Compare commits

...

292 Commits

Author SHA1 Message Date
Richard Purdie
6b8a307b78 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: db81e3c7e7f1d4d9eba52ac35ac97627d0240b63)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:43 +00:00
Steve Sakoman
f1292a552f ovmf: fix gcc12 warning for device path handling
Backport [22130dcd98]

Fixes:

In function ?SetDevicePathEndNode?,
    inlined from ?FileDevicePath? at DevicePathUtilities.c:857:5:
DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 [-Werror=stringop-overflow=]
  321 |   memcpy (Node, &mUefiDevicePathLibEndDevicePath, sizeof (mUefiDevicePathLibEndDevicePath));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from UefiDevicePathLib.h:22,
                 from DevicePathUtilities.c:16:
../Include/Protocol/DevicePath.h: In function ?FileDevicePath?:
../Include/Protocol/DevicePath.h:51:9: note: destination object ?Type? of size 1
   51 |   UINT8 Type;       ///< 0x01 Hardware Device Path.
      |         ^~~~

(From OE-Core rev: a33abd759e2e9f41e056f87024de3b333e9b948b)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Steve Sakoman
2e0077aeb8 ovmf: fix gcc12 warning in LzmaEnc
Backport [85021f8cf2]

Fixes:

Sdk/C/LzmaEnc.c: In function ?LzmaEnc_CodeOneMemBlock?:
Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*p.rc.outStream? [-Werror=dangling-pointer=]
 2828 |   p->rc.outStream = &outStream.vt;
      |   ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here
 2811 |   CLzmaEnc_SeqOutStreamBuf outStream;
      |                            ^~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here
Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*(CLzmaEnc *)pp.rc.outStream? [-Werror=dangling-pointer=]
 2828 |   p->rc.outStream = &outStream.vt;
      |   ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here
 2811 |   CLzmaEnc_SeqOutStreamBuf outStream;
      |                            ^~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here
cc1: all warnings being treated as errors

(From OE-Core rev: 25cc13c1016c2565694d0e0959a69c8b91054309)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Steve Sakoman
a9f1e9d277 ovmf: fix gcc12 warning in GenFfs
Backport [7b005f344e]

Fixes:

    GenFfs.c:545:5: error: pointer ?InFileHandle? used after ?fclose? [-Werror=use-after-free]
      545 |     Error(NULL, 0, 4001, "Resource", "memory cannot be allocated  of %s", InFileHandle);
          |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    GenFfs.c:544:5: note: call to ?fclose? here
      544 |     fclose (InFileHandle);
          |     ^~~~~~~~~~~~~~~~~~~~~

(From OE-Core rev: 19da9603f4e7e64d4ffcb6d1e927965dcd161079)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Pavel Zhukov
2dbbcdb7a6 oeqa/rpm.py: Increase timeout and add debug output
[Yocto #14346]
Systemd may be slow in killing pam session sometimes [1][2]. It may cause rpm
test to fail because there's process (sd_pam) running and own by "test1" user
after timeout.
Increasing timeout to 2 mins and assert earlier with debug output if
there's such process(es). If increasing of timeout doesn't help we may
want to force deletion of the user as [2] suggests.

[1] https://github.com/systemd/systemd/issues/8598
[2] https://access.redhat.com/solutions/6969188

(From OE-Core rev: e4d2351a2b5aa0c4d900abc5d75ab5da9b5e1f8a)

Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 972fcc0ed1e0d36c3470071a9c667c5327c1ef78)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Luis
dc9ccb5071 rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
The do_rm_work() task is using the first available 'rm' binary
available in PATH to remove files and folders.
However, depending on the PATH setup and RECIPE_SYSROOT_NATIVE
contents, the function can be using the 'rm' binary available
in RECIPE_SYSROOT_NATIVE, a folder that will get removed.
This causes a sporadic race-condition when trying to access the
'rm' binary of a folder already deleted.
Solve this by exclusively using the HOSTTOOLS 'rm' binary, as
this folder will not get removed.

(From OE-Core rev: 75b7e86c9d9931c9e4e114af026b51710f1920a2)

Signed-off-by: Luis Martins <luis.pinto.martins@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edcd9ad333bc4e504594e8af83e8cb7007d2e35c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Changqing Li
dbe88ee83e base.bbclass: Fix way to check ccache path
The previous code had 2 issues:
1. make hosttools/ccache always link to host's ccache (/usr/bin/ccache)
even we have one buildtools
2. make hosttools/gcc etc, link to host's gcc event we have one
buildtools when keyword ccache in buildtools's path, eg:
/mnt/ccache/bin/buildtools

This patch is for fix above issues.

(From OE-Core rev: f2f70bf8d93b33b65875828c0402a98e943f660a)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b7c81414cf252a7203d95703810a770184d7e4d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Chee Yang Lee
286af7e044 libksba: fix CVE-2022-47629
(From OE-Core rev: e9f2d3e18db0c7b3e6e4ea385f54fbb8a02ad324)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Hitendra Prajapati
95649c2878 grub2: Fix CVE-2022-2601 & CVE-2022-3775
Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency:

font: Fix size overflow in grub_font_get_glyph_internal()
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532

CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph()
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e

CVE-2022-3775: font: Fix an integer underflow in blit_comb()
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af

(From OE-Core rev: 6149febd53b32406dc4b07b1721b3dfbae70723e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Steve Sakoman
fcaac4852d poky.conf: bump version for 3.1.22
(From meta-yocto rev: 8d37dd79d8e87bb50856446dce08d8fd0202f95e)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-09 23:26:03 +00:00
Steve Sakoman
49175a7478 documentation: update for 3.1.22
(From yocto-docs rev: 3dc2c423484585d04f586b721010c129571638c0)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-09 23:26:03 +00:00
Ross Burton
fb6d32853f lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
The /proc/pressure support in buildstats is creating directories in the
buildstats tree called reduced_proc_pressure, which confuses the parsing
logic as that cannot be parsed as a name-epoc-version-revision tuple.

Explicitly skip this directory to solve the problem.

(From OE-Core rev: deb919a693e4371ace649680ca06ca6b6e3da4e2)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 24f0331f0b7e51161b1fa43d4592b491d2037fe9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:34:54 +00:00
Jagadeesh Krishnanjanappa
99d085ecc3 qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
The QB_DEFAULT_KERNEL is set to pick bundled initramfs kernel image
if the Linux kernel image is generated with INITRAMFS_IMAGE_BUNDLE="1".

This makes runqemu to automatically pick bundled initramfs kernel image
instead of explicitly mentioning bundled initramfs kernel image in
runqemu.

[YOCTO #14748]

(From OE-Core rev: 0c63018ef3843cfefd2be31c0a6693181037410d)

Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52371624313184e1a825519160c3833e282df8b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Robert Andersson
4c5d832fe9 go-crosssdk: avoid host contamination by GOCACHE
By default GOCACHE is set to $HOME/.cache.

Same issue for all other go recipes had been fixed by commit 9a6d208b:
[ go: avoid host contamination by GOCACHE ]

but that commit missed go-crosssdk recipe.

(From OE-Core rev: 22fef4e278beae60d1a6afbe4645fb36732bc736)

Signed-off-by: Robert Andersson <robert.m.andersson@atlascopco.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e5fd10c647ac4baad65f9efa964c3380aad7dd10)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Peter Marko
785e988a3d externalsrc: fix lookup for .gitmodules
Commit 0533edac27 broke
bitbake parsing when bitbake is executed from directory with existing .gitmodules
and the recipe in externalsrc does not have .gitmodules

The check needs to search for .gitmodules in sources path, not cwd.

iParsing recipes...ERROR: ExpansionError during parsing <path to recipe>
...
bb.data_smart.ExpansionError: Failure expanding variable do_compile[file-checksums], expression was ${@srctree_hash_files(d)} which triggered exception CalledProcessError: Command '['git', 'config', '--file', '.gitmodules', '--get-regexp', 'path']' returned non-zero exit status 1.

(From OE-Core rev: c58d82b98348b167b60ec3c8b9651d73b1bdfbdc)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 66ff3d1f65cd2e7f5319e98fa41f47a59b714c72)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Chen Qi
2ef094198e bc: extend to nativesdk
bc is needed for compiling kernel modules, more specifially
whenr running `make scripts prepare'.

In linux-yocto.inc, we have bc-native in DEPENDS. But we will
need nativesdk-bc in case we compile a kernel module inside
SDK.

(From OE-Core rev: aab8d528ceeb2ee1ab7cffdeff4007fd66275f1b)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 95b5c89066baccb1e64bfba7d9a66feeeb086da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Joshua Watt
c778df8884 sudo: Use specific BSD license variant
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.

(From OE-Core rev: ff27ea21d7c14086335da5c3e2fac353e44438da)

(From OE-Core rev: 0624c7a77cfc7288fd3154624150b49adce8d8f8)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1596d37ba)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Alexander Kanavin
227c428eb1 tzdata: update 2022d -> 2022g
(From OE-Core rev: 7ce0cd9ef0b40c23be8fe30fa3bb6ef810464fd0)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2394a481db1b41ad4581e22ba901ac76fa7b3dcd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
493d3217dd linux-yocto/5.4: update to v5.4.228
Updating  to the latest korg -stable release that comprises
the following commits:

    851c2b5fb793 Linux 5.4.228
    ff484a9ba449 ASoC: ops: Correct bounds check for second channel on SX controls
    7d4aa0929963 can: mcba_usb: Fix termination command argument
    f843fdcac054 can: sja1000: fix size of OCR_MODE_MASK define
    b439b12d1050 pinctrl: meditatek: Startup with the IRQs disabled
    9796d07c7531 ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    3c837460f920 nfp: fix use-after-free in area_cache_get()
    a40c3c9ae58f block: unhash blkdev part inode when the part is deleted
    176ba4c19d1b mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    69d4f3baa694 x86/smpboot: Move rcu_cpu_starting() earlier
    d1988bf2bba3 net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head
    66bb2e2b24ce Linux 5.4.227
    898270ec11be can: esd_usb: Allow REC and TEC to return to zero
    08bf219d62f5 net: mvneta: Fix an out of bounds check
    6b6d3be3661b ipv6: avoid use-after-free in ip6_fragment()
    f73eb3fc9b41 net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    f0af234e2e55 xen/netback: fix build warning
    99669d94ce14 ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    3295582cd7a5 ipv4: Fix incorrect route flushing when table ID 0 is used
    2537b637eac0 ipv4: Fix incorrect route flushing when source address is deleted
    36eedb9a05a7 tipc: Fix potential OOB in tipc_link_proto_rcv()
    1b6360a093ab net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    e71a46cc8c9a net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    7081cf86e1f6 net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    bc06207b4c1c net: stmmac: fix "snps,axi-config" node property parsing
    7fab7add08f5 nvme initialize core quirks before calling nvme_init_subsystem
    677843470694 NFC: nci: Bounds check struct nfc_target arrays
    e5292711b020 i40e: Disallow ip4 and ip6 l4_4_bytes
    9337d87da417 i40e: Fix for VF MAC address 0
    a1e295517b36 i40e: Fix not setting default xps_cpus after reset
    eec1fc21edc2 net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    ed773dd798bf xen-netfront: Fix NULL sring after live migration
    18e10a9e0e32 net: encx24j600: Fix invalid logic in reading of MISTAT register
    1356c17758b8 net: encx24j600: Add parentheses to fix precedence
    1831d4540406 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    8fb4b50f5436 selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    0834d4b121e7 net: dsa: ksz: Check return value
    2c6cf0afc385 Bluetooth: Fix not cleanup led when bt_init fails
    07ea5d74fc12 Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    c66d78aee55d af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    9d2ee8abf160 igb: Allocate MSI-X vector when testing
    cff8ba243f5f e1000e: Fix TX dispatch condition
    48bd5d3801f6 gpio: amd8111: Fix PCI device reference count leak
    d2be7ba2d47b drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    e2e218177271 ca8210: Fix crash by zero initializing data
    efbca8234aee ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    3982652957e8 can: af_can: fix NULL pointer dereference in can_rcv_filter
    db1ed1b3fb4e HID: core: fix shift-out-of-bounds in hid_report_raw_event
    60bce926a8f3 HID: hid-lg4ff: Add check for empty lbuf
    625814b85f74 HID: usbhid: Add ALWAYS_POLL quirk for some mice
    585a07b82005 drm/shmem-helper: Remove errant put in error path
    b8419d16f47e KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    04edfa3dc06e mm/gup: fix gup_pud_range() for dax
    35963b318219 memcg: fix possible use-after-free in memcg_write_event_control()
    4afc77068e36 media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    91516ba54a02 Revert "net: dsa: b53: Fix valid setting for MDB entries"
    50e1ab7e638f xen/netback: don't call kfree_skb() with interrupts disabled
    6b1d47f9c34b xen/netback: do some code cleanup
    8fe1bf6f32cd xen/netback: Ensure protocol headers don't fall in the non-linear area
    5ffc2a75534d mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    48b00ceb5472 mm/khugepaged: fix GUP-fast interaction by sending IPI
    324abbd8b91c mm/khugepaged: take the right locks for page table retraction
    b2963819d03b net: usb: qmi_wwan: add u-blox 0x1342 composition
    e35c3ad0c208 9p/xen: check logical size for buffer size
    9d5126b574c9 fbcon: Use kzalloc() in fbcon_prepare_logo()
    102459222d41 regulator: twl6030: fix get status of twl6032 regulators
    f2ba66d87385 ASoC: soc-pcm: Add NULL check in BE reparenting
    3b2c064a8e11 btrfs: send: avoid unaligned encoded writes when attempting to clone range
    63badfed2002 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    8d16d3826ff2 regulator: slg51000: Wait after asserting CS pin
    9327a9c624ee 9p/fd: Use P9_HDRSZ for header size
    671f950d17d5 ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    2c2c5d1d10f7 ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    29917e381e02 ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    3f39d53bc731 ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    135fcc458170 ARM: dts: rockchip: fix ir-receiver node names
    368f2c2640be arm: dts: rockchip: fix node name for hym8563 rtc
    4b346f07f064 arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series
    316cdfc48d4d Linux 5.4.226
    3ab84e89135b ipc/sem: Fix dangling sem_array access in semtimedop race
    210f96fb7ed5 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    0390da0565ad proc: proc_skip_spaces() shouldn't think it is working on C strings
    dd3124a051a1 proc: avoid integer type confusion in get_proc_long
    1061bf5d018b mmc: sdhci: Fix voltage switch delay
    9a5f49c0f532 mmc: sdhci: use FIELD_GET for preset value bit masks
    d699373ac5f3 char: tpm: Protect tpm_pm_suspend with locks
    9decec299337 Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    e67e119adf3e x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    0d87bb607036 Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    b5041a3daa7f x86/pm: Add enumeration check before spec MSRs save/restore setup
    3b2859457688 x86/tsx: Add a feature bit for TSX control MSR support
    99c59256ea00 nvme: ensure subsystem reset is single threaded
    dc85ff0a5f32 nvme: restrict management ioctls to admin
    c41a89af7b7a epoll: check for events when removing a timed out thread from the wait queue
    b8e803cda58b epoll: call final ep_events_available() check under the lock
    e65ac2bdda54 tracing/ring-buffer: Have polling block on watermark
    899e148171c6 ipv4: Fix route deletion when nexthop info is not specified
    cc3cd130ecfb ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
    a14f1a9c5313 selftests: net: fix nexthop warning cleanup double ip typo
    8aefb9329522 selftests: net: add delete nexthop route warning test
    dd6d2d82f0be Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
    7da3a10f39c9 parisc: Increase FRAME_WARN to 2048 bytes on parisc
    15568cdbe599 xtensa: increase size of gcc stack frame check
    76f48511a1c8 parisc: Increase size of gcc stack frame check
    cbdd83bd2fd6 iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    0090231df2cf pinctrl: single: Fix potential division by zero
    73dce3c1d48c ASoC: ops: Fix bounds check for _sx controls
    ced17a55a8e7 mm: Fix '.data.once' orphan section warning
    c9ecc420941f arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
    44ccd8c52fb7 arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
    1603feac154f tracing: Free buffers when a used dynamic event is removed
    dcd1daad31ac mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    9e5581c772cf mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    bfdfe86d839f mmc: core: Fix ambiguous TRIM and DISCARD arg
    040d08c99620 mmc: mmc_test: Fix removal of debugfs file
    eb5001ecfb4f pinctrl: intel: Save and restore pins in "direct IRQ" mode
    ae34a4f4a209 x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    9a130b72e6bd nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    3ae3bb33c47e tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    cf1c12bc5c8c error-injection: Add prompt for function error injection
    2f6fd2de726d net/mlx5: DR, Fix uninitialized var warning
    ea5844f946b1 hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    89eecabe6a47 hwmon: (coretemp) Check for null before removing sysfs attrs
    0aacac75b8d6 net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    a7555681e50b sctp: fix memory leak in sctp_stream_outq_migrate()
    168de4096b9c packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    16c244bc65d1 net: tun: Fix use-after-free in tun_detach()
    1c1d4830a960 afs: Fix fileserver probe RTT handling
    53a62c5efe91 net: hsr: Fix potential use-after-free
    ae633816ddf1 dsa: lan9303: Correct stat name
    910c0264b64e net: ethernet: nixge: fix NULL dereference
    2d24d91b9f44 net/9p: Fix a potential socket leak in p9_socket_open
    4720725e22e1 net: net_netdev: Fix error handling in ntb_netdev_init_module()
    3e21f85d87c8 net: phy: fix null-ptr-deref while probe() failed
    f5c2ec288a86 wifi: cfg80211: fix buffer overflow in elem comparison
    06785845e150 qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    78f8a34b375f can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    e4b474fa787c can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    0a2d73a77060 net/mlx5e: Fix use-after-free when reverting termination table
    093ccc2f8450 net/mlx5: Fix uninitialized variable bug in outlen_write()
    b10dd3bd14ec of: property: decrement node refcount in of_fwnode_get_reference_args()
    7b2b67fe1339 hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    45a643783435 hwmon: (i5500_temp) fix missing pci_disable_device()
    dbcc3390015f scripts/faddr2line: Fix regression in name resolution on ppc64le
    2b916ee1d37c iio: light: rpr0521: add missing Kconfig dependencies
    3f566b626029 iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    2d6a437064ff iio: health: afe4403: Fix oob read in afe4403_read_raw
    8eb912af5250 btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    7e88a416ed43 drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
    41f0abeadc09 drm/amdgpu: update drm_display_info correctly when the edid is read
    787138e4b9e1 btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker
    255289adce05 spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    83aae3204e5c btrfs: free btrfs_path before copying inodes to userspace
    9fd11e2de746 fuse: lock inode unconditionally in fuse_fallocate()
    3659e33c1e4f drm/i915: fix TLB invalidation for Gen12 video and compute engines
    0d1cad597199 drm/amdgpu: always register an MMU notifier for userptr
    d4e9bab771aa drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    a541f1f0ce90 btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    d037681515b6 btrfs: free btrfs_path before copying subvol info to userspace
    69e2f1dd93c1 btrfs: free btrfs_path before copying fspath to userspace
    3cde2bc70819 btrfs: free btrfs_path before copying root refs to userspace
    4741b00cac23 binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    4e682ce5601a binder: Address corner cases in deferred copy and fixup
    15e098ab1d3c binder: fix pointer cast warning
    74e7f1828ab4 binder: defer copies of pre-patched txn data
    7b31ab0d9efb binder: read pre-translated fds from sender buffer
    c056a6ba35e0 binder: avoid potential data leakage when copying txn
    f8fee36515f4 dm integrity: flush the journal on suspend
    096e1bd659d8 net: usb: qmi_wwan: add Telit 0x103a composition
    86136bf62387 tcp: configurable source port perturb table size
    07da8fca307e platform/x86: hp-wmi: Ignore Smart Experience App event
    82d758c9daf1 platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    846c0f9cd05b platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    6579436fd1a6 xen/platform-pci: add missing free_irq() in error path
    375e79c57155 serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    e3a2211fe17c ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    3e2452cbc6f6 Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    47b4949335cb gcov: clang: fix the buffer overflow issue
    ecbde4222e6b nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    7d08b4eba1e1 firmware: coreboot: Register bus in module init
    a2012335aa53 firmware: google: Release devices before unregistering the bus
    cb7495fe9575 ceph: avoid putting the realm twice when decoding snaps fails
    12a93545b2ed ceph: do not update snapshot context when there is no new snapshot
    0528b19d5701 iio: pressure: ms5611: fixed value compensation bug
    562f415bb378 iio: ms5611: Simplify IO callback parameters
    def48fbbac1c nios2: add FORCE for vmlinuz.gz
    da849abded31 init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    03949acb58f0 iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    f8a76c28e957 iio: light: apds9960: fix wrong register for gesture gain
    d3ad47426a58 arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    ae6bcb26984b usb: dwc3: exynos: Fix remove() function
    15f8b52523ba lib/vdso: use "grep -E" instead of "egrep"
    960cf3c7ff95 s390/crashdump: fix TOD programmable field size
    fabd3ab6a19d net: thunderx: Fix the ACPI memory leak
    1633e6d6aa82 nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    0e2a4560db77 nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    420b21235d63 s390/dasd: fix no record found for raw_track_access
    9d1264c914d3 dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    08f25427d81a bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    59612acf6b5e regulator: twl6030: re-add TWL6032_SUBCLASS
    1c12909a7820 NFC: nci: fix memory leak in nci_rx_data_packet()
    23b83a3c76b3 xfrm: Fix ignored return value in xfrm6_init()
    23ba1997ebc0 tipc: check skb_linearize() return value in tipc_disc_rcv()
    59f9aad22fd7 tipc: add an extra conn_get in tipc_conn_alloc
    30f91687fa25 tipc: set con sock in tipc_conn_alloc
    5c12136c00b5 net/mlx5: Fix FW tracer timestamp calculation
    00492f823f30 Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    e0d5becab1d0 Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
    ec3d7202e99f nfp: add port from netdev validation for EEPROM access
    9b8061a6dbd0 net: pch_gbe: fix pci device refcount leak while module exiting
    9a39ea43f16a net/qla3xxx: fix potential memleak in ql3xxx_send()
    a07149c10bae net/mlx4: Check retval of mlx4_bitmap_init
    bbf6d1bc077f ARM: mxs: fix memory leak in mxs_machine_init()
    3afa86449ee8 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    bfadcbf5bac5 net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    e00b42cbec15 nfc/nci: fix race with opening and closing
    04ffa53ab7ae net: liquidio: simplify if expression
    79c55e66caa0 ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    897f6a309138 tee: optee: fix possible memory leak in optee_register_device()
    9c1fbac623cb bus: sunxi-rsb: Support atomic transfers
    347875ff9ad4 regulator: core: fix UAF in destroy_regulator()
    556121103170 regulator: core: fix kobject release warning and memory leak in regulator_register()
    c06267652886 ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    168d59f7f72d ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    dd56c671ccca af_key: Fix send_acquire race with pfkey_register
    9221a53bfcba MIPS: pic32: treat port as signed integer
    dff9b25cb977 RISC-V: vdso: Do not add missing symbols to version section in linker script
    b0e025dd87ab arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    0ba7c091f7f1 block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    b848811655db drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    5dfbb54fe115 spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    9029aee8742e wifi: mac80211: Fix ack frame idr leak when mesh has no route
    1f75f9c1af6a audit: fix undefined behavior in bit shift for AUDIT_BIT
    3129cec05f3d wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    b4cb3dc11185 wifi: mac80211: fix memory free error when registering wiphy fail

(From OE-Core rev: f261daa8a04e97bfc932a72deedddbd87209daec)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
6af184a678 linux-yocto/5.4: update to v5.4.225
Updating  to the latest korg -stable release that comprises
the following commits:

    4d2a309b5c28 Linux 5.4.225
    b612f924f296 ntfs: check overflow when iterating ATTR_RECORDs
    0e2ce0954b39 ntfs: fix out-of-bounds read in ntfs_attr_find()
    266bd5306286 ntfs: fix use-after-free in ntfs_attr_find()
    ed8b990e89aa mm: fs: initialize fsdata passed to write_begin/write_end interface
    b1ad04da7fe4 9p/trans_fd: always use O_NONBLOCK read/write
    179236a122a1 gfs2: Switch from strlcpy to strscpy
    8b6534c9ae9d gfs2: Check sb_bsize_shift after reading superblock
    96760723aae1 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    ce57d6474ae9 kcm: close race conditions on sk_receive_queue
    7a704dbfd373 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    ad39d09190a5 kcm: avoid potential race in kcm_tx_work
    78be2ee01124 tcp: cdg: allow tcp_cdg_release() to be called multiple times
    a62aa84fe19e macvlan: enforce a consistent minimal mtu
    4f348b60c796 Input: i8042 - fix leaking of platform device on module removal
    7b0007b28dd9 kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    28f7ff5e7559 scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    ec59a1325230 ring-buffer: Include dropped pages in counting dirty patches
    32a7f0645111 serial: 8250: Flush DMA Rx on RLSI
    e7061dd1fef2 misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    3da7098e8ffa docs: update mediator contact information in CoC doc
    27f712cd47d6 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    616c6695dd42 mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
    076712ff50dc mmc: core: properly select voltage range without power cycle
    1bf8ed585501 scsi: zfcp: Fix double free of FSF request when qdio send fails
    5d53797ce7ce Input: iforce - invert valid length check when fetching device IDs
    89c0c27ab39a serial: 8250_lpss: Configure DMA also w/o DMA filter
    d6ebe11ad322 serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    b545c0e1e409 dm ioctl: fix misbehavior if list_versions races with module loading
    1c5866b4ddec iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    0dd52e141afd iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    7b75515728b6 iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    c025c4505fba usb: chipidea: fix deadlock in ci_otg_del_timer
    8c8039ede2f9 usb: add NO_LPM quirk for Realforce 87U Keyboard
    bec9f91f7b0c USB: serial: option: add Fibocom FM160 0x0111 composition
    1972f20f365d USB: serial: option: add u-blox LARA-L6 modem
    089839cccf82 USB: serial: option: add u-blox LARA-R6 00B modem
    31e6aba26b44 USB: serial: option: remove old LARA-R6 PID
    5ee0a017e52a USB: serial: option: add Sierra Wireless EM9191
    0410c2ae2105 speakup: fix a segfault caused by switching consoles
    6ed6a5dfa3fa slimbus: stream: correct presence rate frequencies
    56607f0bfc9a Revert "usb: dwc3: disable USB core PHY management"
    e7dc436aea80 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    72c2ea34faa1 ring_buffer: Do not deactivate non-existant pages
    f715f31559b8 ftrace: Fix null pointer dereference in ftrace_add_mod()
    c50e0bcf4a1b ftrace: Optimize the allocation for mcount entries
    3041feeedbdd ftrace: Fix the possible incorrect kernel message
    04e9e5eb4551 cifs: add check for returning value of SMB2_set_info_init
    293c0d7182ee net: thunderbolt: Fix error handling in tbnet_init()
    e6546d541206 cifs: Fix wrong return value checking when GETFLAGS
    e109b41870db net/x25: Fix skb leak in x25_lapb_receive_frame()
    e313efddce71 platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized
    813a8dd9c45f drbd: use after free in drbd_create_device()
    0199bf0a8f74 xen/pcpu: fix possible memory leak in register_pcpu()
    aa2ba356507f bnxt_en: Remove debugfs when pci_register_driver failed
    6134357f568e net: caif: fix double disconnect client in chnl_net_open()
    90638373f19f net: macvlan: Use built-in RCU list checking
    83672c1b83d1 mISDN: fix misuse of put_device() in mISDN_register_device()
    8c85770d1ad0 net: liquidio: release resources when liquidio driver open failed
    0f2c681900a0 mISDN: fix possible memory leak in mISDN_dsp_element_register()
    d697f78cab64 net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    bec9ded5404c ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    2ff7e852bd4c arm64: dts: imx8mn: Fix NAND controller size-cells
    bb4a2f898ef7 arm64: dts: imx8mm: Fix NAND controller size-cells
    040f726fecd8 pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    5b3d6d510bb8 parport_pc: Avoid FIFO port location truncation
    f9fe7ba4ea5b siox: fix possible memory leak in siox_device_add()
    6bb50c14c958 block: sed-opal: kmalloc the cmd/resp buffers
    8555c6c1125f ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    b768afc68b10 tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    476b09e07bd5 serial: imx: Add missing .thaw_noirq hook
    b7c6033a8fa3 serial: 8250: omap: Flush PM QOS work on remove
    2d66412563ef serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    747e76f4ccb2 serial: 8250_omap: remove wait loop from Errata i202 workaround
    2ec3f558db34 ASoC: core: Fix use-after-free in snd_soc_exit()
    ee31abd04754 spi: stm32: Print summary 'callbacks suppressed' message
    a39357b4ec86 ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
    1a5f13b0c542 Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
    6fa082ad96d6 btrfs: remove pointless and double ulist frees in error paths of qgroup tests
    741bded210db drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    761976a6175d i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    18a501e5c7a8 NFSv4: Retry LOCK on OLD_STATEID during delegation return
    281b93e42e40 selftests/intel_pstate: fix build for ARCH=x86_64
    2cce0a36cec9 selftests/futex: fix build for clang
    c81ab3d7d1e2 ASoC: codecs: jz4725b: fix capture selector naming
    5b94d1bb1ea2 ASoC: codecs: jz4725b: use right control for Capture Volume
    21b6fbb934b5 ASoC: codecs: jz4725b: fix reported volume for Master ctl
    c9fb6a03112d ASoC: codecs: jz4725b: add missed Line In power control bit
    1719b9c0fb37 spi: intel: Fix the offset to get the 64K erase opcode
    af93d7c9d94c ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    a3b07bb0b3fc ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
    4d487873ba5f ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
    f0901e1551a8 ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
    1fd66e3b02d5 x86/cpu: Restore AMD's DE_CFG MSR after resume
    30b0263d0366 net: tun: call napi_schedule_prep() to ensure we own a napi
    7a6e564ff259 dmaengine: at_hdmac: Check return code of dma_async_device_register
    966dd087de9a dmaengine: at_hdmac: Fix impossible condition
    d6ce23165ccc dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    a5352470299f dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    77b97ef4908a dmaengine: at_hdmac: Don't start transactions at tx_submit level
    3d35e36d7a90 dmaengine: at_hdmac: Fix at_lli struct definition
    ab390c532e3c cert host tools: Stop complaining about deprecated OpenSSL functions
    d0513b095e1e can: j1939: j1939_send_one(): fix missing CAN header initialization
    d8971f410739 udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    c914c56ac058 btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    aa05252ab4b8 platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
    431b70544bb1 drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    9b162e810452 nilfs2: fix use-after-free bug of ns_writer on remount
    36ff974b0310 nilfs2: fix deadlock in nilfs_count_free_blocks()
    b4421e6d9a96 vmlinux.lds.h: Fix placement of '.data..decrypted' section
    022d8696a7dd ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    ded2d51b85e3 ALSA: usb-audio: Add quirk entry for M-Audio Micro
    02dea987ec1c ALSA: hda: fix potential memleak in 'add_widget_node'
    9ab40b1df6ab ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    d51861d2911b mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    d2cf28caf5f1 mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    ae2aeee895ec mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    9fbe02082912 MIPS: jump_label: Fix compat branch range check
    f967bbc72f20 arm64: efi: Fix handling of misaligned runtime regions and drop warning
    c5c0b3167537 riscv: process: fix kernel info leakage
    685e73e3f7a9 net: macvlan: fix memory leaks of macvlan_common_newlink
    d1dddadf4cbb ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    1b7a5651432e net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
    ec8a47afc5ee ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    b03f505c5d1e cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
    834d2da28fd9 net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    834445168191 net: cpsw: disable napi in cpsw_ndo_open()
    3892c2d33573 net/mlx5: Allow async trigger completion execution on single CPU systems
    5b72cf7a4066 net: nixge: disable napi when enable interrupts failed in nixge_open()
    a8aade318d7e perf stat: Fix printing os->prefix in CSV metrics output
    da4daa36ea2e drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
    1d8488732765 dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    7c77e272b4b3 dmaengine: pxa_dma: use platform_get_irq_optional
    36769b947749 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
    afab4655750f can: af_can: fix NULL pointer dereference in can_rx_register()
    58cd7fdc8c1e ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    3ad34145911d drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
    831ea56c3470 hamradio: fix issue of dev reference count leakage in bpq_device_event()
    c7e0024852c3 net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
    5661f111a161 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    08c3d22f1080 net: fman: Unregister ethernet device on removal
    aa94d1a607c7 bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    a5a05fbef4a0 bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    a4f73f6adc53 net: tun: Fix memory leaks of napi_get_frags
    65ad047fd835 net: gso: fix panic on frag_list with mixed head alloc types
    e29289d0d819 HID: hyperv: fix possible memory leak in mousevsc_probe()
    d975bec1eaeb bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    0ede1a988299 wifi: cfg80211: fix memory leak in query_regdb_file()
    1c8d06631749 wifi: cfg80211: silence a sparse RCU warning
    c38ea831691b phy: stm32: fix an error code in probe
    45a841719fe0 xfs: drain the buf delwri queue before xfsaild idles
    e107e953d24d xfs: preserve inode versioning across remounts
    7d57979052c4 xfs: use MMAPLOCK around filemap_map_pages()
    8b27e684a6a9 xfs: redesign the reflink remap loop to fix blkres depletion crash
    ece1eb995787 xfs: rename xfs_bmap_is_real_extent to is_written_extent
    d304fafb978d xfs: preserve rmapbt swapext block reservation from freed blocks

