25a80e728412 net/af_packet: check len when min_header_len equals to 0
    fc78b2fc21f1 io_uring: disable polling pollfree files
    b474ff1b2095 kprobes: don't call disarm_kprobe() for disabled kprobes
    6fbc49b7f007 lib/vdso: Mark do_hres() and do_coarse() as __always_inline
    2161d3c12c74 lib/vdso: Let do_coarse() return 0 to simplify the callsite
    06ebb40b8720 btrfs: tree-checker: check for overlapping extent items
    63c790584031 netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
    5c5cd52ab09d drm/amd/display: Fix pixel clock programming
    c570198c3d9e s390/hypfs: avoid error message under KVM
    51be9dd391fd neigh: fix possible DoS due to net iface start/stop loop
    814b756d4ec3 drm/amd/display: clear optc underflow before turn off odm clock
    a06e4eb65169 drm/amd/display: Avoid MPC infinite loop
    2608885a4f7e btrfs: unify lookup return value when dir entry is missing
    1fe3375cf2be btrfs: do not pin logs too early during renames
    e9b4baabf852 btrfs: introduce btrfs_lookup_match_dir
    2fe3eee48899 mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
    8b68e53d5669 bpf: Don't redirect packets with invalid pkt_len
    934e49f7d696 ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
    7d9591b32a90 fbdev: fb_pm2fb: Avoid potential divide by zero error
    53c7c4d5d40b HID: hidraw: fix memory leak in hidraw_release()
    466b67c0543b media: pvrusb2: fix memory leak in pvr_probe
    63d8c1933ed2 udmabuf: Set the DMA mask for the udmabuf device (v2)
    fa2b822d86be HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
    6551fbe25853 Bluetooth: L2CAP: Fix build errors in some archs
    adc7640e1931 kbuild: Fix include path in scripts/Makefile.modpost
    80a7fe2b7012 x86/bugs: Add "unknown" reporting for MMIO Stale Data
    09602177d80c s390/mm: do not trigger write fault when vma does not allow VM_WRITE
    c9c5501e8151 mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
    b4c928ace9a1 scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
    2045b9d30619 perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
    8e7fb19f1a74 md: call __md_stop_writes in md_stop
    f35c4fec07a2 mm/hugetlb: fix hugetlb not supporting softdirty tracking
    f09c1b80df55 ACPI: processor: Remove freq Qos request for all CPUs
    cacd522e6652 s390: fix double free of GS and RI CBs on fork() failure
    c3862f559265 asm-generic: sections: refactor memory_intersects
    13b2856037a6 loop: Check for overflow while configuring loop
    2668aeac01ac x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
    dd3365d3b496 btrfs: check if root is readonly while setting security xattr
    5b44dcf8b79b btrfs: add info when mount fails due to stale replace target
    40554fa41a78 btrfs: replace: drop assert for suspended replace
    201bb5d745ae btrfs: fix silent failure when deleting root reference
    571a13b35005 ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
    aa0a3f72c6da net: Fix a data-race around sysctl_somaxconn.
    923fa41adebd net: Fix a data-race around netdev_budget_usecs.
    adeb24afd2fd net: Fix a data-race around netdev_budget.
    575c57e9e00c net: Fix a data-race around sysctl_net_busy_read.
    6e8f9df62dbe net: Fix a data-race around sysctl_net_busy_poll.
    5da0632c07d4 net: Fix a data-race around sysctl_tstamp_allow_data.
    4482215f93d2 ratelimit: Fix data-races in ___ratelimit().
    a90afeab21ae net: Fix data-races around netdev_tstamp_prequeue.
    c1d0ef0e6f11 net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
    dbd0f1991adf netfilter: nft_tunnel: restrict it to netdev family
    fba05d250256 netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
    a2ce367ae743 netfilter: nft_payload: do not truncate csum_offset and csum_type
    870015352911 netfilter: nft_payload: report ERANGE for too long offset and length
    bc7ba4cd0bc3 bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
    160c4eb47db0 netfilter: ebtables: reject blobs that don't provide all entry points
    8b9155eae85d net: ipvtap - add __init/__exit annotations to module init/exit funcs
    1498077d562f bonding: 802.3ad: fix no transmission of LACPDUs
    ac3541b11e5b net: moxa: get rid of asymmetry in DMA mapping/unmapping
    eb8236dff703 net/mlx5e: Properly disable vlan strip on non-UL reps
    6e4b20d548fc rose: check NULL rose_loopback_neigh->loopback
    4c14faf16632 SUNRPC: RPC level errors should set task->tk_rpc_status
    8ee27a4f0f1a af_key: Do not call xfrm_probe_algs in parallel
    63da7a2bbf3f xfrm: fix refcount leak in __xfrm_policy_check()
    a9f94dc4ddee kernel/sched: Remove dl_boosted flag comment
    d2b65976bf1a sched/deadline: Fix priority inheritance with multiple scheduling classes
    c498c8cbc271 sched/deadline: Fix stale throttling on de-/boosted tasks
    184c8ab53424 sched/deadline: Unthrottle PI boosted threads while enqueuing
    71b7edfc76d2 pinctrl: amd: Don't save/restore interrupt status and wake status bits
    8e52d0c57d5f Revert "selftests/bpf: Fix test_align verifier log patterns"
    2b13ddc9e0e3 Revert "selftests/bpf: Fix "dubious pointer arithmetic" test"
    a89c4b5868cb usb: cdns3: Fix issue for clear halt endpoint
    87b41b041cd4 kernel/sys_ni: add compat entry for fadvise64_64
    945dc19778f6 parisc: Fix exception handler for fldw and fstw instructions
    bb415d2687ac audit: fix potential double free on error path from fsnotify_add_inode_mark
    684cc17be897 Linux 5.4.211
    473f43725bb7 btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
    6fd4cea04400 btrfs: only write the sectors in the vertical stripe which has data stripes
    04e41b6bacf4 can: j1939: j1939_session_destroy(): fix memory leak of skbs
    18e0ab31b028 can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
    5c9637279f65 tracing/probes: Have kprobes and uprobes use $COMM too
    5d8244d42d34 MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
    2b7f559152a3 video: fbdev: i740fb: Check the argument of i740_calc_vclk()
    5e14b04c8459 powerpc/64: Init jump labels before parse_early_param()
    720f6112c393 smb3: check xattr value length earlier
    29e734ec33ae f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
    dd9d894b4163 ALSA: timer: Use deferred fasync helper
    76f87b11a4b2 ALSA: core: Add async signal helpers
    f4159834d17f powerpc/32: Don't always pass -mcpu=powerpc to the compiler
    d78d0ee79bb8 watchdog: export lockup_detector_reconfigure
    814d83c5e127 RISC-V: Add fast call path of crash_kexec()
    812cb21259ad riscv: mmap with PROT_WRITE but no PROT_READ is invalid
    1b49707df679 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
    3e6994735c1c vfio: Clear the caps->buf to NULL after free
    ca3fc1c38e42 tty: serial: Fix refcount leak bug in ucc_uart.c
    3c0efcd608f1 lib/list_debug.c: Detect uninitialized lists
    a6805b3dcf5c ext4: avoid resizing to a partial cluster size
    5bebfd607726 ext4: avoid remove directory when directory is corrupted
    f5d46f1b47f6 drivers:md:fix a potential use-after-free bug
    7a2fe1594689 nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
    0bf3dcfb0396 dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
    d13b990d4fbe selftests/kprobe: Do not test for GRP/ without event failures
    082da6a9c30f um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
    c3ce788be376 PCI/ACPI: Guard ARM64-specific mcfg_quirks
    695af60af755 cxl: Fix a memory leak in an error handling path
    ca06b4cde54f gadgetfs: ep_io - wait until IRQ finishes
    927907f1cbb3 scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
    d401611a93b3 clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
    f78ac62e6b9d vboxguest: Do not use devm for irq
    cfa8f707a58d usb: renesas: Fix refcount leak bug
    0334d23c56ec usb: host: ohci-ppc-of: Fix refcount leak bug
    b743d6cef4f1 drm/meson: Fix overflow implicit truncation warnings
    29b30e041376 irqchip/tegra: Fix overflow implicit truncation warnings
    e2d531806569 usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
    e65d9b7147d7 usb: cdns3 fix use-after-free at workaround 2
    e7170b5a2826 PCI: Add ACS quirk for Broadcom BCM5750x NICs
    d58ef2567813 drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
    d0c4307aeae5 locking/atomic: Make test_and_*_bit() ordered on failure
    90fb514a1656 gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
    55197ba6d64d igb: Add lock to avoid data race
    44b406aab057 fec: Fix timer capture timing in `fec_ptp_enable_pps()`
    f861285de84b i40e: Fix to stop tx_timeout recovery if GLOBR fails
    781212b34447 ice: Ignore EEXIST when setting promisc mode
    545ec873f16e net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
    b360ce159cb1 net: moxa: pass pdev instead of ndev to DMA functions
    cb1753bc689c net: dsa: mv88e6060: prevent crash on an unused port
    ccb0a42d3f40 powerpc/pci: Fix get_phb_number() locking
    b5dd26e07397 netfilter: nf_tables: really skip inactive sets when allocating name
    f415fda65931 clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
    ff289f2be589 iavf: Fix adminq error handling
    2b4daaed4f57 nios2: add force_successful_syscall_return()
    d6d9dd2cc325 nios2: restarts apply only to the first sigframe we build...
    01e783b45e3b nios2: fix syscall restart checks
    9e9151768bde nios2: traced syscall does need to check the syscall number
    73c088373234 nios2: don't leave NULLs in sys_call_table[]
    86a89da5cdbd nios2: page fault et.al. are *not* restartable syscalls...
    965333345fe9 tee: add overflow check in register_shm_helper()
    cfa215a76a40 dpaa2-eth: trace the allocated address instead of page struct
    9a6cbaa50f26 atm: idt77252: fix use-after-free bugs caused by tst_timer
    2f14656fe1a8 xen/xenbus: fix return type in xenbus_file_read()
    c61d3b92f56a nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
    a1d13886fd2e NTB: ntb_tool: uninitialized heap data in tool_fn_write()
    215cbd3c0d40 tools build: Switch to new openssl API for test-libcrypto
    a91204264ebd tools/vm/slabinfo: use alphabetic order when two values are equal
    12f777a957be dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
    0ecc55feceb1 vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
    f82f1e2042b3 vsock: Fix memory leak in vsock_connect()
    f4f2acf01298 plip: avoid rcu debug splat
    85b5747321ed geneve: do not use RT_TOS for IPv6 flowlabel
    760a01c36b83 ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
    49c1ae5fc8dd pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
    b0de3436ca57 pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
    c26012a1e61c pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
    ac6d4482f29a net: bgmac: Fix a BUG triggered by wrong bytes_compl
    1ad4ba9341f1 devlink: Fix use-after-free after a failed reload
    c1bdc6de5178 SUNRPC: Reinitialise the backchannel request buffers before reuse
    b0e283987358 sunrpc: fix expiry of auth creds
    0a901c2f7fa7 can: mcp251x: Fix race condition on receive interrupt
    f7ee3b772d9d NFSv4/pnfs: Fix a use-after-free bug in open
    14b5a92e3398 NFSv4.1: RECLAIM_COMPLETE must handle EACCES
    89dd9bec6630 NFSv4: Fix races in the legacy idmapper upcall
    e7eba28ba774 NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
    68a84001f7a2 NFSv4.1: Don't decrease the value of seq_nr_highest_sent
    2c8477600cd6 Documentation: ACPI: EINJ: Fix obsolete example
    7db182a2ebee apparmor: Fix memleak in aa_simple_write_to_buffer()
    ef6fb6f0d0d8 apparmor: fix reference count leak in aa_pivotroot()
    7f6092dc8f7a apparmor: fix overlapping attachment computation
    98ab8dfa048b apparmor: fix aa_label_asxprint return check
    1b4c44823a13 apparmor: Fix failed mount permission check error message
    825b0f6bb035 apparmor: fix absroot causing audited secids to begin with =
    dd78c35a27d4 apparmor: fix quiet_denied for file rules
    45be56968d6e can: ems_usb: fix clang's -Wunaligned-access warning
    f67c43e4b131 tracing: Have filter accept "common_cpu" to be consistent
    90b0526dd82a btrfs: fix lost error handling when looking up extended ref on log replay
    d33e770f0a56 mmc: pxamci: Fix an error handling path in pxamci_probe()
    6db5285844c4 mmc: pxamci: Fix another error handling path in pxamci_probe()
    b1b2b8adb0eb ata: libata-eh: Add missing command name
    70e0c8a454e2 rds: add missing barrier to release_refill
    d040e85ae959 ALSA: info: Fix llseek return value when using callback
    992480132ed3 net_sched: cls_route: disallow handle of 0
    7d9d0ba99c47 net/9p: Initialize the iounit field during fid creation
    13e17a18a46b Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
    4d5e45fdf048 Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
    f135c65085ee scsi: sg: Allow waiting for commands to complete on removed device
    cf218ff991ce tcp: fix over estimation in sk_forced_mem_schedule()
    8cdba919acef KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
    8fb5e7760444 KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
    4c08dd3fbdc5 KVM: Add infrastructure and macro to mark VM as bugged
    8659026858e0 btrfs: reject log replay if there is unsupported RO compat flag
    1fcd691cc2e7 net_sched: cls_route: remove from list when handle is 0
    b12304984654 iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
    18048cba444a firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
    7c77d1f9ba11 timekeeping: contribute wall clock to rng on time change
    5e0fcc5ad3e0 ACPI: CPPC: Do not prevent CPPC from working in the future
    2c7e93e33832 dm writecache: set a default MAX_WRITEBACK_JOBS
    05cef0999b32 dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
    cb583ca6125a dm raid: fix address sanitizer warning in raid_status
    71f601c779b3 dm raid: fix address sanitizer warning in raid_resume
    2f2fa48c9f98 intel_th: pci: Add Meteor Lake-P support
    ab1f9cb5001c intel_th: pci: Add Raptor Lake-S PCH support
    0d8fd1fa178f intel_th: pci: Add Raptor Lake-S CPU support
    8887ef07ff55 ext4: correct the misjudgment in ext4_iget_extra_inode
    be9614e15eec ext4: correct max_inline_xattr_value_size computing
    b9a2dfd1a0c8 ext4: fix extent status tree race in writeback error recovery path
    b10b2122d709 ext4: update s_overhead_clusters in the superblock during an on-line resize
    9d1468732118 ext4: fix use-after-free in ext4_xattr_set_entry
    41ff115b14b6 ext4: make sure ext4_append() always allocates new block
    748d17d47687 ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
    025604c7023b btrfs: reset block group chunk force if we have to wait
    cf8927ce6619 tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
    61a1793b058a kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
    37690cb8662c spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
    91d11a3376e0 x86/olpc: fix 'logical not is only applied to the left hand side'
    42afeecce25e scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
    d2e82c78e352 scsi: qla2xxx: Turn off multi-queue for 8G adapters
    83cb0fb8482b scsi: qla2xxx: Fix discovery issues in FC-AL topology
    bc98764d80ee scsi: zfcp: Fix missing auto port scan and thus missing target ports
    eacb50f17336 video: fbdev: s3fb: Check the size of screen before memset_io()
    53198b81930e video: fbdev: arkfb: Check the size of screen before memset_io()
    d71528ccdc7a video: fbdev: vt8623fb: Check the size of screen before memset_io()
    09777c16a0f4 tools/thermal: Fix possible path truncations
    a249e1b89ca2 video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
    46513b4a8038 x86/numa: Use cpumask_available instead of hardcoded NULL check
    26d2d13d9fc3 scripts/faddr2line: Fix vmlinux detection on arm64
    563ffb782da7 genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
    9813d27d596b powerpc/pci: Fix PHB numbering when using opal-phbid
    6a119c1a584a kprobes: Forbid probing on trampoline and BPF code areas
    cc53477d8926 perf symbol: Fail to read phdr workaround
    f388643657cd powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
    d99733ad47a6 powerpc/xive: Fix refcount leak in xive_get_max_prio
    14329d29a048 powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
    3ec50b8a0128 powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
    44a43b65d7e1 powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
    ddaa8cc5a6bb video: fbdev: sis: fix typos in SiS_GetModeID()
    49a4c1a87ef8 video: fbdev: amba-clcd: Fix refcount leak bugs
    a9286ff4c19f watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
    ba406e310041 ASoC: audio-graph-card: Add of_node_put() in fail path
    bb1cc434df08 fuse: Remove the control interface for virtio-fs
    083984627411 ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
    3edcd1348ba7 s390/zcore: fix race when reading from hardware system area
    50be644f7ddd iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
    b948ff8a9e9a mfd: max77620: Fix refcount leak in max77620_initialise_fps
    8d01edaf9eea mfd: t7l66xb: Drop platform disable callback
    b45bcdf627a9 kfifo: fix kfifo_to_user() return type
    8ee5d40ae29e rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
    9a87a532848a iommu/exynos: Handle failed IOMMU device registration properly
    44913ccfa1d5 tty: n_gsm: fix missing corner cases in gsmld_poll()
    ae9bfcbfd76a tty: n_gsm: fix DM command
    b625b745497f tty: n_gsm: fix wrong T1 retry count handling
    373343d8a796 vfio/ccw: Do not change FSM state in subchannel event
    51642e132859 remoteproc: qcom: wcnss: Fix handling of IRQs
    fbf979564682 tty: n_gsm: fix race condition in gsmld_write()
    597bec4a4cc0 tty: n_gsm: fix packet re-transmission without open control channel
    ba10f6c2f079 tty: n_gsm: fix non flow control frames during mux flow off
    8b355d6b1fcf profiling: fix shift too large makes kernel panic
    8791703eddf4 ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
    ba4d971fe11a ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
    34734e4c526a serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
    79f566907d27 ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
    4f97b5bb81be ASoC: codecs: da7210: add check for i2c_add_driver
    b488ceb23369 ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
    d6d41f04640d ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
    d3f15a4be209 opp: Fix error check in dev_pm_opp_attach_genpd()
    fa5b65d39332 jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
    fc1ec67ba503 ext4: recover csum seed of tmp_inode after migrating to extents
    36a88efe8747 jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
    242303bf7fe0 null_blk: fix ida error handling in null_add_dev()
    b348e204a531 RDMA/rxe: Fix error unwind in rxe_create_qp()
    38403d143d1f mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
    d3beb91c99d1 platform/olpc: Fix uninitialized data in debugfs write
    358db0ebec41 USB: serial: fix tty-port initialized comments
    06f56d9e7470 PCI: tegra194: Fix link up retry sequence
    f916f6e03955 PCI: tegra194: Fix Root Port interrupt handling
    ed44d9ce8c37 HID: alps: Declare U1_UNICORN_LEGACY support
    46f545821144 mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
    d0cc1ba2be1c mmc: cavium-octeon: Add of_node_put() when breaking out of loop
    b100b0b0026a gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
    2f90813f1c21 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
    11edf0bba15e RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
    fb9193af53a3 RDMA/hns: Fix incorrect clearing of interrupt status register
    414849317b36 usb: gadget: udc: amd5536 depends on HAS_DMA
    bc6f609401c4 scsi: smartpqi: Fix DMA direction for RAID requests
    b1b803495374 mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
    9d8b911fe3c3 memstick/ms_block: Fix a memory leak
    830c38ec9aca memstick/ms_block: Fix some incorrect memory allocation
    4c472a2c9ed6 mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
    6bb0f109660a staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
    b5d924cb4c7b intel_th: msu: Fix vmalloced buffers
    d81195c47465 intel_th: msu-sink: Potential dereference of null pointer
    859342220acc intel_th: Fix a resource leak in an error handling path
    3771ee6c46ad soundwire: bus_type: fix remove and shutdown support
    2fcb7182dee9 clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
    7dc9eb967a47 clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
    5780dde5104f clk: qcom: ipq8074: fix NSS port frequency tables
    15f4d52835b7 usb: host: xhci: use snprintf() in xhci_decode_trb()
    7cfb3120ecf2 clk: qcom: clk-krait: unlock spin after mux completion
    8191b6cd9ada driver core: fix potential deadlock in __driver_attach
    be8f7c44d5af misc: rtsx: Fix an error handling path in rtsx_pci_probe()
    507cabdb3692 clk: mediatek: reset: Fix written reset bit offset
    9ecabd76bfc7 usb: xhci: tegra: Fix error check
    65d36ec409b6 usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
    8cbc3870ff35 usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
    8e88b4257532 fpga: altera-pr-ip: fix unsigned comparison with less than zero
    44ffee3979d6 mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
    f3cc27198c5d mtd: partitions: Fix refcount leak in parse_redboot_of
    a1cdbd344f86 mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
    519ff31a6ddd HID: cp2112: prevent a buffer overflow in cp2112_xfer()
    1367f4a3e6b5 mtd: rawnand: meson: Fix a potential double free issue
    80b1465b2ae8 mtd: maps: Fix refcount leak in ap_flash_init
    9124d51e0123 mtd: maps: Fix refcount leak in of_flash_probe_versatile
    e0012773af09 clk: renesas: r9a06g032: Fix UART clkgrp bitsel
    51fb8c2c106b dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
    d3b292263731 net: rose: fix netdev reference changes
    34b88491b4de netdevsim: Avoid allocation warnings triggered from user space
    9d9e0d55601d iavf: Fix max_rate limiting
    50a7949fd9ea crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
    439297ec5c05 net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
    878e7f39803a wifi: libertas: Fix possible refcount leak in if_usb_probe()
    5cca5f714fe6 wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
    52b11a48cf07 wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
    becbc82919bc i2c: mux-gpmux: Add of_node_put() when breaking out of loop
    6d9f3128c0ee i2c: cadence: Support PEC for SMBus block read
    80df14022cec Bluetooth: hci_intel: Add check for platform_driver_register
    26168f0656a3 can: pch_can: pch_can_error(): initialize errc before using it
    a025f6ca15b2 can: error: specify the values of data[5..7] of CAN error frames
    61bcc556ff8c can: usb_8dev: do not report txerr and rxerr during bus-off
    d8833eaa5f37 can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
    a37e2bad7635 can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
    80b135a02389 can: sun4i_can: do not report txerr and rxerr during bus-off
    d20bf7e76136 can: hi311x: do not report txerr and rxerr during bus-off
    e94369cdc038 can: sja1000: do not report txerr and rxerr during bus-off
    5b9d4919a7d7 can: rcar_can: do not report txerr and rxerr during bus-off
    4cb29f25b215 can: pch_can: do not report txerr and rxerr during bus-off
    ecbdb2985e08 selftests/bpf: fix a test for snprintf() overflow
    e134d998a98c wifi: p54: add missing parentheses in p54_flush()
    6942c45a2270 wifi: p54: Fix an error handling path in p54spi_probe()
    60c998342516 wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
    72d9ce5b085a fs: check FMODE_LSEEK to control internal pipe splicing
    8cf6e837dcfc selftests: timers: clocksource-switch: fix passing errors from child
    2f243fe8db21 selftests: timers: valid-adjtimex: build fix for newer toolchains
    8ebe6121e7cc libbpf: Fix the name of a reused map
    fd35e34ece33 tcp: make retransmitted SKB fit into the send window
    6296d09d2b21 drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
    1ae9edf7e875 mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
    e86a88d39cc7 media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
    cf411bcc657b crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
    2e34d6c8180a drm/msm/mdp5: Fix global state lock backoff
    5d4128a163a9 drm: bridge: sii8620: fix possible off-by-one
    3a7ebe131ca9 drm/mediatek: dpi: Only enable dpi after the bridge is enabled
    42c8e38e8620 drm/mediatek: dpi: Remove output format of YUV
    0f214563ab6d drm/rockchip: Fix an error handling path rockchip_dp_probe()
    3345fd35335f drm/rockchip: vop: Don't crash for invalid duplicate_state()
    9f64fb45514a crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
    b53cbaf9b3b3 drm/vc4: dsi: Correct DSI divider calculations
    120161c12731 drm/vc4: plane: Fix margin calculations for the right/bottom edges
    84f638fbf83c drm/vc4: plane: Remove subpixel positioning check
    59340f399c0a media: hdpvr: fix error value returns in hdpvr_read
    87c35bbefdfa drm/mcde: Fix refcount leak in mcde_dsi_bind
    289079d6c5f0 drm: bridge: adv7511: Add check for mipi_dsi_driver_register
    73304c759408 wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
    e9e21206b8ea ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
    fef3261630eb media: tw686x: Register the irq at the end of probe
    871a1e94929a i2c: Fix a potential use after free
    127ecd6b1f17 drm: adv7511: override i2c address of cec before accessing it
    8cdf42c7baa6 drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
    db1a9add3f90 drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
    6a5ade10a38e drm/mipi-dbi: align max_chunk to 2 in spi_transfer
    f52b31ecaf59 wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
    c59876f8c982 ath10k: do not enforce interrupt trigger type
    08cc3995fb6b dm: return early from dm_pr_call() if DM device is suspended
    bc4e8b95c407 thermal/tools/tmon: Include pthread and time headers in tmon.h
    91732a2794bb nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
    35f9e861d9b9 regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
    52e1f85bf7de blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
    bee4d2ab4db5 erofs: avoid consecutive detection for Highmem memory
    62060951ccb9 arm64: dts: mt7622: fix BPI-R64 WPS button
    850167439429 bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
    3d698238584c ARM: dts: qcom: pm8841: add required thermal-sensor-cells
    bc73c72a856c soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
    a530fa52d4fd cpufreq: zynq: Fix refcount leak in zynq_get_revision
    c4f92af7fc8c ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
    935035cf97c8 ARM: OMAP2+: Fix refcount leak in omapdss_init_of
    b95e19f1ec73 ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
    1f0448cb8a44 soc: fsl: guts: machine variable might be unset
    1e9cc69eae6d ARM: dts: ast2600-evb: fix board compatible
    4a4bb53e635b ARM: dts: ast2500-evb: fix board compatible
    0b7f674c12c0 x86/pmem: Fix platform-device leak in error path
    5afe042c8894 ARM: bcm: Fix refcount leak in bcm_kona_smc_init
    6b28bf3e044f meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
    ef5102a0a724 ARM: findbit: fix overflowing offset
    c7835f93db67 spi: spi-rspi: Fix PIO fallback on RZ platforms
    90bdf50ae70c selinux: Add boundary check in put_entry()
    3c48d3067eaf PM: hibernate: defer device probing when resuming from hibernation
    930e7b260e6a ARM: shmobile: rcar-gen2: Increase refcount for new reference
    a770da1866ac arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
    5f1510dd2fc9 arm64: dts: qcom: ipq8074: fix NAND node name
    308bb82c61b7 ACPI: LPSS: Fix missing check in register_device_clock()
    b61119d0850e ACPI: PM: save NVS memory for Lenovo G40-45
    81abef841f32 ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
    3e505298a75f ARM: OMAP2+: display: Fix refcount leak bug
    749ee1c4c35a spi: synquacer: Add missing clk_disable_unprepare()
    f7e6740e1e45 ARM: dts: imx6ul: fix qspi node compatible
    5db7e1796d41 ARM: dts: imx6ul: fix lcdif node compatible
    82cff0cf7141 ARM: dts: imx6ul: fix csi node compatible
    667023a28419 ARM: dts: imx6ul: change operating-points to uint32-matrix
    a6e620361617 ARM: dts: imx6ul: add missing properties for sram
    bd80dd86f9bf wait: Fix __wait_event_hrtimeout for RT/DL tasks
    3fb368c0ae39 genirq: Don't return error on missing optional irq_request_resources()
    b3f423683818 ext2: Add more validity checks for inode counts
    04549063d570 arm64: fix oops in concurrently setting insn_emulation sysctls
    fa09c3926583 arm64: Do not forget syscall when starting a new thread.
    c5940c082185 x86: Handle idle=nomwait cmdline properly for x86_idle
    cf2db24ec4b8 epoll: autoremove wakers even more aggressively
    a452bc3deb23 netfilter: nf_tables: fix null deref due to zeroed list head
    4dad1c820771 netfilter: nf_tables: do not allow RULE_ID to refer to another chain
    fab2f61cc3b0 netfilter: nf_tables: do not allow SET_ID to refer to another table
    cc525d667b3f arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
    57e2c8444529 ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
    5d952c7ae339 USB: HCD: Fix URB giveback issue in tasklet function
    e9205d8dd1ca coresight: Clear the connection field properly
    274e44e21234 MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    dbd005901840 powerpc/powernv: Avoid crashing if rng is NULL
    5b8f55bc0526 powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
    28a6d14ba60a powerpc/fsl-pci: Fix Class Code of PCIe Root Port
    9293b7ee5297 PCI: Add defines for normal and subtractive PCI bridges
    8c3ae6b1d76c ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
    ce839b9331c1 md-raid10: fix KASAN warning
    ecd489683a74 serial: mvebu-uart: uart2 error bits clearing
    d11e3f4fdc90 fuse: limit nsec
    ed43fb20d3d1 iio: light: isl29028: Fix the warning in isl29028_remove()
    a5b8aad54824 drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
    8afbf206aa3d drm/nouveau: fix another off-by-one in nvbios_addr
    5557e9469b8e drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
    b8f3830cd905 parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
    d7ba24d3a893 parisc: Fix device names in /proc/iomem
    a7573260ad0d ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
    8b4588b8b00b usbnet: Fix linkwatch use-after-free on disconnect
    2afb553d6825 fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
    6f9cd356eb27 thermal: sysfs: Fix cooling_device_stats_setup() error code path
    a698d2fa85be fs: Add missing umask strip in vfs_tmpfile
    e2a231454e2b vfs: Check the truncate maximum size in inode_newsize_ok()
    cc9e874dace0 tty: vt: initialize unicode screen buffer
    9e274a4f6029 ALSA: hda/realtek: Add quirk for another Asus K42JZ model
    495f153c1587 ALSA: hda/cirrus - support for iMac 12,1 model
    f4f2d3742b97 ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
    79e522101cf4 mm/mremap: hold the rmap lock in write mode when moving page table entries.
    731436e1eee2 KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
    914a274320e5 KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
    78359865870d KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
    68e1313bb880 KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
    e40bde8a28ed KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
    c841dfce0b0d KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
    717c93c7f6c4 HID: wacom: Don't register pad_input for touch switch
    0ca140b28425 HID: wacom: Only report rotation for art pen
    d14b6fe91149 add barriers to buffer_uptodate and set_buffer_uptodate
    6f3342a5e83c wifi: mac80211_hwsim: use 32-bit skb cookie
    4f4bf4e52b5a wifi: mac80211_hwsim: add back erroneously removed cast
    84014008bc7f wifi: mac80211_hwsim: fix race condition in pending packet
    ae52cf801a14 igc: Remove _I_PHY_ID checking
    05e0bb8c3c4d ALSA: bcd2000: Fix a UAF bug on the error path of probing
    58e337d27f8a scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
    013acaa59752 x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
    635e8e6f6837 Makefile: link with -z noexecstack --no-warn-rwx-segments

(From OE-Core rev: ddfc3eebd96197fec56ac781fcf9d7da0c9eca27)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Virendra Thakur
2fef664dd9 expat: Fix CVE-2022-40674
Add patch file to fix CVE-2022-40674

Link: 4a32da87e9

(From OE-Core rev: 4efa4490becea956a62d45e1476f7b602be53eee)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Sana Kazi
915a752d37 sqlite3: Fix CVE-2021-20223
Fix CVE-2021-20223 for sqlite3
Link: d1d43efa4f.patch

(From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84)

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Lee Chee Yang
a8ee7ba022 subversion: fix CVE-2021-28544
(From OE-Core rev: 7fdd4d2dc019071525349fbb153e2e80f6583217)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Richard Purdie
f9a63709b0 qemu: Add PACKAGECONFIG for brlapi
(From OE-Core rev: f547c9610f8c17c3da9ca3f7a79902d2ffbfca49)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 482471a617e5f682416b7ec1a920dfaeac65f1a3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Andrei Gherzan
9cc9232e31 qemu: Define libnfs PACKAGECONFIG
The upstream qemu recipe uses host's pkg-config files as a solution to
detecting host's SDL. This has a side effect of using other host
libraries that are later queried by the configure script. This can get
into a situation when the host provides libnfs (for example) and because
later this dependency is not in place anymore, qemu will fail at
runtime.

This change adds a PACKAGECONFIG definition for libnfs that is disabled
by default, in turn disabling the pkgconfig autodetection in configure.

(From OE-Core rev: 9badcf0261f6b735d65a5498bb8fbb9979d7a07f)

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 42b364a25fdbc987c85dd46b8427045033924d99)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Chee Yang Lee
b44d209043 qemu: fix and ignore several CVEs
backport fixes:
CVE-2020-13754, backport patches as debian security tracker notes
  https://security-tracker.debian.org/tracker/CVE-2020-13754

CVE-2021-3713
CVE-2021-3748
CVE-2021-3930
CVE-2021-4206
CVE-2021-4207
CVE-2022-0216, does not include qtest in patches, the qtest code were not available in v4.2.

Ignore:
CVE-2020-27661, issue introduced in v5.1.0-rc0
https://security-tracker.debian.org/tracker/CVE-2020-27661

(From OE-Core rev: 16a6e8530c4820f070973a1b4d64764c20706087)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Hitendra Prajapati
20087e04b3 connman: CVE-2022-32293 man-in-the-middle attack against a WISPR HTTP
Source: https://git.kernel.org/pub/scm/network/connman/connman.git/
MR: 120508
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a
ChangeID: 1583badc6de6bb8a7f63c06749b90b97caab5cdf
Description:
	 CVE-2022-32293 connman: man-in-the-middle attack against a WISPR HTTP.

(From OE-Core rev: 86334559e3dcf30e07e2a10a58bbe40a2e8cc887)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Virendra Thakur
10c6b704c0 sqlite3: Fix CVE-2020-35527
Add patch file to fix CVE-2020-35527

Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz

(From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Virendra Thakur
8b52687223 sqlite3: Fix CVE-2020-35525
Add patch to fix CVE-2020-35525

Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz

(From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Rajesh Dangi
65cf3249fa linux-yocto/5.4: update genericx86* machines to v5.4.205
(From meta-yocto rev: 218b103baafdd85031c6d74eb7ba65f3424b9ff6)

Signed-off-by: Rajesh Dangi <rajeshx.dangi@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:14 +01:00
Richard Purdie
537de1798b vim: Upgrade 9.0.0341 -> 9.0.0453
Includes fixes for CVE-2022-3099 and CVE-2022-3134.

(From OE-Core rev: 46ba253059738dbd4de4bc7a7ac02a2585c498f5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d042923262130b6b96f703b5cd4184f659caeb92)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:14 +01:00
Chee Yang Lee
2fa8edea5a go: fix and ignore several CVEs
backport fixes:
CVE-2021-27918
CVE-2021-36221
CVE-2021-39293
CVE-2021-41771

ignore:
CVE-2022-29526
CVE-2022-30634

(From OE-Core rev: ddb09ccc3caebbd3cf643bb3bb3c198845050c69)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:14 +01:00
Chee Yang Lee
e49990f01e gst-plugins-good: fix several CVE
backport fix for:
CVE-2022-1920
CVE-2022-1921
CVE-2022-1922
CVE-2022-1923
CVE-2022-1924
CVE-2022-1925
CVE-2022-2122

also set ignore at gstreamer1.0_1.16.3.bb

(From OE-Core rev: c852d3e6742fe82b9f4ec84b077d6e1b0bfd021e)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:13 +01:00
Florin Diaconescu
aa19c8c35e binutils : CVE-2022-38533
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

(From OE-Core rev: 2cf26e2e5a83d2b2efd01de34c11da07eeb9c8f9)

Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com
a69227932f systemd: Add 'no-dns-fallback' PACKAGECONFIG option
systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then adding that value to systemd's PACKAGECONFIG, the output from
runtime 'resolvectl status' command no longer contains the following
line:

  Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

(From OE-Core rev: 2b300d6b9ec6288a99d9dacb24a86949caf99e55)

(From OE-Core rev: 834ccad676b3d8d58d1a66bbe813a331599435b4)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com
a14af03441 systemd: Fix unwritable /var/lock when no sysvinit handling
Commit 8089cefed8 ("systemd: Add
PACKAGECONFIG for sysvinit") decoupled enabling of systemd's sysvinit
handling behavior behind a distinct PACKAGECONFIG feature.

This new option affects among other things the installing of
tmpfiles.d/legacy.conf, which is responsible for creating /run/lock
directory, which is pointed to by /var/lock symlink provided by
base-files package.

In case the option is not enabled, then base-files provided /var/lock
is a dangling symlink on resulting rootfs, causing problems with
certain Linux userspace components that rely on existence of writable
/var/lock directory. As an example:

  # fw_printenv
  Error opening lock file /var/lock/fw_printenv.lock

Since Filesystem Hierarchy Standard Version 3.0 states in
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s09.html that

  Lock files should be stored within the /var/lock directory structure.

Ensure the /run/lock directory is always created, so that lock files
can be stored under /var/lock also when 'sysvinit' handling is
disabled.

(From OE-Core rev: 85e5ee2c35cf5778c3aefda45f526e8f6a511131)

(From OE-Core rev: b8aa4d53b636bec55ad0ff4de764222662647859)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Chee Yang Lee
0781ad69b8 virglrenderer: fix CVE-2022-0135
(From OE-Core rev: 5eea0b24c6fcd90aab0737c7a3f7431535a02890)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Chee Yang Lee
9ca32cf9ab gnutls: fix CVE-2021-4209
(From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Chee Yang Lee
459d081bf8 connman: fix CVE-2022-32292
(From OE-Core rev: 380b6fb2583f875aad0cb28c91b1531e63eb2eeb)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Yi Zhao
5e7c237200 tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-1354
https://security-tracker.debian.org/tracker/CVE-2022-1354

https://nvd.nist.gov/vuln/detail/CVE-2022-1355
https://security-tracker.debian.org/tracker/CVE-2022-1355

Patches from:

CVE-2022-1354:
87f580f390

CVE-2022-1355:
c1ae29f9eb

(From OE-Core rev: 6c373c041f1dd45458866408d1ca16d47cacbd86)

(From OE-Core rev: 8414d39f3f89cc1176bd55c9455ad942db8ea4b1)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Virendra Thakur
a98b309fe2 tiff: Fix for CVE-2022-2867/8/9
Add Patch to fix CVE-2022-2867, CVE-2022-2868
CVE-2022-2869

(From OE-Core rev: 67df7488bf66183ffdb9f497f00ad291b79210d3)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Khan@kpit.com
b9c73d6591 python3: Fix CVE-2021-28861 for python3
Add patch to fix CVE-2021-28861

CVE-2021-28861.patch
Link: 4dc2cae3ab

(From OE-Core rev: cbf57b25c78ea9d56863d9546b51fc2c88adb8cf)

Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Richard Purdie
0566db5c82 vim: Upgrade 9.0.0242 -> 9.0.0341
Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

(From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:52 +01:00
Ross Burton
0bee2e95b7 cve-check: close cursors as soon as possible
We can have multiple processes reading the database at the same time, and
cursors only release their locks when they're garbage collected.

This might be the cause of random sqlite errors on the autobuilder, so
explicitly close the cursors when we're done with them.

(From OE-Core rev: 48742ddf4d0acd419c8ffb8f22124ed525efc2d9)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:52 +01:00
Joshua Watt
7ba4ed6f5f classes: cve-check: Get shared database lock
The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.

[YOCTO #14899]

(From OE-Core rev: 374dd13db2c4fa92793f12c93d68d09304f77c17)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:52 +01:00
Ranjitsinh Rathod
85637f30f3 libarchive: Fix CVE-2021-31566 issue
Add patch to fix CVE-2021-31566 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

(From OE-Core rev: 7028803d7d10c0b041a7bda16f9d9261f220459f)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Ranjitsinh Rathod
a5de603a1b libarchive: Fix CVE-2021-23177 issue
Add patch to fix CVE-2021-23177 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

(From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Robert Joslyn
8f4bbd9359 curl: Backport patch for CVE-2022-35252
https://curl.se/docs/CVE-2022-35252.html

(From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Hitendra Prajapati
d24759196a sqlite: CVE-2022-35737 assertion failure
Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
	 CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.

(From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Paul Eggleton
a884e8bdbf relocate_sdk.py: ensure interpreter size error causes relocation to fail
If there is insufficent space to change the interpreter, we were
printing an error here but the overall script did not return an error
code, and thus the SDK installation appeared to succeed - but some of
the binaries will not be in a working state. Allow the relocation to
proceed (so we still get a full list of the failures) but error out at
the end so that the installation is halted.

(From OE-Core rev: 345193f36d08cfe4899c65e8edf3f79db09c50d2)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c5a9a448e462d3e5457e8403c5a1a54148ecd224)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Anuj Mittal
e576212d25 cryptodev-module: fix build with 5.11+ kernels
Backport patch to fix:

| cryptodev-module/1.10-r0/git/ioctl.c:875:4: error: implicit declaration of function 'ksys_close'; did you mean 'ksys_chown'? [-Werror=implicit-function-declaration]
|   875 |    ksys_close(fd);
|       |    ^~~~~~~~~~
|       |    ksys_chown
| cc1: some warnings being treated as errors

(From OE-Core rev: 653b03aa6fc8effd3b2215a7a0ba005979e78e9f)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Bruce Ashfield
b16301db9a linux-yocto/5.4: update to v5.4.210
Updating  to the latest korg -stable release that comprises
the following commits:

    de0cd3ea700d Linux 5.4.210
    b58882c69f66 x86/speculation: Add LFENCE to RSB fill sequence
    f2f41ef0352d x86/speculation: Add RSB VM Exit protections
    3a0ef79c6abe macintosh/adb: fix oob read in do_adb_query() function
    54e1abbe8560 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    17c2356e467f selftests: KVM: Handle compiler optimizations in ucall
    170465715a60 KVM: Don't null dereference ops->destroy
    6098562ed9df selftests/bpf: Fix "dubious pointer arithmetic" test
    6a9b3f0f3bad selftests/bpf: Fix test_align verifier log patterns
    9d6f67365d9c bpf: Test_verifier, #70 error message updates for 32-bit right shift
    751f05bc6f95 selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    7c1134c7da99 bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    a8ba72bbeda5 ACPI: APEI: Better fix to avoid spamming the console with old error logs
    fa829bd4af43 ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    8ed6e5c5e23c ACPI: video: Force backlight native for some TongFang devices
    828f4c31684d thermal: Fix NULL pointer dereferences in of_thermal_ functions

(From OE-Core rev: 2663435831c0ef953fb7fe6c883f42cf0c86ae43)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Alexander Kanavin
beda483705 wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
(From OE-Core rev: 8b69eafa5c624dfc169ee11ced685847332437fa)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 75386480abd1660a50c79d5987b77ccc43295511)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Alexander Kanavin
3d435421bc tzdata: upgrade 2022a -> 2022b
(From OE-Core rev: b0a0abbcc5e631e693b9e896bd0fc9b9432dd297)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Alexander Kanavin
c4692956ea mobile-broadband-provider-info: upgrade 20220511 -> 20220725
(From OE-Core rev: 5dd5130f9b13212a4f5e8b075ae1ecda868c5f28)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96185dac787e14fa9eb77d009653a2fd4d926e3f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Richard Purdie
1cf135da98 vim: Upgrade 9.0.0115 -> 9.0.0242
Includes fixes for:

CVE-2022-2816
CVE-2022-2817
CVE-2022-2819
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2889

(From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Ernst Sjöstrand
fb9e6d51d4 cve-check: Don't use f-strings
Since we're keeping cve-check aligned between the active branches,
and dunfell is supported on Python 3.5, we can't use f-strings.

(From OE-Core rev: 4cc681fd66031c8355f69e53443536b31377eba9)

Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1821cf7464cbba521b55a9c128fe8812c0cc5eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Pawan Badganchi
211a3fd4db libxml2: Add fix for CVE-2016-3709
Add below patch to fix CVE-2016-3709

CVE-2016-3709.patch
Link: c1ba6f54d3

(From OE-Core rev: b9312041e4c8d565ad1e1102f8634bcc913adfa7)

Signed-off-by: Pawan Badganchi<pawan.badganchi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
964b78a02d golang: CVE-2022-32189 a denial of service
Source: https://github.com/golang/go
MR: 120634
Type: Security Fix
Disposition: Backport from 703c8ab7e5
ChangeID: 3ade323dd52a6b654358f6738a0b3411ccc6d3f8
Description:
	CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.

(From OE-Core rev: 9b3420c9a91059eb55754078bb1e733972e94489)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
1a1eceee49 golang: fix CVE-2022-30635 and CVE-2022-32148
Source: https://github.com/golang/go
MR: 120628, 120631
Type: Security Fix
Disposition: Backport from ed2f33e1a7 && ed2f33e1a7
ChangeID: fbd8d61bdc2e9cb0cdbe9879e02aed218ee93dbe
Description:
Fixed CVE:
	1. CVE-2022-30635
	2. CVE-2022-32148

(From OE-Core rev: 2c4fb77f417464d9cd40f0ebd8cc52e6e6ca689e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
7d67a61029 golang: fix CVE-2022-30632 and CVE-2022-30633
Source: https://github.com/golang/go
MR: 120622, 120625
Type: Security Fix
Disposition: Backport from 76f8b7304d && 2678d0c957
ChangeID: aabb29a6dd6a89842f451c95af228aaf66e58bb5
Description:
Fixed CVE:
	1. CVE-2022-30632
	2. CVE-2022-30633

(From OE-Core rev: 9ffaae887743d77839fb758657b1dec71a9b8880)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
8bc3443c08 golang: fix CVE-2022-30629 and CVE-2022-30631
Source: https://github.com/golang/go
MR: 120613, 120613
Type: Security Fix
Disposition: Backport from c15a8e2dbb && 0117dee7dc
ChangeID: 366db775dec045d7b312b8da0436af36ab322046
Description:
Fixed CVE:
	1. CVE-2022-30629
	2. CVE-2022-30631

(From OE-Core rev: 6813a265c7c21e24636d07a6a8df16ef0cf7da50)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
dea6f2c847 libtiff: CVE-2022-34526 A stack overflow was discovered
Source: https://gitlab.com/libtiff/libtiff
MR: 120545
Type: Security Fix
Disposition: Backport from 275735d035
ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387
Description:
          CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit.

(From OE-Core rev: 462d4a55a460c60a7b8c36fe3899e66f13835761)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Joshua Watt
87377eacc0 bitbake: utils: Pass lock argument in fileslocked
Pass additional arguments in the fileslocked() context manager to the
underlying lockfile() function. This allows the context manager to be
used for any types of locks (non-blocking, shared, etc.) that the
lockfile() function supports.

(Bitbake rev: 048d682b031644fb9f0d41a489bacb873aa27bd7)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-02 11:45:35 +01:00
Jon Mason
bc294f9573 ref-manual: add numa to machine features
numa is an existing machine feature, add it to the list so that users
are aware of it.

(From yocto-docs rev: d9931a04bccd115f854275cd46c8195c3fa1d391)

Signed-off-by: Jon Mason <jdmason@kudzu.us>
Reviewed-by: Quentin Schulz <foss+yocto@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-31 12:17:37 +01:00
Richard Purdie
adc49cb960 bitbake: runqueue: Change pressure file warning to a note
The user does need to be told about this but it isn't really a warning,
just something they may need to be aware of. Drop the level accordingly.

(Bitbake rev: 3b719e8e115b7fde869f62ddc180e045c1b51cdf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-24 15:43:28 +01:00
Aryaman Gupta
afd213cc8e bitbake: bitbake: runqueue: add memory pressure regulation
Prevent new tasks from being scheduled if the memory pressure is above
a certain threshold, specified through the "BB_MAX_PRESSURE_MEMORY"
variable in the conf/local.conf file. This is an extension to the
following commit and hence regulates pressure in the same way:
   48a6d84de1 bitbake: runqueue: add cpu/io pressure regulation

Memory pressure is experienced when time is spent swapping, refaulting
pages from the page cache or performing direct reclaim. This is why
memory pressure is rarely seen but might be useful as a last resort to
prevent OOM errors.

(Bitbake rev: 44c395434c7be8dab968630a610c8807f512920c)

(Bitbake rev: 82b683f8c7a559f4fcab68f6a0fa7dc3dc20fa05)

Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy Macleod <Randy.Macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-23 15:57:11 +01:00
Aryaman Gupta
eaf8d5efa0 bitbake: bitbake: runqueue: add cpu/io pressure regulation
Prevent the scheduler from starting new tasks if the current cpu or io
pressure is above a certain threshold and there is at least one active
task. This threshold can be specified through the
"BB_PRESSURE_MAX_{CPU|IO}" variables in conf/local.conf.

The threshold represents the difference in "total" pressure from the
previous second. The pressure data is discussed in this oe-core commit:
   061931520b buildstats.py: enable collection of /proc/pressure data
where one can see that the average and "total" values are available.
>From tests, it was seen that while using the averaged data was somewhat
useful, the latency in regulating builds was too high. By taking the
difference between the current pressure and the pressure seen in the
previous second, better regulation occurs. Using a shorter time period
is appealing but due to fluctations in pressure, comparing the current
pressure to 1 second ago achieves a reasonable compromise. One can look
at the buildstats logs, that usually sample once per second, to decide a
sensible threshold.

If the thresholds aren't specified, pressure is not monitored and hence
there is no impact on build times. Arbitary lower limit of 1.0 results
in a fatal error to avoid extremely long builds. If the limits are higher
than 1,000,000, then warnings are issued to inform users that the specified
limit is very high and unlikely to result in any regulation.

The current bitbake scheduling algorithm requires that at least one
task be active. This means that if high pressure is seen, then new tasks
will not be started and pressure will be checked only for as long as at
least one task is active. When there are no active tasks, an additional task
will be started and pressure checking resumed. This behaviour means that
if an external source is causing the pressure to exceed the threshold,
bitbake will continue to make some progress towards the requested target.
This violates the intent of limiting pressure but, given the current
scheduling algorithm as described above, there seems to be no other option.
In the case where only one bitbake build is running, the implications of
the scheduler requirement will likely result in pressure being higher
than the threshold. More work would be required to ensure that
the pressure threshold is never exceeded, for example by adding pressure
monitoring to make and ninja.

(Bitbake rev: 502e05cbe67fb7a0e804dcc2cc0764a2e05c014f)

(Bitbake rev: 66741d216e9d4343e82a94f00cd39751632a5b96)

Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy Macleod <randy.macleod@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-23 15:57:11 +01:00
Richard Purdie
4aad5914ef build-appliance-image: Update to dunfell head revision
(From OE-Core rev: a3cba15142e98177119ef36c09f553d09acf35ef)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 16:07:08 +01:00
Steve Sakoman
23322786e0 poky.conf: bump version for 3.1.19 release
(From meta-yocto rev: 2de758bc8a4ead8e89619766d5096604b554f2c1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 16:06:53 +01:00
Steve Sakoman
139225f0ba documentation: update for 3.1.19 release
(From yocto-docs rev: 95e030ec74f69eccabcc97737c8a93fd7629f9d9)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 16:06:53 +01:00
Christophe Priouzeau
fc24cd1948 bitbake: fetch2/wget: Update user-agent
With the usage of enterprise proxy, the user-agent defined are
too old and refused by proxy configuration. Updating to something
more modern is desirable.

(Bitbake rev: 17be38290d1e971cd89785e6bf44caef0a6416f8)

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7001fdd7c4dca372cbebd8fd2c0b03c5d43f9400)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 15:42:30 +01:00
Shruthi Ravichandran
1fc880e165 initscripts: run umountnfs as a KILL script
`rc` runs all the KILL scripts in a runlevel before the START scripts.
The umountnfs script is currently configured as a START script, and
runs after the networking KILL script. During shutdown, this causes a
~3 minute timeout after networking is shutdown when the system tries
to connect to and unmount any mounted network shares.
Fix this by changing the script configuration to "stop" so that it can
run before networking is stopped and unmount any network shares
safely.

(From OE-Core rev: e59c72d570102d72786e44c8ace69fd4d0e8e5ef)

Signed-off-by: Shruthi Ravichandran <shruthi.ravichandran@ni.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c419bd4537756e9f6c2fe6da3a9b798526e27eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Ming Liu
9243169d4f rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
This is to ensure host-user-contaminated.txt would be removed before
do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a
host-user-contaminated.txt file that generated from previous builds
could be used which is wrong.

(From OE-Core rev: 06cfa8be54c9aee23bd8570a370a974b463a0a1a)

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Pascal Bach
f97bd9abe6 bin_package: install into base_prefix
This makes the bin_package.bbclass work properly with the native class.

(From OE-Core rev: 0bf78a8e0e1cf7e74b55aca4db0e62dd9dfa55ce)

Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad330b6d4b6e2ba051b5c6c437e07a183831f757)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Richard Purdie
59180eb474 kernel-arch: Fix buildpaths leaking into external module compiles
Building external kernel modules like lttng-modules was showing build paths
inside the debug symbols for the modules and breaking build reproducibility.

Fix this by adding in the mapping needed to map the kernel build directory
to something more approriate on target.

(From OE-Core rev: c4d8834ed3d200f25f12fec8acfa2b954f3240e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b56dc9009ba93174de6bf4c01e17808ef249dc5c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Dmitry Baryshkov
2340b1dbb9 linux-firwmare: restore WHENCE_CHKSUM variable
Restore WHENCE_CHKSUM variable which is used to hold the WHENCE file
checksum. It is necessary to allow easily overriding it from local.conf
if the devupstream version is selected:

PREFERRED_VERSION_linux-firmware = "1:20220708+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "abf1077491eeb261ecdcb680a34fc059"

Without the WHENCE_CHECKSUM one would need to manually patch the
LIC_FILES_CHKSUM variable to change the checksum of WHENC (e.g. using
the anonymous python function or remove expression).

(From OE-Core rev: ba997f02b2cb86aeaa308873727a9280d1f88b5b)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 554be2af1e0a03a2d23032d48afbbe0913a45409)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Alexander Kanavin
0b85e5d610 linux-firmware: update 20220610 -> 20220708
License-Update: a few obsolete firmware were dropped
(particularly i2400m and tda7706), file list updates.

(From OE-Core rev: a151460d9234d6cd0bd1920c48aff8c78454931a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e89fb37e13fcb832ee7d35e7d92d45eaca20689e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Randy MacLeod
ef2da8f28e vim: update from 9.0.0063 to 9.0.0115
Drop crosscompile.patch which was merged as part of:
   509695c1c (tag: v9.0.0065) patch 9.0.0065: \
      cross-compiling doesn't work because of timer_create check

Also drop: racefix.patch which may have been fixed upstream
and is being tracked by:
   https://github.com/vim/vim/pull/10776
where upstream is asking if the different approach resolves the
race condition. Let's see what's out there!

(From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35)

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Richard Purdie
5373e681cf vim: Upgrade 9.0.0021 -> 9.0.0063
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.

Change from master commit: we also disable timer_create in the target case
since the function isn't available in our glibc.

(From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Hitendra Prajapati
98dd6e4cac zlib: CVE-2022-37434 a heap-based buffer over-read
Source: https://github.com/madler/zlib
MR: 120531
Type: Security Fix
Disposition: Backport from eff308af42 & 1eb7682f84
ChangeID: 364c17d74213c64fe40b9b37ee78aa172ff93acf
Description:
          CVE-2022-37434 zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

(From OE-Core rev: 10ed7cf347d9e73b29e4a3f6ef77e0a4b08e350b)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Hitendra Prajapati
ae4acc9f81 gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
Source: https://gitlab.com/gnutls/gnutls
MR: 120421
Type: Security Fix
Disposition: Backport from ce37f9eb26
ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5
Description:
          CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify.

(From OE-Core rev: 4cac37913d08f433668778e788f01e009dbb94bd)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Hitendra Prajapati
cfd2eaa0e1 qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write
Source: https://git.qemu.org/?p=qemu.git;
MR: 107558
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
ChangeID: c5d25422f43edb7d8728118eb482eba09474ef2c
Description:
          CVE-2020-27821 qemu: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c.

(From OE-Core rev: 198bd53bdc77d2b01dae19993bde79f03f4dd02c)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Jose Quaresma
5b956ef359 gstreamer1.0: use the correct meson option for the capabilities
(From OE-Core rev: ac6ea1a96645d2a4dd54660256603f0b191bb4d3)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baeab0f51ecc19fb85101c4bd472f0650231d0de)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Martin Jansa
54846f581e libxml2: Port gentest.py to Python-3
* but it still won't work well on hosts without libxml2, make
  sure to use pre-generated testapi.c in do_compile_ptest

* this is reproducible with SOURCE_DATE_EPOCH set to 0 which
  e.g. meta-updater still sets by default for DISTROs which
  use it :(, see https://github.com/uptane/meta-updater/pull/35

(From OE-Core rev: 2f78dbcb300e7deae6cf39263e874ee8776d7a7b)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Steve Sakoman
b361f2a931 selftest: skip virgl test on fedora 36
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 33d006ed8d93ea4c185d6b28a72b2d252fbb5ae1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Alex Kiernan
0c3dfb682d openssh: Add openssh-sftp-server to openssh RDEPENDS
OpenSSH 9.0 uses sftp by default as the transport for scp, add in
sftp-server so that this works as expected for users, rather than being
left with a confusing "scp: Connection closed" message.

(From OE-Core rev: 788e2c6bccc58e5a88b33fa91ea3c3ffec7611ca)

Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be61b9dac78f0d85c870a0d8304fb4b536ec4bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Khem Raj
7c7fc0de71 libmodule-build-perl: Use env utility to find perl interpreter
Fixes
ERROR: QA Issue: : /work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/sysroot-destdir/work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/recipe-sysroot-native/usr/bin/config_data maximum shebang size exceeded, the maximum size is 128. [shebang-size]

(From OE-Core rev: f11ed8c8fd78b88a50f382df419afff6ccde02a0)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54ecb2d3f2523293383103cbe590ebdd037ee483)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Richard Purdie
354f571f61 insane: Fix buildpaths test to work with special devices
If enabled, the buildpaths test hangs in psplash as it tries to open
a fifo and read from it, hanging indefinitely.

Tweak the test to ignore fifo/socket/device files.