(From OE-Core rev: 0c760227657062eae0a14ddd91e5f8b4654c8cd5)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
2c43a87e79 linux-yocto/5.4: update to v5.4.224
Updating  to the latest korg -stable release that comprises
the following commits:

    771a8acbb841 Linux 5.4.224
    3e0c1ab197eb ipc: remove memcg accounting for sops objects in do_semtimedop()
    a16415c8f156 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    a24bf3c317b2 drm/i915/sdvo: Setup DDC fully before output init
    4dadd4b16178 drm/i915/sdvo: Filter out invalid outputs more sensibly
    57306fef4d10 drm/rockchip: dsi: Force synchronous probe
    e09ff743e30b mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    8b1174d05896 KVM: x86: emulator: update the emulation mode after CR0 write
    ac3bc06c9ac5 KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    f159cd915d73 KVM: x86: emulator: em_sysexit should update ctxt->mode
    ef3094c4e9ee KVM: x86: Mask off reserved bits in CPUID.80000008H
    da1bf3732d0f KVM: x86: Mask off reserved bits in CPUID.8000001AH
    2fa24d0274fb ext4: fix BUG_ON() when directory entry has invalid rec_len
    72743d5598b9 ext4: fix warning in 'ext4_da_release_space'
    eed040fd35e9 parisc: Avoid printing the hardware path twice
    9e902284ee3e parisc: Export iosapic_serial_irq() symbol for serial port driver
    506ae301672e parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    c586068aad62 ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    4e8ee3cf74e2 perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    6ffa48150b9b perf/x86/intel: Fix pebs event constraints for ICL
    fee896d4534f efi: random: reduce seed size to 32 bytes
    0c7275743498 fuse: add file_modified() to fallocate
    0c3e6288da65 capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    4bc52ddf6347 tracing/histogram: Update document for KEYS_MAX size
    c8938263e640 tools/nolibc/string: Fix memcmp() implementation
    993bd0de8b53 kprobe: reverse kp->flags when arm_kprobe failed
    fe3da74428bf tcp/udp: Make early_demux back namespacified.
    4ae03c869c9a btrfs: fix type of parameter generation in btrfs_get_dentry
    27a594bc7a7c binder: fix UAF of alloc->vma in race with munmap()
    bad83d55134e memcg: enable accounting of ipc resources
    92aaa5e8fe90 tcp/udp: Fix memory leak in ipv6_renew_options().
    c494ae149858 block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    6949400ec9fe Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    ad18f624e3da xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster()
    0802130a4d0b xfs: don't fail unwritten extent conversion on writeback due to edquot
    fef141f9e4c1 xfs: group quota should return EDQUOT when prj quota enabled
    4267433dd3d3 xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
    24e7e3935309 xfs: use ordered buffers to initialize dquot buffers during quotacheck
    52802e9a035f xfs: don't fail verifier on empty attr3 leaf block
    71d487a82d2c i2c: xiic: Add platform module alias
    cdd19e559a72 HID: saitek: add madcatz variant of MMO7 mouse device ID
    efdcd1e32c0d scsi: core: Restrict legal sdev_state transitions via sysfs
    70119756311a media: meson: vdec: fix possible refcount leak in vdec_probe()
    bfa8ccf70597 media: dvb-frontends/drxk: initialize err to 0
    11c8f19e0f5a media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    4a449430ecfb media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    381453770f73 ipv6: fix WARNING in ip6_route_net_exit_late()
    b49f6b2f21f5 net, neigh: Fix null-ptr-deref in neigh_table_clear()
    4954b5359eb1 net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    c1f594dddd9f Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    4cd094fd5d87 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
    5d1a47ebf845 btrfs: fix ulist leaks in error paths of qgroup self tests
    6a6731a0df8c btrfs: fix inode list leak during backref walking at find_parent_nodes()
    2c0329406bb2 btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    3d74329d8cff isdn: mISDN: netjet: fix wrong check of device registration
    2ff6b669523d mISDN: fix possible memory leak in mISDN_register_device()
    b13be5e852b0 rose: Fix NULL pointer dereference in rose_send_frame()
    8457a00c981f ipvs: fix WARNING in ip_vs_app_net_cleanup()
    7effc4ce3d14 ipvs: fix WARNING in __ip_vs_cleanup_batch()
    2cc523978f1c ipvs: use explicitly signed chars
    74fd58394670 netfilter: nf_tables: release flow rule object from commit path
    ca791952d42c net: tun: fix bugs for oversize packet when napi frags enabled
    52e042947197 net: sched: Fix use after free in red_enqueue()
    d605da3e5f74 ata: pata_legacy: fix pdc20230_set_piomode()
    704b92c51b64 net: fec: fix improper use of NETDEV_TX_BUSY
    f30060efcf18 nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    aef89b91c7d7 nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    875082ae8329 RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    af8fb5a0600e RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    bbc5d7b46a72 net: dsa: Fix possible memory leaks in dsa_loop_init()
    925cb538bd58 nfs4: Fix kmemleak when allocate slot failed
    0bc335d0100e NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    405309d86021 NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    25760a41e380 IB/hfi1: Correctly move list in sc_disable()
    6b5c87f9b3f8 RDMA/cma: Use output interface for net_dev check
    a0d938496721 Linux 5.4.223
    a0a2a4bdd101 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
    fc0eecb8b457 net: enetc: survive memory pressure without crashing
    69dd3ad406c4 net/mlx5: Fix possible use-after-free in async command interface
    827e36a031e4 net/mlx5e: Do not increment ESN when updating IPsec ESN state
    7dc6ce3ef20f nh: fix scope used to find saddr when adding non gw nh
    ba6ee85355ad net: ehea: fix possible memory leak in ehea_register_port()
    4175d6381f6f openvswitch: switch from WARN to pr_warn
    0667bb60000d ALSA: aoa: Fix I2S device accounting
    5bdea6745341 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    2a47cc2a3d04 PM: domains: Fix handling of unavailable/disabled idle states
    a49e74cc7489 net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    e46f699ac23d i40e: Fix flow-type by setting GL_HASH_INSET registers
    e88c2a1e28c5 i40e: Fix VF hang when reset is triggered on another VF
    28c47fd23c20 i40e: Fix ethtool rx-flow-hash setting for X722
    d303dabe7e03 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    b4a3a01762ae media: v4l2-dv-timings: add sanity checks for blanking values
    d8f479c777b4 media: vivid: dev->bitmap_cap wasn't freed in all cases
    9d6870949c2c media: vivid: s_fbuf: add more sanity checks
    8e1592d41519 PM: hibernate: Allow hybrid sleep to work with s2idle
    77454bc744e2 can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
    f79de6451eaf tcp: fix indefinite deferral of RTO with SACK reneging
    38e451696057 net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    97ad240fd9aa net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    663682cd3192 kcm: annotate data-races around kcm->rx_wait
    e94395e916b4 kcm: annotate data-races around kcm->rx_psock
    f85e54b4f3e5 amd-xgbe: add the bit rate quirk for Molex cables
    71ba2a95663a amd-xgbe: fix the SFP compliance codes check for DAC cables
    fe3fd27083db x86/unwind/orc: Fix unreliable stack dump with gcov
    fda2d07234a2 net: netsec: fix error handling in netsec_register_mdio()
    24b129aed873 tipc: fix a null-ptr-deref in tipc_topsrv_accept
    758dbcc6fbf2 ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    ccaeef126ed1 arc: iounmap() arg is volatile
    fa434a64a4ea drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    29a6902eb076 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    6f3511eb8654 net: ieee802154: fix error return code in dgram_bind()
    11993652d0b4 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    5a2d7c93d9b9 cgroup-v1: add disabled controller check in cgroup1_parse_param()
    3d056d81b93a xen/gntdev: Prevent leaking grants
    8f589b5c0e7b Xen/gntdev: don't ignore kernel unmapping error
    f45ee2038464 xfs: force the log after remapping a synchronous-writes file
    102de7717d63 xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush
    03b449a880d1 xfs: finish dfops on every insert range shift iteration
    3d295076ba4e s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
    344e1cb0bafe s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    4f969d0753bd perf auxtrace: Fix address filter symbol name match for modules
    c78b0dc6fb7f kernfs: fix use-after-free in __kernfs_remove
    7a09c64b7da0 mmc: core: Fix kernel panic when remove non-standard SDIO card
    ed7f1ff87a4a drm/msm/hdmi: fix memory corruption with too many bridges
    f649ed0e1b7a drm/msm/dsi: fix memory corruption with too many bridges
    e7348308f668 mac802154: Fix LQI recording
    5385af2f89bc fbdev: smscufx: Fix several use-after-free bugs
    07ef3be6cae3 iio: light: tsl2583: Fix module unloading
    cb972e6d01ef tools: iio: iio_utils: fix digit calculation
    8f1cd9633d1f xhci: Remove device endpoints from bandwidth list when freeing the device
    914704e0d283 mtd: rawnand: marvell: Use correct logic for nand-keep-config
    5d36037b224d usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
    7b7a0d54333c usb: bdc: change state when port disconnected
    6827b58a957d usb: dwc3: gadget: Don't set IMI for no_interrupt
    9aa025430346 usb: dwc3: gadget: Stop processing more requests on IMI
    035dda2bfd7f USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    e4045fbcd98e ALSA: au88x0: use explicitly signed char
    d853b4380835 ALSA: Use del_timer_sync() before freeing timer
    caea5b20ef9b can: kvaser_usb: Fix possible completions during init_completion
    5437642f91fd can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
    5282d4de783b Linux 5.4.222
    59f89518f510 once: fix section mismatch on clang builds

(From OE-Core rev: a886ee55d6137efbcc194f7c4ba09e3b5c66990b)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
ea69dd1bf5 linux-yocto/5.4: update to v5.4.221
Updating  to the latest korg -stable release that comprises
the following commits:

    b70bfeb98635 Linux 5.4.221
    6bb8769326c4 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    a351077e589d hv_netvsc: Fix race between VF offering and VF association message from host
    2f1b3377b6fc Makefile.debug: re-enable debug info for .S files
    9220881831c3 ACPI: video: Force backlight native for more TongFang devices
    8ad8fc82eee8 riscv: topology: fix default topology reporting
    60dd3dc2acc4 arm64: topology: move store_cpu_topology() to shared code
    724483b585a1 iommu/vt-d: Clean up si_domain in the init_dmars() error path
    dfc0337c6dce net: hns: fix possible memory leak in hnae_ae_register()
    bc8301ea7e7f net: sched: cake: fix null pointer access issue when cake_init() fails
    b87f88d58f1b net: phy: dp83867: Extend RX strap quirk for SGMII mode
    6453077a00c1 net/atm: fix proc_mpc_write incorrect return value
    4258c473ee03 HID: magicmouse: Do not set BTN_MOUSE on double report
    567f8de358b6 tipc: fix an information leak in tipc_topsrv_kern_subscr
    27ee73c1199e tipc: Fix recognition of trial period
    fa0676d94fa4 ACPI: extlog: Handle multiple records
    13a2719ec89f btrfs: fix processing of delayed tree block refs during backref walking
    b397ce347775 btrfs: fix processing of delayed data refs during backref walking
    96894a4fe6b0 r8152: add PID for the Lenovo OneLink+ Dock
    7f6d2188ec33 arm64: errata: Remove AES hwcap for COMPAT tasks
    aae35081633f media: venus: dec: Handle the case where find_format fails
    fd596e7371ac KVM: arm64: vgic: Fix exit condition in scan_its_table()
    383b7c50f544 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
    da9793150297 ata: ahci-imx: Fix MODULE_ALIAS
    c00cdfc9bd76 hwmon/coretemp: Handle large core ID value
    3ea7da6a97d5 x86/microcode/AMD: Apply the patch early on every logical thread
    3064c74198cf ocfs2: fix BUG when iput after ocfs2_mknod fails
    c2489774a2f0 ocfs2: clear dinode links count in case of error
    6391ed32b101 xfs: fix use-after-free on CIL context on shutdown
    ac055fee2544 xfs: move inode flush to the sync workqueue
    d3eb14b8ea26 xfs: reflink should force the log out if mounted with wsync
    05e2b279ead4 xfs: factor out a new xfs_log_force_inode helper
    f1172b08bb8e xfs: trylock underlying buffer on dquot flush
    890d7dfff79d xfs: don't write a corrupt unmount record to force summary counter recalc
    8ebd3ba932df xfs: tail updates only need to occur when LSN changes
    87b8a7fb6263 xfs: factor common AIL item deletion code
    4202b103d382 xfs: Throttle commits on delayed background CIL push
    7a8f95bfb9e3 xfs: Lower CIL flush limit for large logs
    f43ff28b0183 xfs: preserve default grace interval during quotacheck
    553e5c8031f5 xfs: fix unmount hang and memory leak on shutdown during quotaoff
    835306dd3f0c xfs: factor out quotaoff intent AIL removal and memory free
    a1e03f160019 xfs: Replace function declaration by actual definition
    fdce40c8fd92 xfs: remove the xfs_qoff_logitem_t typedef
    926ddf7846ee xfs: remove the xfs_dq_logitem_t typedef
    80f78aa76a17 xfs: remove the xfs_disk_dquot_t and xfs_dquot_t
    4776ae328ccb xfs: Use scnprintf() for avoiding potential buffer overflow
    2f55a0389154 xfs: check owner of dir3 blocks
    15b0651f383f xfs: check owner of dir3 data blocks
    bc013efdcf17 xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails
    6e204b9e67f3 xfs: xfs_buf_corruption_error should take __this_address
    0213ee5f4c93 xfs: add a function to deal with corrupt buffers post-verifiers
    3c88c3c00c97 xfs: rework collapse range into an atomic operation
    3602df3f1f5f xfs: rework insert range into an atomic operation
    7cd181cb2333 xfs: open code insert range extent split helper
    fe18f1af38a7 Linux 5.4.220
    d9fdda5efe76 thermal: intel_powerclamp: Use first online CPU as control_cpu
    c3bb4a7e8cbc inet: fully convert sk->sk_rx_dst to RCU rules
    96e2e21284ca efi: libstub: drop pointless get_memory_map() call
    97238b88583c md: Replace snprintf with scnprintf
    8b766dd70791 ext4: continue to expand file system when the target size doesn't reach
    4a36de894779 net/ieee802154: don't warn zero-sized raw_sendmsg()
    cff6131217e6 Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    1210359a6854 net: ieee802154: return -EINVAL for unknown addr type
    04df9719df18 io_uring/af_unix: defer registered files gc to io_uring release
    f5dd24a66462 perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    036b1f3bca7e clk: bcm2835: Make peripheral PLLC critical
    1eae30c0113d usb: idmouse: fix an uninit-value in idmouse_open
    0d150ccd55db nvmet-tcp: add bounds check on Transfer Tag
    3a3a8d75af4d nvme: copy firmware_rev on each init
    e5d8f05edb36 staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    072b5a41c5f8 Revert "usb: storage: Add quirk for Samsung Fit flash"
    d6afcab1b48f usb: musb: Fix musb_gadget.c rxstate overflow bug
    9fa81cbd2dd3 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    1c00bb624cd0 md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    e30c3a9a8881 HID: roccat: Fix use-after-free in roccat_read()
    81247850b8ab bcache: fix set_at_max_writeback_rate() for multiple attached devices
    7cfc77f4fe1d ata: libahci_platform: Sanity check the DT child nodes number
    16a45e78a687 staging: vt6655: fix potential memory leak
    3376a0cf138d power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    3575949513ea nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    22f49d9d6e04 scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    66de92207600 clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    9181af2dbf06 media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    5dbfcf7b0803 clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    715fe15785b4 btrfs: scrub: try to fix super block errors
    8054f824a725 ARM: dts: imx6sx: add missing properties for sram
    05f789afaf69 ARM: dts: imx6sll: add missing properties for sram
    48d1766b35f3 ARM: dts: imx6sl: add missing properties for sram
    ef4a3baf0042 ARM: dts: imx6qp: add missing properties for sram
    ee239c0340a2 ARM: dts: imx6dl: add missing properties for sram
    82e5191b124a ARM: dts: imx6q: add missing properties for sram
    0b2013ace8df ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    aec01503ba7f mmc: sdhci-msm: add compatible string check for sdm670
    e67c2cda3d60 drm/amdgpu: fix initial connector audio value
    079f64a1ea33 platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
    30a3601c2f59 drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    7de3e3514cab drm/vc4: vec: Fix timings for VEC modes
    8f6cad7c4b68 drm/amd/display: fix overflow on MIN_I64 definition
    cdde55f97298 drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    fb282b4e8aef drm: Use size_t type for len variable in drm_copy_field()
    1d0803b1532d drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    61fd56b0a1a3 r8152: Rate limit overflow messages
    7d6f9cb24d2b Bluetooth: L2CAP: Fix user-after-free
    a76462dbdd8b net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    4037270ea6d6 wifi: rt2x00: correctly set BBP register 86 for MT7620
    2021a5aaf835 wifi: rt2x00: set SoC wmac clock register
    f9c053c3e4e9 wifi: rt2x00: set VGC gain for both chains of MT7620
    0facbe608305 wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    2f383edcb703 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    fdcc57ef8c1f can: bcm: check the result of can_send() in bcm_can_tx()
    6e85d2ad958c Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    776f33c12fdb Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    49c742afd60f wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    18373ed500f7 xfrm: Update ipcomp_scratches with NULL when freed
    2c485f4f2a64 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    42d579d91051 tcp: annotate data-race around tcp_md5sig_pool_populated
    ce25d7caf35d openvswitch: Fix overreporting of drops in dropwatch
    a7fe12cea515 openvswitch: Fix double reporting of drops in dropwatch
    06d73f4e6bd6 bpftool: Clear errno after libcap's checks
    56a0ac486341 wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    38ca9ece960d NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    5a646c38f648 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
    49a6ffdaed60 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    ac84b26a1689 MIPS: BCM47XX: Cast memcmp() of function to (void *)
    13f4d3665bf6 ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    c5ed3a378978 f2fs: fix race condition on setting FI_NO_EXTENT flag
    584561e94260 crypto: cavium - prevent integer overflow loading firmware
    00791e017b5f kbuild: remove the target in signal traps when interrupted
    d59d36aa4c3f iommu/iova: Fix module config properly
    0f224fde6324 crypto: ccp - Release dma channels before dmaengine unrgister
    95c4e20adc3e crypto: akcipher - default implementation for setting a private key
    4010a1afaae1 iommu/omap: Fix buffer overflow in debugfs
    b32a285998d4 cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    3317c7d211ef powerpc: Fix SPE Power ISA properties for e500v1 platforms
    6191f0310ebf powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    f11bce700b7a x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    828d19038019 powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    0a5cee97c017 powerpc/pci_dn: Add missing of_node_put()
    1535e14731e9 powerpc/sysdev/fsl_msi: Add missing of_node_put()
    85d23c49336c powerpc/math_emu/efp: Include module.h
    e77a85c3fbfd mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    f28eec40785e clk: ast2600: BCLK comes from EPLL
    fc39ebf85d03 clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    111369bb8cd9 clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    2ee652f072cf spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    1ea4efc09fee dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
    8498490b3c91 clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    8542422192d0 mfd: sm501: Add check for platform_driver_register()
    f95ba4aab698 mfd: fsl-imx25: Fix check for platform_get_irq() errors
    6804b4fedee2 mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
    595d077f3cf5 mfd: lp8788: Fix an error handling path in lp8788_probe()
    b75f4912b371 mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    1f4f8b6adb3d mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
    b6c2c3059e72 fsi: core: Check error number after calling ida_simple_get
    117331a2a522 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    558a9fcb6ce7 serial: 8250: Fix restoring termios speed after suspend
    c969316eeefb firmware: google: Test spinlock on panic path to avoid lockups
    88b9cc60f26e staging: vt6655: fix some erroneous memory clean-up loops
    83d11dd92a51 phy: qualcomm: call clk_disable_unprepare in the error handling
    29b897ac7b99 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    744c2d33a88b drivers: serial: jsm: fix some leaks in probe
    9fe0a8c0694c usb: gadget: function: fix dangling pnp_string in f_printer.c
    59e3d41265f3 xhci: Don't show warning for reinit on known broken suspend
    f8ba29ae237e md/raid5: Ensure stripe_fill happens on non-read IO with journal
    9b881a2ca0c6 mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    22830560eb2f ata: fix ata_id_has_dipm()
    10d52d8dd1cb ata: fix ata_id_has_ncq_autosense()
    99e7e6445154 ata: fix ata_id_has_devslp()
    6ea4b3303abf ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    e09caa38e10b RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    b21b0d17ad99 mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    3ca6939b5d1a dyndbg: let query-modname override actual module name
    ad0a65517cff dyndbg: fix module.dyndbg handling
    fc797285c40a misc: ocxl: fix possible refcount leak in afu_ioctl()
    7ed37be3a2ce RDMA/rxe: Fix the error caused by qp->sk
    0d773c58d702 RDMA/rxe: Fix "kernel NULL pointer dereference" error
    59b315353252 media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    80a955dabb82 tty: xilinx_uartps: Fix the ignore_status
    3e77ac46f290 media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    3baf53328aee HSI: omap_ssi_port: Fix dma_map_sg error check
    aa9c0598b109 HSI: omap_ssi: Fix refcount leak in ssi_probe
    5d9fb09612de clk: tegra20: Fix refcount leak in tegra20_clock_init
    5984b1d66126 clk: tegra: Fix refcount leak in tegra114_clock_init
    6d3ac23b952f clk: tegra: Fix refcount leak in tegra210_clock_init
    aa3898dec1b6 clk: berlin: Add of_node_put() for of_get_parent()
    fcaff9bc6bbc clk: oxnas: Hold reference returned by of_get_parent()
    ad3a056982b7 clk: meson: Hold reference returned by of_get_parent()
    633c574e0f8b iio: ABI: Fix wrong format of differential capacitance channel ABI.
    0111032d9a02 iio: inkern: only release the device node when done with it
    246af4216379 iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    46778752bbd5 iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    d50e3817a4b6 iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    c29c3d32bd01 ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    e00480d42b1a ARM: Drop CMDLINE_* dependency on ATAGS
    fcad2eef0030 ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    6858d8599c65 ARM: dts: kirkwood: lsxl: remove first ethernet port
    d45424d980e8 ARM: dts: kirkwood: lsxl: fix serial line
    1edbceda073d ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    673db1cf4db8 soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    1e3ed59370c7 soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    85a40bfb8e7a memory: of: Fix refcount leak bug in of_get_ddr_timings()
    b37f4a711e5d memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    56c4299f7670 ALSA: hda/hdmi: Don't skip notification handling during PM operation
    45387ca42277 ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    371d4dbece4d ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    aa182988c0e6 ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    28a12e24d125 mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    93c86281838c ALSA: dmaengine: increment buffer pointer atomically
    6c85495e5882 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    c240431717d6 ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    9e421bd9fd29 mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    9d7af9b1624d drm/omap: dss: Fix refcount leak bugs
    0c55618aaad3 ALSA: hda: beep: Simplify keep-power-at-enable behavior
    3ac2045d0419 ASoC: rsnd: Add check for rsnd_mod_power_on
    1daf69228e31 drm/bridge: megachips: Fix a null pointer dereference bug
    b33b60afa53c drm: fix drm_mipi_dbi build errors
    a367b7a96a5e platform/x86: msi-laptop: Fix resource cleanup
    a9b32c9fe56d platform/x86: msi-laptop: Fix old-ec check for backlight registering
    e548f9503c4b platform/chrome: fix memory corruption in ioctl
    783c1c5000e8 platform/chrome: fix double-free in chromeos_laptop_prepare()
    8242167cfc83 drm/mipi-dsi: Detach devices when removing the host
    4d4a58c9d4db drm: bridge: adv7511: fix CEC power down control register offset
    72c0d361940a net: mvpp2: fix mvpp2 debugfs leak
    131287ff833d once: add DO_ONCE_SLOW() for sleepable contexts
    03ac583eefc9 net/ieee802154: reject zero-sized raw_sendmsg()
    71e0ab5b7598 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    360aa7219285 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
    3625b684a285 tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    382ff4471660 sctp: handle the error returned from sctp_auth_asoc_init_active_key
    466ed722f205 mISDN: fix use-after-free bugs in l1oip timer handlers
    e6d0152c9510 vhost/vsock: Use kvmalloc/kvfree for larger packets.
    c202ad048f50 spi: s3c64xx: Fix large transfers with DMA
    60a7496b40e8 netfilter: nft_fib: Fix for rpath check with VRF devices
    610798a58e72 spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    1d8c928ed729 x86/microcode/AMD: Track patch allocation size explicitly
    215c146b4021 bpf: Ensure correct locking around vulnerable function find_vpid()
    4017e91ff25d net: fs_enet: Fix wrong check in do_pd_setup
    08a441a4ad54 wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    e0bab93245b6 bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    374dd4e51966 wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    df0b024ade10 spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
    026ffbb07f8f spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    321c51aa59df wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    7993680752bb x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
    bbe293db7e67 bpftool: Fix a wrong type cast in btf_dumper_int
    9ee70c3cb4f8 wifi: mac80211: allow bw change during channel switch in mesh
    4494ec1c0bb8 wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    acc393aecda0 nfsd: Fix a memory leak in an error handling path
    d7f1e7af1ef4 ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    5abd2626ca37 sh: machvec: Use char[] for section boundaries
    c0f4be8303d0 userfaultfd: open userfaultfds with O_RDONLY
    29d0c45cf16e tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    b0c2e34be932 selinux: use "grep -E" instead of "egrep"
    56ee9577915d drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    16435e58e57c gcov: support GCC 12.1 and newer compilers
    b6094c482935 KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    764478646115 KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    45779be5ced6 KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    c3a98fc6c2f2 media: cedrus: Set the platform driver data earlier
    3cf2ef86e01a ring-buffer: Fix race between reset page and reading page
    7e06ef0345ea ring-buffer: Check pending waiters when doing wake ups as well
    cc1f35733c19 ring-buffer: Have the shortest_full queue be the shortest not longest
    22707f033d8e ring-buffer: Allow splice to read previous partially read pages
    e755b65a4727 ftrace: Properly unset FTRACE_HASH_FL_MOD
    f66de70930f7 livepatch: fix race between fork and KLP transition
    1211121f0e73 ext4: place buffer head allocation before handle start
    52c7b8d3b75e ext4: make ext4_lazyinit_thread freezable
    3638aa1c7d87 ext4: fix null-ptr-deref in ext4_write_info
    a22f52d88331 ext4: avoid crash when inline data creation follows DIO write
    21ea616f1e59 jbd2: wake up journal waiters in FIFO order, not LIFO
    d1c2d820a2cd nilfs2: fix use-after-free bug of struct nilfs_root
    c99860f9a750 f2fs: fix to do sanity check on summary info
    68b1e607559d f2fs: fix to do sanity check on destination blkaddr during recovery
    c5d8198ce863 f2fs: increase the limit for reserve_root
    26b7c0ac49a3 btrfs: fix race between quota enable and quota rescan ioctl
    3742e9fd552e fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    52895c495b62 powerpc/boot: Explicitly disable usage of SPE instructions
    e3f7e99337c6 PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    cd251d39b134 UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    08f03b333c4f riscv: Pass -mno-relax only on lld < 15.0.0
    c61f553ba87c riscv: Allow PROT_WRITE-only mmap()
    09058e5ef7c1 parisc: fbdev/stifb: Align graphics memory size to 4MB
    2c60db6869fe RISC-V: Make port I/O string accessors actually work
    14c06375c853 regulator: qcom_rpm: Fix circular deferral regression
    79b7547eeb37 ASoC: wcd9335: fix order of Slimbus unprepare/disable
    6927ee818fe1 quota: Check next/prev free block number after reading from quota file
    4cf9233eb175 HID: multitouch: Add memory barriers
    477ac1d57f60 fs: dlm: handle -EBUSY first in lock arg validation
    d3961f732d85 fs: dlm: fix race between test_bit() and queue_work()
    4352db1e330a mmc: sdhci-sprd: Fix minimum clock limit
    fbefc5cce481 can: kvaser_usb_leaf: Fix CAN state after restart
    9948b80910e2 can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    76d9afd30ef3 can: kvaser_usb_leaf: Fix overread with an invalid command
    953bb1dfea88 can: kvaser_usb: Fix use of uninitialized completion
    42f7d9339612 usb: add quirks for Lenovo OneLink+ Dock
    37daa23f2850 iio: pressure: dps310: Reset chip after timeout
    228348a9fe5f iio: pressure: dps310: Refactor startup procedure
    974c1f15ac9a iio: dac: ad5593r: Fix i2c read protocol requirements
    d0050ec3ebbc cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    bd09adde6771 cifs: destage dirty pages before re-reading them for cache=none
    8298f20e1149 mtd: rawnand: atmel: Unmap streaming DMA mappings
    8d763c8e6cdb ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    4c354105176f ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    a943c4a16bfb ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    19731649623b ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    121fadc0cae5 ALSA: usb-audio: Fix NULL dererence at error path
    988ec0cd0a26 ALSA: usb-audio: Fix potential memory leaks
    de7d80d0fe10 ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    afb507303ea9 ALSA: oss: Fix potential deadlock at unregistration

(From OE-Core rev: d066c78c0946f76b3a0a6720b41b3c865dbba012)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Quentin Schulz
6e97ceb858 cairo: update patch for CVE-2019-6461 with upstream solution
Upstream went with something slightly different so let's update the
patch so we don't have to carry a patch that isn't going to be merged.

This patch is part of snapshot 1.17.6.

Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: d40dbaf85511f074fde32b22dc864b856976d7c8)

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 19eb1e388fbbe5bfb8462710c745f2bb5446b5b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Minjae Kim
2f3d5da3b0 ppp: fix CVE-2022-4603
<CVE-2022-4603>
Avoid out-of-range access to packet buffer
Upstream-Status: Backport[a75fb7b198]

(From OE-Core rev: 7f33a49f7aaae67288389eacbe8b13318694e07c)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Vivek Kumbhar
d3a522d857 qemu: fix CVE-2021-3507 fdc heap buffer overflow in DMA read data transfers
(From OE-Core rev: 39a9f2056d4794dc75390b9a4a903c1745545095)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Vivek Kumbhar
f5b71296f7 libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of xcb_disp.c
(From OE-Core rev: f17a61d12ceb5be203e1a1af9125bb61673a8b41)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Vivek Kumbhar
0a61076d20 rsync: fix CVE-2022-29154 remote arbitrary files write inside the directories of connecting peers
(From OE-Core rev: d92312146832cd14963422b8c14b2f2c409821c7)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:14 +00:00
Vivek Kumbhar
da2f8dd755 go: fix CVE-2022-41717 Excessive memory use in got server
(From OE-Core rev: a483f182676d87b7035e37fac8e21226fbd9fd63)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:14 +00:00
Hitendra Prajapati
16b4b0bd4b grub2: CVE-2022-28735 shim_lock verifier allows non-kernel files to be loaded
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53

(From OE-Core rev: 17c3c6ce685ef5b8ff4266154ac830210b234708)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:14 +00:00
Richard Purdie
d0a8cd82f6 oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
We've seen two different regressions in this API since it is used by
layer-index but not be the core code. Add a test for it to try and
ensure we don't break it again.

(From OE-Core rev: cc8ec63310f9a936371ea1070cb257c926808755)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b07de5de43ec9c9a2c5d496a64940ccdc5b47cf8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:45 +00:00
Chen Qi
e0919b7a16 psplash: consider the situation of psplash not exist for systemd
In current psplash framework, the psplash might not exist at all.
For example, in case DSITRO is set to nodistro, the psplash does
not exist.

In our psplash recipe, we have:
SPLASH_IMAGES = "file://psplash-poky-img.h;outsuffix=default"
This variable is parsed to if psplash-poky-img.h exists, a package
named psplash-default is created and is added to RDEPENDS:${PN}.

We can see that the psplash-poky-img.h resides in meta-poky,
and in psplash_git.bbappend file in meta-poky, we have:
FILESEXTRAPATHS:prepend:poky := "${THISDIR}/files:"
So this file is only available in case poky distro is used.

To fix this issue, add condition check in the corresponding systemd
services.

(From OE-Core rev: bf9cb1a3d68da6463195f79caf8baf94cd01a30a)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7a62ff9ed39c179d2b9b0c40f4f8423ced413063)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Alexey Smirnov
df2f9f09d7 classes: make TOOLCHAIN more permissive for kernel
Currently TOOLCHAIN is strictly set to gcc in kernel-arch.bbclass.
And this prevents any TOOLCHAIN changes for any kernel recipe.
This change makes TOOLCHAIN configurable as usual.

(From OE-Core rev: 7d45d4696970c45534b905dc7a65418073108f97)

Signed-off-by: Alexey Smirnov <pyih.soft@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit be1634fc35dcc81f0301d942064a6eed584e0704)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Harald Seiler
8b710efc2a opkg: Set correct info_dir and status_file in opkg.conf
Distros can customize the location of OPKG data using OPKGLIBDIR.  In
OE-Core commit 11f1956cf5d7 ("package_manager.py: define info_dir and
status_file when OPKGLIBDIR isn't the default"), a fix was applied to
correctly set the info_dir and status_file options relative to
OPKGLIBDIR.

However, as the commit message notes, the opkg.conf file deployed as
part of the opkg package must also be adjusted to correctly reflect the
changed location.  Otherwise, opkg running inside the image cannot find
its data.

Fix this by also setting the info_dir and status_file options in
opkg.conf to the correct location relative to OPKGLIBDIR.

Fixes: 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default")
(From OE-Core rev: 38224b19bda2592705ef4274c28cb250d9e980dc)

Signed-off-by: Harald Seiler <hws@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit adb939ae3635de6e02208859fbf29cf0ed39f565)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Qiu, Zheng
eae8d7d3a2 vim: upgrade 9.0.0820 -> 9.0.0947
Includes fixes for CVE-2022-4141
https://nvd.nist.gov/vuln/detail/CVE-2022-4141

For a short list of important changes, see:
https://www.arp242.net/vimlog/

(From OE-Core rev: 64c323a444f43a7c7b3390720c4d1eafa3b982ac)

Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 160f459febc7fb36cc0fe85c63eb26780ace3bfd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Pawan Badganchi
15d8a11b99 python3: Fix CVE-2022-37454
Add below patch to fix CVE-2022-37454

CVE-2022-37454.patch
Link: https://security-tracker.debian.org/tracker/CVE-2022-37454
Link: 948c679471

(From OE-Core rev: 6a8ef6cc3604008860dcb6aa5d7155b914d7c391)

Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Hitendra Prajapati
893481f07a golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
Upstream-Status: Backport from e9017c2416

(From OE-Core rev: 2470c52db633f206dbfcd049fcca828d1ff5f82a)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Lee Chee Yang
9b1d9ad3b4 dropbear: fix CVE-2021-36369
(From OE-Core rev: c0e44595555a81d1a1cd206c2235cbc419d02bd1)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Hitendra Prajapati
0ca0313980 sysstat: fix CVE-2022-39377
(From OE-Core rev: 2e770eb2213f3d5ff25a75467395ed4738c756ea)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Hitendra Prajapati
3ff484966d libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c
Upstream-Status: Backport from bff38efe8c

(From OE-Core rev: c39fd8264ac623f3cfb26305420b527dd9c4c891)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Mathieu Dubois-Briand
b4fc8a65f5 curl: Fix CVE CVE-2022-35260
(From OE-Core rev: fe81ee17a2dc9924178fdd98614ed9e264204492)

Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Riyaz Khan
80e00ba9b9 rpm: Fix rpm CVE CVE-2021-3521
Links:
Dependent Patches:
CVE-2021-3521-01
b5e8bc74b2
CVE-2021-3521-02
9f03f42e26
CVE-2021-3521-03
5ff86764b1
CVE-2021-3521
bd36c5dc9f

(From OE-Core rev: ddb4f775a86855e4ddc6c0d0d1f24a55e0ecbfe0)

Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Minjae Kim
cc26cf0eb4 xserver-xorg: backport fixes for CVE-2022-3550, CVE-2022-3551 and CVE-2022-3553
<CVE-2022-3550>
xkb: proof GetCountedString against request length attacks
Upstream-Status: Backport [https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e]

<CVE-2022-3551>
xkb: fix some possible memleaks in XkbGetKbdByName
Upstream-Status: Backport [https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2]

<CVE-2022-3553>
xquartz: Fix a possible crash when editing the Application
menu due to mutaing immutable arrays
Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3]

(From OE-Core rev: 081ac12677096886b25023a03df06b99585ef18c)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Ravula Adhitya Siddartha
eb5651b443 linux-yocto/5.4: update genericx86* machines to v5.4.219
(From meta-yocto rev: 1a19e6d4eae26106378d28153db1fd44804770f1)

Signed-off-by: Ravula Adhitya Siddartha <adhityax.siddartha.ravula@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-19 16:40:41 +00:00
Michael Opdenacker
3155eb565f dev-manual: update session about multiconfig
Aligning with contents from the "master" branch.
[YOCTO #14980]

(From yocto-docs rev: 4961ddc9848f6569307107c10ff132532944ccaa)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-08 10:52:00 +00:00
Chen Qi
fb5a8ed05e kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
Currently, the KERNEL_DEBUG_TIMESTAMPS is not working as expected
at rebuild. That is, even if we set it to "1", the kernel build time
is not changed. The problem could be reproduced by the following steps.
  1. bitbake core-image-minimal; start image and check `uname -a` output.
  2. set in local.conf: KERNEL_DEBUG_TIMESTAMPS = "1"
  3. bitbake core-image-minimal; start image and check `uname -a` output.

It's expected that after enabling KERNEL_DEBUG_TIMESTAMPS, the kernel
build time will be set to current date. But it's not. This is because
the compile.h was not re-generated when do_compile task was re-executed.

In mkcompile_h, we have:
"""
 # Only replace the real compile.h if the new one is different,
 # in order to preserve the timestamp and avoid unnecessary
 # recompilations.
 # We don't consider the file changed if only the date/time changed,
 # unless KBUILD_BUILD_TIMESTAMP was explicitly set (e.g. for
 # reproducible builds with that value referring to a commit timestamp).
 # A kernel config change will increase the generation number, thus
 # causing compile.h to be updated (including date/time) due to the
 # changed comment in the
 # first line.
"""
It has made it very clear that it will not be re-generated unless
we have KBUILD_BUILD_TIMESTAMP set explicitly. So we set this variable
explicitly in do_compile to fix this issue.

(From OE-Core rev: e44f0cda8176186d42a752631810c1cb5f1971eb)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1b68c2d2d385013a1c535ef81172494302a36d74)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Mike Crowe
f7ecae8d15 kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE
In 526bdd88ccd758204452579333ba188e29270bde the imageType loop in
kernel_do_deploy was changed to use KERNEL_IMAGETYPE_FOR_MAKE rather
than KERNEL_IMAGETYPES. This broke the special handling for fitImage
immediately below because KERNEL_IMAGETYPE_FOR_MAKE never contains
fitImage.

It has always been my understanding that KERNEL_IMAGETYPE_FOR_MAKE
controlled what was passed to make, but KERNEL_IMAGETYPE controlled what
was installed/deployed. When the two are different then it's the
responsibility of whoever set KERNEL_IMAGETYPE_FOR_MAKE to ensure that
whatever comes out of the kernel build system has been transformed in to
the requested form by the time of installation. This is what happens for
kernel.bbclass's own support for vmlinux.gz.

I think this means that for KERNEL_IMAGETYPE vmlinux.gz, kernel.bbclass
is responsible for generating vmlinux.gz.initramfs[1] so that
kernel_do_deploy can deploy it. This means that the change in
526bdd88ccd758204452579333ba188e29270bde can be reverted, fixing
KERNEL_IMAGETYPE = "fitImage".

In addition, it ought to be possible for recipes and other classes that
use kernel.bbclass to hook into this mechanism by setting
KERNEL_IMAGETYPE_FOR_MAKE and performing their own transformations.

do_bundle_initramfs calls kernel_do_compile and we don't want it to
transform vmlinux to vmlinux.gz at that point, since it will fight
against the careful renaming and preserving that do_bundle_initramfs
does. Let's separate the transformation out of kernel_do_compile to a
new do_transform_kernel task that can be run at the right time. This
means that it's also logical to perform the equivalent translation for
the kernel with the initramfs in a separate
do_transform_bundled_initramfs task too.

This leaves two clear customisation points for recipes and other classes
to hook into the process and perform their transformations:
do_transform_kernel and do_transform_bundled_initramfs.

(I care about this because our recipes that use kernel.bbclass also set
KERNEL_IMAGETYPE_FOR_MAKE and transform vmlinux into a form suitable for
our bootloader after do_compile and do_bundle_initramfs into the format
matching KERNEL_IMAGETYPE. I'm unable to successfully bundle an
initramfs after 526bdd88ccd758204452579333ba188e29270bde, but I didn't
want to just revert that change to reintroduce the bug that it was
fixing.)

I can't say that I'm entirely happy with this change, but I'm unsure
what to do to improve it. I find the way that both the bare kernel and
the one with the initramfs both get deployed to be confusing, and a
waste of build time. I would like to not actually generate a publishable
kernel image at all during do_compile when an initramfs is in use, but I
suspect that this would affect valid use cases that I'm not aware of.

(From OE-Core rev: d9e9653616638f2b187d5e04540071ac34d99f56)

Signed-off-by: Mike Crowe <mac@mcrowe.com>

[1] It could be argued that this should be vmlinux.initramfs.gz, but
that would require another special case in kernel_do_deploy and the
filename is only visible within this class and the recipes that use it
anyway.

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 10a4a132e87e835726bf5da81a60f6f509b90765)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Wang Mingyu
8e544b6e34 mobile-broadband-provider-info: upgrade 20220725 -> 20221107
(From OE-Core rev: 5d1add59695baf597ff52ae97844572215fa325b)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7e12fa1e6250fc358ba159a6b626458d871f7ccf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Dmitry Baryshkov
5e17b15094 linux-firmware: upgrade 20221012 -> 20221109
License-Update: additional files
(From OE-Core rev: bb804245dea980796e8f861fabef46cf3572e462)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6940f297243a66bd58d6adee7d690bcee9b9ccb2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Alexander Kanavin
d4836ffd14 linux-firmware: upgrade 20220913 -> 20221012
License-Update: copyright years, additional firmwares

(From OE-Core rev: 2e31e08b5792828d7969f9642190b24e56319ab7)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9f658c724b6635e5745f30b25601bcc51a004be4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Vivek Kumbhar
5a4433a52b qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead to guest crash
Upstream-Status: Backport [1ab95af033]

(From OE-Core rev: 1523fcbb6fef60d30c07377673fca265c5c9781c)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ross Burton
44c4df6fba pixman: backport fix for CVE-2022-44638
(From OE-Core rev: 1d2e131d9ba55626354264d454b2808e84751600)

(From OE-Core rev: fe5a5009939f056ff4d9d3426832d0b67a668ed6)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 23df4760ebc153c484d467e51b414910c570a6f8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37595eeddf)
Signed-off-by: Bhabu Bindu <bindu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Manuel Leonhardt
a1323a9e67 sstate: Account for reserved characters when shortening sstate filenames
Previously, when shortening sstate filenames, the reserved
characters for .siginfo were not considered, when siginfo=False,
resulting in differently shortend filenames for the sstate and siginfo
files. With this change, the filenames of the truncated sstate and
siginfo files have the same basename, just as is already the case for
untruncated filenames.

Making sure that the .siginfo files always have the filename of the
corresponding sstate file plus its .siginfo suffix, also when being
truncated, makes it easier to manage the sstate cache and an sstate
mirror outside of Bitbake/Yocto.

(From OE-Core rev: 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba)

Signed-off-by: Manuel Leonhardt <mleonhardt@arri.de>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c2e0e43b7123cf5149833e0072c8edaea3629112)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Tim Orling
4caa67f395 vim: upgrade 9.0.0614 -> 9.0.0820
Includes fixes for CVE-2022-3705
https://nvd.nist.gov/vuln/detail/CVE-2022-3705

For a short list of important changes, see:
https://www.arp242.net/vimlog/

(From OE-Core rev: 3251dc441a31b2d4d7acb690bd6db13f0f99a1d0)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Steve Sakoman
417fef99f2 maintainers: update gcc version to 9.5
SIgned-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Sundeep KOKKONDA
f86814103a gcc: upgrade to v9.5
gcc stable version upgraded from v9.3 to v9.5

Below is the bug fix list for v9.5
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=9.5

(From OE-Core rev: 698c3323fd95592e815345acd9070e5089a1bd00)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
4104d39151 golang: ignore CVE-2022-30630
The CVE is in the io/fs package, which first appeared in go1.16.
Since dunfell is using go1.14, this issue does not apply.

CVE was fixed in fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
Original code in b64202bc29b9c1cf0118878d1c0acc9cdb2308f6

(From OE-Core rev: 1e258940e9a6fabda6e7e60841082c113fdf9500)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
d6dd3b49bd golang: ignore CVE-2022-30580
Only affects Windows platform, as per the release announcement [1]:

"If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput
are executed when Cmd.Path is unset and, in the working directory, there
are binaries named either "..com" or "..exe", they will be executed."

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

(From OE-Core rev: 54c40730bc54aa2b2c12b37decbcc99bbcafd07a)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
d9cfb16b8b golang: ignore CVE-2021-41772
Dunfell uses golang 1.14 which does not contain the affected code (it
was introduced in golang 1.16). From the golang announcement [1]

"Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can
be made to panic by an attacker providing either a crafted ZIP archive
containing completely invalid names or an empty filename argument.

[1] https://groups.google.com/g/golang-announce/c/0fM21h43arc

(From OE-Core rev: 2329902f994b631d6b77e8bd501d5599db6d5306)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
122b22b366 golang: ignore CVE-2021-33194
This is a bug in golang.org/x/net/html/parse.go. The golang compiler
includes a partial copy of this under src/vendor/golang.org/x/net/
however the "html" subdirectory is not included. So this bug does not
apply to the compiler itself.

(From OE-Core rev: b8a851faef9990ccb41ded875fc79cf28abd4a4e)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
e4a273eb58 golang: ignore CVE-2022-29804
The issue only affects Windows per the golang announcement [1]:

On Windows, the filepath.Clean function could convert an invalid path to
a valid, absolute path. For example, Clean(`.\c:`) returned `c:`.

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg

(From OE-Core rev: bca720eca95929752436b56aa01e7fddfa1c834f)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
cf0e66cf7a golang: fix CVE-2022-28327
Upstream-Status: Backport [7139e8b024]
CVE: CVE-2022-28327
(From OE-Core rev: aab2a343be4b0b21dcaf22a7fbf77007d48c08d6)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
40df9e039a golang: fix CVE-2022-28131
Upstream-Status: Backport [58facfbe7d]
CVE: CVE-2022-28131
(From OE-Core rev: 09a820fe21d7884c6733d569f6560ef1ded5435d)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
fdca6ac5fa golang: fix CVE-2022-24291
Upstream-Status: Backport [2b65cde586]
CVE: CVE-2022-24921
(From OE-Core rev: a2d3d80a7df5b8f57105ef2b680e9e01a9da6486)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
b574cdd1e0 golang: fix CVE-2021-44716
Upstream-Status: Backport [d0aebe3e74]
CVE: CVE-2021-44716
(From OE-Core rev: c5ec3e8701a1b81d8e5b17d2521530345892a09b)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
9bb56c4550 golang: fix CVE-2021-33198
Upstream-Status: Backport [df9ce19db6]
CVE: CVE-2021-33198
(From OE-Core rev: 078260dd63e205d3a433b03357f2332f44daa397)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
a4683ad5a1 golang: fix CVE-2021-33195
Upstream-Status: Backport [31d60cda1f]
CVE: CVE-2021-33195
(From OE-Core rev: f1051e11fd0eb5b0e9924a0acdcb078ddc8f9772)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Bhabu Bindu
9bd10b1548 libxml2: Fix CVE-2022-40304
Fix dict corruption caused by entity reference cycles

Link: 1b41ec4e94

Upstream-Status: Pending

(From OE-Core rev: 8e195f0a01b4cc1017bf9df67ffc3c6d6c15d24a)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Bhabu Bindu
471e3cee02 libxml2: Fix CVE-2022-40303
Fix integer overflows with XML_PARSE_HUGE

Link: c846986356

Upstream-Status: Pending

(From OE-Core rev: d16d5660a32386158632ee5599ad92a9f2dc08dd)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Vivek Kumbhar
1ab1a5821e libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der
Upstream-Status: Backport [44a700d205]

(From OE-Core rev: 305f1c56121436da7be39c5980fc11f779188ab7)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Omkar
124e5c8391 python3: Fix CVE-2022-45061
Fix CVE-2022-45061, referenced as
https://github.com/python/cpython/issues/98433
patch taken from
064ec20bf7

(From OE-Core rev: 4498ca9a299bd5d9a7173ec67daf17cb66b6d286)

Signed-off-by: Omkar <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ranjitsinh Rathod
4341dc9953 systemd: Fix CVE-2022-3821 issue
An off-by-one Error issue was discovered in Systemd in format_timespan()
function of time-util.c. An attacker could supply specific values for
time and accuracy that leads to buffer overrun in format_timespan(),
leading to a Denial of Service.
Add a patch to solve above CVE issue
Link: 9102c625a6

(From OE-Core rev: e2db40ca49b8ed217f14c7f861087837e8b3f389)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Hitendra Prajapati
4978b9a24f sudo: CVE-2022-43995 heap-based overflow with very small passwords
Upstream-Status: Backport from bd209b9f16

(From OE-Core rev: d1bdb663e6a69993d3f42547a27296b606965d47)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Richard Purdie
aa00730418 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: 1ee082e979baaba871bbe1d91181bb04951faf3b)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:26:20 +00:00
Richard Purdie
2b7d97af74 bitbake: utils: Fix lockfile path length issues
If the path to bitbake.lock is in a deep directory, bitbake will hang. The
reason was that the max file length limiting code (to 255 chars) was including
the directory name and it should only act on the filename within the directory.
Fix it to just use the base filename.

[YOCTO #14766]

(Bitbake rev: e3db9c2e9eded3c5cb6040714a6054b44f6b3880)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89d70e7b71eecfe06592202f326e566c579ba01d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:26:15 +00:00
Richard Purdie
0711fd83cd bitbake: utils: Handle lockfile filenames that are too long for filesystems
The fetcher mirror code can go crazy creating lock filenames which exceed the
filesystem limits. When this happens, the code will loop/hang.

Handle the filename too long exception correctly but also truncate lockfile
lengths to under 256 since the worst case situation is lockfile overlap
and lack of parallelism.

(Bitbake rev: 30d42ef030d03e11322b6b05ea7bbb64ab3d6f21)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63baf3440b16e41ac6601de21ced94a94bdf1509)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:26:15 +00:00
Richard Purdie
b7420c15b3 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: a5d90bf22c037044c471daefe326ae14702b173e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:24:39 +00:00
Steve Sakoman
f6f7f22992 poky.conf: bump version for 3.1.21
(From meta-yocto rev: 9b713fe0cc7c5f5cb51bcf760d1a1c6540b485f1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 12:32:23 +00:00
Steve Sakoman
a6aa9198ae documentation: update for 3.1.21
(From yocto-docs rev: 01d31151d5c4a87a466cb49b97eabf75cf47ed98)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 12:32:23 +00:00
ciarancourtney
ef1a755b3c wic: swap partitions are not added to fstab
- Regression in 7aa678ce804c21dc1dc51b9be442671bc33c4041

(From OE-Core rev: ce99d451a54b8ce46b7f9030deaba86355009b1a)

Signed-off-by: Ciaran Courtney <ciaran.courtney@activeenergy.ie>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f1243572ad6b6303fe562e4eb7a9826fd51ea3c3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Ross Burton
c3c1224664 sanity: check for GNU tar specifically
We need the system tar to be GNU tar, as we reply on --xattrs.  Some
distributions may be using libarchive's tar binary, which is definitely
not as featureful, so check for this and abort early with a clear
message instead of later with mysterious errors.

(From OE-Core rev: 8f852648fe730615c99bcdaace8a4748ef4e96a5)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7dd2b1cd1bb10e67485dab8600c0787df6c2eee7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Peter Kjellerstedt
01cafb753b externalsrc.bbclass: Remove a trailing slash from ${B}
The trailing slash in ${B} caused -fdebug-prefix-map=${B}=... to not
match as intended, resulting in ${TMPDIR} ending up in files in
${PN}-dbg when externalsrc was in use, which in turn triggered buildpath
QA warnings.

(From OE-Core rev: fa89e048e223ae2e96d0f55979f93f29904b5229)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9b5031ed5a0d102905fa75acc418246c23df6eef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Martin Jansa
c0b9a560b7 externalsrc.bbclass: fix git repo detection
* fix issue introduced in:
  https://git.openembedded.org/openembedded-core/commit/?id=95fbac8dcad6c93f4c9737e9fe13e92ab6befa09

* it added check for s_dir + git-dir (typically '.git') isn't
  the same as ${TOPDIR} + git-dir, but due to copy-paste issue
  it was just comparing it with s_dir + git-dir again, resulting
  in most external repos (where git-dir is '.git') to be processed
  as regular directory (not taking advantage of git write-tree).

* normally this wouldn't be an issue, but for big repo with a lot of
  files this added a lot of checksums in:
  d.setVarFlag('do_compile', 'file-checksums', '${@srctree_hash_files(d)}')

  and I mean *a lot, e.g. in chromium build it was 380227 paths
  which still wouldn't that bad, but the checksum processing in
  siggen.py isn't trivial and just looping through all these
  checksums takes very long time (over 1000sec on fast NVME drive
  with warm cache) and then
  https://git.openembedded.org/bitbake/commit/?id=b4975d2ecf615ac4c240808fbc5a3f879a93846b
  made the processing a bit more complicated and the loop in
  get_taskhash() function took 6448sec and to make things worse
  there was no output from bitbake during that time, so even with -DDD
  it looks like this:

  DEBUG: virtual/libgles2 resolved to: mesa (langdale/oe-core/meta/recipes-graphics/mesa/mesa_22.2.0.bb)
  Bitbake still alive (no events for 600s). Active tasks:
  Bitbake still alive (no events for 1200s). Active tasks:
  Bitbake still alive (no events for 1800s). Active tasks:
  Bitbake still alive (no events for 2400s). Active tasks:
  Bitbake still alive (no events for 3000s). Active tasks:
  Bitbake still alive (no events for 3600s). Active tasks:
  Bitbake still alive (no events for 4200s). Active tasks:
  Bitbake still alive (no events for 4800s). Active tasks:
  Bitbake still alive (no events for 5400s). Active tasks:
  Bitbake still alive (no events for 6000s). Active tasks:
  DEBUG: Starting bitbake-worker

  without -DDD it will get stuck for almost 2 hours in:
  "Initialising tasks..."
  before it finally writes sstate summary like:
  "Sstate summary: Wanted 3102 Local 0 Mirrors 0 Missed 3102 Current 1483 (0% match, 32% complete)"

* fix the copy&paste typo to use git work-tree in most cases, but
  be aware that this issue still exists for huge local source
  trees not in git

[YOCTO #14942]

(From OE-Core rev: 1f0e4de8d92edd7438d462c779d917ac0ccd5499)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9102e5a94b8146cb1da27afbe41d3db999a914ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Alex Kiernan
308cefb86b openssl: upgrade 1.1.1q to 1.1.1s
Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
* Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
  certificate data to be signed before signing the certificate.

Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [11 Oct 2022]
* Added a missing header for memcmp that caused compilation failure on
  some platforms

(From OE-Core rev: a39a32efd41c92a3ada49d667979c79101a4a2da)

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Sundeep KOKKONDA
9d340b5ed2 glibc : stable 2.31 branch updates.
Below commits on glibc-2.31 stable branch are updated.
d4b7559457 x86-64: Require BMI2 for avx2 functions [BZ #29611]
b8bb48a18d x86-64: Require BMI2 for strchr-avx2.S [BZ #29611]
c8f2a3e803 Add test for bug 29530
e6ae5b25cd Fix memmove call in vfprintf-internal.c:group_number
1dbe841a67 Remove most vfprintf width/precision-dependent allocations (bug 14231, bug 26211).
5a802723db stdio: Add tests for printf multibyte convertion leak [BZ#25691]
ae7748e67f stdio: Remove memory leak from multibyte convertion [BZ#25691]
174d0b61c7 Linux: Require properly configured /dev/pts for PTYs
0a167374fd Linux: Detect user namespace support in io/tst-getcwd-smallbuff
4ad1659d8c getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
3319cea99e support: Add helpers to create paths longer than PATH_MAX
f733e291bb support: Fix xclone build failures on ia64 and hppa
43757c70ee support: Add xclone
29d3aeb0e8 Add xchdir to libsupport.
2d7720f316 support: Add create_temp_file_in_dir
183709983d NEWS: Add a bug fix entry for BZ #28896
d385079bd5 x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c
7df3ad6560 x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896]
fc133fcf49 x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896]
775c05b28c string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755]
c6b346ec55 x86-64: Test strlen and wcslen with 0 in the RSI register [BZ #28064]
0675185923 x86: Remove wcsnlen-sse4_1 from wcslen ifunc-impl-list [BZ #28064]
5db3239baf x86: Black list more Intel CPUs for TSX [BZ #27398]
5b99f172b8 x86: Check RTM_ALWAYS_ABORT for RTM [BZ #28033]
70d293a158 NEWS: Add a bug fix entry for BZ #27974
a2be2c0f5d String: Add overflow tests for strnlen, memchr, and strncat [BZ #27974]
489006c3c5 x86: Optimize strlen-evex.S
937f2c783a x86: Fix overflow bug in wcsnlen-sse4_1 and wcsnlen-avx2 [BZ #27974]
0058c73d11 x86-64: Add wcslen optimize for sse4.1
665d0252f1 x86-64: Move strlen.S to multiarch/strlen-vec.S
82ff13e2cc x86-64: Fix an unknown vector operation in memchr-evex.S
539b593a1d x86: Optimize memchr-evex.S
7b37ae60c6 x86: Optimize strlen-avx2.S
0381c1c10d x86: Fix overflow bug with wmemchr-sse2 and wmemchr-avx2 [BZ #27974]
10368cb76b x86: Optimize memchr-avx2.S
66ca40582e test-strnlen.c: Check that strnlen won't go beyond the maximum length
927bcaf892 test-strnlen.c: Initialize wchar_t string with wmemset [BZ #27655]
0d4159c36c x86-64: Require BMI2 for __strlen_evex and __strnlen_evex
c0cbb9345e NEWS: Add a bug fix entry for BZ #27457
e81b975fcc x86-64: Fix ifdef indentation in strlen-evex.S
aa4e48e73c x86-64: Use ZMM16-ZMM31 in AVX512 memmove family functions
ac911d3b57 x86-64: Use ZMM16-ZMM31 in AVX512 memset family functions
20d37de533 x86: Add string/memory function tests in RTM region
fbaa99ed41 x86-64: Add AVX optimized string/memory functions for RTM
096e14f632 x86-64: Add memcmp family functions with 256-bit EVEX
f00fad4e4c x86-64: Add memset family functions with 256-bit EVEX
cf239ddd2e x86-64: Add memmove family functions with 256-bit EVEX
7257ba7bf2 x86-64: Add strcpy family functions with 256-bit EVEX
db9071c0f6 x86-64: Add ifunc-avx2.h functions with 256-bit EVEX
2d612b2c5f x86: Set Prefer_No_VZEROUPPER and add Prefer_AVX2_STRCMP
5b13651085 NEWS: Add a bug fix entry for BZ #28755
5ee8a436ab x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]

(From OE-Core rev: 1d047a1f19ea57f919180273589cdf7fb4dacaa3)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Sundeep KOKKONDA
d86149ba65 binutils: stable 2.34 branch updates
Below commits on binutils-2.34 stable branch are updated.
c4e78c0868a PR27755, powerpc-ld infinite loop
33973d228c9 gas, arm: PR26858 Fix availability of single precision vmul/vmla in arm mode
0c8652fe288 x86: Update GNU property tests
5c1bd3f52c6 x86: Properly merge -z ibt and -z shstk
93b9bf1651a PowerPC TPREL_HA/LO optimisation
58950a3bfd4 Date update
e3b314d3a61 aarch64: set sh_entsize of .plt to 0
26b6ab7a0e4 S/390: z13: Accept vector alignment hints
7324292cd94 gas: Fix checking for backwards .org with negative offset
463ec189fe9 Prevent a potential use-after-fee memory corruption bug in the linker (for PE format files).
ef2826c0fdb Fix the ARM assembler to generate a Realtime profile for armv8-r.
8524bb5bd28 Re: Fix tight loop on recursively-defined symbols
5768460022b Fix tight loop on recursively-defined symbols
a72427b1ae0 gas: PR 25863: Fix scalar vmul inside it block when assembling for MVE
9f57ab49b32 BFD: Exclude sections with no content from compress check.
aaf3f0599a2 Arm: Fix LSB of GOT for Thumb2 only PLT.
97f92b3e90a Arm: Fix thumb2 PLT branch offsets.
3053d7a163c include: Sync plugin-api.h with GCC
f7aec2b8e09 PR25745, powerpc64-ld overflows string buffer in --stats mode
1b2bf0f65c1 include: Sync plugin-api.h with GCC
5e8619b9597 include: Sync lto-symtab.h and plugin-api.h with GCC
23820109ced plugin: Don't invoke LTO-wrapper
64f5c0afcc4 plugin: Use LDPT_ADD_SYMBOLS_V2 to get symbol type
aaa1e160040 Silence warnings due to plugin API change
e7c0ee5110c Include: Sync lto-symtab.h and plugin-api.h with GCC
b6520be37fd Fix dwarf.c build with GCC 10
a560c29ca5a bfd: Change num_group to unsigned int
3ca4cd1ebde gas, arm: Fix bad backport
b3174859c4b gas, arm: PR25660L Fix vadd/vsub with lt and le condition codes for MVE
de9c1b7cfe6 powerpc64-ld infinite loop
0318fc4e18e Adjust PR25355 testcase
40bfb976274 Re: PR24511, nm should not mark symbols in .init_array as "t"
42b2380cdce Don't call lto-wrapper for ar and ranlib
acc4a8b8ac8 PR25585, PHDR segment not covered by LOAD segment

(From OE-Core rev: ad15d44b6c56ccbbe8e4c12717e7dfe3492a659a)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Vivek Kumbhar
93fa878377 qemu: fix CVE-2021-3638 ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write
Upstream-Status: Backport from https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html

(From OE-Core rev: 8b5d38abdbfd3bdeb175c793b4d33f9054e89f77)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Vivek Kumbhar
213cf8004c curl: fix CVE-2022-32221 POST following PUT
Upstream-Status: Backport from https://github.com/curl/curl/commit/a64e3e59938abd7d6

(From OE-Core rev: 9af175e122acb93a412ad7a099f0eaa793a1c097)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Sunil Kumar
b39245d723 go: Security Fix for CVE-2022-2879
archive/tar: limit size of headers

Set a 1MiB limit on special file blocks (PAX headers, GNU long names,
GNU link names), to avoid reading arbitrarily large amounts of data
into memory.

Link: https://github.com/golang/go/commit/0a723816cd2

(From OE-Core rev: a8e2f91edfe2df5204a482c4e53fbdd08f80e878)

Signed-off-by: Sunil Kumar <sukumar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Hitendra Prajapati
21370990c6 bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c
Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f

(From OE-Core rev: c008c56e9b03f0ce3eccf4c01799ae8e987e5cd5)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Bartosz Golaszewski
4ddc26f4e4 bluez5: add dbus to RDEPENDS
Unless we're using systemd, dbus is not pulled into the system
automatically. Bluez5 will not work without dbus so add it to RDEPENDS
explicitly.

(From OE-Core rev: babcb7cd3bbefe9c0ea28e960e4fd6cefbc03cae)

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 377ef7009a8638efe688b6b61f67ae399eb1f23d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Daniel McGregor
50c5d5a788 coreutils: add openssl PACKAGECONFIG
coreutils-native will pick up openssl on the host if it's GPL
compatible (version >= 3), which causes uninative failures with hosts
that don't have openssl3.

Add a PACKAGECONFIG entry for openssl so it can be enabled, but isn't
by default.

(From OE-Core rev: 590d8f2bdbb7ea558b9e99e58a1dae2b5eb58153)

Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9859a8124a0c09ac38d476445e7df7097f41d153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Alexander Kanavin
6000f42a26 tzdata: update to 2022d
(From OE-Core rev: d325f5389a09ba03b4ded7c57c29dad773dbc0af)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Teoh Jay Shen
d143bac2a1 vim: Upgrade 9.0.0598 -> 9.0.0614
Include fixes for CVE-2022-3352.

(From OE-Core rev: 30ade05280760253bb1de4f5d757363e1b7e4fc0)

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Frank de Brabander
600261eafa cve-update-db-native: add timeout to urlopen() calls
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.

This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.

(From OE-Core rev: f51a6742bcae3a151a326d17cd44935815eb78c7)

Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Ranjitsinh Rathod
5502d7326c expat: Fix CVE-2022-43680 for expat
Add a patch to fix CVE-2022-43680 issue where use-after free caused by
overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
in out-of-memory situations
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680

(From OE-Core rev: ac4476e6594417b14bfb05a110009ef245f419b0)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Hitendra Prajapati
32c25a0202 libX11: CVE-2022-3554 Fix memory leak
Upstream-Status: Backport from 1d11822601

(From OE-Core rev: 1d36df9c9ec0ea13c4e0c3794b0d97305e2c6ac1)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Hitendra Prajapati
3903d753f9 golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters
Upstream-Status: Backport from 9d2c73a9fd

(From OE-Core rev: f977d712455411c091aeee04ea7096d9e8c5b563)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Steve Sakoman
eb8e26214e selftest: skip virgl test on all Alma Linux
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 54bbfe94ae4514386c572564bf221edfdbb2ce38)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
43a224f247 devtool: add HostKeyAlgorithms option to ssh and scp commands
With the newer version of ssh in Ubuntu 22.04 we are getting errors of this type:

Unable to negotiate with 192.168.7.2 port 22: no matching host key type found. Their offer: ssh-rsa

Add -o HostKeyAlgorithms=+ssh-rsa to command invocation as suggested at:

http://www.openssh.com/legacy.html

(From OE-Core rev: 9275d23c782071382c201bca2d647f6426a64e2f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Paul Eggleton
8ce85b6c6c classes/kernel-fitimage: add ability to add additional signing options
Add a UBOOT_MKIMAGE_SIGN_ARGS variable to enable passing additional
options to uboot-mkimage when it is run the second time to perform
signing.