(From OE-Core rev: 0106c6a629d0a9f07d76ffaad2dc92e48021e1b0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2567edb7e0a8c5ca9a88d6940491bf33bfe0eff9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Bruce Ashfield
883102b9b8 linux-yocto/5.4: update to v5.4.209
Updating  to the latest korg -stable release that comprises
the following commits:

    8d8935e76f6f Linux 5.4.209
    0b0088e47587 scsi: core: Fix race between handling STS_RESOURCE and completion
    85fe8623f061 mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
    d5a596c148b3 ARM: crypto: comment out gcc warning that breaks clang builds
    8d6dab81ee3d sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    a49282eca8ab sfc: disable softirqs for ptp TX
    7799f742f24b perf symbol: Correct address for bss symbols
    388b3f14ff60 virtio-net: fix the race between refill work and close
    52be29e8b645 netfilter: nf_queue: do not allow packet truncation below transport header offset
    8e0ed463dbd5 sctp: fix sleep in atomic context bug in timer handlers
    bc135e464dee i40e: Fix interface init with MSI interrupts (no MSI-X)
    46462e26e65f tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    d42f68a9ceb4 tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    c2b57a4d3ff6 Documentation: fix sctp_wmem in ip-sysctl.rst
    2d30375343b6 tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    5d235c2fc295 tcp: Fix a data-race around sysctl_tcp_autocorking.
    e02c7ee5a430 tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    558a2949608f tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    fb200869eabe net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    e20dd1b0e0ea igmp: Fix data-races around sysctl_igmp_qrv.
    73e5a0b59129 ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    421e5dd1f12e net: ping6: Fix memleak in ipv6_renew_options().
    3d492b008b3d tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    dfdc635d55f9 tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    d62e255ecc33 scsi: ufs: host: Hold reference returned by of_parse_phandle()
    b1343528c7ae ice: do not setup vlan for loopback VSI
    15d019860159 ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    cd23a2ad7b7c tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    f9a03fd8ed31 tcp: Fix a data-race around sysctl_tcp_frto.
    3be498bcf6ea tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    f4b83df01105 tcp: Fix a data-race around sysctl_tcp_app_win.
    f240d0cad26c tcp: Fix data-races around sysctl_tcp_dsack.
    b9f937d3d54d s390/archrandom: prevent CPACF trng invocations in interrupt context
    911904c577e0 ntfs: fix use-after-free in ntfs_ucsncmp()
    098e07ef0059 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put

(From OE-Core rev: bd55001d9f895c7d52fedc7d1d2eb7b2ad7032b1)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Bruce Ashfield
b365d212dc linux-yocto/5.4: update to v5.4.208
Updating  to the latest korg -stable release that comprises
the following commits:

    77ba2b9b46f8 Linux 5.4.208
    ca5762c5896e x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
    f88d8c188229 net: usb: ax88179_178a needs FLAG_SEND_ZLP
    f7785092cb7f tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
    815d936e92f9 tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
    2ea77b0b6d22 tty: drop tty_schedule_flip()
    f20912215c9c tty: the rest, stop using tty_schedule_flip()
    aa60c0cce8b4 tty: drivers/tty/, stop using tty_schedule_flip()
    126137a53d7e Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
    836b47e6436b Bluetooth: SCO: Fix sco_send_frame returning skb->len
    aa2d34cab3e6 Bluetooth: Fix passing NULL to PTR_ERR
    10bacb891722 Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
    bf46574d4655 Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
    f00b06003b11 Bluetooth: Add bt_skb_sendmmsg helper
    55bf99849be0 Bluetooth: Add bt_skb_sendmsg helper
    015af30d373d ALSA: memalloc: Align buffer allocations in page size
    352affc31e26 bitfield.h: Fix "type of reg too small for mask" test
    0a0fbbd6cb65 x86/mce: Deduplicate exception handling
    b524137fa1d8 mmap locking API: initial implementation as rwsem wrappers
    592a1c6066dd x86/uaccess: Implement macros for CMPXCHG on user addresses
    1d778b54a5c0 x86: get rid of small constant size cases in raw_copy_{to,from}_user()
    d0d583484d2e locking/refcount: Consolidate implementations of refcount_t
    dab787c73f6e locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions
    0d3182fbe689 locking/refcount: Move saturation warnings out of line
    809554147d60 locking/refcount: Improve performance of generic REFCOUNT_FULL code
    9c9269977f03 locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the <linux/refcount.h> header
    04bff7d7b808 locking/refcount: Remove unused refcount_*_checked() variants
    513b19a43bec locking/refcount: Ensure integer operands are treated as signed
    68b4ee68e8c8 locking/refcount: Define constants for saturation and max refcount values
    3f71d0e292eb ima: remove the IMA_TEMPLATE Kconfig option
    bc7581e36d40 dlm: fix pending remove if msg allocation fails
    4f1d21c77b15 bpf: Make sure mac_header was set before using it
    a1f8765f68bc mm/mempolicy: fix uninit-value in mpol_rebind_policy()
    76668d2a2f36 spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
    50a1d3d09750 tcp: Fix data-races around sysctl_tcp_max_reordering.
    c64b99819de4 tcp: Fix a data-race around sysctl_tcp_rfc1337.
    6cc566df6806 tcp: Fix a data-race around sysctl_tcp_stdurg.
    7f68bed16c7b tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
    369d99c2b89f tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
    492f3713b282 tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
    92c35113c633 tcp: Fix data-races around sysctl_tcp_recovery.
    83767fe800a3 tcp: Fix a data-race around sysctl_tcp_early_retrans.
    795aee11fda4 tcp: Fix data-races around sysctl knobs related to SYN option.
    f39b03bd727a udp: Fix a data-race around sysctl_udp_l3mdev_accept.
    6727f39e99e0 ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
    a8569f76df7e be2net: Fix buffer overflow in be_get_module_eeprom
    91d6aa19dd72 gpio: pca953x: only use single read/write for No AI mode
    031af9e617a6 ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
    55a2a28b3285 i40e: Fix erroneous adapter reinitialization during recovery process
    d88d59faf4e6 iavf: Fix handling of dummy receive descriptors
    25d53d858a6c tcp: Fix data-races around sysctl_tcp_fastopen.
    78420d8e46df tcp: Fix data-races around sysctl_max_syn_backlog.
    dc58e68d1e26 tcp: Fix a data-race around sysctl_tcp_tw_reuse.
    e9362a993886 tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
    b0d9f04c870e tcp: Fix data-races around some timeout sysctl knobs.
    ea309c467dac tcp: Fix data-races around sysctl_tcp_reordering.
    b222de2560ab tcp: Fix data-races around sysctl_tcp_syncookies.
    ff55c025e647 igmp: Fix a data-race around sysctl_igmp_max_memberships.
    1656ecaddf90 igmp: Fix data-races around sysctl_igmp_llm_reports.
    2aad2c5745ec net/tls: Fix race in TLS device down flow
    573768dede0e net: stmmac: fix dma queue left shift overflow issue
    911b81fca2d7 i2c: cadence: Change large transfer count reset logic to be unconditional
    73a11588751a tcp: Fix a data-race around sysctl_tcp_probe_interval.
    b04817c94fbd tcp: Fix a data-race around sysctl_tcp_probe_threshold.
    033963b22063 tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
    fdb96b69f590 tcp: Fix data-races around sysctl_tcp_min_snd_mss.
    30b73edc1d24 tcp: Fix data-races around sysctl_tcp_base_mss.
    f966773e13cd tcp: Fix data-races around sysctl_tcp_mtu_probing.
    a7386602a2fe tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
    25a635a67c83 ip: Fix a data-race around sysctl_fwmark_reflect.
    281de3719986 ip: Fix data-races around sysctl_ip_nonlocal_bind.
    7828309df0f8 ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
    5af6d9226376 ip: Fix data-races around sysctl_ip_no_pmtu_disc.
    16cb6717f4f4 igc: Reinstate IGC_REMOVED logic and implement it properly
    98c3c8fd0d4c perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
    6194c021496a pinctrl: ralink: Check for null return of devm_kcalloc
    78bdf732cf5d power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
    f4248bdb7d5c xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
    c68f6e2e4fda serial: mvebu-uart: correctly report configured baudrate value
    2230428fb866 PCI: hv: Fix interrupt mapping for multi-MSI
    7121d7120fd4 PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
    584c9d41800b PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
    8e94cc883011 PCI: hv: Fix multi-MSI to allow more than one MSI vector
    3048666143be xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
    ed3fea55066b lockdown: Fix kexec lockdown bypass with ima policy
    c3856fe718ad mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
    c3dc75118445 riscv: add as-options for modules with assembly compontents
    e5a6b05d0c68 pinctrl: stm32: fix optional IRQ support to gpios
    002c3bbb4713 Linux 5.4.207
    08d90846e438 can: m_can: m_can_tx_handler(): fix use after free of skb
    579c8a2e6361 serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
    0c8649a49788 serial: stm32: Clear prev values before setting RTS delays
    f4c7f5028b48 serial: 8250: fix return error code in serial8250_request_std_resource()
    07379bd79d86 tty: serial: samsung_tty: set dma burst_size to 1
    edcb2612218d usb: dwc3: gadget: Fix event pending check
    40034fe6b8a7 usb: typec: add missing uevent when partner support PD
    42373b717a3f USB: serial: ftdi_sio: add Belimo device ids
    cbc98dcc38e2 signal handling: don't use BUG_ON() for debugging
    172cd32ada70 ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
    c7d4b3ec6306 soc: ixp4xx/npe: Fix unused match warning
    a3c7c1a726a4 x86: Clear .brk area at early boot
    549f70b29953 irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
    b0f41db50084 ASoC: madera: Fix event generation for rate controls
    79067a663247 ASoC: madera: Fix event generation for OUT1 demux
    0e7e515a6733 ASoC: cs47l15: Fix event generation for low power mux control
    20b921f22a8b ASoC: wm5110: Fix DRE control
    f298d2e4c60c ASoC: ops: Fix off by one in range control validation
    ede990cfc427 net: sfp: fix memory leak in sfp_probe()
    555cee1bc40b nvme: fix regression when disconnect a recovering ctrl
    08082a642aaa NFC: nxp-nci: don't print header length mismatch on i2c error
    4919d82f7041 net: tipc: fix possible refcount leak in tipc_sk_create()
    70d8aee1de6e platform/x86: hp-wmi: Ignore Sanitization Mode event
    8dda30f81c75 cpufreq: pmac32-cpufreq: Fix refcount leak bug
    b749af1b8f11 netfilter: br_netfilter: do not skip all hooks with 0 priority
    0c9203e75dae virtio_mmio: Restore guest page size on resume
    569f1ee032c9 virtio_mmio: Add missing PM calls to freeze/restore
    70433d9ea6ff mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
    da346adcf557 sfc: fix kernel panic when creating VF
    ba60ca0ed12e seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
    de7849d9de1d seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
    487f0f77f1cd seg6: fix skb checksum evaluation in SRH encapsulation/insertion
    bcad880865bf sfc: fix use after free when disabling sriov
    b8d77f2396d5 net: ftgmac100: Hold reference returned by of_get_child_by_name()
    9b61d3f6df1b ipv4: Fix data-races around sysctl_ip_dynaddr.
    cc9540ba5b36 raw: Fix a data-race around sysctl_raw_l3mdev_accept.
    df691b991043 icmp: Fix a data-race around sysctl_icmp_ratemask.
    8bc1f6871490 icmp: Fix a data-race around sysctl_icmp_ratelimit.
    3093a6fe3170 drm/i915/gt: Serialize TLB invalidates with GT resets
    40d58aad2f66 ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
    bf676c940865 ARM: dts: at91: sama5d2: Fix typo in i2s1 node
    7c1acd98fb22 ipv4: Fix a data-race around sysctl_fib_sync_mem.
    0cba7ca667ce icmp: Fix data-races around sysctl.
    0e41a0f73ccb cipso: Fix data-races around sysctl.
    861f1852af6d net: Fix data-races around sysctl_mem.
    8d2daf565f61 inetpeer: Fix data-races around sysctl.
    2968830c9b47 net: stmmac: dwc-qos: Disable split header for Tegra194
    1273fd5153e8 ASoC: sgtl5000: Fix noise on shutdown/remove
    388f3df7c3c8 ima: Fix a potential integer overflow in ima_appraise_measurement
    72f231b9a88a drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
    0f02e7c02bb0 ARM: 9210/1: Mark the FDT_FIXED sections as shareable
    41ea241fb3c2 ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
    851730a1989f ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
    18881d7e5171 ext4: fix race condition between ext4_write and ext4_convert_inline_data
    423f2695007d sched/rt: Disable RT_RUNTIME_SHARE by default
    31e99fa969fd Revert "evm: Fix memleak in init_desc"
    d85d19f3b664 nilfs2: fix incorrect masking of permission flags for symlinks
    393594aad551 drm/panfrost: Fix shrinker list corruption by madvise IOCTL
    ad44e05f3e01 cgroup: Use separate src/dst nodes when preloading css_sets for migration
    444be5a02b77 wifi: mac80211: fix queue selection for mesh/OCB interfaces
    dba548476909 ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    b4d99aa5ae90 ARM: 9213/1: Print message about disabled Spectre workarounds only once
    2c1cc40fb2a1 ip: fix dflt addr selection for connected nexthop
    fb5a7f1548d6 net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
    ecc6dec12c33 tracing/histograms: Fix memory leak problem
    7425479d20f9 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    9026b280eb7f ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
    bbb82d4d9b3d ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
    7e2fbf2d9b61 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    33d33a66e31c ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    5e7cc47ab923 ALSA: hda - Add fixup for Dell Latitidue E5430
    658410791556 Linux 5.4.206
    15a3adfe7593 Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"

(From OE-Core rev: b98028117b82aab650affb0538e77bb69fb5fdf8)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Ross Burton
c4499b85f7 cve_check: skip remote patches that haven't been fetched when searching for CVE tags
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally.  Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.

Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.

(From OE-Core rev: a2d03f445c45558997484240d2549eaa1e103692)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cefc8741438c91f74264da6b59dece2e31f9e5a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Hitendra Prajapati
c35c1e15f0 gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
Source: https://gitlab.gnome.org/GNOME/gdk-pixbuf
MR: 120380
Type: Security Fix
Disposition: Backport from 5398f04d77
ChangeID: d8a843bcf97268ee4f0c6870f1339790a9a908e5
Description:
         CVE-2021-46829 gdk-pixbuf: a heap-based buffer overflow when compositing or clearing frames in GIF files.

(From OE-Core rev: ef3f5fba3c3b5e8b16d6b8b7721468e61c65f72f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Hitendra Prajapati
820e8891b8 grub2: Fix several security issue of integer underflow
Source: https://git.savannah.gnu.org/gitweb/?p=grub.git
MR: 119763, 119779, 119807
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3e4817538de828319ba6d59ced2fbb9b5ca13287 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=04c86e0bb7b58fc2f913f798cdb18934933e532d
ChangeID: ef7c28bc7b4eb32550df2cf49082791dac64ef1b
Description:
Fix CVEs:
	CVE-2022-28733
	CVE-2022-28734
	CVE-2022-28736

(From OE-Core rev: 4608413d460fa351d583c357fbc9b1957cb3d1d6)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Hitendra Prajapati
b9ae8da74e libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
Source: http://git.linux-nfs.org/?p=steved/libtirpc.git;
MR: 120231
Type: Security Fix
Disposition: Backport from http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
ChangeID: 544120a5f10a4717cd2c7291821a012e26b14b7f
Description:
        CVE-2021-46828 libtirpc: DoS vulnerability with lots of connections.

(From OE-Core rev: 73d2b640ad665f6ff3c4fbe8f5da4ef0dbb175f2)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Hitendra Prajapati
038831674e libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By Zero Error
Source: https://gitlab.com/libtiff/libtiff
MR: 119341
Type: Security Fix
Disposition: Backport from dd1bcc7abb
ChangeID: 6cea4937a34a618567a42cef8c41961ade2f3a07
Description:
        CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 libTiff: DoS from Divide By Zero Error.

(From OE-Core rev: 429c2c89b65b8e226d4e0d6f94d43300989c143e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Hitendra Prajapati
25606f450d qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
Source: https://github.com/qemu/qemu
MR: 119832
Type: Security Fix
Disposition: Backport from 418ade7849
ChangeID: 1246afd7bb950d2d5fe2e198961797c0fa14ac00
Description:
        CVE-2022-35414 qemu: can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

(From OE-Core rev: 7c3043df56b3090138fe56f8c06df5ca08cafd26)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Hitendra Prajapati
9e7f4a7db2 grub2: Fix buffer underflow write in the heap
Source: https://git.savannah.gnu.org/gitweb/?p=grub.git
MR: 119719, 119733, 119689
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e623866d9286410156e8b9d2c82d6253a1b22d08 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=210245129c932dc9e1c2748d9d35524fb95b5042 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6
ChangeID: 97605970cd42776fa449fd8318f2762e32bbd177
Description:
Fixed CVEs :
        CVE-2021-3695
        CVE-2021-3696
        CVE-2021-3697

Affects "grub2 < 2.06"

(From OE-Core rev: 191db3c58b52fa7c8530d82f7e3e3b24075fdeb4)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
LUIS ENRIQUEZ
e4946bd39e kernel-fitimage.bbclass: add padding algorithm property in config nodes
This allows choosing padding algorithm when building fitImage. It may be pkcs-1.5 or pss.

(From OE-Core rev: 152765b74c77b4da102fce9c4c61a667e71f26a1)

Signed-off-by: LUIS ENRIQUEZ <luis.enriquez@se.com>
From: LUIS ENRIQUEZ <luis.enriquez@se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Sana.Kazi
97810ff2d7 libjpeg-turbo: Fix CVE-2021-46822
Add patch to fix CVE-2021-46822
Link: f35fd27ec6.patch

(From OE-Core rev: 80d14a9aaff273daca68c2e860701d51fee45851)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:33 +01:00
Hitendra Prajapati
d323923047 gnupg: CVE-2022-34903 possible signature forgery via injection into the status line
Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git
MR: 119424
Type: Security Fix
Disposition: Backport from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b
ChangeID: 97de66d6aa74e12cb1bf82fe85ee62e2530fccf6
Description:
	CVE-2022-34903 gnupg: possible signature forgery via injection into the status line.

(From OE-Core rev: 2bf155d59e33972bbb1780e34753199b5a9192a0)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:33 +01:00
Richard Purdie
d695bd0d3d build-appliance-image: Update to dunfell head revision
(From OE-Core rev: 3f40d5f095ceb099b604750db96058df00fcd49e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:18 +01:00
Steve Sakoman
08bd8cc114 poky.conf: bump version for 3.1.18 release
(From meta-yocto rev: 57d6803aaf475552a827d322d90d1f07ba73a97d)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Bruce Ashfield
eb32f7f5e6 linux-yocto-rt/5.4: fixup -rt build breakage
Integrating the following commit(s) to linux-yocto/5.4:

    cc478e363cc3 rt: fixup random and irq/manage merge issues

(From OE-Core rev: 597eef3b2f6cb884c474c44e87b1137e6acbe6b5)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Bruce Ashfield
88be415b10 linux-yocto/5.4: update to v5.4.205
Updating  to the latest korg -stable release that comprises
the following commits:

    0ec831fa971d Linux 5.4.205
    1be11d7f3c89 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    b31ab132561c dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    f19026ede26e dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    164e88024f82 dmaengine: pl330: Fix lockdep warning about non-static key
    5af3f2a697d5 ida: don't use BUG_ON() for debugging
    d88022b41eff dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
    aaf875578fd9 misc: rtsx_usb: set return value in rsp_buf alloc err path
    29612c43a2c5 misc: rtsx_usb: use separate command and response buffers
    0e517d0d7feb misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
    858c2d070895 dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
    67586906893c i2c: cadence: Unregister the clk notifier in error path
    acb72388aed5 selftests: forwarding: fix error message in learning_test
    7adf3d45c460 selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
    681738560bf2 selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT
    0711d15ccb27 ibmvnic: Properly dispose of all skbs during a failover.
    aa698affa62c ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
    6b4747d5af43 ARM: at91: pm: use proper compatible for sama5d2's rtc
    123540275034 pinctrl: sunxi: sunxi_pconf_set: use correct offset
    12a690536931 pinctrl: sunxi: a83t: Fix NAND function name for some pins
    3cf8ece91132 ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    c465bbcd3c74 xfs: remove incorrect ASSERT in xfs_rename
    845dac0276a5 can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
    9afdff9dd820 can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
    93f228fcbef2 can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
    0adb049bac09 powerpc/powernv: delay rng platform device creation until later in boot
    782b65ee7bbe video: of_display_timing.h: include errno.h
    af93e8219734 fbcon: Prevent that screen size is smaller than font size
    4f34f380f952 fbcon: Disallow setting font bigger than screen size
    997d86cd3e39 fbmem: Check virtual screen sizes in fb_set_var()
    407c1b491fbd fbdev: fbmem: Fix logo center image dx issue
    14ff1184310f iommu/vt-d: Fix PCI bus rescan device hot add
    800bb66ab275 net: rose: fix UAF bug caused by rose_t0timer_expiry
    04894ab34faf usbnet: fix memory leak in error case
    6f655b5e13fa can: gs_usb: gs_usb_open/close(): fix memory leak
    eb7bbd7728da can: grcan: grcan_probe(): remove extra of_node_get()
    5b48f5711f1c can: bcm: use call_rcu() instead of costly synchronize_rcu()
    e7e3e90d6710 mm/slub: add missing TID updates on slab deactivation
    3defefd22ad5 esp: limit skb_page_frag_refill use to a single page
    49286fbdad47 Linux 5.4.204
    0ac2845937ce clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup()
    d40057538bee net: usb: qmi_wwan: add Telit 0x1070 composition
    ea89a522b4cc net: usb: qmi_wwan: add Telit 0x1060 composition
    5c03cad51b84 xen/arm: Fix race in RB-tree based P2M accounting
    60ac50daad36 xen/blkfront: force data bouncing when backend is untrusted
    ede57be88a5f xen/netfront: force data bouncing when backend is untrusted
    04945b5beb73 xen/netfront: fix leaking data in shared pages
    42112e8f9461 xen/blkfront: fix leaking data in shared pages
    b7c996abe545 selftests/rseq: Change type of rseq_offset to ptrdiff_t
    dc2825288012 selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area
    f89d15c9861c selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area
    618da2318e15 selftests/rseq: Fix: work-around asm goto compiler bugs
    58082d4e8186 selftests/rseq: Remove arm/mips asm goto compiler work-around
    1c9f13880f47 selftests/rseq: Fix warnings about #if checks of undefined tokens
    6f87493c3aa6 selftests/rseq: Fix ppc32 offsets by using long rather than off_t
    4e9c8fd7f7f0 selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store
    d0ca70238f40 selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
    20e2f0108539 selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
    71c04fdf59ca selftests/rseq: Introduce thread pointer getters
    f491e073b992 selftests/rseq: Introduce rseq_get_abi() helper
    158d91ffe0be selftests/rseq: Remove volatile from __rseq_abi
    7037c511f67d selftests/rseq: Remove useless assignment to cpu variable
    9aa134cb66b4 selftests/rseq: introduce own copy of rseq uapi header
    8417f4475959 selftests/rseq: remove ARRAY_SIZE define from individual tests
    b13119007056 rseq/selftests,x86_64: Add rseq_offset_deref_addv()
    7b6bffcfb9d3 ipv6/sit: fix ipip6_tunnel_get_prl return value
    05387c4ff568 sit: use min
    e99a98616191 net: dsa: bcm_sf2: force pause link settings
    ac9cd4f66a4d hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
    ee25841221c1 xen/gntdev: Avoid blocking in unmap_grant_pages()
    5eac00ef2a11 net: tun: avoid disabling NAPI twice
    8f968872ec34 NFC: nxp-nci: Don't issue a zero length i2c_master_read()
    37287fd28fb0 nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
    893825289ba8 net: bonding: fix use-after-free after 802.3ad slave unbind
    6fdef80e7eaa net: bonding: fix possible NULL deref in rlb code
    bb1dc7cc576e net/sched: act_api: Notify user space if any actions were flushed before error
    3b2ddeb89fe7 netfilter: nft_dynset: restore set element counter when failing to update
    5b3a1c6bca38 s390: remove unneeded 'select BUILD_BIN2C'
    bdecd912e99a PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
    e1284ec4a6d7 caif_virtio: fix race between virtio_device_ready() and ndo_open()
    9204bc3e8722 net: ipv6: unexport __init-annotated seg6_hmac_net_init()
    7a79f71f6931 usbnet: fix memory allocation in helpers
    5af106f8e072 linux/dim: Fix divide by 0 in RDMA DIM
    85d7d672e896 RDMA/qedr: Fix reporting QP timeout attribute
    ea0519bc578d net: tun: stop NAPI when detaching queues
    a8cf91902237 net: tun: unlink NAPI from device on destruction
    22e75461014b selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
    1d877327da33 virtio-net: fix race between ndo_open() and virtio_device_ready()
    7f89bb5d7102 net: usb: ax88179_178a: Fix packet receiving
    bb91556d2af0 net: rose: fix UAF bugs caused by timer handler
    76a477d39836 SUNRPC: Fix READ_PLUS crasher
    13816057eaf2 s390/archrandom: simplify back to earlier design and initialize earlier
    f157bd9cf377 dm raid: fix KASAN warning in raid5_add_disks
    90de15357504 dm raid: fix accesses beyond end of raid member array
    b6125c5dc3d6 powerpc/bpf: Fix use of user_pt_regs in uapi
    1ef2e87736a6 powerpc/prom_init: Fix kernel config grep
    d5e32f08e7f1 nvdimm: Fix badblocks clear off-by-one error
    53fb996f2709 ipv6: take care of disable_policy when restoring routes

(From OE-Core rev: c954fc1097cb99b7caac764db007f6b2541c248f)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Robert Joslyn
24fc40faef curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208
Backport fixes for:
 * CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html
 * CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html
 * CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html

(From OE-Core rev: aad2a330086b3a12aa5469499774fafdc8a21c48)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Ranjitsinh Rathod
868ebed326 cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST
Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell
branch

(From OE-Core rev: 5cb48712e09ffb4198b36897495215e578f9fe62)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Michael Opdenacker
17c23e485e ref-manual: variables: remove sphinx directive from literal block
Literal blocks make sphinx take their text verbatim. This means that
directives cannot be used in literal blocks. This means :term:`S` was
printed as-is, without actually creating a link to the S variable
definition as would be expected outside of literal blocks.

Initially contributed to the master branch by Quentin Schulz.

(From yocto-docs rev: 882810d294762a6340909b59736acc660c4eaf5c)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Quentin Schulz <foss@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-20 15:52:46 +01:00
Richard Purdie
61ea9f7665 ref-manual: Add XZ_THREADS and XZ_MEMLIMIT
XZ_THREADS and XZ_MEMLIMIT were introduced in dunfell.

[RP improved an original patch from Paul]
(From yocto-docs rev: 4fb0498ecf1e6747ecd3ea5482d0b8bfa2632d49)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-19 10:56:24 +01:00
Steve Sakoman
b38628041b documentation: update for 3.1.18 release
(From yocto-docs rev: 217c3d1581c7ebb4799c4a3822c8b594c779037c)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-19 10:56:24 +01:00
Joshua Watt
dee08141f2 classes/cve-check: Move get_patches_cves to library
Moving the function will allow other classes to capture which CVEs have
been patched, in particular SBoM generation.

Also add a function to capture the CPE ID from the CVE Product and
Version

(From OE-Core rev: 75d34259a715120be1d023e4fd7b6b4b125f2443)

(From OE-Core rev: bba069463ca3813666d084643b0239b9af0199e1)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fa6c07bc1a)
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:48 +01:00
Ross Burton
61023f9e61 vim: upgrade to 9.0.0021
This fixes the following CVEs:
- CVE-2022-2257
- CVE-2022-2264
- CVE-2022-2284
- CVE-2022-2285
- CVE-2022-2286
- CVE-2022-2287

(From OE-Core rev: 3230e5f734f69acfe05219da104e8818445c9eff)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03c044a81a76b7505b9d5bf0d936dde75b51905e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:48 +01:00
Steve Sakoman
7350f515b3 openssl: security upgrade 1.1.1p to 1.1.1q
Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms (CVE-2022-2097)

(From OE-Core rev: 6031eecee8ac8bed1c43a04ecf06ed08014346f2)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:48 +01:00
Richard Purdie
50aa474c84 bitbake: fetch/wget: Move files into place atomically
(Bitbake rev: 7fc4cffebf5dcc1d050416c0b7f7d58c765c1d69)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd7cce4cf4be5c742d29671169354fe84220b47a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:41:59 +01:00
Joey Degges
9c5b33ccba bitbake: fetch/git: Fix usehead for non-default names
The usehead url parameter for git repositories causes bitbake to use
whatever commit the repository HEAD is pointing to if the repository
happens to have the name 'default'. This is the default name so in many
cases it works just fine, but if a different name is specified with the
url parameter 'name=newName' then it will fail to parse the recipe with
an error along the lines of:

ERROR: ExpansionError during parsing /path/to/my/recipe.bb
Traceback (most recent call last):
  File "/path/to/poky/bitbake/lib/bb/fetch2/git.py", line 235, in Git.urldata_init:
    >        ud.setup_revisions(d)
  File "/path/to/poky/bitbake/lib/bb/fetch2/__init__.py", line 1302, in FetchData.setup_revisions:
             for name in self.names:
    >            self.revisions[name] = srcrev_internal_helper(self, d, name)
  File "/path/to/poky/bitbake/lib/bb/fetch2/__init__.py", line 1167, in srcrev_internal_helper(name='newName'):
         if srcrev == "AUTOINC":
    >        srcrev = ud.method.latest_revision(ud, d, name)
  File "/path/to/poky/bitbake/lib/bb/fetch2/__init__.py", line 1562, in Git.latest_revision(name='newName'):
             except KeyError:
    >            revs[key] = rev = self._latest_revision(ud, d, name)
                 return rev
  File "/path/to/poky/bitbake/lib/bb/fetch2/git.py", line 650, in Git._latest_revision(name='newName'):
             raise bb.fetch2.FetchError("Unable to resolve '%s' in upstream git repository in git ls-remote output for %s" % \
    >            (ud.unresolvedrev[name], ud.host+ud.path))
bb.data_smart.ExpansionError: Failure expanding variable SRCPV, expression was ${@bb.fetch2.get_srcrev(d)} which triggered exception FetchError: Fetcher failure: Unable to resolve 'master' in upstream git repository in git ls-remote output for /path/to/local/git/repo

Let's fix this by setting the unresolved rev of _all_ repository names
to 'HEAD' when the usehead url parameter is specified. Update the
currently failing test, test_local_gitfetch_usehead_withname, to now
expect success.

This change preserves existing behavior that allows usehead to be
overridden by a valid looking revision if one happens to be specified
instead of AUTOREV.

(Bitbake rev: a247f56df680382d62910bb9a174e0fdd29e4ca8)

Signed-off-by: Joey Degges <jdegges@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 01e901c44ab0f496606b1d45c8953dc54970204c)
Signed-off-by: Paulo Neves <ptsneves@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:41:59 +01:00
Steve Sakoman
eb12590623 qemu: add PACKAGECONFIG for capstone
Autobuilder workers were non-deterministically enabling capstone
depending on whether the worker had libcapstone installed.

Add PACKAGECONFIG for capstone with default off, since qemu does not
require capstone support.

Qemu version in dunfell has capstone in the source tree as a submodule
and has configure options to enable it using that source code or using
the system libcapstone.

Qemu versions in master and kirkstone have removed the capstone
submodule and configure options, but added libcapstone autodetection to
meson.

In all cases using PACKAGECONFIG will allow a deterministic build.

(From OE-Core rev: af25fff399fa623b4fd6efbca21e01ea6b4d1fd7)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 052ef1f14d1e6a5ee34f742f65e51b20b416f79f)
Signed-off-by: Steve Sakoman <steve@sakoman.com
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Jate Sujjavanich
35bcc28983 IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation
[YOCTO #14851]

Under some circumstances it is not desirable to create a combined locale
archive (/usr/lib/locale/locale-archive).
The new variable IMAGE_LOCALES_ARCHIVE defaults to '1', so the default
behaviour is not changed.

Modified to work with code before move to lib/oe/package_manager

(From OE-Core rev: af32908dfcebbc0f617ad828d895f504c37ee2d1)

Signed-off-by: Michael Thalmeier <michael.thalmeier@hale.at>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d78b819c2ec33fce3a34254fa90864ee5fa7617)
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Steve Sakoman
48ea7812c7 dropbear: break dependency on base package for -dev package
Otherwise the SDK fails to build as the main openssh and dropbear packages
conflict with each other

(From OE-Core rev: 7bc7d4d24ee05a3bbb9a82ff1089da5d162c8497)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 4667abcc925ae0c430cccb480ec530506f6201ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Steve Sakoman
010094a2ae openssh: break dependency on base package for -dev package
Otherwise the SDK fails to build as the main openssh and dropbear packages
conflict with each other

(From OE-Core rev: e863fc060940d11cd6fd58f0f314333ed419cf54)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit f90647e9dd95cfd29b5bdb8d7dcd688a10fc060c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
43980058ca oe-selftest-image: Ensure the image has sftp as well as dropbear
We need sftp so that scp works with recent openssh. Use the packagegroup
instead of a direct dependency to ensure this.

(From OE-Core rev: 70b3c7004e8f14a99adf6119f153a08ec4a4bc6b)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2b76c8e5fc8802bbe54371119e6bf6312bf2a8ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
a985415ec2 packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
Seems sad to have to do this but openssh is moving to use sftp instead
of scp to move files. This means scp from Fedora 36 will no longer be
able to move files to/from a dropbear based image. This breaks a number
of our key QA tests and I suspect will cause users pain too.

The sftp server from openssh is small (200kb uncompressed) and standalone
so adding it to the packagegroup seems to be the best way to preserve user
sanity. If people really don't want it, they can just use dropbear instead
of the packageground.

(From OE-Core rev: 93796b2787c410385d3176495e5307327449d2f7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a98188e83b2c027d99cc38e3367e1ec2a98efbb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
79ac8cf161 oeqa/runtime/scp: Disable scp test for dropbear
Fedora is switching to use sftp as the backend for scp. This means the
scp test fails on Fedora 36 hosts with a dropbear target as dropbear
doesn't support sftp. This change is in the upstream openssh code, other
distros have not yet changed the default but probably will follow.

The easiest way to resolve test failures in dropbear images is to stop
testing this against dropbear as it is no longer expected to work and will
likely spread as the change filters through other distros.

(From OE-Core rev: e7fb95c0b22b52b253f8d0ff10426bee9967854e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a71fc7d455400f406b0d607be712a1133fe91166)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Anuj Mittal
3860414240 efivar: change branch name to main
Upstream has changed branch name to main from master. Change SRC_URI
accordingly.

(From OE-Core rev: f7af3c555d9ddef54264fa7da911507bca3eecb4)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Bruce Ashfield
387d23c02e linux-yocto/5.4: update to v5.4.203
Updating  to the latest korg -stable release that comprises
the following commits:

    871cbc208bf0 Linux 5.4.203
    572cc34503d4 crypto: arm/ghash-ce - define fpu before fpu registers are referenced
    3bf992f9d9a8 crypto: arm - use Kconfig based compiler checks for crypto opcodes
    1b43c30cd5d5 ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler
    9e00e5d195ed ARM: OMAP2+: drop unnecessary adrl
    3657432a75e3 ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand
    02c200fdba46 ARM: 8933/1: replace Sun/Solaris style flag on section directive
    54e6ecd5b7ca crypto: arm/sha512-neon - avoid ADRL pseudo instruction
    5e6f80033286 crypto: arm/sha256-neon - avoid ADRL pseudo instruction
    e120403c0e7c ARM: 8971/1: replace the sole use of a symbol with its definition
    0a43679016f0 ARM: 8990/1: use VFP assembler mnemonics in register load/store macros
    472671eec98a ARM: 8989/1: use .fpu assembler directives instead of assembler arguments
    2bfb0d43a47c net: mscc: ocelot: allow unregistered IP multicast flooding
    223d551a6681 kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
    ab3ed204a146 powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
    77e2ad091850 drm: remove drm_fb_helper_modinit
    9ef3ad40a81f Linux 5.4.202
    ceda71d49f6b powerpc/pseries: wire up rng during setup_arch()
    ece983890287 kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
    2a81e813141e random: update comment from copy_to_user() -> copy_to_iter()
    80f0038d757e modpost: fix section mismatch check for exported init/exit sections
    d1359e4129ad ARM: cns3xxx: Fix refcount leak in cns3xxx_init
    29ca9c4efacc ARM: Fix refcount leak in axxia_boot_secondary
    734a4d15142b soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
    f9b77a529375 ARM: exynos: Fix refcount leak in exynos_map_pmu
    615907ccc421 ARM: dts: imx6qdl: correct PU regulator ramp delay
    93e6137d2a5b powerpc/powernv: wire up rng during setup_arch
    97808c781721 powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
    b6232979320a powerpc: Enable execve syscall exit tracepoint
    e0701f150b28 parisc: Enable ARCH_HAS_STRICT_MODULE_RWX
    e5234a9d64a9 xtensa: Fix refcount leak bug in time.c
    a52972ee706b xtensa: xtfpga: Fix refcount leak bug in setup
    f0fc7cdf5f19 iio: adc: axp288: Override TS pin bias current for some models
    11c7ea38be91 iio: adc: stm32: fix maximum clock rate for stm32mp15x
    5e39397d60da iio: trigger: sysfs: fix use-after-free on remove
    6d2e68d02171 iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
    1ad6d668543d iio: accel: mma8452: ignore the return value of reset operation
    a391bced8404 iio:accel:mxc4005: rearrange iio trigger get and register
    23c158caa032 iio:accel:bma180: rearrange iio trigger get and register
    8ea16a64aafc iio:chemical:ccs811: rearrange iio trigger get and register
    2333db14d875 usb: chipidea: udc: check request status before setting device address
    47e41b4dabbf xhci: turn off port power in shutdown
    d62d1c606db0 iio: adc: vf610: fix conversion mode sysfs node name
    741b6c8363c2 s390/cpumf: Handle events cycles and instructions identical
    4837d1c81223 gpio: winbond: Fix error code in winbond_gpio_get()
    bb18ad00c0b7 Revert "net/tls: fix tls_sk_proto_close executed repeatedly"
    8c7a32b7c155 virtio_net: fix xdp_rxq_info bug after suspend/resume
    28a78414f21e igb: Make DMA faster when CPU is active on the PCIe link
    a5ed066bc246 regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
    844168a5dabf ice: ethtool: advertise 1000M speeds properly
    e3a232e57670 afs: Fix dynamic root getattr
    cacab1e620e0 MIPS: Remove repetitive increase irq_err_count
    788c954f194c x86/xen: Remove undefined behavior in setup_features()
    c7bdaad9cbfe udmabuf: add back sanity check
    05c6c36c7931 net/tls: fix tls_sk_proto_close executed repeatedly
    02da602bc2f3 erspan: do not assume transport header is always set
    d1592d3e362c drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
    f1f9c2a5a3d9 net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
    47d31b97bf47 bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
    104a59b74577 phy: aquantia: Fix AN when higher speeds than 1G are not advertised
    8ffe2e50e967 bpf: Fix request_sock leak in sk lookup helpers
    f074ab253988 USB: serial: option: add Quectel RM500K module support
    ea7b23eadebc USB: serial: option: add Quectel EM05-G modem
    613c849d73df USB: serial: option: add Telit LE910Cx 0x1250 composition
    ae183969bd66 random: quiet urandom warning ratelimit suppression message
    06a24ddba93a dm mirror log: clear log bits up to BITS_PER_LONG boundary
    1f350f3cf0c1 dm era: commit metadata in postsuspend after worker stops
    0e75acbe1b76 ata: libata: add qc->flags in ata_qc_complete_template tracepoint
    71c76f56b97c mtd: rawnand: gpmi: Fix setting busy timeout setting
    c8d37e6ca180 mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing
    af28f602df74 net: openvswitch: fix parsing of nw_proto for IPv6 fragments
    6fda65dabd3e ALSA: hda/realtek: Add quirk for Clevo PD70PNT
    5fbad99e76c0 ALSA: hda/realtek - ALC897 headset MIC no sound
    cf81f367cf81 ALSA: hda/conexant: Fix missing beep setup
    eca9b5e36e24 ALSA: hda/via: Fix missing beep setup
    1df5178fdebe random: schedule mix_interrupt_randomness() less often
    c87e851b23e5 vt: drop old FONT ioctls
    23db944f754e Linux 5.4.201
    3994d2ee55e2 Revert "hwmon: Make chip parameter for with_info API mandatory"
    7b9c3bfbad25 arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer
    2e1591c27b95 tcp: drop the hash_32() part from the index calculation
    c26e1addf157 tcp: increase source port perturb table to 2^16
    77d29f3b18c4 tcp: dynamically allocate the perturb table used by source ports
    7c0a777b7dbd tcp: add small random increments to the source port
    53c5de3092ad tcp: use different parts of the port_offset for index and offset
    95921a3bab76 tcp: add some entropy in __inet_hash_connect()
    bdcbf2602feb usb: gadget: u_ether: fix regression in setting fixed MAC address
    2577d67a9a8a dm: remove special-casing of bio-based immutable singleton target on NVMe
    4143503b486a s390/mm: use non-quiescing sske for KVM switch to keyed guest
    f0c280af0ec7 Linux 5.4.200
    ab8dff4b716e powerpc/mm: Switch obsolete dssall to .long
    1a48a41f1422 riscv: Less inefficient gcc tishift helpers (and export their symbols)
    2464a1c0de53 RISC-V: fix barrier() use in <vdso/processor.h>
    490a02cd8205 arm64: kprobes: Use BRK instead of single-step when executing instructions out-of-line
    ef6f9ce0a79a net: openvswitch: fix leak of nested actions
    6bb3c77c74f5 net: openvswitch: fix misuse of the cached connection on tuple changes
    b47319b4aa21 net/sched: act_police: more accurate MTU policing
    13fbdea1184b virtio-pci: Remove wrong address verification in vp_del_vqs()
    80e4d8a27451 ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
    119e0268cc1c ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
    fba542891767 ext4: add reserved GDT blocks check
    4ca0d2f1e04e ext4: make variable "count" signed
    a6b31616e5af ext4: fix bug_on ext4_mb_use_inode_pa
    ae4603128751 dm mirror log: round up region bitmap size to BITS_PER_LONG
    64d2df648003 serial: 8250: Store to lsr_save_flags after lsr read
    b75bddfcc181 usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
    6506aff2dc2f usb: dwc2: Fix memory leak in dwc2_hcd_init
    940653b51c33 USB: serial: io_ti: add Agilent E5805A support
    31363b2b868e USB: serial: option: add support for Cinterion MV31 with new baseline
    d0c3730f2763 comedi: vmk80xx: fix expression for tx buffer size
    bf833c484881 i2c: designware: Use standard optional ref clock implementation
    8d884c08eeb8 irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
    58e67c81e229 irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
    56526c3883fc irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
    4695bafabf5b faddr2line: Fix overlapping text section failures, the sequel
    1b34d6a93832 certs/blacklist_hashes.c: fix const confusion in certs blacklist
    fb775ee3cfff arm64: ftrace: fix branch range checks
    0e21311ba459 net: bgmac: Fix an erroneous kfree() in bgmac_remove()
    c19cdd72b3ec mlxsw: spectrum_cnt: Reorder counter pools
    c03304dc4234 misc: atmel-ssc: Fix IRQ check in ssc_probe
    f7183c76d500 tty: goldfish: Fix free_irq() on remove
    ff6e03fe84bc i40e: Fix call trace in setup_tx_descriptors
    4b94408e1617 i40e: Fix calculating the number of queue pairs
    43f65970eeb2 i40e: Fix adding ADQ filter to TC0
    cff3a7ce6e81 clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
    11c870c0b532 pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
    e32fe87afcfe random: credit cpu and bootloader seeds by default
    9e4cab02b7ec net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
    2f42389d270f ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
    6b4d8b44e716 nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
    786428a1dec2 virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
    aacb264d54c4 ALSA: hda/realtek - Add HW8326 support
    ff882404dff7 scsi: pmcraid: Fix missing resource cleanup in error case
    c48119223618 scsi: ipr: Fix missing/incorrect resource cleanup in error case
    fe0855944a64 scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion
    1f1be79189fd scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
    001de3d8ce82 scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
    9e3a0d3fc71c ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
    bc046649c5d6 ASoC: es8328: Fix event generation for deemphasis control
    a81f5a7f7a20 ASoC: wm8962: Fix suspend while playing music
    253334f84c81 ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
    052cd621acbf ASoC: cs42l56: Correct typo in minimum level for SX volume controls
    6d180913b3ab ASoC: cs42l52: Correct TLV for Bypass Volume
    385a031c56a9 ASoC: cs53l30: Correct number of volume levels on SX controls
    675b6a49cf70 ASoC: cs35l36: Update digital volume TLV
    b00f63dba5b8 ASoC: cs42l52: Fix TLV scales for mixer controls
    cd8c1e6c01f1 dma-debug: make things less spammy under memory pressure
    a45e19fd6ed8 ASoC: nau8822: Add operation for internal PLL off and on
    348831a9e8aa powerpc/kasan: Silence KASAN warnings in __get_wchan()
    5624055c8f4b random: account for arch randomness in bits
    c0bf6bfce70a random: mark bootloader randomness code as __init
    f96250197b43 random: avoid checking crng_ready() twice in random_init()
    072cd87d12a8 crypto: drbg - make reseeding from get_random_bytes() synchronous
    e9eb0c4741a7 crypto: drbg - always try to free Jitter RNG instance
    f284afc3a9ca crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
    babba4bf53a6 crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
    1b93b302e942 crypto: drbg - prepare for more fine-grained tracking of seeding state
    98e574a73414 crypto: drbg - always seeded with SP800-90B compliant noise source
    61f87ea3f957 Revert "random: use static branch for crng_ready()"
    3faf33a85650 random: check for signals after page of pool writes
    2177cef53ec9 random: wire up fops->splice_{read,write}_iter()
    35db2a073118 random: convert to using fops->write_iter()
    43e62db84a99 random: convert to using fops->read_iter()
    c23188facd10 random: unify batched entropy implementations
    1aeedbe02b5c random: move randomize_page() into mm where it belongs
    ceaf1feefe6e random: move initialization functions out of hot pages
    d3bf98d61fb6 random: make consistent use of buf and len
    70fce7f105bb random: use proper return types on get_random_{int,long}_wait()
    d05948dc23e6 random: remove extern from functions in header
    d8b4296417ea random: use static branch for crng_ready()
    087a14b9cf9b random: credit architectural init the exact amount
    ac48f7bee198 random: handle latent entropy and command line from random_init()
    736a22645d98 random: use proper jiffies comparison macro
    3266fba20661 random: remove ratelimiting for in-kernel unseeded randomness
    c5373bd6e4fb random: move initialization out of reseeding hot path
    0747ad152fa1 random: avoid initializing twice in credit race
    0baeec0effc7 random: use symbolic constants for crng_init states
    55d64df3ad5b siphash: use one source of truth for siphash permutations
    e4e8a9f8a616 random: help compiler out with fast_mix() by using simpler arguments
    bf3b51eb0f13 random: do not use input pool from hard IRQs
    6d4203a2cddc random: order timer entropy functions below interrupt functions
    58da574f105a random: do not pretend to handle premature next security model
    e739d5bd1466 random: use first 128 bits of input as fast init
    c44f8b386376 random: do not use batches when !crng_ready()
    e247ea8d97bf random: insist on random_get_entropy() existing in order to simplify
    9bfbcb37e5f6 xtensa: use fallback for random_get_entropy() instead of zero
    fa15650b51f6 sparc: use fallback for random_get_entropy() instead of zero
    9dfc14590c5d um: use fallback for random_get_entropy() instead of zero
    0cc41e2c73f7 x86/tsc: Use fallback for random_get_entropy() instead of zero
    f2a6e8727084 nios2: use fallback for random_get_entropy() instead of zero
    db1d13fe4c80 arm: use fallback for random_get_entropy() instead of zero
    6fa912f987fa mips: use fallback for random_get_entropy() instead of just c0 random
    36f38f838c5b m68k: use fallback for random_get_entropy() instead of zero
    a7d04ca9da61 timekeeping: Add raw clock fallback for random_get_entropy()
    eb2f9d72f32a powerpc: define get_cycles macro for arch-override
    10455a367c33 alpha: define get_cycles macro for arch-override
    5f0b77ca1978 parisc: define get_cycles macro for arch-override
    80459abc9fee s390: define get_cycles macro for arch-override
    73385644490a ia64: define get_cycles macro for arch-override
    5fac86663976 init: call time_init() before rand_initialize()
    b88ae87b100c random: fix sysctl documentation nits
    465425748359 random: document crng_fast_key_erasure() destination possibility
    ec07b3494517 random: make random_get_entropy() return an unsigned long
    fe156368f987 random: allow partial reads if later user copies fail
    70788723da70 random: check for signals every PAGE_SIZE chunk of /dev/[u]random
    2ce859d91fe9 random: check for signal_pending() outside of need_resched() check
    0e8030c9e03d random: do not allow user to keep crng key around on stack
    95aed891f7be random: do not split fast init input in add_hwgenerator_randomness()
    1d53d5a0973e random: mix build-time latent entropy into pool at init
    0aba75c6173d random: re-add removed comment about get_random_{u32,u64} reseeding
    81ea8a609b48 random: treat bootloader trust toggle the same way as cpu trust toggle
    a08d52a6081b random: skip fast_init if hwrng provides large chunk of entropy
    8320bc665c29 random: check for signal and try earlier when generating entropy
    3a53b818bb0e random: reseed more often immediately after booting
    905759e0fc17 random: make consistent usage of crng_ready()
    ad4c6bd98c54 random: use SipHash as interrupt entropy accumulator
    631503001ccf random: replace custom notifier chain with standard one
    1ae73fb2a635 random: don't let 644 read-only sysctls be written to
    ed409757100b random: give sysctl_random_min_urandom_seed a more sensible value
    75d95c1b5dea random: do crng pre-init loading in worker rather than irq
    219c84fe93e5 random: unify cycles_t and jiffies usage and types
    673637c4c9e0 random: cleanup UUID handling
    4d5151cc288a random: only wake up writers after zap if threshold was passed
    ac0081dec7d6 random: round-robin registers as ulong, not u32
    62cd795e465a random: clear fast pool, crng, and batches in cpuhp bring up
    a7f8f385bb6f random: pull add_hwgenerator_randomness() declaration into random.h
    ff607fc7607d random: check for crng_init == 0 in add_device_randomness()
    20788eb4ce70 random: unify early init crng load accounting
    49567f947735 random: do not take pool spinlock at boot
    4a61bf7f9b18 random: defer fast pool mixing to worker
    944d1bd0e5be random: rewrite header introductory comment
    c0e35949c736 random: group sysctl functions
    d946084180ee random: group userspace read/write functions
    565a66043bdf random: group entropy collection functions
    f2d587c493fc random: group entropy extraction functions
    a8786d54762f random: group crng functions
    c12dfec1aacf random: group initialization wait functions
    22e3db57ab94 random: remove whitespace and reorder includes
    cee64be60591 random: remove useless header comment
    904e6123c400 random: introduce drain_entropy() helper to declutter crng_reseed()
    47c56790d51c random: deobfuscate irq u32/u64 contributions
    e280b79c3127 random: add proper SPDX header
    776927dfd4ac random: remove unused tracepoints
    d68883956d36 random: remove ifdef'd out interrupt bench
    4a14a5a6969a random: tie batched entropy generation to base_crng generation
    d8a6684950c1 random: fix locking for crng_init in crng_reseed()
    b1d561138150 random: zero buffer after reading entropy from userspace
    21da00f8cb3a random: remove outdated INT_MAX >> 6 check in urandom_read()
    b530684129b2 random: make more consistent use of integer types
    3eed6af93ecd random: use hash function for crng_slow_load()
    cee3c7056900 random: use simpler fast key erasure flow on per-cpu keys
    ea9941fd6e26 random: absorb fast pool into input pool after fast load
    a3562bf4e8c9 random: do not xor RDRAND when writing into /dev/random
    574c8839504b random: ensure early RDSEED goes through mixer on init
    d3d3c1c214c3 random: inline leaves of rand_initialize()
    817315517af9 random: get rid of secondary crngs
    c15fc80b7df0 random: use RDSEED instead of RDRAND in entropy extraction
    72db8151c889 random: fix locking in crng_fast_load()
    7229c6d90a1a random: remove batched entropy locking
    6c8911579221 random: remove use_input_pool parameter from crng_reseed()
    4ef908fb81d9 random: make credit_entropy_bits() always safe
    42a9a7e80750 random: always wake up entropy writers after extraction
    373ef51f3e8a random: use linear min-entropy accumulation crediting
    a1a2bae5ef93 random: simplify entropy debiting
    4e5814bd2e75 random: use computational hash for entropy extraction
    99a0f8e22d4c random: only call crng_finalize_init() for primary_crng
    88609b892fdd random: access primary_pool directly rather than through pointer
    0b9f9b94f1ea random: continually use hwgenerator randomness
    811e333c4eb2 random: simplify arithmetic function flow in account()
    56de23dcf9d0 random: selectively clang-format where it makes sense
    86eac12b1cf5 random: access input_pool_data directly rather than through pointer
    4f5400ca7fc1 random: cleanup fractional entropy shift constants
    1b6f1d32a858 random: prepend remaining pool constants with POOL_
    0fe4a64fd946 random: de-duplicate INPUT_POOL constants
    e35576c4cb18 random: remove unused OUTPUT_POOL constants
    74cb3093f2de random: rather than entropy_store abstraction, use global
    14652d864280 random: remove unused extract_entropy() reserved argument
    12f17e3f3a14 random: remove incomplete last_data logic
    adcbbb44ccc1 random: cleanup integer types
    4ac4c7f057ff random: cleanup poolinfo abstraction
    5c3818e3bd7b random: fix typo in comments
    0a7e65810269 random: don't reset crng_init_cnt on urandom_read()
    8d7c55563ed0 random: avoid superfluous call to RDRAND in CRNG extraction
    8b4695640bc5 random: early initialization of ChaCha constants
    cfc69065005e random: initialize ChaCha20 constants with correct endianness
    922d082e3363 random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
    565b3af16894 random: harmonize "crng init done" messages
    346c4a697c29 random: mix bootloader randomness into pool
    afce74c0c04f random: do not re-init if crng_reseed completes before primary init
    d76758c71209 random: do not sign extend bytes for rotation when mixing
    c2f0a89cd1d5 random: use BLAKE2s instead of SHA1 in extraction
    6e6ae70c1eac random: remove unused irq_flags argument from add_interrupt_randomness()
    2580b0b3fd5a random: document add_hwgenerator_randomness() with other input functions
    3cc36a4aa1ca crypto: blake2s - adjust include guard naming
    09342a544c4b crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
    f850f3643d6b MAINTAINERS: co-maintain random.c
    967e3a136f9b random: remove dead code left over from blocking pool
    610f0b439a6b random: avoid arch_get_random_seed_long() when collecting IRQ randomness
    ad3fce669105 random: add arch_get_random_*long_early()
    41b0d3e86c50 powerpc: Use bool in archrandom.h
    89533373e11c linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
    0222f9f1d168 linux/random.h: Use false with bool
    15f93060b718 linux/random.h: Remove arch_has_random, arch_has_random_seed
    a95ed04e21da s390: Remove arch_has_random, arch_has_random_seed
    aab52172d9f9 powerpc: Remove arch_has_random, arch_has_random_seed
    35e28a05f659 x86: Remove arch_has_random, arch_has_random_seed
    98f749e29728 random: avoid warnings for !CONFIG_NUMA builds
    c13b9c3627d8 random: split primary/secondary crng init paths
    c070b07aaf34 random: remove some dead code of poolinfo
    898498bb4414 random: fix typo in add_timer_randomness()
    2c53d6d6a7be random: Add and use pr_fmt()
    f3375cfe31bc random: convert to ENTROPY_BITS for better code readability
    9f757cad20b7 random: remove unnecessary unlikely()
    4431c366fe23 random: remove kernel.random.read_wakeup_threshold
    ec134003cc39 random: delete code to pull data into pools
    a9564e14c6dd random: remove the blocking pool
    940cbc47b369 random: make /dev/random be almost like /dev/urandom
    c4edc1055c11 random: ignore GRND_RANDOM in getentropy(2)
    7f9f864af021 random: add GRND_INSECURE to return best-effort non-cryptographic bytes
    479d39707ff7 random: Add a urandom_read_nowait() for random APIs that don't warn
    69441ba56f13 random: Don't wake crng_init_wait when crng_init == 1
    69ef3109d422 random: don't forget compat_ioctl on urandom
    927fc225af29 compat_ioctl: remove /dev/random commands
    996fba14fa35 lib/crypto: sha1: re-roll loops to reduce code size
    c4f48374407b lib/crypto: blake2s: move hmac construction into wireguard
    97126d2f65b3 crypto: blake2s - generic C library implementation and selftest
    76101f1b7f59 nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
    e804587ecdcd bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
    f91da317e6fa 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"