(From OE-Core rev: fd39b936b03a6416e7a66408c47578daa2a08cf1)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8fd7ee7414b45a1feeef7982af3583475902a677)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Omkar
bff6562223 dbus: upgrade 1.12.22 -> 1.12.24
Upgrade dbus from 1.12.22 to 1.12.24

Fix Below CVE's:
2022-42010
2022-42011
2022-42012

(From OE-Core rev: f00cb90cb4169ecbc003c61b50ae9e0dd4b75254)

Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
wangmy
3a7007cb35 dbus: upgrade 1.12.20 -> 1.12.22
(From OE-Core rev: 1fb8ea03cf6c4df4d8c2cc9329dfe80c83a37e2d)

(From OE-Core rev: f2632f0e5f814aac9f0c8f7294fb1d8439167c36)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc98fba73a)
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Bruce Ashfield
b6df248293 linux-yocto/5.4: update to v5.4.219
Updating  to the latest korg -stable release that comprises
the following commits:

    fd92cfed8bc6 Linux 5.4.219
    0cb5be43dc4b wifi: mac80211: fix MBSSID parsing use-after-free
    9478c5f9c007 wifi: mac80211: don't parse mbssid in assoc response
    7f441a6c90fe mac80211: mlme: find auth challenge directly
    c248c3330d5f Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
    1d0da8674c23 Linux 5.4.218
    3ff54a91e4ea Input: xpad - fix wireless 360 controller breaking after suspend
    690467759573 Input: xpad - add supported devices as contributed on github
    9389750ac6b0 wifi: cfg80211: update hidden BSSes to avoid WARN_ON
    7fab3bf52059 wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
    77bb20ccb9df wifi: cfg80211: avoid nontransmitted BSS list corruption
    785eaabfe310 wifi: cfg80211: fix BSS refcounting bugs
    359ce507f751 wifi: cfg80211: ensure length byte is present before access
    43689bf2cd8e wifi: cfg80211/mac80211: reject bad MBSSID elements
    020402c7dd58 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
    c634a9107f6a random: use expired timer rather than wq for mixing fast pool
    39800adc38f6 random: avoid reading two cache lines on irq randomness
    bc0375ca434b random: restore O_NONBLOCK support
    49d2fc9f998b USB: serial: qcserial: add new usb-id for Dell branded EM7455
    20a5bde60597 scsi: stex: Properly zero out the passthrough command structure
    46b822a7550d efi: Correct Macmini DMI match in uefi cert quirk
    b719d10f7ec3 ALSA: hda: Fix position reporting on Poulsbo
    e5d25a3bfde4 random: clamp credited irq bits to maximum mixed
    194f59391d6c ceph: don't truncate file in atomic_open
    259c0f68168a nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    b7e409d11db9 nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    792211333ad7 nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
    963089ad76cb rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    2da677c0c725 mmc: core: Terminate infinite loop in SD-UHS voltage switch
    373eca05b5b8 mmc: core: Replace with already defined values for readability
    7ec8f073c2bf USB: serial: ftdi_sio: fix 300 bps rate for SIO
    21446ad9cb98 usb: mon: make mmapped memory read only
    d2f3a51ca27e arch: um: Mark the stack non-executable to fix a binutils warning
    bb2d4c37b1fc um: Cleanup compiler warning in arch/x86/um/tls_32.c
    9e26e0eef622 um: Cleanup syscall_handler_t cast in syscalls_32.h
    3c9a75b3d2f7 net/ieee802154: fix uninit value bug in dgram_sendmsg
    61be8898d704 scsi: qedf: Fix a UAF bug in __qedf_probe()
    c790d3a00d42 ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    aefe2f55a986 dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
    db702ecd713a dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    59684c877783 firmware: arm_scmi: Add SCMI PM driver remove routine
    70e4f70d54e0 fs: fix UAF/GPF bug in nilfs_mdt_destroy
    398312c687bb perf tools: Fixup get_current_dir_name() compilation
    393a1aa4215b mm: pagewalk: Fix race between unmap and page walker
    6e150d605c9e Linux 5.4.217
    0c41153c367b docs: update mediator information in CoC docs
    096740d67560 Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    e911caf9a158 Revert "drm/amdgpu: use dirty framebuffer helper"
    ae19c3c76dc4 xfs: remove unused variable 'done'
    538657def702 xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    9ff41b8d71ba xfs: streamline xfs_attr3_leaf_inactive
    c893fedaf10c xfs: move incore structures out of xfs_da_format.h
    5e13ad940a2a xfs: fix memory corruption during remote attr value buffer invalidation
    821e0951b4b3 xfs: refactor remote attr value buffer invalidation
    a1b66abe30da xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    1e4a0723eb38 xfs: fix s_maxbytes computation on 32-bit kernels
    16de74ee3ad6 xfs: truncate should remove all blocks, not just to the end of the page cache
    87e73331e4b7 xfs: introduce XFS_MAX_FILEOFF
    bd67d06b099d xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    24f45c878299 x86/speculation: Add RSB VM Exit protections
    564275d4b93f x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    4891e5fd1001 x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    9862c0f4fd6c x86/speculation: Disable RRSBA behavior
    b9ae02c3c253 x86/bugs: Add Cannon lake to RETBleed affected CPU list
    d6a8a470dc22 x86/cpu/amd: Enumerate BTC_NO
    2edfa537f3b1 x86/common: Stamp out the stepping madness
    17a9fc4a7b91 x86/speculation: Fill RSB on vmexit for IBRS
    2242cf215013 KVM: VMX: Fix IBRS handling after vmexit
    51c71ed134e9 KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    a31bdec99a95 KVM: VMX: Convert launched argument to flags
    5895a9297e60 KVM: VMX: Flatten __vmx_vcpu_run()
    64723cd346ea KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
    57ba312f1037 KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
    87dfe68a3513 x86/speculation: Remove x86_spec_ctrl_mask
    4109a8ce107d x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    0fd086edf887 x86/speculation: Fix SPEC_CTRL write on SMT state change
    18d5a93fd202 x86/speculation: Fix firmware entry SPEC_CTRL handling
    03a575a0f954 x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    8afd1c7da2b0 x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
    3ee9e9a5af07 intel_idle: Disable IBRS during long idle
    97bc52c14a93 x86/bugs: Report Intel retbleed vulnerability
    fd67fe3db93f x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
    2d4ce2d72c3b x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    e2d793a3742a x86/bugs: Optimize SPEC_CTRL MSR writes
    a3111faed5c1 x86/entry: Add kernel IBRS implementation
    fd32a31553a1 x86/entry: Remove skip_r11rcx
    3c93ff4e23ea x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    9a596426d7bd x86/bugs: Add AMD retbleed= boot parameter
    063b7f980607 x86/bugs: Report AMD retbleed vulnerability
    954d591a84d0 x86/cpufeatures: Move RETPOLINE flags to word 11
    893cd858b09c x86/kvm/vmx: Make noinstr clean
    f62d272c2fec x86/cpu: Add a steppings field to struct x86_cpu_id
    69460b1ed63d x86/cpu: Add consistent CPU match macros
    87449d94e75c x86/devicetable: Move x86 specific macro out of generic code
    fbd29b7549b2 Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
    3a8ff61e6f13 Revert "x86/speculation: Add RSB VM Exit protections"

(From OE-Core rev: 285fdd43a20ccb12231bd36e5e75fe13ad2a32fd)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Bruce Ashfield
e736037243 linux-yocto/5.4: update to v5.4.216
Updating  to the latest korg -stable release that comprises
the following commits:

    f28b7414ab71 Linux 5.4.216
    b8b87cb13681 clk: iproc: Do not rely on node name for correct PLL setup
    d417d5eb29d7 clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    762706bd12a6 selftests: Fix the if conditions of in test_extra_filter()
    ae0d3a431639 nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    18ef5cd4c53c nvme: add new line after variable declatation
    3ea4a5342452 usbnet: Fix memory leak in usbnet_disconnect()
    6ca922ec7598 Input: melfas_mip4 - fix return value check in mip4_probe()
    38c4d8230f93 Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time"
    7291d19a9eeb soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    cdbcdfc96126 soc: sunxi: sram: Fix probe function ordering issues
    73dbc6e136b5 soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource()
    26170e4fd145 soc: sunxi: sram: Prevent the driver from being unbound
    883778a1f4fa soc: sunxi: sram: Actually claim SRAM regions
    1ba52486082b ARM: dts: am33xx: Fix MMCHS0 dma properties
    d0c69c722ff1 ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    d18565280076 media: dvb_vb2: fix possible out of bound access
    0f4634f70bfd mm: fix madivse_pageout mishandling on non-LRU page
    ffd11370b74f mm/migrate_device.c: flush TLB while holding PTL
    b9e31f4885c4 mm: prevent page_frag_alloc() from corrupting the memory
    d535fb83844e mm/page_alloc: fix race condition between build_all_zonelists and page allocation
    2ec4949738c8 mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    bb7c23e4e523 libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    5cebfac6a8c9 Revert "net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()"
    9a3740f448be ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    46e784cf4a84 ARM: dts: integrator: Tag PCI host with device_type
    85b5edb1b429 clk: ingenic-tcu: Properly enable registers before accessing timers
    f8a2e22289e4 net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    43699b8fbcf1 uas: ignore UAS for Thinkplus chips
    fc540f6e4bb4 usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    383c663c7359 uas: add no-uas quirk for Hiksemi usb_disk
    6215647d9699 Linux 5.4.215
    579976dc0d9f ext4: make directory inode spreading reflect flexbg size
    26e7c965f41b xfs: fix use-after-free when aborting corrupt attr inactivation
    8b3c9eb1b3dd xfs: fix an ABBA deadlock in xfs_rename
    37ec5a20c80d xfs: don't commit sunit/swidth updates to disk if that would cause repair failures
    4668f08cda30 xfs: split the sunit parameter update into two parts
    fd6c5da3fa2b xfs: refactor agfl length computation function
    6363fdf7acac xfs: use bitops interface for buf log item AIL flag check
    a95582d9d500 xfs: stabilize insert range start boundary to avoid COW writeback race
    7a20c664a7d8 xfs: fix some memory leaks in log recovery
    ad9759d48802 xfs: always log corruption errors
    0336599b645e xfs: constify the buffer pointer arguments to error functions
    8856a6572fed xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    9185003c93b3 xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()
    796ff09598cd xfs: attach dquots and reserve quota blocks during unwritten conversion
    a33bcad48b48 xfs: range check ri_cnt when recovering log items
    a102869fb173 xfs: add missing assert in xfs_fsmap_owner_from_rmap
    979eb1230413 xfs: slightly tweak an assert in xfs_fs_map_blocks
    c494dbca9928 xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    bb7eb3ca4b3b ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    04aa8187eba5 workqueue: don't skip lockdep work dependency in cancel_work_sync()
    a874609522b5 drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    75ed7dee26ab drm/amd/display: Limit user regamma to a valid value
    c89849ecfd2e drm/amdgpu: use dirty framebuffer helper
    0b467eab0aad Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
    8c8d0f7ac82f cifs: always initialize struct msghdr smb_msg completely
    1438e412aeda usb: xhci-mtk: fix issue of out-of-bounds array access
    2e473351400e s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    9eb710d1843a serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    6cc0434f9d44 serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    556e827b0f63 serial: Create uart_xmit_advance()
    903f7d322c17 net: sched: fix possible refcount leak in tc_new_tfilter()
    0e8de8f54b04 net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    67199c26a006 perf kcore_copy: Do not check /proc/modules is unchanged
    80b2f37b3370 perf jit: Include program header in ELF files
    95c5637d3d1f can: gs_usb: gs_can_open(): fix race dev->can.state condition
    11ebf32fde46 netfilter: ebtables: fix memory leak when blob is malformed
    6a3239f80682 net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
    d12a1eb07003 net/sched: taprio: avoid disabling offload when it was never enabled
    420c9b10737b of: mdio: Add of_node_put() when breaking out of for_each_xx
    d2ac2baf1fc4 i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    450d106804ff i40e: Fix VF set max MTU size
    3daf09781982 iavf: Fix set max MTU size with port VLAN and jumbo frames
    bfaff9adaa89 iavf: Fix bad page state
    9bf52411eeaa MIPS: Loongson32: Fix PHY-mode being left unspecified
    405bd0ebb00c MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    37f79374bba4 net: team: Unsync device addresses on ndo_stop
    346e94aa4a99 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    b84fdb6be105 iavf: Fix cached head and tail value for iavf_get_tx_pending
    721ea8ac063d netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    d0a24bc8e2aa netfilter: nf_conntrack_irc: Tighten matching on DCC message
    0376a77fa7bc netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    c9355b7e5a6f arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    312eb4574d16 arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    a52ef6ae2842 arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    016b150992ee mm/slub: fix to return errno if kmalloc() fails
    cafb9cad9bcc efi: libstub: check Shim mode using MokSBStateRT
    9599d4601941 ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    befadcf8f7f2 ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    b90ac48c0540 ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    5f622518a7d0 ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    8f8a740e9160 ALSA: hda/realtek: Re-arrange quirk table entries
    dafeac1226a4 ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    95b9a7f0bfbb ALSA: hda: add Intel 5 Series / 3400 PCI DID
    7fff38ab90b8 ALSA: hda/tegra: set depop delay for tegra
    78d3ae9bfad6 USB: serial: option: add Quectel RM520N
    55f0f59e8227 USB: serial: option: add Quectel BG95 0x0203 composition
    95b97afdde75 USB: core: Fix RST error in hub.c
    f5e322ffe7aa Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    430c9bd664ec Revert "usb: add quirks for Lenovo OneLink+ Dock"
    05ec31717feb usb: cdns3: fix issue with rearming ISO OUT endpoint
    10c5d34f6f68 usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    ddf7bc221817 usb: add quirks for Lenovo OneLink+ Dock
    da8ac086943e tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    e56a40281997 serial: atmel: remove redundant assignment in rs485_config
    85a64208b319 tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    9ad48cbf8b07 wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    9a3695bde9c7 usb: xhci-mtk: relax TT periodic bandwidth allocation
    174645cc63c3 usb: xhci-mtk: allow multiple Start-Split in a microframe
    6cfde07c5d8e usb: xhci-mtk: add some schedule error number
    664b0b8f4efa usb: xhci-mtk: add a function to (un)load bandwidth info
    d1eed0d3fb8c usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    1833e8e049d0 usb: xhci-mtk: add only one extra CS for FS/LS INTR
    3826d4f0ef89 usb: xhci-mtk: get the microframe boundary for ESIT
    4ccf7afa4729 usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    a5bdea59f43d usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    67bf926f16b3 usb: dwc3: gadget: Refactor pullup()
    24e4f6308d95 usb: dwc3: gadget: Prevent repeat pullup()
    62b6cbc5983e usb: dwc3: Issue core soft reset before enabling run/stop
    e24f90d7617b usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    85371aad2855 ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    07191f984842 cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    1878eaf0edb8 video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    47c5ef29e52f mksysmap: Fix the mismatch of 'L0' symbols in System.map
    f0ebdfc10bd1 MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    c53c3cbca5ef afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    1aea20f98ed3 net: usb: qmi_wwan: add Quectel RM520N
    447f95d41397 ALSA: hda/tegra: Align BDL entry to 4KB boundary
    9f55da12d05d ALSA: hda/sigmatel: Keep power up while beep is enabled
    39265647c4a6 rxrpc: Fix calc of resend age
    cc273ed79e7c rxrpc: Fix local destruction being repeated
    da01ec04a0b0 regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
    17a21341d953 ASoC: nau8824: Fix semaphore unbalance at error paths
    323f289a9044 iomap: iomap that extends beyond EOF should be marked dirty
    d88039e6fee4 MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    36128fd71f03 cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    81081a5c9c74 cifs: revalidate mapping when doing direct writes
    834f4d856fda tracing: hold caller_addr to hardirq_{enable,disable}_ip
    2c4e260d45fd task_stack, x86/cea: Force-inline stack helpers
    4051324a6daf ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    47d7e6af5bd4 parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    2aae9b7d0723 drm/meson: Fix OSD1 RGB to YCbCr coefficient
    5dd9cb66b712 drm/meson: Correct OSD1 global alpha value
    f1de50e1db99 gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    82e276e5fcdc NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    e0e88c25f88b of: fdt: fix off-by-one error in unflatten_dt_nodes()
    9f02aa34e179 Linux 5.4.214
    c629ec4ddd4f tracefs: Only clobber mode/uid/gid on remount if asked
    fe26b6ca0404 soc: fsl: select FSL_GUTS driver for DPIO
    1bd66f1053be net: dp83822: disable rx error interrupt
    c128bff9ff35 mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    bf3cd8f2c69b usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    72b31dc26415 platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    0573dc9f154a perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    baba0cfc3df0 nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    161e7555520b Input: iforce - add support for Boeder Force Feedback Wheel
    a725bc34d81a ieee802154: cc2520: add rc code in cc2520_tx()
    2670d1d3f59c tg3: Disable tg3 device on system reboot to avoid triggering AER
    c118ae56a5fb hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    3e89e8d1c634 HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    7e214f5b2f34 drm/msm/rd: Fix FIFO-full deadlock

(From OE-Core rev: 8cf29e02798b98ed8f5fe504cf5f10f63d491300)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Richard Purdie
8e9e9263e3 qemu: Avoid accidental librdmacm linkage
Avoid accidentally linking to the rdma library from the host by
adding a PACKAGECONFIG for the option. This was found on new
Fedora 36 autobuilder workers.

(From OE-Core rev: aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a0f3cb225e4d5471155abbcd05d09bd6bf1620f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
2ea050d3fb qemu: Add PACKAGECONFIG for rbd
Avoid accidentally linking to the rbd library from the host by
adding a PACKAGECONFIG for the option.

(From OE-Core rev: bb32854dbe68335d834aaa80e42d6a524ea4e1b2)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
29ae351d1d qemu: Avoid accidental libvdeplug linkage
Avoid accidentally linking to the vde library from the host by
adding a PACKAGECONFIG for the option.

(From OE-Core rev: cc979908beec8a40a636d00a1fdcf2769358377f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8839e9540528b0b46c4fb4f95e508f038bcef8b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
John Edward Broadbent
a83b2d8200 externalsrc: git submodule--helper list unsupported
Git has removed support for "git submodule--helper list".
31955475d1

This change provides an alternate method for gathering the submodules
information.

Tested:
Build recipes with and without submodules

(From OE-Core rev: 6c50d83af0af677c2dff864ac40c580ae446372b)

Signed-off-by: Carson Labrado <clabrado@google.com>
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d9364e5f3535954f65cbbc694ee7933ac1d664f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Michael Halstead
7bf5de9a3f uninative: Upgrade to 3.7 to work with glibc 2.36
Update uninative to work with the new glibc 2.36 version

(From OE-Core rev: 1ca9b676175d7efc72185fed5b09aba40ac0f669)

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 410226b053e14e32add1f9b4b811f84a1c445a7c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
1a9dac1b51 selftest: skip virgl test on ubuntu 22.04
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 8f53bba4936b79dfe8dfa30216990b3d440150a7)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Tim Orling
87ecc7cef6 python3: upgrade 3.8.13 -> 3.8.14
Security and bug fixes.

* Drop CVE-2021-28861.patch as it was merged in 3.8.14 release.

Fixes:
  * CVE-2020-10735
    https://nvd.nist.gov/vuln/detail/CVE-2020-10735
  * CVE-2021-28861
    https://nvd.nist.gov/vuln/detail/CVE-2021-28861
  * CVE-2018-25032
    https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Python 3.8.14
Release Date: Sept. 6, 2022

This is a security release of Python 3.8
Note: The release you're looking at is Python 3.8.14, a security bugfix
      release for the legacy 3.8 series. Python 3.10 is now the latest
      feature release series of Python 3.

Security content in this release
CVE-2020-10735: converting between int and str in bases other than
  2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
  10 (decimal) now raises a ValueError if the number of digits in string
  form is above a limit to avoid potential denial of service attacks due
  to the algorithmic complexity.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
  server when an URI path starts with //.
gh-93065: Fix contextvars HAMT implementation to handle iteration over
  deep trees to avoid a potential crash of the interpreter.
gh-90355: Fix ensurepip environment isolation for the subprocess running
  pip.
gh-80254: Raise ProgrammingError instead of segfaulting on recursive usage
  of cursors in sqlite3 converters.

(From OE-Core rev: 25fafd35a4698daa0d4abb814a91601e68223128)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Hitendra Prajapati
e1f932366f qemu: CVE-2021-3750 hcd-ehci: DMA reentrancy issue leads to use-after-free
Source: https://git.qemu.org/?p=qemu.git
MR: 117886
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=b9d383ab797f54ae5fa8746117770709921dc529 && https://git.qemu.org/?p=qemu.git;a=commit;h=3ab6fdc91b72e156da22848f0003ff4225690ced && https://git.qemu.org/?p=qemu.git;a=commit;h=58e74682baf4e1ad26b064d8c02e5bc99c75c5d9
ChangeID: 3af901d20ad8ff389468eda2c53b4943e3a77bb8
Description:
	CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free.

(From OE-Core rev: 0f4b1db4fdc655e880ec66525eb7642978529e82)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Hitendra Prajapati
17ecf62a19 dhcp: Fix CVE-2022-2928 & CVE-2022-2929
Source: https://downloads.isc.org/isc/dhcp
MR: 122797, 122812
Type: Security Fix
Disposition: Backport from https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
ChangeID: 31490133cae8fc9c77073f9023955d3ff39c0b6e
Description:

Fixed CVEs:
	1. CVE-2022-2928
	2. CVE-2022-2929

(From OE-Core rev: 89d8ac907cbb5a0e214cb306a2d7bb4896165278)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Richard Purdie
f593a11bf5 bitbake: tests/fetch: Allow handling of a file:// url within a submodule
CVE-2022-39253 in git meant file:// urls within submodules were disabled. Add
a parameter to the commands in the tests to allow this to continue to work.

(Bitbake rev: 8ea8e443005ad92f4ad264d9abd9e90e33fb5c17)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:39:14 +01:00
Michael Opdenacker
90a6f6a110 dev-manual: fix reference to BitBake user manual
Fix a wrong reference no longer tolerated by Sphinx 5.x
(missing "bitbake:" prefix)

(From yocto-docs rev: 2359aff814f5faccffbf3cb2cd180979c248fc3c)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-11 21:57:53 +01:00
Richard Purdie
7f9b7f912e build-appliance-image: Update to dunfell head revision
(From OE-Core rev: dbad46a0079843b380cf3dda6008b12ab9526688)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-09 19:34:46 +01:00
Steve Sakoman
9ae9138497 poky.conf: bump version for 3.1.20 release
(From meta-yocto rev: 56e2baf3d5d51a0491fb295b8a0bcacacdd1e2f9)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:40:31 +01:00
Steve Sakoman
8cf3492f4c documentation: update for 3.1.20
(From yocto-docs rev: d2abea88ce793d2a31836cbffae096190dd54563)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:40:31 +01:00
Paul Barker
d7019b183d licenses: Handle newer SPDX license names
License names were updated in commit 2456f523cf (after the dunfell
release) to match the current SPDX license list. We don't want to do any
wholesale renaming on the dunfell stable branch but we should add
mappings for the newer '*-only' names to allow for layers which support
both dunfell and newer releases.

(From OE-Core rev: 2a646cbdaca914e6f2c76ccb75065a811a9f94de)

Signed-off-by: Paul Barker <paul.barker@sancloud.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:39:19 +01:00
Mathieu Dubois-Briand
4d8f22bc23 bind: Fix CVEs 2022-2795, 2022-38177, 2022-38178
(From OE-Core rev: 9632481dc14868c0f92572472834a2a0c4f46e2e)

Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-05 08:39:19 +01:00
Martin Jansa
028971709f create-pull-request: don't switch the git remote protocol to git://
Many git repos prefer https:// nowadays and many removed support
for git://.

This breaks the script when using github.com even when selected remote
is ssh (git@github.com:openembedded/...), it will re-write it to git://
before calling git pull-request causing:

openembedded-core $ scripts/create-pull-request -u github -b jansa/artifacts -o pull-kernel
NOTE: Assuming local branch HEAD, use -l to override.
fatal: unable to connect to github.com:
github.com[0: 140.82.121.3]: errno=Connection timed out

warn: No match for commit ea003bd026aa24bb4c8b7562f44ed6512e921259 found at git://github.com/shr-distribution/oe-core
warn: Are you sure you pushed 'jansa/artifacts' there?
ERROR: git request-pull reported an error

(From OE-Core rev: 7a08f2ae1c12e3511b409c4535d2eab83a27b64a)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64c466920b808c35d1ac87b47cf438bc79becea7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Shubham Kulkarni
aa449287a0 go: Add fix for CVE-2022-32190
Link: 2833550891

(From OE-Core rev: 3362bbb1a1ce599418dc8377043f7549f9327315)

Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Hitendra Prajapati
95ba88b935 golang: CVE-2022-27664 net/http: handle server errors after sending GOAWAY
Source: https://github.com/golang/go
MR: 121912
Type: Security Fix
Disposition: Backport from 5bc9106458
ChangeID: 0b76a92a774279d7bffc9d6fa05564dfd8371e8c
Description:
	 CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY.

(From OE-Core rev: 4e2f723a4288ad4839fac2769e487612252b1d40)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Richard Purdie
f50439feb5 vim: Upgrade 9.0.0541 -> 9.0.0598
Includes a fix for CVE-2022-3278.

(From OE-Core rev: bc13c16bec7a898ae3246e2a9ab586e8241af28e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98c40271692147873a622e168e8b2e90a9fcc54c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Hitendra Prajapati
e9ad2aab5c bluez: CVE-2022-39176 BlueZ allows physically proximate attackers
Source: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
MR: 122140
Type: Security Fix
Disposition: Backport from https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.6
ChangeID: b989c7670a9b2bd1d11221e981eab0d162f3271c
Description:
	 CVE-2022-39176 bluez: BlueZ allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Affects "bluez < 5.59"

(From OE-Core rev: 3750b576035d87633c69c0a5fc6de4854179f9b0)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Dmitry Baryshkov
fb7acc1b21 linux-firmware: package new Qualcomm firmware
Add packages for the new Qualcomm firmware released for Lenovo X13s
laptop.

The INSANE_SKIP:${PN} has to be provided to silent following warnings:

WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcadsp8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcslpi8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!

(From OE-Core rev: 6227efbf03d2e7ca773ab29177705203f2550722)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af9924a3da0569e90c2d3abe030584456e66229b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Dmitry Baryshkov
1956baac10 linux-firmware: package new Qualcomm firmware
Create separate packages with firmware files for APQ8096 SoC and for
Adreno 2xx/4xx. Include A330 firmware into the 3xx package.

(From OE-Core rev: 705de0a585b9e6343075eb6af41b8f8972ee327d)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a0cb8f9131d1f238dc150e583a7ff816645765f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Dmitry Baryshkov
ca1c4e7a76 linux-firmware: upgrade 20220708 -> 20220913
License-Update: additional files
(From OE-Core rev: a8efbea09f851e9ef72a1ec387077d9eda5335c6)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68ce822b765a7b67f8cc8590688860cc2530cf04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Robert Joslyn
35aaf7eadd tzdata: Update from 2022b to 2022c
(From OE-Core rev: efcb0b30244007545ab8b0231e003271dcd7fab2)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ecf88d151f265e5efb8e1dde5aba3ee2a8b76d8d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Richard Purdie
483ab0979f vim: Upgrade 9.0.453 -> 9.0.541
Includes a fix for CVE-2022-3234.

(From OE-Core rev: dabda290f3d40a9ef4f2b5720634280f712f554d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Minjae Kim
243a95b193 inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd
Fix telnetd crash if the first two bytes of a new connection
are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).