(From OE-Core rev: 6126f40a7ce1c55638277e45c084b82364a654b6)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Bruce Ashfield
232fdbf0e5 linux-yocto/5.4: update to v5.4.199
Updating  to the latest korg -stable release that comprises
the following commits:

    a31bd366116c Linux 5.4.199
    4cc40b1022bb x86/speculation/mmio: Print SMT warning
    d49c22094e6f KVM: x86/speculation: Disable Fill buffer clear within guests
    d96159263593 x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
    bc64f38b5a38 x86/speculation/srbds: Update SRBDS mitigation selection
    020ce7495cfc x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
    8d25482fc96a x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
    7f898baa2044 x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
    0800f1b45bf6 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
    ae649e0cbf76 x86/speculation: Add a common function for MD_CLEAR mitigation update
    814ccb673035 x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
    91f8147c8371 Documentation: Add documentation for Processor MMIO Stale Data
    1e9f4e8a7aa9 x86/cpu: Add another Alder Lake CPU to the Intel family
    45e744de251c x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
    79568d551570 x86/cpu: Add Jasper Lake to Intel family
    9e2efaa5dd10 cpu/speculation: Add prototype for cpu_show_srbds()
    9d6e67bf5090 Linux 5.4.198
    602b338e3c3c tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
    b35e08edb2c2 mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
    0c12d7625502 md/raid0: Ignore RAID0 layout if the second zone has only one device
    0c4bc0a2f825 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
    3c953d47eb1e Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
    6ec537c50033 ixgbe: fix unexpected VLAN Rx in promisc mode on VF
    24030768a7b4 ixgbe: fix bcast packets Rx on VF after promisc removal
    3eca2c42daa4 nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
    31f9c39b4a37 nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
    4f4ab5004633 mmc: block: Fix CQE recovery reset success
    0245434e381e ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
    b651f70ed3a8 cifs: return errors during session setup during reconnects
    850965edc861 ALSA: hda/conexant - Fix loopback issue with CX20632
    6c04a2ae039b scripts/gdb: change kernel config dumping method
    1a36f77dc23c vringh: Fix loop descriptors check in the indirect cases
    a3f9b0afd8b4 nodemask: Fix return values to be unsigned
    9b306339a511 cifs: version operations for smb20 unneeded when legacy support disabled
    5cb13cdc180a s390/gmap: voluntarily schedule during key setting
    69893d6d7f5c nbd: fix io hung while disconnecting device
    8a7da4ced236 nbd: fix race between nbd_alloc_config() and module removal
    1be608e1ee1f nbd: call genl_unregister_family() first in nbd_cleanup()
    045045b522c6 x86/cpu: Elide KCSAN for cpu_has() and friends
    460083de66c4 modpost: fix undefined behavior of is_arm_mapping_symbol()
    28fd384c78d7 drm/radeon: fix a possible null pointer dereference
    9223144fdd64 ceph: allow ceph.dir.rctime xattr to be updatable
    7df12bee5415 Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
    0331d261c398 scsi: myrb: Fix up null pointer access on myrb_cleanup()
    cf6b9316879f md: protect md_unregister_thread from reentrancy
    99e4c67a5581 watchdog: wdat_wdt: Stop watchdog when rebooting the system
    6fd031799e7b kernfs: Separate kernfs_pr_cont_buf and rename_lock.
    19f4b51b836d serial: msm_serial: disable interrupts in __msm_console_write()
    52a0d88c3280 staging: rtl8712: fix uninit-value in r871xu_drv_init()
    58762f1c63c7 staging: rtl8712: fix uninit-value in usb_read8() and friends
    1bcfb95de192 clocksource/drivers/sp804: Avoid error on multiple instances
    d472c78cc829 extcon: Modify extcon device to be created after driver data is set
    fa0b2dd6829d misc: rtsx: set NULL intfdata when probe fails
    d232ca0bbc7d usb: dwc2: gadget: don't reset gadget's driver->bus
    3a7170a3de62 USB: hcd-pci: Fully suspend across freeze/thaw cycle
    2dcec0bc142b drivers: usb: host: Fix deadlock in oxu_bus_suspend()
    09a5958a2452 drivers: tty: serial: Fix deadlock in sa1100_set_termios()
    c91a74b1f0f2 USB: host: isp116x: check return value after calling platform_get_resource()
    64b05fa212c7 drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
    1fbe033c5248 drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
    8c014373f178 tty: Fix a possible resource leak in icom_probe
    f6e07eb7ebec tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
    1b04c934e1e6 lkdtm/usercopy: Expand size of "out of frame" object
    ca2498cce875 iio: st_sensors: Add a local lock for protecting odr
    ab75e02366e1 iio: dummy: iio_simple_dummy: check the return value of kstrdup()
    36acb4d9ce55 drm: imx: fix compiler warning with gcc-12
    8174acbef87b net: altera: Fix refcount leak in altera_tse_mdio_create
    3d08bc3a5d9b ip_gre: test csum_start instead of transport header
    957d298526b5 net/mlx5: fs, fail conflicting actions
    8a6740fdc562 net/mlx5: Rearm the FW tracer after each tracer event
    317260b3eb63 net: ipv6: unexport __init-annotated seg6_hmac_init()
    ef6d2354de23 net: xfrm: unexport __init-annotated xfrm4_protocol_init()
    6a90a44d5342 net: mdio: unexport __init-annotated mdio_bus_init()
    978dcc55cf36 SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
    180473e8e42a net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
    7c8df6fad43d net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
    e412b3d178ea bpf, arm64: Clear prog->jited_len along prog->jited
    556720013c36 af_unix: Fix a data-race in unix_dgram_peer_wake_me().
    b49c884146e2 xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
    5b8d63489c3b netfilter: nf_tables: memleak flow rule from commit path
    d5a1e7f33c88 ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
    e0212033ff68 netfilter: nat: really support inet nat without l3 address
    da99331fa621 xprtrdma: treat all calls not a bcall when bc_serv is NULL
    48dea4d3a11f video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
    a2b3be930e79 NFSv4: Don't hold the layoutget locks across multiple RPC calls
    83960276ffc9 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
    4917e43bca50 m68knommu: fix undefined reference to `_init_sp'
    f6bdafbb9b04 m68knommu: set ZERO_PAGE() to the allocated zeroed page
    27fdb4572344 i2c: cadence: Increase timeout per message if necessary
    0a7a1fc7e71e f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
    23b2163b887f tracing: Avoid adding tracer option before update_tracer_options
    48c6ee7d6c61 tracing: Fix sleeping function called from invalid context on RT kernel
    cc0aed22d33c mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
    ff66ae4359ff perf c2c: Fix sorting in percent_rmt_hitm_cmp()
    8b91d0dfc839 tipc: check attribute length for bearer name
    c2eba68d185b afs: Fix infinite loop found by xfstest generic/676
    d05c2fdf8e10 tcp: tcp_rtx_synack() can be called from process context
    1bd2f7f38bac net: sched: add barrier to fix packet stuck problem for lockless qdisc
    77b954ce2d64 net/mlx5e: Update netdev features after changing XDP state
    a4c52440acf4 net/mlx5: Don't use already freed action pointer
    00803d30518f nfp: only report pause frame configuration for physical device
    8302620aeb94 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
    d3a4fff1e7e4 jffs2: fix memory leak in jffs2_do_fill_super
    acf92b525723 modpost: fix removing numeric suffixes
    a101793994c0 net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
    2bd1faedb74d net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
    be73e3bf6862 net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
    51ed32c1cfcf s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
    80f6712f241c clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
    e5d479d73f21 ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
    5b110d940417 watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
    593b595332bd driver core: fix deadlock in __device_attach
    5d709f58c743 driver: base: fix UAF when driver_attach failed
    3157118c1795 bus: ti-sysc: Fix warnings for unbind for serial
    a724634b2a49 firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
    c3a16e7c8624 serial: stm32-usart: Correct CSIZE, bits, and parity
    29d963635ee6 serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
    5c01c19f64c7 serial: sifive: Sanitize CSIZE and c_iflag
    841cab744cc0 serial: sh-sci: Don't allow CS5-6
    942aa88467b9 serial: txx9: Don't allow CS5-6
    eb8de4bac35a serial: rda-uart: Don't allow CS5-6
    0de3d2344ee0 serial: digicolor-usart: Don't allow CS5-6
    035bc3b734aa serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
    1b3ae6d85069 serial: meson: acquire port->lock in startup()
    d77f28c1bc9d rtc: mt6397: check return value after calling platform_get_resource()
    d041e885749f clocksource/drivers/riscv: Events are stopped during CPU suspend
    69a30b2ed620 soc: rockchip: Fix refcount leak in rockchip_grf_init
    0f91755514b8 coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
    47e4c42faab9 serial: sifive: Report actual baud base rather than fixed 115200
    f2a16af2ee0a phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
    b6b0f8904bd6 rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
    088f449d9d3c iio: adc: sc27xx: Fine tune the scale calibration values
    e5d48301d1fc iio: adc: sc27xx: fix read big scale voltage not right
    0f57d139300f iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
    bec18bb00f11 firmware: stratix10-svc: fix a missing check on list iterator
    8ad7b3d9f838 usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
    1026ee392ba3 rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
    89d1b9dfccce pwm: lp3943: Fix duty calculation in case period was clamped
    8e9f3f508a9c staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
    67c2aa77b40e usb: musb: Fix missing of_node_put() in omap2430_probe
    b78499772fa7 USB: storage: karma: fix rio_karma_init return
    72ab0f6f2ba8 usb: usbip: add missing device lock on tweak configuration cmd
    2f0ae93ec33c usb: usbip: fix a refcount leak in stub_probe()
    077f58e469a6 tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
    7320308b189c tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
    9ae3d073f7db tty: goldfish: Use tty_port_destroy() to destroy port
    d88fdea1477c iio: adc: ad7124: Remove shift from scan_type
    1aa30dc88372 staging: greybus: codecs: fix type confusion of list iterator variable
    6c8c536e0020 pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
    4faa6308e1b8 md: bcache: check the return value of kzalloc() in detached_dev_do_request()
    5f62b21b7c93 block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
    ccddf8cd411c bfq: Make sure bfqg for which we are queueing requests is online
    8afc13b958bd bfq: Get rid of __bio_blkcg() usage
    be1b78f94992 bfq: Remove pointless bfq_init_rq() calls
    f885f55033a1 bfq: Drop pointless unlock-lock pair
    97be7d13fbd4 bfq: Avoid merging queues with different parents
    54073410537f MIPS: IP27: Remove incorrect `cpu_has_fpu' override
    427c3c7ebd5f RDMA/rxe: Generate a completion for unsupported/invalid opcode
    4946cfd1c8f0 Kconfig: add config option for asm goto w/ outputs
    7ac21b24af85 phy: qcom-qmp: fix reset-controller leak on probe errors
    d19fa8f25200 blk-iolatency: Fix inflight count imbalances and IO hangs on offline
    8a068913d19d dt-bindings: gpio: altera: correct interrupt-cells
    3b8c37780d11 docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
    da9634374d41 ARM: pxa: maybe fix gpio lookup tables
    1668ad103679 phy: qcom-qmp: fix struct clk leak on probe errors
    2040b6076544 arm64: dts: qcom: ipq8074: fix the sleep clock frequency
    8dd2e5f9c1f1 gma500: fix an incorrect NULL check on list iterator
    a62591e36100 tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
    77ec584d3de0 serial: pch: don't overwrite xmit->buf[0] by x_char
    f6cb1470ba22 carl9170: tx: fix an incorrect use of list iterator
    2ea49d6310c9 ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
    b8ce58ab80fa rtl818x: Prevent using not initialized queues
    6f4a489d8458 hugetlb: fix huge_pmd_unshare address update
    73bdb2359dbc nodemask.h: fix compilation error with GCC12
    6e071eaf5002 iommu/msm: Fix an incorrect NULL check on list iterator
    9caad70819ae um: Fix out-of-bounds read in LDT setup
    6cbe83680f01 um: chan_user: Fix winch_tramp() return value
    3466e4265244 mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
    cf465ecfe3a8 irqchip: irq-xtensa-mx: fix initial IRQ affinity
    36bab24bb81b irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
    8858284dd749 RDMA/hfi1: Fix potential integer multiplication overflow errors
    64623236263f Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
    532aa3f7a50c media: coda: Add more H264 levels for CODA960
    adcea1c8eea8 media: coda: Fix reported H264 profile
    f2c2ad538e49 mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
    16e993ac7c81 md: fix an incorrect NULL check in md_reload_sb
    d0bdc809f788 md: fix an incorrect NULL check in does_sb_need_changing
    3623f833e19b drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
    8fa6eb03e3f5 drm/nouveau/clk: Fix an incorrect NULL check on list iterator
    19323b3671a8 drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
    c12984cdb077 drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
    8e105178c26a scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
    494685db0023 scsi: dc395x: Fix a missing check on list iterator
    82bf8e7271fa ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
    17ea63484975 dlm: fix missing lkb refcount handling
    49cd9eb7b9a7 dlm: fix plock invalid read
    f160e7b4b02a mm, compaction: fast_find_migrateblock() should return pfn in the target zone
    665602c83776 PCI: qcom: Fix unbalanced PHY init on probe errors
    c3919b10c45f PCI: qcom: Fix runtime PM imbalance on probe errors
    c99306cf5983 PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
    c27f744ceefa tracing: Fix potential double free in create_var_ref()
    742736dc9c01 ACPI: property: Release subnode properties with data nodes
    e157c8f87e8f ext4: avoid cycles in directory h-tree
    17034d45ec44 ext4: verify dir block before splitting it
    73fd5b192851 ext4: fix bug_on in ext4_writepages
    0ab308d72af7 ext4: fix warning in ext4_handle_inode_extension
    eaecf7ebfd5d ext4: fix use-after-free in ext4_rename_dir_prepare
    f36736fbd484 netfilter: nf_tables: disallow non-stateful expression in sets earlier
    28a8060a0bd2 bfq: Track whether bfq_group is still online
    da9f3025d595 bfq: Update cgroup information before merging bio
    31326bf55126 bfq: Split shared queues on move between cgroups
    b1cda6dd2c44 efi: Do not import certificates from UEFI Secure Boot for T2 Macs
    440d345d0274 fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
    e0dddab01f94 iwlwifi: mvm: fix assert 1F04 upon reconfig
    265bec4779a3 wifi: mac80211: fix use-after-free in chanctx code
    9259227605df f2fs: fix fallocate to use file_modified to update permissions consistently
    1f926457c3e7 f2fs: don't need inode lock for system hidden quota
    12ffc0044aba f2fs: fix deadloop in foreground GC
    54c116615c99 f2fs: fix to clear dirty inode in f2fs_evict_inode()
    7361c9f2bd6a f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
    f8b3c3fcf331 f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
    7f51f2734555 perf jevents: Fix event syntax error caused by ExtSel
    9eb684dc41d8 perf c2c: Use stdio interface if slang is not supported
    e23eb2f43f4d iommu/amd: Increase timeout waiting for GA log enablement
    db7ea8b261ef dmaengine: stm32-mdma: remove GISR1 register
    8db59df7f582 video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
    dcc00106c325 NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
    3d216510f8af NFS: Don't report errors from nfs_pageio_complete() more than once
    55f0fc32b2f2 NFS: Do not report flush errors in nfs_write_end()
    59137943af75 NFS: Do not report EINTR/ERESTARTSYS as mapping errors
    4826af9a07cf i2c: at91: Initialize dma_buf in at91_twi_xfer()
    d77a0f2842b3 i2c: at91: use dma safe buffers
    e4db5f4b680a iommu/mediatek: Add list_del in mtk_iommu_remove
    5e47a7add3dd f2fs: fix dereference of stale list iterator after loop body
    c8735252f93f Input: stmfts - do not leave device disabled in stmfts_input_open
    addb192000d8 RDMA/hfi1: Prevent use of lock before it is initialized
    6d8b9f574bca mailbox: forward the hrtimer if not queued and under a lock
    49c1e32e7b3f mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
    bcb6c4c5eb48 powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
    2631fe5b53b5 macintosh: via-pmu and via-cuda need RTC_LIB
    bc21634ce430 powerpc/perf: Fix the threshold compare group constraint for power9
    cf0b52858f74 powerpc/64: Only WARN if __pa()/__va() called with bad addresses
    bbc2b0ce6042 Input: sparcspkr - fix refcount leak in bbc_beep_probe
    6d7b2cf5c7ed crypto: cryptd - Protect per-CPU resource by disabling BH.
    3219ac364ac3 tty: fix deadlock caused by calling printk() under tty_port->lock
    ded067f24b90 PCI: imx6: Fix PERST# start-up sequence
    0b35a685d911 ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
    203537caad3c proc: fix dentry/inode overinstantiating under /proc/${pid}/net
    6cdb6582b566 powerpc/4xx/cpm: Fix return value of __setup() handler
    337eef19aad8 powerpc/idle: Fix return value of __setup() handler
    1d83f304215b powerpc/8xx: export 'cpm_setbrg' for modules
    662b70a45b32 dax: fix cache flush on PMD-mapped pages
    386e69e06817 drivers/base/node.c: fix compaction sysfs file leak
    d1f908bd0100 pinctrl: mvebu: Fix irq_of_parse_and_map() return value
    9282496aac8b nvdimm: Allow overwrite in the presence of disabled dimms
    b0e4bafac896 firmware: arm_scmi: Fix list protocols enumeration in the base protocol
    ffd3bed66b54 scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
    829ea474876f mfd: ipaq-micro: Fix error check return value of platform_get_irq()
    8c4eeab72608 powerpc/fadump: fix PT_LOAD segment for boot memory area
    bbf58e97426d arm: mediatek: select arch timer for mt7629
    e7a0d0c2802f crypto: marvell/cesa - ECB does not IV
    de65c32ace9a misc: ocxl: fix possible double free in ocxl_file_register_afu
    7f287d0c7001 ARM: dts: bcm2835-rpi-b: Fix GPIO line names
    3a37022d48a5 ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
    fd1c098b3bdd ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
    e0bf7f084412 ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
    e4594ca90b4e can: xilinx_can: mark bit timing constants as const
    6077a1e637b3 KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
    9cccb3f6ed9a PCI: rockchip: Fix find_first_zero_bit() limit
    f063429ac33f PCI: cadence: Fix find_first_zero_bit() limit
    5543752a48ad soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
    669575521633 soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
    56b8d748ec43 ARM: dts: suniv: F1C100: fix watchdog compatible
    754ef324b70b arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
    60546c0b4b46 net/smc: postpone sk_refcnt increment in connect()
    91121ee57414 rxrpc: Fix decision on when to generate an IDLE ACK
    d7b16ee15fc6 rxrpc: Don't let ack.previousPacket regress
    2fd958ae29fd rxrpc: Fix overlapping ACK accounting
    5aa14dafd2b0 rxrpc: Don't try to resend the request if we're receiving the reply
    91b34bf0409f rxrpc: Fix listen() setting the bar too high for the prealloc rings
    0bfaff00d1a7 NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
    9934025c4d66 ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
    b3461ccaa5d2 thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
    449374565f34 drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
    6832e36f156e drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
    48d331a03b0d ext4: reject the 'commit' option on ext2 filesystems
    3dc032375595 media: ov7670: remove ov7670_power_off from ov7670_remove
    dc794fa2b3c4 sctp: read sk->sk_bound_dev_if once in sctp_rcv()
    d43a87d66039 m68k: math-emu: Fix dependencies of math emulation support
    6f55fac0af35 Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
    c3c8c7e409d0 media: vsp1: Fix offset calculation for plane cropping
    1310fc3538dc media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
    83345b536599 media: exynos4-is: Change clk_disable to clk_disable_unprepare
    b87d3a043b32 media: st-delta: Fix PM disable depth imbalance in delta_probe
    12480f757810 media: aspeed: Fix an error handling path in aspeed_video_probe()
    d2b1dc3a0432 scripts/faddr2line: Fix overlapping text section failures
    0be5d9da5743 regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
    18b907ff0ae4 ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
    96fc3da6184a ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
    ddb1a77f94d7 perf/amd/ibs: Use interrupt regs ip for stack unwinding
    f2e2e934d2b6 Revert "cpufreq: Fix possible race in cpufreq online error path"
    1253811c71e0 iomap: iomap_write_failed fix
    6b8291e574a8 media: uvcvideo: Fix missing check to determine if element is found in list
    ab888b1a9a6d drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
    22d8424913b1 drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
    b2aa2c4efe93 drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
    cd4cfd99ec14 regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
    db5a21f2dd62 x86/mm: Cleanup the control_va_addr_alignment() __setup handler
    d2476a1fc50b irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
    b97eb924a234 irqchip/exiu: Fix acknowledgment of edge triggered interrupts
    9777de28cfea x86: Fix return value of __setup handlers
    ee3901d7c7f4 virtio_blk: fix the discard_granularity and discard_alignment queue limits
    a9b4599665e4 drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
    35d9a84e3b35 drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
    2b3ed7547b1a drm/msm/hdmi: check return value after calling platform_get_resource_byname()
    11709592b350 drm/msm/dsi: fix error checks and return values for DSI xmit functions
    ef10d0c68e86 drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
    db681127e96d perf tools: Add missing headers needed by util/data.h
    31de06ef06a8 ASoC: rk3328: fix disabling mclk on pclk probe failure
    ed8d5cf1dcad x86/speculation: Add missing prototype for unpriv_ebpf_notify()
    1d0c4bc628ca x86/pm: Fix false positive kmemleak report in msr_build_context()
    b889619eba6f scsi: ufs: core: Exclude UECxx from SFR dump list
    e120d31d04bf of: overlay: do not break notify on NOTIFY_{OK|STOP}
    b0be017bc59d fsnotify: fix wrong lockdep annotations
    60d159e0d084 inotify: show inotify mask flags in proc fdinfo
    2326d398ccd4 ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
    cd1f386120d0 cpufreq: Fix possible race in cpufreq online error path
    e7f0fd6f2566 spi: img-spfi: Fix pm_runtime_get_sync() error checking
    735b57a96088 sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
    55fddbb1e278 drm/bridge: Fix error handling in analogix_dp_probe
    f1d4f19a7965 HID: elan: Fix potential double free in elan_input_configured
    75a89bc1baee HID: hid-led: fix maximum brightness for Dream Cheeky
    3caa2d7943ca drbd: fix duplicate array initializer
    65065f96d53e efi: Add missing prototype for efi_capsule_setup_info
    fbf9c4c714d3 NFC: NULL out the dev->rfkill to prevent UAF
    2c59535b6be0 spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
    fa0d7ba25a53 drm: mali-dp: potential dereference of null pointer
    797f8ee35f03 drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
    1a994f1f1841 nl80211: show SSID for P2P_GO interfaces
    93c0f9d78ddd bpf: Fix excessive memory allocation in stack_map_alloc()
    c398c2149b17 drm/vc4: txp: Force alpha to be 0xff if it's disabled
    8a60b54e41c9 drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
    a0c890c0ae9f drm/mediatek: Fix mtk_cec_mask()
    ea8b2ecc920d x86/delay: Fix the wrong asm constraint in delay_loop()
    c71494f5f2b4 ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
    23f340ed906c ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
    e92b927fffb6 drm/bridge: adv7511: clean up CEC adapter when probe fails
    224e1eef0386 drm/edid: fix invalid EDID extension block filtering
    657734866839 ath9k: fix ar9003_get_eepmisc
    ebede9aadfa3 drm: fix EDID struct for old ARM OABI format
    e60ad83f645e RDMA/hfi1: Prevent panic when SDMA is disabled
    cb4f2dc513e9 powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
    6557555a86f3 macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
    793b82d1c424 powerpc/powernv: fix missing of_node_put in uv_init()
    537a317e5ff4 powerpc/xics: fix refcount leak in icp_opal_init()
    a910e9613130 tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
    c9a81f9ed6ae PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
    e10905816513 ARM: hisi: Add missing of_node_put after of_find_compatible_node
    2f46a955b6f5 ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
    fcd1999ba974 ARM: versatile: Add missing of_node_put in dcscb_init
    fd48cf8f972f fat: add ratelimit to fat*_ent_bread()
    60ce637c194b powerpc/fadump: Fix fadump to work with a different endian capture kernel
    41c7096286aa ARM: OMAP1: clock: Fix UART rate reporting algorithm
    e54fd01178eb fs: jfs: fix possible NULL pointer dereference in dbFree()
    a0180e324a9a PM / devfreq: rk3399_dmc: Disable edev on remove()
    1995a60be7cb ARM: dts: ox820: align interrupt controller node name with dtschema
    58e55f4f5a2a IB/rdmavt: add missing locks in rvt_ruc_loopback
    56fd9dcfe10c selftests/bpf: fix btf_dump/btf_dump due to recent clang change
    063d945795a0 eth: tg3: silence the GCC 12 array-bounds warning
    88d730463e9b rxrpc: Return an error to sendmsg if call failed
    1ec0bc72f5da hwmon: Make chip parameter for with_info API mandatory
    a7a41dd47303 ASoC: max98357a: remove dependency on GPIOLIB
    3cf43978ffd1 media: exynos4-is: Fix compile warning
    1e5fbfc2a6f3 net: phy: micrel: Allow probing without .driver_data
    9d1764b9266b nbd: Fix hung on disconnect request if socket is closed before
    abe7554da62c ASoC: rt5645: Fix errorenous cleanup order
    f76729662650 nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
    69edf28d2c42 openrisc: start CPU timer early in boot
    67fb49438858 media: cec-adap.c: fix is_configuring state
    4172a34ef93f media: coda: limit frame interval enumeration to supported encoder frame sizes
    8f2a5721cdc3 rtlwifi: Use pr_warn instead of WARN_ONCE
    2d966c94adce ipmi: Fix pr_fmt to avoid compilation issues
    2064a1eab2ec ipmi:ssif: Check for NULL msg when handling events and messages
    17cfc9455830 ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
    5a71f14a9b2e dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
    6583d0d6ad6d spi: stm32-qspi: Fix wait_cmd timeout in APM mode
    1651a95517fb s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
    890b16b4709d ASoC: tscs454: Add endianness flag in snd_soc_component_driver
    00771de7cc28 HID: bigben: fix slab-out-of-bounds Write in bigben_probe
    0d7074792bb9 drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
    2317f3bfda6d mlxsw: spectrum_dcb: Do not warn about priority changes
    121f56a9a832 ASoC: dapm: Don't fold register value changes into notifications
    430af81135d5 net/mlx5: fs, delete the FTE when there are no rules attached to it
    f857855a8a83 ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
    b507f067e9fc drm: msm: fix error check return value of irq_of_parse_and_map()
    efd183d988b4 arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
    a610cfe56c38 drm/amd/pm: fix the compile warning
    1e29d829ad51 drm/plane: Move range check for format_count earlier
    e1599ced6be1 scsi: megaraid: Fix error check return value of register_chrdev()
    7923f95997a7 mmc: jz4740: Apply DMA engine limits to maximum segment size
    0959aa00f976 md/bitmap: don't set sb values if can't pass sanity check
    222292930c8e media: cx25821: Fix the warning when removing the module
    fa636e9ee444 media: pci: cx23885: Fix the error handling in cx23885_initdev()
    0ac84ab50712 media: venus: hfi: avoid null dereference in deinit
    de16cdf0b73d ath9k: fix QCA9561 PA bias level
    af832028af6f drm/amd/pm: fix double free in si_parse_power_table()
    7bd0ac1e2345 tools/power turbostat: fix ICX DRAM power numbers
    6266ab1f31fa spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
    f68bed124c76 ALSA: jack: Access input_dev under mutex
    aea748501d09 drm/komeda: return early if drm_universal_plane_init() fails.
    8ded0af90e97 ACPICA: Avoid cache flush inside virtual machines
    c7b41fd76ce2 fbcon: Consistently protect deferred_takeover with console_lock()
    4460066eb248 ipv6: fix locking issues with loops over idev->addr_list
    8fb1b9beb085 ipw2x00: Fix potential NULL dereference in libipw_xmit()
    303380919df7 b43: Fix assigning negative value to unsigned variable
    60d515fd8797 b43legacy: Fix assigning negative value to unsigned variable
    92225d3c2241 mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
    f85cb059fad0 drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
    670f5e40d7b3 btrfs: repair super block num_devices automatically
    622ced791ed8 btrfs: add "0x" prefix for unsupported optional features
    0ca511204740 ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
    f5faa24137d7 ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
    e10356eae1c2 ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
    00c93ce2665c perf/x86/intel: Fix event constraints for ICL
    1b767500d151 usb: core: hcd: Add support for deferring roothub registration
    114790876393 USB: new quirk for Dell Gen 2 devices
    7c5a52dd4d91 USB: serial: option: add Quectel BG95 modem
    6b3ecb2d92a0 ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
    1c6cfb9e8a5c binfmt_flat: do not stop relocating GOT entries prematurely on riscv
    35c6471fd2c1 Linux 5.4.197
    e00c2f22fbfa bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
    a2235bc65ade NFSD: Fix possible sleep during nfsd4_release_lockowner()
    f5b6bc69a792 NFS: Memory allocation failures are not server fatal errors
    0490cd2aee18 docs: submitting-patches: Fix crossref to 'The canonical patch format'
    72ef5d01fe37 tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
    7ecd237e5036 tpm: Fix buffer access in tpm2_get_tpm_pt()
    396d1f51764d HID: multitouch: Add support for Google Whiskers Touchpad
    25f0e9459f94 raid5: introduce MD_BROKEN
    fd2f7e998485 dm verity: set DM_TARGET_IMMUTABLE feature flag
    f00597350210 dm stats: add cond_resched when looping over entries
    65e6282f0d75 dm crypt: make printing of the key constant-time
    a4415f39e3e8 dm integrity: fix error code in dm_integrity_ctr()
    fc658c083904 zsmalloc: fix races between asynchronous zspage free and page migration
    7632451ad926 crypto: ecrdsa - Fix incorrect use of vli_cmp
    b16bb373988d netfilter: conntrack: re-fetch conntrack after insertion
    1fe82bfd9e4c exec: Force single empty string when argv is empty
    241b566e0403 drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
    3dbab9e37ca1 cfg80211: set custom regdomain after wiphy registration
    039fa25d95ce assoc_array: Fix BUG_ON during garbage collect
    8c668da61bd0 drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
    fdcbdb3d089a i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
    827980029d0f net: ftgmac100: Disable hardware checksum on AST2600
    e619506ed010 net: af_key: check encryption module availability consistency
    fa77d2a3a755 pinctrl: sunxi: fix f1c100s uart2 function
    2208c31d864e ACPI: sysfs: Fix BERT error region memory mapping
    92d4b5e14830 ACPI: sysfs: Make sparse happy about address space in use
    5a73bd4f4710 media: vim2m: initialize the media device earlier
    b7248281afb1 media: vim2m: Register video device after setting up internals
    ab5b00cfe050 secure_seq: use the 64 bits of the siphash for port offset calculation
    80cca53a48c8 tcp: change source port randomizarion at connect() time
    9ce35dad5a1a Input: goodix - fix spurious key release events
    bdbc7ef3eb2c staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
    4f0750839421 x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
    8bb828229da9 lockdown: also lock down previous kgdb use

(From OE-Core rev: 5503425172d832dae12bad6af8ca22ece454e4b0)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
60a98feb86 vim: 8.2.5083 -> 9.0.0005
The license checksum changed due to a major version change in the referenced file.

(From OE-Core rev: cc245b75ebd8dfc4925a21e3ff08d841fef77635)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89f34d8aa4f4572d048dbb732ca4c83d443157fb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Ranjitsinh Rathod
6a3d60d873 openssl: Minor security upgrade 1.1.1o to 1.1.1p
This security upgrade fixes CVE-2022-2068 as per below link
Link: https://www.openssl.org/news/cl111.txt
Also, remove 73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch and
b7ce611887cfac633aacc052b2e71a7f195418b8.patch as these two are part
1.1.1p now

(From OE-Core rev: a8283f9251f59d86f93f9d7cfd4c7e29c61e4631)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Ross Burton
1c38d0d3d6 cve-check: hook cleanup to the BuildCompleted event, not CookerExit
The cve-check class writes temporary files to preserve state across the
build, and cleans them up in a CookerExit handler.

However, in memory-resident builds the cooker won't exit in between
builds, so the state isn't cleared and the CVE report generation fails:

NOTE: Generating JSON CVE summary
ERROR: Error adding the same package twice

Easily solved by hooking to BuildCompleted, instead of CookerExit.

(From OE-Core rev: ee3270709158aff463fec6798f3b8968268b4d4b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fccdcfd301de281a427bfee48d8ff47fa07b7259)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
ca90350d13 cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
Remove obsolete comments/data from the file. Add in three CVEs to ignore.
Two are qemu CVEs which upstream aren't particularly intersted in and aren't
serious issues. Also ignore the nasm CVE found from fuzzing as this isn't
a issue we'd expose from OE.

(From OE-Core rev: b82c95720488eea8ea4b5684c9f89e4931085fa5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68291026aab2fa6ee1260ca95198dd1d568521e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Ahmed Hossam
159a2de146 insane.bbclass: host-user-contaminated: Correct per package home path
The current home path that is compared against is incorrect as it is missing the
package name, this patch adds it.

[YOCTO #14553]

(From OE-Core rev: b75caf4a985e3c20996531785125eaffdc832104)

Signed-off-by: Ahmed Hossam <Ahmed.Hossam@opensynergy.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit ae8f22d9e2694eea5ede3b31c6f3bca404ea4a5a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Martin Jansa
684c5d4c12 wic: fix WicError message
* add missing % to print the values instead of:
  | INFO: Build artifacts not found, exiting.
  | INFO:   (Please check that the build artifacts for the machine
  | INFO:    selected in local.conf actually exist and that they
  | INFO:    are the correct artifacts for the image (.wks file)).
  |
  | ERROR: ("The artifact that couldn't be found was %s:\n  %s", 'kernel-dir', '/OE/build/deploy/images/qemux86-64')

(From OE-Core rev: c83cabad78dbc98bb72be7fd7dd51023853a3ff9)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e104c2b1273d8c5bd97893f318bf2a2699ef7f2d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Muhammad Hamza
8dfc7162e3 initramfs-framework: move storage mounts to actual rootfs
Operations such as mkfs fail on devices that are not
switched to the actual rootfs before switch_root is
called. The kernel interprets these devices as still
being used even after unmounting and errors such as
below are seen when the target is fully booted

root@v1000:~# umount /dev/sdb1
root@v1000:~# mkfs.ext4 /dev/sdb1
mke2fs 1.43.8 (1-Jan-2018)
/dev/sdb1 contains a ext4 file system
        last mounted on Wed Nov 28 07:33:54 2018
Proceed anyway? (y,N) y
/dev/sdb1 is apparently in use by the system; will not make a filesystem here!

(From OE-Core rev: ce27982c24d2398c9eadb9d4d9e7475509424195)

Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Muhammad Hamza <muhammad_hamza@mentor.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ec53ffd01972d1be2d6a28de828b3f0b80dc1e61)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Marek Vasut
d2f8a57a30 lttng-modules: Backport Linux 5.18+, 5.15.44+, 5.10.119+ fixes
The Linux kernel commit 14c174633f349 ("random: remove unused tracepoints")
removed unused tracepoints and has been backported to stable Linux kernel
releases. This causes build failure of lttng-modules:

"
lttng-modules-2.11.6/probes/lttng-probe-random.c:18:10: fatal error: trace/events/random.h: No such file or directory
|    18 | #include <trace/events/random.h>
|       |          ^~~~~~~~~~~~~~~~~~~~~~~
| compilation terminated.
"

Backport patches from lttng-modules master branch to address the build
failure on all of Linux 5.18.y, 5.15.y 5.10.y, 5.4, 4.19, 4.14, and 4.9 kernel versions.

(From OE-Core rev: 9f301f5563df868626d624c2d0781dae1b81a4c0)

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Cc: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Alexander Kanavin
0a0e0663ab wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
(From OE-Core rev: a0415549af8d10f4915c519433b49ce812bd2324)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c27711292f93dfad1ffdeab6d715becad32a4ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Marta Rybczynska
79b3e05767 oeqa/selftest/cve_check: add tests for Ignored and partial reports
Add testcases for partial reports with CVE_CHECK_REPORT_PATCHED and
Ignored CVEs.

(From OE-Core rev: 577d297babd7b399f631c8a95155265f08c5e193)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from 3f7639b90004973782a2e74925fd2e9a764c1090)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Hitendra Prajapati
b6f4778e37 grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content
Source: https://git.savannah.gnu.org/cgit/grub.git/
MR: 116495
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4
ChangeID: fce3d59e50320bef247bb981352051b8f953a4fc
Description:
        CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content.

Affects "grub2 < 2.06"

(From OE-Core rev: fd9dc688ead5cf0225cba94c380a618e332d548f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Marta Rybczynska
6e79d96c6d cve-check: add support for Ignored CVEs
Ignored CVEs aren't patched, but do not apply in our configuration
for some reason. Up till now they were only partially supported
and reported as "Patched".

This patch adds separate reporting of Ignored CVEs. The variable
CVE_CHECK_REPORT_PATCHED now manages reporting of both patched
and ignored CVEs.

(From OE-Core rev: 14b3c0ca46a0aa97565a24b7a5116306237d7cfe)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from c773102d4828fc4ddd1024f6115d577e23f1afe4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Richard Purdie
31b4392e6e unzip: Port debian fixes for two CVEs
Add two fixes from debian for two CVEs. From:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355

I wans't able to get the reproducers to work but the added error
checking isn't probably a bad thing.

(From OE-Core rev: 097469513f6dea7c678438e71a152f4e77fe670d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 054be00a632c2918dd1f973e76514e459fc6f017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Joe Slater
4bc2324a25 unzip: fix CVE-2021-4217
Avoid a null pointer dereference.

(From OE-Core rev: 357791da82f767ad695e4476aa12fea3d7db5e04)

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 36db85b9b127e5a9f5d3d6e428168cf597ab95f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Hitendra Prajapati
6013fc2606 golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header
Source: https://github.com/argoheyard/lang-net
MR: 114874
Type: Security Fix
Disposition: Backport from 701957006e
ChangeID: bd3c4f9f44dd1c45e810172087004778522d28eb
Description:
       CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header.

(From OE-Core rev: 2850ef58f2a39a5ab19b1062d1b50160fec4daa8)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Hitendra Prajapati
3f2da49c2b golang: CVE-2022-24675 encoding/pem: fix stack overflow in Decode
Source: https://go-review.googlesource.com/c/go
MR: 117551
Type: Security Fix
Disposition: Backport from https://go-review.googlesource.com/c/go/+/399816/
ChangeID: 347f22f93e8eaecb3d39f8d6c0fe5a70c5cf7b7c
Description:
        CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode.

(From OE-Core rev: 6625e24a6143765ce2e4e08d25e3fe021bc2cdf6)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Michael Opdenacker
02867c9039 manuals: switch to the sstate mirror shared between all versions
Following https://git.yoctoproject.org/poky/commit/?id=cf7d8894545b83f55420fa33f7848e1bfc6754ff

(From yocto-docs rev: 5a5499609bc1f6ac99ad909dc1aeb91505f5bd48)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-28 23:58:30 +01:00
Ross Burton
33a08f7b8f bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes
The keep alive timeout is excessively long at 83 minutes (5000 seconds),
reduce this to 10 minutes: this should be long enough that it rarely
triggers in normal builds, but when it does it has useful information.

(Bitbake rev: a496a8952d8542ce814b13f460811d8849d25a3c)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dcf52157d3635925491783be656c6b76d1efe1a4)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:23 +01:00
Ross Burton
07eca06c71 bitbake: knotty: display active tasks when printing keepAlive() message
In interactive bitbake sessions it is obvious what tasks are running
when one of them hangs or otherwise takes a long time. However, in
non-interactive sessions (such as automated builds) bitbake just prints
a message saying that it is "still alive" with no clues as to what tasks
are active still.

By simply listing the active tasks when printing the keep alive message,
we don't need to parse the bitbake log to identify which of the tasks
is still active and has presumably hung.

(Bitbake rev: 36fe8bae9fec61547ee0b13bcb721033afd3ac0e)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 30f6c3f175617beea8e8bb75dcf255611e3fc2fd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:22 +01:00
Richard Purdie
9f20f682ff bitbake: bin/bitbake-getvar: Add a new command to query a variable value (with history)
We've talked about having this for long enough. Add a command which queries a single
variable value with history. This saves "bitbake -e | grep" and avoids the
various pitfalls that has.

It also provides a neat example of using tinfoil to make such a query.

Parameters to limit the output to just the value, to limit to a variable flag
and to not expand the output are provided.

[YOCTO #10748]

(Bitbake rev: 47ed06d441152f8b6d374cacfac2c668c354423e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c1881b620e885f55d7772f8626b8a76c2828333)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:22 +01:00
Richard Purdie
6d1f8412be bitbake: tinfoil/data_smart: Allow variable history emit() to function remotely
We can't access the emit() function of varhistory currently as the datastore parameter
isn't handled correctly, nor is the output stream. Add a custom wrapper for this
function which handles the two details correctly.

(Bitbake rev: 144a1cfe8b60c677bb6ec66c242e064c7ba3ed88)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba0fa084ccd2b1ade96425d158fd31e49e42f286)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:22 +01:00
Dmitry Baryshkov
872caf23ad linux-firmware: upgrade 20220509 -> 20220610
Drop 0001-Makefile-replace-mkdir-by-install.patch merged upstream.

License-Update: additional files
(From OE-Core rev: c6f5fb5e7545636ef7948ad1562548b7b64dac35)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91cd99267157e860a108282aee13e162e8c10572)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit bcc5a22cd2b25c777315fe9d677fc0338ae2ab68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:46 +01:00
Dmitry Baryshkov
b9bffd7650 linux-firmware: add support for building snapshots
In some cases it is useful to be able to test the snapshot of
linux-firmware (e.g. to test if the updated firmware works on the
particular hardware). Allow building the linux-firmware snapshots.

To switch to the most recent branch, add the following lines to the
local.conf file:

PREFERRED_VERSION_linux-firmware = "1:20220509+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "4288aad55d189fa225d492526b8406d5"

(From OE-Core rev: 6654baf267003ac62bc886901e5197fc211239f4)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b023570ae1d239de14b50a0e827582d0e84ddf81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:46 +01:00
Nick Potenski
0b84202a2b systemd: systemd-systemctl: Support instance conf files during enable
Add ability to parse instance-specific conf files when
enabling an instance of a templated unit during postinstall.

(From OE-Core rev: f2d59bf2240eaf4c483edc4feb6e5d66b8dc387f)

Signed-off-by: Nick Potenski <nick.potenski@garmin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baa0ecf3271008cf60cd830c54a71f191aebb81c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:46 +01:00
Chee Yang Lee
ae90fa778a dpkg: update to 1.19.8
update include fixes for CVE-2022-1664.

(From OE-Core rev: 12169c1104adbfd9f5196fdbdab16536e98fd43f)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:45 +01:00
Hitendra Prajapati
fe6c34c48d golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
        CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
(From OE-Core rev: b835c65845b1445e1bb547c192cb22c2db4c7e6f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:45 +01:00
Hitendra Prajapati
2ae3d43628 python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references
Source: https://github.com/pypa/pip
MR: 113864
Type: Security Fix
Disposition: Backport from e46bdda971
ChangeID: 717948e217d6219d1f03afb4d984342d7dea4636
Description:
       CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references.

(From OE-Core rev: 841a8fb5b6351f79a4d756232a544d1a6480c562)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:45 +01:00
Jose Quaresma
5582ab6aae archiver: don't use machine variables in shared recipes
When using multiconfig with the same TMP folder we can have
races because the shared recipes like gcc-source run twice.

ARCHIVER_OUTDIR = ${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/
which includes TARGET_SYS and between the two different MACHINE values,
this changes  from 'arm-poky-linux-gnueabi' to 'aarch64-poky-linux'.
This leads to the task running twice, once for each multiconfig.

To solve this we need to store the shared output in a common place
for all machines and in this way the stamps will be the same for each
machine so the gcc-source will on run once regardless of the machine used.

(From OE-Core rev: 135adeb82c9303c26193bb6f6bd3bc696793aa62)

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5abe497aad39a6ce8d72556fcdda1938a0f8c1bc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Richard Purdie
d4c7b40039 gcc-source: Fix incorrect task dependencies from ${B}
Some tasks may reference ${B} for gcc-source which in general would not exist.
It has dependencies on HOST_SYS and TARGET_SYS which are not appropriate for a
shared recipe like gcc-source. This causes problems for the archiver and
multiconfigs in particlar.

Set B to something else to avoid these task hash issues.

Acked-by: Jose Quaresma <jose.quaresma@foundries.io>
(From OE-Core rev: 14aa189c2e47a2c5a4a0099235a2605666651f74)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit beb2a76c591e985c6fc7ed473abd1bee27f955a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Rasmus Villemoes
a2805141e9 e2fsprogs: add alternatives handling of lsattr as well
Building busybox with CONFIG_LSATTR=y and installing that in the same
filesystem as e2fsprogs breaks:

  ERROR: ... do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
  then please place them into pkg_postinst_ontarget:${PN} ().
  Deferring to first boot via 'exit 1' is no longer supported.

Fix that by also alternatifying lsattr just as chattr already is.

(From OE-Core rev: 28090d32c88d99ea36a03f3bb723838746001e4b)

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96703961eeb3460e9da26503d7942cc965d1e573)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Mingli Yu
7d9d97368b oescripts: change compare logic in OEListPackageconfigTests
When multilib enabled and add layers/meta-openembedded/meta-oe in
conf/bblayers.conf, it reports below error when run oe-selftest.
 $ oe-selftest -r  oescripts
 [snip]
 [20:36:33-0700] 2022-05-16 03:36:33,494 - oe-selftest - INFO - RESULTS - oescripts.OEListPackageconfigTests.test_packageconfig_flags_option_flags: FAILED (585.37s)
 [snip]

 It is because the output of "list-packageconfig-flags.py -f" as below:
 $ ../scripts/contrib/list-packageconfig-flags.py -f
 [snip]
 qt                     lib32-pinentry  lib32-wxwidgets  nativesdk-pinentry  pinentry  pinentry-native  wxwidgets  wxwidgets-native
 secret                 lib32-pinentry  nativesdk-pinentry  pinentry  pinentry-native
 [snip]

 But the check logic as below:
 class OEListPackageconfigTests(OEScriptTests):
    #oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
    def check_endlines(self, results,  expected_endlines):
        for line in results.output.splitlines():
            for el in expected_endlines:
                if line.split() == el.split():
                    expected_endlines.remove(el)
                    break

 def test_packageconfig_flags_option_flags(self):
        results = runCmd('%s/contrib/list-packageconfig-flags.py -f' % self.scripts_dir)
        expected_endlines = []
        expected_endlines.append("PACKAGECONFIG FLAG     RECIPE NAMES")
        expected_endlines.append("qt                     nativesdk-pinentry  pinentry  pinentry-native")
        expected_endlines.append("secret                 nativesdk-pinentry  pinentry  pinentry-native")

        self.check_endlines(results, expected_endlines)

And the test will fail as line.split() doesn't equal el.split() as
line.split() is ['lib32-pinentry', 'lib32-wxwidgets', 'nativesdk-pinentry',
'pinentry', 'pinentry-native', 'wxwidgets', 'wxwidgets-native'] and
el.split() is ['nativesdk-pinentry', 'pinentry', 'pinentry-native'].

So change the compare logic to fix the gap.

(From OE-Core rev: 9eecfbfc957359b7933f1e1bde3aba1780dde202)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 239f22847bcae0cb31769adb0a42b5440173a7c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Jose Quaresma
69fb63b4fc archiver: use bb.note instead of echo
(From OE-Core rev: fd1ed873ec00fda2f58370770ad7aed039bdc470)

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6420c8a6a8143f53ccad7ab2d56b2ba06db83099)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Martin Jansa
9638dc4826 rootfs.py: close kernel_abi_ver_file
* fixes:
  oe-core/meta/lib/oe/rootfs.py:331: ResourceWarning: unclosed file <_io.TextIOWrapper name='pkgdata/mach/kernel-depmod/kernel-abiversion' mode='r' encoding='UTF-8'>
  kernel_ver = open(kernel_abi_ver_file).read().strip(' \n')

(From OE-Core rev: b761150790231792b42a8eb534013f1e17b4efb3)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f9dd8ee063c1132265248457fcd628e1e93727be)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Peter Kjellerstedt
f51a254415 license.bbclass: Bound beginline and endline in copy_license_files()
Ensure that begin_idx (i.e., beginline - 1) and end_idx (i.e.,
endline) are positive numbers in copy_license_files(). This makes sure
the same lines are copied as populate_lic_qa_checksum() uses when it
calculates the checksum. Before, beginline=0 would typically lead to
that no lines were copied at all.

(From OE-Core rev: 27cd074d747c5ef4b475c8a62a8ede2bbe58f996)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ab3cc3651d08d226675c461da760cda0bb6c0ce0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Marcel Ziswiler
1487d68388 alsa-plugins: fix libavtp vs. avtp packageconfig
Fix PACKAGECONFIG to refer to libavtp instead of avtp as this is what
the project and everything is really called everywhere.

(From OE-Core rev: a1b73bc6ba90fb079e514e4eeda8e231a950b9f4)

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8824d91fe2063195014c38c134b97946d3b429c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Stefan Wiehler
8a382d8655 kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
Several tasks deactivate exiting on non-zero return codes via set +e because
they run subcommands that have legitimate non-zero return codes. However when
appending to those tasks, this behavior is not expected and can lead to builds
silently proceeding in case of an error. Therefore reset the default behavior
at the end of the respective tasks via set -e.

(From OE-Core rev: 7777cc853db7200b819095be6f6a3561738ac94d)

Signed-off-by: Stefan Wiehler <stefan.wiehler@nokia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 83a6f28d2e464f00202090e998a63045adba9e4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Richard Purdie
8d6f9680e4 vim: Upgrade 8.2.5034 -> 8.2.5083
Includes fixes for CVE-2022-1927, CVE-2022-1942.

(From OE-Core rev: 2bba60d687fb45a8367cb683a8e9d385384ad51a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Pawan Badganchi
23ed0037b6 openssh: Whitelist CVE-2021-36368
As per debian, the issue is fixed by a feature called
"agent restriction" in openssh 8.9.
Urgency is unimportant as per debian, Hence this CVE is whitelisting.
Link:
https://security-tracker.debian.org/tracker/CVE-2021-36368
https://bugzilla.mindrot.org/show_bug.cgi?id=3316#c2
https://docs.ssh-mitm.at/trivialauth.html

(From OE-Core rev: 179b862e97d95ef57f8ee847e54a78b5f3f52ee7)

Signed-off-by: Pawan Badganchi <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Steve Sakoman
95cda9d091 cups: fix CVE-2022-26691
In scheduler/cert.c the previous algorithm didn't expect the strings can
have a different length, so one string can be a substring of the other
and such substring was reported as equal to the longer string.

Backport patch from upstream to fix:
de4f8c1961

CVE: CVE-2022-26691

(From OE-Core rev: cc657868d31cc8b4218a07aa10fa098c379e473c)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Richard Purdie
238fb89434 local.conf.sample: Update sstate url to new 'all' path
(From meta-yocto rev: 36f7c6b9ddbcd4f518aa199b523a0606d1f4018a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-15 17:12:41 +01:00
Bruce Ashfield
7f694e46a8 linux-yocto/5.4: update to v5.4.196
Updating  to the latest korg -stable release that comprises
the following commits:

    04b092e4a01a Linux 5.4.196
    dba1941f5bc3 afs: Fix afs_getattr() to refetch file status if callback break occurred
    ef5374d532ca i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
    10a221e2d3d8 x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
    a12884ff4340 x86/xen: fix booting 32-bit pv guest
    b2f140a9f980 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
    060f38b1dfb4 ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
    b38cf3cb17df firmware_loader: use kernel credentials when reading firmware
    e14e3856e94d net: stmmac: disable Split Header (SPH) for Intel platforms
    9ea8e6a8323e block: return ELEVATOR_DISCARD_MERGE if possible
    36ac6caf742d Input: ili210x - fix reset timing
    1c450bdf2e8c net: atlantic: verify hw_head_ lies within TX buffer ring
    e5307704c4ad net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
    91d8d7edf192 ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
    dd5de66f5c8a selftests: add ping test with ping_group_range tuned
    9919585e5f41 mac80211: fix rx reordering with non explicit / psmp ack policy
    19e2cd737c16 scsi: qla2xxx: Fix missed DMA unmap for aborted commands
    74168c2207a5 perf bench numa: Address compiler error on s390
    d1915d9c9fa3 gpio: mvebu/pwm: Refuse requests with inverted polarity
    3fdd67e83c42 gpio: gpio-vf610: do not touch other bits when set the target bit
    1fe6dc5f5d19 net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
    622be11fa385 igb: skip phy status check where unavailable
    eb92a8ecce23 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
    463a7b957db0 ARM: 9196/1: spectre-bhb: enable for Cortex-A15
    1b93631c77c9 net: af_key: add check for pfkey_broadcast in function pfkey_process
    c0be5fec786b net/mlx5e: Properly block LRO when XDP is enabled
    3277789f332e NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
    b368e07fb44d net/qla3xxx: Fix a test in ql_reset_work()
    d672eee9e404 clk: at91: generated: consider range when calculating best rate
    8cb1a05fe38b ice: fix possible under reporting of ethtool Tx and Rx statistics
    dc64e8874e87 net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
    32f779e6fbbe net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
    1eb2d7858155 net/sched: act_pedit: sanitize shift argument before usage
    50f70ee30236 net: macb: Increment rx bd head after allocating skb and buffer
    a42ffe88332c ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
    6493ff94c022 ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
    fe2a9469eca0 dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
    8cf6c24ed488 drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
    8be06f62b426 crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
    f4a093215b8e KVM: x86/mmu: Update number of zapped pages even if page list is stable
    de8745182749 PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
    3a12b2c413b2 Fix double fget() in vhost_net_set_backend()
    dd0ea88b0a0f perf: Fix sys_perf_event_open() race against self
    c8a5e14cb407 ALSA: wavefront: Proper check of get_user() error
    2f8f6c393b11 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
    975a0f14d5cd SUNRPC: Don't call connect() more than once on a TCP socket
    aa4d71edd609 SUNRPC: Prevent immediate close+reconnect
    2d6f096476e6 SUNRPC: Clean up scheduling of autoclose
    f3fe8d13ac89 mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
    def047ae1266 mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
    f10260f35992 mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
    1e93f939927d nilfs2: fix lockdep warnings during disk space reclamation
    307d021b1a7f nilfs2: fix lockdep warnings in page operations for btree nodes
    77b71a4c8767 ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
    54f7358be14d platform/chrome: cros_ec_debugfs: detach log reader wq from devm
    232128f6e60f drbd: remove usage of list iterator variable after loop
    83abb076f473 MIPS: lantiq: check the return value of kzalloc()
    e7947c031ffe rtc: mc146818-lib: Fix the AltCentury for AMD platforms
    7be785032c05 nvme-multipath: fix hang when disk goes live over reconnect
    ee0323cc8bbb ALSA: hda/realtek: Enable headset mic on Lenovo P360
    c0d86f2a3c03 crypto: x86/chacha20 - Avoid spurious jumps to other functions
    f0213894337a crypto: stm32 - fix reference leak in stm32_crc_remove
    8c015cd52442 Input: stmfts - fix reference leak in stmfts_input_open
    bb83a744bc67 Input: add bounds checking to input_set_capability()
    4fd396695646 um: Cleanup syscall_handler_t definition/cast, fix warning
    0c319b998835 rtc: fix use-after-free on device removal
    05df3bdbc259 x86/xen: Make the secondary CPU idle tasks reliable
    0d3817cb4ebe x86/xen: Make the boot CPU idle task reliable
    67e2b62461b5 floppy: use a statically allocated error counter
    0187300e6aa6 Linux 5.4.195
    8fcefb43ecfc tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
    6d80857c4fc7 ping: fix address binding wrt vrf
    7845532adb53 arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
    c0b735fef2af net: phy: Fix race condition on link status change
    a60def756821 MIPS: fix build with gcc-12
    a3112d5da17c drm/vmwgfx: Initialize drm_mode_fb_cmd2
    463c7431490d cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
    f25145c37c4e i40e: i40e_main: fix a missing check on list iterator
    17c744716af5 drm/nouveau/tegra: Stop using iommu_present()
    c8f567c46543 serial: 8250_mtk: Fix register address for XON/XOFF character
    aa3ea7451bd6 serial: 8250_mtk: Fix UART_EFR register address
    031fda28d0a6 slimbus: qcom: Fix IRQ check in qcom_slim_probe
    7de6f3059629 USB: serial: option: add Fibocom MA510 modem
    65732f62f730 USB: serial: option: add Fibocom L610 modem
    6c78537f3e29 USB: serial: qcserial: add support for Sierra Wireless EM7590
    e40d00494712 USB: serial: pl2303: add device id for HP LM930 Display
    056a56f8fbfe usb: typec: tcpci: Don't skip cleanup in .remove() on error
    457d9401b8c1 usb: cdc-wdm: fix reading stuck on device close
    4d93303fd877 tty: n_gsm: fix mux activation issues in gsm_config()
    6e34ee5b5b92 tcp: resalt the secret every 10 seconds
    39c26fe93c76 net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
    638bfbc84cca s390: disable -Warray-bounds
    f66d3fa5089f ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    13b850a6cc80 ASoC: max98090: Generate notifications on changes for custom control
    5c766c000a64 ASoC: max98090: Reject invalid values in custom control put()
    22f6c68b4927 hwmon: (f71882fg) Fix negative temperature
    208200e573bd gfs2: Fix filesystem block deallocation for short writes
    42daae7d845c net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    e038c457bd12 net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
    2ec2dd7d51a9 net/sched: act_pedit: really ensure the skb is writable
    48c6a40e2f25 s390/lcs: fix variable dereferenced before check
    467ddbbe7e74 s390/ctcm: fix potential memory leak
    2cbce0110070 s390/ctcm: fix variable dereferenced before check
    1c40e85d0aa0 hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    0a778db9319f dim: initialize all struct fields
    522986cc39c1 mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    0729594cb788 netlink: do not reset transport header in netlink_recvmsg()
    33ce32587c44 drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
    5809a1c53049 ipv4: drop dst in multicast routing path
    c9d75e87f45b net: Fix features skip in for_each_netdev_feature()
    5c9057670504 mac80211: Reset MBSSID parameters upon connection
    cfe74fd41f18 hwmon: (tmp401) Add OF device ID table
    3915341a935f batman-adv: Don't skb_split skbuffs with frag_list
    90659487578c Linux 5.4.194
    2f4e0bf651e3 mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
    e4db0c3ce0c5 mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
    ea9cad1c5d95 mm: fix missing cache flush for all tail pages of compound page
    45c05171d6e3 Bluetooth: Fix the creation of hdev->name
    f52c4c067aa5 KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
    c1bdf1e6e706 x86: kprobes: Prohibit probing on instruction which has emulate prefix
    6af6427a9600 x86: xen: insn: Decode Xen and KVM emulate-prefix signature
    c67a4a91f5e1 x86: xen: kvm: Gather the definition of emulate prefixes
    4c39e1ace3dc x86/asm: Allow to pass macros to __ASM_FORM()
    29afcd5af012 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
    ea65a7d76c00 arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
    5755f946a89f can: grcan: only use the NAPI poll budget for RX
    caba5c13a892 can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
    76b64c690f03 nfp: bpf: silence bitwise vs. logical OR warning
    86ccefb83ede drm/i915: Cast remain to unsigned long in eb_relocate_vma
    de542bd76541 drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
    e6ff94d31c53 block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
    f668da98ad83 MIPS: Use address-of operator on section symbols
    01565c91b789 Linux 5.4.193
    8a7f92053dc9 mmc: rtsx: add 74 Clocks in power on flow
    d789b9891761 PCI: aardvark: Fix reading MSI interrupt number
    253bc43ca5b7 PCI: aardvark: Clear all MSIs at setup
    786dc86c8434 dm: interlock pending dm_io and dm_wait_for_bios_completion
    ad1393b92e50 dm: fix mempool NULL pointer race when completing IO
    40bcd39a0093 tcp: make sure treq->af_specific is initialized
    9661bf674d6a ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
    37b12c16beb6 ALSA: pcm: Fix races among concurrent prealloc proc writes
    2a559eec81ac ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    08d1807f097a ALSA: pcm: Fix races among concurrent read/write and buffer changes
    fbeb492694ce ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    f098f8b9820f mm: fix unexpected zeroed page mapping with zram swap
    c7337efd1d11 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
    9588ac2eddc2 net: ipv6: ensure we call ipv6_mc_down() at most once
    367b49086b41 KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
    c2fadf2d0ab4 x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
    8b78939f4b0b kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
    f455c8e657e3 NFSv4: Don't invalidate inode attributes on delegation return
    89e7a625ec5c drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
    1d14c1c7a3bd net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
    2b99ff4c3e3e btrfs: always log symlinks in full mode
    dc4784489426 smsc911x: allow using IRQ0
    cff6cb162f7a bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
    64ece01adb42 selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
    52401926c863 net: emaclite: Add error handling for of_address_to_resource()
    354cac1e392b net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
    0510b6ccfb4f net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
    102986592ffd RDMA/siw: Fix a condition race issue in MPA request processing
    e6ae21eb948a ASoC: dmaengine: Restore NULL prepare_slave_config() callback
    df3ea6cc1af5 hwmon: (adt7470) Fix warning on module removal
    01d4363dd717 NFC: netlink: fix sleep in atomic bug when firmware download timeout
    33d3e76fc7a7 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
    85aecdef77f9 nfc: replace improper check device_is_registered() in netlink related functions
    da9eb43b9a56 can: grcan: use ofdev->dev when allocating DMA memory
    8b451b7d7e95 can: grcan: grcan_close(): fix deadlock
    8f4246450a95 s390/dasd: Fix read inconsistency for ESE DASD devices
    91193a2c2f4f s390/dasd: Fix read for ESE with blksize < 4k
    1aa75808edd8 s390/dasd: prevent double format of tracks for ESE devices
    061a424dd1c4 s390/dasd: fix data corruption for ESE devices
    860db6cdc5be ASoC: meson: Fix event generation for G12A tohdmi mux
    d4864e8c4ba8 ASoC: wm8958: Fix change notifications for DSP controls
    6723ab2ed8bb ASoC: da7219: Fix change notifications for tone generator frequency
    ac5894fb8626 genirq: Synchronize interrupt thread startup
    8624e2c5af95 ACPICA: Always create namespace nodes using acpi_ns_create_node()
    27183539cfac firewire: core: extend card->lock in fw_core_handle_bus_reset
    2fefc6259861 firewire: remove check of list iterator against head past the loop body
    34b9b9182911 firewire: fix potential uaf in outbound_phy_packet_callback()
    f6b6e9336936 Revert "SUNRPC: attempt AF_LOCAL connect on setup"
    d403ff32e566 gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
    94842485b4ec ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
    73ce49fa59a7 parisc: Merge model and model name into one line in /proc/cpuinfo
    0d5bb59858c6 MIPS: Fix CP0 counter erratum detection for R4k CPUs

(From OE-Core rev: 7e056e79a5acce8261cb5124c172cc40ad608b82)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
e873840317 cve-update-db-native: make it possible to disable database updates
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.

Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.

(From OE-Core rev: 487a53522a739b9a52720c4c40b93f88ad77d242)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c2269240327c2a8f93b9e55354698f52c976f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
9868f99149 cve-check: add coverage statistics on recipes with/without CVEs
Until now the CVE checker was giving information about CVEs found for
a product (or more products) contained in a recipe. However, there was
no easy way to find out which products or recipes have no CVEs. Having
no reported CVEs might mean there are simply none, but can also mean
a product name (CPE) mismatch.

This patch adds CVE_CHECK_COVERAGE option enabling a new type of
statistics. Then we use the new JSON format to report the information.
The legacy text mode report does not contain it.

This option is expected to help with an identification of recipes with
mismatched CPEs, issues in the database and more.

This work is based on [1], but adding the JSON format makes it easier
to implement, without additional result files.

[1] https://lists.openembedded.org/g/openembedded-core/message/159873

(From OE-Core rev: c63d06becc340270573bdef2630749db1f5230d4)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d1849a1facd64fa0bcf8336a0ed5fbf71b2e3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
f2d12bc50b cve-check: write empty fragment files in the text mode
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.

However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.

Fix it by always writing a fragment file, even if empty.

(From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
6cf824520a cve-check: move update_symlinks to a library
Move the function to a library, it could be useful in other places.

(From OE-Core rev: c8a0e7ecee15985f7eed10ce9c86c48a77c5b7c5)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit debd37abcdde8788761ebdb4a05bc61f7394cbb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Robert Joslyn
42bb9689a0 curl: Fix CVE_CHECK_WHITELIST typo
Fix typo to properly whitelist CVE-2021-22945.

(From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Robert Joslyn
7da79fcac2 curl: Backport CVE fixes
Backport patches to address CVE-2022-27774, CVE-2022-27781, and
CVE-2022-27782.

(From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Richard Purdie
1be2437fd2 libxslt: Mark CVE-2022-29824 as not applying
We have libxml2 2.9.10 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.

(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)

(From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2)

Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad63694e6d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
omkar patil
d3d92d7852 libxslt: Fix CVE-2021-30560
CVE: CVE-2021-30560

(From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817)

Signed-off-by: omkar patil <omkar.patil@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Hitendra Prajapati
6be9d793a3 pcre2: CVE-2022-1587 Out-of-bounds read
Source:  https://github.com/PCRE2Project/pcre2
MR: 118031
Type: Security Fix
Disposition: Backport from 03654e751e
ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933
Description:
	CVE-2022-1587  pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c.
(From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Hitendra Prajapati
77332ffb9b e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem
Source: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git
MR: 117430
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
ChangeID: e6db00c6e8375a2e869fd2e4ead61ca9149eb8fa
Description:
          CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem.
(From OE-Core rev: b4f9ba859ed1fe5e1d42258fee1dd2e8e85e7eba)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Steve Sakoman
99478d73c5 openssl: update the epoch time for ct_test ptest
We are getting an additional ptest failure after fixing the expired certificates.

Backport a patch from upstream to fix this.

(From OE-Core rev: 3af161acc13189cb68549f898f3964d83d00ce56)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Steve Sakoman
196895a482 openssl: backport fix for ptest certificate expiration
ptests in in openssl have started failing as test certificates have
expired. Backport a fix for this from upstream, replacing the test
certificates to allow the ptests to pass again.

(From OE-Core rev: 40858a05989d45b0c772fdec837d3dc95d4df59d)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:08 +01:00
Steve Sakoman
27877797c7 Revert "openssl: Backport fix for ptest cert expiry"
Version 1.1.1 requires additional changes

This reverts commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:08 +01:00
Richard Purdie
1e298a4222 openssl: Backport fix for ptest cert expiry
ptests in in openssl have started failing as one of the test certificates has
expired. Backport a fix for this from upstream, replacing the test
certificate to allow the ptests to pass again.

(From OE-Core rev: 4051d1a3aa5f70da96c381f9dea5f52cd9306939)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f26f0b34f12bbca2beed153da402a3594d127374)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-07 11:33:52 +01:00
Steve Sakoman
bb6c7e09e3 poky.conf: bump version for 3.1.17 release
(From meta-yocto rev: 215cfdaeb88bbfdb995d0a09685271d586558af6)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-06 15:54:36 +01:00
Steve Sakoman
86146334f1 documentation: update for 3.1.17 release
(From yocto-docs rev: 8dd19c901813263554ac2bc6bda2cf9a1c3c1e58)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-06 15:54:35 +01:00
Richard Purdie
898aedf585 cve-check: Allow warnings to be disabled
When running CVE checks in CI we're usually not interested in warnings on the
console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS
to allow this to be disabled (it is left enabled by default).

(From OE-Core rev: d009233f36fb866f6bdaa12fb6deedf5e253e9c9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1054d3366ba528f2ad52585cf951e508958c5c68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 8fd6a9f521ea6b1e10c80fe33968943db30991ba)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
Ernst Sjöstrand
cc3cefdb43 cve-check: Only include installed packages for rootfs manifest
Before this the rootfs manifest and the summary were identical.
We should separate the summary and rootfs manifest more clearly,
now the summary is for all CVEs and the rootfs manifest is only for
things in that image. This is even more useful if you build multiple
images.

(From OE-Core rev: 2bacd7cc67b2f624885ce9c9c9e48950b359387d)

Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b8cc6fc45f0ea5677729ee2b1819bdc7a441ab1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 65498411d73e8008d5550c2d0a1148f990717587)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
Ernst Sjöstrand
b0cff6d434 cve-check: Add helper for symlink handling
(From OE-Core rev: 8a178a728f2318c55d5ecaef0ef9e0fd8ebc333b)

Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5046d54df2c3057be2afa4143a2833183fca0d67)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
leimaohui
08fb6eb2e0 cve-check.bbclass: Added do_populate_sdk[recrdeptask].
As product, sdk should do cve check as well as rootfs.

(From OE-Core rev: df09cd71b4cd3f830fced9ce91aa202c1609bfc5)

Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit cc17753935c5f9e08aaa6c5886f059303147c07b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
Richard Purdie
34aaa93bfe vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735
CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796

(From OE-Core rev: cd259a00503af360524f58c9cea51aa142dee250)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fafce97bd440150ac5c586b53b887ee70a5b66bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
Riyaz
c2bd2eae86 libxml2: Fix CVE-2022-29824 for libxml2
Add patch for CVE issue: CVE-2022-29824

CVE-2022-29824
Link: [2554a2408e]
Dependent patch: [b07251215e]

(From OE-Core rev: 096ca5fa8cc4672e5e9b25dffe81b176b252d570)

Signed-off-by: Riyaz <Riyaz.Khan@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
Dan Tran
396373610c ncurses: Fix CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and
segmentation violation in convert_strings in tinfo/read_entry.c in the
terminfo library.

Backported from the link below, extracting only the relevant changes.
9d1d651878

(From OE-Core rev: 2287d591cf32f5580ea6679805d04c3a5146ecd5)

Signed-off-by: Gustavo Lima Chaves <gustavo.chaves@microsoft.com>
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:59 +01:00
Virendra Thakur
38b588a1a1 ffmpeg: Fix for CVE-2022-1475
Add patch to fix CVE-2022-1475

(From OE-Core rev: 2a97ba89f236b751b333622fbbc14180e9b72245)

Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:58 +01:00
Ranjitsinh Rathod
f0d18846de libsdl2: Add fix for CVE-2021-33657
Add patch to fix CVE-2021-33657 issue for libsdl2
Link: https://security-tracker.debian.org/tracker/CVE-2021-33657

(From OE-Core rev: 1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:58 +01:00
Ranjitsinh Rathod
d6941efc0b ruby: Whitelist CVE-2021-28966 as this affects Windows OS only
As per below debian link, CVE-2021-28966 affects Windows only
Link: https://security-tracker.debian.org/tracker/CVE-2021-28966

(From OE-Core rev: df6242b72b0477fb61c7dc18ad52a1f147ec7d07)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:58 +01:00
Ranjitsinh Rathod
df1129b022 ruby: Upgrade ruby to 2.7.6 for security fix
Upgrade ruby to 2.7.6
Link: https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/
This includes CVE-2022-28739 security fix

(From OE-Core rev: 4514b1b8cacb92b1790b636b111c071190b2e4b2)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-04 12:16:58 +01:00
Ross Burton
0ca0aec7aa oeqa/selftest/cve_check: add tests for recipe and image reports
Add a test to verify that the JSON reports are generated correctly for
both single recipe builds and image builds.

More tests are needed, but this is better than nothing.

(From OE-Core rev: add860e1a69f848097bbc511137a62d5746e5019)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df0f35555b09c4bc75470eb45ec9c74e6587d460)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-28 10:38:21 +01:00
Alexander Kanavin
0f83e5bd42 mobile-broadband-provider-info: upgrade 20220315 -> 20220511
(From OE-Core rev: 9d5b4fdc7ce0458577af5a16b6d7277e3d812e36)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f14c8094e7a049ac1b04c45b76855d0503559932)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-28 10:38:21 +01:00
Hitendra Prajapati
475b0d3fad pcre2: CVE-2022-1586 Out-of-bounds read
Source:  https://github.com/PCRE2Project/pcre2
MR: 118027
Type: Security Fix
Disposition: Backport from 50a51cb7e6
ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713
Description:

CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c.

(From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-28 10:38:20 +01:00
Marta Rybczynska
232b5533de cve-check: Fix report generation
The addition of summary output caused two issues: error when building
an image and the fact that JSON output was generated even when
CVE_CHECK_FORMAT_JSON.

When generating an image it caused an error like:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in exec_func_python() autogenerated:

  The stack trace of python calls that resulted in this exception/failure was:
  File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
       0001:
   *** 0002:cve_check_write_rootfs_manifest(d)
       0003:
  File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, function: cve_check_write_rootfs_manifest
       0209:
       0210:        link_path = os.path.join(deploy_dir, "%s.json" % link_name)
       0211:        manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
       0212:        bb.note("Generating JSON CVE manifest")
   *** 0213:        generate_json_report(json_summary_name, json_summary_link_name)
       0214:        bb.plain("Image CVE JSON report stored in: %s" % link_path)
       0215:}
       0216:
       0217:ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
  Exception: NameError: name 'json_summary_name' is not defined

The fix is to pass the d variable to the pure python function generate_json_report
to get correct values of variables and add conditions for the JSON
output where needed.

In addition clarify the message presenting the summary JSON file,
which isn't related to an image.

Uses partial fixes from Alex Kiernan, Ernst Sjöstrand (ernstp),
and Davide Gardenal.

Fixes: f2987891d315 ("cve-check: add JSON format to summary output")

(From OE-Core rev: 665f981fccbb09d51349c4bd4cfe4ca91001e3bd)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9015dec93233c7d45fd0c9885ff5d4ec23ad377d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-24 15:48:37 +01:00
Michael Opdenacker
b4e5bf3e7f manuals: add missing space in appends
(From yocto-docs rev: 447be1d6b8f770171799c2275edb65cbdc0fee2d)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Quentin Schulz <foss@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-24 14:00:10 +01:00
Steve Sakoman
e8255f5086 selftest: skip virgl test on alma 8.6
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 48ce924dc82aa959fb897ec36873db7dc3813b71)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:01 +01:00
Dmitry Baryshkov
afc8929c5b linux-firmware: upgrade 20220411 -> 20220509
License-Update: additional files
(From OE-Core rev: 1ec7c6f0f048482ae902fd15beab5cdfc7b50c7b)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85b1fef733683be09a1efdb2d8b8ffe543053ace)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:01 +01:00
Konrad Weihmann
72385662c8 linux-firmware: replace mkdir by install
if a setup is using RPM for packaging and there are multiple
recipes that install to ${nonarch_base_libdir}/firmware by using
install -d ${nonarch_base_libdir}/firmware, it will create installation
clashes on image install, as linux-firmware in before this patch
used mkdir -p, which creates different file mode bits (depending
on the current user's settings).

In a particular example
linux-fimware created /lib/firmware with 0600
while other-firmware-package created it with 0644
making the combination not installable by rpm backend

(From OE-Core rev: c89bc0fc7f8afdf8ff0e93c3ebd7538987170a0c)

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98bf3f427702687bf81ed759e7cde5d6d15e77eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:01 +01:00
Ranjitsinh Rathod
5c61613405 openssl: Minor security upgrade 1.1.1n to 1.1.1o
This security upgrade fixes CVE-2022-1292 as per below link
Link: https://www.openssl.org/news/cl111.txt

(From OE-Core rev: de0cafc01804a8d43b4b97e22fdc9a6b0adb8a48)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:01 +01:00
Ranjitsinh Rathod
dfd1497961 git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE
Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell
branch

(From OE-Core rev: 970743af349e21a399da6241587b849b14933bc5)

Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:01 +01:00
Ranjitsinh Rathod
5999f70889 freetype: Fix CVEs for freetype
Apply below patches to fix the CVEs for freetype:

CVE-2022-27404.patch
Link: 53dfdcd819.patch

CVE-2022-27405.patch
Link: 22a0cccb4d.patch

CVE-2022-27406.patch
Link: 0c2bdb01a2.patch

(From OE-Core rev: 51a92860bdbab28a2b487be3b054f103a54b86ac)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:00 +01:00
Ranjitsinh Rathod
37bbb105c9 tiff: Add patches to fix multiple CVEs
Add patches to fix below CVE issues
CVE-2022-0865
CVE-2022-0907
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924

(From OE-Core rev: 7c71434832caf6a15f8fb884d028a8c1bf4090a9)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:00 +01:00
Sana Kazi
fec7f76cfc curl: Fix CVEs for curl
Fix below listed CVEs:
CVE-2022-22576
Link: 852aa5ad35.patch

CVE-2022-27775
Link: 058f98dc3f.patch

CVE-2022-27776
Link: 6e65999395.patch

(From OE-Core rev: bbbd258a1c56d75ccb7e07ddc3bc1beb11d48a3a)

Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:00 +01:00
Richard Purdie
61c36064c8 vim: Upgrade 8.2.4681 -> 8.2.4912
Includes fixes for CVE-2022-1381, CVE-2022-1420.

(From OE-Core rev: c7d43000ce137e1f9302b4b6cec149adb1435f47)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-20 10:08:00 +01:00
Richard Purdie
a48231b5bf scripts/git: Ensure we don't have circular references
This is horrible but I'm running out of better ideas. We hit circular reference
issues which we were trying to avoid in the core HOSTTOOLS code. When building
the eSDK, there can be two copies of the script.

Therefore assume git will never be in a directory called scripts. This
fixes eSDK build failures.

(From OE-Core rev: 0f6ae13d76129d96f788b7ede312cfc361ee2bda)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27de610ac30d4c81352efc794df7e9b1060f7a68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Richard Purdie
a75678145b scripts: Make git intercept global
The previous minimially invasive git intercept simply isn't enough. For example,
meson used in the igt-gpu-tools recipe hardcodes the path to git in the configure
step so at install time, changing PATH has no effect.

There are lots of interesting things we could do to try and avoid problems but
making the git intercept and dropping fakeroot privs for git global is probably
the least worst solution at this point. It will add slight overhead to git calls
but we don't make many so the overall impact is likely minimal.

(From OE-Core rev: ce6e606ba8b975a33df2f3dc6104abed9cfa7a36)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af27c81eaf68ee681dcd9456a74cca6a9ab40bf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Richard Purdie
31970fb2a4 base: Avoid circular references to our own scripts
We'd like to intercept git calls but we don't want circular references
and HOSTTOOLS currently sets them up. Tweak to avoid them.

(From OE-Core rev: 1567b7cec5ccbe198bfd0cca9ee8a2b1cf6dbf42)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Davide Gardenal
6327db048b rootfs-postcommands: fix symlinks where link and output path are equal
When creating the manifest and the testdata.json links, if the link
name is equal to the output name the link is not created, otherwise
it is. This prevents a link-to-self in the first case.

(From OE-Core rev: e3672b5ccd6e0f130b1657017802db130a859d20)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Portia
c408846f41 volatile-binds: Change DefaultDependencies from false to no
The systemd-unit parameter DefaultDependencies changed from true/false
to yes/no. This changed in systemd in v242.

(From OE-Core rev: 00db62342e67b916213c3b54db23c8090621462f)

Signed-off-by: Portia Stephens <stephensportia@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 9da23a2b912edd043037a8e2e1047f7f3ba6886a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Davide Gardenal
49cd9f898f cve-check: fix symlinks where link and output path are equal
An if statement now checks if the link and output path are
the same, if they are then the link is not created,
otherwise it is.

(From OE-Core rev: 62965ca8ca7077c12d75dac37efe204d7159cddd)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Davide Gardenal
46e00399e5 cve-check: add JSON format to summary output
Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.

(From OE-Core rev: d8ef964ffeb92684d01d71c983af9dbb1e1b0c4f)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Marta Rybczynska
2120a39b09 cve-update-db-native: let the user to drive the update interval
Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
 - a positive value sets an interval (in seconds)
 - a zero ("0") forces the database update

(From OE-Core rev: ce79a724dc0f9baac480cbadc05894ffcaf48eb7)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Marta Rybczynska
dd76704ea5 cve-update-db-native: update the CVE database once a day only
The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.

As the NVD database changes usually only once a day, we can just
update it less frequently.

(From OE-Core rev: d0a56ad3a278e18e766f833619cf97869bdf6a4c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 88f2fb1581a17b2cf59a694ca9afb89e38ed40b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Ross Burton
66b0097533 cve-check: no need to depend on the fetch task
The only part of the cve-check task which needs files is the patch
examination, and typically these patches are local so fetch isn't needed.

(From OE-Core rev: 72e5204bc7272414cc7bcfba18f52a177242ed79)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 3dc8edd6611e7ad4abcece44ca4701eda7aeff94)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Bruce Ashfield
24f305b4dd linux-yocto/5.4: update to v5.4.192
Updating  to the latest korg -stable release that comprises
the following commits:

    1d72b776f6dc Linux 5.4.192
    aa2a047b5842 mm, hugetlb: allow for "high" userspace addresses
    6a79b2433eb1 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
    b69e60f6fc00 tty: n_gsm: fix incorrect UA handling
    0f4be29febdc tty: n_gsm: fix wrong command frame length field encoding
    21cc640385b4 tty: n_gsm: fix wrong command retry handling
    49c40febd45c tty: n_gsm: fix missing explicit ldisc flush
    85522dcf0053 tty: n_gsm: fix insufficient txframe size
    563bb0f794ca netfilter: nft_socket: only do sk lookups when indev is available
    fae209521000 tty: n_gsm: fix malformed counter for out of frame data
    cec2d0782a7b tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
    a6d9847a4f82 x86/cpu: Load microcode during restore_processor_state()
    9e9d12b81df6 net: ethernet: stmmac: fix write to sgmii_adapter_base
    10ba1ac9a22a drivers: net: hippi: Fix deadlock in rr_close()
    a8275219759e cifs: destage any unwritten data to the server before calling copychunk_write
    5335370366a3 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
    0ecc5304e80a ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
    781571034993 ASoC: wm8731: Disable the regulator when probing fails
    a71df406a6a5 tcp: fix F-RTO may not work correctly when receiving DSACK
    a4ed61e30e32 ixgbe: ensure IPsec VF<->PF compatibility
    406aaef0feae bnx2x: fix napi API usage sequence
    c3e7ea58608a tls: Skip tls_append_frag on zero copy size
    cd5cec3a0c8f drm/amd/display: Fix memory leak in dcn21_clock_source_create
    ffce11a39102 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
    3a179538bfd7 net: bcmgenet: hide status block before TX timestamping
    8ef6d60aa2f1 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
    194f474ad9b4 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
    e80054ea0cde tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
    685ff7d24487 ip_gre: Make o_seqno start from 0 in native mode
    69555bb27b2e net/smc: sync err code when tcp connection was refused
    daca23846eb3 net: hns3: add validity check for message data length
    7763a7956632 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
    f5bb5940d754 pinctrl: pistachio: fix use of irq_of_parse_and_map()
    d22fc603694b arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
    68f5200a1f60 ARM: dts: imx6ull-colibri: fix vqmmc regulator
    c45180375afd sctp: check asoc strreset_chunk in sctp_generate_reconf_event
    2cba635570d8 tcp: ensure to use the most recently sent skb when filling the rate sample
    3ea6190be92f tcp: md5: incorrect tcp_header_len for incoming connections
    2b9a13d98dfc bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
    2e7f70d324ef mtd: rawnand: Fix return value check of wait_for_completion_timeout
    2a36ba067b36 ipvs: correctly print the memory size of ip_vs_conn_tab
    abe86a10dc5c ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
    54212850e38f ARM: dts: am3517-evm: Fix misc pinmuxing
    bba67fe6b022 ARM: dts: Fix mmc order for omap3-gta04
    416e0f890732 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
    6ff7c1b827c8 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
    59bdaed5dd73 ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
    dbce8fc16a08 phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
    b7fc45354be6 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
    dd99939b70c4 phy: samsung: exynos5250-sata: fix missing device put in probe error paths
    6331b77fdc17 phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
    fccbc3168e5e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
    b8f0c19d4864 USB: Fix xhci event ring dequeue pointer ERDP update issue
    1f47c2625773 mtd: rawnand: fix ecc parameters for mt7622
    0405bd7f1888 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
    5f80b5c5f406 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    f6db63819db6 video: fbdev: udlfb: properly check endpoint type
    c00f3892f4f0 hex2bin: fix access beyond string end
    15b78a8e38e8 hex2bin: make the function hex_to_bin constant-time
    73f4668ee875 arch_topology: Do not set llc_sibling if llc_id is invalid
    a3cdd33ca163 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    89a5728b053c serial: 8250: Also set sticky MCR bits in console restoration
    42f749f2232a serial: imx: fix overrun interrupts in DMA mode
    d29c197df7fa usb: dwc3: gadget: Return proper request status
    0f3d081315c5 usb: dwc3: core: Fix tx/rx threshold settings
    e2ec7b1f6a06 usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
    debb276670b0 usb: gadget: uvc: Fix crash when encoding data for usb request
    324e67c3b2fc usb: typec: ucsi: Fix role swapping
    0366beb40239 usb: misc: fix improper handling of refcount in uss720_probe()
    2c97a2b5ef84 iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    e82c726c94ec iio: dac: ad5446: Fix read_raw not returning set value
    1aea30f87c65 iio: dac: ad5592r: Fix the missing return value.
    1e8716a5c087 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    b8d3a4681f28 xhci: stop polling roothubs after shutdown
    c8fbc2f875b6 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    68088dec9b3c USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    56cbdb9d958a USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    6b10dd966c12 USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    890fc65448ea USB: quirks: add STRING quirk for VCOM device
    c4b31d41f5f2 USB: quirks: add a Realtek card reader
    5666334ce3bf usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    b2589647008f lightnvm: disable the subsystem
    c9af90f0c6b8 hamradio: remove needs_free_netdev to avoid UAF
    7361a35bf330 hamradio: defer 6pack kfree after unregister_netdev
    7dea5913000c floppy: disable FDRAWCMD by default
    4426e6017f73 Linux 5.4.191
    3c946909a3ed Revert "net: micrel: fix KS8851_MLL Kconfig"
    c028b81d062e block/compat_ioctl: fix range check in BLKGETSIZE
    27da8d16e4f0 staging: ion: Prevent incorrect reference counting behavour
    cb158b152ea6 spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
    1b6ad2421084 jbd2: fix a potential race while discarding reserved buffers after an abort
    0b1ba14ab263 ext4: force overhead calculation if the s_overhead_cluster makes no sense
    425301ef608a ext4: fix overhead calculation to account for the reserved gdt blocks
    ea9c206111ea ext4, doc: fix incorrect h_reserved size
    259dc49deaa2 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
    faadbf7ac4f2 ext4: fix use-after-free in ext4_search_dir
    0309665eb244 ext4: fix symlink file size not match to file content
    ddfe3babc546 arm_pmu: Validate single/group leader events
    852b02d1f808 ARC: entry: fix syscall_trace_exit argument
    016ba7cbed57 e1000e: Fix possible overflow in LTR decoding
    1217cf141b24 ASoC: soc-dapm: fix two incorrect uses of list iterator
    aa7070556087 openvswitch: fix OOB access in reserve_sfa_size()
    d24e0d9d691b xtensa: fix a7 clobbering in coprocessor context load/store
    4c26a96d0c29 xtensa: patch_text: Fixup last cpu should be master
    8d6937c1e093 powerpc/perf: Fix power9 event alternatives
    0dafb826ed70 drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
    013231f75fce KVM: PPC: Fix TCE handling for VFIO
    9cf05812cb10 drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
    4f08e85ca0fc drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    23f0ba5585a5 dma: at_xdmac: fix a missing check on list iterator
    a22f3c99268c ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    0441d3e95bca oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
    530d32ac52f7 EDAC/synopsys: Read the error count from the correct register
    91367af460da stat: fix inconsistency between struct stat and struct compat_stat
    837e319ebe62 scsi: qedi: Fix failed disconnect handling
    4b813ce289ed net: macb: Restart tx only if queue pointer is lagging
    a1419bee4dde drm/msm/mdp5: check the return of kzalloc()
    80b188da30aa dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
    46f9fa0a6632 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    12a753edd963 mt76: Fix undefined behavior due to shift overflowing the constant
    7c48a6e62ddb cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    435142fbdcc0 vxlan: fix error return code in vxlan_fdb_append
    99c2d9a52f37 ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
    3e28d157e5f2 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
    54be94d33660 reset: tegra-bpmp: Restore Handle errors in BPMP response
    0cb2c00dd1ab ARM: vexpress/spc: Avoid negative array index when !SMP
    3a5ad1b8db9f selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
    d37295129efa netlink: reset network and mac headers in netlink_dump()
    4c4f2a019ff9 l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
    8c5ca6492a86 net/sched: cls_u32: fix possible leak in u32_init_knode()
    f883def54654 net/packet: fix packet_sock xmit return value checking
    e1bc684c81f1 net/smc: Fix sock leak when release after smc_shutdown()
    f10e5c9f226c rxrpc: Restore removed timer deletion
    9a9c48159365 igc: Fix BUG: scheduling while atomic
    f9d5d17d234f igc: Fix infinite loop in release_swfw_sync
    6d6271dbbbe5 dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
    65c36555bd7d dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    ccf554d148eb ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
    6a20bf46c625 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    6a54979c7830 ALSA: usb-audio: Clear MIDI port active flag after draining
    9c99aacfb4c6 tcp: Fix potential use-after-free due to double kfree()
    5a4f3eba211a net/sched: cls_u32: fix netns refcount changes in u32_change()
    b01b700e0c5a tcp: fix race condition when creating child sockets from syncookies
    ebb3b84596bd gfs2: assign rgrp glock before compute_bitstructs
    660784e7194a can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
    2da11442a1e3 tracing: Dump stacktrace trigger to the corresponding instance
    bad7ed55756f mm: page_alloc: fix building error on -Werror=array-compare
    ac94e87675b2 etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead

(From OE-Core rev: 9784b5a0629cd223865a21a9b72641116d332cf0)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Steve Sakoman
d68406497e busybox: fix CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.

https://nvd.nist.gov/vuln/detail/CVE-2022-28391

Backported from kirkstone 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4.
2nd patch adjusted to apply on 1.31.1.

(From OE-Core rev: 0b9cbcc4ceac3938afd1dd6010ce6d9a3da21598)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Pawan Badganchi
5daf9735c9 libinput: Add fix for CVE-2022-1215
Add below patch to fix CVE-2022-1215

CVE-2022-1215.patch
Link: 2a8b8fde90

(From OE-Core rev: 3f899844b383bfd13f176d86181d9219b3dbe345)

Signed-off-by: Pawan Badganchi<badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Pawan Badganchi
de24466823 fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310

CVE-2022-25308.patch
Link: ad3a19e637

CVE-2022-25309.patch
Link: f22593b82b

CVE-2022-25310.patch
Link:175850b03e

(From OE-Core rev: 1c96b8af59e105724db884967a982bb5a47a7eb1)

Signed-off-by: Pawan Badganchi <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-14 20:26:34 +01:00
Richard Purdie
a03e13a00b uninative: Upgrade to 3.6 with gcc 12 support
There are reports of issues with the new libstdc++ from gcc 12. This upgrades
to a gcc 12 version of uninative to allow builds on those systems. Gcc 12 isn't
finalised so we may need to add a new version of this if/as appropriate when it
is.

(From OE-Core rev: 7c0345ab1058a7e29d37f110923ecd368e102ed7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e3da4da7e5da5bb9e1d360e2be2fdd5132e69320)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:52:00 +01:00
Rahul Kumar
eba0e64a88 neard: Switch SRC_URI to git repo
The tarball (neard-0.16.tar.xz) fetched by the recipe is incomplete.
Few plugins (e.g. tizen) and tests scripts (e.g. Test-channel, test-see,
neard-ui.py, ndef-agent etc) are missing.

Since neard did not release latest tarballs, so as per community
recommendation switching the recipe SRC_URI to git repo.

Community Discussion:
https://lists.openembedded.org/g/openembedded-core/topic/90058043#163681

(From OE-Core rev: d836d47f6a8659f84f2e8e755035392b994fd1fb)

Signed-off-by: Rahul Kumar <rahul.kumar_3@philips.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 (cherry-picked from b563f40ebf4461d9c35df72bd7599ea11e97da9c)
Signed-off-by: Rahul Kumar <rahul.kumar_3@philips.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:52:00 +01:00
Richard Purdie
3a9cef8dbe base: Drop git intercept
We're going to use the environment approach for solving this issue.

(From OE-Core rev: a58a94e451bb62df70c60b5d7d27c0074b849e0e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0982977dc052ad4e65608f6853f930121d08837a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:51:59 +01:00
Paul Gortmaker
90cf135b04 install/devshell: Introduce git intercept script due to fakeroot issues
In a devshell, recent versions of git will complain if the repo is owned
by someone other than the current UID - consider this example:

 ------
  bitbake -c devshell linux-yocto

  [...]

  kernel-source#git branch
  fatal: unsafe repository ('/home/paul/poky/build-qemuarm64/tmp/work-shared/qemuarm64/kernel-source' is owned by someone else)
  To add an exception for this directory, call:

        git config --global --add safe.directory /home/paul/poky/build-qemuarm64/tmp/work-shared/qemuarm64/kernel-source
  kernel-source#
 ------

Of course the devshell has UID zero and the "real" UID is for "paul" in
this case.  And so recent git versions complain.

As the whole purpose of the devshell is to invoke a shell where development
can take place, having a non-functional git is clearly unacceptable.

Richard suggested we could use PSEUDO_UNLOAD=1 to evade this issue, and I
suggested we probably will see other similar instances like this and should
make use of PATH to intercept via devshell wrappers - conveniently we already
have examples of this.

Here, we copy the existing "ar" example and tune it to the needs of git to
combine Richard's suggestion and mine.

As such we now also can store commit logs and use send-email with our user
specific settings, instead of "root", so in additon to fixing basic
commands like "git branch" it should also increase general usefulness.

RP: Tweaked the patch so the PATH change only applies to the devshell task
and is a generic git intercept rather than devshell specific.

RP: Also apply the PATH change to do_install tasks since that also runs under
fakeroot and several software projects inject "git describe" output into
their binaries (systemd, iputils, llvm, ipt-gpu-tools at least) causing
reproducibility issues from systems with different git versions.

(From OE-Core rev: 0ff2cff2c1eac3fe6304644db0fc27ba3130c237)

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3266c327dfa186791e0f1e2ad63c6f5d39714814)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:51:59 +01:00
Chen Qi
e47d35353c cases/buildepoxy.py: fix typo
(From OE-Core rev: af5bcfdc0b21607122fbbda6c35fac5d0cb0f829)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3a9b6e71d1e7e8e2ebc0ed047841e36f09300387)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:51:59 +01:00
Khem Raj
b4ba37ce13 busybox: Use base_bindir instead of hardcoding /bin path
This symlink is not valid when using usrmerge and ptest packaging would fail

Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' -> '/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'

(From OE-Core rev: e40f202d5f3228934c0e4b49218767864580d003)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 238fd30689054c7b44176dce7180fb6dac4e1b6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:51:59 +01:00
Ross Burton
4dfdb53c8a python3: ignore CVE-2015-20107
CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.

Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap module will be deprecated and removed
in the future.

(From OE-Core rev: 1ed7bb74d35f08af3babf73c68ee01af5f28a50b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85fac8408baf92d8b71946f5bfea92952b7eab01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-09 11:51:59 +01:00
Steve Sakoman
64f632c93f scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng
Use of those tools was removed in b5c131006e3fad0a15e6cdf81f71dc1e96647028
perf-build-test/report: Drop phantomjs and html email reports support

(From OE-Core rev: bb3fc61f0d7f7bcd77ef194b76f4fdd8a7ff6aa5)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-03 17:50:06 +01:00
Richard Purdie
319ca9f460 perf-build-test/report: Drop phantomjs and html email reports support
phantomjs isn't reliable and we've moved to sharing the reports via a webserver.
Update the scripts to more match those being used in the autobuilder helper
where the html email support was removed.

(From OE-Core rev: ce6d41812a70a1586aaabb8de5d748a81f6d7cae)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c131006e3fad0a15e6cdf81f71dc1e96647028)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-03 17:50:06 +01:00
Marta Rybczynska
dcd40cfa37 cve-check: add json format
Backport to dunfell from master df567de36ae5964bee433ebb97e8bf702034994a

Add an option to output the CVE check in a JSON-based format.
This format is easier to parse in software than the original
text-based one and allows post-processing by other tools.

Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
CVE_CHECK_FORMAT_JSON. The text format is enabled by default
to maintain compatibility, while the JSON format is disabled
by default.

The JSON output format gets generated in a similar way to the
text format with the exception of the manifest: appending to
JSON arrays requires parsing the file. Because of that we
first write JSON fragments and then assemble them in one pass
at the end.

(From OE-Core rev: 92b6011ab25fd36e2f8900a4db6883cdebc3cd3d)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-03 17:50:06 +01:00
Dmitry Baryshkov
5b0093ecee linux-firmware: correct license for ar3k firmware
According to the WHENCE file, some a3k firmware files are licensed
under the special ar3k license, while others are licensed under the more
generic Atheros license. Document this by adding extending the
LICENSE_${PN}-ar3k and depending on both of them.

(From OE-Core rev: 8c0aa16d76e5492f774fcfe08c829c877991afbd)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8e651814af706285d64b532095fcd6f5f02629ba)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-03 17:50:06 +01:00
Ross Burton
49032f1e8d boost: don't specify gcc version
There's no need to specify an ancient GCC version here as Boost will
probe it.

(From OE-Core rev: 9ef2a0d98d705dacf8909d846993a6d68c80e4aa)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-03 17:50:06 +01:00
sana kazi
86cdd92b15 tiff: Fix CVE-2022-0891
Fix CVE-2022-0891 for tiff

Link: https://sources.debian.org/src/tiff/4.1.0+git191117-2%7Edeb10u4/debian/patches/CVE-2022-0891.patch/

(From OE-Core rev: 512a8b30c816d2c9d85af7d7a1850b0450f1b6f4)

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-05-03 17:50:06 +01:00
Richard Purdie
f14992950e build-appliance-image: Update to dunfell head revision
(From OE-Core rev: 8e81d38048c953d0823abf04d5b2506cd988f0bb)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-25 15:59:03 +01:00
Bruce Ashfield
8a7fd5f633 linux-yocto/5.4: update to v5.4.190
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    dc213ac85601 Linux 5.4.190
    a83a18c4c903 ax25: Fix UAF bugs in ax25 timers
    40cb8b3b19c0 ax25: Fix NULL pointer dereferences in ax25 timers
    d2be5b563ef3 ax25: fix NPD bug in ax25_disconnect
    eaa7eb23fa76 ax25: fix UAF bug in ax25_send_control()
    9e1e088a57c2 ax25: Fix refcount leaks caused by ax25_cb_del()
    7528d0f2210c ax25: fix UAF bugs of net_device caused by rebinding operation
    1db0b2c55c93 ax25: fix reference count leaks of ax25_dev
    418993bbaafb ax25: add refcount in ax25_dev to avoid UAF bugs
    4459946e867a dma-direct: avoid redundant memory sync for swiotlb
    7efb8e49f659 i2c: pasemi: Wait for write xfers to finish
    659855c62c34 smp: Fix offline cpu check in flush_smp_call_function_queue()
    7f84c9372229 dm integrity: fix memory corruption when tag_size is less than digest size
    89931d476257 ARM: davinci: da850-evm: Avoid NULL pointer dereference
    28956e530b11 tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
    f4fb50ee2594 genirq/affinity: Consider that CPUs on nodes can be unbalanced
    f616ecec0fae drm/amd/display: don't ignore alpha property on pre-multiplied mode
    ab2f5afb7af5 ipv6: fix panic when forwarding a pkt with no in6 dev
    377a80ca6590 ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
    5f77b1c0e673 ALSA: hda/realtek: Add quirk for Clevo PD50PNT
    358e7b451a5a btrfs: mark resumed async balance as writing
    d5b0b11c064e btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
    0aad67337ff7 ath9k: Fix usage of driver-private space in tx_info
    7fb98e4f5b2e ath9k: Properly clear TX status area before reporting to mac80211
    7a9e1327ccb2 gcc-plugins: latent_entropy: use /dev/urandom
    534d0aebe164 mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
    b56d305274b6 mm, page_alloc: fix build_zonerefs_node()
    e07a70ca831e perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
    d05cd68ed846 drivers: net: slip: fix NPD bug in sl_tx_timeout()
    6d41134f3037 scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
    3ecd43dcdac4 scsi: mvsas: Add PCI ID of RocketRaid 2640
    deab81144d5a powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
    dd9b4b435a56 drm/amd/display: Fix allocate_mst_payload assert on resume
    404998a137bc net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
    4a244167964a tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
    29c2910c5060 arm64: alternatives: mark patch_alternative() as `noinstr`
    8c4db601ac8c regulator: wm8994: Add an off-on delay for WM8994 variant
    066180758fd0 gpu: ipu-v3: Fix dev_dbg frequency output
    b4ef44c7c27b ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
    4cd3c9e070d6 net: micrel: fix KS8851_MLL Kconfig
    6117facb44a1 scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
    fb7a5115422f scsi: target: tcmu: Fix possible page UAF
    70b97c1546f9 Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
    c7a268b33882 drm/amdkfd: Check for potential null return of kmalloc_array()
    2f3e1f38631f drm/amdkfd: Fix Incorrect VMIDs passed to HWS
    46ca8233f12d drm/amd/display: Update VTEM Infopacket definition
    74090c44c1f2 drm/amd/display: fix audio format not updated after edid updated
    0b3c2222d73a drm/amd: Add USBC connector ID
    22d658c6c5af cifs: potential buffer overflow in handling symlinks
    5c63ad2b0a26 nfc: nci: add flush_workqueue to prevent uaf
    1407cc68aaa8 testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
    37e54d151eab sctp: Initialize daddr on peeled off socket
    a05f5e26cb8b net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
    1ac7c6d75ede drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
    02ee10d2a4a0 cfg80211: hold bss_lock while updating nontrans_list
    99a435c3789c net/sched: taprio: Check if socket flags are valid
    7e59fdf9547c net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
    94541468c11a net/sched: fix initialization order when updating chain 0 head
    4f83ba16a1b8 mlxsw: i2c: Fix initialization error flow
    8cefae8c40df gpiolib: acpi: use correct format characters
    2fd90b86dff4 veth: Ensure eth header is in skb's linear part
    5f2e54391893 net/sched: flower: fix parsing of ethertype following VLAN header
    9250186785f4 memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
    e7f5213d755b Linux 5.4.189
    b15feb09a32e ACPI: processor idle: Check for architectural support for LPI
    60b6aae07249 cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function
    598a22a077a8 selftests: cgroup: Test open-time cgroup namespace usage for migration checks
    a3f6c5949f66 selftests: cgroup: Test open-time credential usage for migration checks
    48848242d378 selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
    8a887060af61 cgroup: Use open-time cgroup namespace for process migration perm checks
    9bd1ced6466e cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
    691a0fd625e0 cgroup: Use open-time credentials for process migraton perm checks
    1a623d361ffe io_uring: fix fs->users overflow
    33fcb359a642 drm/amdkfd: Fix -Wstrict-prototypes from amdgpu_amdkfd_gfx_10_0_get_functions()
    1549bc8cc165 drm/amdkfd: add missing void argument to function kgd2kfd_init
    fdfb9ae26161 mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
    a0c0867f06b9 arm64: module: remove (NOLOAD) from linker script
    2bd5b0d56d7b mm: don't skip swap entry even if zap_details specified
    dfa87d9a5db3 mmc: mmci: stm32: correctly check all elements of sg list
    c645de49e971 mmc: mmci_sdmmc: Replace sg_dma_xxx macros
    0d99cce85e34 dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
    9e6980c68cbf tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
    f0752ee5efdc tools build: Filter out options and warnings not supported by clang
    3c07cc242baf irqchip/gic-v3: Fix GICR_CTLR.RWP polling
    e44d6af17b15 perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
    55e1465ba795 ata: sata_dwc_460ex: Fix crash due to OOB write
    b0c4b3fc01ae arm64: patch_text: Fixup last cpu should be master
    44277c50fdba btrfs: fix qgroup reserve overflow the qgroup limit
    17f3e31c8603 x86/speculation: Restore speculation related MSRs during S3 resume
    0b8043e0fcea x86/pm: Save the MSR validity status at context setup
    25f506273b6a mm/mempolicy: fix mpol_new leak in shared_policy_replace
    c19d8de4e682 mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
    73953dfa9d50 lz4: fix LZ4_decompress_safe_partial read out of bound
    3b3514388895 mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
    0869cb9f6235 Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
    c79c1846bdd7 perf session: Remap buf if there is no space for event
    9b6894db7c46 perf tools: Fix perf's libperf_print callback
    4ecef6f28aa1 SUNRPC: Handle low memory situations in call_status()
    9a0da98a36b4 SUNRPC: Handle ENOMEM in call_transmit_status()
    b6a4055036ee drbd: Fix five use after free bugs in get_initial_state
    a581b089216d bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
    eb175e060699 spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
    034a92c6a810 qede: confirm skb is allocated before using
    7ee84d29f22d rxrpc: fix a race in rxrpc_exit_net()
    fee500c33534 net: openvswitch: don't send internal clone attribute to the userspace.
    c154cf184b2c ipv6: Fix stats accounting in ip6_pkt_drop
    fbe5f4c0dd34 dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
    8a50937227c3 IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
    1ef586a864df bnxt_en: reserve space inside receive page for skb_shared_info
    c539a6a5896e drm/imx: Fix memory leak in imx_pd_connector_get_modes
    cc9c2f51cd48 net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
    f5064531c23a net: ipv4: fix route with nexthop object delete warning
    2b7d14c105dd net/tls: fix slab-out-of-bounds bug in decrypt_internal
    34a47f7ddb4f scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
    2133c422a103 Drivers: hv: vmbus: Fix potential crash on module unload
    c5e12c3a47db drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
    00914290958d KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL
    18e0097daf8c mm: fix race between MADV_FREE reclaim and blkdev direct IO read
    abb1f310e7f0 parisc: Fix patch code locking and flushing
    bab8e3b4f68a parisc: Fix CPU affinity for Lasi, WAX and Dino chips
    1b8a6d1bdac5 SUNRPC: Fix socket waits for write buffer space
    e19c3149a80e jfs: prevent NULL deref in diFree
    3504b0a17720 virtio_console: eliminate anonymous module_init & module_exit
    60ade478c965 serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
    14e6bab37373 NFS: swap-out must always use STABLE writes.
    66cf5de08460 NFS: swap IO handling is slightly different for O_DIRECT IO
    fa47286c010a SUNRPC/call_alloc: async tasks mustn't block waiting for memory
    e427cd0ad559 clk: Enforce that disjoints limits are invalid
    8a7462b5211c xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
    3f8f3a1c10e2 NFSv4: Protect the state recovery thread against direct reclaim
    96cdf2fdbe89 w1: w1_therm: fixes w1_seq for ds28ea00 sensors
    823f0364d4a4 clk: si5341: fix reported clk_rate when output divider is 2
    f4e16d12bc7c minix: fix bug when opening a file with O_DIRECT
    a95bbfea8f70 init/main.c: return 1 from handled __setup() functions
    b4be80aa4bda netlabel: fix out-of-bounds memory accesses
    3803d896ddd9 Bluetooth: Fix use after free in hci_send_acl
    8beb760f634e xtensa: fix DTC warning unit_address_format
    d41bdccb3c29 usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
    5cf2ce8967b0 scsi: libfc: Fix use after free in fc_exch_abts_resp()
    0aeaadc52b05 MIPS: fix fortify panic when copying asm exception handlers
    c871b8374896 bnxt_en: Eliminate unintended link toggle during FW reset
    1166f5c139d5 tuntap: add sanity checks about msg_controllen in sendmsg
    c68dd44fb896 macvtap: advertise link netns via netlink
    060a485df4ec mips: ralink: fix a refcount leak in ill_acc_of_setup()
    1dd7569b8c70 net/smc: correct settings of RMB window update limit
    2fda284a3acb scsi: aha152x: Fix aha152x_setup() __setup handler return value
    a0ef536256c9 scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
    a45af7e34091 drm/amdkfd: make CRAT table missing message informational only
    0320bac5801b dm ioctl: prevent potential spectre v1 gadget
    73dd98ac192d ipv4: Invalidate neighbour for broadcast address upon address addition
    f5e4f728d5c9 power: supply: axp288-charger: Set Vhold to 4.4V
    6e2dff272cb4 PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
    4225947957f8 usb: ehci: add pci device support for Aspeed platforms
    ea057ac8c942 iommu/arm-smmu-v3: fix event handling soft lockup
    4e85f5ab589d PCI: aardvark: Fix support for MSI interrupts
    c0e9d868a1e0 drm/amdgpu: Fix recursive locking warning
    cee00fd8004f powerpc: Set crashkernel offset to mid of RMA region
    fbb7b033209c ipv6: make mc_forwarding atomic
    9f24efe239df power: supply: axp20x_battery: properly report current when discharging
    3575fa75da6c scsi: bfa: Replace snprintf() with sysfs_emit()
    9cd46ee37456 scsi: mvsas: Replace snprintf() with sysfs_emit()
    ca5da71a5838 bpf: Make dst_port field in struct bpf_sock 16-bit wide
    90dbc4c6649f powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
    9388d8760997 ptp: replace snprintf with sysfs_emit
    4009f104b02b drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
    c4e2f577271e ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
    61ffe2183351 drm: Add orientation quirk for GPD Win Max
    01f700bae439 KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
    a5476f8d359f ARM: 9187/1: JIVE: fix return value of __setup handler
    63efb9003069 riscv module: remove (NOLOAD)
    68a7bb69486e rtc: wm8350: Handle error for wm8350_register_irq
    d95e0367fdc5 ubifs: Rectify space amount budget for mkdir/tmpfile operations
    9e24d03dd4fe KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
    1553126eccf4 KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
    eb05ef70b621 openvswitch: Fixed nd target mask field in the flow dump.
    ce8043771fcd um: Fix uml_mconsole stop/go
    337eb9557035 ARM: dts: spear13xx: Update SPI dma properties
    4e48a6662356 ARM: dts: spear1340: Update serial node properties
    7f19400e5957 ASoC: topology: Allow TLV control to be either read or write
    32a76a557494 ubi: fastmap: Return error code if memory allocation fails in add_aeb()
    0c1a26c3d325 dt-bindings: spi: mxic: The interrupt property is not mandatory
    97ba943e9940 dt-bindings: mtd: nand-controller: Fix a comment in the examples
    a42ab650d33b dt-bindings: mtd: nand-controller: Fix the reg property description
    7d418a0a5626 bpf: Fix comment for helper bpf_current_task_under_cgroup()
    a075e95614f0 mm/usercopy: return 1 from hardened_usercopy __setup() handler
    abc0b4ea02f6 mm/memcontrol: return 1 from cgroup.memory __setup() handler
    2e16f48838fc mm/mmap: return 1 from stack_guard_gap __setup() handler
    d650ed0617e0 ASoC: soc-compress: Change the check for codec_dai
    7f19245c3647 powerpc/kasan: Fix early region not updated correctly
    cb249f8c00f4 ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
    7d4a3c930d1d ARM: iop32x: offset IRQ numbers by 1
    d727fd32cbd1 ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
    4f9a59cf842a ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
    230987c2bbc5 pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
    18455cc74e95 pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
    9611d8ef6829 pinctrl: pinconf-generic: Print arguments for bias-pull-*
    b0c0f4057020 net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
    2a548fbf09f3 gfs2: Make sure FITRIM minlen is rounded up to fs block size
    8d67f67361c0 rtc: check if __rtc_read_time was successful
    9a8835902eb6 XArray: Update the LRU list in xas_split()
    cbd110b8dd7a can: mcba_usb: properly check endpoint type
    2dfe9422d528 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
    3e2852eda19e XArray: Fix xas_create_range() when multi-order entry present
    a840286f13df ubifs: rename_whiteout: correct old_dir size computing
    b80ccbec0e48 ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
    1afe219e4a66 ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
    786013ecbaed ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
    37bdf1ad5925 ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
    14276d38c89a ubifs: rename_whiteout: Fix double free for whiteout_ui->data
    01df5f7627f1 ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
    4c277c846a21 KVM: x86: fix sending PV IPI
    a1c03f11cc3c KVM: Prevent module exit until all VMs are freed
    8f608ee87ebf scsi: qla2xxx: Use correct feature type field during RFF_ID processing
    af744ef8f18e scsi: qla2xxx: Reduce false trigger to login
    7f9ce17a1d1b scsi: qla2xxx: Fix N2N inconsistent PLOGI
    2d087c7e55db scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
    4a0a3c66a58e scsi: qla2xxx: Fix hang due to session stuck
    9d1651c8a40d scsi: qla2xxx: Fix incorrect reporting of task management failure
    2eb127417609 scsi: qla2xxx: Fix disk failure to rediscover
    8077a7162bc3 scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
    c478b2cde9b5 scsi: qla2xxx: Check for firmware dump already collected
    96391480abfe scsi: qla2xxx: Add devids and conditionals for 28xx
    08d04784ccc5 scsi: qla2xxx: Fix device reconnect in loop topology
    167debaeaaca scsi: qla2xxx: Fix warning for missing error code
    e67e9620a09c scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
    8e561cbb7863 scsi: qla2xxx: Fix stuck session in gpdb
    f196d94cc7c2 powerpc: Fix build errors with newer binutils
    71ca99a50960 powerpc/lib/sstep: Fix build errors with newer binutils
    d42b045e92c2 powerpc/lib/sstep: Fix 'sthcx' instruction
    0af21531f5ed ALSA: hda/realtek: Add alc256-samsung-headphone fixup
    95d65bca6eb9 mmc: host: Return an error when ->enable_sdio_irq() ops is missing
    813553e4a91f media: hdpvr: initialize dev->worker at hdpvr_register_videodev
    236311be0976 media: Revert "media: em28xx: add missing em28xx_close_extension"
    3b36c05f68ba video: fbdev: sm712fb: Fix crash in smtcfb_write()
    11186875ba8f ARM: mmp: Fix failure to remove sram device
    dc958cd4c88c ARM: tegra: tamonten: Fix I2C3 pad setting
    691b0c0cb6df media: cx88-mpeg: clear interrupt status register before streaming video
    b239e9d52dbe ASoC: soc-core: skip zero num_dai component in searching dai name
    7d0afbc41b89 video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
    efe9631a76e6 video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
    ee7ce43367f3 video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
    046d9fd86bd8 ASoC: madera: Add dependencies on MFD
    46ac0e768dc7 ARM: dts: bcm2837: Add the missing L1/L2 cache information
    bf27f5dfcf82 ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
    3856562e940c video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
    53a2088a396c video: fbdev: cirrusfb: check pixclock to avoid divide by zero
    b19c7df304f5 video: fbdev: w100fb: Reset global state
    055cdd2e7b99 video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
    fe41ad8be036 ntfs: add sanity check on allocation size
    5a016c053f42 ext4: don't BUG if someone dirty pages without asking ext4 first
    07150842fac9 spi: tegra20: Use of_device_get_match_data()
    0cccf9d4fb45 PM: core: keep irq flags in device_pm_check_callbacks()
    f24e2362d667 ACPI/APEI: Limit printable size of BERT table data
    931aff627469 Revert "Revert "block, bfq: honor already-setup queue merges""
    7a7b11d694ed lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
    c7f6ae51b1b4 ACPICA: Avoid walking the ACPI Namespace if it is not there
    5117c9ff4c2e bfq: fix use-after-free in bfq_dispatch_request
    e464aafd3537 irqchip/nvic: Release nvic_base upon failure
    c159eb634e52 irqchip/qcom-pdc: Fix broken locking
    c345724f2b79 Fix incorrect type in assignment of ipv6 port for audit
    927649f3f379 loop: use sysfs_emit() in the sysfs xxx show()
    799f22279e11 selinux: use correct type for context length
    c4f5a678add5 block, bfq: don't move oom_bfqq
    f409e9d1780b pinctrl: npcm: Fix broken references to chip->parent_device
    f36dd10d1b95 gcc-plugins/stackleak: Exactly match strings instead of prefixes
    ddcdda888e14 LSM: general protection fault in legacy_parse_param
    1f316b42a8e3 lib/test: use after free in register_test_dev_kmod()
    7a2ba24cee9a net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
    910a98e5c1e5 NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
    9acf05b4e7b5 net/x25: Fix null-ptr-deref caused by x25_disconnect
    d15a70fcda7b qlcnic: dcb: default to returning -EOPNOTSUPP
    8ba93ab509ec selftests: test_vxlan_under_vrf: Fix broken test case
    ae713d7d9987 net: phy: broadcom: Fix brcm_fet_config_init()
    ab2c789d1c0a xen: fix is_xen_pmu()
    d85841e4b2ff clk: Initialize orphan req_rate
    025c75ba3811 clk: qcom: gcc-msm8994: Fix gpll4 width
    f6f1c9a51e28 NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
    806ef544cf1a netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
    cec71a718ce1 jfs: fix divide error in dbNextAG
    b3ac1e01963d driver core: dd: fix return value of __setup handler
    1bb231de81fc firmware: google: Properly state IOMEM dependency
    e9f2a8c6428d kgdbts: fix return value of __setup handler
    16fe77f86aa5 kgdboc: fix return value of __setup handler
    7c617cb38c19 tty: hvc: fix return value of __setup handler
    0615a444c5dd pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
    bc1e29a35147 pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
    27681f9e02e7 pinctrl: mediatek: paris: Fix pingroup pin config state readback
    e9eacc8952ea pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
    b348618c175e pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
    6e0d69618863 staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
    efc605469e47 NFS: remove unneeded check in decode_devicenotify_args()
    110c038779cc clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
    2b5e68095c43 clk: clps711x: Terminate clk_div_table with sentinel element
    166c0185f32f clk: loongson1: Terminate clk_div_table with sentinel element
    1d04467bbbd0 clk: actions: Terminate clk_div_table with sentinel element
    50b48ba439bc remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
    b5625e7a16e3 remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
    16ad029942bd clk: qcom: clk-rcg2: Update the frac table for pixel clock
    52592f9afbfe clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
    b576488fa3b5 clk: imx7d: Remove audio_mclk_root_clk
    79467b956333 dma-debug: fix return value of __setup handlers
    fe334765e4bb NFS: Return valid errors from nfs2/3_decode_dirent()
    546604de8acc iio: adc: Add check for devm_request_threaded_irq
    1da082f728c7 serial: 8250: Fix race condition in RTS-after-send handling
    617d9c0b9806 serial: 8250_mid: Balance reference count for PCI DMA device
    61d3fdef61b9 phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
    84ee0c81dd28 clk: qcom: ipq8074: Use floor ops for SDCC1 clock
    dd719fca42e4 pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
    b82465c1ff4a staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
    3ba0143128ee misc: alcor_pci: Fix an error handling path
    af1fdbbb7b22 pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
    996291d06851 mxser: fix xmit_buf leak in activate when LSR == 0xff
    58200dedbd10 mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
    043b19701332 tipc: fix the timer expires after interval 100ms
    6e2e80b2e9be openvswitch: always update flow key after nat
    7a970dbb7d16 tcp: ensure PMTU updates are processed during fastopen
    b4725ad1e459 selftests/bpf/test_lirc_mode2.sh: Exit with proper code
    1c7b252a6053 i2c: mux: demux-pinctrl: do not deactivate a master that is not active
    41249fff5073 af_netlink: Fix shift out of bounds in group mask calculation
    874eca93966a Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
    2fe415601b2d USB: storage: ums-realtek: fix error code in rts51x_read_mem()
    94c6ac22abcd bpf, sockmap: Fix double uncharge the mem of sk_msg
    244ce90c8d0b bpf, sockmap: Fix more uncharged while msg has more_data
    6d03722c34d9 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
    0174a89663a5 RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
    9b08d211db4c mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
    443121c9948d MIPS: RB532: fix return value of __setup handler
    9a9a62846c15 vxcan: enable local echo for sent CAN frames
    6f259b1a4ab0 powerpc: 8xx: fix a return value error in mpc8xx_pic_init
    d87803ba6be8 selftests/bpf: Make test_lwt_ip_encap more stable and faster
    ac6edd6fcbf5 mfd: mc13xxx: Add check for mc13xxx_irq_request
    d2577dc2b3c3 powerpc/sysdev: fix incorrect use to determine if list is empty
    7192df97a018 mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
    10705a430557 PCI: Reduce warnings on possible RW1C corruption
    90bec38f6a4c power: supply: wm8350-power: Add missing free in free_charger_irq
    a16d8f4191a7 power: supply: wm8350-power: Handle error for wm8350_register_irq
    c7032923159c i2c: xiic: Make bus names unique
    6f41e4a69ba3 hv_balloon: rate-limit "Unhandled message" warning
    c00a91aca237 KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
    5f43ec383eba KVM: x86: Fix emulation in writing cr8
    e91ba23f55cf powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
    3c660fa0f905 libbpf: Skip forward declaration when counting duplicated type names
    b62e615a619d bpf, arm64: Feed byte-offset into bpf line info
    8f3192a241d1 bpf, arm64: Call build_prologue() first in first JIT pass
    54bc98a0ab2b drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
    30c5cf4bf219 scsi: hisi_sas: Change permission of parameter prot_mask
    e2cd206815a6 power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
    a72507070188 drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
    cc16d0bc1c69 ext2: correct max file size computing
    b689622cc42a TOMOYO: fix __setup handlers return values
    aa7981012a98 drm/amd/display: Remove vupdate_int_entry definition
    765674e3b301 scsi: pm8001: Fix abort all task initialization
    442685f95296 scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
    e7336d47759d scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
    898c73387e8f scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
    5e3359ed0944 dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
    37e847b674f1 iwlwifi: mvm: Fix an error code in iwl_mvm_up()
    4ad7d29ee42c iwlwifi: Fix -EIO error code that is never returned
    770d42fff12d dax: make sure inodes are flushed before destroy cache
    c10980c522d8 IB/cma: Allow XRC INI QPs to set their local ACK timeout
    2eaa9d86e007 drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
    8ae97a595b84 iommu/ipmmu-vmsa: Check for error num after setting mask
    a29ce9592cf6 HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
    41ed61364285 power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
    af5ad6e8370b PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
    93b47d22d6a9 net: dsa: mv88e6xxx: Enable port policy support on 6097
    b03c06171b6e mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
    eb5932160e37 mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
    d2ee8da9f72d powerpc/perf: Don't use perf_hw_context for trace IMC PMU
    135eb4e2bed1 ray_cs: Check ioremap return value
    3be1bb175f2c power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
    9a0e270c40ae i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
    5607badbb145 KVM: PPC: Fix vmx/vsx mixup in mmio emulation
    4d244b731188 ath9k_htc: fix uninit value bugs
    57f4ad5e286f drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
    1feb6ff89d7f drm/edid: Don't clear formats if using deep color
    0d0ee651e72c mtd: rawnand: gpmi: fix controller timings setting
    750d2dc19f25 mtd: onenand: Check for error irq
    d58d281d6a3f Bluetooth: hci_serdev: call init_rwsem() before p->open()
    5d50f851dd30 udmabuf: validate ubuf->pagecount
    2cf7d537d330 ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
    820e469a2f37 drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
    e7a0c8546f74 drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
    f419751373a5 ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
    1f31073b7772 mmc: davinci_mmc: Handle error for clk_enable
    93476f9f8277 ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
    9e1fdf18fecb ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
    67e12f1cb2f9 ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
    ed41d104be54 ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
    29e91a49b6fb ivtv: fix incorrect device_caps for ivtvfb
    0342da635054 video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
    58e42ee4a022 ASoC: fsi: Add check for clk_enable
    ea9adaa598ec ASoC: wm8350: Handle error for wm8350_register_irq
    0325193cf40d ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
    3cc050df73e3 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
    97398470c9b6 arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
    7025f40690a2 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
    fd5dda439e1c memory: emif: check the pointer temp in get_device_details()
    0ead05f7218f memory: emif: Add check for setup_interrupts
    68a69ad8df95 ASoC: soc-compress: prevent the potentially use of null pointer
    af6e1d11f758 ASoC: atmel_ssc_dai: Handle errors for clk_enable
    fd0c4082fd14 ASoC: mxs-saif: Handle errors for clk_enable
    5847873140e6 printk: fix return value of printk.devkmsg __setup handler
    38bc92ae39b1 arm64: dts: broadcom: Fix sata nodename
    9873232fde53 arm64: dts: ns2: Fix spi-cpol and spi-cpha property
    c6475df1e7bf ALSA: spi: Add check for clk_enable()
    e0cfb41d4635 ASoC: ti: davinci-i2s: Add check for clk_enable()
    3905742f93b4 ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
    a975000e7aa3 uaccess: fix nios2 and microblaze get_user_8()
    14cd5a8e61c6 media: usb: go7007: s2250-board: fix leak in probe()
    92f84aa82dfa media: em28xx: initialize refcount before kref_get
    c6f0999461e6 media: video/hdmi: handle short reads of hdmi info frame.
    a9d0bb298880 ARM: dts: imx: Add missing LVDS decoder on M53Menlo
    cac1473d83e4 soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
    fb7f2eabfe18 arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
    583fcb66ab17 soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
    755dbc3d7378 soc: qcom: rpmpd: Check for null return of devm_kcalloc
    12081a152046 ARM: dts: qcom: ipq4019: fix sleep clock
    547d36fa4100 video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
    125d10f0bef8 video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
    da8b269cc0a2 video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
    4d847e455d0b media: aspeed: Correct value for h-total-pixels
    bd342c7bef23 media: hantro: Fix overfill bottom register field name
    db1b3b99d610 media: coda: Fix missing put_device() call in coda_get_vdoa_data
    b0f6b41490a7 media: bttv: fix WARNING regression on tunerless devices
    0478ccdc8ea0 f2fs: fix to avoid potential deadlock
    005f9cdab70c f2fs: fix missing free nid in f2fs_handle_failed_inode
    a2e534c6a06f perf/x86/intel/pt: Fix address filter config for 32-bit kernel
    015d31165da3 perf/core: Fix address filter parser for multiple filters
    841f5b235d69 sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
    715a34317255 clocksource: acpi_pm: fix return value of __setup handler
    4c0173521db1 hwmon: (pmbus) Add Vin unit off handling
    acba28618203 crypto: ccp - ccp_dmaengine_unregister release dma channels
    39a521faf426 ACPI: APEI: fix return value of __setup handlers
    8dc887ae33d2 clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
    b305975a6625 crypto: vmx - add missing dependencies
    b7f3e230ca45 hwrng: atmel - disable trng on failure path
    63266a148888 PM: suspend: fix return value of __setup handler
    6c4c026c3d91 PM: hibernate: fix __setup handler error handling
    84fe3ca6e791 block: don't delete queue kobject before its children
    b68d1742f420 hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
    bf78aca8e41d hwmon: (pmbus) Add mutex to regulator ops
    00d67f54b830 spi: pxa2xx-pci: Balance reference count for PCI DMA device
    40e6d5d1de06 crypto: ccree - don't attempt 0 len DMA mappings
    c3a5acf91cb9 audit: log AUDIT_TIME_* records only from rules
    152ebc0ee9b4 selftests/x86: Add validity check and allow field splitting
    f8a3de8d7c2f spi: tegra114: Add missing IRQ check in tegra_spi_probe
    e5e748a6ff11 crypto: mxs-dcp - Fix scatterlist processing
    30d3f45bcfa7 crypto: authenc - Fix sleep in atomic context in decrypt_tail
    9b19022137e8 regulator: qcom_smd: fix for_each_child.cocci warnings
    accf175d0c54 PCI: pciehp: Clear cmd_busy bit in polling mode
    a92f72055486 brcmfmac: pcie: Fix crashes due to early IRQs
    51fffd722ef0 brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
    d0ab87f8dcdf brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
    2c894b12b206 brcmfmac: firmware: Allocate space for default boardrev in nvram
    34a57be0f9f0 xtensa: fix xtensa_wsr always writing 0
    54c9fb17bef1 xtensa: fix stop_machine_cpuslocked call in patch_text
    4df9d88a9c54 media: davinci: vpif: fix unbalanced runtime PM get
    28859c3a7782 DEC: Limit PMAX memory probing to R3k systems
    baa4aa800d32 crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
    058b2e59dbf5 crypto: rsa-pkcs1pad - restore signature length check
    7973dc9118ba crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
    002288800e10 lib/raid6/test: fix multiple definition linking error
    e73efa5ad5d2 thermal: int340x: Increase bitmap size
    5d553ed5c5d4 carl9170: fix missing bit-wise or operator for tx_params
    55f078dc6620 ARM: dts: exynos: add missing HDMI supplies on SMDK5420
    0e0d9bd6be8d ARM: dts: exynos: add missing HDMI supplies on SMDK5250
    a77dd759bd71 ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
    2fafe8b57c0d ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
    51186190c4e8 video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
    478154be3a8c video: fbdev: sm712fb: Fix crash in smtcfb_read()
    67643b89fbe5 drm/edid: check basic audio support on CEA extension block
    3f91687e6e5d block: don't merge across cgroup boundaries if blkcg is enabled
    8d3a7b206458 mailbox: tegra-hsp: Flush whole channel
    28c8fd84bea1 drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
    5217ae080efd ACPI: properties: Consistently return -ENOENT if there are no more references
    f3ec0c9db5d3 udp: call udp_encap_enable for v6 sockets when enabling encap
    11dc8286f9f6 powerpc/kvm: Fix kvm_use_magic_page
    ded627763026 drbd: fix potential silent data corruption
    35b72d8e2c8e mm/kmemleak: reset tag when compare object pointer
    d102fcacfcf3 mm,hwpoison: unmap poisoned page before invalidation
    099553a1a87f ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
    a86bde89304a ALSA: cs4236: fix an incorrect NULL check on list iterator
    848977412065 Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
    097479aeb214 riscv: Fix fill_callchain return value
    c82cbbefc6e6 qed: validate and restrict untrusted VFs vlan promisc mode
    5081cbfb62d2 qed: display VF trust config
    930a3ed5d8d0 scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
    ae2a271ed562 mempolicy: mbind_range() set_policy() after vma_merge()
    d1313f5e8fe5 mm: invalidate hwpoison page cache page in fault path
    2efe956a74dc mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
    455f4a23490b jffs2: fix memory leak in jffs2_scan_medium
    0978e9af4559 jffs2: fix memory leak in jffs2_do_mount_fs
    30bf7244acf3 jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
    e27caad38b59 can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
    00a856fa6976 spi: mxic: Fix the transmit path
    e05221d20153 pinctrl: samsung: drop pin banks references on error paths
    0996eaaddfe4 f2fs: fix to do sanity check on .cp_pack_total_block_count
    f1d5946d47c0 f2fs: quota: fix loop condition at f2fs_quota_sync()
    947ca26390d2 f2fs: fix to unlock page correctly in error path of is_alive()
    ce1aa09cc14e NFSD: prevent integer overflow on 32 bit systems
    85259340fc9b NFSD: prevent underflow in nfssvc_decode_writeargs()
    1cfeeeee8cf0 SUNRPC: avoid race between mod_timer() and del_timer_sync()
    1a1e73e9add7 HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
    beb7d969063a Documentation: update stable tree link
    20de1038e245 Documentation: add link to stable release candidate tree
    d312c0035eb4 KEYS: fix length validation in keyctl_pkey_params_get_2()
    2458ecd21f29 ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
    8a609c88fe3c clk: uniphier: Fix fixed-rate initialization
    9d97610e74e4 greybus: svc: fix an error handling bug in gb_svc_hello()
    468757502e2f iio: inkern: make a best effort on offset calculation
    be2b89a909b3 iio: inkern: apply consumer scale when no channel scale is available
    5be8a07b9574 iio: inkern: apply consumer scale on IIO_VAL_INT cases
    c459b2794597 iio: afe: rescale: use s64 for temporary scale calculations
    576a1ce64c62 coresight: Fix TRCCONFIGR.QE sysfs interface
    d8f98a23b4ad xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
    b310e82e779f xhci: make xhci_handshake timeout for xhci_reset() adjustable
    a771cc784a9c xhci: fix runtime PM imbalance in USB2 resume
    b5a7ab0e1a66 USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
    212765c94fc9 virtio-blk: Use blk_validate_block_size() to validate block size
    40f282870d6c block: Add a helper to validate the block size
    a27ed2f3695b tpm: fix reference counting for struct tpm_chip
    631bb18e8371 iommu/iova: Improve 32-bit free space estimate
    2e2dee5e226b net: dsa: microchip: add spi_device_id tables
    ef388db2fe35 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
    0cdb512da072 spi: Fix erroneous sgs value with min_t()
    ab951c9c23a3 net:mcf8390: Use platform_get_irq() to get the interrupt
    e62e6c2d7aa8 spi: Fix invalid sgs value
    96f9c386fec2 ethernet: sun: Free the coherent when failing in probing
    aa3c3746e781 virtio_console: break out of buf poll on remove
    291efbad3d6e xfrm: fix tunnel model fragmentation behavior
    a83df90a3b61 HID: logitech-dj: add new lightspeed receiver id
    5c727ba42ca3 netdevice: add the case if dev is NULL
    7e9c9e3f626a USB: serial: simple: add Nokia phone driver
    80e5bf89a895 USB: serial: pl2303: add IBM device IDs
    6bfc5377a210 swiotlb: fix info leak with DMA_FROM_DEVICE