CVE: CVE-2022-39028

(From OE-Core rev: 1c385e70d4bfab2334361ba82f29988bb11d6902)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-30 16:34:52 +01:00
Bruce Ashfield
d7194226b1 linux-yocto/5.4: update to v5.4.213
Updating  to the latest korg -stable release that comprises
the following commits:

    7e17397001a9 Linux 5.4.213
    077041e486fe MIPS: loongson32: ls1c: Fix hang during startup
    4e8d7039cf52 x86/nospec: Fix i386 RSB stuffing
    64f9755b408b sch_sfb: Also store skb len before calling child enqueue
    9d3237b5906c tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    19816a021468 nvme-tcp: fix UAF when detecting digest errors
    a4f0d34580b6 RDMA/mlx5: Set local port to one when accessing counters
    3df71e11a477 ipv6: sr: fix out-of-bounds read when setting HMAC data.
    e7f78835d551 RDMA/siw: Pass a pointer to virt_to_page()
    5332a0945148 i40e: Fix kernel crash during module removal
    d488e2baf2ef tipc: fix shift wrapping bug in map_get()
    279c7668e354 sch_sfb: Don't assume the skb is still around after enqueueing to child
    a2f0ff5beee5 afs: Use the operation issue time instead of the reply time for callbacks
    8077a50c8cce rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    36f7b71f8ad8 netfilter: nf_conntrack_irc: Fix forged IP logic
    323b6847e509 netfilter: br_netfilter: Drop dst references before setting.
    367a655f074b RDMA/hns: Fix supported page size
    57b2897ec3ff soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    87fe1703bada RDMA/cma: Fix arguments order in net device validation
    d80ad9991198 regulator: core: Clean up on enable failure
    c108e2035151 ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    e192a08f6534 smb3: missing inode locks in punch hole
    59c6902a96b4 cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    13d67aadb1c9 cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
    059516952cc9 cgroup: Optimize single thread migration
    d0e7be0dc9f2 scsi: lpfc: Add missing destroy_workqueue() in error path
    5682c94644fd scsi: mpt3sas: Fix use-after-free warning
    8d66989b5f7b nvmet: fix a use-after-free
    9fc8c5fa4230 debugfs: add debugfs_lookup_and_remove()
    0d895d2bb120 kprobes: Prohibit probes in gate area
    0492798bf8df ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
    e275cf331824 ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    45321a7d02b7 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    adbbc1a8c5ac drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    e1955cdd3122 fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    fcab25a6b0ac arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
    a3714415c449 parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    dcf54e6cae9e parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    c72d97146fc5 drm/radeon: add a force flush to delay work when radeon
    ae2c6cc8fb21 drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    bca46f2295fa drm/gem: Fix GEM handle release errors
    bd2a3bff310e scsi: megaraid_sas: Fix double kfree()
    944f276cbce4 USB: serial: ch341: fix disabled rx timer on older devices
    f0003ab97a07 USB: serial: ch341: fix lost character on LCR updates
    d288c6383a8e usb: dwc3: disable USB core PHY management
    9c670d0bb144 usb: dwc3: fix PHY disable sequence
    9ab0c653ef03 btrfs: harden identification of a stale device
    4e5ba186d9cf drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    3af1316df747 ALSA: seq: Fix data-race at module auto-loading
    4fa63d526c87 ALSA: seq: oss: Fix data-race for max_midi_devs access
    82a86f82bc67 net: mac802154: Fix a condition in the receive path
    d228b897b813 ip: fix triggering of 'icmp redirect'
    66689c5c02ac wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    1142f04f920c driver core: Don't probe devices after bus_type.match() probe deferral
    bb87fe79bc2c usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    df1875084898 USB: core: Prevent nested device-reset calls
    87b47c7f9f95 s390: fix nospec table alignments
    b604e79fba12 s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    33f8f8302473 usb-storage: Add ignore-residue quirk for NXP PN7462AU
    e2e153bb6d69 USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    8ef85884f441 usb: dwc2: fix wrong order of phy_power_on and phy_init
    08f27a242898 usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    1abdc68b49c7 USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    3cd8e3448eac USB: serial: option: add Quectel EM060K modem
    b988c14d7c82 USB: serial: option: add support for OPPO R11 diag port
    234fd17306cb USB: serial: cp210x: add Decagon UCA device id
    0143b573612f xhci: Add grace period after xHC start to prevent premature runtime suspend.
    c7e5a90eee5f thunderbolt: Use the actual buffer in tb_async_error()
    cb2684e906f9 gpio: pca953x: Add mutex_lock for regcache sync in PM
    7756eb1ed124 hwmon: (gpio-fan) Fix array out of bounds access
    979fe68b2e39 clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    389a45dc06dd Input: rk805-pwrkey - fix module autoloading
    1929a5275ecb clk: core: Fix runtime PM sequence in clk_core_unprepare()
    577b32abfd51 Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    582e87c6bbf2 clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    5d4acadcdf26 drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    bc37b0570220 usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    30d0901b307f binder: fix UAF of ref->proc caused by race condition
    b30dd08fd5aa USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    f8632b8bb53e misc: fastrpc: fix memory corruption on open
    ec186b9f4aa2 misc: fastrpc: fix memory corruption on probe
    0d90ef874966 iio: adc: mcp3911: use correct formula for AD conversion
    d186c65599bf Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    a6b7e8d97530 tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
    1cf1930369c9 vt: Clear selection before changing the font
    214877169e5b powerpc: align syscall table for ppc32
    d0aac7146e96 staging: rtl8712: fix use after free bugs
    a65a2a33c6d0 serial: fsl_lpuart: RS485 RTS polariy is inverse
    ae5e8d0baa0a net/smc: Remove redundant refcount increase
    47e679431613 Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    91ecfbcd8dc1 tcp: annotate data-race around challenge_timestamp
    f8a94fdf0288 sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    0946ff31d1a8 kcm: fix strp_init() order and cleanup
    02986e1bb63e ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    fffa19b5e58c net: sched: tbf: don't call qdisc_put() while holding tree lock
    e1ba258dac0b Revert "xhci: turn off port power in shutdown"
    2dca3c61269b wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    bed12d7531df ieee802154/adf7242: defer destroy_workqueue call
    ddc6e823218f iio: adc: mcp3911: make use of the sign bit
    630a97e4da75 platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    765497cc748d drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    fced8363b460 drm/msm/dsi: fix the inconsistent indenting
    83b25f9eb243 net: dp83822: disable false carrier interrupt
    007541bc27c2 Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    96f09cd54472 fs: only do a memory barrier for the first set_buffer_uptodate()
    d51e1682faec net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()
    f4c4637a3836 wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
    8028ff4cdbb3 efi: capsule-loader: Fix use-after-free in efi_capsule_write

(From OE-Core rev: ef38f7acee3f0ae400138fa60f4695a86dffc16e)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Bruce Ashfield
134ac61730 linux-yocto/5.4: update to v5.4.212
Updating  to the latest korg -stable release that comprises
the following commits:

    d6deb370b5a5 Linux 5.4.212
    0052348329c9 net: neigh: don't call kfree_skb() under spin_lock_irqsave()
    25a80e728412 net/af_packet: check len when min_header_len equals to 0
    fc78b2fc21f1 io_uring: disable polling pollfree files
    b474ff1b2095 kprobes: don't call disarm_kprobe() for disabled kprobes
    6fbc49b7f007 lib/vdso: Mark do_hres() and do_coarse() as __always_inline
    2161d3c12c74 lib/vdso: Let do_coarse() return 0 to simplify the callsite
    06ebb40b8720 btrfs: tree-checker: check for overlapping extent items
    63c790584031 netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
    5c5cd52ab09d drm/amd/display: Fix pixel clock programming
    c570198c3d9e s390/hypfs: avoid error message under KVM
    51be9dd391fd neigh: fix possible DoS due to net iface start/stop loop
    814b756d4ec3 drm/amd/display: clear optc underflow before turn off odm clock
    a06e4eb65169 drm/amd/display: Avoid MPC infinite loop
    2608885a4f7e btrfs: unify lookup return value when dir entry is missing
    1fe3375cf2be btrfs: do not pin logs too early during renames
    e9b4baabf852 btrfs: introduce btrfs_lookup_match_dir
    2fe3eee48899 mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
    8b68e53d5669 bpf: Don't redirect packets with invalid pkt_len
    934e49f7d696 ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
    7d9591b32a90 fbdev: fb_pm2fb: Avoid potential divide by zero error
    53c7c4d5d40b HID: hidraw: fix memory leak in hidraw_release()
    466b67c0543b media: pvrusb2: fix memory leak in pvr_probe
    63d8c1933ed2 udmabuf: Set the DMA mask for the udmabuf device (v2)
    fa2b822d86be HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
    6551fbe25853 Bluetooth: L2CAP: Fix build errors in some archs
    adc7640e1931 kbuild: Fix include path in scripts/Makefile.modpost
    80a7fe2b7012 x86/bugs: Add "unknown" reporting for MMIO Stale Data
    09602177d80c s390/mm: do not trigger write fault when vma does not allow VM_WRITE
    c9c5501e8151 mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
    b4c928ace9a1 scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
    2045b9d30619 perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
    8e7fb19f1a74 md: call __md_stop_writes in md_stop
    f35c4fec07a2 mm/hugetlb: fix hugetlb not supporting softdirty tracking
    f09c1b80df55 ACPI: processor: Remove freq Qos request for all CPUs
    cacd522e6652 s390: fix double free of GS and RI CBs on fork() failure
    c3862f559265 asm-generic: sections: refactor memory_intersects
    13b2856037a6 loop: Check for overflow while configuring loop
    2668aeac01ac x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
    dd3365d3b496 btrfs: check if root is readonly while setting security xattr
    5b44dcf8b79b btrfs: add info when mount fails due to stale replace target
    40554fa41a78 btrfs: replace: drop assert for suspended replace
    201bb5d745ae btrfs: fix silent failure when deleting root reference
    571a13b35005 ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
    aa0a3f72c6da net: Fix a data-race around sysctl_somaxconn.
    923fa41adebd net: Fix a data-race around netdev_budget_usecs.
    adeb24afd2fd net: Fix a data-race around netdev_budget.
    575c57e9e00c net: Fix a data-race around sysctl_net_busy_read.
    6e8f9df62dbe net: Fix a data-race around sysctl_net_busy_poll.
    5da0632c07d4 net: Fix a data-race around sysctl_tstamp_allow_data.
    4482215f93d2 ratelimit: Fix data-races in ___ratelimit().
    a90afeab21ae net: Fix data-races around netdev_tstamp_prequeue.
    c1d0ef0e6f11 net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
    dbd0f1991adf netfilter: nft_tunnel: restrict it to netdev family
    fba05d250256 netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
    a2ce367ae743 netfilter: nft_payload: do not truncate csum_offset and csum_type
    870015352911 netfilter: nft_payload: report ERANGE for too long offset and length
    bc7ba4cd0bc3 bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
    160c4eb47db0 netfilter: ebtables: reject blobs that don't provide all entry points
    8b9155eae85d net: ipvtap - add __init/__exit annotations to module init/exit funcs
    1498077d562f bonding: 802.3ad: fix no transmission of LACPDUs
    ac3541b11e5b net: moxa: get rid of asymmetry in DMA mapping/unmapping
    eb8236dff703 net/mlx5e: Properly disable vlan strip on non-UL reps
    6e4b20d548fc rose: check NULL rose_loopback_neigh->loopback
    4c14faf16632 SUNRPC: RPC level errors should set task->tk_rpc_status
    8ee27a4f0f1a af_key: Do not call xfrm_probe_algs in parallel
    63da7a2bbf3f xfrm: fix refcount leak in __xfrm_policy_check()
    a9f94dc4ddee kernel/sched: Remove dl_boosted flag comment
    d2b65976bf1a sched/deadline: Fix priority inheritance with multiple scheduling classes
    c498c8cbc271 sched/deadline: Fix stale throttling on de-/boosted tasks
    184c8ab53424 sched/deadline: Unthrottle PI boosted threads while enqueuing
    71b7edfc76d2 pinctrl: amd: Don't save/restore interrupt status and wake status bits
    8e52d0c57d5f Revert "selftests/bpf: Fix test_align verifier log patterns"
    2b13ddc9e0e3 Revert "selftests/bpf: Fix "dubious pointer arithmetic" test"
    a89c4b5868cb usb: cdns3: Fix issue for clear halt endpoint
    87b41b041cd4 kernel/sys_ni: add compat entry for fadvise64_64
    945dc19778f6 parisc: Fix exception handler for fldw and fstw instructions
    bb415d2687ac audit: fix potential double free on error path from fsnotify_add_inode_mark
    684cc17be897 Linux 5.4.211
    473f43725bb7 btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
    6fd4cea04400 btrfs: only write the sectors in the vertical stripe which has data stripes
    04e41b6bacf4 can: j1939: j1939_session_destroy(): fix memory leak of skbs
    18e0ab31b028 can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
    5c9637279f65 tracing/probes: Have kprobes and uprobes use $COMM too
    5d8244d42d34 MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
    2b7f559152a3 video: fbdev: i740fb: Check the argument of i740_calc_vclk()
    5e14b04c8459 powerpc/64: Init jump labels before parse_early_param()
    720f6112c393 smb3: check xattr value length earlier
    29e734ec33ae f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
    dd9d894b4163 ALSA: timer: Use deferred fasync helper
    76f87b11a4b2 ALSA: core: Add async signal helpers
    f4159834d17f powerpc/32: Don't always pass -mcpu=powerpc to the compiler
    d78d0ee79bb8 watchdog: export lockup_detector_reconfigure
    814d83c5e127 RISC-V: Add fast call path of crash_kexec()
    812cb21259ad riscv: mmap with PROT_WRITE but no PROT_READ is invalid
    1b49707df679 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
    3e6994735c1c vfio: Clear the caps->buf to NULL after free
    ca3fc1c38e42 tty: serial: Fix refcount leak bug in ucc_uart.c
    3c0efcd608f1 lib/list_debug.c: Detect uninitialized lists
    a6805b3dcf5c ext4: avoid resizing to a partial cluster size
    5bebfd607726 ext4: avoid remove directory when directory is corrupted
    f5d46f1b47f6 drivers:md:fix a potential use-after-free bug
    7a2fe1594689 nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
    0bf3dcfb0396 dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
    d13b990d4fbe selftests/kprobe: Do not test for GRP/ without event failures
    082da6a9c30f um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
    c3ce788be376 PCI/ACPI: Guard ARM64-specific mcfg_quirks
    695af60af755 cxl: Fix a memory leak in an error handling path
    ca06b4cde54f gadgetfs: ep_io - wait until IRQ finishes
    927907f1cbb3 scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
    d401611a93b3 clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
    f78ac62e6b9d vboxguest: Do not use devm for irq
    cfa8f707a58d usb: renesas: Fix refcount leak bug
    0334d23c56ec usb: host: ohci-ppc-of: Fix refcount leak bug
    b743d6cef4f1 drm/meson: Fix overflow implicit truncation warnings
    29b30e041376 irqchip/tegra: Fix overflow implicit truncation warnings
    e2d531806569 usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
    e65d9b7147d7 usb: cdns3 fix use-after-free at workaround 2
    e7170b5a2826 PCI: Add ACS quirk for Broadcom BCM5750x NICs
    d58ef2567813 drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
    d0c4307aeae5 locking/atomic: Make test_and_*_bit() ordered on failure
    90fb514a1656 gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
    55197ba6d64d igb: Add lock to avoid data race
    44b406aab057 fec: Fix timer capture timing in `fec_ptp_enable_pps()`
    f861285de84b i40e: Fix to stop tx_timeout recovery if GLOBR fails
    781212b34447 ice: Ignore EEXIST when setting promisc mode
    545ec873f16e net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
    b360ce159cb1 net: moxa: pass pdev instead of ndev to DMA functions
    cb1753bc689c net: dsa: mv88e6060: prevent crash on an unused port
    ccb0a42d3f40 powerpc/pci: Fix get_phb_number() locking
    b5dd26e07397 netfilter: nf_tables: really skip inactive sets when allocating name
    f415fda65931 clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
    ff289f2be589 iavf: Fix adminq error handling
    2b4daaed4f57 nios2: add force_successful_syscall_return()
    d6d9dd2cc325 nios2: restarts apply only to the first sigframe we build...
    01e783b45e3b nios2: fix syscall restart checks
    9e9151768bde nios2: traced syscall does need to check the syscall number
    73c088373234 nios2: don't leave NULLs in sys_call_table[]
    86a89da5cdbd nios2: page fault et.al. are *not* restartable syscalls...
    965333345fe9 tee: add overflow check in register_shm_helper()
    cfa215a76a40 dpaa2-eth: trace the allocated address instead of page struct
    9a6cbaa50f26 atm: idt77252: fix use-after-free bugs caused by tst_timer
    2f14656fe1a8 xen/xenbus: fix return type in xenbus_file_read()
    c61d3b92f56a nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
    a1d13886fd2e NTB: ntb_tool: uninitialized heap data in tool_fn_write()
    215cbd3c0d40 tools build: Switch to new openssl API for test-libcrypto
    a91204264ebd tools/vm/slabinfo: use alphabetic order when two values are equal
    12f777a957be dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
    0ecc55feceb1 vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
    f82f1e2042b3 vsock: Fix memory leak in vsock_connect()
    f4f2acf01298 plip: avoid rcu debug splat
    85b5747321ed geneve: do not use RT_TOS for IPv6 flowlabel
    760a01c36b83 ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
    49c1ae5fc8dd pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
    b0de3436ca57 pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
    c26012a1e61c pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
    ac6d4482f29a net: bgmac: Fix a BUG triggered by wrong bytes_compl
    1ad4ba9341f1 devlink: Fix use-after-free after a failed reload
    c1bdc6de5178 SUNRPC: Reinitialise the backchannel request buffers before reuse
    b0e283987358 sunrpc: fix expiry of auth creds
    0a901c2f7fa7 can: mcp251x: Fix race condition on receive interrupt
    f7ee3b772d9d NFSv4/pnfs: Fix a use-after-free bug in open
    14b5a92e3398 NFSv4.1: RECLAIM_COMPLETE must handle EACCES
    89dd9bec6630 NFSv4: Fix races in the legacy idmapper upcall
    e7eba28ba774 NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
    68a84001f7a2 NFSv4.1: Don't decrease the value of seq_nr_highest_sent
    2c8477600cd6 Documentation: ACPI: EINJ: Fix obsolete example
    7db182a2ebee apparmor: Fix memleak in aa_simple_write_to_buffer()
    ef6fb6f0d0d8 apparmor: fix reference count leak in aa_pivotroot()
    7f6092dc8f7a apparmor: fix overlapping attachment computation
    98ab8dfa048b apparmor: fix aa_label_asxprint return check
    1b4c44823a13 apparmor: Fix failed mount permission check error message
    825b0f6bb035 apparmor: fix absroot causing audited secids to begin with =
    dd78c35a27d4 apparmor: fix quiet_denied for file rules
    45be56968d6e can: ems_usb: fix clang's -Wunaligned-access warning
    f67c43e4b131 tracing: Have filter accept "common_cpu" to be consistent
    90b0526dd82a btrfs: fix lost error handling when looking up extended ref on log replay
    d33e770f0a56 mmc: pxamci: Fix an error handling path in pxamci_probe()
    6db5285844c4 mmc: pxamci: Fix another error handling path in pxamci_probe()
    b1b2b8adb0eb ata: libata-eh: Add missing command name
    70e0c8a454e2 rds: add missing barrier to release_refill
    d040e85ae959 ALSA: info: Fix llseek return value when using callback
    992480132ed3 net_sched: cls_route: disallow handle of 0
    7d9d0ba99c47 net/9p: Initialize the iounit field during fid creation
    13e17a18a46b Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
    4d5e45fdf048 Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
    f135c65085ee scsi: sg: Allow waiting for commands to complete on removed device
    cf218ff991ce tcp: fix over estimation in sk_forced_mem_schedule()
    8cdba919acef KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
    8fb5e7760444 KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
    4c08dd3fbdc5 KVM: Add infrastructure and macro to mark VM as bugged
    8659026858e0 btrfs: reject log replay if there is unsupported RO compat flag
    1fcd691cc2e7 net_sched: cls_route: remove from list when handle is 0
    b12304984654 iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
    18048cba444a firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
    7c77d1f9ba11 timekeeping: contribute wall clock to rng on time change
    5e0fcc5ad3e0 ACPI: CPPC: Do not prevent CPPC from working in the future
    2c7e93e33832 dm writecache: set a default MAX_WRITEBACK_JOBS
    05cef0999b32 dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
    cb583ca6125a dm raid: fix address sanitizer warning in raid_status
    71f601c779b3 dm raid: fix address sanitizer warning in raid_resume
    2f2fa48c9f98 intel_th: pci: Add Meteor Lake-P support
    ab1f9cb5001c intel_th: pci: Add Raptor Lake-S PCH support
    0d8fd1fa178f intel_th: pci: Add Raptor Lake-S CPU support
    8887ef07ff55 ext4: correct the misjudgment in ext4_iget_extra_inode
    be9614e15eec ext4: correct max_inline_xattr_value_size computing
    b9a2dfd1a0c8 ext4: fix extent status tree race in writeback error recovery path
    b10b2122d709 ext4: update s_overhead_clusters in the superblock during an on-line resize
    9d1468732118 ext4: fix use-after-free in ext4_xattr_set_entry
    41ff115b14b6 ext4: make sure ext4_append() always allocates new block
    748d17d47687 ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
    025604c7023b btrfs: reset block group chunk force if we have to wait
    cf8927ce6619 tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
    61a1793b058a kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
    37690cb8662c spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
    91d11a3376e0 x86/olpc: fix 'logical not is only applied to the left hand side'
    42afeecce25e scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
    d2e82c78e352 scsi: qla2xxx: Turn off multi-queue for 8G adapters
    83cb0fb8482b scsi: qla2xxx: Fix discovery issues in FC-AL topology
    bc98764d80ee scsi: zfcp: Fix missing auto port scan and thus missing target ports
    eacb50f17336 video: fbdev: s3fb: Check the size of screen before memset_io()
    53198b81930e video: fbdev: arkfb: Check the size of screen before memset_io()
    d71528ccdc7a video: fbdev: vt8623fb: Check the size of screen before memset_io()
    09777c16a0f4 tools/thermal: Fix possible path truncations
    a249e1b89ca2 video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
    46513b4a8038 x86/numa: Use cpumask_available instead of hardcoded NULL check
    26d2d13d9fc3 scripts/faddr2line: Fix vmlinux detection on arm64
    563ffb782da7 genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
    9813d27d596b powerpc/pci: Fix PHB numbering when using opal-phbid
    6a119c1a584a kprobes: Forbid probing on trampoline and BPF code areas
    cc53477d8926 perf symbol: Fail to read phdr workaround
    f388643657cd powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
    d99733ad47a6 powerpc/xive: Fix refcount leak in xive_get_max_prio
    14329d29a048 powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
    3ec50b8a0128 powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
    44a43b65d7e1 powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
    ddaa8cc5a6bb video: fbdev: sis: fix typos in SiS_GetModeID()
    49a4c1a87ef8 video: fbdev: amba-clcd: Fix refcount leak bugs
    a9286ff4c19f watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
    ba406e310041 ASoC: audio-graph-card: Add of_node_put() in fail path
    bb1cc434df08 fuse: Remove the control interface for virtio-fs
    083984627411 ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
    3edcd1348ba7 s390/zcore: fix race when reading from hardware system area
    50be644f7ddd iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
    b948ff8a9e9a mfd: max77620: Fix refcount leak in max77620_initialise_fps
    8d01edaf9eea mfd: t7l66xb: Drop platform disable callback
    b45bcdf627a9 kfifo: fix kfifo_to_user() return type
    8ee5d40ae29e rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
    9a87a532848a iommu/exynos: Handle failed IOMMU device registration properly
    44913ccfa1d5 tty: n_gsm: fix missing corner cases in gsmld_poll()
    ae9bfcbfd76a tty: n_gsm: fix DM command
    b625b745497f tty: n_gsm: fix wrong T1 retry count handling
    373343d8a796 vfio/ccw: Do not change FSM state in subchannel event
    51642e132859 remoteproc: qcom: wcnss: Fix handling of IRQs
    fbf979564682 tty: n_gsm: fix race condition in gsmld_write()
    597bec4a4cc0 tty: n_gsm: fix packet re-transmission without open control channel
    ba10f6c2f079 tty: n_gsm: fix non flow control frames during mux flow off
    8b355d6b1fcf profiling: fix shift too large makes kernel panic
    8791703eddf4 ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
    ba4d971fe11a ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
    34734e4c526a serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
    79f566907d27 ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
    4f97b5bb81be ASoC: codecs: da7210: add check for i2c_add_driver
    b488ceb23369 ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
    d6d41f04640d ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
    d3f15a4be209 opp: Fix error check in dev_pm_opp_attach_genpd()
    fa5b65d39332 jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
    fc1ec67ba503 ext4: recover csum seed of tmp_inode after migrating to extents
    36a88efe8747 jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
    242303bf7fe0 null_blk: fix ida error handling in null_add_dev()
    b348e204a531 RDMA/rxe: Fix error unwind in rxe_create_qp()
    38403d143d1f mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
    d3beb91c99d1 platform/olpc: Fix uninitialized data in debugfs write
    358db0ebec41 USB: serial: fix tty-port initialized comments
    06f56d9e7470 PCI: tegra194: Fix link up retry sequence
    f916f6e03955 PCI: tegra194: Fix Root Port interrupt handling
    ed44d9ce8c37 HID: alps: Declare U1_UNICORN_LEGACY support
    46f545821144 mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
    d0cc1ba2be1c mmc: cavium-octeon: Add of_node_put() when breaking out of loop
    b100b0b0026a gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
    2f90813f1c21 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
    11edf0bba15e RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
    fb9193af53a3 RDMA/hns: Fix incorrect clearing of interrupt status register
    414849317b36 usb: gadget: udc: amd5536 depends on HAS_DMA
    bc6f609401c4 scsi: smartpqi: Fix DMA direction for RAID requests
    b1b803495374 mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
    9d8b911fe3c3 memstick/ms_block: Fix a memory leak
    830c38ec9aca memstick/ms_block: Fix some incorrect memory allocation
    4c472a2c9ed6 mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
    6bb0f109660a staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
    b5d924cb4c7b intel_th: msu: Fix vmalloced buffers
    d81195c47465 intel_th: msu-sink: Potential dereference of null pointer
    859342220acc intel_th: Fix a resource leak in an error handling path
    3771ee6c46ad soundwire: bus_type: fix remove and shutdown support
    2fcb7182dee9 clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
    7dc9eb967a47 clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
    5780dde5104f clk: qcom: ipq8074: fix NSS port frequency tables
    15f4d52835b7 usb: host: xhci: use snprintf() in xhci_decode_trb()
    7cfb3120ecf2 clk: qcom: clk-krait: unlock spin after mux completion
    8191b6cd9ada driver core: fix potential deadlock in __driver_attach
    be8f7c44d5af misc: rtsx: Fix an error handling path in rtsx_pci_probe()
    507cabdb3692 clk: mediatek: reset: Fix written reset bit offset
    9ecabd76bfc7 usb: xhci: tegra: Fix error check
    65d36ec409b6 usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
    8cbc3870ff35 usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
    8e88b4257532 fpga: altera-pr-ip: fix unsigned comparison with less than zero
    44ffee3979d6 mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
    f3cc27198c5d mtd: partitions: Fix refcount leak in parse_redboot_of
    a1cdbd344f86 mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
    519ff31a6ddd HID: cp2112: prevent a buffer overflow in cp2112_xfer()
    1367f4a3e6b5 mtd: rawnand: meson: Fix a potential double free issue
    80b1465b2ae8 mtd: maps: Fix refcount leak in ap_flash_init
    9124d51e0123 mtd: maps: Fix refcount leak in of_flash_probe_versatile
    e0012773af09 clk: renesas: r9a06g032: Fix UART clkgrp bitsel
    51fb8c2c106b dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
    d3b292263731 net: rose: fix netdev reference changes
    34b88491b4de netdevsim: Avoid allocation warnings triggered from user space
    9d9e0d55601d iavf: Fix max_rate limiting
    50a7949fd9ea crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
    439297ec5c05 net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
    878e7f39803a wifi: libertas: Fix possible refcount leak in if_usb_probe()
    5cca5f714fe6 wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
    52b11a48cf07 wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
    becbc82919bc i2c: mux-gpmux: Add of_node_put() when breaking out of loop
    6d9f3128c0ee i2c: cadence: Support PEC for SMBus block read
    80df14022cec Bluetooth: hci_intel: Add check for platform_driver_register
    26168f0656a3 can: pch_can: pch_can_error(): initialize errc before using it
    a025f6ca15b2 can: error: specify the values of data[5..7] of CAN error frames
    61bcc556ff8c can: usb_8dev: do not report txerr and rxerr during bus-off
    d8833eaa5f37 can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
    a37e2bad7635 can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
    80b135a02389 can: sun4i_can: do not report txerr and rxerr during bus-off
    d20bf7e76136 can: hi311x: do not report txerr and rxerr during bus-off
    e94369cdc038 can: sja1000: do not report txerr and rxerr during bus-off
    5b9d4919a7d7 can: rcar_can: do not report txerr and rxerr during bus-off
    4cb29f25b215 can: pch_can: do not report txerr and rxerr during bus-off
    ecbdb2985e08 selftests/bpf: fix a test for snprintf() overflow
    e134d998a98c wifi: p54: add missing parentheses in p54_flush()
    6942c45a2270 wifi: p54: Fix an error handling path in p54spi_probe()
    60c998342516 wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
    72d9ce5b085a fs: check FMODE_LSEEK to control internal pipe splicing
    8cf6e837dcfc selftests: timers: clocksource-switch: fix passing errors from child
    2f243fe8db21 selftests: timers: valid-adjtimex: build fix for newer toolchains
    8ebe6121e7cc libbpf: Fix the name of a reused map
    fd35e34ece33 tcp: make retransmitted SKB fit into the send window
    6296d09d2b21 drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
    1ae9edf7e875 mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
    e86a88d39cc7 media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
    cf411bcc657b crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
    2e34d6c8180a drm/msm/mdp5: Fix global state lock backoff
    5d4128a163a9 drm: bridge: sii8620: fix possible off-by-one
    3a7ebe131ca9 drm/mediatek: dpi: Only enable dpi after the bridge is enabled
    42c8e38e8620 drm/mediatek: dpi: Remove output format of YUV
    0f214563ab6d drm/rockchip: Fix an error handling path rockchip_dp_probe()
    3345fd35335f drm/rockchip: vop: Don't crash for invalid duplicate_state()
    9f64fb45514a crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
    b53cbaf9b3b3 drm/vc4: dsi: Correct DSI divider calculations
    120161c12731 drm/vc4: plane: Fix margin calculations for the right/bottom edges
    84f638fbf83c drm/vc4: plane: Remove subpixel positioning check
    59340f399c0a media: hdpvr: fix error value returns in hdpvr_read
    87c35bbefdfa drm/mcde: Fix refcount leak in mcde_dsi_bind
    289079d6c5f0 drm: bridge: adv7511: Add check for mipi_dsi_driver_register
    73304c759408 wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
    e9e21206b8ea ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
    fef3261630eb media: tw686x: Register the irq at the end of probe
    871a1e94929a i2c: Fix a potential use after free
    127ecd6b1f17 drm: adv7511: override i2c address of cec before accessing it
    8cdf42c7baa6 drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
    db1a9add3f90 drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
    6a5ade10a38e drm/mipi-dbi: align max_chunk to 2 in spi_transfer
    f52b31ecaf59 wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
    c59876f8c982 ath10k: do not enforce interrupt trigger type
    08cc3995fb6b dm: return early from dm_pr_call() if DM device is suspended
    bc4e8b95c407 thermal/tools/tmon: Include pthread and time headers in tmon.h
    91732a2794bb nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
    35f9e861d9b9 regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
    52e1f85bf7de blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
    bee4d2ab4db5 erofs: avoid consecutive detection for Highmem memory
    62060951ccb9 arm64: dts: mt7622: fix BPI-R64 WPS button
    850167439429 bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
    3d698238584c ARM: dts: qcom: pm8841: add required thermal-sensor-cells
    bc73c72a856c soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
    a530fa52d4fd cpufreq: zynq: Fix refcount leak in zynq_get_revision
    c4f92af7fc8c ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
    935035cf97c8 ARM: OMAP2+: Fix refcount leak in omapdss_init_of
    b95e19f1ec73 ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
    1f0448cb8a44 soc: fsl: guts: machine variable might be unset
    1e9cc69eae6d ARM: dts: ast2600-evb: fix board compatible
    4a4bb53e635b ARM: dts: ast2500-evb: fix board compatible
    0b7f674c12c0 x86/pmem: Fix platform-device leak in error path
    5afe042c8894 ARM: bcm: Fix refcount leak in bcm_kona_smc_init
    6b28bf3e044f meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
    ef5102a0a724 ARM: findbit: fix overflowing offset
    c7835f93db67 spi: spi-rspi: Fix PIO fallback on RZ platforms
    90bdf50ae70c selinux: Add boundary check in put_entry()
    3c48d3067eaf PM: hibernate: defer device probing when resuming from hibernation
    930e7b260e6a ARM: shmobile: rcar-gen2: Increase refcount for new reference
    a770da1866ac arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
    5f1510dd2fc9 arm64: dts: qcom: ipq8074: fix NAND node name
    308bb82c61b7 ACPI: LPSS: Fix missing check in register_device_clock()
    b61119d0850e ACPI: PM: save NVS memory for Lenovo G40-45
    81abef841f32 ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
    3e505298a75f ARM: OMAP2+: display: Fix refcount leak bug
    749ee1c4c35a spi: synquacer: Add missing clk_disable_unprepare()
    f7e6740e1e45 ARM: dts: imx6ul: fix qspi node compatible
    5db7e1796d41 ARM: dts: imx6ul: fix lcdif node compatible
    82cff0cf7141 ARM: dts: imx6ul: fix csi node compatible
    667023a28419 ARM: dts: imx6ul: change operating-points to uint32-matrix
    a6e620361617 ARM: dts: imx6ul: add missing properties for sram
    bd80dd86f9bf wait: Fix __wait_event_hrtimeout for RT/DL tasks
    3fb368c0ae39 genirq: Don't return error on missing optional irq_request_resources()
    b3f423683818 ext2: Add more validity checks for inode counts
    04549063d570 arm64: fix oops in concurrently setting insn_emulation sysctls
    fa09c3926583 arm64: Do not forget syscall when starting a new thread.
    c5940c082185 x86: Handle idle=nomwait cmdline properly for x86_idle
    cf2db24ec4b8 epoll: autoremove wakers even more aggressively
    a452bc3deb23 netfilter: nf_tables: fix null deref due to zeroed list head
    4dad1c820771 netfilter: nf_tables: do not allow RULE_ID to refer to another chain
    fab2f61cc3b0 netfilter: nf_tables: do not allow SET_ID to refer to another table
    cc525d667b3f arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
    57e2c8444529 ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
    5d952c7ae339 USB: HCD: Fix URB giveback issue in tasklet function
    e9205d8dd1ca coresight: Clear the connection field properly
    274e44e21234 MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    dbd005901840 powerpc/powernv: Avoid crashing if rng is NULL
    5b8f55bc0526 powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
    28a6d14ba60a powerpc/fsl-pci: Fix Class Code of PCIe Root Port
    9293b7ee5297 PCI: Add defines for normal and subtractive PCI bridges
    8c3ae6b1d76c ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
    ce839b9331c1 md-raid10: fix KASAN warning
    ecd489683a74 serial: mvebu-uart: uart2 error bits clearing
    d11e3f4fdc90 fuse: limit nsec
    ed43fb20d3d1 iio: light: isl29028: Fix the warning in isl29028_remove()
    a5b8aad54824 drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
    8afbf206aa3d drm/nouveau: fix another off-by-one in nvbios_addr
    5557e9469b8e drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
    b8f3830cd905 parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
    d7ba24d3a893 parisc: Fix device names in /proc/iomem
    a7573260ad0d ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
    8b4588b8b00b usbnet: Fix linkwatch use-after-free on disconnect
    2afb553d6825 fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
    6f9cd356eb27 thermal: sysfs: Fix cooling_device_stats_setup() error code path
    a698d2fa85be fs: Add missing umask strip in vfs_tmpfile
    e2a231454e2b vfs: Check the truncate maximum size in inode_newsize_ok()
    cc9e874dace0 tty: vt: initialize unicode screen buffer
    9e274a4f6029 ALSA: hda/realtek: Add quirk for another Asus K42JZ model
    495f153c1587 ALSA: hda/cirrus - support for iMac 12,1 model
    f4f2d3742b97 ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
    79e522101cf4 mm/mremap: hold the rmap lock in write mode when moving page table entries.
    731436e1eee2 KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
    914a274320e5 KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
    78359865870d KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
    68e1313bb880 KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
    e40bde8a28ed KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
    c841dfce0b0d KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
    717c93c7f6c4 HID: wacom: Don't register pad_input for touch switch
    0ca140b28425 HID: wacom: Only report rotation for art pen
    d14b6fe91149 add barriers to buffer_uptodate and set_buffer_uptodate
    6f3342a5e83c wifi: mac80211_hwsim: use 32-bit skb cookie
    4f4bf4e52b5a wifi: mac80211_hwsim: add back erroneously removed cast
    84014008bc7f wifi: mac80211_hwsim: fix race condition in pending packet
    ae52cf801a14 igc: Remove _I_PHY_ID checking
    05e0bb8c3c4d ALSA: bcd2000: Fix a UAF bug on the error path of probing
    58e337d27f8a scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
    013acaa59752 x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
    635e8e6f6837 Makefile: link with -z noexecstack --no-warn-rwx-segments

(From OE-Core rev: ddfc3eebd96197fec56ac781fcf9d7da0c9eca27)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Virendra Thakur
2fef664dd9 expat: Fix CVE-2022-40674
Add patch file to fix CVE-2022-40674

Link: 4a32da87e9

(From OE-Core rev: 4efa4490becea956a62d45e1476f7b602be53eee)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Sana Kazi
915a752d37 sqlite3: Fix CVE-2021-20223
Fix CVE-2021-20223 for sqlite3
Link: d1d43efa4f.patch

(From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84)

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Lee Chee Yang
a8ee7ba022 subversion: fix CVE-2021-28544
(From OE-Core rev: 7fdd4d2dc019071525349fbb153e2e80f6583217)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Richard Purdie
f9a63709b0 qemu: Add PACKAGECONFIG for brlapi
(From OE-Core rev: f547c9610f8c17c3da9ca3f7a79902d2ffbfca49)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 482471a617e5f682416b7ec1a920dfaeac65f1a3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Andrei Gherzan
9cc9232e31 qemu: Define libnfs PACKAGECONFIG
The upstream qemu recipe uses host's pkg-config files as a solution to
detecting host's SDL. This has a side effect of using other host
libraries that are later queried by the configure script. This can get
into a situation when the host provides libnfs (for example) and because
later this dependency is not in place anymore, qemu will fail at
runtime.