(From OE-Core rev: 84f30aecf2767becd4a623a1ab80a52535f1d4a2)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Bruce Ashfield
65d3f419d4 linux-yocto/5.4: update to v5.4.188
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    2845ff3fd344 Linux 5.4.188
    993c23880bce llc: only change llc->dev when bind() succeeds
    bb4878b39d6d nds32: fix access_ok() checks in get/put_user
    5b1d2561a03e tpm: use try_get_ops() in tpm-space.c
    3bbd0000d012 mac80211: fix potential double free on mesh join
    cda27a2c6d54 rcu: Don't deboost before reporting expedited quiescent state
    edcc12ae3249 crypto: qat - disable registration of algorithms
    b0222e222d77 ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
    d7f29f397b74 ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
    2374007850c5 ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
    06f0ff82c702 netfilter: nf_tables: initialize registers in nft_do_chain()
    5061bf0f79d5 ALSA: hda/realtek: Add quirk for ASUS GA402
    f7a7cd530a9e ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    0c4190b41a69 ALSA: oss: Fix PCM OSS buffer allocation overflow
    ab49515f7db3 ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
    d5c7e1987ce3 drivers: net: xgene: Fix regression in CRC stripping
    7870321eaf41 ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
    1f4eefc585a7 ALSA: cmipci: Restore aux vol on suspend/resume
    d86bf7e0732e ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
    0f27a350f8b8 ALSA: pcm: Add stream lock during PCM reset ioctl operations
    572f9a0d3f3f llc: fix netdevice reference leaks in llc_ui_bind()
    2e798814e018 thermal: int340x: fix memory leak in int3400_notify()
    5ff048f4ab5c staging: fbtft: fb_st7789v: reset display before initialization
    637d12f9dc67 tpm: Fix error handling in async work
    fee4dfbda68b esp: Fix possible buffer overflow in ESP transformation
    2774edd43ab1 net: ipv6: fix skb_over_panic in __ip6_append_data
    0aef7184630b nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
    628adfa21815 nfsd: Containerise filecache laundrette
    c32f1041382a nfsd: cleanup nfsd_file_lru_dispose()
    055c4cf7e6da Linux 5.4.187
    1771bc0d04d6 Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
    0dd366cfdfe0 perf symbols: Fix symbol size calculation condition
    e732b0412f8c Input: aiptek - properly check endpoint type
    700a0715854c usb: usbtmc: Fix bug in pipe direction for control transfers
    2282a6eb6d4e usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
    218293762683 usb: gadget: rndis: prevent integer overflow in rndis_set_response()
    58ee8e2cb30a arm64: fix clang warning about TRAMP_VALIAS
    d7b929637527 net: dsa: Add missing of_node_put() in dsa_port_parse_of
    f96aa063ffd5 net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
    3fd96bc64c95 drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
    b01e2df5fbf6 hv_netvsc: Add check for kvmalloc_array
    97ccef56e53c atm: eni: Add check for dma_map_single
    268dcf1f7b31 net/packet: fix slab-out-of-bounds access in packet_recvmsg()
    93697483660a net: phy: marvell: Fix invalid comparison in the resume and suspend functions
    d0f3c2d1d85a efi: fix return value of __setup handlers
    e61655430d29 ocfs2: fix crash when initialize filecheck kobj fails
    184f7bd08ce5 crypto: qcom-rng - ensure buffer for generate is completely filled

(From OE-Core rev: 6a445ac241b2f4885416daacf2068ee58f177e4a)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Bruce Ashfield
41cd7b5e3b linux-yocto/5.4: update to v5.4.186
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    8e24ff11b5d2 Linux 5.4.186
    fcbdaa6a3c92 fixup for "arm64 entry: Add macro for reading symbol address from the trampoline"
    b8bc0718baed kselftest/vm: fix tests build with old libc
    2643ca24f511 sfc: extend the locking on mcdi->seqno
    46fd0a07409b tcp: make tcp_read_sock() more robust
    16a2e50fe934 nl80211: Update bss channel on channel switch for P2P_CLIENT
    941e8bcd2b2b drm/vrr: Set VRR capable prop only if it is attached to connector
    6becb057247e iwlwifi: don't advertise TWT support
    51969ebe7f97 atm: firestream: check the return value of ioremap() in fs_init()
    23352749f0b2 can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
    4006447f558c ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
    c2420bc33331 MIPS: smp: fill in sibling and core maps earlier
    d1df59e3124c mac80211: refuse aggregations sessions before authorized
    fb35b0cfbaf8 ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
    4857a9b291db ARM: dts: rockchip: reorder rk322x hmdi clocks
    ba14ba2d4c63 arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg"
    aca8fdddeee0 arm64: dts: rockchip: reorder rk3399 hdmi clocks
    e49ebea3f536 arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity
    bd33f9b864ec xfrm: Fix xfrm migrate issues when address family changes
    3c21ece77549 xfrm: Check if_id in xfrm_migrate
    970a21404ebc arm64: Use the clearbhb instruction in mitigations
    fb65675f6620 KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
    9013fd4bc958 arm64: Mitigate spectre style branch history side channels
    26129ea2953b KVM: arm64: Add templates for BHB mitigation sequences
    1b735c8dc1fb arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
    c45d885c5a77 arm64: Add percpu vectors for EL1
    1bb1944970a9 arm64: entry: Add macro for reading symbol addresses from the trampoline
    3abf6e8a7aa0 arm64: entry: Add vectors that have the bhb mitigation sequences
    2933ca8c816f arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
    9232867e4fc2 arm64: entry: Allow the trampoline text to occupy multiple pages
    ad8800443b69 arm64: entry: Make the kpti trampoline's kpti sequence optional
    4b91f35c8739 arm64: entry: Move trampoline macros out of ifdef'd section
    0bfdd7334882 arm64: entry: Don't assume tramp_vectors is the start of the vectors
    fb117a27c64e arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
    788fbb5fe290 arm64: entry: Move the trampoline data page before the text page
    33397322d4c3 arm64: entry: Free up another register on kpti's tramp_exit path
    3f95cc642c3f arm64: entry: Make the trampoline cleanup optional
    8aa1257128a1 arm64: entry.S: Add ventry overflow sanity checks
    503fdc244aee arm64: Add Cortex-X2 CPU part definition
    7103651c98c8 arm64: add ID_AA64ISAR2_EL1 sys register
    f5f94aa5004a arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
    ed5bf8a5075b arm64: Add part number for Arm Cortex-A77
    0b84cfaefea6 sctp: fix the processing for INIT chunk
    57e401a53c9f Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
    70f77a2cb528 Linux 5.4.185
    afb684cb976a KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains
    690909c6d971 x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains
    6b13a188609f x86/cpu: Add hardware-enforced cache coherency as a CPUID feature
    9dd71ec10658 x86/cpufeatures: Mark two free bits in word 3
    a4eef9e76934 ext4: add check to prevent attempting to resize an fs with sparse_super2
    269db254c3b7 ARM: fix Thumb2 regression with Spectre BHB
    635959a82154 virtio: acknowledge all features before access
    ffeb42e05d7d virtio: unexport virtio_finalize_features
    19d57cfbf8c0 arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
    978e4f2648c1 riscv: Fix auipc+jalr relocation range checks
    d6948de3b630 mmc: meson: Fix usage of meson_mmc_post_req()
    ba0d7beec2c2 net: macb: Fix lost RX packet wakeup race in NAPI receive
    403e3afe241b staging: gdm724x: fix use after free in gdm_lte_rx()
    a9174077febf fuse: fix pipe buffer lifetime for direct_io
    d72c79b60d6a ARM: Spectre-BHB: provide empty stub for non-config
    ad66df9064f4 selftests/memfd: clean up mapping in mfd_fail_write
    849c78024e65 selftest/vm: fix map_fixed_noreplace test failure
    500158df8757 tracing: Ensure trace buffer is at least 4096 bytes large
    090e73fb9cce ipv6: prevent a possible race condition with lifetimes
    1d4bdaaa8d23 Revert "xen-netback: Check for hotplug-status existence before watching"
    60e4e3198ce8 Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
    8879b5313e9f net-sysfs: add check for netdevice being present to speed_show
    dcf55b071de9 selftests/bpf: Add test for bpf_timer overwriting crash
    e0eca9285cf4 net: bcmgenet: Don't claim WOL when its not available
    bbf59d7ae558 sctp: fix kernel-infoleak for SCTP sockets
    e93437197131 net: phy: DP83822: clear MISR2 register to disable interrupts
    f7b3b5203491 gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
    54fd6b2eb1d7 gpio: ts4900: Do not set DAT and OE together
    82b298e0142d selftests: pmtu.sh: Kill tcpdump processes launched by subshell.
    cd2a5c0da0d1 NFC: port100: fix use-after-free in port100_send_complete
    1a4017926eee net/mlx5: Fix a race on command flush flow
    6102e2e5c62d net/mlx5: Fix size field in bufferx_reg struct
    0a64aea5fe02 ax25: Fix NULL pointer dereference in ax25_kill_by_device
    45bfd0a937ba net: ethernet: lpc_eth: Handle error for clk_enable
    e84d37af40a9 net: ethernet: ti: cpts: Handle error for clk_enable
    8ee065a7a9b6 ethernet: Fix error handling in xemaclite_of_probe
    4c0b769d9571 ARM: dts: aspeed: Fix AST2600 quad spi group
    7db2bc08619f drm/sun4i: mixer: Fix P010 and P210 format numbers
    7f8f5641417e qed: return status of qed_iov_get_link
    f59e78609075 net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
    45d470e4f808 virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
    278b2c7d9fe5 arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
    f62922b601c5 clk: qcom: gdsc: Add support to update GDSC transition delay
    1346e17653a5 Linux 5.4.184
    f7fc9c348790 Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
    0e35f3ab69bc xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
    782e5ebcc888 xen/gnttab: fix gnttab_end_foreign_access() without page specified
    051c4cc7bdb7 xen/pvcalls: use alloc/free_pages_exact()
    be63ea883e56 xen/9p: use alloc/free_pages_exact()
    8efaf0c862c7 xen: remove gnttab_query_foreign_access()
    d193785a4bc9 xen/gntalloc: don't use gnttab_query_foreign_access()
    089a8e491d6d xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
    b507879c1e2d xen/netfront: don't use gnttab_query_foreign_access() for mapped status
    a83400456f9c xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
    44d86dccd2a5 xen/grant-table: add gnttab_try_end_foreign_access()
    95ff82383266 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
    56f1b3c5c82a ARM: fix build warning in proc-v7-bugs.c
    40da947ba076 ARM: Do not use NOCROSSREFS directive with ld.lld
    583662bfd8df ARM: fix co-processor register typo
    21a466c32f3e ARM: fix build error when BPF_SYSCALL is disabled
    d1cfdd50778c ARM: include unprivileged BPF status in Spectre V2 reporting
    920f7970cf0d ARM: Spectre-BHB workaround
    dcf33beb492a ARM: use LOADADDR() to get load address of sections
    31814db6e478 ARM: early traps initialisation
    fdfc0baf829d ARM: report Spectre v2 status through sysfs
    26171b016b40 arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
    baaaba74e014 arm/arm64: Provide a wrapper for SMCCC 1.1 calls
    6c1599fd1bf8 x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
    7c7702569422 x86/speculation: Warn about Spectre v2 LFENCE mitigation
    865da3868b56 x86/speculation: Update link to AMD speculation whitepaper
    b1bacf22a847 x86/speculation: Use generic retpoline by default on AMD
    1e47ab3df908 x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
    327a4da9b0ef Documentation/hw-vuln: Update spectre doc
    96b3d45aeae0 x86/speculation: Add eIBRS + Retpoline options
    41b50510e593 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
    b70bc2e3552a x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
    22aed240891c x86/speculation: Merge one test in spectre_v2_user_select_mitigation()

(From OE-Core rev: bcabfe3640d9963c60ebf479ae016e7bee94ce66)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Bruce Ashfield
31766c908e linux-yocto/5.4: update to v5.4.183
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    e7d1268f5671 Linux 5.4.183
    5817c13cd6dc hamradio: fix macro redefine warning
    3c7d63cfa150 net: dcb: disable softirqs in dcbnl_flush_dev()
    5f53a6a8ae0f Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
    f73eb7342bb0 btrfs: add missing run of delayed items after unlink during log replay
    f8d4a8eebb22 btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
    39403d72b4c1 btrfs: fix lost prealloc extents beyond eof after full fsync
    4dd5d3310c75 tracing: Fix return value of __setup handlers
    c0f7253376c8 tracing/histogram: Fix sorting on old "cpu" value
    35fa6f2a31d3 HID: add mapping for KEY_ALL_APPLICATIONS
    ecefb8cc0f8b HID: add mapping for KEY_DICTATE
    52b984b17df9 Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
    16eb602eaddf Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
    3f123c305e4a nl80211: Handle nla_memdup failures in handle_nan_filter
    ec89b276464c net: chelsio: cxgb3: check the return value of pci_find_capability()
    6650fa5f3bcf soc: fsl: qe: Check of ioremap return value
    e89c53fcd28c memfd: fix F_SEAL_WRITE after shmem huge page allocated
    58b07100c20e ibmvnic: free reset-work-item when flushing
    2e7abe2efc31 igc: igc_write_phy_reg_gpy: drop premature return
    5c215ea574a0 ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
    89b881f339ce ARM: Fix kgdb breakpoint for Thumb2
    87765309bf59 igc: igc_read_phy_reg_gpy: drop premature return
    44ff6c29b2ea arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
    d59120a48997 can: gs_usb: change active_channels's type from atomic_t to u8
    bc653724929c ASoC: cs4265: Fix the duplicated control name
    cff3987e097d firmware: arm_scmi: Remove space in MODULE_ALIAS name
    461a26ebf0dd efivars: Respect "block" flag in efivar_entry_set_safe()
    b4f46598431f ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
    e50c589678e5 net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
    044e209c72cc net: sxgbe: fix return value of __setup handler
    a54dedf620d2 iavf: Fix missing check for running netdev
    150b8a05d005 net: stmmac: fix return value of __setup handler
    e9fa4009032d mac80211: fix forwarded mesh frames AC & queue selection
    f17b27f3d4bc ia64: ensure proper NUMA distance and possible map initialization
    80998dbde14d sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
    407ec382ba67 sched/topology: Make sched_init_numa() use a set for the deduplicating sort
    b40c91262477 xen/netfront: destroy queues before real_num_tx_queues is zeroed
    fa84d44df437 block: Fix fsync always failed if once failed
    849339fd72ff net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
    8e306a76b9b0 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
    1f5abd671dbd net: dcb: flush lingering app table entries for unregistered devices
    ed05368024a9 batman-adv: Don't expect inter-netns unique iflink indices
    863953227106 batman-adv: Request iflink once in batadv_get_real_netdevice
    a1ccea6183eb batman-adv: Request iflink once in batadv-on-batadv check
    43c25da41e30 netfilter: nf_queue: fix possible use-after-free
    3c934f1087ff netfilter: nf_queue: don't assume sk is full socket
    d2c96b19305f xfrm: enforce validity of offload input flags
    019b4b9d5977 xfrm: fix the if_id check in changelink
    49c24579cec4 netfilter: fix use-after-free in __nf_register_net_hook()
    ac858e4462bd xfrm: fix MTU regression
    f3537f1b2bfd ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
    75a471401b10 ALSA: intel_hdmi: Fix reference to PCM buffer address
    e28372b295d8 ata: pata_hpt37x: fix PCI clock detection
    58b419d16e87 usb: gadget: clear related members when goto fail
    ba6fdd55b166 usb: gadget: don't release an existing dev->buf
    0babb778ff75 net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
    a7ef01d25a31 i2c: qup: allow COMPILE_TEST
    da9bf89344a6 i2c: cadence: allow COMPILE_TEST
    bb07c8bb77d0 dmaengine: shdma: Fix runtime PM imbalance on error
    e208668ef7ba cifs: fix double free race when mount fails in cifs_get_root()
    2ed93e3e3f82 Input: clear BTN_RIGHT/MIDDLE on buttonpads
    7b6d98f86905 ASoC: rt5682: do not block workqueue if card is unbound
    e2106e429f05 ASoC: rt5668: do not block workqueue if card is unbound
    7b7c65abeb10 i2c: bcm2835: Avoid clock stretching timeouts
    964f155c382f mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
    1a7d2fccd8f6 mac80211_hwsim: report NOACK frames in tx_status

(From OE-Core rev: d0399ed433e3a77cb66d30bd027f52bd356d7acf)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Bruce Ashfield
a14b11c500 linux-yocto/5.4: update to v5.4.182
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    866ae42cf478 Linux 5.4.182
    fb2bbb7d3021 fget: clarify and improve __fget_files() implementation
    d6a29ce52a79 memblock: use kfree() to release kmalloced memblock regions
    5d9453bf4126 Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR"
    1fb051bbbce3 gpio: tegra186: Fix chip_data type confusion
    2782b05d0208 tty: n_gsm: fix NULL pointer access due to DLCI release
    c03a49581417 tty: n_gsm: fix proper link termination after failed open
    912144e8a3b0 tty: n_gsm: fix encoding of control signal octet bit DV
    1879db4f2521 xhci: Prevent futile URB re-submissions due to incorrect return value.
    80922d7b52b0 xhci: re-initialize the HC during resume if HCE was set
    0139a10090da usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
    6e74aebbf78b usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
    ba3e83e5a0b4 USB: serial: option: add Telit LE910R1 compositions
    92ac25b79d5d USB: serial: option: add support for DW5829e
    40256addf566 tracefs: Set the group ownership in apply_options() not parse_options()
    6b23eda98923 USB: gadget: validate endpoint index for xilinx udc
    9ab652d41dea usb: gadget: rndis: add spinlock for rndis response list
    39848d7e4ea6 Revert "USB: serial: ch341: add new Product ID for CH341A"
    7c453de366c3 ata: pata_hpt37x: disable primary channel on HPT371
    a28f8dbd474a iio: Fix error handling for PM
    8fff0310e66c iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
    ce1076b33e29 iio: adc: men_z188_adc: Fix a resource leak in an error handling path
    cb90ab3f0997 tracing: Have traceon and traceoff trigger honor the instance
    901206f71e6a RDMA/ib_srp: Fix a deadlock
    b7e2b91fcb5c configfs: fix a race in configfs_{,un}register_subsystem()
    df14d2bed8e2 spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
    a62f4266d572 net/mlx5: Fix wrong limitation of metadata match on ecpf
    45618e915757 net/mlx5: Fix possible deadlock on rule deletion
    53026346a94c netfilter: nf_tables: fix memory leak during stateful obj update
    5ad5886f85b6 nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
    dfe537b0c94e net: Force inlining of checksum functions in net/checksum.h
    eee01c88c90f net: ll_temac: check the return value of devm_kmalloc()
    fc92a14fa076 net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
    3cbf1f98d893 drm/edid: Always set RGB444
    d0251c38dff8 openvswitch: Fix setting ipv6 fields causing hw csum failure
    2b3cdd70ea5f gso: do not skip outer ip header in case of ipip and net_failover
    0240bb276fd6 tipc: Fix end of loop tests for list_for_each_entry()
    2ed132637619 net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    97a6c07d6ff4 bpf: Do not try bpf_msg_push_data with len 0
    dffce58f6f75 perf data: Fix double free in perf_session__delete()
    3174b09fe16c ping: remove pr_err from ping_lookup
    767099f0ec5b lan743x: fix deadlock in lan743x_phy_link_status_change()
    5d76e0b69da9 optee: use driver internal tee_context for some rpc
    0e526f533f35 tee: export teedev_open() and teedev_close_context()
    64e0b5894c81 x86/fpu: Correct pkru/xstate inconsistency
    49c011a44edd netfilter: nf_tables_offload: incorrect flow offload action array size
    49a4536a46ed USB: zaurus: support another broken Zaurus
    b95d71abeb7d sr9700: sanity check for packet length
    d0dac454b9e3 drm/amdgpu: disable MMHUB PG for Picasso
    eb88a38831e5 parisc/unaligned: Fix ldw() and stw() unalignment handlers
    b783ef3eb66a parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    0b608b3392c4 vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    dd0de3510240 clk: jz4725b: fix mmc0 clock gating
    d1f1de5dff78 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    b6e8856b8a5f Linux 5.4.181
    3e73b02af6c3 kconfig: fix failing to generate auto.conf
    90c0d3cc676f net: macb: Align the dma and coherent dma masks
    f1c3f41245d8 net: usb: qmi_wwan: Add support for Dell DW5829e
    6b364ca4814a tracing: Fix tp_printk option related with tp_printk_stop_on_boot
    8bf73d5ea94a drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
    5a21d5072300 ata: libata-core: Disable TRIM on M88V29
    41da91158ed9 kconfig: let 'shell' return enough output for deep path names
    913932a306f0 arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
    d2fd1c7804e8 arm64: dts: meson-g12: add ATF BL32 reserved-memory region
    daa868080996 arm64: dts: meson-gx: add ATF BL32 reserved-memory region
    ba4b40356abd netfilter: conntrack: don't refresh sctp entries in closed state
    d4de2bbcbc91 irqchip/sifive-plic: Add missing thead,c900-plic match string
    2d7a327a129e ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
    fff21185f598 ARM: OMAP2+: hwmod: Add of_node_put() before break
    3deabc3f60fd KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
    fe595759c2a4 Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
    ba71b1b30d85 i2c: brcmstb: fix support for DSL and CM variants
    6f08452c560d copy_process(): Move fd_install() out of sighand->siglock critical section
    e52dfd2a4906 dmaengine: sh: rcar-dmac: Check for error num after setting mask
    c83049cb8817 net: sched: limit TC_ACT_REPEAT loops
    87c575d2a238 lib/iov_iter: initialize "flags" in new pipe_buffer
    091dac5c6392 EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
    f0c2c023c226 scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
    56f9abba9805 mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
    bdc70b603da9 mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
    3758a570762e NFS: Do not report writeback errors in nfs_getattr()
    357d42d593fc NFS: LOOKUP_DIRECTORY is also ok with symlinks
    20f4ee3c3340 block/wbt: fix negative inflight counter when remove scsi device
    4cd3281a910a mtd: rawnand: gpmi: don't leak PM reference in error path
    c6fee7c8546a powerpc/lib/sstep: fix 'ptesync' build error
    edfac6b77bc2 ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
    d6d8d1db8094 ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
    99c2b13ce951 ALSA: hda: Fix missing codec probe on Shenker Dock 15
    2b2b531ceba9 ALSA: hda: Fix regression on forced probe mask option
    aca7e5b6a500 libsubcmd: Fix use-after-free for realloc(..., 0)
    7af6164ceefe bonding: fix data-races around agg_select_timer
    aeb993412eb2 drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
    db3ffc5d332e bonding: force carrier update when releasing slave
    fb8c98f92ad3 ping: fix the dif and sdif check in ping_lookup
    8198c4d4c2f8 net: ieee802154: ca8210: Fix lifs/sifs periods
    a06440508acd net: dsa: lan9303: fix reset on probe
    73f8575216b1 netfilter: nft_synproxy: unregister hooks on init error path
    5e8c5b217cfb iwlwifi: pcie: gen2: fix locking when "HW not ready"
    e1d0e738b02e iwlwifi: pcie: fix locking when "HW not ready"
    902528183f4d mmc: block: fix read single on recovery logic
    5f326fe2aef4 vsock: remove vsock from connected table when connect is interrupted by a signal
    f48a38703c11 dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
    41ce06a3ec6a taskstats: Cleanup the use of task->exit_code
    8583d2ea90fe ext4: prevent partial update of the extent blocks
    d57fcf0d9195 ext4: check for inconsistent extents between index and leaf block
    6a332d095ce4 ext4: check for out-of-order index extents in ext4_valid_extent_entries()
    13f6ebef03b0 drm/radeon: Fix backlight control on iMac 12,1
    494de920d98f iwlwifi: fix use-after-free
    6194b4689731 arm64: module/ftrace: intialize PLT at load time
    adcc4b795f4c arm64: module: rework special section handling
    dfe928f16cc5 module/ftrace: handle patchable-function-entry
    30af4dcfa8b4 ftrace: add ftrace_init_nop()
    42c8cccf83d5 Revert "module, async: async_synchronize_full() on module init iff async is used"
    5c7726bd5736 drm/amdgpu: fix logic inversion in check
    d411b2a5da68 nvme-rdma: fix possible use-after-free in transport error_recovery work
    61a26ffd5ad3 nvme-tcp: fix possible use-after-free in transport error_recovery work
    70356b756a58 nvme: fix a possible use-after-free in controller reset during load
    89d2bd13252a quota: make dquot_quota_sync return errors from ->sync_fs
    f124d9eff984 vfs: make freeze_super abort when sync_filesystem returns error
    cfc8b37ef041 ax25: improve the incomplete fix to avoid UAF and NPD bugs
    dd2fcac324ea selftests/zram: Adapt the situation that /dev/zram0 is being used
    c3a9afa82493 selftests/zram01.sh: Fix compression ratio calculation
    8d1c50c8683e selftests/zram: Skip max_comp_streams interface on newer kernel
    455ef08d6e54 net: ieee802154: at86rf230: Stop leaking skb's
    3bd8bebb16fe selftests: rtc: Increase test timeout so that all tests run
    bc6ac6c0f67d platform/x86: ISST: Fix possible circular locking dependency detected
    bd6492930a10 btrfs: send: in case of IO error log it
    3ff48a67ed65 parisc: Fix sglist access in ccio-dma.c
    efccc9b0c7e2 parisc: Fix data TLB miss in sba_unmap_sg
    3434d8837fe9 parisc: Drop __init from map_pages declaration
    bd282ee53e34 serial: parisc: GSC: fix build when IOSAPIC is not set
    9d2aad133b22 Revert "svm: Add warning message for AVIC IPI invalid target"
    190272552099 HID:Add support for UGTABLET WP5540
    866a85813b92 Makefile.extrawarn: Move -Wunaligned-access to W=1
    7b3eb66d0daf Linux 5.4.180
    9d09cb110868 ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
    a2ed7b29d067 perf: Fix list corruption in perf_cgroup_switch()
    f79cbf75ac76 scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
    a1a018e2a068 hwmon: (dell-smm) Speed up setting of fan speed
    1e30073c0e55 seccomp: Invalidate seccomp mode to catch death failures
    a3769078c945 USB: serial: cp210x: add CPI Bulk Coin Recycler id
    fade0cbf6682 USB: serial: cp210x: add NCR Retail IO box id
    697b9ed28b39 USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
    ed4fddac9d7c USB: serial: option: add ZTE MF286D modem
    f729dfd364b8 USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
    f297b6109cbe usb: gadget: f_uac2: Define specific wTerminalType
    c9e952871ae4 usb: gadget: rndis: check size of RNDIS_MSG_SET command
    38fd68f55a7e USB: gadget: validate interface OS descriptor requests
    3054dfef06a7 usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
    8f032eaebc2f usb: dwc3: gadget: Prevent core from processing stale TRBs
    3a9953b2806c usb: ulpi: Call of_node_put correctly
    12ab57a21372 usb: ulpi: Move of_node_put to ulpi_dev_release
    a0fd5492ee76 net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
    3937c35493ee eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
    d4dc28db1b98 n_tty: wake up poll(POLLRDNORM) on receiving data
    0e31f914d761 vt_ioctl: add array_index_nospec to VT_ACTIVATE
    ae3d57411562 vt_ioctl: fix array_index_nospec in vt_setactivate
    311c82a68093 net: amd-xgbe: disable interrupts during pci removal
    b3e998a5dc46 tipc: rate limit warning for received illegal binding update
    e7daad5c28ad net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
    c99e66350ca0 veth: fix races around rq->rx_notify_masked
    a80817adc2a4 net: fix a memleak when uncloning an skb dst and its metadata
    0b6087c63586 net: do not keep the dst cache when uncloning an skb dst and its metadata
    3f41ec8c830e nfp: flower: fix ida_idx not being released
    16dcfde98a25 ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
    4bcfbec337cf bonding: pair enable_port with slave_arr_updates
    e432f25c77a2 ixgbevf: Require large buffers for build_skb on 82599VF
    4e6fd2b5fcf8 misc: fastrpc: avoid double fput() on failed usercopy
    c9fc422c9a43 usb: f_fs: Fix use-after-free for epfile
    336222182a3b ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
    94888cf75535 staging: fbtft: Fix error path in fbtft_driver_module_init()
    2650ed47077b ARM: dts: meson: Fix the UART compatible strings
    4ccb639bde50 perf probe: Fix ppc64 'perf probe add events failed' case
    b4a59eafcbc5 net: bridge: fix stale eth hdr pointer in br_dev_xmit
    b55a0cdbec5b PM: s2idle: ACPI: Fix wakeup interrupts handling
    e37a2a6b52d4 ACPI/IORT: Check node revision for PMCG resources
    153d0f357b12 nvme-tcp: fix bogus request completion when failing to send AER
    a44ca4038725 ARM: socfpga: fix missing RESET_CONTROLLER
    8a0bad445a50 ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
    9d5e5832ffe7 riscv: fix build with binutils 2.38
    c230f6ba1011 bpf: Add kconfig knob for disabling unpriv bpf by default
    e2424c010a98 KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
    a437c524394c net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
    032065cc5b6c usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
    0863dedf58c8 PM: hibernate: Remove register_nosave_region_late()
    5c5ceea00c8c scsi: myrs: Fix crash in error case
    7cc32ff0cd6c scsi: qedf: Fix refcount issue when LOGO is received during TMF
    c6a7077144ed scsi: target: iscsi: Make sure the np under each tpg is unique
    9babdef28879 net: sched: Clarify error message when qdisc kind is unknown
    978264fbc524 drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
    162e8d788545 NFSv4 expose nfs_parse_server_name function
    852c95db75a7 NFSv4 remove zero number of fs_locations entries error check
    75e67eed756a NFSv4.1: Fix uninitialised variable in devicenotify
    6efe39614039 nfs: nfs4clinet: check the return value of kstrdup()
    2acac498a507 NFSv4 only print the label when its queried
    891c4ebf3b94 nvme: Fix parsing of ANA log page
    d7d345c80727 NFSD: Fix offset type in I/O trace points
    34217d7730b9 NFSD: Clamp WRITE offsets
    5fde7ca7b17d NFS: Fix initialisation of nfs_client cl_flags field
    09295a989319 net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
    f84d17e6dd90 net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
    60027834114d mmc: sdhci-of-esdhc: Check for error num after setting mask
    8a9511fd10ea ima: Do not print policy rule with inactive LSM labels
    89e51f2ab81c ima: Allow template selection with ima_template[_fmt]= after ima_hash=
    0939988b16a4 ima: Remove ima_policy file before directory
    ea58704f06f1 integrity: check the return value of audit_log_start()
    52871671099d Linux 5.4.179
    d692e3406e05 tipc: improve size validations for received domain records
    3a0a7ec5574b moxart: fix potential use-after-free on remove path

(From OE-Core rev: 7efa786ed2fb2f214c0a34cf933429ed31c9c510)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Steve Sakoman
b82a9877d5 git update from 2.24.3 to 2.24.4
Security release, fixes CVE-2021-21300, so remove that patch.

22539ec3b5 unpack_trees(): start with a fresh lstat cache
0d58fef58a run-command: invalidate lstat cache after a command finished
684dd4c2b4 checkout: fix bug that makes checkout follow symlinks in leading path

(From OE-Core rev: 8606d99041c3c1a002b2300c59afc116050c73cc)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Peter Kjellerstedt
8fdcbd703b u-boot: Correct the SRC_URI
This avoids a redirect.

(From OE-Core rev: 4da46e0423a7003fb689a8b6a03f5924b8f22cb9)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 879bc5098943cf6977c32555ac31cb21be7b46ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 2233e83da4fab1d6d34517f6ebf5860f4fd5b2a1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
zhengruoqin
f62b028452 wireless-regdb: upgrade 2022.02.18 -> 2022.04.08
(From OE-Core rev: 635d1ab7ed8e813e01f49b47894d978c8497df34)

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6ea7450a919f2b571746e7af350c1362e41f8e1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
wangmy
57e1d6d9a6 linux-firmware: upgrade 20220310 -> 20220411
License-Update:
    Version of driver files updated
    Added files for some drivers

(From OE-Core rev: de880e23bff4e0da0306ec61396044e1f3b48aa1)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 01684df3a51be476081ee21eb54c24fef00acb3f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-22 23:39:12 +01:00
Steve Sakoman
ef1323fbb7 poky.conf: Bump version for 3.1.16 release
(From meta-yocto rev: 7e0063a8546250c4c5b9454cfa89fff451a280ee)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:02 +01:00
Steve Sakoman
0ab1adc2fc documentation: update for 3.1.16 release
(From yocto-docs rev: e8cf0e7290d07448af3b55dcd478e200a10cee42)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:02 +01:00
Richard Purdie
1a14b4f693 libxshmfence: Correct LICENSE to HPND
The license in this code is listed as MIT and whilst it is compatible with and
usable as MIT, it actually looks like HPND. Clarify the license field accordingly.

(From OE-Core master rev: 922b645f443c33060a8990d32e6b7b62ea5497c3)

(From OE-Core rev: 8fd5133fc7f6bc84193ec6fcbc1746c59bfc8caf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:02 +01:00
Peter Kjellerstedt
076d50da2e metadata_scm.bbclass: Use immediate expansion for the METADATA_* variables
Define METADATA_BRANCH and METADATA_REVISION using immediate expansion.
This avoids running `git rev-parse HEAD` multiple times during recipe
parsing.

(From OE-Core rev: f76fc325520386c0d25c6d6b422c85e9fb87e663)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 34e1841ec14c545c73fbe03a9f946d43d65ab326)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Ralph Siemsen
39ba556a2e apt: add -fno-strict-aliasing to CXXFLAGS to fix SHA256 bug
Recently we've begun seeing issues with apt SHA256 generation/checking on some
distros (fedora 35, alma 8). The version of apt in dunfell uses its own
SHA256 code, not a standard library.

Investigation reveals that the issue is related to -fstrict-aliasing enabled by
-O2 optimization, so turn it off with -fno-strict-aliasing

(From OE-Core rev: dc61dfd7791976c70c93e0d253a8fdbd40d27f3b)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Martin Jansa
aee507fe6c license_image.bbclass: close package.manifest file
* fixes:
  NOTE: Executing write_package_manifest ...
  DEBUG: Executing python function write_package_manifest
  /OE/build/oe-core/openembedded-core/meta/classes/license_image.bbclass:23: ResourceWarning: unclosed file <_io.TextIOWrapper name='/OE/build/oe-core/tmp-glibc/deploy/licenses/core-image-minimal-qemux86-64/package.manifest' mode='w+' encoding='UTF-8'>
    'w+').write(output)
  ResourceWarning: Enable tracemalloc to get the object allocation traceback
  DEBUG: Python function write_package_manifest finished

[YOCTO #14772]

(From OE-Core rev: 3e88c663e65fbc1b2e77a8616af4371224ed0ca5)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b3114d5d438b7a63a276b4e825b62f3b1ebceed6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Alexandre Belloni
ba9b4222e1 pseudo: Fix handling of absolute links
Update to a version of pseudo which has a fix for absolute links,
evaluating them from the chroot path.

(From OE-Core rev: 4e79b3fa07d6b8d044f2fb21e691ff3683aee1ea)

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33147b89bc3c9e9bdd53a942a5551d8a1d06130c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Richard Purdie
112973ae37 pseudo: Add patch to workaround paths with crazy lengths
Update to a version of pseudo which includes a workaround for crazy
long paths, as shown by the libfm failures from the libtool upgrade.

(From OE-Core rev: 5cac1e855e397b58c3c2b251a9794f3d480c8ad6)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67dfa32d82b8862e6e543c37315f211aba3ec28b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Richard Purdie
507183f4b0 git: Ignore CVE-2022-24975
Everyone I've talked to doesn't see this as a major issue. The CVE
asks for a documentation improvement on the --mirror option to
git clone as deleted content could be leaked into a mirror. For OE's
general users/use cases, we wouldn't build or ship docs so this wouldn't
affect us.

(From OE-Core rev: f35500a442d6a4564d52e23f9602a3f90a4ceee5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5dfe2dd5482c9a446f8e722fe51903d205e6770d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Ralph Siemsen
62aefd3864 xz: fix CVE-2022-1271
Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.

Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch]
CVE: CVE-2022-1271

(From OE-Core rev: da4180062f12aa855a0dd2c0dbe4f0721df67055)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Ross Burton
f36e87ec4f zlib: backport the fix for CVE-2018-25032
(From OE-Core rev: 27385658aa552b287c4f8f4585f9c783db834123)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Ralph Siemsen
170ce893e7 gzip: fix CVE-2022-1271
zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.

Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c]
CVE: CVE-2022-1271

(From OE-Core rev: b7f0696bc60409af215549d26621526c1a93a002)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Richard Purdie
08a3ac8403 vim: Upgrade 8.2.4524 -> 8.2.4681
License change is a date in the license file only.

This includes a fix for CVE-2022-0943.

(From OE-Core rev: 1c68d33f4742df9bcec7d1032dab61d676f86371)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69bc2f37d6ca7fa4823237b45dd698b8debca0a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-21 21:26:01 +01:00
Richard Purdie
b6ce93d565 conf.py/poky.yaml: Move version information to poky.yaml and read in conf.py
Merge in the changes from master allowing conf.py to use information from
poky.yaml. This allows the head version mapped to X.999 on the website to
have the version information displayed clearly and correctly.

(From yocto-docs rev: df813c6d6c1477519f13699987215c8d9bc0a7bf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-20 17:26:55 +01:00
Richard Purdie
ce50594d70 bitbake: server/process: Disable gc around critical section
The python gc can trigger whilst we're holding the event stream lock
and when cleaning up objects, they can trigger warnings. This translates
into a new event which would then need the lock and we can deadlock.

Disable gc whilst we hold that lock to avoid this unfortunate and
problematic situation.

(Bitbake rev: 0784db7dd0fef6f0621ad8d74372f44e87fef950)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96a6303949cefd469bcf5ed250ff512271354357)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-16 23:03:41 +01:00
Oleksandr Kravchuk
38c55bd388 tzdata: update to 2022a
(From OE-Core rev: aa762b7ca2417b80dd114a4ab263d69074912f82)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b280aecd79e95811f8baec6c4479c5752c54d9e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Peter Kjellerstedt
86285152bd python3-jinja2: Correct HOMEPAGE
(From OE-Core rev: 7d429e8385ca01728d797abe8ab9575140734476)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 261778c1e3665b34c0d4e49bda63b520d5335587)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Martin Jansa
6b6d412f59 boost: fix native build with glibc-2.34
(From OE-Core rev: 64ba0d40a4c77a23778c51511f2d167e2056eea3)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Richard Purdie
331a9f9068 mirrors: Add missing gitsm entries for yocto/oe mirrors
The missing gitsm:// mappings looks like an oversight, add them.

(From OE-Core rev: f748360a854a5c80c8008ba6ac90546865651f10)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6600b9fca7888fb41647cd000b9efb7f0762dfde)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Ralph Siemsen
7e0d217559 bind: update to 9.11.37
Security Fixes

The rules for acceptance of records into the cache have been tightened
to prevent the possibility of poisoning if forwarders send records
outside the configured bailiwick. (CVE-2021-25220)

License-Update: copyright years

(From OE-Core rev: 58aea0c02bb101dbb378afb578b70b8730cce6fd)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Ralph Siemsen
64205bf3ec bluez5: fix CVE-2022-0204
Fix heap overflow when appending prepare writes

The code shall check if the prepare writes would append more the
allowed maximum attribute length.

Upstream-Status: Backport [591c546c53]
CVE: CVE-2022-0204

(From OE-Core rev: 058dec11cc6580212c6d4560d0f0e5b704d501dc)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Davide Gardenal
048094bcf9 go: backport patch fix for CVE-2021-38297
Patch taken from
4548fcc8df
from the following issue
https://github.com/golang/go/issues/48797

Original repo
https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4

(From OE-Core rev: e9e3c3969544d18f0da90a10156c40da84d5b549)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Ross Burton
f80b5868fa grub: ignore CVE-2021-46705
This is specific to SUSE Linux.

(From OE-Core rev: 10e12faf6172f399da7b3d73a33bd908aa8f32b3)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 594baef3b08d40fbbf1899f4cadeb9931c035c1a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-09 08:27:11 +01:00
Scott Weaver
ab03f130e4 bitbake: fetch2: add check for empty SRC_URI hash string
No error was being reported when the hash string was set to empty.
For example: SRC_URI[md5sum] = ""

On a related note (not a bug):
Because whitespace in the string will result in a checksum mismatch, the error
message was updated to make it a little clearer why the error was thrown.
For example: SRC_URI[md5sum] = " " or
SRC_URI[md5sum] = " 209f8326f5137d8817a6276d9577a2f1"

Now creates a message like this:
File: '/home/scott/yocto-cache/downloads/rsync-3.2.3.tar.gz' has md5
checksum '209f8326f5137d8817a6276d9577a2f1' when ' 209f8326f5137d8817a6276d9577a2f1' was expected

[YOCTO #14232]

(Bitbake rev: d8c2175f6a7b5fdf111d6a073b2c3dbd3c0b061d)

Signed-off-by: Scott Weaver <weaverjs@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a13510d0028e234ea2f4744b0d0c38558395c70f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-05 20:49:51 +01:00
Steve Sakoman
a743227d81 xserver-xorg: update to 1.20.14
Fixes: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011

Stable branch update:

97c5b7777 (HEAD -> server-1.20-branch, tag: xorg-server-1.20.14, origin/server-1.20-branch) xserver 1.20.14
35b4681c7 render: Fix out of bounds access in SProcRenderCompositeGlyphs()
67425fcab Xext: Fix out of bounds access in SProcScreenSaverSuspend()
6bb8aeb30 xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
acc50e609 record: Fix out of bounds access in SwapCreateRegister()
5ff3310b6 modesetting: Allow Present flips with mismatched stride on atomic drivers.
574fe59ef Fix RandR leasing for more than 1 simultaneously active lease.

(From OE-Core rev: aa2bb4f62dd7e5c6fdf220264c3d62fbf2cc7d16)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Steve Sakoman
f0240a36a3 xserver-xorg: update to 1.20.13
Stable branch update:

86a72cb19 (tag: xorg-server-1.20.13) xserver 1.20.13
f85e4edba modesetting: unflip not possible when glamor is not set
b03d7184b present: fallback get_crtc to return crtc belonging to screen with present extension

(From OE-Core rev: 3e9ecd77449a5bd70a55d47db7a2dfb85d44d9c2)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Steve Sakoman
a5f13b762b xserver-xorg: update to 1.20.12
Stable branch update:

b88ad0b34 (tag: xorg-server-1.20.12) xserver 1.20.12
8dea50223 Build xz tarballs instead of bzip2
b7adbac7d hw/dmx/config: Link directly with libdmxconfig.a
e49738f0c xfree86: Fix NULL pointer dereference crash
9a59631a4 glx: Fix use after free in MakeCurrent
1fc0ca6e6 xfree86: Fix out of array bound access to xf86Entities
a4210fe07 xfree86: Change displays array to pointers array to fix invalid pointer issues after table reallocation
22449f630 glamor: Avoid using GL_QUADS on V3D
d16f64031 modesetting: Fix possible_crtcs
f1e76731a modesetting: Update props for dynamically added outputs
7bf477711 xquartz: Ensure the mouse pointer is shown when switching to a native macOS alert or window
3ef6e7b76 xquartz: Fix appFlags build failure with macOS 10.15+ SDKs
2a83c840c glx: Set ContextTag for all contexts
394b6cc1c glx: don't create implicit GLXWindow if one already exists
0086535e7 modesetting: Remove few common functions from ms namespace
321964443 modesetting: remove unnecessary ms_covering_xf86_crtc dup of ms_covering_randr_crtc
52eb801d0 modesetting: Find crtc on slave outputs as fallback instead of returning primary crtc
c7a2da7b9 present: fix msc offset calculation in screen mode
31544e68e present: Use crtc's screen present operation for syncing
464cbee1c modesetting: Initialize present extension despite glamor is disabled
4e11bd390 modesetting: Disable reverse prime offload mode for displays running on evdi,udl
627252933 dix: Guard against non-existing PtrFeedbackPtr
d41b43345 xwayland: Add PtrFeedback to the touch device
23a53f0d5 glx: fixup symbol name for get_extensions function

(From OE-Core rev: e8416c75630a27527faedeab218a8ba71a1eb5ea)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Steve Sakoman
884024d1d8 xserver-xorg: update to 1.20.11
Fixes CVE-2021-3472

Stable branch update:

6b767cdf6 (tag: xorg-server-1.20.11) xserver 1.20.11
a1a1aa2c1 Fix XChangeFeedbackControl() request underflow
8890c44a7 xquartz: Remove a check for NSAppKitVersionNumber >= NSAppKitVersionNumber10_7
3c3680c36 xquartz: Don't include strndup.c any more since we no longer support 10.8 and older
e1fdc856a xquartz: Add a launch trampoline to better integrate with modern versions of macOS
8f8e9c53e xquartz: Don't process AppKit events if we haven't finished initializing
aa6f84021 xquartz: Allocate each fbconfig separately
7aa51bb57 xquartz: Fix a compiler warning about const incompatible pointer assignment
d751c46bd xquartz: Fix build with sparkle enabled
03c2e12a8 xquartz: Silence a compiler warning about missing internal methods on NSApplication
fcbd57367 xquartz: Rewrite Window menu handling to not depend on X11App.windowsMenu.numberOfItems being correct in -awakeFromNib
b27c6602b xquartz: Convert X11Controller ivars into @properties
625c7e4de xquartz: Convert X11Application ivars into @properties
3017fec60 xquartz: Fold quartzCommon.h into quartz.h
bdaff44f9 xquartz: Fold away some unnecessary hops to X11Controller through X11Application
7d22031a6 xquartz: Fold away array_with_strings_and_numbers and simplify with more modern Objective-C
937b63ff4 xqaurtz: Remove message_kit_thread() and use dispatch instead
e531d3a4c xquartz: Use objc_autoreleasePoolPush / objc_autoreleasePoolPop directly in QuartzBlockHandler
08cf6c90f xquartz: Minor code modernization -- @autoreleasepool adoption
26e0c59a9 xquartz: Remove some dead code for compatibility with older nibs
2853f3896 xquartz: Remove a workaround for AppKit versions older than Lion
1edc9b980 xquartz: Apply spell check fixes from master for easier cherry-picking of changes in xquartz
67f25cc18 xquartz: Fix applications menu table background color for dark mode
4028c2ad1 xquartz: Apply Xcode 12.4 automatic updates to nibs
ff1c8e2f7 xquartz: Update the about box copyright to 2021
a16df6028 xquartz: Ensure we call into TIS on the main thread
2087b7782 xquartz: Ensure that NSRunAlertPanel() is run on the main thread
2fe5bf4ba xquartz: Remove support for older versions of libXplugin
bc1a2a0d8 xquartz: Remove unused include of AvailabilityMacros.h from various sources
393da8b43 xquartz: Remove support for building for i386
43aaa1093 xquartz: Remove support for Mountain Lion and earlier versions of macOS
fb492686d xquartz: Remove support for Lion and earlier versions of macOS
34784415a xquartz: Remove support for SnowLeopard and earlier versions of macOS
d3f81ecaf xquartz: Remove check for libdispatch now that we don't support pre-SnowLeopard
739c5bd32 xquartz: Remove support for Leopard and earlier versions of macOS
2d7eb8249 xquartz: Remove support for Tiger and earlier versions of macOS
080f9eb76 os: Remove support for Tiger and earlier versions of macOS
be9d2fd87 xquartz: Remove support for Panther and earlier versions of macOS
d39eb5840 Fix typo "XQaurtz" in Xquartz.man
1f2b73176 XQuartz: recognize F16-F20 and Menu keys
ecc4ebf53 xquartz: Add stub ddxInputThread()
f5df31c76 meson.build: KMS support also depends on dri2
b09f5f42d xwayland: Replace LogMessage with LogMessageVerb
c17872d50 xkb: Fix heap overflow caused by optimized away min.

(From OE-Core rev: 928759347e18e56c991959d1a33aeb87ba6de4ee)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Steve Sakoman
e2ecbb13db xserver-xorg: update to 1.20.10
Remove CVE patches contained in this release.

Stable branch update:

bc111a2e6 (tag: xorg-server-1.20.10) xserver 1.20.10
06d1a032e Check SetMap request length carefully.
7ccb3b0ea Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
440ed5948 present/wnmd: Translate update region to screen space
54f9af1c6 modesetting: keep going if a modeset fails on EnterVT
bd0f53725 modesetting: check the kms state on EnterVT
5c400cae1 configure: Build hashtable for Xres and glvnd
253569a3d xwayland: Create an xwl_window for toplevel only
0811a9ff7 xwayland: non-rootless requires the wl_shell protocol
b3ae038c3 glamor: Update pixmap's devKind when making it exportable
d6c389cb8 os: Fix instruction pointer written in xorg_backtrace
c3e4c1a0f present/wnmd: Execute copies at target_msc-1 already
96ef31e0f present/wnmd: Move up present_wnmd_queue_vblank
669e40390 present: Add present_vblank::exec_msc field
dae234efd present: Move flip target_msc adjustment out of present_vblank_create
1930ed233 xwayland: Remove pending stream reference when freeing
1ac389dda xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one
d108c2c82 xwayland: Do not discard frame callbacks on allow commits
174cb91d8 present/wnmd: Remove dead check from present_wnmd_check_flip
51ee6e5ce xwayland: Check window pixmap in xwl_present_check_flip2
f4006d795 present/wnmd: Can't use page flipping for windows clipped by children
1e84fda20 xfree86: Take second reference for SavedCursor in xf86CursorSetCursor
8c3c8bda2 glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling
b28c88288 include: Increase the number of max. input devices to 256.
af4c84ce8 Revert "linux: Make platform device probe less fragile"
39cb95e95 Revert "linux: Fix platform device PCI detection for complex bus topologies"
4b6fce597 Revert "linux: Fix platform device probe for DT-based PCI"

(From OE-Core rev: ac86083917380ca8398307f0e59b7bb73c727b4f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Steve Sakoman
14127d25e7 xserver-xorg: update to 1.20.9
Remove CVE patches contained in this release.

Stable branch update:

afb77415e (tag: xorg-server-1.20.9) xserver 1.20.9
705d72139 Fix XRecordRegisterClients() Integer underflow
5b384e767 Fix XkbSelectEvents() integer underflow
eff3f6cdd Fix XIChangeHierarchy() integer underflow
1d3a1092c Correct bounds checking in XkbSetNames()
249a12c54 linux: Fix platform device probe for DT-based PCI
5c96eb5f4 linux: Fix platform device PCI detection for complex bus topologies
74b7427c4 linux: Make platform device probe less fragile
4979ac8f0 fix for ZDI-11426
2720b8715 xfree86: add drm modes on non-GTF panels
7da8e7bab present: Check valid region in window mode flips
4a65b6617 xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp
10cabe0b9 xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
3b51978b9 doc: Update URLs in Xserver-DTrace.xml
6cbd6a09b xwayland: Use a fixed DPI value for core protocol
d4e8c4622 xwayland: only use linux-dmabuf if format/modifier was advertised
c726ceacc hw/xfree86: Avoid cursor use after free
0679d4660 Update URL's in man pages
3059a2e62 xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
23c55ec32 xwayland: Hold a pixmap reference in struct xwl_present_event
1179938c1 randr: Check rrPrivKey in RRHasScanoutPixmap()
4912f693e modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation
ccbcf083d xwayland: Store xwl_tablet_pad in its own private key
cc3613559 xwayland: Initialise values in xwlVidModeGetGamma()
533cc6ca0 xwayland: Fix crashes when there is no pointer
3aa31823d xwayland: Clear private on device removal
22c0808ac xwayland: Free all remaining events in xwl_present_cleanup
37779d7f4 xwayland: Always use xwl_present_free_event for freeing Present events
ba52e5eb0 present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
b3310ed50 present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
fc297c87d xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
0430d13c1 xwayland: Fix infinite loop at startup
b8b10e293 modesetting: Disable pageflipping when using a swcursor
271934db9 dix: do not send focus event when grab actually does not change

(From OE-Core rev: 9fba10e19c8de5df1361e222bf255c0d9dad949f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Steve Sakoman
67f1490197 util-linux: fix CVE-2022-0563
A flaw was found in the util-linux chfn and chsh utilities when compiled
with Readline support. The Readline library uses an "INPUTRC" environment
variable to get a path to the library config file. When the library cannot
parse the specified file, it prints an error message containing data from
the file. This flaw allows an unprivileged user to read root-owned files,
potentially leading to privilege escalation. This flaw affects util-linux
versions prior to 2.37.4.

Backport patch from upstream:
faa5a3a83a

Patch required slight modifications to apply cleanly to util-linux 2.35.1

(From OE-Core rev: dffbf6301612ca91f6a1c306b9dde754b44912bb)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-01 23:22:43 +01:00
Richard Purdie
631df12969 oeqa/selftest/tinfoil: Fix intermittent event loss issue in test
We've been seeing occasional test failures on the autobuilder where
we don't see the expected events. It turns out this is due to
run_command being helpful and eating them if the server is fast and
the client slow. Adding a sleep into the run_command code makes the
failure consistent.

Use a new "handle_events" argument to allow us to handle all the
events which is what this test requires.

[YOCTO #14585]

(From OE-Core rev: da5cba5ec56cc437ede46d8aa71219a2a34cbe9e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2292983c717b8cadcf0c443bb7b649a84ea5ad57)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Minjae Kim
5a05390de1 virglrenderer: update SRC_URI
The git repo for virglrenderer was changed, so update the
SRC_URI accordingly with the new link.

(From OE-Core rev: 619d9ba2bb1f869869937f7d7942cc77580fdc08)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Minjae Kim
b6e2a1acd4 gnu-config: update SRC_URI
The git repo for gnu-config was changed, so update the
SRC_URI accordingly with the new link.

(From OE-Core rev: 4ee75d865b34f615bc649004e9dd0460eaf42dbf)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Ralph Siemsen
82abf31270 libxml2: fix CVE-2022-23308 regression
The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13.  We import that patch here.

(From OE-Core rev: 906ffe5bf83c0e587299aaedb9382ce04c3c7acf)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Davide Gardenal
a27aa2316f ghostscript: backport patch fix for CVE-2021-3781
Upstream advisory:
https://ghostscript.com/blog/CVE-2021-3781.html

Other than the CVE fix other two commits are backported
to fit the patch.

(From OE-Core rev: ce856e5e07589d49d5ff84b515c48735cc78cd01)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Steve Sakoman
4391ddecb2 ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native
CVE patches (and the stack limits check patch) should have been
added to SRC_URI_BASE so that they are applied for both target
and -native packages.

(From OE-Core rev: da9b7b8973913c80c989aee1f5b34c98362725a8)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Davide Gardenal
92b8b18ca9 apt: backport patch fix for CVE-2020-3810
Upstream commit:
dceb1e49e4/apt-pkg/contrib/arfile.cc

CVE: CVE-2020-3810

(From OE-Core rev: 2c58d4691b07230616272f2727e0ad0a345064be)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Davide Gardenal
d69c49f33a qemu: backport patch fix for CVE-2020-13791
Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00979.html

CVE: CVE-2020-13791

(From OE-Core rev: 6d4e6302fa21b1c663b94b05088ecf9b9d544c0a)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Ross Burton
513cfaa43d python3: ignore CVE-2022-26488
This CVE is specific to Microsoft Windows, so we can ignore it.

(From OE-Core rev: d966a07d1f04aa76a4970d4af141f817197be0d2)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2bd3c5a93988140d9927340b3af68785ae03db65)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Steve Sakoman
e779ccdf4e libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77
The existing patch for CVE-2021-3200 also fixes CVE-2021-44568 through
CVE-2021-44671 and CVE-2021-44573 through CVE-2021-44677, so update
CVE tags in patch to reflect this.

Reference:

https://github.com/openSUSE/libsolv/issues/426

(From OE-Core rev: 3096134d25fc4cf9bd18839838a62a6c89344e31)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-31 21:09:33 +01:00
Richard Purdie
d084cd4388 poky: Drop PREMIRRORS entries for scms
The reasons for this are lost in the mists of time. These are already
in OE-Core as MIRRORS and we should be falling back to the project as
a backup, not a default. Update accordingly.

(From meta-yocto rev: 99435619a3d5f6afb5b5bb4169fc7b4ef31556dd)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b71a3b9418fd928fb72bd23898cffe70c43d9d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-30 18:34:18 +01:00
Richard Purdie
8b09f50d1a bitbake: tinfoil: Allow run_command not to wait on events
There are some commands where we want to see the events returned so allow
the caller to request this. This also allows us to fix an infamous bug in
the tinfoil testsuite in OE-Core.

(Bitbake rev: 41bf1fa85a540232dcf92fe473c3b3c4cd7259dd)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0e8421c41d97d5d50a553d70c8f775d521f1a199)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-28 13:30:50 +01:00
Richard Purdie
7616c49355 bitbake: server/process: Note when commands complete in logs
Its hard to tell from the server logs whether commands complete or not
(or how long they take). Add extra info to allow more debugging of
server timeouts.

(Bitbake rev: d388f6d159b9d7e1ed3f199f2d1aca0c473cda6d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 56285ada585ec1481449522282b335bcb5a2671e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-28 13:30:50 +01:00
Richard Purdie
8183149d3e oeqa/selftest/tinfoil: Improve tinfoil event test debugging
We still see occasional test failures for unknown reasons. Add some debugging to
show whether the matching files event was received even if the command complete wasn't.

Also ensure any commandfailed/commandexit event is shown.

This will hopefully aid debugging the next time the issue occurs.

(From OE-Core rev: 71015408c60ddf2e9af00cc8574815971e1b689d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2f7a788bb51ef09ee23c94176285437ea760fab7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Richard Purdie
22be09c708 oeqa/runtime/ping: Improve failure message to include more detail
When the ping test fails due to a timeout we only get limited debug
information. Tweak the code to improve that in case it sheds any light
on intermittent failures.

(From OE-Core rev: df98e96c7a1601798caf7f4882b09406a4fdacd6)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d81704057950e1970ef7f673fa771834fd2b3f1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Richard Purdie
4c3d1b0120 python3targetconfig: Use for nativesdk too
nativesdk is a cross compiled target and therefore should use the target
config, not the native one. Copy the target entries accordingly.

(From OE-Core rev: e997487c0068bfe4017fc98c4fa5b51f660a1b4e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1b5fec350b390fa7f2d26966df1411b032faf87)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Changhyeok Bae
08b8cd174d mobile-broadband-provider-info: upgrade 20210805 -> 20220315
(From OE-Core rev: 9e3758114cbc74d820c5904b81b011e5c4a1715b)

Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed02ee8f20094f598448d58875cb7be8a24a019f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Alexander Kanavin
c740a0b5a3 mobile-broadband-provider-info: upgrade 20201225 -> 20210805
(From OE-Core rev: b60558f44d0145c0d68a78b3eabe483cb016700f)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 93a335993ce592a8ee34fc9a490e327f2775e03f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
wangmy
c1f606809d linux-firmware: upgrade 20220209 -> 20220310
License-Update:
 year updated to 2022
 Version of some driver files updated
 Added files for some drivers

(From OE-Core rev: ca8fa031e79b6893b4b2a9f906134e6ef4fe2b0e)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be1b1d204c89035c54a626db46c5054e553b82c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Tim Orling
c625f6524d python3: upgrade 3.8.12 -> 3.8.13
Security and bug fixes (including upgrades for security and bug fixes to
bundled components).