This change adds a PACKAGECONFIG definition for libnfs that is disabled
by default, in turn disabling the pkgconfig autodetection in configure.

(From OE-Core rev: 9badcf0261f6b735d65a5498bb8fbb9979d7a07f)

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 42b364a25fdbc987c85dd46b8427045033924d99)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Chee Yang Lee
b44d209043 qemu: fix and ignore several CVEs
backport fixes:
CVE-2020-13754, backport patches as debian security tracker notes
  https://security-tracker.debian.org/tracker/CVE-2020-13754

CVE-2021-3713
CVE-2021-3748
CVE-2021-3930
CVE-2021-4206
CVE-2021-4207
CVE-2022-0216, does not include qtest in patches, the qtest code were not available in v4.2.

Ignore:
CVE-2020-27661, issue introduced in v5.1.0-rc0
https://security-tracker.debian.org/tracker/CVE-2020-27661

(From OE-Core rev: 16a6e8530c4820f070973a1b4d64764c20706087)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Hitendra Prajapati
20087e04b3 connman: CVE-2022-32293 man-in-the-middle attack against a WISPR HTTP
Source: https://git.kernel.org/pub/scm/network/connman/connman.git/
MR: 120508
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a
ChangeID: 1583badc6de6bb8a7f63c06749b90b97caab5cdf
Description:
	 CVE-2022-32293 connman: man-in-the-middle attack against a WISPR HTTP.

(From OE-Core rev: 86334559e3dcf30e07e2a10a58bbe40a2e8cc887)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Virendra Thakur
10c6b704c0 sqlite3: Fix CVE-2020-35527
Add patch file to fix CVE-2020-35527

Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz

(From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Virendra Thakur
8b52687223 sqlite3: Fix CVE-2020-35525
Add patch to fix CVE-2020-35525

Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz

(From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-23 16:22:59 +01:00
Rajesh Dangi
65cf3249fa linux-yocto/5.4: update genericx86* machines to v5.4.205
(From meta-yocto rev: 218b103baafdd85031c6d74eb7ba65f3424b9ff6)

Signed-off-by: Rajesh Dangi <rajeshx.dangi@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:14 +01:00
Richard Purdie
537de1798b vim: Upgrade 9.0.0341 -> 9.0.0453
Includes fixes for CVE-2022-3099 and CVE-2022-3134.

(From OE-Core rev: 46ba253059738dbd4de4bc7a7ac02a2585c498f5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d042923262130b6b96f703b5cd4184f659caeb92)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:14 +01:00
Chee Yang Lee
2fa8edea5a go: fix and ignore several CVEs
backport fixes:
CVE-2021-27918
CVE-2021-36221
CVE-2021-39293
CVE-2021-41771

ignore:
CVE-2022-29526
CVE-2022-30634

(From OE-Core rev: ddb09ccc3caebbd3cf643bb3bb3c198845050c69)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:14 +01:00
Chee Yang Lee
e49990f01e gst-plugins-good: fix several CVE
backport fix for:
CVE-2022-1920
CVE-2022-1921
CVE-2022-1922
CVE-2022-1923
CVE-2022-1924
CVE-2022-1925
CVE-2022-2122

also set ignore at gstreamer1.0_1.16.3.bb

(From OE-Core rev: c852d3e6742fe82b9f4ec84b077d6e1b0bfd021e)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 18:41:13 +01:00
Florin Diaconescu
aa19c8c35e binutils : CVE-2022-38533
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

(From OE-Core rev: 2cf26e2e5a83d2b2efd01de34c11da07eeb9c8f9)

Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com
a69227932f systemd: Add 'no-dns-fallback' PACKAGECONFIG option
systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then adding that value to systemd's PACKAGECONFIG, the output from
runtime 'resolvectl status' command no longer contains the following
line:

  Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

(From OE-Core rev: 2b300d6b9ec6288a99d9dacb24a86949caf99e55)

(From OE-Core rev: 834ccad676b3d8d58d1a66bbe813a331599435b4)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
niko.mauno@vaisala.com
a14af03441 systemd: Fix unwritable /var/lock when no sysvinit handling
Commit 8089cefed8 ("systemd: Add
PACKAGECONFIG for sysvinit") decoupled enabling of systemd's sysvinit
handling behavior behind a distinct PACKAGECONFIG feature.

This new option affects among other things the installing of
tmpfiles.d/legacy.conf, which is responsible for creating /run/lock
directory, which is pointed to by /var/lock symlink provided by
base-files package.

In case the option is not enabled, then base-files provided /var/lock
is a dangling symlink on resulting rootfs, causing problems with
certain Linux userspace components that rely on existence of writable
/var/lock directory. As an example:

  # fw_printenv
  Error opening lock file /var/lock/fw_printenv.lock

Since Filesystem Hierarchy Standard Version 3.0 states in
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s09.html that

  Lock files should be stored within the /var/lock directory structure.

Ensure the /run/lock directory is always created, so that lock files
can be stored under /var/lock also when 'sysvinit' handling is
disabled.

(From OE-Core rev: 85e5ee2c35cf5778c3aefda45f526e8f6a511131)

(From OE-Core rev: b8aa4d53b636bec55ad0ff4de764222662647859)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Chee Yang Lee
0781ad69b8 virglrenderer: fix CVE-2022-0135
(From OE-Core rev: 5eea0b24c6fcd90aab0737c7a3f7431535a02890)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Chee Yang Lee
9ca32cf9ab gnutls: fix CVE-2021-4209
(From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Chee Yang Lee
459d081bf8 connman: fix CVE-2022-32292
(From OE-Core rev: 380b6fb2583f875aad0cb28c91b1531e63eb2eeb)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Yi Zhao
5e7c237200 tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-1354
https://security-tracker.debian.org/tracker/CVE-2022-1354

https://nvd.nist.gov/vuln/detail/CVE-2022-1355
https://security-tracker.debian.org/tracker/CVE-2022-1355

Patches from:

CVE-2022-1354:
87f580f390

CVE-2022-1355:
c1ae29f9eb

(From OE-Core rev: 6c373c041f1dd45458866408d1ca16d47cacbd86)

(From OE-Core rev: 8414d39f3f89cc1176bd55c9455ad942db8ea4b1)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Virendra Thakur
a98b309fe2 tiff: Fix for CVE-2022-2867/8/9
Add Patch to fix CVE-2022-2867, CVE-2022-2868
CVE-2022-2869

(From OE-Core rev: 67df7488bf66183ffdb9f497f00ad291b79210d3)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Khan@kpit.com
b9c73d6591 python3: Fix CVE-2021-28861 for python3
Add patch to fix CVE-2021-28861

CVE-2021-28861.patch
Link: 4dc2cae3ab

(From OE-Core rev: cbf57b25c78ea9d56863d9546b51fc2c88adb8cf)

Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:28 +01:00
Richard Purdie
0566db5c82 vim: Upgrade 9.0.0242 -> 9.0.0341
Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

(From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:52 +01:00
Ross Burton
0bee2e95b7 cve-check: close cursors as soon as possible
We can have multiple processes reading the database at the same time, and
cursors only release their locks when they're garbage collected.

This might be the cause of random sqlite errors on the autobuilder, so
explicitly close the cursors when we're done with them.

(From OE-Core rev: 48742ddf4d0acd419c8ffb8f22124ed525efc2d9)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:52 +01:00
Joshua Watt
7ba4ed6f5f classes: cve-check: Get shared database lock
The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.

[YOCTO #14899]

(From OE-Core rev: 374dd13db2c4fa92793f12c93d68d09304f77c17)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:52 +01:00
Ranjitsinh Rathod
85637f30f3 libarchive: Fix CVE-2021-31566 issue
Add patch to fix CVE-2021-31566 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

(From OE-Core rev: 7028803d7d10c0b041a7bda16f9d9261f220459f)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Ranjitsinh Rathod
a5de603a1b libarchive: Fix CVE-2021-23177 issue
Add patch to fix CVE-2021-23177 issue for libarchive
Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

(From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Robert Joslyn
8f4bbd9359 curl: Backport patch for CVE-2022-35252
https://curl.se/docs/CVE-2022-35252.html

(From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Hitendra Prajapati
d24759196a sqlite: CVE-2022-35737 assertion failure
Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
	 CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.

(From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-12 08:41:51 +01:00
Paul Eggleton
a884e8bdbf relocate_sdk.py: ensure interpreter size error causes relocation to fail
If there is insufficent space to change the interpreter, we were
printing an error here but the overall script did not return an error
code, and thus the SDK installation appeared to succeed - but some of
the binaries will not be in a working state. Allow the relocation to
proceed (so we still get a full list of the failures) but error out at
the end so that the installation is halted.

(From OE-Core rev: 345193f36d08cfe4899c65e8edf3f79db09c50d2)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c5a9a448e462d3e5457e8403c5a1a54148ecd224)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Anuj Mittal
e576212d25 cryptodev-module: fix build with 5.11+ kernels
Backport patch to fix:

| cryptodev-module/1.10-r0/git/ioctl.c:875:4: error: implicit declaration of function 'ksys_close'; did you mean 'ksys_chown'? [-Werror=implicit-function-declaration]
|   875 |    ksys_close(fd);
|       |    ^~~~~~~~~~
|       |    ksys_chown
| cc1: some warnings being treated as errors

(From OE-Core rev: 653b03aa6fc8effd3b2215a7a0ba005979e78e9f)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Bruce Ashfield
b16301db9a linux-yocto/5.4: update to v5.4.210
Updating  to the latest korg -stable release that comprises
the following commits:

    de0cd3ea700d Linux 5.4.210
    b58882c69f66 x86/speculation: Add LFENCE to RSB fill sequence
    f2f41ef0352d x86/speculation: Add RSB VM Exit protections
    3a0ef79c6abe macintosh/adb: fix oob read in do_adb_query() function
    54e1abbe8560 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    17c2356e467f selftests: KVM: Handle compiler optimizations in ucall
    170465715a60 KVM: Don't null dereference ops->destroy
    6098562ed9df selftests/bpf: Fix "dubious pointer arithmetic" test
    6a9b3f0f3bad selftests/bpf: Fix test_align verifier log patterns
    9d6f67365d9c bpf: Test_verifier, #70 error message updates for 32-bit right shift
    751f05bc6f95 selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    7c1134c7da99 bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    a8ba72bbeda5 ACPI: APEI: Better fix to avoid spamming the console with old error logs
    fa829bd4af43 ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    8ed6e5c5e23c ACPI: video: Force backlight native for some TongFang devices
    828f4c31684d thermal: Fix NULL pointer dereferences in of_thermal_ functions

(From OE-Core rev: 2663435831c0ef953fb7fe6c883f42cf0c86ae43)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Alexander Kanavin
beda483705 wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
(From OE-Core rev: 8b69eafa5c624dfc169ee11ced685847332437fa)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 75386480abd1660a50c79d5987b77ccc43295511)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Alexander Kanavin
3d435421bc tzdata: upgrade 2022a -> 2022b
(From OE-Core rev: b0a0abbcc5e631e693b9e896bd0fc9b9432dd297)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Alexander Kanavin
c4692956ea mobile-broadband-provider-info: upgrade 20220511 -> 20220725
(From OE-Core rev: 5dd5130f9b13212a4f5e8b075ae1ecda868c5f28)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96185dac787e14fa9eb77d009653a2fd4d926e3f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Richard Purdie
1cf135da98 vim: Upgrade 9.0.0115 -> 9.0.0242
Includes fixes for:

CVE-2022-2816
CVE-2022-2817
CVE-2022-2819
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2889

(From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Ernst Sjöstrand
fb9e6d51d4 cve-check: Don't use f-strings
Since we're keeping cve-check aligned between the active branches,
and dunfell is supported on Python 3.5, we can't use f-strings.

(From OE-Core rev: 4cc681fd66031c8355f69e53443536b31377eba9)

Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1821cf7464cbba521b55a9c128fe8812c0cc5eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Pawan Badganchi
211a3fd4db libxml2: Add fix for CVE-2016-3709
Add below patch to fix CVE-2016-3709

CVE-2016-3709.patch
Link: c1ba6f54d3

(From OE-Core rev: b9312041e4c8d565ad1e1102f8634bcc913adfa7)

Signed-off-by: Pawan Badganchi<pawan.badganchi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
964b78a02d golang: CVE-2022-32189 a denial of service
Source: https://github.com/golang/go
MR: 120634
Type: Security Fix
Disposition: Backport from 703c8ab7e5
ChangeID: 3ade323dd52a6b654358f6738a0b3411ccc6d3f8
Description:
	CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.

(From OE-Core rev: 9b3420c9a91059eb55754078bb1e733972e94489)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
1a1eceee49 golang: fix CVE-2022-30635 and CVE-2022-32148
Source: https://github.com/golang/go
MR: 120628, 120631
Type: Security Fix
Disposition: Backport from ed2f33e1a7 && ed2f33e1a7
ChangeID: fbd8d61bdc2e9cb0cdbe9879e02aed218ee93dbe
Description:
Fixed CVE:
	1. CVE-2022-30635
	2. CVE-2022-32148

(From OE-Core rev: 2c4fb77f417464d9cd40f0ebd8cc52e6e6ca689e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
7d67a61029 golang: fix CVE-2022-30632 and CVE-2022-30633
Source: https://github.com/golang/go
MR: 120622, 120625
Type: Security Fix
Disposition: Backport from 76f8b7304d && 2678d0c957
ChangeID: aabb29a6dd6a89842f451c95af228aaf66e58bb5
Description:
Fixed CVE:
	1. CVE-2022-30632
	2. CVE-2022-30633

(From OE-Core rev: 9ffaae887743d77839fb758657b1dec71a9b8880)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
8bc3443c08 golang: fix CVE-2022-30629 and CVE-2022-30631
Source: https://github.com/golang/go
MR: 120613, 120613
Type: Security Fix
Disposition: Backport from c15a8e2dbb && 0117dee7dc
ChangeID: 366db775dec045d7b312b8da0436af36ab322046
Description:
Fixed CVE:
	1. CVE-2022-30629
	2. CVE-2022-30631

(From OE-Core rev: 6813a265c7c21e24636d07a6a8df16ef0cf7da50)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Hitendra Prajapati
dea6f2c847 libtiff: CVE-2022-34526 A stack overflow was discovered
Source: https://gitlab.com/libtiff/libtiff
MR: 120545
Type: Security Fix
Disposition: Backport from 275735d035
ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387
Description:
          CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit.

(From OE-Core rev: 462d4a55a460c60a7b8c36fe3899e66f13835761)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-03 13:10:37 +01:00
Joshua Watt
87377eacc0 bitbake: utils: Pass lock argument in fileslocked
Pass additional arguments in the fileslocked() context manager to the
underlying lockfile() function. This allows the context manager to be
used for any types of locks (non-blocking, shared, etc.) that the
lockfile() function supports.

(Bitbake rev: 048d682b031644fb9f0d41a489bacb873aa27bd7)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-02 11:45:35 +01:00
Jon Mason
bc294f9573 ref-manual: add numa to machine features
numa is an existing machine feature, add it to the list so that users
are aware of it.

(From yocto-docs rev: d9931a04bccd115f854275cd46c8195c3fa1d391)

Signed-off-by: Jon Mason <jdmason@kudzu.us>
Reviewed-by: Quentin Schulz <foss+yocto@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-31 12:17:37 +01:00
Richard Purdie
adc49cb960 bitbake: runqueue: Change pressure file warning to a note
The user does need to be told about this but it isn't really a warning,
just something they may need to be aware of. Drop the level accordingly.

(Bitbake rev: 3b719e8e115b7fde869f62ddc180e045c1b51cdf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-24 15:43:28 +01:00
Aryaman Gupta
afd213cc8e bitbake: bitbake: runqueue: add memory pressure regulation
Prevent new tasks from being scheduled if the memory pressure is above
a certain threshold, specified through the "BB_MAX_PRESSURE_MEMORY"
variable in the conf/local.conf file. This is an extension to the
following commit and hence regulates pressure in the same way:
   48a6d84de1 bitbake: runqueue: add cpu/io pressure regulation

Memory pressure is experienced when time is spent swapping, refaulting
pages from the page cache or performing direct reclaim. This is why
memory pressure is rarely seen but might be useful as a last resort to
prevent OOM errors.

(Bitbake rev: 44c395434c7be8dab968630a610c8807f512920c)

(Bitbake rev: 82b683f8c7a559f4fcab68f6a0fa7dc3dc20fa05)

Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy Macleod <Randy.Macleod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-23 15:57:11 +01:00
Aryaman Gupta
eaf8d5efa0 bitbake: bitbake: runqueue: add cpu/io pressure regulation
Prevent the scheduler from starting new tasks if the current cpu or io
pressure is above a certain threshold and there is at least one active
task. This threshold can be specified through the
"BB_PRESSURE_MAX_{CPU|IO}" variables in conf/local.conf.

The threshold represents the difference in "total" pressure from the
previous second. The pressure data is discussed in this oe-core commit:
   061931520b buildstats.py: enable collection of /proc/pressure data
where one can see that the average and "total" values are available.
>From tests, it was seen that while using the averaged data was somewhat
useful, the latency in regulating builds was too high. By taking the
difference between the current pressure and the pressure seen in the
previous second, better regulation occurs. Using a shorter time period
is appealing but due to fluctations in pressure, comparing the current
pressure to 1 second ago achieves a reasonable compromise. One can look
at the buildstats logs, that usually sample once per second, to decide a
sensible threshold.

If the thresholds aren't specified, pressure is not monitored and hence
there is no impact on build times. Arbitary lower limit of 1.0 results
in a fatal error to avoid extremely long builds. If the limits are higher
than 1,000,000, then warnings are issued to inform users that the specified
limit is very high and unlikely to result in any regulation.

The current bitbake scheduling algorithm requires that at least one
task be active. This means that if high pressure is seen, then new tasks
will not be started and pressure will be checked only for as long as at
least one task is active. When there are no active tasks, an additional task
will be started and pressure checking resumed. This behaviour means that
if an external source is causing the pressure to exceed the threshold,
bitbake will continue to make some progress towards the requested target.
This violates the intent of limiting pressure but, given the current
scheduling algorithm as described above, there seems to be no other option.
In the case where only one bitbake build is running, the implications of
the scheduler requirement will likely result in pressure being higher
than the threshold. More work would be required to ensure that
the pressure threshold is never exceeded, for example by adding pressure
monitoring to make and ninja.

(Bitbake rev: 502e05cbe67fb7a0e804dcc2cc0764a2e05c014f)

(Bitbake rev: 66741d216e9d4343e82a94f00cd39751632a5b96)

Signed-off-by: Aryaman Gupta <aryaman.gupta@windriver.com>
Signed-off-by: Randy Macleod <randy.macleod@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-23 15:57:11 +01:00
Richard Purdie
4aad5914ef build-appliance-image: Update to dunfell head revision
(From OE-Core rev: a3cba15142e98177119ef36c09f553d09acf35ef)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 16:07:08 +01:00
Steve Sakoman
23322786e0 poky.conf: bump version for 3.1.19 release
(From meta-yocto rev: 2de758bc8a4ead8e89619766d5096604b554f2c1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 16:06:53 +01:00
Steve Sakoman
139225f0ba documentation: update for 3.1.19 release
(From yocto-docs rev: 95e030ec74f69eccabcc97737c8a93fd7629f9d9)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 16:06:53 +01:00
Christophe Priouzeau
fc24cd1948 bitbake: fetch2/wget: Update user-agent
With the usage of enterprise proxy, the user-agent defined are
too old and refused by proxy configuration. Updating to something
more modern is desirable.

(Bitbake rev: 17be38290d1e971cd89785e6bf44caef0a6416f8)

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7001fdd7c4dca372cbebd8fd2c0b03c5d43f9400)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 15:42:30 +01:00
Shruthi Ravichandran
1fc880e165 initscripts: run umountnfs as a KILL script
`rc` runs all the KILL scripts in a runlevel before the START scripts.
The umountnfs script is currently configured as a START script, and
runs after the networking KILL script. During shutdown, this causes a
~3 minute timeout after networking is shutdown when the system tries
to connect to and unmount any mounted network shares.
Fix this by changing the script configuration to "stop" so that it can
run before networking is stopped and unmount any network shares
safely.

(From OE-Core rev: e59c72d570102d72786e44c8ace69fd4d0e8e5ef)

Signed-off-by: Shruthi Ravichandran <shruthi.ravichandran@ni.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c419bd4537756e9f6c2fe6da3a9b798526e27eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Ming Liu
9243169d4f rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
This is to ensure host-user-contaminated.txt would be removed before
do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a
host-user-contaminated.txt file that generated from previous builds
could be used which is wrong.

(From OE-Core rev: 06cfa8be54c9aee23bd8570a370a974b463a0a1a)

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Pascal Bach
f97bd9abe6 bin_package: install into base_prefix
This makes the bin_package.bbclass work properly with the native class.

(From OE-Core rev: 0bf78a8e0e1cf7e74b55aca4db0e62dd9dfa55ce)

Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad330b6d4b6e2ba051b5c6c437e07a183831f757)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Richard Purdie
59180eb474 kernel-arch: Fix buildpaths leaking into external module compiles
Building external kernel modules like lttng-modules was showing build paths
inside the debug symbols for the modules and breaking build reproducibility.

Fix this by adding in the mapping needed to map the kernel build directory
to something more approriate on target.

(From OE-Core rev: c4d8834ed3d200f25f12fec8acfa2b954f3240e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b56dc9009ba93174de6bf4c01e17808ef249dc5c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Dmitry Baryshkov
2340b1dbb9 linux-firwmare: restore WHENCE_CHKSUM variable
Restore WHENCE_CHKSUM variable which is used to hold the WHENCE file
checksum. It is necessary to allow easily overriding it from local.conf
if the devupstream version is selected:

PREFERRED_VERSION_linux-firmware = "1:20220708+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "abf1077491eeb261ecdcb680a34fc059"

Without the WHENCE_CHECKSUM one would need to manually patch the
LIC_FILES_CHKSUM variable to change the checksum of WHENC (e.g. using
the anonymous python function or remove expression).

(From OE-Core rev: ba997f02b2cb86aeaa308873727a9280d1f88b5b)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 554be2af1e0a03a2d23032d48afbbe0913a45409)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Alexander Kanavin
0b85e5d610 linux-firmware: update 20220610 -> 20220708
License-Update: a few obsolete firmware were dropped
(particularly i2400m and tda7706), file list updates.

(From OE-Core rev: a151460d9234d6cd0bd1920c48aff8c78454931a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e89fb37e13fcb832ee7d35e7d92d45eaca20689e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:49 +01:00
Randy MacLeod
ef2da8f28e vim: update from 9.0.0063 to 9.0.0115
Drop crosscompile.patch which was merged as part of:
   509695c1c (tag: v9.0.0065) patch 9.0.0065: \
      cross-compiling doesn't work because of timer_create check

Also drop: racefix.patch which may have been fixed upstream
and is being tracked by:
   https://github.com/vim/vim/pull/10776
where upstream is asking if the different approach resolves the
race condition. Let's see what's out there!

(From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35)

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Richard Purdie
5373e681cf vim: Upgrade 9.0.0021 -> 9.0.0063
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.

Change from master commit: we also disable timer_create in the target case
since the function isn't available in our glibc.

(From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Hitendra Prajapati
98dd6e4cac zlib: CVE-2022-37434 a heap-based buffer over-read
Source: https://github.com/madler/zlib
MR: 120531
Type: Security Fix
Disposition: Backport from eff308af42 & 1eb7682f84
ChangeID: 364c17d74213c64fe40b9b37ee78aa172ff93acf
Description:
          CVE-2022-37434 zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

(From OE-Core rev: 10ed7cf347d9e73b29e4a3f6ef77e0a4b08e350b)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Hitendra Prajapati
ae4acc9f81 gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
Source: https://gitlab.com/gnutls/gnutls
MR: 120421
Type: Security Fix
Disposition: Backport from ce37f9eb26
ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5
Description:
          CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify.

(From OE-Core rev: 4cac37913d08f433668778e788f01e009dbb94bd)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Hitendra Prajapati
cfd2eaa0e1 qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write
Source: https://git.qemu.org/?p=qemu.git;
MR: 107558
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
ChangeID: c5d25422f43edb7d8728118eb482eba09474ef2c
Description:
          CVE-2020-27821 qemu: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c.

(From OE-Core rev: 198bd53bdc77d2b01dae19993bde79f03f4dd02c)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-22 14:29:48 +01:00
Jose Quaresma
5b956ef359 gstreamer1.0: use the correct meson option for the capabilities
(From OE-Core rev: ac6ea1a96645d2a4dd54660256603f0b191bb4d3)

Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baeab0f51ecc19fb85101c4bd472f0650231d0de)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Martin Jansa
54846f581e libxml2: Port gentest.py to Python-3
* but it still won't work well on hosts without libxml2, make
  sure to use pre-generated testapi.c in do_compile_ptest

* this is reproducible with SOURCE_DATE_EPOCH set to 0 which
  e.g. meta-updater still sets by default for DISTROs which
  use it :(, see https://github.com/uptane/meta-updater/pull/35

(From OE-Core rev: 2f78dbcb300e7deae6cf39263e874ee8776d7a7b)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Steve Sakoman
b361f2a931 selftest: skip virgl test on fedora 36
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 33d006ed8d93ea4c185d6b28a72b2d252fbb5ae1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Alex Kiernan
0c3dfb682d openssh: Add openssh-sftp-server to openssh RDEPENDS
OpenSSH 9.0 uses sftp by default as the transport for scp, add in
sftp-server so that this works as expected for users, rather than being
left with a confusing "scp: Connection closed" message.

(From OE-Core rev: 788e2c6bccc58e5a88b33fa91ea3c3ffec7611ca)

Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be61b9dac78f0d85c870a0d8304fb4b536ec4bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Khem Raj
7c7fc0de71 libmodule-build-perl: Use env utility to find perl interpreter
Fixes
ERROR: QA Issue: : /work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/sysroot-destdir/work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/recipe-sysroot-native/usr/bin/config_data maximum shebang size exceeded, the maximum size is 128. [shebang-size]

(From OE-Core rev: f11ed8c8fd78b88a50f382df419afff6ccde02a0)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54ecb2d3f2523293383103cbe590ebdd037ee483)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Richard Purdie
354f571f61 insane: Fix buildpaths test to work with special devices
If enabled, the buildpaths test hangs in psplash as it tries to open
a fifo and read from it, hanging indefinitely.

Tweak the test to ignore fifo/socket/device files.

(From OE-Core rev: 0106c6a629d0a9f07d76ffaad2dc92e48021e1b0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2567edb7e0a8c5ca9a88d6940491bf33bfe0eff9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Bruce Ashfield
883102b9b8 linux-yocto/5.4: update to v5.4.209
Updating  to the latest korg -stable release that comprises
the following commits:

    8d8935e76f6f Linux 5.4.209
    0b0088e47587 scsi: core: Fix race between handling STS_RESOURCE and completion
    85fe8623f061 mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
    d5a596c148b3 ARM: crypto: comment out gcc warning that breaks clang builds
    8d6dab81ee3d sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    a49282eca8ab sfc: disable softirqs for ptp TX
    7799f742f24b perf symbol: Correct address for bss symbols
    388b3f14ff60 virtio-net: fix the race between refill work and close
    52be29e8b645 netfilter: nf_queue: do not allow packet truncation below transport header offset
    8e0ed463dbd5 sctp: fix sleep in atomic context bug in timer handlers
    bc135e464dee i40e: Fix interface init with MSI interrupts (no MSI-X)
    46462e26e65f tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    d42f68a9ceb4 tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    c2b57a4d3ff6 Documentation: fix sctp_wmem in ip-sysctl.rst
    2d30375343b6 tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    5d235c2fc295 tcp: Fix a data-race around sysctl_tcp_autocorking.
    e02c7ee5a430 tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    558a2949608f tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    fb200869eabe net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    e20dd1b0e0ea igmp: Fix data-races around sysctl_igmp_qrv.
    73e5a0b59129 ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    421e5dd1f12e net: ping6: Fix memleak in ipv6_renew_options().
    3d492b008b3d tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    dfdc635d55f9 tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    d62e255ecc33 scsi: ufs: host: Hold reference returned by of_parse_phandle()
    b1343528c7ae ice: do not setup vlan for loopback VSI
    15d019860159 ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    cd23a2ad7b7c tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    f9a03fd8ed31 tcp: Fix a data-race around sysctl_tcp_frto.
    3be498bcf6ea tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    f4b83df01105 tcp: Fix a data-race around sysctl_tcp_app_win.
    f240d0cad26c tcp: Fix data-races around sysctl_tcp_dsack.
    b9f937d3d54d s390/archrandom: prevent CPACF trng invocations in interrupt context
    911904c577e0 ntfs: fix use-after-free in ntfs_ucsncmp()
    098e07ef0059 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put

(From OE-Core rev: bd55001d9f895c7d52fedc7d1d2eb7b2ad7032b1)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Bruce Ashfield
b365d212dc linux-yocto/5.4: update to v5.4.208
Updating  to the latest korg -stable release that comprises
the following commits:

    77ba2b9b46f8 Linux 5.4.208
    ca5762c5896e x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
    f88d8c188229 net: usb: ax88179_178a needs FLAG_SEND_ZLP
    f7785092cb7f tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
    815d936e92f9 tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
    2ea77b0b6d22 tty: drop tty_schedule_flip()
    f20912215c9c tty: the rest, stop using tty_schedule_flip()
    aa60c0cce8b4 tty: drivers/tty/, stop using tty_schedule_flip()
    126137a53d7e Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
    836b47e6436b Bluetooth: SCO: Fix sco_send_frame returning skb->len
    aa2d34cab3e6 Bluetooth: Fix passing NULL to PTR_ERR
    10bacb891722 Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
    bf46574d4655 Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
    f00b06003b11 Bluetooth: Add bt_skb_sendmmsg helper
    55bf99849be0 Bluetooth: Add bt_skb_sendmsg helper
    015af30d373d ALSA: memalloc: Align buffer allocations in page size
    352affc31e26 bitfield.h: Fix "type of reg too small for mask" test
    0a0fbbd6cb65 x86/mce: Deduplicate exception handling
    b524137fa1d8 mmap locking API: initial implementation as rwsem wrappers
    592a1c6066dd x86/uaccess: Implement macros for CMPXCHG on user addresses
    1d778b54a5c0 x86: get rid of small constant size cases in raw_copy_{to,from}_user()
    d0d583484d2e locking/refcount: Consolidate implementations of refcount_t
    dab787c73f6e locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions
    0d3182fbe689 locking/refcount: Move saturation warnings out of line
    809554147d60 locking/refcount: Improve performance of generic REFCOUNT_FULL code
    9c9269977f03 locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the <linux/refcount.h> header
    04bff7d7b808 locking/refcount: Remove unused refcount_*_checked() variants
    513b19a43bec locking/refcount: Ensure integer operands are treated as signed
    68b4ee68e8c8 locking/refcount: Define constants for saturation and max refcount values
    3f71d0e292eb ima: remove the IMA_TEMPLATE Kconfig option
    bc7581e36d40 dlm: fix pending remove if msg allocation fails
    4f1d21c77b15 bpf: Make sure mac_header was set before using it
    a1f8765f68bc mm/mempolicy: fix uninit-value in mpol_rebind_policy()
    76668d2a2f36 spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
    50a1d3d09750 tcp: Fix data-races around sysctl_tcp_max_reordering.
    c64b99819de4 tcp: Fix a data-race around sysctl_tcp_rfc1337.
    6cc566df6806 tcp: Fix a data-race around sysctl_tcp_stdurg.
    7f68bed16c7b tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
    369d99c2b89f tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
    492f3713b282 tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
    92c35113c633 tcp: Fix data-races around sysctl_tcp_recovery.
    83767fe800a3 tcp: Fix a data-race around sysctl_tcp_early_retrans.
    795aee11fda4 tcp: Fix data-races around sysctl knobs related to SYN option.
    f39b03bd727a udp: Fix a data-race around sysctl_udp_l3mdev_accept.
    6727f39e99e0 ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
    a8569f76df7e be2net: Fix buffer overflow in be_get_module_eeprom
    91d6aa19dd72 gpio: pca953x: only use single read/write for No AI mode
    031af9e617a6 ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
    55a2a28b3285 i40e: Fix erroneous adapter reinitialization during recovery process
    d88d59faf4e6 iavf: Fix handling of dummy receive descriptors
    25d53d858a6c tcp: Fix data-races around sysctl_tcp_fastopen.
    78420d8e46df tcp: Fix data-races around sysctl_max_syn_backlog.
    dc58e68d1e26 tcp: Fix a data-race around sysctl_tcp_tw_reuse.
    e9362a993886 tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
    b0d9f04c870e tcp: Fix data-races around some timeout sysctl knobs.
    ea309c467dac tcp: Fix data-races around sysctl_tcp_reordering.
    b222de2560ab tcp: Fix data-races around sysctl_tcp_syncookies.
    ff55c025e647 igmp: Fix a data-race around sysctl_igmp_max_memberships.
    1656ecaddf90 igmp: Fix data-races around sysctl_igmp_llm_reports.
    2aad2c5745ec net/tls: Fix race in TLS device down flow
    573768dede0e net: stmmac: fix dma queue left shift overflow issue
    911b81fca2d7 i2c: cadence: Change large transfer count reset logic to be unconditional
    73a11588751a tcp: Fix a data-race around sysctl_tcp_probe_interval.
    b04817c94fbd tcp: Fix a data-race around sysctl_tcp_probe_threshold.
    033963b22063 tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
    fdb96b69f590 tcp: Fix data-races around sysctl_tcp_min_snd_mss.
    30b73edc1d24 tcp: Fix data-races around sysctl_tcp_base_mss.
    f966773e13cd tcp: Fix data-races around sysctl_tcp_mtu_probing.
    a7386602a2fe tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
    25a635a67c83 ip: Fix a data-race around sysctl_fwmark_reflect.
    281de3719986 ip: Fix data-races around sysctl_ip_nonlocal_bind.
    7828309df0f8 ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
    5af6d9226376 ip: Fix data-races around sysctl_ip_no_pmtu_disc.
    16cb6717f4f4 igc: Reinstate IGC_REMOVED logic and implement it properly
    98c3c8fd0d4c perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
    6194c021496a pinctrl: ralink: Check for null return of devm_kcalloc
    78bdf732cf5d power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
    f4248bdb7d5c xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
    c68f6e2e4fda serial: mvebu-uart: correctly report configured baudrate value
    2230428fb866 PCI: hv: Fix interrupt mapping for multi-MSI
    7121d7120fd4 PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
    584c9d41800b PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
    8e94cc883011 PCI: hv: Fix multi-MSI to allow more than one MSI vector
    3048666143be xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
    ed3fea55066b lockdown: Fix kexec lockdown bypass with ima policy
    c3856fe718ad mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
    c3dc75118445 riscv: add as-options for modules with assembly compontents
    e5a6b05d0c68 pinctrl: stm32: fix optional IRQ support to gpios
    002c3bbb4713 Linux 5.4.207
    08d90846e438 can: m_can: m_can_tx_handler(): fix use after free of skb
    579c8a2e6361 serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
    0c8649a49788 serial: stm32: Clear prev values before setting RTS delays
    f4c7f5028b48 serial: 8250: fix return error code in serial8250_request_std_resource()
    07379bd79d86 tty: serial: samsung_tty: set dma burst_size to 1
    edcb2612218d usb: dwc3: gadget: Fix event pending check
    40034fe6b8a7 usb: typec: add missing uevent when partner support PD
    42373b717a3f USB: serial: ftdi_sio: add Belimo device ids
    cbc98dcc38e2 signal handling: don't use BUG_ON() for debugging
    172cd32ada70 ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
    c7d4b3ec6306 soc: ixp4xx/npe: Fix unused match warning
    a3c7c1a726a4 x86: Clear .brk area at early boot
    549f70b29953 irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
    b0f41db50084 ASoC: madera: Fix event generation for rate controls
    79067a663247 ASoC: madera: Fix event generation for OUT1 demux
    0e7e515a6733 ASoC: cs47l15: Fix event generation for low power mux control
    20b921f22a8b ASoC: wm5110: Fix DRE control
    f298d2e4c60c ASoC: ops: Fix off by one in range control validation
    ede990cfc427 net: sfp: fix memory leak in sfp_probe()
    555cee1bc40b nvme: fix regression when disconnect a recovering ctrl
    08082a642aaa NFC: nxp-nci: don't print header length mismatch on i2c error
    4919d82f7041 net: tipc: fix possible refcount leak in tipc_sk_create()
    70d8aee1de6e platform/x86: hp-wmi: Ignore Sanitization Mode event
    8dda30f81c75 cpufreq: pmac32-cpufreq: Fix refcount leak bug
    b749af1b8f11 netfilter: br_netfilter: do not skip all hooks with 0 priority
    0c9203e75dae virtio_mmio: Restore guest page size on resume
    569f1ee032c9 virtio_mmio: Add missing PM calls to freeze/restore
    70433d9ea6ff mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
    da346adcf557 sfc: fix kernel panic when creating VF
    ba60ca0ed12e seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
    de7849d9de1d seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
    487f0f77f1cd seg6: fix skb checksum evaluation in SRH encapsulation/insertion
    bcad880865bf sfc: fix use after free when disabling sriov
    b8d77f2396d5 net: ftgmac100: Hold reference returned by of_get_child_by_name()
    9b61d3f6df1b ipv4: Fix data-races around sysctl_ip_dynaddr.
    cc9540ba5b36 raw: Fix a data-race around sysctl_raw_l3mdev_accept.
    df691b991043 icmp: Fix a data-race around sysctl_icmp_ratemask.
    8bc1f6871490 icmp: Fix a data-race around sysctl_icmp_ratelimit.
    3093a6fe3170 drm/i915/gt: Serialize TLB invalidates with GT resets
    40d58aad2f66 ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
    bf676c940865 ARM: dts: at91: sama5d2: Fix typo in i2s1 node
    7c1acd98fb22 ipv4: Fix a data-race around sysctl_fib_sync_mem.
    0cba7ca667ce icmp: Fix data-races around sysctl.
    0e41a0f73ccb cipso: Fix data-races around sysctl.
    861f1852af6d net: Fix data-races around sysctl_mem.
    8d2daf565f61 inetpeer: Fix data-races around sysctl.
    2968830c9b47 net: stmmac: dwc-qos: Disable split header for Tegra194
    1273fd5153e8 ASoC: sgtl5000: Fix noise on shutdown/remove
    388f3df7c3c8 ima: Fix a potential integer overflow in ima_appraise_measurement
    72f231b9a88a drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
    0f02e7c02bb0 ARM: 9210/1: Mark the FDT_FIXED sections as shareable
    41ea241fb3c2 ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
    851730a1989f ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
    18881d7e5171 ext4: fix race condition between ext4_write and ext4_convert_inline_data
    423f2695007d sched/rt: Disable RT_RUNTIME_SHARE by default
    31e99fa969fd Revert "evm: Fix memleak in init_desc"
    d85d19f3b664 nilfs2: fix incorrect masking of permission flags for symlinks
    393594aad551 drm/panfrost: Fix shrinker list corruption by madvise IOCTL
    ad44e05f3e01 cgroup: Use separate src/dst nodes when preloading css_sets for migration
    444be5a02b77 wifi: mac80211: fix queue selection for mesh/OCB interfaces
    dba548476909 ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    b4d99aa5ae90 ARM: 9213/1: Print message about disabled Spectre workarounds only once
    2c1cc40fb2a1 ip: fix dflt addr selection for connected nexthop
    fb5a7f1548d6 net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
    ecc6dec12c33 tracing/histograms: Fix memory leak problem
    7425479d20f9 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    9026b280eb7f ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
    bbb82d4d9b3d ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
    7e2fbf2d9b61 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    33d33a66e31c ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    5e7cc47ab923 ALSA: hda - Add fixup for Dell Latitidue E5430
    658410791556 Linux 5.4.206
    15a3adfe7593 Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"

(From OE-Core rev: b98028117b82aab650affb0538e77bb69fb5fdf8)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Ross Burton
c4499b85f7 cve_check: skip remote patches that haven't been fetched when searching for CVE tags
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally.  Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.

Typically, remote compressed patches won't contain our custom tags, so
this is unlikely to be an issue.

(From OE-Core rev: a2d03f445c45558997484240d2549eaa1e103692)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cefc8741438c91f74264da6b59dece2e31f9e5a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Hitendra Prajapati
c35c1e15f0 gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
Source: https://gitlab.gnome.org/GNOME/gdk-pixbuf
MR: 120380
Type: Security Fix
Disposition: Backport from 5398f04d77
ChangeID: d8a843bcf97268ee4f0c6870f1339790a9a908e5
Description:
         CVE-2021-46829 gdk-pixbuf: a heap-based buffer overflow when compositing or clearing frames in GIF files.

(From OE-Core rev: ef3f5fba3c3b5e8b16d6b8b7721468e61c65f72f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Hitendra Prajapati
820e8891b8 grub2: Fix several security issue of integer underflow
Source: https://git.savannah.gnu.org/gitweb/?p=grub.git
MR: 119763, 119779, 119807
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3e4817538de828319ba6d59ced2fbb9b5ca13287 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=04c86e0bb7b58fc2f913f798cdb18934933e532d
ChangeID: ef7c28bc7b4eb32550df2cf49082791dac64ef1b
Description:
Fix CVEs:
	CVE-2022-28733
	CVE-2022-28734
	CVE-2022-28736

(From OE-Core rev: 4608413d460fa351d583c357fbc9b1957cb3d1d6)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-18 17:52:23 +01:00
Hitendra Prajapati
b9ae8da74e libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
Source: http://git.linux-nfs.org/?p=steved/libtirpc.git;
MR: 120231
Type: Security Fix
Disposition: Backport from http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
ChangeID: 544120a5f10a4717cd2c7291821a012e26b14b7f
Description:
        CVE-2021-46828 libtirpc: DoS vulnerability with lots of connections.

(From OE-Core rev: 73d2b640ad665f6ff3c4fbe8f5da4ef0dbb175f2)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Hitendra Prajapati
038831674e libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By Zero Error
Source: https://gitlab.com/libtiff/libtiff
MR: 119341
Type: Security Fix
Disposition: Backport from dd1bcc7abb
ChangeID: 6cea4937a34a618567a42cef8c41961ade2f3a07
Description:
        CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 libTiff: DoS from Divide By Zero Error.

(From OE-Core rev: 429c2c89b65b8e226d4e0d6f94d43300989c143e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Hitendra Prajapati
25606f450d qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
Source: https://github.com/qemu/qemu
MR: 119832
Type: Security Fix
Disposition: Backport from 418ade7849
ChangeID: 1246afd7bb950d2d5fe2e198961797c0fa14ac00
Description:
        CVE-2022-35414 qemu: can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

(From OE-Core rev: 7c3043df56b3090138fe56f8c06df5ca08cafd26)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Hitendra Prajapati
9e7f4a7db2 grub2: Fix buffer underflow write in the heap
Source: https://git.savannah.gnu.org/gitweb/?p=grub.git
MR: 119719, 119733, 119689
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e623866d9286410156e8b9d2c82d6253a1b22d08 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=210245129c932dc9e1c2748d9d35524fb95b5042 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6
ChangeID: 97605970cd42776fa449fd8318f2762e32bbd177
Description:
Fixed CVEs :
        CVE-2021-3695
        CVE-2021-3696
        CVE-2021-3697

Affects "grub2 < 2.06"

(From OE-Core rev: 191db3c58b52fa7c8530d82f7e3e3b24075fdeb4)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
LUIS ENRIQUEZ
e4946bd39e kernel-fitimage.bbclass: add padding algorithm property in config nodes
This allows choosing padding algorithm when building fitImage. It may be pkcs-1.5 or pss.

(From OE-Core rev: 152765b74c77b4da102fce9c4c61a667e71f26a1)

Signed-off-by: LUIS ENRIQUEZ <luis.enriquez@se.com>
From: LUIS ENRIQUEZ <luis.enriquez@se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:34 +01:00
Sana.Kazi
97810ff2d7 libjpeg-turbo: Fix CVE-2021-46822
Add patch to fix CVE-2021-46822
Link: f35fd27ec6.patch

(From OE-Core rev: 80d14a9aaff273daca68c2e860701d51fee45851)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:33 +01:00
Hitendra Prajapati
d323923047 gnupg: CVE-2022-34903 possible signature forgery via injection into the status line
Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git
MR: 119424
Type: Security Fix
Disposition: Backport from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b
ChangeID: 97de66d6aa74e12cb1bf82fe85ee62e2530fccf6
Description:
	CVE-2022-34903 gnupg: possible signature forgery via injection into the status line.

(From OE-Core rev: 2bf155d59e33972bbb1780e34753199b5a9192a0)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-08-08 16:23:33 +01:00
Richard Purdie
d695bd0d3d build-appliance-image: Update to dunfell head revision
(From OE-Core rev: 3f40d5f095ceb099b604750db96058df00fcd49e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:18 +01:00
Steve Sakoman
08bd8cc114 poky.conf: bump version for 3.1.18 release
(From meta-yocto rev: 57d6803aaf475552a827d322d90d1f07ba73a97d)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Bruce Ashfield
eb32f7f5e6 linux-yocto-rt/5.4: fixup -rt build breakage
Integrating the following commit(s) to linux-yocto/5.4:

    cc478e363cc3 rt: fixup random and irq/manage merge issues

(From OE-Core rev: 597eef3b2f6cb884c474c44e87b1137e6acbe6b5)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Bruce Ashfield
88be415b10 linux-yocto/5.4: update to v5.4.205
Updating  to the latest korg -stable release that comprises
the following commits:

    0ec831fa971d Linux 5.4.205
    1be11d7f3c89 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    b31ab132561c dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    f19026ede26e dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    164e88024f82 dmaengine: pl330: Fix lockdep warning about non-static key
    5af3f2a697d5 ida: don't use BUG_ON() for debugging
    d88022b41eff dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
    aaf875578fd9 misc: rtsx_usb: set return value in rsp_buf alloc err path
    29612c43a2c5 misc: rtsx_usb: use separate command and response buffers
    0e517d0d7feb misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
    858c2d070895 dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
    67586906893c i2c: cadence: Unregister the clk notifier in error path
    acb72388aed5 selftests: forwarding: fix error message in learning_test
    7adf3d45c460 selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
    681738560bf2 selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT
    0711d15ccb27 ibmvnic: Properly dispose of all skbs during a failover.
    aa698affa62c ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
    6b4747d5af43 ARM: at91: pm: use proper compatible for sama5d2's rtc
    123540275034 pinctrl: sunxi: sunxi_pconf_set: use correct offset
    12a690536931 pinctrl: sunxi: a83t: Fix NAND function name for some pins
    3cf8ece91132 ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    c465bbcd3c74 xfs: remove incorrect ASSERT in xfs_rename
    845dac0276a5 can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
    9afdff9dd820 can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
    93f228fcbef2 can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
    0adb049bac09 powerpc/powernv: delay rng platform device creation until later in boot
    782b65ee7bbe video: of_display_timing.h: include errno.h
    af93e8219734 fbcon: Prevent that screen size is smaller than font size
    4f34f380f952 fbcon: Disallow setting font bigger than screen size
    997d86cd3e39 fbmem: Check virtual screen sizes in fb_set_var()
    407c1b491fbd fbdev: fbmem: Fix logo center image dx issue
    14ff1184310f iommu/vt-d: Fix PCI bus rescan device hot add
    800bb66ab275 net: rose: fix UAF bug caused by rose_t0timer_expiry
    04894ab34faf usbnet: fix memory leak in error case
    6f655b5e13fa can: gs_usb: gs_usb_open/close(): fix memory leak
    eb7bbd7728da can: grcan: grcan_probe(): remove extra of_node_get()
    5b48f5711f1c can: bcm: use call_rcu() instead of costly synchronize_rcu()
    e7e3e90d6710 mm/slub: add missing TID updates on slab deactivation
    3defefd22ad5 esp: limit skb_page_frag_refill use to a single page
    49286fbdad47 Linux 5.4.204
    0ac2845937ce clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup()
    d40057538bee net: usb: qmi_wwan: add Telit 0x1070 composition
    ea89a522b4cc net: usb: qmi_wwan: add Telit 0x1060 composition
    5c03cad51b84 xen/arm: Fix race in RB-tree based P2M accounting
    60ac50daad36 xen/blkfront: force data bouncing when backend is untrusted
    ede57be88a5f xen/netfront: force data bouncing when backend is untrusted
    04945b5beb73 xen/netfront: fix leaking data in shared pages
    42112e8f9461 xen/blkfront: fix leaking data in shared pages
    b7c996abe545 selftests/rseq: Change type of rseq_offset to ptrdiff_t
    dc2825288012 selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area
    f89d15c9861c selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area
    618da2318e15 selftests/rseq: Fix: work-around asm goto compiler bugs
    58082d4e8186 selftests/rseq: Remove arm/mips asm goto compiler work-around
    1c9f13880f47 selftests/rseq: Fix warnings about #if checks of undefined tokens
    6f87493c3aa6 selftests/rseq: Fix ppc32 offsets by using long rather than off_t
    4e9c8fd7f7f0 selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store
    d0ca70238f40 selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
    20e2f0108539 selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
    71c04fdf59ca selftests/rseq: Introduce thread pointer getters
    f491e073b992 selftests/rseq: Introduce rseq_get_abi() helper
    158d91ffe0be selftests/rseq: Remove volatile from __rseq_abi
    7037c511f67d selftests/rseq: Remove useless assignment to cpu variable
    9aa134cb66b4 selftests/rseq: introduce own copy of rseq uapi header
    8417f4475959 selftests/rseq: remove ARRAY_SIZE define from individual tests
    b13119007056 rseq/selftests,x86_64: Add rseq_offset_deref_addv()
    7b6bffcfb9d3 ipv6/sit: fix ipip6_tunnel_get_prl return value
    05387c4ff568 sit: use min
    e99a98616191 net: dsa: bcm_sf2: force pause link settings
    ac9cd4f66a4d hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
    ee25841221c1 xen/gntdev: Avoid blocking in unmap_grant_pages()
    5eac00ef2a11 net: tun: avoid disabling NAPI twice
    8f968872ec34 NFC: nxp-nci: Don't issue a zero length i2c_master_read()
    37287fd28fb0 nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
    893825289ba8 net: bonding: fix use-after-free after 802.3ad slave unbind
    6fdef80e7eaa net: bonding: fix possible NULL deref in rlb code
    bb1dc7cc576e net/sched: act_api: Notify user space if any actions were flushed before error
    3b2ddeb89fe7 netfilter: nft_dynset: restore set element counter when failing to update
    5b3a1c6bca38 s390: remove unneeded 'select BUILD_BIN2C'
    bdecd912e99a PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
    e1284ec4a6d7 caif_virtio: fix race between virtio_device_ready() and ndo_open()
    9204bc3e8722 net: ipv6: unexport __init-annotated seg6_hmac_net_init()
    7a79f71f6931 usbnet: fix memory allocation in helpers
    5af106f8e072 linux/dim: Fix divide by 0 in RDMA DIM
    85d7d672e896 RDMA/qedr: Fix reporting QP timeout attribute
    ea0519bc578d net: tun: stop NAPI when detaching queues
    a8cf91902237 net: tun: unlink NAPI from device on destruction
    22e75461014b selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
    1d877327da33 virtio-net: fix race between ndo_open() and virtio_device_ready()
    7f89bb5d7102 net: usb: ax88179_178a: Fix packet receiving
    bb91556d2af0 net: rose: fix UAF bugs caused by timer handler
    76a477d39836 SUNRPC: Fix READ_PLUS crasher
    13816057eaf2 s390/archrandom: simplify back to earlier design and initialize earlier
    f157bd9cf377 dm raid: fix KASAN warning in raid5_add_disks
    90de15357504 dm raid: fix accesses beyond end of raid member array
    b6125c5dc3d6 powerpc/bpf: Fix use of user_pt_regs in uapi
    1ef2e87736a6 powerpc/prom_init: Fix kernel config grep
    d5e32f08e7f1 nvdimm: Fix badblocks clear off-by-one error
    53fb996f2709 ipv6: take care of disable_policy when restoring routes

(From OE-Core rev: c954fc1097cb99b7caac764db007f6b2541c248f)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Robert Joslyn
24fc40faef curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208
Backport fixes for:
 * CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html
 * CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html
 * CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html

(From OE-Core rev: aad2a330086b3a12aa5469499774fafdc8a21c48)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Ranjitsinh Rathod
868ebed326 cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST
Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell
branch

(From OE-Core rev: 5cb48712e09ffb4198b36897495215e578f9fe62)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-25 15:09:02 +01:00
Michael Opdenacker
17c23e485e ref-manual: variables: remove sphinx directive from literal block
Literal blocks make sphinx take their text verbatim. This means that
directives cannot be used in literal blocks. This means :term:`S` was
printed as-is, without actually creating a link to the S variable
definition as would be expected outside of literal blocks.

Initially contributed to the master branch by Quentin Schulz.

(From yocto-docs rev: 882810d294762a6340909b59736acc660c4eaf5c)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Quentin Schulz <foss@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-20 15:52:46 +01:00
Richard Purdie
61ea9f7665 ref-manual: Add XZ_THREADS and XZ_MEMLIMIT
XZ_THREADS and XZ_MEMLIMIT were introduced in dunfell.

[RP improved an original patch from Paul]
(From yocto-docs rev: 4fb0498ecf1e6747ecd3ea5482d0b8bfa2632d49)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-19 10:56:24 +01:00
Steve Sakoman
b38628041b documentation: update for 3.1.18 release
(From yocto-docs rev: 217c3d1581c7ebb4799c4a3822c8b594c779037c)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-19 10:56:24 +01:00
Joshua Watt
dee08141f2 classes/cve-check: Move get_patches_cves to library
Moving the function will allow other classes to capture which CVEs have
been patched, in particular SBoM generation.

Also add a function to capture the CPE ID from the CVE Product and
Version

(From OE-Core rev: 75d34259a715120be1d023e4fd7b6b4b125f2443)

(From OE-Core rev: bba069463ca3813666d084643b0239b9af0199e1)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fa6c07bc1a)
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:48 +01:00
Ross Burton
61023f9e61 vim: upgrade to 9.0.0021
This fixes the following CVEs:
- CVE-2022-2257
- CVE-2022-2264
- CVE-2022-2284
- CVE-2022-2285
- CVE-2022-2286
- CVE-2022-2287

(From OE-Core rev: 3230e5f734f69acfe05219da104e8818445c9eff)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03c044a81a76b7505b9d5bf0d936dde75b51905e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:48 +01:00
Steve Sakoman
7350f515b3 openssl: security upgrade 1.1.1p to 1.1.1q
Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms (CVE-2022-2097)

(From OE-Core rev: 6031eecee8ac8bed1c43a04ecf06ed08014346f2)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:48 +01:00
Richard Purdie
50aa474c84 bitbake: fetch/wget: Move files into place atomically
(Bitbake rev: 7fc4cffebf5dcc1d050416c0b7f7d58c765c1d69)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd7cce4cf4be5c742d29671169354fe84220b47a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:41:59 +01:00
Joey Degges
9c5b33ccba bitbake: fetch/git: Fix usehead for non-default names
The usehead url parameter for git repositories causes bitbake to use
whatever commit the repository HEAD is pointing to if the repository
happens to have the name 'default'. This is the default name so in many
cases it works just fine, but if a different name is specified with the
url parameter 'name=newName' then it will fail to parse the recipe with
an error along the lines of:

ERROR: ExpansionError during parsing /path/to/my/recipe.bb
Traceback (most recent call last):
  File "/path/to/poky/bitbake/lib/bb/fetch2/git.py", line 235, in Git.urldata_init:
    >        ud.setup_revisions(d)
  File "/path/to/poky/bitbake/lib/bb/fetch2/__init__.py", line 1302, in FetchData.setup_revisions:
             for name in self.names:
    >            self.revisions[name] = srcrev_internal_helper(self, d, name)
  File "/path/to/poky/bitbake/lib/bb/fetch2/__init__.py", line 1167, in srcrev_internal_helper(name='newName'):
         if srcrev == "AUTOINC":
    >        srcrev = ud.method.latest_revision(ud, d, name)
  File "/path/to/poky/bitbake/lib/bb/fetch2/__init__.py", line 1562, in Git.latest_revision(name='newName'):
             except KeyError:
    >            revs[key] = rev = self._latest_revision(ud, d, name)
                 return rev
  File "/path/to/poky/bitbake/lib/bb/fetch2/git.py", line 650, in Git._latest_revision(name='newName'):
             raise bb.fetch2.FetchError("Unable to resolve '%s' in upstream git repository in git ls-remote output for %s" % \
    >            (ud.unresolvedrev[name], ud.host+ud.path))
bb.data_smart.ExpansionError: Failure expanding variable SRCPV, expression was ${@bb.fetch2.get_srcrev(d)} which triggered exception FetchError: Fetcher failure: Unable to resolve 'master' in upstream git repository in git ls-remote output for /path/to/local/git/repo

Let's fix this by setting the unresolved rev of _all_ repository names
to 'HEAD' when the usehead url parameter is specified. Update the
currently failing test, test_local_gitfetch_usehead_withname, to now
expect success.

This change preserves existing behavior that allows usehead to be
overridden by a valid looking revision if one happens to be specified
instead of AUTOREV.

(Bitbake rev: a247f56df680382d62910bb9a174e0fdd29e4ca8)

Signed-off-by: Joey Degges <jdegges@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 01e901c44ab0f496606b1d45c8953dc54970204c)
Signed-off-by: Paulo Neves <ptsneves@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:41:59 +01:00
Steve Sakoman
eb12590623 qemu: add PACKAGECONFIG for capstone
Autobuilder workers were non-deterministically enabling capstone
depending on whether the worker had libcapstone installed.

Add PACKAGECONFIG for capstone with default off, since qemu does not
require capstone support.

Qemu version in dunfell has capstone in the source tree as a submodule
and has configure options to enable it using that source code or using
the system libcapstone.

Qemu versions in master and kirkstone have removed the capstone
submodule and configure options, but added libcapstone autodetection to
meson.

In all cases using PACKAGECONFIG will allow a deterministic build.

(From OE-Core rev: af25fff399fa623b4fd6efbca21e01ea6b4d1fd7)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 052ef1f14d1e6a5ee34f742f65e51b20b416f79f)
Signed-off-by: Steve Sakoman <steve@sakoman.com
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Jate Sujjavanich
35bcc28983 IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation
[YOCTO #14851]

Under some circumstances it is not desirable to create a combined locale
archive (/usr/lib/locale/locale-archive).
The new variable IMAGE_LOCALES_ARCHIVE defaults to '1', so the default
behaviour is not changed.

Modified to work with code before move to lib/oe/package_manager

(From OE-Core rev: af32908dfcebbc0f617ad828d895f504c37ee2d1)

Signed-off-by: Michael Thalmeier <michael.thalmeier@hale.at>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d78b819c2ec33fce3a34254fa90864ee5fa7617)
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Steve Sakoman
48ea7812c7 dropbear: break dependency on base package for -dev package
Otherwise the SDK fails to build as the main openssh and dropbear packages
conflict with each other

(From OE-Core rev: 7bc7d4d24ee05a3bbb9a82ff1089da5d162c8497)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 4667abcc925ae0c430cccb480ec530506f6201ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Steve Sakoman
010094a2ae openssh: break dependency on base package for -dev package
Otherwise the SDK fails to build as the main openssh and dropbear packages
conflict with each other

(From OE-Core rev: e863fc060940d11cd6fd58f0f314333ed419cf54)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit f90647e9dd95cfd29b5bdb8d7dcd688a10fc060c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
43980058ca oe-selftest-image: Ensure the image has sftp as well as dropbear
We need sftp so that scp works with recent openssh. Use the packagegroup
instead of a direct dependency to ensure this.

(From OE-Core rev: 70b3c7004e8f14a99adf6119f153a08ec4a4bc6b)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2b76c8e5fc8802bbe54371119e6bf6312bf2a8ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
a985415ec2 packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
Seems sad to have to do this but openssh is moving to use sftp instead
of scp to move files. This means scp from Fedora 36 will no longer be
able to move files to/from a dropbear based image. This breaks a number
of our key QA tests and I suspect will cause users pain too.

The sftp server from openssh is small (200kb uncompressed) and standalone
so adding it to the packagegroup seems to be the best way to preserve user
sanity. If people really don't want it, they can just use dropbear instead
of the packageground.

(From OE-Core rev: 93796b2787c410385d3176495e5307327449d2f7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a98188e83b2c027d99cc38e3367e1ec2a98efbb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
79ac8cf161 oeqa/runtime/scp: Disable scp test for dropbear
Fedora is switching to use sftp as the backend for scp. This means the
scp test fails on Fedora 36 hosts with a dropbear target as dropbear
doesn't support sftp. This change is in the upstream openssh code, other
distros have not yet changed the default but probably will follow.

The easiest way to resolve test failures in dropbear images is to stop
testing this against dropbear as it is no longer expected to work and will
likely spread as the change filters through other distros.

(From OE-Core rev: e7fb95c0b22b52b253f8d0ff10426bee9967854e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a71fc7d455400f406b0d607be712a1133fe91166)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Anuj Mittal
3860414240 efivar: change branch name to main
Upstream has changed branch name to main from master. Change SRC_URI
accordingly.