For changes see:
https://docs.python.org/release/3.8.13/whatsnew/changelog.html#python-3-8-13-final

CVE: CVE-2022-26488

License-Update: Add 2022 to copyright years

* Update bpo-36852 patch to apply after change in 3.8.13

(From OE-Core rev: bcad36b6d34b3176dc313ed6af99897cc442bf2b)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Ovidiu Panait
95bdd2e6f8 openssl: upgrade 1.1.1l -> 1.1.1n
Upgrade openssl 1.1.1l -> 1.1.1n to fix CVE-2022-0778:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65

This also fixes an evp_extra_test ptest failure introduced by openssl-1.1.1m:
"""
not ok 19 - test_signatures_with_engine
ERROR: (ptr) 'e = ENGINE_by_id(engine_id) != NULL' failed @ ../openssl-1.1.1m/test/evp_extra_test.c:1890
0x0
not ok 20 - test_cipher_with_engine
<snip>
"""

The ptest change is already present in Yocto master since oe-core
commit 5cd40648b0ba ("openssl: upgrade to 3.0.1").

(From OE-Core rev: 4d33b7ce0c50af81a01014a7d7d37c93a041a28d)

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Minjae Kim
8b369ca021 bluez5: fix CVE-2021-3658
adapter incorrectly restores Discoverable state after powered down

Upstream-Status: Backport [b497b5942a]
CVE: CVE-2021-3658
(From OE-Core rev: 12669ab256a3ffbcb4bcbaba1bc9c690920d32b1)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Davide Gardenal
094a9a9a23 qemu: backport fix for CVE-2020-13253
Backport commits from the following MR:
https://git.qemu.org/?p=qemu.git;a=commit;h=3a9163af4e3dd61795a35d47b702e302f98f81d6

Two other commits have been backported in order to be able
to correctly apply the patches.

CVE: CVE-2020-13253

(From OE-Core rev: b258b0deccde2d8fd2c4372dd0f376c7b95945f5)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Davide Gardenal
9d155cbf95 re2c: backport fix for CVE-2018-21232
Backport commits from the following issue:
https://github.com/skvadrik/re2c/issues/219

CVE: CVE-2018-21232

(From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Ralph Siemsen
cb78d34faf libxml2: move to gitlab.gnome.org
The project has migrated from www.xmlsoft.org to gitlab.gnome.org.
Update the homepage accordingly, and use gnomebase to construct the
download URL, rather than including it in SRC_URI explicitly.

Note that the download is now in .xz format rather than .gz, so the
sha256sum is updated accordingly. Post-decompression tarballs are
identical, so there is no change to the libxml2 code.

(From OE-Core rev: 38681a213a3b5f57b37257f7d96c4e970032ffe4)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Ralph Siemsen
0c0b8487c9 libxml2: backport fix for CVE-2022-23308
Use-after-free of ID and IDREF attributes, which could result in denial
of service.

https://nvd.nist.gov/vuln/detail/CVE-2022-23308
CVE: CVE-2022-23308

(From OE-Core rev: 6c2f91ce93921c9bfe52c62c0347b992df98d62d)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-23 23:16:12 +00:00
Steve Sakoman
3ec873af83 documentation: update for 3.1.15 release
(From yocto-docs rev: 14e7f0c3d8b482e11e9df18364b39019779a619c)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-22 22:32:30 +00:00
Richard Purdie
52b59e8841 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: ff90d0e91aec252d3f5986df9ce02293cddadbca)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-03-14 14:45:39 +00:00
307 changed files with 17033 additions and 1665 deletions

48
bitbake/bin/bitbake-getvar Executable file
View File

@@ -0,0 +1,48 @@
#! /usr/bin/env python3
#
# Copyright (C) 2021 Richard Purdie
#
# SPDX-License-Identifier: GPL-2.0-only
#
import argparse
import io
import os
import sys
bindir = os.path.dirname(__file__)
topdir = os.path.dirname(bindir)
sys.path[0:0] = [os.path.join(topdir, 'lib')]
import bb.tinfoil
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Bitbake Query Variable")
parser.add_argument("variable", help="variable name to query")
parser.add_argument("-r", "--recipe", help="Recipe name to query", default=None, required=False)
parser.add_argument('-u', '--unexpand', help='Do not expand the value (with --value)', action="store_true")
parser.add_argument('-f', '--flag', help='Specify a variable flag to query (with --value)', default=None)
parser.add_argument('--value', help='Only report the value, no history and no variable name', action="store_true")
args = parser.parse_args()
if args.unexpand and not args.value:
print("--unexpand only makes sense with --value")
sys.exit(1)
if args.flag and not args.value:
print("--flag only makes sense with --value")
sys.exit(1)
with bb.tinfoil.Tinfoil(tracking=True) as tinfoil:
if args.recipe:
tinfoil.prepare(quiet=2)
d = tinfoil.parse_recipe(args.recipe)
else:
tinfoil.prepare(quiet=2, config_only=True)
d = tinfoil.config_data
if args.flag:
print(str(d.getVarFlag(args.variable, args.flag, expand=(not args.unexpand))))
elif args.value:
print(str(d.getVar(args.variable, expand=(not args.unexpand))))
else:
bb.data.emit_var(args.variable, d=d, all=True)

View File

@@ -20,6 +20,7 @@ Commands are queued in a CommandQueue
from collections import OrderedDict, defaultdict
import io
import bb.event
import bb.cooker
import bb.remotedata
@@ -478,6 +479,17 @@ class CommandsSync:
d = command.remotedatastores[dsindex].varhistory
return getattr(d, method)(*args, **kwargs)
def dataStoreConnectorVarHistCmdEmit(self, command, params):
dsindex = params[0]
var = params[1]
oval = params[2]
val = params[3]
d = command.remotedatastores[params[4]]
o = io.StringIO()
command.remotedatastores[dsindex].varhistory.emit(var, oval, val, o, d)
return o.getvalue()
def dataStoreConnectorIncHistCmd(self, command, params):
dsindex = params[0]
method = params[1]

View File

@@ -562,6 +562,9 @@ def verify_checksum(ud, d, precomputed={}):
checksum_expected = getattr(ud, "%s_expected" % checksum_id)
if checksum_expected == '':
checksum_expected = None
return {
"id": checksum_id,
"name": checksum_name,
@@ -612,7 +615,7 @@ def verify_checksum(ud, d, precomputed={}):
for ci in checksum_infos:
if ci["expected"] and ci["expected"] != ci["data"]:
messages.append("File: '%s' has %s checksum %s when %s was " \
messages.append("File: '%s' has %s checksum '%s' when '%s' was " \
"expected" % (ud.localpath, ci["id"], ci["data"], ci["expected"]))
bad_checksum = ci["data"]

View File

@@ -224,7 +224,12 @@ class Git(FetchMethod):
ud.shallow = False
if ud.usehead:
ud.unresolvedrev['default'] = 'HEAD'
# When usehead is set let's associate 'HEAD' with the unresolved
# rev of this repository. This will get resolved into a revision
# later. If an actual revision happens to have also been provided
# then this setting will be overridden.
for name in ud.names:
ud.unresolvedrev[name] = 'HEAD'
ud.basecmd = d.getVar("FETCHCMD_git") or "git -c core.fsyncobjectfiles=0"

View File

@@ -52,6 +52,12 @@ class WgetProgressHandler(bb.progress.LineFilterProgressHandler):
class Wget(FetchMethod):
# CDNs like CloudFlare may do a 'browser integrity test' which can fail
# with the standard wget/urllib User-Agent, so pretend to be a modern
# browser.
user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
"""Class to fetch urls via 'wget'"""
def supports(self, ud, d):
"""
@@ -91,10 +97,9 @@ class Wget(FetchMethod):
fetchcmd = self.basecmd
if 'downloadfilename' in ud.parm:
localpath = os.path.join(d.getVar("DL_DIR"), ud.localfile)
bb.utils.mkdirhier(os.path.dirname(localpath))
fetchcmd += " -O %s" % shlex.quote(localpath)
localpath = os.path.join(d.getVar("DL_DIR"), ud.localfile) + ".tmp"
bb.utils.mkdirhier(os.path.dirname(localpath))
fetchcmd += " -O %s" % shlex.quote(localpath)
if ud.user and ud.pswd:
fetchcmd += " --user=%s --password=%s --auth-no-challenge" % (ud.user, ud.pswd)
@@ -108,6 +113,10 @@ class Wget(FetchMethod):
self._runwget(ud, d, fetchcmd, False)
# Remove the ".tmp" and move the file into position atomically
# Our lock prevents multiple writers but mirroring code may grab incomplete files
os.rename(localpath, localpath[:-4])
# Sanity check since wget can pretend it succeed when it didn't
# Also, this used to happen if sourceforge sent us to the mirror page
if not os.path.exists(ud.localpath):
@@ -300,7 +309,7 @@ class Wget(FetchMethod):
# Some servers (FusionForge, as used on Alioth) require that the
# optional Accept header is set.
r.add_header("Accept", "*/*")
r.add_header("User-Agent", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/9.10 (karmic) Firefox/3.6.12")
r.add_header("User-Agent", self.user_agent)
def add_basic_auth(login_str, request):
'''Adds Basic auth to http request, pass in login:password as string'''
import base64
@@ -404,9 +413,8 @@ class Wget(FetchMethod):
"""
f = tempfile.NamedTemporaryFile()
with tempfile.TemporaryDirectory(prefix="wget-index-") as workdir, tempfile.NamedTemporaryFile(dir=workdir, prefix="wget-listing-") as f:
agent = "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/9.10 (karmic) Firefox/3.6.12"
fetchcmd = self.basecmd
fetchcmd += " -O " + f.name + " --user-agent='" + agent + "' '" + uri + "'"
fetchcmd += " -O " + f.name + " --user-agent='" + self.user_agent + "' '" + uri + "'"
try:
self._runwget(ud, d, fetchcmd, True, workdir=workdir)
fetchresult = f.read()

View File

@@ -24,6 +24,7 @@ import pickle
from multiprocessing import Process
import shlex
import pprint
import time
bblogger = logging.getLogger("BitBake")
logger = logging.getLogger("BitBake.RunQueue")
@@ -142,6 +143,55 @@ class RunQueueScheduler(object):
self.buildable.append(tid)
self.rev_prio_map = None
self.is_pressure_usable()
def is_pressure_usable(self):
"""
If monitoring pressure, return True if pressure files can be open and read. For example
openSUSE /proc/pressure/* files have readable file permissions but when read the error EOPNOTSUPP (Operation not supported)
is returned.
"""
if self.rq.max_cpu_pressure or self.rq.max_io_pressure or self.rq.max_memory_pressure:
try:
with open("/proc/pressure/cpu") as cpu_pressure_fds, \
open("/proc/pressure/io") as io_pressure_fds, \
open("/proc/pressure/memory") as memory_pressure_fds:
self.prev_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1]
self.prev_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1]
self.prev_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1]
self.prev_pressure_time = time.time()
self.check_pressure = True
except:
bb.note("The /proc/pressure files can't be read. Continuing build without monitoring pressure")
self.check_pressure = False
else:
self.check_pressure = False
def exceeds_max_pressure(self):
"""
Monitor the difference in total pressure at least once per second, if
BB_PRESSURE_MAX_{CPU|IO|MEMORY} are set, return True if above threshold.
"""
if self.check_pressure:
with open("/proc/pressure/cpu") as cpu_pressure_fds, \
open("/proc/pressure/io") as io_pressure_fds, \
open("/proc/pressure/memory") as memory_pressure_fds:
# extract "total" from /proc/pressure/{cpu|io}
curr_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1]
curr_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1]
curr_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1]
exceeds_cpu_pressure = self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure
exceeds_io_pressure = self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure
exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure
now = time.time()
if now - self.prev_pressure_time > 1.0:
self.prev_cpu_pressure = curr_cpu_pressure
self.prev_io_pressure = curr_io_pressure
self.prev_memory_pressure = curr_memory_pressure
self.prev_pressure_time = now
return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure)
return False
def next_buildable_task(self):
"""
@@ -155,6 +205,12 @@ class RunQueueScheduler(object):
if not buildable:
return None
# Bitbake requires that at least one task be active. Only check for pressure if
# this is the case, otherwise the pressure limitation could result in no tasks
# being active and no new tasks started thereby, at times, breaking the scheduler.
if self.rq.stats.active and self.exceeds_max_pressure():
return None
# Filter out tasks that have a max number of threads that have been exceeded
skip_buildable = {}
for running in self.rq.runq_running.difference(self.rq.runq_complete):
@@ -1700,6 +1756,9 @@ class RunQueueExecute:
self.number_tasks = int(self.cfgData.getVar("BB_NUMBER_THREADS") or 1)
self.scheduler = self.cfgData.getVar("BB_SCHEDULER") or "speed"
self.max_cpu_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_CPU")
self.max_io_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_IO")
self.max_memory_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_MEMORY")
self.sq_buildable = set()
self.sq_running = set()
@@ -1735,6 +1794,29 @@ class RunQueueExecute:
if self.number_tasks <= 0:
bb.fatal("Invalid BB_NUMBER_THREADS %s" % self.number_tasks)
lower_limit = 1.0
upper_limit = 1000000.0
if self.max_cpu_pressure:
self.max_cpu_pressure = float(self.max_cpu_pressure)
if self.max_cpu_pressure < lower_limit:
bb.fatal("Invalid BB_PRESSURE_MAX_CPU %s, minimum value is %s." % (self.max_cpu_pressure, lower_limit))
if self.max_cpu_pressure > upper_limit:
bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_CPU is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_cpu_pressure))
if self.max_io_pressure:
self.max_io_pressure = float(self.max_io_pressure)
if self.max_io_pressure < lower_limit:
bb.fatal("Invalid BB_PRESSURE_MAX_IO %s, minimum value is %s." % (self.max_io_pressure, lower_limit))
if self.max_io_pressure > upper_limit:
bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_IO is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure))
if self.max_memory_pressure:
self.max_memory_pressure = float(self.max_memory_pressure)
if self.max_memory_pressure < lower_limit:
bb.fatal("Invalid BB_PRESSURE_MAX_MEMORY %s, minimum value is %s." % (self.max_memory_pressure, lower_limit))
if self.max_memory_pressure > upper_limit:
bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_MEMORY is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure))
# List of setscene tasks which we've covered
self.scenequeue_covered = set()
# List of tasks which are covered (including setscene ones)

View File

@@ -25,6 +25,7 @@ import subprocess
import errno
import re
import datetime
import gc
import bb.server.xmlrpcserver
from bb import daemonize
from multiprocessing import queues
@@ -221,6 +222,7 @@ class ProcessServer(multiprocessing.Process):
try:
print("Running command %s" % command)
self.command_channel_reply.send(self.cooker.command.runCommand(command))
print("Command Completed")
except Exception as e:
logger.exception('Exception in server main event loop running command %s (%s)' % (command, str(e)))
@@ -670,8 +672,10 @@ class ConnectionWriter(object):
def send(self, obj):
obj = multiprocessing.reduction.ForkingPickler.dumps(obj)
gc.disable()
with self.wlock:
self.writer.send_bytes(obj)
gc.enable()
def fileno(self):
return self.writer.fileno()

View File

@@ -650,6 +650,58 @@ class FetcherLocalTest(FetcherTest):
with self.assertRaises(bb.fetch2.UnpackError):
self.fetchUnpack(['file://a;subdir=/bin/sh'])
def test_local_gitfetch_usehead(self):
# Create dummy local Git repo
src_dir = tempfile.mkdtemp(dir=self.tempdir,
prefix='gitfetch_localusehead_')
src_dir = os.path.abspath(src_dir)
bb.process.run("git init", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit'",
cwd=src_dir)
# Use other branch than master
bb.process.run("git checkout -b my-devel", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit 2'",
cwd=src_dir)
stdout = bb.process.run("git rev-parse HEAD", cwd=src_dir)
orig_rev = stdout[0].strip()
# Fetch and check revision
self.d.setVar("SRCREV", "AUTOINC")
url = "git://" + src_dir + ";protocol=file;usehead=1"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
fetcher.unpack(self.unpackdir)
stdout = bb.process.run("git rev-parse HEAD",
cwd=os.path.join(self.unpackdir, 'git'))
unpack_rev = stdout[0].strip()
self.assertEqual(orig_rev, unpack_rev)
def test_local_gitfetch_usehead_withname(self):
# Create dummy local Git repo
src_dir = tempfile.mkdtemp(dir=self.tempdir,
prefix='gitfetch_localusehead_')
src_dir = os.path.abspath(src_dir)
bb.process.run("git init", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit'",
cwd=src_dir)
# Use other branch than master
bb.process.run("git checkout -b my-devel", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit 2'",
cwd=src_dir)
stdout = bb.process.run("git rev-parse HEAD", cwd=src_dir)
orig_rev = stdout[0].strip()
# Fetch and check revision
self.d.setVar("SRCREV", "AUTOINC")
url = "git://" + src_dir + ";protocol=file;usehead=1;name=newName"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
fetcher.unpack(self.unpackdir)
stdout = bb.process.run("git rev-parse HEAD",
cwd=os.path.join(self.unpackdir, 'git'))
unpack_rev = stdout[0].strip()
self.assertEqual(orig_rev, unpack_rev)
class FetcherNoNetworkTest(FetcherTest):
def setUp(self):
super().setUp()

View File

@@ -53,6 +53,10 @@ class TinfoilDataStoreConnectorVarHistory:
def remoteCommand(self, cmd, *args, **kwargs):
return self.tinfoil.run_command('dataStoreConnectorVarHistCmd', self.dsindex, cmd, args, kwargs)
def emit(self, var, oval, val, o, d):
ret = self.tinfoil.run_command('dataStoreConnectorVarHistCmdEmit', self.dsindex, var, oval, val, d.dsindex)
o.write(ret)
def __getattr__(self, name):
if not hasattr(bb.data_smart.VariableHistory, name):
raise AttributeError("VariableHistory has no such method %s" % name)
@@ -448,7 +452,7 @@ class Tinfoil:
self.run_actions(config_params)
self.recipes_parsed = True
def run_command(self, command, *params):
def run_command(self, command, *params, handle_events=True):
"""
Run a command on the server (as implemented in bb.command).
Note that there are two types of command - synchronous and
@@ -468,7 +472,7 @@ class Tinfoil:
try:
result = self.server_connection.connection.runCommand(commandline)
finally:
while True:
while handle_events:
event = self.wait_event()
if not event:
break

View File

@@ -227,7 +227,9 @@ class TerminalFilter(object):
def keepAlive(self, t):
if not self.cuu:
print("Bitbake still alive (%ds)" % t)
print("Bitbake still alive (no events for %ds). Active tasks:" % t)
for t in self.helper.running_tasks:
print(t)
sys.stdout.flush()
def updateFooter(self):
@@ -597,7 +599,8 @@ def main(server, eventHandler, params, tf = TerminalFilter):
warnings = 0
taskfailures = []
printinterval = 5000
printintervaldelta = 10 * 60 # 10 minutes
printinterval = printintervaldelta
lastprint = time.time()
termfilter = tf(main, helper, console_handlers, params.options.quiet)
@@ -607,7 +610,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
try:
if (lastprint + printinterval) <= time.time():
termfilter.keepAlive(printinterval)
printinterval += 5000
printinterval += printintervaldelta
event = eventHandler.waitEvent(0)
if event is None:
if main.shutdown > 1:
@@ -638,7 +641,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
if isinstance(event, logging.LogRecord):
lastprint = time.time()
printinterval = 5000
printinterval = printintervaldelta
if event.levelno >= bb.msg.BBLogFormatter.ERROR:
errors = errors + 1
return_value = 1

View File

@@ -421,12 +421,14 @@ def better_eval(source, locals, extraglobals = None):
return eval(source, ctx, locals)
@contextmanager
def fileslocked(files):
def fileslocked(files, *args, **kwargs):
"""Context manager for locking and unlocking file locks."""
locks = []
if files:
for lockfile in files:
locks.append(bb.utils.lockfile(lockfile))
l = bb.utils.lockfile(lockfile, *args, **kwargs)
if l is not None:
locks.append(l)
try:
yield

View File

@@ -222,19 +222,10 @@ an entire Linux distribution, including the toolchain, from source.
.. tip::
You can significantly speed up your build and guard against fetcher
failures by using mirrors. To use mirrors, add these lines to your
local.conf file in the Build directory: ::
failures by using mirrors. To use mirrors, add this line to your
``local.conf`` file in the :term:`Build Directory`: ::
SSTATE_MIRRORS = "\
file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n \
file://.* http://sstate.yoctoproject.org/&YOCTO_DOC_VERSION_MINUS_ONE;/PATH;downloadfilename=PATH \n \
file://.* http://sstate.yoctoproject.org/&YOCTO_DOC_VERSION;/PATH;downloadfilename=PATH \n \
"
The previous examples showed how to add sstate paths for Yocto Project
&YOCTO_DOC_VERSION_MINUS_ONE;, &YOCTO_DOC_VERSION;, and a development
area. For a complete index of sstate locations, see http://sstate.yoctoproject.org/.
SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
#. **Start the Build:** Continue with the following command to build an OS
image for the target, which is ``core-image-sato`` in this example:

View File

@@ -15,9 +15,27 @@
import os
import sys
import datetime
try:
import yaml
except ImportError:
sys.stderr.write("The Yocto Project Sphinx documentation requires PyYAML.\
\nPlease make sure to install pyyaml python package.\n")
sys.exit(1)
current_version = "3.1.14"
bitbake_version = "1.46"
# current_version = "dev"
# bitbake_version = "" # Leave empty for development branch
# Obtain versions from poky.yaml instead
with open("poky.yaml") as data:
buff = data.read()
subst_vars = yaml.safe_load(buff)
if "DOCCONF_VERSION" not in subst_vars:
sys.stderr.write("Please set DOCCONF_VERSION in poky.yaml")
sys.exit(1)
current_version = subst_vars["DOCCONF_VERSION"]
if "BITBAKE_SERIES" not in subst_vars:
sys.stderr.write("Please set BITBAKE_SERIES in poky.yaml")
sys.exit(1)
bitbake_version = subst_vars["BITBAKE_SERIES"]
# String used in sidebar
version = 'Version: ' + current_version

View File

@@ -4967,7 +4967,7 @@ configuration would be as follows:
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
IMAGE_INSTALL_append = "lib32-glib-2.0"
IMAGE_INSTALL_append = " lib32-glib-2.0"
This example enables an additional library named
``lib32`` alongside the normal target packages. When combining these

View File

@@ -1100,7 +1100,7 @@ Section.
::
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
SRC_URI_append = "file://0001-calibrate.c-Added-some-printk-statements.patch"
SRC_URI_append = " file://0001-calibrate.c-Added-some-printk-statements.patch"
The :term:`FILESEXTRAPATHS` and :term:`SRC_URI` statements
enable the OpenEmbedded build system to find the patch file.

View File

@@ -1986,9 +1986,7 @@ Behind the scenes, the shared state code works by looking in
shared state files. Here is an example:
::
SSTATE_MIRRORS ?= "\
file://.\* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \
file://.\* file:///some/local/dir/sstate/PATH"
SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
.. note::

View File

@@ -1,11 +1,13 @@
DISTRO : "3.1.14"
DISTRO : "3.1.20"
DISTRO_NAME_NO_CAP : "dunfell"
DISTRO_NAME : "Dunfell"
DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus"
YOCTO_DOC_VERSION : "3.1.14"
YOCTO_DOC_VERSION : "3.1.20"
YOCTO_DOC_VERSION_MINUS_ONE : "3.0.4"
DISTRO_REL_TAG : "yocto-3.1.14"
POKYVERSION : "23.0.14"
DISTRO_REL_TAG : "yocto-3.1.20"
DOCCONF_VERSION : "3.1.20"
BITBAKE_SERIES : "1.46"
POKYVERSION : "23.0.20"
YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"
YOCTO_DL_URL : "https://downloads.yoctoproject.org"
YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"

View File

@@ -63,6 +63,8 @@ Project metadata:
- *keyboard:* Hardware has a keyboard
- *numa:* Hardware has non-uniform memory access
- *pcbios:* Support for booting through BIOS
- *pci:* Hardware has a PCI bus

View File

@@ -3846,10 +3846,10 @@ system and gives an overview of their function and contents.
::
KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
KERNEL_FEATURES_append = "${KERNEL_EXTRA_FEATURES}"
KERNEL_FEATURES_append_qemuall = "cfg/virtio.scc"
KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
KERNEL_FEATURES_append_qemuall = " cfg/virtio.scc"
KERNEL_FEATURES_append_qemux86 = " cfg/sound.scc cfg/paravirt_kvm.scc"
KERNEL_FEATURES_append_qemux86-64 = "cfg/sound.scc"
KERNEL_FEATURES_append_qemux86-64 = " cfg/sound.scc"
:term:`KERNEL_FIT_LINK_NAME`
The link name of the kernel flattened image tree (FIT) image. This
@@ -4048,7 +4048,7 @@ system and gives an overview of their function and contents.
SRCREV_machine_core2-32-intel-common = "43b9eced9ba8a57add36af07736344dcc383f711"
KMACHINE_core2-32-intel-common = "intel-core2-32"
KBRANCH_core2-32-intel-common = "standard/base"
KERNEL_FEATURES_append_core2-32-intel-common = "${KERNEL_FEATURES_INTEL_COMMON}"
KERNEL_FEATURES_append_core2-32-intel-common = " ${KERNEL_FEATURES_INTEL_COMMON}"
The ``KMACHINE`` statement says
that the kernel understands the machine name as "intel-core2-32".
@@ -7542,7 +7542,7 @@ system and gives an overview of their function and contents.
``SYSTEMD_BOOT_CFG`` as follows:
::
SYSTEMD_BOOT_CFG ?= "${:term:`S`}/loader.conf"
SYSTEMD_BOOT_CFG ?= "${S}/loader.conf"
For information on Systemd-boot, see the `Systemd-boot
documentation <http://www.freedesktop.org/wiki/Software/systemd/systemd-boot/>`__.
@@ -8745,4 +8745,22 @@ system and gives an overview of their function and contents.
The default value of ``XSERVER``, if not specified in the machine
configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
:term:`XZ_THREADS`
Specifies the number of parallel threads that should be used when
using xz compression.
By default this scales with core count, but is never set less than 2
to ensure that multi-threaded mode is always used so that the output
file contents are deterministic. Builds will work with a value of 1
but the output will differ compared to the output from the compression
generated when more than one thread is used.
On systems where many tasks run in parallel, setting a limit to this
can be helpful in controlling system resource usage.
:term:`XZ_MEMLIMIT`
Specifies the maximum memory the xz compression should use as a percentage
of system memory. If unconstrained the xz compressor can use large amounts of
memory and become problematic with parallelism elsewhere in the build.
"50%" has been found to be a good value.

View File

@@ -1,6 +1,6 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
DISTRO_VERSION = "3.1.15"
DISTRO_VERSION = "3.1.20"
DISTRO_CODENAME = "dunfell"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"
@@ -39,16 +39,6 @@ DISTRO_EXTRA_RDEPENDS_append_qemux86-64 = " ${POKYQEMUDEPS}"
TCLIBCAPPEND = ""
PREMIRRORS ??= "\
bzr://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
cvs://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
git://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
gitsm://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
hg://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
osc://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
p4://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
svn://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n"
SANITY_TESTED_DISTROS ?= " \
poky-2.7 \n \
poky-3.0 \n \

View File

@@ -231,7 +231,7 @@ BB_DISKMON_DIRS ??= "\
# present in the cache. It assumes you can download something faster than you can build it
# which will depend on your network.
#
#SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/2.5/PATH;downloadfilename=PATH"
#SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
#
# Qemu configuration

View File

@@ -1,6 +1,6 @@
SUMMARY = "An image used during oe-selftest tests"
IMAGE_INSTALL = "packagegroup-core-boot dropbear"
IMAGE_INSTALL = "packagegroup-core-boot packagegroup-core-ssh-dropbear"
IMAGE_FEATURES = "debug-tweaks"
IMAGE_LINGUAS = " "

View File

@@ -2,7 +2,7 @@ SUMMARY = "Test recipe for recipeutils.patch_recipe()"
require recipeutils-test.inc
LICENSE = "Proprietary"
LICENSE = "HPND"
LIC_FILES_CHKSUM = "file://${WORKDIR}/somefile;md5=d41d8cd98f00b204e9800998ecf8427e"
DEPENDS += "zlib"

View File

@@ -7,8 +7,8 @@ KMACHINE_genericx86 ?= "common-pc"
KMACHINE_genericx86-64 ?= "common-pc-64"
KMACHINE_beaglebone-yocto ?= "beaglebone"
SRCREV_machine_genericx86 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
SRCREV_machine_genericx86-64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
SRCREV_machine_genericx86 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86"
SRCREV_machine_genericx86-64 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86"
SRCREV_machine_edgerouter ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
SRCREV_machine_beaglebone-yocto ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
@@ -17,7 +17,7 @@ COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64"
COMPATIBLE_MACHINE_edgerouter = "edgerouter"
COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
LINUX_VERSION_genericx86 = "5.4.178"
LINUX_VERSION_genericx86-64 = "5.4.178"
LINUX_VERSION_genericx86 = "5.4.205"
LINUX_VERSION_genericx86-64 = "5.4.205"
LINUX_VERSION_edgerouter = "5.4.58"
LINUX_VERSION_beaglebone-yocto = "5.4.58"

View File

@@ -54,9 +54,10 @@ ARCHIVER_MODE[mirror] ?= "split"
DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources"
ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources"
ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/"
ARCHIVER_ARCH = "${TARGET_SYS}"
ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${ARCHIVER_ARCH}/${PF}/"
ARCHIVER_RPMTOPDIR ?= "${WORKDIR}/deploy-sources-rpm"
ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${TARGET_SYS}/${PF}/"
ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${ARCHIVER_ARCH}/${PF}/"
ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/"
# When producing a combined mirror directory, allow duplicates for the case
@@ -100,6 +101,10 @@ python () {
bb.debug(1, 'archiver: %s is excluded, covered by gcc-source' % pn)
return
# TARGET_SYS in ARCHIVER_ARCH will break the stamp for gcc-source in multiconfig
if pn.startswith('gcc-source'):
d.setVar('ARCHIVER_ARCH', "allarch")
def hasTask(task):
return bool(d.getVarFlag(task, "task", False)) and not bool(d.getVarFlag(task, "noexec", False))
@@ -578,7 +583,7 @@ python do_dumpdata () {
SSTATETASKS += "do_deploy_archives"
do_deploy_archives () {
echo "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}."
bbnote "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}."
}
python do_deploy_archives_setscene () {
sstate_setscene(d)

View File

@@ -122,6 +122,10 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
tools = d.getVar(toolsvar).split()
origbbenv = d.getVar("BB_ORIGENV", False)
path = origbbenv.getVar("PATH")
# Need to ignore our own scripts directories to avoid circular links
for p in path.split(":"):
if p.endswith("/scripts"):
path = path.replace(p, "/ignoreme")
bb.utils.mkdirhier(dest)
notfound = []
for tool in tools:

View File

@@ -30,8 +30,9 @@ bin_package_do_install () {
bbfatal bin_package has nothing to install. Be sure the SRC_URI unpacks into S.
fi
cd ${S}
install -d ${D}${base_prefix}
tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - . \
| tar --no-same-owner -xpf - -C ${D}
| tar --no-same-owner -xpf - -C ${D}${base_prefix}
}
FILES_${PN} = "/"

View File

@@ -34,15 +34,33 @@ CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
# Report Patched or Ignored/Whitelisted CVEs
CVE_CHECK_REPORT_PATCHED ??= "1"
CVE_CHECK_SHOW_WARNINGS ??= "1"
# Provide text output
CVE_CHECK_FORMAT_TEXT ??= "1"
# Provide JSON output - disabled by default for backward compatibility
CVE_CHECK_FORMAT_JSON ??= "0"
# Check for packages without CVEs (no issues or missing product name)
CVE_CHECK_COVERAGE ??= "1"
# Whitelist for packages (PN)
CVE_CHECK_PN_WHITELIST ?= ""
@@ -63,9 +81,31 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
# set to "alphabetical" for version using single alphabetical character as increment release
CVE_VERSION_SUFFIX ??= ""
def generate_json_report(d, out_path, link_path):
if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
import json
from oe.cve_check import cve_check_merge_jsons, update_symlinks
bb.note("Generating JSON CVE summary")
index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
summary = {"version":"1", "package": []}
with open(index_file) as f:
filename = f.readline()
while filename:
with open(filename.rstrip()) as j:
data = json.load(j)
cve_check_merge_jsons(summary, data)
filename = f.readline()
with open(out_path, "w") as f:
json.dump(summary, f, indent=2)
update_symlinks(out_path, link_path)
python cve_save_summary_handler () {
import shutil
import datetime
from oe.cve_check import update_symlinks
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
@@ -78,13 +118,15 @@ python cve_save_summary_handler () {
if os.path.exists(cve_tmp_file):
shutil.copyfile(cve_tmp_file, cve_summary_file)
cvefile_link = os.path.join(cvelogpath, cve_summary_name)
update_symlinks(cve_summary_file, cvefile_link)
bb.plain("Complete CVE report summary created at: %s" % cvefile_link)
if cve_summary_file and os.path.exists(cve_summary_file):
cvefile_link = os.path.join(cvelogpath, cve_summary_name)
if os.path.exists(os.path.realpath(cvefile_link)):
os.remove(cvefile_link)
os.symlink(os.path.basename(cve_summary_file), cvefile_link)
if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
json_summary_link_name = os.path.join(cvelogpath, d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON"))
json_summary_name = os.path.join(cvelogpath, "%s-%s.json" % (cve_summary_name, timestamp))
generate_json_report(d, json_summary_name, json_summary_link_name)
bb.plain("Complete CVE JSON report summary created at: %s" % json_summary_link_name)
}
addhandler cve_save_summary_handler
@@ -94,22 +136,24 @@ python do_cve_check () {
"""
Check recipe for patched and unpatched CVEs
"""
from oe.cve_check import get_patched_cves
if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
try:
patched_cves = get_patches_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
whitelisted, patched, unpatched = check_cves(d, patched_cves)
if patched or unpatched:
cve_data = get_cve_info(d, patched + unpatched)
cve_write_data(d, patched, unpatched, whitelisted, cve_data)
else:
bb.note("No CVE database found, skipping CVE check")
with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True):
if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
try:
patched_cves = get_patched_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
ignored, patched, unpatched, status = check_cves(d, patched_cves)
if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
cve_data = get_cve_info(d, patched + unpatched + ignored)
cve_write_data(d, patched, unpatched, ignored, cve_data, status)
else:
bb.note("No CVE database found, skipping CVE check")
}
addtask cve_check before do_build after do_fetch
addtask cve_check before do_build
do_cve_check[depends] = "cve-update-db-native:do_fetch"
do_cve_check[nostamp] = "1"
@@ -118,10 +162,11 @@ python cve_check_cleanup () {
Delete the file used to gather all the CVE information.
"""
bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE"))
bb.utils.remove(e.data.getVar("CVE_CHECK_SUMMARY_INDEX_PATH"))
}
addhandler cve_check_cleanup
cve_check_cleanup[eventmask] = "bb.cooker.CookerExit"
cve_check_cleanup[eventmask] = "bb.event.BuildCompleted"
python cve_check_write_rootfs_manifest () {
"""
@@ -129,92 +174,80 @@ python cve_check_write_rootfs_manifest () {
"""
import shutil
import json
from oe.rootfs import image_list_installed_packages
from oe.cve_check import cve_check_merge_jsons, update_symlinks
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
if os.path.exists(deploy_file):
bb.utils.remove(deploy_file)
deploy_file_json = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
if os.path.exists(deploy_file_json):
bb.utils.remove(deploy_file_json)
if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):
bb.note("Writing rootfs CVE manifest")
deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
link_name = d.getVar("IMAGE_LINK_NAME")
# Create a list of relevant recipies
recipies = set()
for pkg in list(image_list_installed_packages(d)):
pkg_info = os.path.join(d.getVar('PKGDATA_DIR'),
'runtime-reverse', pkg)
pkg_data = oe.packagedata.read_pkgdatafile(pkg_info)
recipies.add(pkg_data["PN"])
bb.note("Writing rootfs CVE manifest")
deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
link_name = d.getVar("IMAGE_LINK_NAME")
json_data = {"version":"1", "package": []}
text_data = ""
enable_json = d.getVar("CVE_CHECK_FORMAT_JSON") == "1"
enable_text = d.getVar("CVE_CHECK_FORMAT_TEXT") == "1"
save_pn = d.getVar("PN")
for pkg in recipies:
# To be able to use the CVE_CHECK_RECIPE_FILE variable we have to evaluate
# it with the different PN names set each time.
d.setVar("PN", pkg)
if enable_text:
pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE")
if os.path.exists(pkgfilepath):
with open(pkgfilepath) as pfile:
text_data += pfile.read()
if enable_json:
pkgfilepath = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
if os.path.exists(pkgfilepath):
with open(pkgfilepath) as j:
data = json.load(j)
cve_check_merge_jsons(json_data, data)
d.setVar("PN", save_pn)
if enable_text:
link_path = os.path.join(deploy_dir, "%s.cve" % link_name)
manifest_name = d.getVar("CVE_CHECK_MANIFEST")
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
bb.utils.mkdirhier(os.path.dirname(manifest_name))
shutil.copyfile(cve_tmp_file, manifest_name)
with open(manifest_name, "w") as f:
f.write(text_data)
if manifest_name and os.path.exists(manifest_name):
manifest_link = os.path.join(deploy_dir, "%s.cve" % link_name)
# If we already have another manifest, update symlinks
if os.path.exists(os.path.realpath(manifest_link)):
os.remove(manifest_link)
os.symlink(os.path.basename(manifest_name), manifest_link)
bb.plain("Image CVE report stored in: %s" % manifest_name)
update_symlinks(manifest_name, link_path)
bb.plain("Image CVE report stored in: %s" % manifest_name)
if enable_json:
link_path = os.path.join(deploy_dir, "%s.json" % link_name)
manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
with open(manifest_name, "w") as f:
json.dump(json_data, f, indent=2)
update_symlinks(manifest_name, link_path)
bb.plain("Image CVE JSON report stored in: %s" % manifest_name)
}
ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
do_rootfs[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
def get_patches_cves(d):
"""
Get patches that solve CVEs using the "CVE: " tag.
"""
import re
pn = d.getVar("PN")
cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
# Matches the last "CVE-YYYY-ID" in the file name, also if written
# in lowercase. Possible to have multiple CVE IDs in a single
# file name, but only the last one will be detected from the file name.
# However, patch files contents addressing multiple CVE IDs are supported
# (cve_match regular expression)
cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
patched_cves = set()
bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
for url in src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
if not os.path.isfile(patch_file):
bb.error("File Not found: %s" % patch_file)
raise FileNotFoundError
# Check patch file name for CVE ID
fname_match = cve_file_name_match.search(patch_file)
if fname_match:
cve = fname_match.group(1).upper()
patched_cves.add(cve)
bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
with open(patch_file, "r", encoding="utf-8") as f:
try:
patch_text = f.read()
except UnicodeDecodeError:
bb.debug(1, "Failed to read patch %s using UTF-8 encoding"
" trying with iso8859-1" % patch_file)
f.close()
with open(patch_file, "r", encoding="iso8859-1") as f:
patch_text = f.read()
# Search for one or more "CVE: " lines
text_match = False
for match in cve_match.finditer(patch_text):
# Get only the CVEs without the "CVE: " tag
cves = patch_text[match.start()+5:match.end()]
for cve in cves.split():
bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
patched_cves.add(cve)
text_match = True
if not fname_match and not text_match:
bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
return patched_cves
do_populate_sdk[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
def check_cves(d, patched_cves):
"""
@@ -227,17 +260,20 @@ def check_cves(d, patched_cves):
suffix = d.getVar("CVE_VERSION_SUFFIX")
cves_unpatched = []
cves_ignored = []
cves_status = []
cves_in_recipe = False
# CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
products = d.getVar("CVE_PRODUCT").split()
# If this has been unset then we're not scanning for CVEs here (for example, image recipes)
if not products:
return ([], [], [])
return ([], [], [], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
# If the recipe has been whitelisted we return empty lists
if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
bb.note("Recipe has been whitelisted, skipping check")
return ([], [], [])
return ([], [], [], [])
cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
@@ -247,28 +283,39 @@ def check_cves(d, patched_cves):
# For each of the known product names (e.g. curl has CPEs using curl and libcurl)...
for product in products:
cves_in_product = False
if ":" in product:
vendor, product = product.split(":", 1)
else:
vendor = "%"
# Find all relevant CVE IDs.
for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
for cverow in cve_cursor:
cve = cverow[0]
if cve in cve_whitelist:
bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
# TODO: this should be in the report as 'whitelisted'
patched_cves.add(cve)
cves_ignored.append(cve)
continue
elif cve in patched_cves:
bb.note("%s has been patched" % (cve))
continue
# Write status once only for each product
if not cves_in_product:
cves_status.append([product, True])
cves_in_product = True
cves_in_recipe = True
vulnerable = False
for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
ignored = False
product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
for row in product_cursor:
(_, _, _, version_start, operator_start, version_end, operator_end) = row
#bb.debug(2, "Evaluating row " + str(row))
if cve in cve_whitelist:
ignored = True
if (operator_start == '=' and pv == version_start) or version_start == '-':
vulnerable = True
@@ -301,18 +348,27 @@ def check_cves(d, patched_cves):
vulnerable = vulnerable_start or vulnerable_end
if vulnerable:
bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
cves_unpatched.append(cve)
if ignored:
bb.note("%s is ignored in %s-%s" % (cve, pn, real_pv))
cves_ignored.append(cve)
else:
bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
cves_unpatched.append(cve)
break
product_cursor.close()
if not vulnerable:
bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
# TODO: not patched but not vulnerable
patched_cves.add(cve)
cve_cursor.close()
if not cves_in_product:
bb.note("No CVE records found for product %s, pn %s" % (product, pn))
cves_status.append([product, False])
conn.close()
return (list(cve_whitelist), list(patched_cves), cves_unpatched)
return (list(cves_ignored), list(patched_cves), cves_unpatched, cves_status)
def get_cve_info(d, cves):
"""
@@ -326,24 +382,24 @@ def get_cve_info(d, cves):
conn = sqlite3.connect(db_file, uri=True)
for cve in cves:
for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
for row in cursor:
cve_data[row[0]] = {}
cve_data[row[0]]["summary"] = row[1]
cve_data[row[0]]["scorev2"] = row[2]
cve_data[row[0]]["scorev3"] = row[3]
cve_data[row[0]]["modified"] = row[4]
cve_data[row[0]]["vector"] = row[5]
cursor.close()
conn.close()
return cve_data
def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
"""
Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
CVE manifest if enabled.
"""
cve_file = d.getVar("CVE_CHECK_LOG")
fdir_name = d.getVar("FILE_DIRNAME")
layer = fdir_name.split("/")[-3]
@@ -351,12 +407,18 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1"
if exclude_layers and layer in exclude_layers:
return
if include_layers and layer not in include_layers:
return
# Early exit, the text format does not report packages without CVEs
if not patched+unpatched+whitelisted:
return
nvd_link = "https://nvd.nist.gov/vuln/detail/"
write_string = ""
unpatched_cves = []
@@ -364,13 +426,16 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
for cve in sorted(cve_data):
is_patched = cve in patched
if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
is_ignored = cve in whitelisted
if (is_patched or is_ignored) and not report_all:
continue
write_string += "LAYER: %s\n" % layer
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
write_string += "CVE: %s\n" % cve
if cve in whitelisted:
if is_ignored:
write_string += "CVE STATUS: Whitelisted\n"
elif is_patched:
write_string += "CVE STATUS: Patched\n"
@@ -383,23 +448,138 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
if unpatched_cves:
if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
if write_string:
with open(cve_file, "w") as f:
bb.note("Writing file %s with CVE information" % cve_file)
with open(cve_file, "w") as f:
bb.note("Writing file %s with CVE information" % cve_file)
f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
bb.utils.mkdirhier(os.path.dirname(deploy_file))
with open(deploy_file, "w") as f:
f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
bb.utils.mkdirhier(os.path.dirname(deploy_file))
with open(deploy_file, "w") as f:
f.write(write_string)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
bb.utils.mkdirhier(cvelogpath)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
bb.utils.mkdirhier(cvelogpath)
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file):
"""
Write CVE information in the JSON format: to WORKDIR; and to
CVE_CHECK_DIR, if CVE manifest if enabled, write fragment
files that will be assembled at the end in cve_check_write_rootfs_manifest.
"""
import json
write_string = json.dumps(output, indent=2)
with open(direct_file, "w") as f:
bb.note("Writing file %s with CVE information" % direct_file)
f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
bb.utils.mkdirhier(os.path.dirname(deploy_file))
with open(deploy_file, "w") as f:
f.write(write_string)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
index_path = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
bb.utils.mkdirhier(cvelogpath)
fragment_file = os.path.basename(deploy_file)
fragment_path = os.path.join(cvelogpath, fragment_file)
with open(fragment_path, "w") as f:
f.write(write_string)
with open(index_path, "a+") as f:
f.write("%s\n" % fragment_path)
def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
"""
Prepare CVE data for the JSON format, then write it.
"""
output = {"version":"1", "package": []}
nvd_link = "https://nvd.nist.gov/vuln/detail/"
fdir_name = d.getVar("FILE_DIRNAME")
layer = fdir_name.split("/")[-3]
include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1"
if exclude_layers and layer in exclude_layers:
return
if include_layers and layer not in include_layers:
return
unpatched_cves = []
product_data = []
for s in cve_status:
p = {"product": s[0], "cvesInRecord": "Yes"}
if s[1] == False:
p["cvesInRecord"] = "No"
product_data.append(p)
package_version = "%s%s" % (d.getVar("EXTENDPE"), d.getVar("PV"))
package_data = {
"name" : d.getVar("PN"),
"layer" : layer,
"version" : package_version,
"products": product_data
}
cve_list = []
for cve in sorted(cve_data):
is_patched = cve in patched
is_ignored = cve in ignored
status = "Unpatched"
if (is_patched or is_ignored) and not report_all:
continue
if is_ignored:
status = "Ignored"
elif is_patched:
status = "Patched"
else:
# default value of status is Unpatched
unpatched_cves.append(cve)
issue_link = "%s%s" % (nvd_link, cve)
cve_item = {
"id" : cve,
"summary" : cve_data[cve]["summary"],
"scorev2" : cve_data[cve]["scorev2"],
"scorev3" : cve_data[cve]["scorev3"],
"vector" : cve_data[cve]["vector"],
"status" : status,
"link": issue_link
}
cve_list.append(cve_item)
package_data["issue"] = cve_list
output["package"].append(package_data)
direct_file = d.getVar("CVE_CHECK_LOG_JSON")
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
manifest_file = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME_JSON")
cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file)
def cve_write_data(d, patched, unpatched, ignored, cve_data, status):
"""
Write CVE data in each enabled format.
"""
if d.getVar("CVE_CHECK_FORMAT_TEXT") == "1":
cve_write_data_text(d, patched, unpatched, ignored, cve_data)
if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
cve_write_data_json(d, patched, unpatched, ignored, cve_data, status)

View File

@@ -2,6 +2,8 @@ inherit terminal
DEVSHELL = "${SHELL}"
PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:"
python do_devshell () {
if d.getVarFlag("do_devshell", "manualfakeroot"):
d.prependVar("DEVSHELL", "pseudo ")

View File

@@ -124,7 +124,7 @@ python () {
def rootfs_variables(d):
from oe.rootfs import variable_depends
variables = ['IMAGE_DEVICE_TABLE','IMAGE_DEVICE_TABLES','BUILD_IMAGES_FROM_FEEDS','IMAGE_TYPES_MASKED','IMAGE_ROOTFS_ALIGNMENT','IMAGE_OVERHEAD_FACTOR','IMAGE_ROOTFS_SIZE','IMAGE_ROOTFS_EXTRA_SPACE',
'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS', 'IMAGE_LINGUAS_COMPLEMENTARY',
'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS', 'IMAGE_LINGUAS_COMPLEMENTARY', 'IMAGE_LOCALES_ARCHIVE',
'MULTILIBRE_ALLOW_REP','MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS',
'PACKAGE_ARCHS','PACKAGE_CLASSES','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS',
'CONVERSIONTYPES', 'IMAGE_GEN_DEBUGFS', 'ROOTFS_RO_UNNEEDED', 'IMGDEPLOYDIR', 'PACKAGE_EXCLUDE_COMPLEMENTARY', 'REPRODUCIBLE_TIMESTAMP_ROOTFS', 'IMAGE_INSTALL_DEBUGFS']
@@ -176,6 +176,9 @@ IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}"
# per default create a locale archive
IMAGE_LOCALES_ARCHIVE ?= '1'
# Prefer image, but use the fallback files for lookups if the image ones
# aren't yet available.
PSEUDO_PASSWD = "${IMAGE_ROOTFS}:${STAGING_DIR_NATIVE}"

View File

@@ -452,12 +452,14 @@ def package_qa_check_buildpaths(path, name, d, elf, messages):
"""
Check for build paths inside target files and error if not found in the whitelist
"""
import stat
# Ignore .debug files, not interesting
if path.find(".debug") != -1:
return
# Ignore symlinks
if os.path.islink(path):
# Ignore symlinks/devs/fifos
mode = os.lstat(path).st_mode
if stat.S_ISLNK(mode) or stat.S_ISBLK(mode) or stat.S_ISFIFO(mode) or stat.S_ISCHR(mode) or stat.S_ISSOCK(mode):
return
tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8")
@@ -945,7 +947,7 @@ def package_qa_check_host_user(path, name, d, elf, messages):
dest = d.getVar('PKGDEST')
pn = d.getVar('PN')
home = os.path.join(dest, 'home')
home = os.path.join(dest, name, 'home')
if path == home or path.startswith(home + os.sep):
return

View File

@@ -61,7 +61,7 @@ HOST_LD_KERNEL_ARCH ?= "${TARGET_LD_KERNEL_ARCH}"
TARGET_AR_KERNEL_ARCH ?= ""
HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}"
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}"
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
TOOLCHAIN = "gcc"

View File

@@ -56,6 +56,9 @@ FIT_HASH_ALG ?= "sha256"
# fitImage Signature Algo
FIT_SIGN_ALG ?= "rsa2048"
# fitImage Padding Algo
FIT_PAD_ALG ?= "pkcs-1.5"
#
# Emit the fitImage ITS header
#
@@ -250,6 +253,7 @@ fitimage_emit_section_config() {
conf_csum="${FIT_HASH_ALG}"
conf_sign_algo="${FIT_SIGN_ALG}"
conf_padding_algo="${FIT_PAD_ALG}"
if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
fi
@@ -333,6 +337,7 @@ EOF
signature-1 {
algo = "${conf_csum},${conf_sign_algo}";
key-name-hint = "${conf_sign_keyname}";
padding = "${conf_padding_algo}";
${sign_line}
};
EOF

View File

@@ -269,6 +269,8 @@ do_kernel_metadata() {
bbnote "KERNEL_FEATURES: $KERNEL_FEATURES_FINAL"
bbnote "Final scc/cfg list: $sccs_defconfig $bsp_definition $sccs $KERNEL_FEATURES_FINAL"
fi
set -e
}
do_patch() {
@@ -298,6 +300,8 @@ do_patch() {
fi
done
fi
set -e
}
do_kernel_checkout() {
@@ -356,6 +360,8 @@ do_kernel_checkout() {
git commit -q -m "baseline commit: creating repo for ${PN}-${PV}"
git clean -d -f
fi
set -e
}
do_kernel_checkout[dirs] = "${S}"
@@ -523,6 +529,8 @@ do_validate_branches() {
kgit-s2q --clean
fi
fi
set -e
}
OE_TERMINAL_EXPORTS += "KBUILD_OUTPUT"

View File

@@ -91,17 +91,17 @@ def copy_license_files(lic_files_paths, destdir):
os.link(src, dst)
except OSError as err:
if err.errno == errno.EXDEV:
# Copy license files if hard-link is not possible even if st_dev is the
# Copy license files if hardlink is not possible even if st_dev is the
# same on source and destination (docker container with device-mapper?)
canlink = False
else:
raise
# Only chown if we did hardling, and, we're running under pseudo
# Only chown if we did hardlink and we're running under pseudo
if canlink and os.environ.get('PSEUDO_DISABLED') == '0':
os.chown(dst,0,0)
if not canlink:
begin_idx = int(beginline)-1 if beginline is not None else None
end_idx = int(endline) if endline is not None else None
begin_idx = max(0, int(beginline) - 1) if beginline is not None else None
end_idx = max(0, int(endline)) if endline is not None else None
if begin_idx is None and end_idx is None:
shutil.copyfile(src, dst)
else:

View File

@@ -9,8 +9,8 @@ python write_package_manifest() {
pkgs = image_list_installed_packages(d)
output = format_pkg_list(pkgs)
open(os.path.join(license_image_dir, 'package.manifest'),
'w+').write(output)
with open(os.path.join(license_image_dir, 'package.manifest'), "w+") as package_manifest:
package_manifest.write(output)
}
python license_create_manifest() {

View File

@@ -1,8 +1,3 @@
METADATA_BRANCH ?= "${@base_detect_branch(d)}"
METADATA_BRANCH[vardepvalue] = "${METADATA_BRANCH}"
METADATA_REVISION ?= "${@base_detect_revision(d)}"
METADATA_REVISION[vardepvalue] = "${METADATA_REVISION}"
def base_detect_revision(d):
path = base_get_scmbasepath(d)
return base_get_metadata_git_revision(path, d)
@@ -42,3 +37,8 @@ def base_get_metadata_git_revision(path, d):
except bb.process.ExecutionError:
rev = '<unknown>'
return rev.strip()
METADATA_BRANCH := "${@base_detect_branch(d)}"
METADATA_BRANCH[vardepvalue] = "${METADATA_BRANCH}"
METADATA_REVISION := "${@base_detect_revision(d)}"
METADATA_REVISION[vardepvalue] = "${METADATA_REVISION}"

View File

@@ -42,6 +42,7 @@ ftp://sourceware.org/pub http://ftp.gwdg.de/pub/linux/sources.redhat.com/sourcew
cvs://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
svn://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
git://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
gitsm://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
hg://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
bzr://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
p4://.*/.* http://downloads.yoctoproject.org/mirror/sources/ \n \
@@ -52,6 +53,7 @@ npm://.*/?.* http://downloads.yoctoproject.org/mirror/sources/ \n \
cvs://.*/.* http://sources.openembedded.org/ \n \
svn://.*/.* http://sources.openembedded.org/ \n \
git://.*/.* http://sources.openembedded.org/ \n \
gitsm://.*/.* http://sources.openembedded.org/ \n \
hg://.*/.* http://sources.openembedded.org/ \n \
bzr://.*/.* http://sources.openembedded.org/ \n \
p4://.*/.* http://sources.openembedded.org/ \n \

View File

@@ -15,3 +15,15 @@ do_compile_prepend_class-target() {
do_install_prepend_class-target() {
export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
}
do_configure:prepend:class-nativesdk() {
export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
}
do_compile:prepend:class-nativesdk() {
export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
}
do_install:prepend:class-nativesdk() {
export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
}

View File

@@ -267,9 +267,10 @@ python write_image_manifest () {
if os.path.exists(manifest_name) and link_name:
manifest_link = deploy_dir + "/" + link_name + ".manifest"
if os.path.lexists(manifest_link):
os.remove(manifest_link)
os.symlink(os.path.basename(manifest_name), manifest_link)
if manifest_link != manifest_name:
if os.path.lexists(manifest_link):
os.remove(manifest_link)
os.symlink(os.path.basename(manifest_name), manifest_link)
}
# Can be used to create /etc/timestamp during image construction to give a reasonably
@@ -304,7 +305,7 @@ rootfs_trim_schemas () {
}
rootfs_check_host_user_contaminated () {
contaminated="${WORKDIR}/host-user-contaminated.txt"
contaminated="${S}/host-user-contaminated.txt"
HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)"
HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)"
@@ -339,9 +340,10 @@ python write_image_test_data() {
if os.path.exists(testdata_name) and link_name:
testdata_link = os.path.join(deploy_dir, "%s.testdata.json" % link_name)
if os.path.lexists(testdata_link):
os.remove(testdata_link)
os.symlink(os.path.basename(testdata_name), testdata_link)
if testdata_link != testdata_name:
if os.path.lexists(testdata_link):
os.remove(testdata_link)
os.symlink(os.path.basename(testdata_name), testdata_link)
}
write_image_test_data[vardepsexclude] += "TOPDIR"

View File

@@ -53,24 +53,23 @@ CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4
CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
#### CPE update pending ####
# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803
# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7
# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
#CVE_CHECK_WHITELIST += "CVE-2000-0803"
#### Upstream still working on ####
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
# however qemu maintainers are sure the patch is incorrect and should not be applied.
# qemu maintainers say the patch is incorrect and should not be applied
# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable
CVE_CHECK_WHITELIST += "CVE-2021-20255"
# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879
# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
# No response upstream as of 2021/5/12
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067
# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can
# still be reproduced or where exactly any bug is.
# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one.
CVE_CHECK_WHITELIST += "CVE-2019-12067"
# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
# It is a fuzzing related buffer overflow. It is of low impact since most devices
# wouldn't expose an assembler. The upstream is inactive and there is little to be
# done about the bug, ignore from an OE perspective.
CVE_CHECK_WHITELIST += "CVE-2020-18974"

View File

@@ -7,9 +7,9 @@
#
UNINATIVE_MAXGLIBCVERSION = "2.35"
UNINATIVE_VERSION = "3.5"
UNINATIVE_VERSION = "3.6"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
UNINATIVE_CHECKSUM[aarch64] ?= "6de0771bd21e0fcb5e80388e5b561a8023b24083bcbf46e056a089982aff75d7"
UNINATIVE_CHECKSUM[i686] ?= "8c8745becbfa1c341bae839c7eab56ddf17ce36c303bcd73d3b2f2f788b631c2"
UNINATIVE_CHECKSUM[x86_64] ?= "e8047a5748e6f266165da141eb6d08b23674f30e477b0e5505b6403d50fbc4b2"
UNINATIVE_CHECKSUM[aarch64] ?= "d64831cf2792c8e470c2e42230660e1a8e5de56a579cdd59978791f663c2f3ed"
UNINATIVE_CHECKSUM[i686] ?= "2f0ee9b66b1bb2c85e2b592fb3c9c7f5d77399fa638d74961330cdb8de34ca3b"
UNINATIVE_CHECKSUM[x86_64] ?= "9bfc4c970495b3716b2f9e52c4df9f968c02463a9a95000f6657fbc3fde1f098"

View File

@@ -13,24 +13,31 @@
SPDXLICENSEMAP[AGPL-3] = "AGPL-3.0"
SPDXLICENSEMAP[AGPLv3] = "AGPL-3.0"
SPDXLICENSEMAP[AGPLv3.0] = "AGPL-3.0"
SPDXLICENSEMAP[AGPL-3.0-only] = "AGPL-3.0"
# GPL variations
SPDXLICENSEMAP[GPL-1] = "GPL-1.0"
SPDXLICENSEMAP[GPLv1] = "GPL-1.0"
SPDXLICENSEMAP[GPLv1.0] = "GPL-1.0"
SPDXLICENSEMAP[GPL-1.0-only] = "GPL-1.0"
SPDXLICENSEMAP[GPL-2] = "GPL-2.0"
SPDXLICENSEMAP[GPLv2] = "GPL-2.0"
SPDXLICENSEMAP[GPLv2.0] = "GPL-2.0"
SPDXLICENSEMAP[GPL-2.0-only] = "GPL-2.0"
SPDXLICENSEMAP[GPL-3] = "GPL-3.0"
SPDXLICENSEMAP[GPLv3] = "GPL-3.0"
SPDXLICENSEMAP[GPLv3.0] = "GPL-3.0"
SPDXLICENSEMAP[GPL-3.0-only] = "GPL-3.0"
#LGPL variations
SPDXLICENSEMAP[LGPLv2] = "LGPL-2.0"
SPDXLICENSEMAP[LGPLv2.0] = "LGPL-2.0"
SPDXLICENSEMAP[LGPL-2.0-only] = "LGPL-2.0"
SPDXLICENSEMAP[LGPL2.1] = "LGPL-2.1"
SPDXLICENSEMAP[LGPLv2.1] = "LGPL-2.1"
SPDXLICENSEMAP[LGPL-2.1-only] = "LGPL-2.1"
SPDXLICENSEMAP[LGPLv3] = "LGPL-3.0"
SPDXLICENSEMAP[LGPL-3.0-only] = "LGPL-3.0"
#MPL variations
SPDXLICENSEMAP[MPL-1] = "MPL-1.0"

View File

@@ -63,3 +63,112 @@ def _cmpkey(release, patch_l, pre_l, pre_v):
else:
_pre = float(pre_v) if pre_v else float('-inf')
return _release, _patch, _pre
def cve_check_merge_jsons(output, data):
"""
Merge the data in the "package" property to the main data file
output
"""
if output["version"] != data["version"]:
bb.error("Version mismatch when merging JSON outputs")
return
for product in output["package"]:
if product["name"] == data["package"][0]["name"]:
bb.error("Error adding the same package twice")
return
output["package"].append(data["package"][0])
def update_symlinks(target_path, link_path):
"""
Update a symbolic link link_path to point to target_path.
Remove the link and recreate it if exist and is different.
"""
if link_path != target_path and os.path.exists(target_path):
if os.path.exists(os.path.realpath(link_path)):
os.remove(link_path)
os.symlink(os.path.basename(target_path), link_path)
def get_patched_cves(d):
"""
Get patches that solve CVEs using the "CVE: " tag.
"""
import re
import oe.patch
pn = d.getVar("PN")
cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
# Matches the last "CVE-YYYY-ID" in the file name, also if written
# in lowercase. Possible to have multiple CVE IDs in a single
# file name, but only the last one will be detected from the file name.
# However, patch files contents addressing multiple CVE IDs are supported
# (cve_match regular expression)
cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
patched_cves = set()
bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
for url in oe.patch.src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
# Remote compressed patches may not be unpacked, so silently ignore them
if not os.path.isfile(patch_file):
bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
continue
# Check patch file name for CVE ID
fname_match = cve_file_name_match.search(patch_file)
if fname_match:
cve = fname_match.group(1).upper()
patched_cves.add(cve)
bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
with open(patch_file, "r", encoding="utf-8") as f:
try:
patch_text = f.read()
except UnicodeDecodeError:
bb.debug(1, "Failed to read patch %s using UTF-8 encoding"
" trying with iso8859-1" % patch_file)
f.close()
with open(patch_file, "r", encoding="iso8859-1") as f:
patch_text = f.read()
# Search for one or more "CVE: " lines
text_match = False
for match in cve_match.finditer(patch_text):
# Get only the CVEs without the "CVE: " tag
cves = patch_text[match.start()+5:match.end()]
for cve in cves.split():
bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
patched_cves.add(cve)
text_match = True
if not fname_match and not text_match:
bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
return patched_cves
def get_cpe_ids(cve_product, version):
"""
Get list of CPE identifiers for the given product and version
"""
version = version.split("+git")[0]
cpe_ids = []
for product in cve_product.split():
# CVE_PRODUCT in recipes may include vendor information for CPE identifiers. If not,
# use wildcard for vendor.
if ":" in product:
vendor, product = product.split(":", 1)
else:
vendor = "*"
cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
cpe_ids.append(cpe_id)
return cpe_ids

View File

@@ -611,12 +611,13 @@ class PackageManager(object, metaclass=ABCMeta):
"'%s' returned %d:\n%s" %
(' '.join(cmd), e.returncode, e.output.decode("utf-8")))
target_arch = self.d.getVar('TARGET_ARCH')
localedir = oe.path.join(self.target_rootfs, self.d.getVar("libdir"), "locale")
if os.path.exists(localedir) and os.listdir(localedir):
generate_locale_archive(self.d, self.target_rootfs, target_arch, localedir)
# And now delete the binary locales
self.remove(fnmatch.filter(self.list_installed(), "glibc-binary-localedata-*"), False)
if self.d.getVar('IMAGE_LOCALES_ARCHIVE') == '1':
target_arch = self.d.getVar('TARGET_ARCH')
localedir = oe.path.join(self.target_rootfs, self.d.getVar("libdir"), "locale")
if os.path.exists(localedir) and os.listdir(localedir):
generate_locale_archive(self.d, self.target_rootfs, target_arch, localedir)
# And now delete the binary locales
self.remove(fnmatch.filter(self.list_installed(), "glibc-binary-localedata-*"), False)
def deploy_dir_lock(self):
if self.deploy_dir is None:

View File

@@ -321,7 +321,9 @@ class Rootfs(object, metaclass=ABCMeta):
if not os.path.exists(kernel_abi_ver_file):
bb.fatal("No kernel-abiversion file found (%s), cannot run depmod, aborting" % kernel_abi_ver_file)
kernel_ver = open(kernel_abi_ver_file).read().strip(' \n')
with open(kernel_abi_ver_file) as f:
kernel_ver = f.read().strip(' \n')
versioned_modules_dir = os.path.join(self.image_rootfs, modules_dir, kernel_ver)
bb.utils.mkdirhier(versioned_modules_dir)

View File

@@ -6,6 +6,7 @@ from subprocess import Popen, PIPE
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.oetimeout import OETimeout
from oeqa.core.exception import OEQATimeoutError
class PingTest(OERuntimeTestCase):
@@ -13,14 +14,17 @@ class PingTest(OERuntimeTestCase):
def test_ping(self):
output = ''
count = 0
while count < 5:
cmd = 'ping -c 1 %s' % self.target.ip
proc = Popen(cmd, shell=True, stdout=PIPE)
output += proc.communicate()[0].decode('utf-8')
if proc.poll() == 0:
count += 1
else:
count = 0
try:
while count < 5:
cmd = 'ping -c 1 %s' % self.target.ip
proc = Popen(cmd, shell=True, stdout=PIPE)
output += proc.communicate()[0].decode('utf-8')
if proc.poll() == 0:
count += 1
else:
count = 0
except OEQATimeoutError:
self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output))
msg = ('Expected 5 consecutive, got %d.\n'
'ping output is:\n%s' % (count,output))
self.assertEqual(count, 5, msg = msg)

View File

@@ -23,7 +23,7 @@ class ScpTest(OERuntimeTestCase):
os.remove(cls.tmp_path)
@OETestDepends(['ssh.SSHTest.test_ssh'])
@OEHasPackage(['openssh-scp', 'dropbear'])
@OEHasPackage(['openssh-scp'])
def test_scp_file(self):
dst = '/tmp/test_scp_file'

View File

@@ -17,7 +17,7 @@ class EpoxyTest(OESDKTestCase):
"""
def setUp(self):
if not (self.tc.hasHostPackage("nativesdk-meson")):
raise unittest.SkipTest("GalculatorTest class: SDK doesn't contain Meson")
raise unittest.SkipTest("EpoxyTest class: SDK doesn't contain Meson")
def test_epoxy(self):
with tempfile.TemporaryDirectory(prefix="epoxy", dir=self.tc.sdk_dir) as testdir:

View File

@@ -1,9 +1,13 @@
from oe.cve_check import Version
import json
import os
from oeqa.selftest.case import OESelftestTestCase
from oeqa.utils.commands import bitbake, get_bb_vars
class CVECheck(OESelftestTestCase):
def test_version_compare(self):
from oe.cve_check import Version
result = Version("100") > Version("99")
self.assertTrue( result, msg="Failed to compare version '100' > '99'")
result = Version("2.3.1") > Version("2.2.3")
@@ -42,3 +46,156 @@ class CVECheck(OESelftestTestCase):
self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")
result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")
self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
def test_recipe_report_json(self):
config = """
INHERIT += "cve-check"
CVE_CHECK_FORMAT_JSON = "1"
"""
self.write_config(config)
vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
try:
os.remove(summary_json)
os.remove(recipe_json)
except FileNotFoundError:
pass
bitbake("m4-native -c cve_check")
def check_m4_json(filename):
with open(filename) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
package = report["package"][0]
self.assertEqual(package["name"], "m4-native")
found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
self.assertIn("CVE-2008-1687", found_cves)
self.assertEqual(found_cves["CVE-2008-1687"], "Patched")
self.assertExists(summary_json)
check_m4_json(summary_json)
self.assertExists(recipe_json)
check_m4_json(recipe_json)
def test_image_json(self):
config = """
INHERIT += "cve-check"
CVE_CHECK_FORMAT_JSON = "1"
"""
self.write_config(config)
vars = get_bb_vars(["CVE_CHECK_DIR", "CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
report_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
print(report_json)
try:
os.remove(report_json)
except FileNotFoundError:
pass
bitbake("core-image-minimal-initramfs")
self.assertExists(report_json)
# Check that the summary report lists at least one package
with open(report_json) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertGreater(len(report["package"]), 1)
# Check that a random recipe wrote a recipe report to deploy/cve/
recipename = report["package"][0]["name"]
recipe_report = os.path.join(vars["CVE_CHECK_DIR"], recipename + "_cve.json")
self.assertExists(recipe_report)
with open(recipe_report) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
self.assertEqual(report["package"][0]["name"], recipename)
def test_recipe_report_json_unpatched(self):
config = """
INHERIT += "cve-check"
CVE_CHECK_FORMAT_JSON = "1"
CVE_CHECK_REPORT_PATCHED = "0"
"""
self.write_config(config)
vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
try:
os.remove(summary_json)
os.remove(recipe_json)
except FileNotFoundError:
pass
bitbake("m4-native -c cve_check")
def check_m4_json(filename):
with open(filename) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
package = report["package"][0]
self.assertEqual(package["name"], "m4-native")
#m4 had only Patched CVEs, so the issues array will be empty
self.assertEqual(package["issue"], [])
self.assertExists(summary_json)
check_m4_json(summary_json)
self.assertExists(recipe_json)
check_m4_json(recipe_json)
def test_recipe_report_json_ignored(self):
config = """
INHERIT += "cve-check"
CVE_CHECK_FORMAT_JSON = "1"
CVE_CHECK_REPORT_PATCHED = "1"
"""
self.write_config(config)
vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json")
try:
os.remove(summary_json)
os.remove(recipe_json)
except FileNotFoundError:
pass
bitbake("logrotate -c cve_check")
def check_m4_json(filename):
with open(filename) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
package = report["package"][0]
self.assertEqual(package["name"], "logrotate")
found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
# m4 CVE should not be in logrotate
self.assertNotIn("CVE-2008-1687", found_cves)
# logrotate has both Patched and Ignored CVEs
self.assertIn("CVE-2011-1098", found_cves)
self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
self.assertIn("CVE-2011-1548", found_cves)
self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
self.assertIn("CVE-2011-1549", found_cves)
self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
self.assertIn("CVE-2011-1550", found_cves)
self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
self.assertExists(summary_json)
check_m4_json(summary_json)
self.assertExists(recipe_json)
check_m4_json(recipe_json)

View File

@@ -133,7 +133,8 @@ class OEListPackageconfigTests(OEScriptTests):
def check_endlines(self, results, expected_endlines):
for line in results.output.splitlines():
for el in expected_endlines:
if line.split() == el.split():
if line and line.split()[0] == el.split()[0] and \
' '.join(sorted(el.split())) in ' '.join(sorted(line.split())):
expected_endlines.remove(el)
break

View File

@@ -175,6 +175,8 @@ class TestImage(OESelftestTestCase):
if "DISPLAY" not in os.environ:
self.skipTest("virgl gtk test must be run inside a X session")
distro = oe.lsb.distro_identifier()
if distro and distro == 'almalinux-8.6':
self.skipTest('virgl isn\'t working with Alma 8')
if distro and distro == 'debian-8':
self.skipTest('virgl isn\'t working with Debian 8')
if distro and distro == 'centos-7':
@@ -185,6 +187,8 @@ class TestImage(OESelftestTestCase):
self.skipTest('virgl isn\'t working with Fedora 34')
if distro and distro == 'fedora-35':
self.skipTest('virgl isn\'t working with Fedora 35')
if distro and distro == 'fedora-36':
self.skipTest('virgl isn\'t working with Fedora 36')
if distro and distro == 'opensuseleap-15.0':
self.skipTest('virgl isn\'t working with Opensuse 15.0')

View File

@@ -87,14 +87,14 @@ class TinfoilTests(OESelftestTestCase):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=True)
tinfoil.set_event_mask(['bb.event.FilesMatchingFound', 'bb.command.CommandCompleted'])
tinfoil.set_event_mask(['bb.event.FilesMatchingFound', 'bb.command.CommandCompleted', 'bb.command.CommandFailed', 'bb.command.CommandExit'])
# Need to drain events otherwise events that were masked may still be in the queue
while tinfoil.wait_event():
pass
pattern = 'conf'
res = tinfoil.run_command('testCookerCommandEvent', pattern)
res = tinfoil.run_command('testCookerCommandEvent', pattern, handle_events=False)
self.assertTrue(res)
eventreceived = False
@@ -118,7 +118,7 @@ class TinfoilTests(OESelftestTestCase):
else:
self.fail('Unexpected event: %s' % event)
self.assertTrue(commandcomplete, 'Timed out waiting for CommandCompleted event from bitbake server')
self.assertTrue(commandcomplete, 'Timed out waiting for CommandCompleted event from bitbake server (Matching event received: %s)' % str(eventreceived))
self.assertTrue(eventreceived, 'Did not receive FilesMatchingFound event from bitbake server')
def test_setvariable_clean(self):

View File

@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=master;protocol=https \
SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=main;protocol=https \
file://determinism.patch \
file://no-werror.patch"
SRCREV = "c1d6b10e1ed4ba2be07f385eae5bceb694478a10"

View File

@@ -0,0 +1,178 @@
From 0693d672abcf720419f86c56bda6428c540e2bb1 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Wed, 20 Jul 2022 10:01:35 +0530
Subject: [PATCH] CVE-2021-3695
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e623866d9286410156e8b9d2c82d6253a1b22d08]
CVE: CVE-2021-3695
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
video/readers/png: Drop greyscale support to fix heap out-of-bounds write
A 16-bit greyscale PNG without alpha is processed in the following loop:
for (i = 0; i < (data->image_width * data->image_height);
i++, d1 += 4, d2 += 2)
{
d1[R3] = d2[1];
d1[G3] = d2[1];
d1[B3] = d2[1];
}
The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration,
but there are only 3 bytes allocated for storage. This means that image
data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes
out of every 4 following the end of the image.
This has existed since greyscale support was added in 2013 in commit
3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale).
Saving starfield.png as a 16-bit greyscale image without alpha in the gimp
and attempting to load it causes grub-emu to crash - I don't think this code
has ever worked.
Delete all PNG greyscale support.
Fixes: CVE-2021-3695
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/png.c | 89 ++++-------------------------------
1 file changed, 8 insertions(+), 81 deletions(-)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 0157ff7..db4a9d4 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -100,7 +100,7 @@ struct grub_png_data
unsigned image_width, image_height;
int bpp, is_16bit;
- int raw_bytes, is_gray, is_alpha, is_palette;
+ int raw_bytes, is_alpha, is_palette;
int row_bytes, color_bits;
grub_uint8_t *image_data;
@@ -280,13 +280,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
data->bpp = 3;
else
{
- data->is_gray = 1;
- data->bpp = 1;
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: color type not supported");
}
if ((color_bits != 8) && (color_bits != 16)
&& (color_bits != 4
- || !(data->is_gray || data->is_palette)))
+ || !data->is_palette))
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: bit depth must be 8 or 16");
@@ -315,7 +315,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
}
#ifndef GRUB_CPU_WORDS_BIGENDIAN
- if (data->is_16bit || data->is_gray || data->is_palette)
+ if (data->is_16bit || data->is_palette)
#endif
{
data->image_data = grub_calloc (data->image_height, data->row_bytes);
@@ -859,27 +859,8 @@ grub_png_convert_image (struct grub_png_data *data)
int shift;
int mask = (1 << data->color_bits) - 1;
unsigned j;
- if (data->is_gray)
- {
- /* Generic formula is
- (0xff * i) / ((1U << data->color_bits) - 1)
- but for allowed bit depth of 1, 2 and for it's
- equivalent to
- (0xff / ((1U << data->color_bits) - 1)) * i
- Precompute the multipliers to avoid division.
- */
-
- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 };
- for (i = 0; i < (1U << data->color_bits); i++)
- {
- grub_uint8_t col = multipliers[data->color_bits] * i;
- palette[i][0] = col;
- palette[i][1] = col;
- palette[i][2] = col;
- }
- }
- else
- grub_memcpy (palette, data->palette, 3 << data->color_bits);
+
+ grub_memcpy (palette, data->palette, 3 << data->color_bits);
d1c = d1;
d2c = d2;
for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3,
@@ -917,61 +898,7 @@ grub_png_convert_image (struct grub_png_data *data)
return;
}
- if (data->is_gray)
- {
- switch (data->bpp)
- {
- case 4:
- /* 16-bit gray with alpha. */
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 4)
- {
- d1[R4] = d2[3];
- d1[G4] = d2[3];
- d1[B4] = d2[3];
- d1[A4] = d2[1];
- }
- break;
- case 2:
- if (data->is_16bit)
- /* 16-bit gray without alpha. */
- {
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 2)
- {
- d1[R3] = d2[1];
- d1[G3] = d2[1];
- d1[B3] = d2[1];
- }
- }
- else
- /* 8-bit gray with alpha. */
- {
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 2)
- {
- d1[R4] = d2[1];
- d1[G4] = d2[1];
- d1[B4] = d2[1];
- d1[A4] = d2[0];
- }
- }
- break;
- /* 8-bit gray without alpha. */
- case 1:
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 3, d2++)
- {
- d1[R3] = d2[0];
- d1[G3] = d2[0];
- d1[B3] = d2[0];
- }
- break;
- }
- return;
- }
-
- {
+ {
/* Only copy the upper 8 bit. */
#ifndef GRUB_CPU_WORDS_BIGENDIAN
for (i = 0; i < (data->image_width * data->image_height * data->bpp >> 1);
--
2.25.1

View File

@@ -0,0 +1,46 @@
From b18ce59d6496a9313d75f9497a0efac61dcf4191 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Wed, 20 Jul 2022 10:05:42 +0530
Subject: [PATCH] CVE-2021-3696
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=210245129c932dc9e1c2748d9d35524fb95b5042]
CVE: CVE-2021-3696
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
video/readers/png: Avoid heap OOB R/W inserting huff table items
In fuzzing we observed crashes where a code would attempt to be inserted
into a huffman table before the start, leading to a set of heap OOB reads
and writes as table entries with negative indices were shifted around and
the new code written in.
Catch the case where we would underflow the array and bail.
Fixes: CVE-2021-3696
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/png.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 36b3f10..3c05951 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -416,6 +416,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len)
for (i = len; i < ht->max_length; i++)
n += ht->maxval[i];
+ if (n > ht->num_values)
+ {
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: out of range inserting huffman table item");
+ return;
+ }
+
for (i = 0; i < n; i++)
ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1];
--
2.25.1

View File

@@ -0,0 +1,82 @@
From 4de9de9d14f4ac27229e45514627534e32cc4406 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 19 Jul 2022 11:13:02 +0530
Subject: [PATCH] CVE-2021-3697
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6]
CVE: CVE-2021-3697
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
video/readers/jpeg: Block int underflow -> wild pointer write
Certain 1 px wide images caused a wild pointer write in
grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(),
we have the following loop:
for (; data->r1 < nr1 && (!data->dri || rst);
data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
We did not check if vb * width >= hb * nc1.
On a 64-bit platform, if that turns out to be negative, it will underflow,
be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so
we see data->bitmap_ptr jump, e.g.:
0x6180_0000_0480 to
0x6181_0000_0498
^
~--- carry has occurred and this pointer is now far away from
any object.
On a 32-bit platform, it will decrement the pointer, creating a pointer
that won't crash but will overwrite random data.
Catch the underflow and error out.
Fixes: CVE-2021-3697
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/jpeg.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
index 31359a4..545a60b 100644
--- a/grub-core/video/readers/jpeg.c
+++ b/grub-core/video/readers/jpeg.c
@@ -23,6 +23,7 @@
#include <grub/mm.h>
#include <grub/misc.h>
#include <grub/bufio.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -617,6 +618,7 @@ static grub_err_t
grub_jpeg_decode_data (struct grub_jpeg_data *data)
{
unsigned c1, vb, hb, nr1, nc1;
+ unsigned stride_a, stride_b, stride;
int rst = data->dri;
vb = 8 << data->log_vs;
@@ -624,8 +626,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
nr1 = (data->image_height + vb - 1) >> (3 + data->log_vs);
nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs);
+ if (grub_mul(vb, data->image_width, &stride_a) ||
+ grub_mul(hb, nc1, &stride_b) ||
+ grub_sub(stride_a, stride_b, &stride))
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: cannot decode image with these dimensions");
+
for (; data->r1 < nr1 && (!data->dri || rst);
- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
+ data->r1++, data->bitmap_ptr += stride * 3)
for (c1 = 0; c1 < nc1 && (!data->dri || rst);
c1++, rst--, data->bitmap_ptr += hb * 3)
{
--
2.25.1

View File

@@ -0,0 +1,32 @@
From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 27 Jun 2022 10:15:29 +0530
Subject: [PATCH] CVE-2021-3981
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
CVE: CVE-2021-3981
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
util/grub-mkconfig.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 9f477ff..ead94a6 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
exit 1
else
# none of the children aborted with error, install the new grub.cfg
- mv -f ${grub_cfg}.new ${grub_cfg}
+ oldumask=$(umask)
+ umask 077
+ cat ${grub_cfg}.new > ${grub_cfg}
+ umask $oldumask
+ rm -f ${grub_cfg}.new
fi
fi
--
2.25.1

View File

@@ -0,0 +1,60 @@
From 415fb5eb83cbd3b5cfc25ac1290f2de4fe3d231c Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 1 Aug 2022 10:48:34 +0530
Subject: [PATCH] CVE-2022-28733
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3e4817538de828319ba6d59ced2fbb9b5ca13287]
CVE: CVE-2022-28733
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
net/ip: Do IP fragment maths safely
We can receive packets with invalid IP fragmentation information. This
can lead to rsm->total_len underflowing and becoming very large.
Then, in grub_netbuff_alloc(), we add to this very large number, which can
cause it to overflow and wrap back around to a small positive number.
The allocation then succeeds, but the resulting buffer is too small and
subsequent operations can write past the end of the buffer.
Catch the underflow here.
Fixes: CVE-2022-28733
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/ip.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c
index ea5edf8..74e4e8b 100644
--- a/grub-core/net/ip.c
+++ b/grub-core/net/ip.c
@@ -25,6 +25,7 @@
#include <grub/net/netbuff.h>
#include <grub/mm.h>
#include <grub/priority_queue.h>
+#include <grub/safemath.h>
#include <grub/time.h>
struct iphdr {
@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb,
{
rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK)
+ (nb->tail - nb->data));
- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t));
+
+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t),
+ &rsm->total_len))
+ {
+ grub_dprintf ("net", "IP reassembly size underflow\n");
+ return GRUB_ERR_NONE;
+ }
+
rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len);
if (!rsm->asm_netbuff)
{
--
2.25.1

View File

@@ -0,0 +1,67 @@
From f03f09c2a07eae7f3a4646e33a406ae2689afb9e Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 1 Aug 2022 10:59:41 +0530
Subject: [PATCH] CVE-2022-28734
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4]
CVE: CVE-2022-28734
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
net/http: Fix OOB write for split http headers
GRUB has special code for handling an http header that is split
across two packets.
The code tracks the end of line by looking for a "\n" byte. The
code for split headers has always advanced the pointer just past the
end of the line, whereas the code that handles unsplit headers does
not advance the pointer. This extra advance causes the length to be
one greater, which breaks an assumption in parse_line(), leading to
it writing a NUL byte one byte past the end of the buffer where we
reconstruct the line from the two packets.
It's conceivable that an attacker controlled set of packets could
cause this to zero out the first byte of the "next" pointer of the
grub_mm_region structure following the current_line buffer.
Do not advance the pointer in the split header case.
Fixes: CVE-2022-28734
---
grub-core/net/http.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index 5aa4ad3..a220d21 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
char *end = ptr + len;
while (end > ptr && *(end - 1) == '\r')
end--;
+
+ /* LF without CR. */
+ if (end == ptr + len)
+ {
+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR"));
+ return GRUB_ERR_NONE;
+ }
*end = 0;
+
/* Trailing CRLF. */
if (data->in_chunk_len == 1)
{
@@ -190,9 +198,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)),
int have_line = 1;
char *t;
ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data);
- if (ptr)
- ptr++;
- else
+ if (ptr == NULL)
{
have_line = 0;
ptr = (char *) nb->tail;
--
2.25.1

View File

@@ -0,0 +1,275 @@
From 431a111c60095fc973d83fe9209f26f29ce78784 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 1 Aug 2022 11:17:17 +0530
Subject: [PATCH] CVE-2022-28736
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=04c86e0bb7b58fc2f913f798cdb18934933e532d]
CVE: CVE-2022-28736
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
loader/efi/chainloader: Use grub_loader_set_ex()
This ports the EFI chainloader to use grub_loader_set_ex() in order to fix
a use-after-free bug that occurs when grub_cmd_chainloader() is executed
more than once before a boot attempt is performed.
Fixes: CVE-2022-28736
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++----
grub-core/loader/efi/chainloader.c | 46 +++++++++++----------
include/grub/loader.h | 5 +++
3 files changed, 87 insertions(+), 30 deletions(-)
diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
index bbca81e..6151478 100644
--- a/grub-core/commands/boot.c
+++ b/grub-core/commands/boot.c
@@ -27,10 +27,20 @@
GRUB_MOD_LICENSE ("GPLv3+");
-static grub_err_t (*grub_loader_boot_func) (void);
-static grub_err_t (*grub_loader_unload_func) (void);
+static grub_err_t (*grub_loader_boot_func) (void *context);
+static grub_err_t (*grub_loader_unload_func) (void *context);
+static void *grub_loader_context;
static int grub_loader_flags;
+struct grub_simple_loader_hooks
+{
+ grub_err_t (*boot) (void);
+ grub_err_t (*unload) (void);
+};
+
+/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
+static struct grub_simple_loader_hooks simple_loader_hooks;
+
struct grub_preboot
{
grub_err_t (*preboot_func) (int);
@@ -44,6 +54,29 @@ static int grub_loader_loaded;
static struct grub_preboot *preboots_head = 0,
*preboots_tail = 0;
+static grub_err_t
+grub_simple_boot_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+ return hooks->boot ();
+}
+
+static grub_err_t
+grub_simple_unload_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+ grub_err_t ret;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+
+ ret = hooks->unload ();
+ grub_memset (hooks, 0, sizeof (*hooks));
+
+ return ret;
+}
+
int
grub_loader_is_loaded (void)
{
@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
}
void
-grub_loader_set (grub_err_t (*boot) (void),
- grub_err_t (*unload) (void),
- int flags)
+grub_loader_set_ex (grub_err_t (*boot) (void *context),
+ grub_err_t (*unload) (void *context),
+ void *context,
+ int flags)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = boot;
grub_loader_unload_func = unload;
+ grub_loader_context = context;
grub_loader_flags = flags;
grub_loader_loaded = 1;
}
+void
+grub_loader_set (grub_err_t (*boot) (void),
+ grub_err_t (*unload) (void),
+ int flags)
+{
+ grub_loader_set_ex (grub_simple_boot_hook,
+ grub_simple_unload_hook,
+ &simple_loader_hooks,
+ flags);
+
+ simple_loader_hooks.boot = boot;
+ simple_loader_hooks.unload = unload;
+}
+
void
grub_loader_unset(void)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = 0;
grub_loader_unload_func = 0;
+ grub_loader_context = 0;
grub_loader_loaded = 0;
}
@@ -158,7 +208,7 @@ grub_loader_boot (void)
return err;
}
}
- err = (grub_loader_boot_func) ();
+ err = (grub_loader_boot_func) (grub_loader_context);
for (cur = preboots_tail; cur; cur = cur->prev)
if (! err)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index a8d7b91..93a028a 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -44,33 +44,28 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
-static grub_efi_physical_address_t address;
-static grub_efi_uintn_t pages;
-static grub_efi_device_path_t *file_path;
-static grub_efi_handle_t image_handle;
-static grub_efi_char16_t *cmdline;
-
static grub_err_t
-grub_chainloader_unload (void)
+grub_chainloader_unload (void *context)
{
+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
+ grub_efi_loaded_image_t *loaded_image;
grub_efi_boot_services_t *b;
+ loaded_image = grub_efi_get_loaded_image (image_handle);
+ if (loaded_image != NULL)
+ grub_free (loaded_image->load_options);
+
b = grub_efi_system_table->boot_services;
efi_call_1 (b->unload_image, image_handle);
- efi_call_2 (b->free_pages, address, pages);
-
- grub_free (file_path);
- grub_free (cmdline);
- cmdline = 0;
- file_path = 0;
grub_dl_unref (my_mod);
return GRUB_ERR_NONE;
}
static grub_err_t
-grub_chainloader_boot (void)
+grub_chainloader_boot (void *context)
{
+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
grub_efi_boot_services_t *b;
grub_efi_status_t status;
grub_efi_uintn_t exit_data_size;
@@ -139,7 +134,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
char *dir_start;
char *dir_end;
grub_size_t size;
- grub_efi_device_path_t *d;
+ grub_efi_device_path_t *d, *file_path;
dir_start = grub_strchr (filename, ')');
if (! dir_start)
@@ -215,11 +210,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_status_t status;
grub_efi_boot_services_t *b;
grub_device_t dev = 0;
- grub_efi_device_path_t *dp = 0;
+ grub_efi_device_path_t *dp = NULL, *file_path = NULL;
grub_efi_loaded_image_t *loaded_image;
char *filename;
void *boot_image = 0;
grub_efi_handle_t dev_handle = 0;
+ grub_efi_physical_address_t address = 0;
+ grub_efi_uintn_t pages = 0;
+ grub_efi_char16_t *cmdline = NULL;
+ grub_efi_handle_t image_handle = NULL;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -227,11 +226,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_dl_ref (my_mod);
- /* Initialize some global variables. */
- address = 0;
- image_handle = 0;
- file_path = 0;
-
b = grub_efi_system_table->boot_services;
file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
@@ -401,7 +395,11 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_file_close (file);
grub_device_close (dev);
- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+ /* We're finished with the source image buffer and file path now. */
+ efi_call_2 (b->free_pages, address, pages);
+ grub_free (file_path);
+
+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0);
return 0;
fail:
@@ -412,11 +410,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
if (file)
grub_file_close (file);
+ grub_free (cmdline);
grub_free (file_path);
if (address)
efi_call_2 (b->free_pages, address, pages);
+ if (image_handle != NULL)
+ efi_call_1 (b->unload_image, image_handle);
+
grub_dl_unref (my_mod);
return grub_errno;
diff --git a/include/grub/loader.h b/include/grub/loader.h
index 7f82a49..3071a50 100644
--- a/include/grub/loader.h
+++ b/include/grub/loader.h
@@ -39,6 +39,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
grub_err_t (*unload) (void),
int flags);
+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context),
+ grub_err_t (*unload) (void *context),
+ void *context,
+ int flags);
+
/* Unset current loader, if any. */
void EXPORT_FUNC (grub_loader_unset) (void);
--
2.25.1

View File

@@ -15,6 +15,8 @@ CVE_PRODUCT = "grub2"
# Applies only to RHEL
CVE_CHECK_WHITELIST += "CVE-2019-14865"
# Applies only to SUSE
CVE_CHECK_WHITELIST += "CVE-2021-46705"
SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \
@@ -93,6 +95,13 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
file://CVE-2021-3981.patch \
file://CVE-2021-3695.patch \
file://CVE-2021-3696.patch \
file://CVE-2021-3697.patch \
file://CVE-2022-28733.patch \
file://CVE-2022-28734.patch \
file://CVE-2022-28736.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

View File

@@ -14,13 +14,13 @@ PE = "1"
# repo during parse
SRCREV = "303f8fed261020c1cb7da32dad63b610bf6873dd"
SRC_URI = "git://git.denx.de/u-boot.git;branch=master \
SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \
file://remove-redundant-yyloc-global.patch \
file://CVE-2020-8432.patch \
file://CVE-2020-10648-1.patch \
file://CVE-2020-10648-2.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"

View File

@@ -0,0 +1,67 @@
From 36c878a0124973f29b7ca49e6bb18310f9b2601f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Thu, 8 Sep 2022 11:11:30 +0200
Subject: [PATCH 1/3] Bound the amount of work performed for delegations
Limit the amount of database lookups that can be triggered in
fctx_getaddresses() (i.e. when determining the name server addresses to
query next) by setting a hard limit on the number of NS RRs processed
for any delegation encountered. Without any limit in place, named can
be forced to perform large amounts of database lookups per each query
received, which severely impacts resolver performance.
The limit used (20) is an arbitrary value that is considered to be big
enough for any sane DNS delegation.
(cherry picked from commit 3a44097fd6c6c260765b628cd1d2c9cb7efb0b2a)
Upstream-Status: Backport
CVE: CVE-2022-2795
Reference to upstream patch:
https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
lib/dns/resolver.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 8ae9a993bbd7..ac9a9ef5d009 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -180,6 +180,12 @@
*/
#define NS_FAIL_LIMIT 4
#define NS_RR_LIMIT 5
+/*
+ * IP address lookups are performed for at most NS_PROCESSING_LIMIT NS RRs in
+ * any NS RRset encountered, to avoid excessive resource use while processing
+ * large delegations.
+ */
+#define NS_PROCESSING_LIMIT 20
/* Number of hash buckets for zone counters */
#ifndef RES_DOMAIN_BUCKETS
@@ -3318,6 +3324,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
bool need_alternate = false;
bool all_spilled = true;
unsigned int no_addresses = 0;
+ unsigned int ns_processed = 0;
FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
@@ -3504,6 +3511,11 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
dns_rdata_reset(&rdata);
dns_rdata_freestruct(&ns);
+
+ if (++ns_processed >= NS_PROCESSING_LIMIT) {
+ result = ISC_R_NOMORE;
+ break;
+ }
}
if (result != ISC_R_NOMORE) {
return (result);
--
2.34.1

View File

@@ -0,0 +1,31 @@
From ef3d1a84ff807eea27b4fef601a15932c5ffbfbf Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 11 Aug 2022 15:15:34 +1000
Subject: [PATCH 2/3] Free eckey on siglen mismatch
Upstream-Status: Backport
CVE: CVE-2022-38177
Reference to upstream patch:
https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
lib/dns/opensslecdsa_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 83b5b51cd78c..7576e04ac635 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
siglen = DNS_SIG_ECDSA384SIZE;
if (sig->length != siglen)
- return (DST_R_VERIFYFAILURE);
+ DST_RET(DST_R_VERIFYFAILURE);
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
DST_RET (dst__openssl_toresult3(dctx->category,
--
2.34.1

View File

@@ -0,0 +1,33 @@
From 65f5b2f0162d5d2ab25f463aa14a8bae71ace3d9 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 11 Aug 2022 15:28:13 +1000
Subject: [PATCH 3/3] Free ctx on invalid siglen
(cherry picked from commit 6ddb480a84836641a0711768a94122972c166825)
Upstream-Status: Backport
CVE: CVE-2022-38178
Reference to upstream patch:
https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
lib/dns/openssleddsa_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index 8b115ec283f0..b4fcd607c131 100644
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
siglen = DNS_SIG_ED448SIZE;
if (sig->length != siglen)
- return (DST_R_VERIFYFAILURE);
+ DST_RET(ISC_R_NOTIMPLEMENTED);
isc_buffer_usedregion(buf, &tbsreg);
--
2.34.1

View File

@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
SECTION = "console/network"
LICENSE = "ISC & BSD"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89a97ebbf713f7125fe5c02223d3ae95"
DEPENDS = "openssl libcap zlib"
@@ -19,9 +19,12 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
file://CVE-2022-2795.patch \
file://CVE-2022-38177.patch \
file://CVE-2022-38178.patch \
"
SRC_URI[sha256sum] = "c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681"
SRC_URI[sha256sum] = "0d8efbe7ec166ada90e46add4267b7e7c934790cba9bd5af6b8380a4fbfb5aff"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4

View File

@@ -54,6 +54,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
file://0001-test-gatt-Fix-hung-issue.patch \
file://CVE-2021-0129.patch \
file://CVE-2021-3588.patch \
file://CVE-2021-3658.patch \
file://CVE-2022-0204.patch \
file://CVE-2022-39176.patch \
"
S = "${WORKDIR}/bluez-${PV}"

View File

@@ -0,0 +1,95 @@
From b497b5942a8beb8f89ca1c359c54ad67ec843055 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Thu, 24 Jun 2021 16:32:04 -0700
Subject: [PATCH] adapter: Fix storing discoverable setting
discoverable setting shall only be store when changed via Discoverable
property and not when discovery client set it as that be considered
temporary just for the lifetime of the discovery.
Upstream-Status: Backport [https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055]
Signed-off-by:Minjae Kim <flowergom@gmail.com>
---
src/adapter.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index 12e4ff5c0..663b778e4 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -560,7 +560,11 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
if (changed_mask & MGMT_SETTING_DISCOVERABLE) {
g_dbus_emit_property_changed(dbus_conn, adapter->path,
ADAPTER_INTERFACE, "Discoverable");
- store_adapter_info(adapter);
+ /* Only persist discoverable setting if it was not set
+ * temporarily by discovery.
+ */
+ if (!adapter->discovery_discoverable)
+ store_adapter_info(adapter);
btd_adv_manager_refresh(adapter->adv_manager);
}
@@ -2162,8 +2166,6 @@ static bool filters_equal(struct mgmt_cp_start_service_discovery *a,
static int update_discovery_filter(struct btd_adapter *adapter)
{
struct mgmt_cp_start_service_discovery *sd_cp;
- GSList *l;
-
DBG("");
@@ -2173,17 +2175,24 @@ static int update_discovery_filter(struct btd_adapter *adapter)
return -ENOMEM;
}
- for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
- struct discovery_client *client = l->data;
+ /* Only attempt to overwrite current discoverable setting when not
+ * discoverable.
+ */
+ if (!(adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)) {
+ GSList *l;
- if (!client->discovery_filter)
- continue;
+ for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
+ struct discovery_client *client = l->data;
- if (client->discovery_filter->discoverable)
- break;
- }
+ if (!client->discovery_filter)
+ continue;
- set_discovery_discoverable(adapter, l ? true : false);
+ if (client->discovery_filter->discoverable) {
+ set_discovery_discoverable(adapter, true);
+ break;
+ }
+ }
+ }
/*
* If filters are equal, then don't update scan, except for when
@@ -2216,8 +2225,7 @@ static int discovery_stop(struct discovery_client *client)
return 0;
}
- if (adapter->discovery_discoverable)
- set_discovery_discoverable(adapter, false);
+ set_discovery_discoverable(adapter, false);
/*
* In the idle phase of a discovery, there is no need to stop it
@@ -6913,6 +6921,7 @@ static void adapter_stop(struct btd_adapter *adapter)
g_free(adapter->current_discovery_filter);
adapter->current_discovery_filter = NULL;
+ set_discovery_discoverable(adapter, false);
adapter->discovering = false;
while (adapter->connections) {
--
2.25.1

View File

@@ -0,0 +1,66 @@
From 0d328fdf6564b67fc2ec3533e3da201ebabcc9e3 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 8 Jun 2021 16:46:49 -0700
Subject: [PATCH] shared/gatt-server: Fix heap overflow when appending prepare
writes
The code shall check if the prepare writes would append more the
allowed maximum attribute length.
Fixes https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
Upstream-Status: Backport [https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0]
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
CVE: CVE-2022-0204
---
src/shared/gatt-server.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index 0c25a97..20e14bc 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -816,6 +816,20 @@ static uint8_t authorize_req(struct bt_gatt_server *server,
server->authorize_data);
}
+static uint8_t check_length(uint16_t length, uint16_t offset)
+{
+ if (length > BT_ATT_MAX_VALUE_LEN)
+ return BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN;
+
+ if (offset > BT_ATT_MAX_VALUE_LEN)
+ return BT_ATT_ERROR_INVALID_OFFSET;
+
+ if (length + offset > BT_ATT_MAX_VALUE_LEN)
+ return BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN;
+
+ return 0;
+}
+
static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
uint16_t length, void *user_data)
{
@@ -846,6 +860,10 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
handle);
+ ecode = check_length(length, 0);
+ if (ecode)
+ goto error;
+
ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;
@@ -1353,6 +1371,10 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
util_debug(server->debug_callback, server->debug_data,
"Prep Write Req - handle: 0x%04x", handle);
+ ecode = check_length(length, offset);
+ if (ecode)
+ goto error;
+
ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;

View File

@@ -0,0 +1,126 @@
From 752c7f707c3cc1eb12eadc13bc336a5c484d4bdf Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Wed, 28 Sep 2022 10:45:53 +0530
Subject: [PATCH] CVE-2022-39176
Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.6]
CVE: CVE-2022-39176
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
profiles/audio/avdtp.c | 56 +++++++++++++++++++++++++++---------------
profiles/audio/avrcp.c | 8 ++++++
2 files changed, 44 insertions(+), 20 deletions(-)
diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
index 782268c..0adf413 100644
--- a/profiles/audio/avdtp.c
+++ b/profiles/audio/avdtp.c
@@ -1261,43 +1261,53 @@ struct avdtp_remote_sep *avdtp_find_remote_sep(struct avdtp *session,
return NULL;
}
-static GSList *caps_to_list(uint8_t *data, int size,
+static GSList *caps_to_list(uint8_t *data, size_t size,
struct avdtp_service_capability **codec,
gboolean *delay_reporting)
{
+ struct avdtp_service_capability *cap;
GSList *caps;
- int processed;
if (delay_reporting)
*delay_reporting = FALSE;
- for (processed = 0, caps = NULL; processed + 2 <= size;) {
- struct avdtp_service_capability *cap;
- uint8_t length, category;
+ if (size < sizeof(*cap))
+ return NULL;
+
+ for (caps = NULL; size >= sizeof(*cap);) {
+ struct avdtp_service_capability *cpy;
- category = data[0];
- length = data[1];
+ cap = (struct avdtp_service_capability *)data;
- if (processed + 2 + length > size) {
+ if (sizeof(*cap) + cap->length > size) {
error("Invalid capability data in getcap resp");
break;
}
- cap = g_malloc(sizeof(struct avdtp_service_capability) +
- length);
- memcpy(cap, data, 2 + length);
+ if (cap->category == AVDTP_MEDIA_CODEC &&
+ cap->length < sizeof(**codec)) {
+ error("Invalid codec data in getcap resp");
+ break;
+ }
+
+ cpy = btd_malloc(sizeof(*cpy) + cap->length);
+ memcpy(cpy, cap, sizeof(*cap) + cap->length);
- processed += 2 + length;
- data += 2 + length;
+ size -= sizeof(*cap) + cap->length;
+ data += sizeof(*cap) + cap->length;
- caps = g_slist_append(caps, cap);
+ caps = g_slist_append(caps, cpy);
- if (category == AVDTP_MEDIA_CODEC &&
- length >=
- sizeof(struct avdtp_media_codec_capability))
- *codec = cap;
- else if (category == AVDTP_DELAY_REPORTING && delay_reporting)
- *delay_reporting = TRUE;
+ switch (cap->category) {
+ case AVDTP_MEDIA_CODEC:
+ if (codec)
+ *codec = cpy;
+ break;
+ case AVDTP_DELAY_REPORTING:
+ if (delay_reporting)
+ *delay_reporting = TRUE;
+ break;
+ }
}
return caps;
@@ -1494,6 +1504,12 @@ static gboolean avdtp_setconf_cmd(struct avdtp *session, uint8_t transaction,
&stream->codec,
&stream->delay_reporting);
+ if (!stream->caps || !stream->codec) {
+ err = AVDTP_UNSUPPORTED_CONFIGURATION;
+ category = 0x00;
+ goto failed_stream;
+ }
+
/* Verify that the Media Transport capability's length = 0. Reject otherwise */
for (l = stream->caps; l != NULL; l = g_slist_next(l)) {
struct avdtp_service_capability *cap = l->data;
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index d9471c0..0233d53 100644
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -1916,6 +1916,14 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
goto err_metadata;
}
+ operands += sizeof(*pdu);
+ operand_count -= sizeof(*pdu);
+
+ if (pdu->params_len != operand_count) {
+ DBG("AVRCP PDU parameters length don't match");
+ pdu->params_len = operand_count;
+ }
+
for (handler = session->control_handlers; handler->pdu_id; handler++) {
if (handler->pdu_id == pdu->pdu_id)
break;
--
2.25.1

View File

@@ -0,0 +1,37 @@
From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001
From: Nathan Crandall <ncrandall@tesla.com>
Date: Tue, 12 Jul 2022 08:56:34 +0200
Subject: gweb: Fix OOB write in received_data()
There is a mismatch of handling binary vs. C-string data with memchr
and strlen, resulting in pos, count, and bytes_read to become out of
sync and result in a heap overflow. Instead, do not treat the buffer
as an ASCII C-string. We calculate the count based on the return value
of memchr, instead of strlen.
Fixes: CVE-2022-32292
Upstream-Status: Backport
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312b
CVE: CVE-2022-32292
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
gweb/gweb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gweb/gweb.c b/gweb/gweb.c
index 12fcb1d8..13c6c5f2 100644
--- a/gweb/gweb.c
+++ b/gweb/gweb.c
@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond,
}
*pos = '\0';
- count = strlen((char *) ptr);
+ count = pos - ptr;
if (count > 0 && ptr[count - 1] == '\r') {
ptr[--count] = '\0';
bytes_read--;
--
cgit

View File

@@ -0,0 +1,266 @@
From 358a44b1442fae0f82846e10da0708b5c4e1ce27 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 20 Sep 2022 17:58:19 +0530
Subject: [PATCH] CVE-2022-32293
CVE: CVE-2022-32293
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
src/wispr.c | 83 ++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 63 insertions(+), 20 deletions(-)
diff --git a/src/wispr.c b/src/wispr.c
index 473c0e0..97e0242 100644
--- a/src/wispr.c
+++ b/src/wispr.c
@@ -59,6 +59,7 @@ struct wispr_route {
};
struct connman_wispr_portal_context {
+ int refcount;
struct connman_service *service;
enum connman_ipconfig_type type;
struct connman_wispr_portal *wispr_portal;
@@ -96,10 +97,13 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data);
static GHashTable *wispr_portal_list = NULL;
+#define wispr_portal_context_ref(wp_context) \
+ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__)
+#define wispr_portal_context_unref(wp_context) \
+ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__)
+
static void connman_wispr_message_init(struct connman_wispr_message *msg)
{
- DBG("");
-
msg->has_error = false;
msg->current_element = NULL;
@@ -159,11 +163,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context)
static void free_connman_wispr_portal_context(
struct connman_wispr_portal_context *wp_context)
{
- DBG("context %p", wp_context);
-
- if (!wp_context)
- return;
-
if (wp_context->wispr_portal) {
if (wp_context->wispr_portal->ipv4_context == wp_context)
wp_context->wispr_portal->ipv4_context = NULL;
@@ -200,9 +199,38 @@ static void free_connman_wispr_portal_context(
g_free(wp_context);
}
+static struct connman_wispr_portal_context *
+wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context,
+ const char *file, int line, const char *caller)
+{
+ DBG("%p ref %d by %s:%d:%s()", wp_context,
+ wp_context->refcount + 1, file, line, caller);
+
+ __sync_fetch_and_add(&wp_context->refcount, 1);
+
+ return wp_context;
+}
+
+static void wispr_portal_context_unref_debug(
+ struct connman_wispr_portal_context *wp_context,
+ const char *file, int line, const char *caller)
+{
+ if (!wp_context)
+ return;
+
+ DBG("%p ref %d by %s:%d:%s()", wp_context,
+ wp_context->refcount - 1, file, line, caller);
+
+ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1)
+ return;
+
+ free_connman_wispr_portal_context(wp_context);
+}
+
static struct connman_wispr_portal_context *create_wispr_portal_context(void)
{
- return g_try_new0(struct connman_wispr_portal_context, 1);
+ return wispr_portal_context_ref(
+ g_new0(struct connman_wispr_portal_context, 1));
}
static void free_connman_wispr_portal(gpointer data)
@@ -214,8 +242,8 @@ static void free_connman_wispr_portal(gpointer data)
if (!wispr_portal)
return;
- free_connman_wispr_portal_context(wispr_portal->ipv4_context);
- free_connman_wispr_portal_context(wispr_portal->ipv6_context);
+ wispr_portal_context_unref(wispr_portal->ipv4_context);
+ wispr_portal_context_unref(wispr_portal->ipv6_context);
g_free(wispr_portal);
}
@@ -450,8 +478,6 @@ static void portal_manage_status(GWebResult *result,
&str))
connman_info("Client-Timezone: %s", str);
- free_connman_wispr_portal_context(wp_context);
-
__connman_service_ipconfig_indicate_state(service,
CONNMAN_SERVICE_STATE_ONLINE, type);
}
@@ -509,14 +535,17 @@ static void wispr_portal_request_portal(
{
DBG("");
+ wispr_portal_context_ref(wp_context);
wp_context->request_id = g_web_request_get(wp_context->web,
wp_context->status_url,
wispr_portal_web_result,
wispr_route_request,
wp_context);
- if (wp_context->request_id == 0)
+ if (wp_context->request_id == 0) {
wispr_portal_error(wp_context);
+ wispr_portal_context_unref(wp_context);
+ }
}
static bool wispr_input(const guint8 **data, gsize *length,
@@ -562,13 +591,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service,
return;
if (!authentication_done) {
- wispr_portal_error(wp_context);
free_wispr_routes(wp_context);
+ wispr_portal_error(wp_context);
+ wispr_portal_context_unref(wp_context);
return;
}
/* Restarting the test */
__connman_service_wispr_start(service, wp_context->type);
+ wispr_portal_context_unref(wp_context);
}
static void wispr_portal_request_wispr_login(struct connman_service *service,
@@ -592,7 +623,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service,
return;
}
- free_connman_wispr_portal_context(wp_context);
+ wispr_portal_context_unref(wp_context);
return;
}
@@ -644,11 +675,13 @@ static bool wispr_manage_message(GWebResult *result,
wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN;
+ wispr_portal_context_ref(wp_context);
if (__connman_agent_request_login_input(wp_context->service,
wispr_portal_request_wispr_login,
- wp_context) != -EINPROGRESS)
+ wp_context) != -EINPROGRESS) {
wispr_portal_error(wp_context);
- else
+ wispr_portal_context_unref(wp_context);
+ } else
return true;
break;
@@ -697,6 +730,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
if (length > 0) {
g_web_parser_feed_data(wp_context->wispr_parser,
chunk, length);
+ wispr_portal_context_unref(wp_context);
return true;
}
@@ -714,6 +748,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
switch (status) {
case 000:
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->status_url, wp_context);
@@ -725,11 +760,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
if (g_web_result_get_header(result, "X-ConnMan-Status",
&str)) {
portal_manage_status(result, wp_context);
+ wispr_portal_context_unref(wp_context);
return false;
- } else
+ } else {
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->redirect_url, wp_context);
+ }
break;
case 302:
@@ -737,6 +775,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
!g_web_result_get_header(result, "Location",
&redirect)) {
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->status_url, wp_context);
@@ -747,6 +786,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
wp_context->redirect_url = g_strdup(redirect);
+ wispr_portal_context_ref(wp_context);
wp_context->request_id = g_web_request_get(wp_context->web,
redirect, wispr_portal_web_result,
wispr_route_request, wp_context);
@@ -763,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
break;
case 505:
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->status_url, wp_context);
@@ -775,6 +816,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
wp_context->request_id = 0;
done:
wp_context->wispr_msg.message_type = -1;
+ wispr_portal_context_unref(wp_context);
return false;
}
@@ -809,6 +851,7 @@ static void proxy_callback(const char *proxy, void *user_data)
xml_wispr_parser_callback, wp_context);
wispr_portal_request_portal(wp_context);
+ wispr_portal_context_unref(wp_context);
}
static gboolean no_proxy_callback(gpointer user_data)
@@ -903,7 +946,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context)
if (wp_context->token == 0) {
err = -EINVAL;
- free_connman_wispr_portal_context(wp_context);
+ wispr_portal_context_unref(wp_context);
}
} else if (wp_context->timeout == 0) {
wp_context->timeout = g_idle_add(no_proxy_callback, wp_context);
@@ -952,7 +995,7 @@ int __connman_wispr_start(struct connman_service *service,
/* If there is already an existing context, we wipe it */
if (wp_context)
- free_connman_wispr_portal_context(wp_context);
+ wispr_portal_context_unref(wp_context);
wp_context = create_wispr_portal_context();
if (!wp_context)
--
2.25.1

View File

@@ -12,6 +12,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://CVE-2021-33833.patch \
file://CVE-2022-23096-7.patch \
file://CVE-2022-23098.patch \
file://CVE-2022-32292.patch \
file://CVE-2022-32293.patch \
"
SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"

View File

@@ -0,0 +1,54 @@
From eaae65aac967f9628787dca4a2501ca860bb6598 Mon Sep 17 00:00:00 2001
From: Minjae Kim <flowergom@gmail.com>
Date: Mon, 26 Sep 2022 22:05:07 +0200
Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt
Fix telnetd crash if the first two bytes of a new connection
are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
The problem was reported in:
<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>.
* NEWS: Mention fix.
* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and
zero slctab[SLC_EL].sptr.
CVE: CVE-2022-39028
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f]
Signed-off-by: Minjae Kim<flowergom@gmail.com>
---
telnetd/state.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/telnetd/state.c b/telnetd/state.c
index 2184bca..7948503 100644
--- a/telnetd/state.c
+++ b/telnetd/state.c
@@ -314,15 +314,21 @@ telrcv (void)
case EC:
case EL:
{
- cc_t ch;
+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
ptyflush (); /* half-hearted */
init_termbuf ();
if (c == EC)
- ch = *slctab[SLC_EC].sptr;
+ {
+ if (slctab[SLC_EC].sptr)
+ ch = *slctab[SLC_EC].sptr;
+ }
else
- ch = *slctab[SLC_EL].sptr;
+ {
+ if (slctab[SLC_EL].sptr)
+ ch = *slctab[SLC_EL].sptr;
+ }
if (ch != (cc_t) (_POSIX_VDISABLE))
pty_output_byte ((unsigned char) ch);
break;
--
2.25.1

View File

@@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
file://0001-rcp-fix-to-work-with-large-files.patch \
file://fix-buffer-fortify-tfpt.patch \
file://CVE-2021-40491.patch \
file://CVE-2022-39028.patch \
"
SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"

View File

@@ -4,11 +4,12 @@ DESCRIPTION = "Mobile Broadband Service Provider Database stores service provide
SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a"
PV = "20201225"
SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5"
PV = "20220725"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
S = "${WORKDIR}/git"
inherit autotools

View File

@@ -2,21 +2,22 @@ SUMMARY = "Linux NFC daemon"
DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
HOMEPAGE = "http://01.org/linux-nfc"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
"
DEPENDS = "dbus glib-2.0 libnl"
SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \
SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=git;branch=master \
file://neard.in \
file://Makefile.am-fix-parallel-issue.patch \
file://Makefile.am-do-not-ship-version.h.patch \
file://0001-Add-header-dependency-to-nciattach.o.patch \
"
SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
"
SRCREV = "949795024f7625420e93e288c56e194cb9a3e74a"
S = "${WORKDIR}/git"
inherit autotools pkgconfig systemd update-rc.d

View File

@@ -60,6 +60,13 @@ CVE_CHECK_WHITELIST += "CVE-2008-3844"
# https://ubuntu.com/security/CVE-2016-20012
CVE_CHECK_WHITELIST += "CVE-2016-20012"
# As per debian, the issue is fixed by a feature called "agent restriction" in openssh 8.9
# Urgency is unimportant as per debian, Hence this CVE is whitelisting.
# https://security-tracker.debian.org/tracker/CVE-2021-36368
# https://bugzilla.mindrot.org/show_bug.cgi?id=3316#c2
# https://docs.ssh-mitm.at/trivialauth.html
CVE_CHECK_WHITELIST += "CVE-2021-36368"
PAM_SRC_URI = "file://sshd"
inherit manpages useradd update-rc.d update-alternatives systemd
@@ -183,12 +190,17 @@ FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
RRECOMMENDS_${PN}-sshd_append_class-target = "\
${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
"
# break dependency on base package for -dev package
# otherwise SDK fails to build as the main openssh and dropbear packages
# conflict with each other
RDEPENDS:${PN}-dev = ""
# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"

View File

@@ -1,145 +0,0 @@
From e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat, 11 Dec 2021 20:28:11 +0100
Subject: [PATCH] Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit
targets
bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.
Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45
correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
Fortunately the bn_mul_comba4/8 code paths are not affected.
Also the mips64 target does in fact not handle the carry propagation
correctly.
Example:
a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000
022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001
correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17258)
(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb]
CVE: CVE-2021-4160
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
---
crypto/bn/asm/mips.pl | 4 ++++
test/bntest.c | 45 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+)
diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 8ad715bda4..74101030f2 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -1984,6 +1984,8 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+ sltu $at,$c_3,$t_2
+ $ADDU $c_1,$at
mflo ($t_1,$a_2,$a_0)
mfhi ($t_2,$a_2,$a_0)
___
@@ -2194,6 +2196,8 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+ sltu $at,$c_3,$t_2
+ $ADDU $c_1,$at
mflo ($t_1,$a_2,$a_0)
mfhi ($t_2,$a_2,$a_0)
___
diff --git a/test/bntest.c b/test/bntest.c
index b58028a301..bab34ba54b 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -627,6 +627,51 @@ static int test_modexp_mont5(void)
if (!TEST_BN_eq(c, d))
goto err;
+ /*
+ * Regression test for overflow bug in bn_sqr_comba4/8 for
+ * mips-linux-gnu and mipsel-linux-gnu 32bit targets.
+ */
+ {
+ static const char *ehex[] = {
+ "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee",
+ "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5",
+ "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a",
+ "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985",
+ "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1",
+ "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680",
+ "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e",
+ "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465",
+ NULL};
+ static const char *phex[] = {
+ "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241",
+ "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31",
+ "2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053",
+ "c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439",
+ "dc6fbd55f903aadd307982d3f659207f265e1ec6271b274521b7a5e28e8fd7a5",
+ "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813",
+ "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4",
+ "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5",
+ NULL};
+ static const char *mhex[] = {
+ "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f",
+ "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3",
+ "785866cfbca17cfdbed6060be3629d894f924a89fdc1efc624f80d41a22f1900",
+ "9503fcc3824ef62ccb9208430c26f2d8ceb2c63488ec4c07437aa4c96c43dd8b",
+ "9289ed00a712ff66ee195dc71f5e4ead02172b63c543d69baf495f5fd63ba7bc",
+ "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647",
+ "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c",
+ "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b",
+ NULL};
+
+ if (!TEST_true(parse_bigBN(&e, ehex))
+ || !TEST_true(parse_bigBN(&p, phex))
+ || !TEST_true(parse_bigBN(&m, mhex))
+ || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
+ || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx))
+ || !TEST_BN_eq(a, d))
+ goto err;
+ }
+
/* Zero input */
if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0)))
goto err;
--
2.25.1

View File

@@ -18,14 +18,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://afalg.patch \
file://reproducible.patch \
file://reproducibility.patch \
file://CVE-2021-4160.patch \
"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
SRC_URI[sha256sum] = "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -181,6 +180,7 @@ do_install_ptest () {
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}

View File

@@ -348,7 +348,7 @@ do_install_ptest () {
# These access the internet which is not guaranteed to work on machines running the tests
rm -rf ${D}${PTEST_PATH}/testsuite/wget
sort ${B}/.config > ${D}${PTEST_PATH}/.config
ln -s /bin/busybox ${D}${PTEST_PATH}/busybox
ln -s ${base_bindir}/busybox ${D}${PTEST_PATH}/busybox
}
inherit update-alternatives

View File

@@ -0,0 +1,38 @@
From c7e181fdf58c392e06ab805e2c044c3e57d5445a Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Sun, 3 Apr 2022 12:14:33 +0000
Subject: [PATCH] libbb: sockaddr2str: ensure only printable characters are
returned for the hostname part
CVE: CVE-2022-28391
Upstream-Status: Pending
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
libbb/xconnect.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libbb/xconnect.c b/libbb/xconnect.c
index eb2871cb1..b5520bb21 100644
--- a/libbb/xconnect.c
+++ b/libbb/xconnect.c
@@ -501,8 +501,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
);
if (rc)
return NULL;
+ /* ensure host contains only printable characters */
if (flags & IGNORE_PORT)
- return xstrdup(host);
+ return xstrdup(printable_string(host));
#if ENABLE_FEATURE_IPV6
if (sa->sa_family == AF_INET6) {
if (strchr(host, ':')) /* heh, it's not a resolved hostname */
@@ -513,7 +514,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
#endif
/* For now we don't support anything else, so it has to be INET */
/*if (sa->sa_family == AF_INET)*/
- return xasprintf("%s:%s", host, serv);
+ return xasprintf("%s:%s", printable_string(host), serv);
/*return xstrdup(host);*/
}

View File

@@ -0,0 +1,64 @@
From f8ad7c331b25ba90fd296b37c443b4114cb196e2 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Sun, 3 Apr 2022 12:16:45 +0000
Subject: [PATCH] nslookup: sanitize all printed strings with printable_string
Otherwise, terminal sequences can be injected, which enables various terminal injection
attacks from DNS results.
MJ: One chunk wasn't applicable on 1.31.1 version, because parsing of
SRV records was added only in newer 1.32.0 with:
commit 6b4960155e94076bf25518e4e268a7a5f849308e
Author: Jo-Philipp Wich <jo@mein.io>
Date: Thu Jun 27 17:27:29 2019 +0200
nslookup: implement support for SRV records
CVE: CVE-2022-28391
Upstream-Status: Pending
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
networking/nslookup.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/networking/nslookup.c b/networking/nslookup.c
index 24e09d4f0..89b9c8a13 100644
--- a/networking/nslookup.c
+++ b/networking/nslookup.c
@@ -404,7 +404,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
//printf("Unable to uncompress domain: %s\n", strerror(errno));
return -1;
}
- printf(format, ns_rr_name(rr), dname);
+ printf(format, ns_rr_name(rr), printable_string(dname));
break;
case ns_t_mx:
@@ -419,7 +419,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
return -1;
}
- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
+ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
break;
case ns_t_txt:
@@ -431,7 +431,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
if (n > 0) {
memset(dname, 0, sizeof(dname));
memcpy(dname, ns_rr_rdata(rr) + 1, n);
- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
+ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
}
break;
@@ -461,7 +461,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
return -1;
}
- printf("\tmail addr = %s\n", dname);
+ printf("\tmail addr = %s\n", printable_string(dname));
cp += n;
printf("\tserial = %lu\n", ns_get32(cp));

View File

@@ -55,6 +55,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://CVE-2021-42374.patch \
file://CVE-2021-42376.patch \
file://CVE-2021-423xx-awk.patch \
file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "

View File

@@ -12,6 +12,11 @@ DEPENDS = "zlib virtual/crypt"
RPROVIDES_${PN} = "ssh sshd"
RCONFLICTS_${PN} = "openssh-sshd openssh"
# break dependency on base package for -dev package
# otherwise SDK fails to build as the main openssh and dropbear packages
# conflict with each other
RDEPENDS:${PN}-dev = ""
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \

View File

@@ -0,0 +1,53 @@
From 4a32da87e931ba54393d465bb77c40b5c33d343b Mon Sep 17 00:00:00 2001
From: Rhodri James <rhodri@wildebeest.org.uk>
Date: Wed, 17 Aug 2022 18:26:18 +0100
Subject: [PATCH] Ensure raw tagnames are safe exiting internalEntityParser
It is possible to concoct a situation in which parsing is
suspended while substituting in an internal entity, so that
XML_ResumeParser directly uses internalEntityProcessor as
its processor. If the subsequent parse includes some unclosed
tags, this will return without calling storeRawNames to ensure
that the raw versions of the tag names are stored in memory other
than the parse buffer itself. If the parse buffer is then changed
or reallocated (for example if processing a file line by line),
badness will ensue.
This patch ensures storeRawNames is always called when needed
after calling doContent. The earlier call do doContent does
not need the same protection; it only deals with entity
substitution, which cannot leave unbalanced tags, and in any
case the raw names will be pointing into the stored entity
value not the parse buffer.
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b]
CVE: CVE-2022-40674
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
---
expat/lib/xmlparse.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
Index: expat/lib/xmlparse.c
===================================================================
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -5657,10 +5657,15 @@ internalEntityProcessor(XML_Parser parse
{
parser->m_processor = contentProcessor;
/* see externalEntityContentProcessor vs contentProcessor */
- return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding,
- s, end, nextPtr,
- (XML_Bool)! parser->m_parsingStatus.finalBuffer,
- XML_ACCOUNT_DIRECT);
+ result = doContent(parser, parser->m_parentParser ? 1 : 0,
+ parser->m_encoding, s, end, nextPtr,
+ (XML_Bool)! parser->m_parsingStatus.finalBuffer,
+ XML_ACCOUNT_DIRECT);
+ if (result == XML_ERROR_NONE) {
+ if (! storeRawNames(parser))
+ return XML_ERROR_NO_MEMORY;
+ }
+ return result;
}
}

View File

@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
file://CVE-2022-25314.patch \
file://CVE-2022-25315.patch \
file://libtool-tag.patch \
file://CVE-2022-40674.patch \
"
SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13"

View File

@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image setuptools3
SRCREV ?= "d752cbcbbeeea9adbcc9aa74def1761f34a9de54"
SRCREV ?= "9ae91384970637cd8880c07071fb44b7f5574012"
SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \

View File

@@ -14,6 +14,15 @@ finish_run() {
info "Switching root to '$ROOTFS_DIR'..."
debug "Moving basic mounts onto rootfs"
for dir in `awk '/\/dev.* \/run\/media/{print $2}' /proc/mounts`; do
# Parse any OCT or HEX encoded chars such as spaces
# in the mount points to actual ASCII chars
dir=`printf $dir`
mkdir -p "${ROOTFS_DIR}/media/${dir##*/}"
mount -n --move "$dir" "${ROOTFS_DIR}/media/${dir##*/}"
done
debug "Moving /dev, /proc and /sys onto rootfs..."
mount --move /dev $ROOTFS_DIR/dev
mount --move /proc $ROOTFS_DIR/proc

View File

@@ -129,7 +129,7 @@ do_install () {
update-rc.d -r ${D} rmnologin.sh start 99 2 3 4 5 .
update-rc.d -r ${D} sendsigs start 20 0 6 .
update-rc.d -r ${D} urandom start 38 S 0 6 .
update-rc.d -r ${D} umountnfs.sh start 31 0 1 6 .
update-rc.d -r ${D} umountnfs.sh stop 31 0 1 6 .
update-rc.d -r ${D} umountfs start 40 0 6 .
update-rc.d -r ${D} reboot start 90 6 .
update-rc.d -r ${D} halt start 90 0 .

View File

@@ -0,0 +1,813 @@
From b5125000917810731bc28055c0445d571121f80e Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 21 Apr 2022 00:45:58 +0200
Subject: [PATCH] Port gentest.py to Python 3
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb]
* fixes:
make[1]: 'testReader' is up to date.
File "../libxml2-2.9.10/gentest.py", line 11
print "libxml2 python bindings not available, skipping testapi.c generation"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("libxml2 python bindings not available, skipping testapi.c generation")?
make[1]: [Makefile:2078: testapi.c] Error 1 (ignored)
...
make[1]: 'testReader' is up to date.
File "../libxml2-2.9.10/gentest.py", line 271
return 1
^
TabError: inconsistent use of tabs and spaces in indentation
make[1]: [Makefile:2078: testapi.c] Error 1 (ignored)
...
aarch64-oe-linux-gcc: error: testapi.c: No such file or directory
aarch64-oe-linux-gcc: fatal error: no input files
compilation terminated.
make[1]: *** [Makefile:1275: testapi.o] Error 1
But there is still a bit mystery why it worked before, because check-am
calls gentest.py with $(PYTHON), so it ignores the shebang in the script
and libxml2 is using python3native (through python3targetconfig.bbclass)
so something like:
libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 gentest.py
But that still fails (now without SyntaxError) with:
libxml2 python bindings not available, skipping testapi.c generation
because we don't have dependency on libxml2-native (to provide libxml2
python bindings form python3native) and exported PYTHON_SITE_PACKAGES
might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10
which uses python 3.10 and there is no site-packages with libxml2)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
gentest.py | 421 ++++++++++++++++++++++++++---------------------------
1 file changed, 209 insertions(+), 212 deletions(-)
diff --git a/gentest.py b/gentest.py
index b763300..0756706 100755
--- a/gentest.py
+++ b/gentest.py
@@ -8,7 +8,7 @@ import string
try:
import libxml2
except:
- print "libxml2 python bindings not available, skipping testapi.c generation"
+ print("libxml2 python bindings not available, skipping testapi.c generation")
sys.exit(0)
if len(sys.argv) > 1:
@@ -227,7 +227,7 @@ extra_post_call = {
if (old != NULL) {
xmlUnlinkNode(old);
xmlFreeNode(old) ; old = NULL ; }
- ret_val = NULL;""",
+\t ret_val = NULL;""",
"xmlTextMerge":
"""if ((first != NULL) && (first->type != XML_TEXT_NODE)) {
xmlUnlinkNode(second);
@@ -236,7 +236,7 @@ extra_post_call = {
"""if ((ret_val != NULL) && (ret_val != ncname) &&
(ret_val != prefix) && (ret_val != memory))
xmlFree(ret_val);
- ret_val = NULL;""",
+\t ret_val = NULL;""",
"xmlNewDocElementContent":
"""xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""",
"xmlDictReference": "xmlDictFree(dict);",
@@ -268,29 +268,29 @@ modules = []
def is_skipped_module(name):
for mod in skipped_modules:
if mod == name:
- return 1
+ return 1
return 0
def is_skipped_function(name):
for fun in skipped_functions:
if fun == name:
- return 1
+ return 1
# Do not test destructors
- if string.find(name, 'Free') != -1:
+ if name.find('Free') != -1:
return 1
return 0
def is_skipped_memcheck(name):
for fun in skipped_memcheck:
if fun == name:
- return 1
+ return 1
return 0
missing_types = {}
def add_missing_type(name, func):
try:
list = missing_types[name]
- list.append(func)
+ list.append(func)
except:
missing_types[name] = [func]
@@ -310,7 +310,7 @@ def add_missing_functions(name, module):
missing_functions_nr = missing_functions_nr + 1
try:
list = missing_functions[module]
- list.append(name)
+ list.append(name)
except:
missing_functions[module] = [name]
@@ -319,45 +319,45 @@ def add_missing_functions(name, module):
#
def type_convert(str, name, info, module, function, pos):
-# res = string.replace(str, " ", " ")
-# res = string.replace(str, " ", " ")
-# res = string.replace(str, " ", " ")
- res = string.replace(str, " *", "_ptr")
-# res = string.replace(str, "*", "_ptr")
- res = string.replace(res, " ", "_")
+# res = str.replace(" ", " ")
+# res = str.replace(" ", " ")
+# res = str.replace(" ", " ")
+ res = str.replace(" *", "_ptr")
+# res = str.replace("*", "_ptr")
+ res = res.replace(" ", "_")
if res == 'const_char_ptr':
- if string.find(name, "file") != -1 or \
- string.find(name, "uri") != -1 or \
- string.find(name, "URI") != -1 or \
- string.find(info, "filename") != -1 or \
- string.find(info, "URI") != -1 or \
- string.find(info, "URL") != -1:
- if string.find(function, "Save") != -1 or \
- string.find(function, "Create") != -1 or \
- string.find(function, "Write") != -1 or \
- string.find(function, "Fetch") != -1:
- return('fileoutput')
- return('filepath')
+ if name.find("file") != -1 or \
+ name.find("uri") != -1 or \
+ name.find("URI") != -1 or \
+ info.find("filename") != -1 or \
+ info.find("URI") != -1 or \
+ info.find("URL") != -1:
+ if function.find("Save") != -1 or \
+ function.find("Create") != -1 or \
+ function.find("Write") != -1 or \
+ function.find("Fetch") != -1:
+ return('fileoutput')
+ return('filepath')
if res == 'void_ptr':
if module == 'nanoftp' and name == 'ctx':
- return('xmlNanoFTPCtxtPtr')
+ return('xmlNanoFTPCtxtPtr')
if function == 'xmlNanoFTPNewCtxt' or \
- function == 'xmlNanoFTPConnectTo' or \
- function == 'xmlNanoFTPOpen':
- return('xmlNanoFTPCtxtPtr')
+ function == 'xmlNanoFTPConnectTo' or \
+ function == 'xmlNanoFTPOpen':
+ return('xmlNanoFTPCtxtPtr')
if module == 'nanohttp' and name == 'ctx':
- return('xmlNanoHTTPCtxtPtr')
- if function == 'xmlNanoHTTPMethod' or \
- function == 'xmlNanoHTTPMethodRedir' or \
- function == 'xmlNanoHTTPOpen' or \
- function == 'xmlNanoHTTPOpenRedir':
- return('xmlNanoHTTPCtxtPtr');
+ return('xmlNanoHTTPCtxtPtr')
+ if function == 'xmlNanoHTTPMethod' or \
+ function == 'xmlNanoHTTPMethodRedir' or \
+ function == 'xmlNanoHTTPOpen' or \
+ function == 'xmlNanoHTTPOpenRedir':
+ return('xmlNanoHTTPCtxtPtr');
if function == 'xmlIOHTTPOpen':
- return('xmlNanoHTTPCtxtPtr')
- if string.find(name, "data") != -1:
- return('userdata')
- if string.find(name, "user") != -1:
- return('userdata')
+ return('xmlNanoHTTPCtxtPtr')
+ if name.find("data") != -1:
+ return('userdata')
+ if name.find("user") != -1:
+ return('userdata')
if res == 'xmlDoc_ptr':
res = 'xmlDocPtr'
if res == 'xmlNode_ptr':
@@ -366,18 +366,18 @@ def type_convert(str, name, info, module, function, pos):
res = 'xmlDictPtr'
if res == 'xmlNodePtr' and pos != 0:
if (function == 'xmlAddChild' and pos == 2) or \
- (function == 'xmlAddChildList' and pos == 2) or \
+ (function == 'xmlAddChildList' and pos == 2) or \
(function == 'xmlAddNextSibling' and pos == 2) or \
(function == 'xmlAddSibling' and pos == 2) or \
(function == 'xmlDocSetRootElement' and pos == 2) or \
(function == 'xmlReplaceNode' and pos == 2) or \
(function == 'xmlTextMerge') or \
- (function == 'xmlAddPrevSibling' and pos == 2):
- return('xmlNodePtr_in');
+ (function == 'xmlAddPrevSibling' and pos == 2):
+ return('xmlNodePtr_in');
if res == 'const xmlBufferPtr':
res = 'xmlBufferPtr'
if res == 'xmlChar_ptr' and name == 'name' and \
- string.find(function, "EatName") != -1:
+ function.find("EatName") != -1:
return('eaten_name')
if res == 'void_ptr*':
res = 'void_ptr_ptr'
@@ -393,7 +393,7 @@ def type_convert(str, name, info, module, function, pos):
res = 'debug_FILE_ptr';
if res == 'int' and name == 'options':
if module == 'parser' or module == 'xmlreader':
- res = 'parseroptions'
+ res = 'parseroptions'
return res
@@ -402,28 +402,28 @@ known_param_types = []
def is_known_param_type(name):
for type in known_param_types:
if type == name:
- return 1
+ return 1
return name[-3:] == 'Ptr' or name[-4:] == '_ptr'
def generate_param_type(name, rtype):
global test
for type in known_param_types:
if type == name:
- return
+ return
for type in generated_param_types:
if type == name:
- return
+ return
if name[-3:] == 'Ptr' or name[-4:] == '_ptr':
if rtype[0:6] == 'const ':
- crtype = rtype[6:]
- else:
- crtype = rtype
+ crtype = rtype[6:]
+ else:
+ crtype = rtype
define = 0
- if modules_defines.has_key(module):
- test.write("#ifdef %s\n" % (modules_defines[module]))
- define = 1
+ if module in modules_defines:
+ test.write("#ifdef %s\n" % (modules_defines[module]))
+ define = 1
test.write("""
#define gen_nb_%s 1
static %s gen_%s(int no ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) {
@@ -433,7 +433,7 @@ static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTR
}
""" % (name, crtype, name, name, rtype))
if define == 1:
- test.write("#endif\n\n")
+ test.write("#endif\n\n")
add_generated_param_type(name)
#
@@ -445,7 +445,7 @@ known_return_types = []
def is_known_return_type(name):
for type in known_return_types:
if type == name:
- return 1
+ return 1
return 0
#
@@ -471,7 +471,7 @@ def compare_and_save():
try:
os.system("rm testapi.c; mv testapi.c.new testapi.c")
except:
- os.system("mv testapi.c.new testapi.c")
+ os.system("mv testapi.c.new testapi.c")
print("Updated testapi.c")
else:
print("Generated testapi.c is identical")
@@ -481,17 +481,17 @@ while line != "":
if line == "/* CUT HERE: everything below that line is generated */\n":
break;
if line[0:15] == "#define gen_nb_":
- type = string.split(line[15:])[0]
- known_param_types.append(type)
+ type = line[15:].split()[0]
+ known_param_types.append(type)
if line[0:19] == "static void desret_":
- type = string.split(line[19:], '(')[0]
- known_return_types.append(type)
+ type = line[19:].split('(')[0]
+ known_return_types.append(type)
test.write(line)
line = input.readline()
input.close()
if line == "":
- print "Could not find the CUT marker in testapi.c skipping generation"
+ print("Could not find the CUT marker in testapi.c skipping generation")
test.close()
sys.exit(0)
@@ -505,7 +505,7 @@ test.write("/* CUT HERE: everything below that line is generated */\n")
#
doc = libxml2.readFile(srcPref + 'doc/libxml2-api.xml', None, 0)
if doc == None:
- print "Failed to load doc/libxml2-api.xml"
+ print("Failed to load doc/libxml2-api.xml")
sys.exit(1)
ctxt = doc.xpathNewContext()
@@ -519,9 +519,9 @@ for arg in args:
mod = arg.xpathEval('string(../@file)')
func = arg.xpathEval('string(../@name)')
if (mod not in skipped_modules) and (func not in skipped_functions):
- type = arg.xpathEval('string(@type)')
- if not argtypes.has_key(type):
- argtypes[type] = func
+ type = arg.xpathEval('string(@type)')
+ if type not in argtypes:
+ argtypes[type] = func
# similarly for return types
rettypes = {}
@@ -531,8 +531,8 @@ for ret in rets:
func = ret.xpathEval('string(../@name)')
if (mod not in skipped_modules) and (func not in skipped_functions):
type = ret.xpathEval('string(@type)')
- if not rettypes.has_key(type):
- rettypes[type] = func
+ if type not in rettypes:
+ rettypes[type] = func
#
# Generate constructors and return type handling for all enums
@@ -549,49 +549,49 @@ for enum in enums:
continue;
define = 0
- if argtypes.has_key(name) and is_known_param_type(name) == 0:
- values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name)
- i = 0
- vals = []
- for value in values:
- vname = value.xpathEval('string(@name)')
- if vname == None:
- continue;
- i = i + 1
- if i >= 5:
- break;
- vals.append(vname)
- if vals == []:
- print "Didn't find any value for enum %s" % (name)
- continue
- if modules_defines.has_key(module):
- test.write("#ifdef %s\n" % (modules_defines[module]))
- define = 1
- test.write("#define gen_nb_%s %d\n" % (name, len(vals)))
- test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" %
- (name, name))
- i = 1
- for value in vals:
- test.write(" if (no == %d) return(%s);\n" % (i, value))
- i = i + 1
- test.write(""" return(0);
+ if (name in argtypes) and is_known_param_type(name) == 0:
+ values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name)
+ i = 0
+ vals = []
+ for value in values:
+ vname = value.xpathEval('string(@name)')
+ if vname == None:
+ continue;
+ i = i + 1
+ if i >= 5:
+ break;
+ vals.append(vname)
+ if vals == []:
+ print("Didn't find any value for enum %s" % (name))
+ continue
+ if module in modules_defines:
+ test.write("#ifdef %s\n" % (modules_defines[module]))
+ define = 1
+ test.write("#define gen_nb_%s %d\n" % (name, len(vals)))
+ test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" %
+ (name, name))
+ i = 1
+ for value in vals:
+ test.write(" if (no == %d) return(%s);\n" % (i, value))
+ i = i + 1
+ test.write(""" return(0);
}
static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) {
}
""" % (name, name));
- known_param_types.append(name)
+ known_param_types.append(name)
if (is_known_return_type(name) == 0) and (name in rettypes):
- if define == 0 and modules_defines.has_key(module):
- test.write("#ifdef %s\n" % (modules_defines[module]))
- define = 1
+ if define == 0 and (module in modules_defines):
+ test.write("#ifdef %s\n" % (modules_defines[module]))
+ define = 1
test.write("""static void desret_%s(%s val ATTRIBUTE_UNUSED) {
}
""" % (name, name))
- known_return_types.append(name)
+ known_return_types.append(name)
if define == 1:
test.write("#endif\n\n")
@@ -615,9 +615,9 @@ for file in headers:
# do not test deprecated APIs
#
desc = file.xpathEval('string(description)')
- if string.find(desc, 'DEPRECATED') != -1:
- print "Skipping deprecated interface %s" % name
- continue;
+ if desc.find('DEPRECATED') != -1:
+ print("Skipping deprecated interface %s" % name)
+ continue;
test.write("#include <libxml/%s.h>\n" % name)
modules.append(name)
@@ -679,7 +679,7 @@ def generate_test(module, node):
# and store the informations for the generation
#
try:
- args = node.xpathEval("arg")
+ args = node.xpathEval("arg")
except:
args = []
t_args = []
@@ -687,37 +687,37 @@ def generate_test(module, node):
for arg in args:
n = n + 1
rtype = arg.xpathEval("string(@type)")
- if rtype == 'void':
- break;
- info = arg.xpathEval("string(@info)")
- nam = arg.xpathEval("string(@name)")
+ if rtype == 'void':
+ break;
+ info = arg.xpathEval("string(@info)")
+ nam = arg.xpathEval("string(@name)")
type = type_convert(rtype, nam, info, module, name, n)
- if is_known_param_type(type) == 0:
- add_missing_type(type, name);
- no_gen = 1
+ if is_known_param_type(type) == 0:
+ add_missing_type(type, name);
+ no_gen = 1
if (type[-3:] == 'Ptr' or type[-4:] == '_ptr') and \
- rtype[0:6] == 'const ':
- crtype = rtype[6:]
- else:
- crtype = rtype
- t_args.append((nam, type, rtype, crtype, info))
+ rtype[0:6] == 'const ':
+ crtype = rtype[6:]
+ else:
+ crtype = rtype
+ t_args.append((nam, type, rtype, crtype, info))
try:
- rets = node.xpathEval("return")
+ rets = node.xpathEval("return")
except:
rets = []
t_ret = None
for ret in rets:
rtype = ret.xpathEval("string(@type)")
- info = ret.xpathEval("string(@info)")
+ info = ret.xpathEval("string(@info)")
type = type_convert(rtype, 'return', info, module, name, 0)
- if rtype == 'void':
- break
- if is_known_return_type(type) == 0:
- add_missing_type(type, name);
- no_gen = 1
- t_ret = (type, rtype, info)
- break
+ if rtype == 'void':
+ break
+ if is_known_return_type(type) == 0:
+ add_missing_type(type, name);
+ no_gen = 1
+ t_ret = (type, rtype, info)
+ break
if no_gen == 0:
for t_arg in t_args:
@@ -733,7 +733,7 @@ test_%s(void) {
if no_gen == 1:
add_missing_functions(name, module)
- test.write("""
+ test.write("""
/* missing type support */
return(test_ret);
}
@@ -742,22 +742,22 @@ test_%s(void) {
return
try:
- conds = node.xpathEval("cond")
- for cond in conds:
- test.write("#if %s\n" % (cond.get_content()))
- nb_cond = nb_cond + 1
+ conds = node.xpathEval("cond")
+ for cond in conds:
+ test.write("#if %s\n" % (cond.get_content()))
+ nb_cond = nb_cond + 1
except:
pass
define = 0
- if function_defines.has_key(name):
+ if name in function_defines:
test.write("#ifdef %s\n" % (function_defines[name]))
- define = 1
+ define = 1
# Declare the memory usage counter
no_mem = is_skipped_memcheck(name)
if no_mem == 0:
- test.write(" int mem_base;\n");
+ test.write(" int mem_base;\n");
# Declare the return value
if t_ret != None:
@@ -766,29 +766,29 @@ test_%s(void) {
# Declare the arguments
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- # add declaration
- test.write(" %s %s; /* %s */\n" % (crtype, nam, info))
- test.write(" int n_%s;\n" % (nam))
+ # add declaration
+ test.write(" %s %s; /* %s */\n" % (crtype, nam, info))
+ test.write(" int n_%s;\n" % (nam))
test.write("\n")
# Cascade loop on of each argument list of values
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- #
- test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % (
- nam, nam, type, nam))
+ #
+ test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % (
+ nam, nam, type, nam))
# log the memory usage
if no_mem == 0:
- test.write(" mem_base = xmlMemBlocks();\n");
+ test.write(" mem_base = xmlMemBlocks();\n");
# prepare the call
i = 0;
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- #
- test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i))
- i = i + 1;
+ #
+ test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i))
+ i = i + 1;
# add checks to avoid out-of-bounds array access
i = 0;
@@ -797,7 +797,7 @@ test_%s(void) {
# assume that "size", "len", and "start" parameters apply to either
# the nearest preceding or following char pointer
if type == "int" and (nam == "size" or nam == "len" or nam == "start"):
- for j in range(i - 1, -1, -1) + range(i + 1, len(t_args)):
+ for j in (*range(i - 1, -1, -1), *range(i + 1, len(t_args))):
(bnam, btype) = t_args[j][:2]
if btype == "const_char_ptr" or btype == "const_xmlChar_ptr":
test.write(
@@ -806,42 +806,42 @@ test_%s(void) {
" continue;\n"
% (bnam, nam, bnam))
break
- i = i + 1;
+ i = i + 1;
# do the call, and clanup the result
- if extra_pre_call.has_key(name):
- test.write(" %s\n"% (extra_pre_call[name]))
+ if name in extra_pre_call:
+ test.write(" %s\n"% (extra_pre_call[name]))
if t_ret != None:
- test.write("\n ret_val = %s(" % (name))
- need = 0
- for arg in t_args:
- (nam, type, rtype, crtype, info) = arg
- if need:
- test.write(", ")
- else:
- need = 1
- if rtype != crtype:
- test.write("(%s)" % rtype)
- test.write("%s" % nam);
- test.write(");\n")
- if extra_post_call.has_key(name):
- test.write(" %s\n"% (extra_post_call[name]))
- test.write(" desret_%s(ret_val);\n" % t_ret[0])
+ test.write("\n ret_val = %s(" % (name))
+ need = 0
+ for arg in t_args:
+ (nam, type, rtype, crtype, info) = arg
+ if need:
+ test.write(", ")
+ else:
+ need = 1
+ if rtype != crtype:
+ test.write("(%s)" % rtype)
+ test.write("%s" % nam);
+ test.write(");\n")
+ if name in extra_post_call:
+ test.write(" %s\n"% (extra_post_call[name]))
+ test.write(" desret_%s(ret_val);\n" % t_ret[0])
else:
- test.write("\n %s(" % (name));
- need = 0;
- for arg in t_args:
- (nam, type, rtype, crtype, info) = arg;
- if need:
- test.write(", ")
- else:
- need = 1
- if rtype != crtype:
- test.write("(%s)" % rtype)
- test.write("%s" % nam)
- test.write(");\n")
- if extra_post_call.has_key(name):
- test.write(" %s\n"% (extra_post_call[name]))
+ test.write("\n %s(" % (name));
+ need = 0;
+ for arg in t_args:
+ (nam, type, rtype, crtype, info) = arg;
+ if need:
+ test.write(", ")
+ else:
+ need = 1
+ if rtype != crtype:
+ test.write("(%s)" % rtype)
+ test.write("%s" % nam)
+ test.write(");\n")
+ if name in extra_post_call:
+ test.write(" %s\n"% (extra_post_call[name]))
test.write(" call_tests++;\n");
@@ -849,32 +849,32 @@ test_%s(void) {
i = 0;
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- # This is a hack to prevent generating a destructor for the
- # 'input' argument in xmlTextReaderSetup. There should be
- # a better, more generic way to do this!
- if string.find(info, 'destroy') == -1:
- test.write(" des_%s(n_%s, " % (type, nam))
- if rtype != crtype:
- test.write("(%s)" % rtype)
- test.write("%s, %d);\n" % (nam, i))
- i = i + 1;
+ # This is a hack to prevent generating a destructor for the
+ # 'input' argument in xmlTextReaderSetup. There should be
+ # a better, more generic way to do this!
+ if info.find('destroy') == -1:
+ test.write(" des_%s(n_%s, " % (type, nam))
+ if rtype != crtype:
+ test.write("(%s)" % rtype)
+ test.write("%s, %d);\n" % (nam, i))
+ i = i + 1;
test.write(" xmlResetLastError();\n");
# Check the memory usage
if no_mem == 0:
- test.write(""" if (mem_base != xmlMemBlocks()) {
+ test.write(""" if (mem_base != xmlMemBlocks()) {
printf("Leak of %%d blocks found in %s",
- xmlMemBlocks() - mem_base);
- test_ret++;
+\t xmlMemBlocks() - mem_base);
+\t test_ret++;
""" % (name));
- for arg in t_args:
- (nam, type, rtype, crtype, info) = arg;
- test.write(""" printf(" %%d", n_%s);\n""" % (nam))
- test.write(""" printf("\\n");\n""")
- test.write(" }\n")
+ for arg in t_args:
+ (nam, type, rtype, crtype, info) = arg;
+ test.write(""" printf(" %%d", n_%s);\n""" % (nam))
+ test.write(""" printf("\\n");\n""")
+ test.write(" }\n")
for arg in t_args:
- test.write(" }\n")
+ test.write(" }\n")
test.write(" function_tests++;\n")
#
@@ -882,7 +882,7 @@ test_%s(void) {
#
while nb_cond > 0:
test.write("#endif\n")
- nb_cond = nb_cond -1
+ nb_cond = nb_cond -1
if define == 1:
test.write("#endif\n")
@@ -900,10 +900,10 @@ test_%s(void) {
for module in modules:
# gather all the functions exported by that module
try:
- functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module))
+ functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module))
except:
- print "Failed to gather functions from module %s" % (module)
- continue;
+ print("Failed to gather functions from module %s" % (module))
+ continue;
# iterate over all functions in the module generating the test
i = 0
@@ -923,14 +923,14 @@ test_%s(void) {
# iterate over all functions in the module generating the call
for function in functions:
name = function.xpathEval('string(@name)')
- if is_skipped_function(name):
- continue
- test.write(" test_ret += test_%s();\n" % (name))
+ if is_skipped_function(name):
+ continue
+ test.write(" test_ret += test_%s();\n" % (name))
# footer
test.write("""
if (test_ret != 0)
- printf("Module %s: %%d errors\\n", test_ret);
+\tprintf("Module %s: %%d errors\\n", test_ret);
return(test_ret);
}
""" % (module))
@@ -948,7 +948,7 @@ test.write(""" return(0);
}
""");
-print "Generated test for %d modules and %d functions" %(len(modules), nb_tests)
+print("Generated test for %d modules and %d functions" %(len(modules), nb_tests))
compare_and_save()
@@ -960,11 +960,8 @@ for missing in missing_types.keys():
n = len(missing_types[missing])
missing_list.append((n, missing))
-def compare_missing(a, b):
- return b[0] - a[0]
-
-missing_list.sort(compare_missing)
-print "Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list))
+missing_list.sort(key=lambda a: a[0])
+print("Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list)))
lst = open("missing.lst", "w")
lst.write("Missing support for %d types" % (len(missing_list)))
lst.write("\n")
@@ -974,9 +971,9 @@ for miss in missing_list:
for n in missing_types[miss[1]]:
i = i + 1
if i > 5:
- lst.write(" ...")
- break
- lst.write(" %s" % (n))
+ lst.write(" ...")
+ break
+ lst.write(" %s" % (n))
lst.write("\n")
lst.write("\n")
lst.write("\n")

View File

@@ -0,0 +1,89 @@
From c1ba6f54d32b707ca6d91cb3257ce9de82876b6f Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 15 Aug 2020 18:32:29 +0200
Subject: [PATCH] Revert "Do not URI escape in server side includes"
This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
This commit introduced
- an infinite loop, found by OSS-Fuzz, which could be easily fixed.
- an algorithm with quadratic runtime
- a security issue, see
https://bugzilla.gnome.org/show_bug.cgi?id=769760
A better approach is to add an option not to escape URLs at all
which libxml2 should have possibly done in the first place.
CVE: CVE-2016-3709
Upstream-Status: Backport [https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f]
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
---
HTMLtree.c | 49 +++++++++++--------------------------------------
1 file changed, 11 insertions(+), 38 deletions(-)
diff --git a/HTMLtree.c b/HTMLtree.c
index 8d236bb35..cdb7f86a6 100644
--- a/HTMLtree.c
+++ b/HTMLtree.c
@@ -706,49 +706,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
(!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
(!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
+ xmlChar *escaped;
xmlChar *tmp = value;
- /* xmlURIEscapeStr() escapes '"' so it can be safely used. */
- xmlBufCCat(buf->buffer, "\"");
while (IS_BLANK_CH(*tmp)) tmp++;
- /* URI Escape everything, except server side includes. */
- for ( ; ; ) {
- xmlChar *escaped;
- xmlChar endChar;
- xmlChar *end = NULL;
- xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
- if (start != NULL) {
- end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
- if (end != NULL) {
- *start = '\0';
- }
- }
-
- /* Escape the whole string, or until start (set to '\0'). */
- escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
- if (escaped != NULL) {
- xmlBufCat(buf->buffer, escaped);
- xmlFree(escaped);
- } else {
- xmlBufCat(buf->buffer, tmp);
- }
-
- if (end == NULL) { /* Everything has been written. */
- break;
- }
-
- /* Do not escape anything within server side includes. */
- *start = '<'; /* Restore the first character of "<!--". */
- end += 3; /* strlen("-->") */
- endChar = *end;
- *end = '\0';
- xmlBufCat(buf->buffer, start);
- *end = endChar;
- tmp = end;
+ /*
+ * the < and > have already been escaped at the entity level
+ * And doing so here breaks server side includes
+ */
+ escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
+ if (escaped != NULL) {
+ xmlBufWriteQuotedString(buf->buffer, escaped);
+ xmlFree(escaped);
+ } else {
+ xmlBufWriteQuotedString(buf->buffer, value);
}
-
- xmlBufCCat(buf->buffer, "\"");
} else {
xmlBufWriteQuotedString(buf->buffer, value);
}

View File

@@ -0,0 +1,98 @@
From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 22 Feb 2022 11:51:08 +0100
Subject: [PATCH] Fix --without-valid build
Regressed in commit 652dd12a.
---
valid.c | 58 ++++++++++++++++++++++++++++-----------------------------
1 file changed, 29 insertions(+), 29 deletions(-)
---
From https://github.com/GNOME/libxml2.git
commit 646fe48d1c8a74310c409ddf81fe7df6700052af
CVE: CVE-2022-23308
Upstream-Status: Backport
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
diff --git a/valid.c b/valid.c
index 8e596f1d..9684683a 100644
--- a/valid.c
+++ b/valid.c
@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
return (ret);
}
-/**
- * xmlValidNormalizeString:
- * @str: a string
- *
- * Normalize a string in-place.
- */
-static void
-xmlValidNormalizeString(xmlChar *str) {
- xmlChar *dst;
- const xmlChar *src;
-
- if (str == NULL)
- return;
- src = str;
- dst = str;
-
- while (*src == 0x20) src++;
- while (*src != 0) {
- if (*src == 0x20) {
- while (*src == 0x20) src++;
- if (*src != 0)
- *dst++ = 0x20;
- } else {
- *dst++ = *src++;
- }
- }
- *dst = 0;
-}
-
#ifdef DEBUG_VALID_ALGO
static void
xmlValidPrintNode(xmlNodePtr cur) {
@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
(xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
xmlFree((char *)(str));
+/**
+ * xmlValidNormalizeString:
+ * @str: a string
+ *
+ * Normalize a string in-place.
+ */
+static void
+xmlValidNormalizeString(xmlChar *str) {
+ xmlChar *dst;
+ const xmlChar *src;
+
+ if (str == NULL)
+ return;
+ src = str;
+ dst = str;
+
+ while (*src == 0x20) src++;
+ while (*src != 0) {
+ if (*src == 0x20) {
+ while (*src == 0x20) src++;
+ if (*src != 0)
+ *dst++ = 0x20;
+ } else {
+ *dst++ = *src++;
+ }
+ }
+ *dst = 0;
+}
+
static int
xmlIsStreaming(xmlValidCtxtPtr ctxt) {
xmlParserCtxtPtr pctxt;
--
2.35.1

View File

@@ -0,0 +1,204 @@
From 8b66850de350f0fcd786ae776a65ba15a5999e50 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 8 Feb 2022 03:29:24 +0100
Subject: [PATCH] Use-after-free of ID and IDREF attributes
If a document is parsed with XML_PARSE_DTDVALID and without
XML_PARSE_NOENT, the value of ID attributes has to be normalized after
potentially expanding entities in xmlRemoveID. Otherwise, later calls
to xmlGetID can return a pointer to previously freed memory.
ID attributes which are empty or contain only whitespace after
entity expansion are affected in a similar way. This is fixed by
not storing such attributes in the ID table.
The test to detect streaming mode when validating against a DTD was
broken. In connection with the defects above, this could result in a
use-after-free when using the xmlReader interface with validation.
Fix detection of streaming mode to avoid similar issues. (This changes
the expected result of a test case. But as far as I can tell, using the
XML reader with XIncludes referencing the root document never worked
properly, anyway.)
All of these issues can result in denial of service. Using xmlReader
with validation could result in disclosure of memory via the error
channel, typically stderr. The security impact of xmlGetID returning
a pointer to freed memory depends on the application. The typical use
case of calling xmlGetID on an unmodified document is not affected.
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e]
The upstream patch 652dd12a858989b14eed4e84e453059cd3ba340e has been modified
to skip the patch to the testsuite result (result/XInclude/ns1.xml.rdr), as
this particular test does not exist in v2.9.10 (it was added later).
CVE: CVE-2022-23308
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
valid.c | 88 +++++++++++++++++++++++++++++++++++----------------------
1 file changed, 55 insertions(+), 33 deletions(-)
diff --git a/valid.c b/valid.c
index 07963e7..ee75311 100644
--- a/valid.c
+++ b/valid.c
@@ -479,6 +479,35 @@ nodeVPop(xmlValidCtxtPtr ctxt)
return (ret);
}
+/**
+ * xmlValidNormalizeString:
+ * @str: a string
+ *
+ * Normalize a string in-place.
+ */
+static void
+xmlValidNormalizeString(xmlChar *str) {
+ xmlChar *dst;
+ const xmlChar *src;
+
+ if (str == NULL)
+ return;
+ src = str;
+ dst = str;
+
+ while (*src == 0x20) src++;
+ while (*src != 0) {
+ if (*src == 0x20) {
+ while (*src == 0x20) src++;
+ if (*src != 0)
+ *dst++ = 0x20;
+ } else {
+ *dst++ = *src++;
+ }
+ }
+ *dst = 0;
+}
+
#ifdef DEBUG_VALID_ALGO
static void
xmlValidPrintNode(xmlNodePtr cur) {
@@ -2607,6 +2636,24 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
(xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
xmlFree((char *)(str));
+static int
+xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+ xmlParserCtxtPtr pctxt;
+
+ if (ctxt == NULL)
+ return(0);
+ /*
+ * These magic values are also abused to detect whether we're validating
+ * while parsing a document. In this case, userData points to the parser
+ * context.
+ */
+ if ((ctxt->finishDtd != XML_CTXT_FINISH_DTD_0) &&
+ (ctxt->finishDtd != XML_CTXT_FINISH_DTD_1))
+ return(0);
+ pctxt = ctxt->userData;
+ return(pctxt->parseMode == XML_PARSE_READER);
+}
+
/**
* xmlFreeID:
* @not: A id
@@ -2650,7 +2697,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value,
if (doc == NULL) {
return(NULL);
}
- if (value == NULL) {
+ if ((value == NULL) || (value[0] == 0)) {
return(NULL);
}
if (attr == NULL) {
@@ -2681,7 +2728,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value,
*/
ret->value = xmlStrdup(value);
ret->doc = doc;
- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) {
+ if (xmlIsStreaming(ctxt)) {
/*
* Operating in streaming mode, attr is gonna disappear
*/
@@ -2820,6 +2867,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) {
ID = xmlNodeListGetString(doc, attr->children, 1);
if (ID == NULL)
return(-1);
+ xmlValidNormalizeString(ID);
id = xmlHashLookup(table, ID);
if (id == NULL || id->attr != attr) {
@@ -3009,7 +3057,7 @@ xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value,
* fill the structure.
*/
ret->value = xmlStrdup(value);
- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) {
+ if (xmlIsStreaming(ctxt)) {
/*
* Operating in streaming mode, attr is gonna disappear
*/
@@ -4028,8 +4076,7 @@ xmlValidateAttributeValue2(xmlValidCtxtPtr ctxt, xmlDocPtr doc,
xmlChar *
xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc,
xmlNodePtr elem, const xmlChar *name, const xmlChar *value) {
- xmlChar *ret, *dst;
- const xmlChar *src;
+ xmlChar *ret;
xmlAttributePtr attrDecl = NULL;
int extsubset = 0;
@@ -4070,19 +4117,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc,
ret = xmlStrdup(value);
if (ret == NULL)
return(NULL);
- src = value;
- dst = ret;
- while (*src == 0x20) src++;
- while (*src != 0) {
- if (*src == 0x20) {
- while (*src == 0x20) src++;
- if (*src != 0)
- *dst++ = 0x20;
- } else {
- *dst++ = *src++;
- }
- }
- *dst = 0;
+ xmlValidNormalizeString(ret);
if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) {
xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE,
"standalone: %s on %s value had to be normalized based on external subset declaration\n",
@@ -4114,8 +4149,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc,
xmlChar *
xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem,
const xmlChar *name, const xmlChar *value) {
- xmlChar *ret, *dst;
- const xmlChar *src;
+ xmlChar *ret;
xmlAttributePtr attrDecl = NULL;
if (doc == NULL) return(NULL);
@@ -4145,19 +4179,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem,
ret = xmlStrdup(value);
if (ret == NULL)
return(NULL);
- src = value;
- dst = ret;
- while (*src == 0x20) src++;
- while (*src != 0) {
- if (*src == 0x20) {
- while (*src == 0x20) src++;
- if (*src != 0)
- *dst++ = 0x20;
- } else {
- *dst++ = *src++;
- }
- }
- *dst = 0;
+ xmlValidNormalizeString(ret);
return(ret);
}

View File

@@ -0,0 +1,53 @@
From b07251215ef48c70c6e56f7351406c47cfca4d5b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 10 Jan 2020 15:55:07 +0100
Subject: [PATCH] Fix integer overflow in xmlBufferResize
Found by OSS-Fuzz.
CVE: CVE-2022-29824
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/b07251215ef48c70c6e56f7351406c47cfca4d5b]
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
---
tree.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tree.c b/tree.c
index 0d7fc98c..f43f6de1 100644
--- a/tree.c
+++ b/tree.c
@@ -7424,12 +7424,17 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
if (size < buf->size)
return 1;
+ if (size > UINT_MAX - 10) {
+ xmlTreeErrMemory("growing buffer");
+ return 0;
+ }
+
/* figure out new size */
switch (buf->alloc){
case XML_BUFFER_ALLOC_IO:
case XML_BUFFER_ALLOC_DOUBLEIT:
/*take care of empty case*/
- newSize = (buf->size ? buf->size*2 : size + 10);
+ newSize = (buf->size ? buf->size : size + 10);
while (size > newSize) {
if (newSize > UINT_MAX / 2) {
xmlTreeErrMemory("growing buffer");
@@ -7445,7 +7450,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
if (buf->use < BASE_BUFFER_SIZE)
newSize = size;
else {
- newSize = buf->size * 2;
+ newSize = buf->size;
while (size > newSize) {
if (newSize > UINT_MAX / 2) {
xmlTreeErrMemory("growing buffer");
--
GitLab

View File

@@ -0,0 +1,348 @@
From 2554a2408e09f13652049e5ffb0d26196b02ebab Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 8 Mar 2022 20:10:02 +0100
Subject: [PATCH] [CVE-2022-29824] Fix integer overflows in xmlBuf and
xmlBuffer
In several places, the code handling string buffers didn't check for
integer overflow or used wrong types for buffer sizes. This could
result in out-of-bounds writes or other memory errors when working on
large, multi-gigabyte buffers.
Thanks to Felix Wilhelm for the report.
CVE: CVE-2022-29824
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab]
Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com>
---
buf.c | 86 +++++++++++++++++++++++-----------------------------------
tree.c | 72 ++++++++++++++++++------------------------------
2 files changed, 61 insertions(+), 97 deletions(-)
diff --git a/buf.c b/buf.c
index 24368d37..40a5ee06 100644
--- a/buf.c
+++ b/buf.c
@@ -30,6 +30,10 @@
#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
#include "buf.h"
+#ifndef SIZE_MAX
+#define SIZE_MAX ((size_t) -1)
+#endif
+
#define WITH_BUFFER_COMPAT
/**
@@ -156,6 +160,8 @@ xmlBufPtr
xmlBufCreateSize(size_t size) {
xmlBufPtr ret;
+ if (size == SIZE_MAX)
+ return(NULL);
ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf));
if (ret == NULL) {
xmlBufMemoryError(NULL, "creating buffer");
@@ -166,8 +172,8 @@ xmlBufCreateSize(size_t size) {
ret->error = 0;
ret->buffer = NULL;
ret->alloc = xmlBufferAllocScheme;
- ret->size = (size ? size+2 : 0); /* +1 for ending null */
- ret->compat_size = (int) ret->size;
+ ret->size = (size ? size + 1 : 0); /* +1 for ending null */
+ ret->compat_size = (ret->size > INT_MAX ? INT_MAX : ret->size);
if (ret->size){
ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar));
if (ret->content == NULL) {
@@ -442,23 +448,17 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
- if (buf->use + len < buf->size)
+ if (len < buf->size - buf->use)
return(buf->size - buf->use);
+ if (len > SIZE_MAX - buf->use)
+ return(0);
- /*
- * Windows has a BIG problem on realloc timing, so we try to double
- * the buffer size (if that's enough) (bug 146697)
- * Apparently BSD too, and it's probably best for linux too
- * On an embedded system this may be something to change
- */
-#if 1
- if (buf->size > (size_t) len)
- size = buf->size * 2;
- else
- size = buf->use + len + 100;
-#else
- size = buf->use + len + 100;
-#endif
+ if (buf->size > (size_t) len) {
+ size = buf->size > SIZE_MAX / 2 ? SIZE_MAX : buf->size * 2;
+ } else {
+ size = buf->use + len;
+ size = size > SIZE_MAX - 100 ? SIZE_MAX : size + 100;
+ }
if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
/*
@@ -744,7 +744,7 @@ xmlBufIsEmpty(const xmlBufPtr buf)
int
xmlBufResize(xmlBufPtr buf, size_t size)
{
- unsigned int newSize;
+ size_t newSize;
xmlChar* rebuf = NULL;
size_t start_buf;
@@ -772,9 +772,13 @@ xmlBufResize(xmlBufPtr buf, size_t size)
case XML_BUFFER_ALLOC_IO:
case XML_BUFFER_ALLOC_DOUBLEIT:
/*take care of empty case*/
- newSize = (buf->size ? buf->size*2 : size + 10);
+ if (buf->size == 0) {
+ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10);
+ } else {
+ newSize = buf->size;
+ }
while (size > newSize) {
- if (newSize > UINT_MAX / 2) {
+ if (newSize > SIZE_MAX / 2) {
xmlBufMemoryError(buf, "growing buffer");
return 0;
}
@@ -782,15 +786,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
}
break;
case XML_BUFFER_ALLOC_EXACT:
- newSize = size+10;
+ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10);
break;
case XML_BUFFER_ALLOC_HYBRID:
if (buf->use < BASE_BUFFER_SIZE)
newSize = size;
else {
- newSize = buf->size * 2;
+ newSize = buf->size;
while (size > newSize) {
- if (newSize > UINT_MAX / 2) {
+ if (newSize > SIZE_MAX / 2) {
xmlBufMemoryError(buf, "growing buffer");
return 0;
}
@@ -800,7 +804,7 @@ xmlBufResize(xmlBufPtr buf, size_t size)
break;
default:
- newSize = size+10;
+ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10);
break;
}
@@ -866,7 +870,7 @@ xmlBufResize(xmlBufPtr buf, size_t size)
*/
int
xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
- unsigned int needSize;
+ size_t needSize;
if ((str == NULL) || (buf == NULL) || (buf->error))
return -1;
@@ -888,8 +892,10 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
if (len < 0) return -1;
if (len == 0) return 0;
- needSize = buf->use + len + 2;
- if (needSize > buf->size){
+ if ((size_t) len >= buf->size - buf->use) {
+ if ((size_t) len >= SIZE_MAX - buf->use)
+ return(-1);
+ needSize = buf->use + len + 1;
if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
/*
* Used to provide parsing limits
@@ -1025,31 +1031,7 @@ xmlBufCat(xmlBufPtr buf, const xmlChar *str) {
*/
int
xmlBufCCat(xmlBufPtr buf, const char *str) {
- const char *cur;
-
- if ((buf == NULL) || (buf->error))
- return(-1);
- CHECK_COMPAT(buf)
- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1;
- if (str == NULL) {
-#ifdef DEBUG_BUFFER
- xmlGenericError(xmlGenericErrorContext,
- "xmlBufCCat: str == NULL\n");
-#endif
- return -1;
- }
- for (cur = str;*cur != 0;cur++) {
- if (buf->use + 10 >= buf->size) {
- if (!xmlBufResize(buf, buf->use+10)){
- xmlBufMemoryError(buf, "growing buffer");
- return XML_ERR_NO_MEMORY;
- }
- }
- buf->content[buf->use++] = *cur;
- }
- buf->content[buf->use] = 0;
- UPDATE_COMPAT(buf)
- return 0;
+ return xmlBufCat(buf, (const xmlChar *) str);
}
/**
diff --git a/tree.c b/tree.c
index 9d94aa42..86afb7d6 100644
--- a/tree.c
+++ b/tree.c
@@ -7104,6 +7104,8 @@ xmlBufferPtr
xmlBufferCreateSize(size_t size) {
xmlBufferPtr ret;
+ if (size >= UINT_MAX)
+ return(NULL);
ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer));
if (ret == NULL) {
xmlTreeErrMemory("creating buffer");
@@ -7111,7 +7113,7 @@ xmlBufferCreateSize(size_t size) {
}
ret->use = 0;
ret->alloc = xmlBufferAllocScheme;
- ret->size = (size ? size+2 : 0); /* +1 for ending null */
+ ret->size = (size ? size + 1 : 0); /* +1 for ending null */
if (ret->size){
ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar));
if (ret->content == NULL) {
@@ -7171,6 +7173,8 @@ xmlBufferCreateStatic(void *mem, size_t size) {
if ((mem == NULL) || (size == 0))
return(NULL);
+ if (size > UINT_MAX)
+ return(NULL);
ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer));
if (ret == NULL) {
@@ -7318,28 +7322,23 @@ xmlBufferShrink(xmlBufferPtr buf, unsigned int len) {
*/
int
xmlBufferGrow(xmlBufferPtr buf, unsigned int len) {
- int size;
+ unsigned int size;
xmlChar *newbuf;
if (buf == NULL) return(-1);
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
- if (len + buf->use < buf->size) return(0);
+ if (len < buf->size - buf->use)
+ return(0);
+ if (len > UINT_MAX - buf->use)
+ return(-1);
- /*
- * Windows has a BIG problem on realloc timing, so we try to double
- * the buffer size (if that's enough) (bug 146697)
- * Apparently BSD too, and it's probably best for linux too
- * On an embedded system this may be something to change
- */
-#if 1
- if (buf->size > len)
- size = buf->size * 2;
- else
- size = buf->use + len + 100;
-#else
- size = buf->use + len + 100;
-#endif
+ if (buf->size > (size_t) len) {
+ size = buf->size > UINT_MAX / 2 ? UINT_MAX : buf->size * 2;
+ } else {
+ size = buf->use + len;
+ size = size > UINT_MAX - 100 ? UINT_MAX : size + 100;
+ }
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
@@ -7466,7 +7465,10 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
case XML_BUFFER_ALLOC_IO:
case XML_BUFFER_ALLOC_DOUBLEIT:
/*take care of empty case*/
- newSize = (buf->size ? buf->size : size + 10);
+ if (buf->size == 0)
+ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);
+ else
+ newSize = buf->size;
while (size > newSize) {
if (newSize > UINT_MAX / 2) {
xmlTreeErrMemory("growing buffer");
@@ -7476,7 +7478,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
}
break;
case XML_BUFFER_ALLOC_EXACT:
- newSize = size+10;
+ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);;
break;
case XML_BUFFER_ALLOC_HYBRID:
if (buf->use < BASE_BUFFER_SIZE)
@@ -7494,7 +7496,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
break;
default:
- newSize = size+10;
+ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);;
break;
}
@@ -7580,8 +7582,10 @@ xmlBufferAdd(xmlBufferPtr buf, const xmlChar *str, int len) {
if (len < 0) return -1;
if (len == 0) return 0;
- needSize = buf->use + len + 2;
- if (needSize > buf->size){
+ if ((unsigned) len >= buf->size - buf->use) {
+ if ((unsigned) len >= UINT_MAX - buf->use)
+ return XML_ERR_NO_MEMORY;
+ needSize = buf->use + len + 1;
if (!xmlBufferResize(buf, needSize)){
xmlTreeErrMemory("growing buffer");
return XML_ERR_NO_MEMORY;
@@ -7694,29 +7698,7 @@ xmlBufferCat(xmlBufferPtr buf, const xmlChar *str) {
*/
int
xmlBufferCCat(xmlBufferPtr buf, const char *str) {
- const char *cur;
-
- if (buf == NULL)
- return(-1);
- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1;
- if (str == NULL) {
-#ifdef DEBUG_BUFFER
- xmlGenericError(xmlGenericErrorContext,
- "xmlBufferCCat: str == NULL\n");
-#endif
- return -1;
- }
- for (cur = str;*cur != 0;cur++) {
- if (buf->use + 10 >= buf->size) {
- if (!xmlBufferResize(buf, buf->use+10)){
- xmlTreeErrMemory("growing buffer");
- return XML_ERR_NO_MEMORY;
- }
- }
- buf->content[buf->use++] = *cur;
- }
- buf->content[buf->use] = 0;
- return 0;
+ return xmlBufferCat(buf, (const xmlChar *) str);
}
/**
--
GitLab

View File

@@ -1,6 +1,6 @@
SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
HOMEPAGE = "http://www.xmlsoft.org/"
HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
@@ -11,8 +11,9 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
DEPENDS = "zlib virtual/libiconv"
SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
inherit gnomebase
SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
file://libxml-64bit.patch \
file://runtest.patch \
file://run-ptest \
@@ -27,10 +28,15 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://CVE-2021-3537.patch \
file://CVE-2021-3518.patch \
file://CVE-2021-3541.patch \
file://CVE-2022-23308.patch \
file://CVE-2022-23308-fix-regression.patch \
file://CVE-2022-29824-dependent.patch \
file://CVE-2022-29824.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
file://CVE-2016-3709.patch \
"
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
SRC_URI[libtar.sha256sum] = "aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f"
SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
@@ -85,6 +91,16 @@ do_configure_prepend () {
}
do_compile_ptest() {
# Make sure that testapi.c is newer than gentests.py, because
# with reproducible builds, they will both get e.g. Jan 1 1970
# modification time from SOURCE_DATE_EPOCH and then check-am
# might try to rebuild_testapi, which will fail even with
# 0001-Port-gentest.py-to-Python-3.patch, because it needs
# libxml2 module (libxml2-native dependency and correctly
# set PYTHON_SITE_PACKAGES), it's easier to
# just rely on pre-generated testapi.c from the release
touch ${S}/testapi.c
oe_runmake check-am
}

View File

@@ -12,6 +12,11 @@ deltask do_compile
deltask do_install
deltask do_populate_sysroot
# CVE database update interval, in seconds. By default: once a day (24*60*60).
# Use 0 to force the update
# Use a negative value to skip the update
CVE_DB_UPDATE_INTERVAL ?= "86400"
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -42,11 +47,17 @@ python do_fetch() {
if os.path.exists(db_file):
os.remove(db_file)
# Don't refresh the database more than once an hour
# The NVD database changes once a day, so no need to update more frequently
# Allow the user to force-update
try:
import time
if time.time() - os.path.getmtime(db_file) < (60*60):
update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
if update_interval < 0:
bb.note("CVE database update skipped")
return
if time.time() - os.path.getmtime(db_file) < update_interval:
return
except OSError:
pass
@@ -54,9 +65,7 @@ python do_fetch() {
# Connect to database
conn = sqlite3.connect(db_file)
c = conn.cursor()
initialize_db(c)
initialize_db(conn)
with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
total_years = date.today().year + 1 - YEAR_START
@@ -85,18 +94,20 @@ python do_fetch() {
return
# Compare with current db last modified date
c.execute("select DATE from META where YEAR = ?", (year,))
meta = c.fetchone()
cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
meta = cursor.fetchone()
cursor.close()
if not meta or meta[0] != last_modified:
# Clear products table entries corresponding to current year
c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close()
# Update db with current year json file
try:
response = urllib.request.urlopen(json_url)
if response:
update_db(c, gzip.decompress(response.read()).decode('utf-8'))
c.execute("insert or replace into META values (?, ?)", [year, last_modified])
update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
@@ -114,21 +125,26 @@ do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
do_fetch[file-checksums] = ""
do_fetch[vardeps] = ""
def initialize_db(c):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
def initialize_db(conn):
with conn:
c = conn.cursor()
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
VERSION_END TEXT, OPERATOR_END TEXT)")
c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
def parse_node_and_insert(c, node, cveId):
c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
VERSION_END TEXT, OPERATOR_END TEXT)")
c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
c.close()
def parse_node_and_insert(conn, node, cveId):
# Parse children node if needed
for child in node.get('children', ()):
parse_node_and_insert(c, child, cveId)
parse_node_and_insert(conn, child, cveId)
def cpe_generator():
for cpe in node.get('cpe_match', ()):
@@ -185,9 +201,9 @@ def parse_node_and_insert(c, node, cveId):
# Save processing by representing as -.
yield [cveId, vendor, product, '-', '', '', '']
c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close()
def update_db(c, jsondata):
def update_db(conn, jsondata):
import json
root = json.loads(jsondata)
@@ -211,12 +227,12 @@ def update_db(c, jsondata):
accessVector = accessVector or "UNKNOWN"
cvssv3 = 0.0
c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
[cveId, cveDesc, cvssv2, cvssv3, date, accessVector])
conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
[cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
configurations = elt['configurations']['nodes']
for config in configurations:
parse_node_and_insert(c, config, cveId)
parse_node_and_insert(conn, config, cveId)
do_fetch[nostamp] = "1"

View File

@@ -0,0 +1,135 @@
From 5f40697e37e195069f55528fc7a1d77e619ad104 Mon Sep 17 00:00:00 2001
From: Dan Tran <dantran@microsoft.com>
Date: Fri, 13 May 2022 13:28:41 -0700
Subject: [PATCH] ncurses 6.3 before patch 20220416 has an out-of-bounds read
and segmentation violation in convert_strings in tinfo/read_entry.c in the
terminfo library.
CVE: CVE-2022-29458
Upstream-Status: Backport
[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870]
Signed-off-by: Gustavo Lima Chaves <gustavo.chaves@microsoft.com>
Signed-off-by: Dan Tran <dantran@microsoft.com>
---
ncurses/tinfo/alloc_entry.c | 14 ++++++--------
ncurses/tinfo/read_entry.c | 25 +++++++++++++++++++------
2 files changed, 25 insertions(+), 14 deletions(-)
diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c
index 4bf7d6c8..b49ad6aa 100644
--- a/ncurses/tinfo/alloc_entry.c
+++ b/ncurses/tinfo/alloc_entry.c
@@ -48,13 +48,11 @@
#include <tic.h>
-MODULE_ID("$Id: alloc_entry.c,v 1.64 2020/02/02 23:34:34 tom Exp $")
+MODULE_ID("$Id: alloc_entry.c,v 1.69 2022/04/16 22:46:53 tom Exp $")
#define ABSENT_OFFSET -1
#define CANCELLED_OFFSET -2
-#define MAX_STRTAB 4096 /* documented maximum entry size */
-
static char *stringbuf; /* buffer for string capabilities */
static size_t next_free; /* next free character in stringbuf */
@@ -71,8 +69,8 @@ _nc_init_entry(ENTRY * const tp)
}
#endif
- if (stringbuf == 0)
- TYPE_MALLOC(char, (size_t) MAX_STRTAB, stringbuf);
+ if (stringbuf == NULL)
+ TYPE_MALLOC(char, (size_t) MAX_ENTRY_SIZE, stringbuf);
next_free = 0;
@@ -108,11 +106,11 @@ _nc_save_str(const char *const string)
* Cheat a little by making an empty string point to the end of the
* previous string.
*/
- if (next_free < MAX_STRTAB) {
+ if (next_free < MAX_ENTRY_SIZE) {
result = (stringbuf + next_free - 1);
}
- } else if (next_free + len < MAX_STRTAB) {
- _nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB);
+ } else if (next_free + len < MAX_ENTRY_SIZE) {
+ _nc_STRCPY(&stringbuf[next_free], string, MAX_ENTRY_SIZE);
DEBUG(7, ("Saved string %s", _nc_visbuf(string)));
DEBUG(7, ("at location %d", (int) next_free));
next_free += len;
diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
index 5b570b0f..23c2cebc 100644
--- a/ncurses/tinfo/read_entry.c
+++ b/ncurses/tinfo/read_entry.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2018-2019,2020 Thomas E. Dickey *
+ * Copyright 2018-2021,2022 Thomas E. Dickey *
* Copyright 1998-2016,2017 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -42,7 +42,7 @@
#include <tic.h>
-MODULE_ID("$Id: read_entry.c,v 1.157 2020/02/02 23:34:34 tom Exp $")
+MODULE_ID("$Id: read_entry.c,v 1.162 2022/04/16 21:00:00 tom Exp $")
#define TYPE_CALLOC(type,elts) typeCalloc(type, (unsigned)(elts))
@@ -145,6 +145,7 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
{
int i;
char *p;
+ bool corrupt = FALSE;
for (i = 0; i < count; i++) {
if (IS_NEG1(buf + 2 * i)) {
@@ -154,8 +155,20 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
} else if (MyNumber(buf + 2 * i) > size) {
Strings[i] = ABSENT_STRING;
} else {
- Strings[i] = (MyNumber(buf + 2 * i) + table);
- TR(TRACE_DATABASE, ("Strings[%d] = %s", i, _nc_visbuf(Strings[i])));
+ int nn = MyNumber(buf + 2 * i);
+ if (nn >= 0 && nn < size) {
+ Strings[i] = (nn + table);
+ TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
+ _nc_visbuf(Strings[i])));
+ } else {
+ if (!corrupt) {
+ corrupt = TRUE;
+ TR(TRACE_DATABASE,
+ ("ignore out-of-range index %d to Strings[]", nn));
+ _nc_warning("corrupt data found in convert_strings");
+ }
+ Strings[i] = ABSENT_STRING;
+ }
}
/* make sure all strings are NUL terminated */
@@ -776,7 +789,7 @@ _nc_read_tic_entry(char *filename,
* looking for compiled (binary) terminfo data.
*
* cgetent uses a two-level lookup. On the first it uses the given
- * name to return a record containing only the aliases for an entry.
+ * name to return a record containing only the aliases for an entry.
* On the second (using that list of aliases as a key), it returns the
* content of the terminal description. We expect second lookup to
* return data beginning with the same set of aliases.
@@ -833,7 +846,7 @@ _nc_read_tic_entry(char *filename,
#endif /* NCURSES_USE_DATABASE */
/*
- * Find and read the compiled entry for a given terminal type, if it exists.
+ * Find and read the compiled entry for a given terminal type, if it exists.
* We take pains here to make sure no combination of environment variables and
* terminal type name can be used to overrun the file buffer.
*/
--
2.36.1

Some files were not shown because too many files have changed in this diff Show More