(From OE-Core rev: f7af3c555d9ddef54264fa7da911507bca3eecb4)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Bruce Ashfield
387d23c02e linux-yocto/5.4: update to v5.4.203
Updating  to the latest korg -stable release that comprises
the following commits:

    871cbc208bf0 Linux 5.4.203
    572cc34503d4 crypto: arm/ghash-ce - define fpu before fpu registers are referenced
    3bf992f9d9a8 crypto: arm - use Kconfig based compiler checks for crypto opcodes
    1b43c30cd5d5 ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler
    9e00e5d195ed ARM: OMAP2+: drop unnecessary adrl
    3657432a75e3 ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand
    02c200fdba46 ARM: 8933/1: replace Sun/Solaris style flag on section directive
    54e6ecd5b7ca crypto: arm/sha512-neon - avoid ADRL pseudo instruction
    5e6f80033286 crypto: arm/sha256-neon - avoid ADRL pseudo instruction
    e120403c0e7c ARM: 8971/1: replace the sole use of a symbol with its definition
    0a43679016f0 ARM: 8990/1: use VFP assembler mnemonics in register load/store macros
    472671eec98a ARM: 8989/1: use .fpu assembler directives instead of assembler arguments
    2bfb0d43a47c net: mscc: ocelot: allow unregistered IP multicast flooding
    223d551a6681 kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
    ab3ed204a146 powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
    77e2ad091850 drm: remove drm_fb_helper_modinit
    9ef3ad40a81f Linux 5.4.202
    ceda71d49f6b powerpc/pseries: wire up rng during setup_arch()
    ece983890287 kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
    2a81e813141e random: update comment from copy_to_user() -> copy_to_iter()
    80f0038d757e modpost: fix section mismatch check for exported init/exit sections
    d1359e4129ad ARM: cns3xxx: Fix refcount leak in cns3xxx_init
    29ca9c4efacc ARM: Fix refcount leak in axxia_boot_secondary
    734a4d15142b soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
    f9b77a529375 ARM: exynos: Fix refcount leak in exynos_map_pmu
    615907ccc421 ARM: dts: imx6qdl: correct PU regulator ramp delay
    93e6137d2a5b powerpc/powernv: wire up rng during setup_arch
    97808c781721 powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
    b6232979320a powerpc: Enable execve syscall exit tracepoint
    e0701f150b28 parisc: Enable ARCH_HAS_STRICT_MODULE_RWX
    e5234a9d64a9 xtensa: Fix refcount leak bug in time.c
    a52972ee706b xtensa: xtfpga: Fix refcount leak bug in setup
    f0fc7cdf5f19 iio: adc: axp288: Override TS pin bias current for some models
    11c7ea38be91 iio: adc: stm32: fix maximum clock rate for stm32mp15x
    5e39397d60da iio: trigger: sysfs: fix use-after-free on remove
    6d2e68d02171 iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
    1ad6d668543d iio: accel: mma8452: ignore the return value of reset operation
    a391bced8404 iio:accel:mxc4005: rearrange iio trigger get and register
    23c158caa032 iio:accel:bma180: rearrange iio trigger get and register
    8ea16a64aafc iio:chemical:ccs811: rearrange iio trigger get and register
    2333db14d875 usb: chipidea: udc: check request status before setting device address
    47e41b4dabbf xhci: turn off port power in shutdown
    d62d1c606db0 iio: adc: vf610: fix conversion mode sysfs node name
    741b6c8363c2 s390/cpumf: Handle events cycles and instructions identical
    4837d1c81223 gpio: winbond: Fix error code in winbond_gpio_get()
    bb18ad00c0b7 Revert "net/tls: fix tls_sk_proto_close executed repeatedly"
    8c7a32b7c155 virtio_net: fix xdp_rxq_info bug after suspend/resume
    28a78414f21e igb: Make DMA faster when CPU is active on the PCIe link
    a5ed066bc246 regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
    844168a5dabf ice: ethtool: advertise 1000M speeds properly
    e3a232e57670 afs: Fix dynamic root getattr
    cacab1e620e0 MIPS: Remove repetitive increase irq_err_count
    788c954f194c x86/xen: Remove undefined behavior in setup_features()
    c7bdaad9cbfe udmabuf: add back sanity check
    05c6c36c7931 net/tls: fix tls_sk_proto_close executed repeatedly
    02da602bc2f3 erspan: do not assume transport header is always set
    d1592d3e362c drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
    f1f9c2a5a3d9 net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
    47d31b97bf47 bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
    104a59b74577 phy: aquantia: Fix AN when higher speeds than 1G are not advertised
    8ffe2e50e967 bpf: Fix request_sock leak in sk lookup helpers
    f074ab253988 USB: serial: option: add Quectel RM500K module support
    ea7b23eadebc USB: serial: option: add Quectel EM05-G modem
    613c849d73df USB: serial: option: add Telit LE910Cx 0x1250 composition
    ae183969bd66 random: quiet urandom warning ratelimit suppression message
    06a24ddba93a dm mirror log: clear log bits up to BITS_PER_LONG boundary
    1f350f3cf0c1 dm era: commit metadata in postsuspend after worker stops
    0e75acbe1b76 ata: libata: add qc->flags in ata_qc_complete_template tracepoint
    71c76f56b97c mtd: rawnand: gpmi: Fix setting busy timeout setting
    c8d37e6ca180 mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing
    af28f602df74 net: openvswitch: fix parsing of nw_proto for IPv6 fragments
    6fda65dabd3e ALSA: hda/realtek: Add quirk for Clevo PD70PNT
    5fbad99e76c0 ALSA: hda/realtek - ALC897 headset MIC no sound
    cf81f367cf81 ALSA: hda/conexant: Fix missing beep setup
    eca9b5e36e24 ALSA: hda/via: Fix missing beep setup
    1df5178fdebe random: schedule mix_interrupt_randomness() less often
    c87e851b23e5 vt: drop old FONT ioctls
    23db944f754e Linux 5.4.201
    3994d2ee55e2 Revert "hwmon: Make chip parameter for with_info API mandatory"
    7b9c3bfbad25 arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer
    2e1591c27b95 tcp: drop the hash_32() part from the index calculation
    c26e1addf157 tcp: increase source port perturb table to 2^16
    77d29f3b18c4 tcp: dynamically allocate the perturb table used by source ports
    7c0a777b7dbd tcp: add small random increments to the source port
    53c5de3092ad tcp: use different parts of the port_offset for index and offset
    95921a3bab76 tcp: add some entropy in __inet_hash_connect()
    bdcbf2602feb usb: gadget: u_ether: fix regression in setting fixed MAC address
    2577d67a9a8a dm: remove special-casing of bio-based immutable singleton target on NVMe
    4143503b486a s390/mm: use non-quiescing sske for KVM switch to keyed guest
    f0c280af0ec7 Linux 5.4.200
    ab8dff4b716e powerpc/mm: Switch obsolete dssall to .long
    1a48a41f1422 riscv: Less inefficient gcc tishift helpers (and export their symbols)
    2464a1c0de53 RISC-V: fix barrier() use in <vdso/processor.h>
    490a02cd8205 arm64: kprobes: Use BRK instead of single-step when executing instructions out-of-line
    ef6f9ce0a79a net: openvswitch: fix leak of nested actions
    6bb3c77c74f5 net: openvswitch: fix misuse of the cached connection on tuple changes
    b47319b4aa21 net/sched: act_police: more accurate MTU policing
    13fbdea1184b virtio-pci: Remove wrong address verification in vp_del_vqs()
    80e4d8a27451 ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
    119e0268cc1c ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
    fba542891767 ext4: add reserved GDT blocks check
    4ca0d2f1e04e ext4: make variable "count" signed
    a6b31616e5af ext4: fix bug_on ext4_mb_use_inode_pa
    ae4603128751 dm mirror log: round up region bitmap size to BITS_PER_LONG
    64d2df648003 serial: 8250: Store to lsr_save_flags after lsr read
    b75bddfcc181 usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
    6506aff2dc2f usb: dwc2: Fix memory leak in dwc2_hcd_init
    940653b51c33 USB: serial: io_ti: add Agilent E5805A support
    31363b2b868e USB: serial: option: add support for Cinterion MV31 with new baseline
    d0c3730f2763 comedi: vmk80xx: fix expression for tx buffer size
    bf833c484881 i2c: designware: Use standard optional ref clock implementation
    8d884c08eeb8 irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
    58e67c81e229 irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
    56526c3883fc irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
    4695bafabf5b faddr2line: Fix overlapping text section failures, the sequel
    1b34d6a93832 certs/blacklist_hashes.c: fix const confusion in certs blacklist
    fb775ee3cfff arm64: ftrace: fix branch range checks
    0e21311ba459 net: bgmac: Fix an erroneous kfree() in bgmac_remove()
    c19cdd72b3ec mlxsw: spectrum_cnt: Reorder counter pools
    c03304dc4234 misc: atmel-ssc: Fix IRQ check in ssc_probe
    f7183c76d500 tty: goldfish: Fix free_irq() on remove
    ff6e03fe84bc i40e: Fix call trace in setup_tx_descriptors
    4b94408e1617 i40e: Fix calculating the number of queue pairs
    43f65970eeb2 i40e: Fix adding ADQ filter to TC0
    cff3a7ce6e81 clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
    11c870c0b532 pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
    e32fe87afcfe random: credit cpu and bootloader seeds by default
    9e4cab02b7ec net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
    2f42389d270f ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
    6b4d8b44e716 nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
    786428a1dec2 virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
    aacb264d54c4 ALSA: hda/realtek - Add HW8326 support
    ff882404dff7 scsi: pmcraid: Fix missing resource cleanup in error case
    c48119223618 scsi: ipr: Fix missing/incorrect resource cleanup in error case
    fe0855944a64 scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion
    1f1be79189fd scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
    001de3d8ce82 scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
    9e3a0d3fc71c ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
    bc046649c5d6 ASoC: es8328: Fix event generation for deemphasis control
    a81f5a7f7a20 ASoC: wm8962: Fix suspend while playing music
    253334f84c81 ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
    052cd621acbf ASoC: cs42l56: Correct typo in minimum level for SX volume controls
    6d180913b3ab ASoC: cs42l52: Correct TLV for Bypass Volume
    385a031c56a9 ASoC: cs53l30: Correct number of volume levels on SX controls
    675b6a49cf70 ASoC: cs35l36: Update digital volume TLV
    b00f63dba5b8 ASoC: cs42l52: Fix TLV scales for mixer controls
    cd8c1e6c01f1 dma-debug: make things less spammy under memory pressure
    a45e19fd6ed8 ASoC: nau8822: Add operation for internal PLL off and on
    348831a9e8aa powerpc/kasan: Silence KASAN warnings in __get_wchan()
    5624055c8f4b random: account for arch randomness in bits
    c0bf6bfce70a random: mark bootloader randomness code as __init
    f96250197b43 random: avoid checking crng_ready() twice in random_init()
    072cd87d12a8 crypto: drbg - make reseeding from get_random_bytes() synchronous
    e9eb0c4741a7 crypto: drbg - always try to free Jitter RNG instance
    f284afc3a9ca crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
    babba4bf53a6 crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
    1b93b302e942 crypto: drbg - prepare for more fine-grained tracking of seeding state
    98e574a73414 crypto: drbg - always seeded with SP800-90B compliant noise source
    61f87ea3f957 Revert "random: use static branch for crng_ready()"
    3faf33a85650 random: check for signals after page of pool writes
    2177cef53ec9 random: wire up fops->splice_{read,write}_iter()
    35db2a073118 random: convert to using fops->write_iter()
    43e62db84a99 random: convert to using fops->read_iter()
    c23188facd10 random: unify batched entropy implementations
    1aeedbe02b5c random: move randomize_page() into mm where it belongs
    ceaf1feefe6e random: move initialization functions out of hot pages
    d3bf98d61fb6 random: make consistent use of buf and len
    70fce7f105bb random: use proper return types on get_random_{int,long}_wait()
    d05948dc23e6 random: remove extern from functions in header
    d8b4296417ea random: use static branch for crng_ready()
    087a14b9cf9b random: credit architectural init the exact amount
    ac48f7bee198 random: handle latent entropy and command line from random_init()
    736a22645d98 random: use proper jiffies comparison macro
    3266fba20661 random: remove ratelimiting for in-kernel unseeded randomness
    c5373bd6e4fb random: move initialization out of reseeding hot path
    0747ad152fa1 random: avoid initializing twice in credit race
    0baeec0effc7 random: use symbolic constants for crng_init states
    55d64df3ad5b siphash: use one source of truth for siphash permutations
    e4e8a9f8a616 random: help compiler out with fast_mix() by using simpler arguments
    bf3b51eb0f13 random: do not use input pool from hard IRQs
    6d4203a2cddc random: order timer entropy functions below interrupt functions
    58da574f105a random: do not pretend to handle premature next security model
    e739d5bd1466 random: use first 128 bits of input as fast init
    c44f8b386376 random: do not use batches when !crng_ready()
    e247ea8d97bf random: insist on random_get_entropy() existing in order to simplify
    9bfbcb37e5f6 xtensa: use fallback for random_get_entropy() instead of zero
    fa15650b51f6 sparc: use fallback for random_get_entropy() instead of zero
    9dfc14590c5d um: use fallback for random_get_entropy() instead of zero
    0cc41e2c73f7 x86/tsc: Use fallback for random_get_entropy() instead of zero
    f2a6e8727084 nios2: use fallback for random_get_entropy() instead of zero
    db1d13fe4c80 arm: use fallback for random_get_entropy() instead of zero
    6fa912f987fa mips: use fallback for random_get_entropy() instead of just c0 random
    36f38f838c5b m68k: use fallback for random_get_entropy() instead of zero
    a7d04ca9da61 timekeeping: Add raw clock fallback for random_get_entropy()
    eb2f9d72f32a powerpc: define get_cycles macro for arch-override
    10455a367c33 alpha: define get_cycles macro for arch-override
    5f0b77ca1978 parisc: define get_cycles macro for arch-override
    80459abc9fee s390: define get_cycles macro for arch-override
    73385644490a ia64: define get_cycles macro for arch-override
    5fac86663976 init: call time_init() before rand_initialize()
    b88ae87b100c random: fix sysctl documentation nits
    465425748359 random: document crng_fast_key_erasure() destination possibility
    ec07b3494517 random: make random_get_entropy() return an unsigned long
    fe156368f987 random: allow partial reads if later user copies fail
    70788723da70 random: check for signals every PAGE_SIZE chunk of /dev/[u]random
    2ce859d91fe9 random: check for signal_pending() outside of need_resched() check
    0e8030c9e03d random: do not allow user to keep crng key around on stack
    95aed891f7be random: do not split fast init input in add_hwgenerator_randomness()
    1d53d5a0973e random: mix build-time latent entropy into pool at init
    0aba75c6173d random: re-add removed comment about get_random_{u32,u64} reseeding
    81ea8a609b48 random: treat bootloader trust toggle the same way as cpu trust toggle
    a08d52a6081b random: skip fast_init if hwrng provides large chunk of entropy
    8320bc665c29 random: check for signal and try earlier when generating entropy
    3a53b818bb0e random: reseed more often immediately after booting
    905759e0fc17 random: make consistent usage of crng_ready()
    ad4c6bd98c54 random: use SipHash as interrupt entropy accumulator
    631503001ccf random: replace custom notifier chain with standard one
    1ae73fb2a635 random: don't let 644 read-only sysctls be written to
    ed409757100b random: give sysctl_random_min_urandom_seed a more sensible value
    75d95c1b5dea random: do crng pre-init loading in worker rather than irq
    219c84fe93e5 random: unify cycles_t and jiffies usage and types
    673637c4c9e0 random: cleanup UUID handling
    4d5151cc288a random: only wake up writers after zap if threshold was passed
    ac0081dec7d6 random: round-robin registers as ulong, not u32
    62cd795e465a random: clear fast pool, crng, and batches in cpuhp bring up
    a7f8f385bb6f random: pull add_hwgenerator_randomness() declaration into random.h
    ff607fc7607d random: check for crng_init == 0 in add_device_randomness()
    20788eb4ce70 random: unify early init crng load accounting
    49567f947735 random: do not take pool spinlock at boot
    4a61bf7f9b18 random: defer fast pool mixing to worker
    944d1bd0e5be random: rewrite header introductory comment
    c0e35949c736 random: group sysctl functions
    d946084180ee random: group userspace read/write functions
    565a66043bdf random: group entropy collection functions
    f2d587c493fc random: group entropy extraction functions
    a8786d54762f random: group crng functions
    c12dfec1aacf random: group initialization wait functions
    22e3db57ab94 random: remove whitespace and reorder includes
    cee64be60591 random: remove useless header comment
    904e6123c400 random: introduce drain_entropy() helper to declutter crng_reseed()
    47c56790d51c random: deobfuscate irq u32/u64 contributions
    e280b79c3127 random: add proper SPDX header
    776927dfd4ac random: remove unused tracepoints
    d68883956d36 random: remove ifdef'd out interrupt bench
    4a14a5a6969a random: tie batched entropy generation to base_crng generation
    d8a6684950c1 random: fix locking for crng_init in crng_reseed()
    b1d561138150 random: zero buffer after reading entropy from userspace
    21da00f8cb3a random: remove outdated INT_MAX >> 6 check in urandom_read()
    b530684129b2 random: make more consistent use of integer types
    3eed6af93ecd random: use hash function for crng_slow_load()
    cee3c7056900 random: use simpler fast key erasure flow on per-cpu keys
    ea9941fd6e26 random: absorb fast pool into input pool after fast load
    a3562bf4e8c9 random: do not xor RDRAND when writing into /dev/random
    574c8839504b random: ensure early RDSEED goes through mixer on init
    d3d3c1c214c3 random: inline leaves of rand_initialize()
    817315517af9 random: get rid of secondary crngs
    c15fc80b7df0 random: use RDSEED instead of RDRAND in entropy extraction
    72db8151c889 random: fix locking in crng_fast_load()
    7229c6d90a1a random: remove batched entropy locking
    6c8911579221 random: remove use_input_pool parameter from crng_reseed()
    4ef908fb81d9 random: make credit_entropy_bits() always safe
    42a9a7e80750 random: always wake up entropy writers after extraction
    373ef51f3e8a random: use linear min-entropy accumulation crediting
    a1a2bae5ef93 random: simplify entropy debiting
    4e5814bd2e75 random: use computational hash for entropy extraction
    99a0f8e22d4c random: only call crng_finalize_init() for primary_crng
    88609b892fdd random: access primary_pool directly rather than through pointer
    0b9f9b94f1ea random: continually use hwgenerator randomness
    811e333c4eb2 random: simplify arithmetic function flow in account()
    56de23dcf9d0 random: selectively clang-format where it makes sense
    86eac12b1cf5 random: access input_pool_data directly rather than through pointer
    4f5400ca7fc1 random: cleanup fractional entropy shift constants
    1b6f1d32a858 random: prepend remaining pool constants with POOL_
    0fe4a64fd946 random: de-duplicate INPUT_POOL constants
    e35576c4cb18 random: remove unused OUTPUT_POOL constants
    74cb3093f2de random: rather than entropy_store abstraction, use global
    14652d864280 random: remove unused extract_entropy() reserved argument
    12f17e3f3a14 random: remove incomplete last_data logic
    adcbbb44ccc1 random: cleanup integer types
    4ac4c7f057ff random: cleanup poolinfo abstraction
    5c3818e3bd7b random: fix typo in comments
    0a7e65810269 random: don't reset crng_init_cnt on urandom_read()
    8d7c55563ed0 random: avoid superfluous call to RDRAND in CRNG extraction
    8b4695640bc5 random: early initialization of ChaCha constants
    cfc69065005e random: initialize ChaCha20 constants with correct endianness
    922d082e3363 random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
    565b3af16894 random: harmonize "crng init done" messages
    346c4a697c29 random: mix bootloader randomness into pool
    afce74c0c04f random: do not re-init if crng_reseed completes before primary init
    d76758c71209 random: do not sign extend bytes for rotation when mixing
    c2f0a89cd1d5 random: use BLAKE2s instead of SHA1 in extraction
    6e6ae70c1eac random: remove unused irq_flags argument from add_interrupt_randomness()
    2580b0b3fd5a random: document add_hwgenerator_randomness() with other input functions
    3cc36a4aa1ca crypto: blake2s - adjust include guard naming
    09342a544c4b crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
    f850f3643d6b MAINTAINERS: co-maintain random.c
    967e3a136f9b random: remove dead code left over from blocking pool
    610f0b439a6b random: avoid arch_get_random_seed_long() when collecting IRQ randomness
    ad3fce669105 random: add arch_get_random_*long_early()
    41b0d3e86c50 powerpc: Use bool in archrandom.h
    89533373e11c linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
    0222f9f1d168 linux/random.h: Use false with bool
    15f93060b718 linux/random.h: Remove arch_has_random, arch_has_random_seed
    a95ed04e21da s390: Remove arch_has_random, arch_has_random_seed
    aab52172d9f9 powerpc: Remove arch_has_random, arch_has_random_seed
    35e28a05f659 x86: Remove arch_has_random, arch_has_random_seed
    98f749e29728 random: avoid warnings for !CONFIG_NUMA builds
    c13b9c3627d8 random: split primary/secondary crng init paths
    c070b07aaf34 random: remove some dead code of poolinfo
    898498bb4414 random: fix typo in add_timer_randomness()
    2c53d6d6a7be random: Add and use pr_fmt()
    f3375cfe31bc random: convert to ENTROPY_BITS for better code readability
    9f757cad20b7 random: remove unnecessary unlikely()
    4431c366fe23 random: remove kernel.random.read_wakeup_threshold
    ec134003cc39 random: delete code to pull data into pools
    a9564e14c6dd random: remove the blocking pool
    940cbc47b369 random: make /dev/random be almost like /dev/urandom
    c4edc1055c11 random: ignore GRND_RANDOM in getentropy(2)
    7f9f864af021 random: add GRND_INSECURE to return best-effort non-cryptographic bytes
    479d39707ff7 random: Add a urandom_read_nowait() for random APIs that don't warn
    69441ba56f13 random: Don't wake crng_init_wait when crng_init == 1
    69ef3109d422 random: don't forget compat_ioctl on urandom
    927fc225af29 compat_ioctl: remove /dev/random commands
    996fba14fa35 lib/crypto: sha1: re-roll loops to reduce code size
    c4f48374407b lib/crypto: blake2s: move hmac construction into wireguard
    97126d2f65b3 crypto: blake2s - generic C library implementation and selftest
    76101f1b7f59 nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
    e804587ecdcd bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
    f91da317e6fa 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"

(From OE-Core rev: 6126f40a7ce1c55638277e45c084b82364a654b6)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Bruce Ashfield
232fdbf0e5 linux-yocto/5.4: update to v5.4.199
Updating  to the latest korg -stable release that comprises
the following commits:

    a31bd366116c Linux 5.4.199
    4cc40b1022bb x86/speculation/mmio: Print SMT warning
    d49c22094e6f KVM: x86/speculation: Disable Fill buffer clear within guests
    d96159263593 x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
    bc64f38b5a38 x86/speculation/srbds: Update SRBDS mitigation selection
    020ce7495cfc x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
    8d25482fc96a x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
    7f898baa2044 x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
    0800f1b45bf6 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
    ae649e0cbf76 x86/speculation: Add a common function for MD_CLEAR mitigation update
    814ccb673035 x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
    91f8147c8371 Documentation: Add documentation for Processor MMIO Stale Data
    1e9f4e8a7aa9 x86/cpu: Add another Alder Lake CPU to the Intel family
    45e744de251c x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
    79568d551570 x86/cpu: Add Jasper Lake to Intel family
    9e2efaa5dd10 cpu/speculation: Add prototype for cpu_show_srbds()
    9d6e67bf5090 Linux 5.4.198
    602b338e3c3c tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
    b35e08edb2c2 mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
    0c12d7625502 md/raid0: Ignore RAID0 layout if the second zone has only one device
    0c4bc0a2f825 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
    3c953d47eb1e Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
    6ec537c50033 ixgbe: fix unexpected VLAN Rx in promisc mode on VF
    24030768a7b4 ixgbe: fix bcast packets Rx on VF after promisc removal
    3eca2c42daa4 nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
    31f9c39b4a37 nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
    4f4ab5004633 mmc: block: Fix CQE recovery reset success
    0245434e381e ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
    b651f70ed3a8 cifs: return errors during session setup during reconnects
    850965edc861 ALSA: hda/conexant - Fix loopback issue with CX20632
    6c04a2ae039b scripts/gdb: change kernel config dumping method
    1a36f77dc23c vringh: Fix loop descriptors check in the indirect cases
    a3f9b0afd8b4 nodemask: Fix return values to be unsigned
    9b306339a511 cifs: version operations for smb20 unneeded when legacy support disabled
    5cb13cdc180a s390/gmap: voluntarily schedule during key setting
    69893d6d7f5c nbd: fix io hung while disconnecting device
    8a7da4ced236 nbd: fix race between nbd_alloc_config() and module removal
    1be608e1ee1f nbd: call genl_unregister_family() first in nbd_cleanup()
    045045b522c6 x86/cpu: Elide KCSAN for cpu_has() and friends
    460083de66c4 modpost: fix undefined behavior of is_arm_mapping_symbol()
    28fd384c78d7 drm/radeon: fix a possible null pointer dereference
    9223144fdd64 ceph: allow ceph.dir.rctime xattr to be updatable
    7df12bee5415 Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
    0331d261c398 scsi: myrb: Fix up null pointer access on myrb_cleanup()
    cf6b9316879f md: protect md_unregister_thread from reentrancy
    99e4c67a5581 watchdog: wdat_wdt: Stop watchdog when rebooting the system
    6fd031799e7b kernfs: Separate kernfs_pr_cont_buf and rename_lock.
    19f4b51b836d serial: msm_serial: disable interrupts in __msm_console_write()
    52a0d88c3280 staging: rtl8712: fix uninit-value in r871xu_drv_init()
    58762f1c63c7 staging: rtl8712: fix uninit-value in usb_read8() and friends
    1bcfb95de192 clocksource/drivers/sp804: Avoid error on multiple instances
    d472c78cc829 extcon: Modify extcon device to be created after driver data is set
    fa0b2dd6829d misc: rtsx: set NULL intfdata when probe fails
    d232ca0bbc7d usb: dwc2: gadget: don't reset gadget's driver->bus
    3a7170a3de62 USB: hcd-pci: Fully suspend across freeze/thaw cycle
    2dcec0bc142b drivers: usb: host: Fix deadlock in oxu_bus_suspend()
    09a5958a2452 drivers: tty: serial: Fix deadlock in sa1100_set_termios()
    c91a74b1f0f2 USB: host: isp116x: check return value after calling platform_get_resource()
    64b05fa212c7 drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
    1fbe033c5248 drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
    8c014373f178 tty: Fix a possible resource leak in icom_probe
    f6e07eb7ebec tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
    1b04c934e1e6 lkdtm/usercopy: Expand size of "out of frame" object
    ca2498cce875 iio: st_sensors: Add a local lock for protecting odr
    ab75e02366e1 iio: dummy: iio_simple_dummy: check the return value of kstrdup()
    36acb4d9ce55 drm: imx: fix compiler warning with gcc-12
    8174acbef87b net: altera: Fix refcount leak in altera_tse_mdio_create
    3d08bc3a5d9b ip_gre: test csum_start instead of transport header
    957d298526b5 net/mlx5: fs, fail conflicting actions
    8a6740fdc562 net/mlx5: Rearm the FW tracer after each tracer event
    317260b3eb63 net: ipv6: unexport __init-annotated seg6_hmac_init()
    ef6d2354de23 net: xfrm: unexport __init-annotated xfrm4_protocol_init()
    6a90a44d5342 net: mdio: unexport __init-annotated mdio_bus_init()
    978dcc55cf36 SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
    180473e8e42a net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
    7c8df6fad43d net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
    e412b3d178ea bpf, arm64: Clear prog->jited_len along prog->jited
    556720013c36 af_unix: Fix a data-race in unix_dgram_peer_wake_me().
    b49c884146e2 xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
    5b8d63489c3b netfilter: nf_tables: memleak flow rule from commit path
    d5a1e7f33c88 ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
    e0212033ff68 netfilter: nat: really support inet nat without l3 address
    da99331fa621 xprtrdma: treat all calls not a bcall when bc_serv is NULL
    48dea4d3a11f video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
    a2b3be930e79 NFSv4: Don't hold the layoutget locks across multiple RPC calls
    83960276ffc9 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
    4917e43bca50 m68knommu: fix undefined reference to `_init_sp'
    f6bdafbb9b04 m68knommu: set ZERO_PAGE() to the allocated zeroed page
    27fdb4572344 i2c: cadence: Increase timeout per message if necessary
    0a7a1fc7e71e f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
    23b2163b887f tracing: Avoid adding tracer option before update_tracer_options
    48c6ee7d6c61 tracing: Fix sleeping function called from invalid context on RT kernel
    cc0aed22d33c mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
    ff66ae4359ff perf c2c: Fix sorting in percent_rmt_hitm_cmp()
    8b91d0dfc839 tipc: check attribute length for bearer name
    c2eba68d185b afs: Fix infinite loop found by xfstest generic/676
    d05c2fdf8e10 tcp: tcp_rtx_synack() can be called from process context
    1bd2f7f38bac net: sched: add barrier to fix packet stuck problem for lockless qdisc
    77b954ce2d64 net/mlx5e: Update netdev features after changing XDP state
    a4c52440acf4 net/mlx5: Don't use already freed action pointer
    00803d30518f nfp: only report pause frame configuration for physical device
    8302620aeb94 ubi: ubi_create_volume: Fix use-after-free when volume creation failed
    d3a4fff1e7e4 jffs2: fix memory leak in jffs2_do_fill_super
    acf92b525723 modpost: fix removing numeric suffixes
    a101793994c0 net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
    2bd1faedb74d net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
    be73e3bf6862 net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
    51ed32c1cfcf s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
    80f6712f241c clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
    e5d479d73f21 ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
    5b110d940417 watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
    593b595332bd driver core: fix deadlock in __device_attach
    5d709f58c743 driver: base: fix UAF when driver_attach failed
    3157118c1795 bus: ti-sysc: Fix warnings for unbind for serial
    a724634b2a49 firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
    c3a16e7c8624 serial: stm32-usart: Correct CSIZE, bits, and parity
    29d963635ee6 serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
    5c01c19f64c7 serial: sifive: Sanitize CSIZE and c_iflag
    841cab744cc0 serial: sh-sci: Don't allow CS5-6
    942aa88467b9 serial: txx9: Don't allow CS5-6
    eb8de4bac35a serial: rda-uart: Don't allow CS5-6
    0de3d2344ee0 serial: digicolor-usart: Don't allow CS5-6
    035bc3b734aa serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
    1b3ae6d85069 serial: meson: acquire port->lock in startup()
    d77f28c1bc9d rtc: mt6397: check return value after calling platform_get_resource()
    d041e885749f clocksource/drivers/riscv: Events are stopped during CPU suspend
    69a30b2ed620 soc: rockchip: Fix refcount leak in rockchip_grf_init
    0f91755514b8 coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
    47e4c42faab9 serial: sifive: Report actual baud base rather than fixed 115200
    f2a16af2ee0a phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
    b6b0f8904bd6 rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
    088f449d9d3c iio: adc: sc27xx: Fine tune the scale calibration values
    e5d48301d1fc iio: adc: sc27xx: fix read big scale voltage not right
    0f57d139300f iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
    bec18bb00f11 firmware: stratix10-svc: fix a missing check on list iterator
    8ad7b3d9f838 usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
    1026ee392ba3 rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
    89d1b9dfccce pwm: lp3943: Fix duty calculation in case period was clamped
    8e9f3f508a9c staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
    67c2aa77b40e usb: musb: Fix missing of_node_put() in omap2430_probe
    b78499772fa7 USB: storage: karma: fix rio_karma_init return
    72ab0f6f2ba8 usb: usbip: add missing device lock on tweak configuration cmd
    2f0ae93ec33c usb: usbip: fix a refcount leak in stub_probe()
    077f58e469a6 tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
    7320308b189c tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
    9ae3d073f7db tty: goldfish: Use tty_port_destroy() to destroy port
    d88fdea1477c iio: adc: ad7124: Remove shift from scan_type
    1aa30dc88372 staging: greybus: codecs: fix type confusion of list iterator variable
    6c8c536e0020 pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
    4faa6308e1b8 md: bcache: check the return value of kzalloc() in detached_dev_do_request()
    5f62b21b7c93 block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
    ccddf8cd411c bfq: Make sure bfqg for which we are queueing requests is online
    8afc13b958bd bfq: Get rid of __bio_blkcg() usage
    be1b78f94992 bfq: Remove pointless bfq_init_rq() calls
    f885f55033a1 bfq: Drop pointless unlock-lock pair
    97be7d13fbd4 bfq: Avoid merging queues with different parents
    54073410537f MIPS: IP27: Remove incorrect `cpu_has_fpu' override
    427c3c7ebd5f RDMA/rxe: Generate a completion for unsupported/invalid opcode
    4946cfd1c8f0 Kconfig: add config option for asm goto w/ outputs
    7ac21b24af85 phy: qcom-qmp: fix reset-controller leak on probe errors
    d19fa8f25200 blk-iolatency: Fix inflight count imbalances and IO hangs on offline
    8a068913d19d dt-bindings: gpio: altera: correct interrupt-cells
    3b8c37780d11 docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
    da9634374d41 ARM: pxa: maybe fix gpio lookup tables
    1668ad103679 phy: qcom-qmp: fix struct clk leak on probe errors
    2040b6076544 arm64: dts: qcom: ipq8074: fix the sleep clock frequency
    8dd2e5f9c1f1 gma500: fix an incorrect NULL check on list iterator
    a62591e36100 tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
    77ec584d3de0 serial: pch: don't overwrite xmit->buf[0] by x_char
    f6cb1470ba22 carl9170: tx: fix an incorrect use of list iterator
    2ea49d6310c9 ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
    b8ce58ab80fa rtl818x: Prevent using not initialized queues
    6f4a489d8458 hugetlb: fix huge_pmd_unshare address update
    73bdb2359dbc nodemask.h: fix compilation error with GCC12
    6e071eaf5002 iommu/msm: Fix an incorrect NULL check on list iterator
    9caad70819ae um: Fix out-of-bounds read in LDT setup
    6cbe83680f01 um: chan_user: Fix winch_tramp() return value
    3466e4265244 mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
    cf465ecfe3a8 irqchip: irq-xtensa-mx: fix initial IRQ affinity
    36bab24bb81b irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
    8858284dd749 RDMA/hfi1: Fix potential integer multiplication overflow errors
    64623236263f Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
    532aa3f7a50c media: coda: Add more H264 levels for CODA960
    adcea1c8eea8 media: coda: Fix reported H264 profile
    f2c2ad538e49 mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
    16e993ac7c81 md: fix an incorrect NULL check in md_reload_sb
    d0bdc809f788 md: fix an incorrect NULL check in does_sb_need_changing
    3623f833e19b drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
    8fa6eb03e3f5 drm/nouveau/clk: Fix an incorrect NULL check on list iterator
    19323b3671a8 drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
    c12984cdb077 drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
    8e105178c26a scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
    494685db0023 scsi: dc395x: Fix a missing check on list iterator
    82bf8e7271fa ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
    17ea63484975 dlm: fix missing lkb refcount handling
    49cd9eb7b9a7 dlm: fix plock invalid read
    f160e7b4b02a mm, compaction: fast_find_migrateblock() should return pfn in the target zone
    665602c83776 PCI: qcom: Fix unbalanced PHY init on probe errors
    c3919b10c45f PCI: qcom: Fix runtime PM imbalance on probe errors
    c99306cf5983 PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
    c27f744ceefa tracing: Fix potential double free in create_var_ref()
    742736dc9c01 ACPI: property: Release subnode properties with data nodes
    e157c8f87e8f ext4: avoid cycles in directory h-tree
    17034d45ec44 ext4: verify dir block before splitting it
    73fd5b192851 ext4: fix bug_on in ext4_writepages
    0ab308d72af7 ext4: fix warning in ext4_handle_inode_extension
    eaecf7ebfd5d ext4: fix use-after-free in ext4_rename_dir_prepare
    f36736fbd484 netfilter: nf_tables: disallow non-stateful expression in sets earlier
    28a8060a0bd2 bfq: Track whether bfq_group is still online
    da9f3025d595 bfq: Update cgroup information before merging bio
    31326bf55126 bfq: Split shared queues on move between cgroups
    b1cda6dd2c44 efi: Do not import certificates from UEFI Secure Boot for T2 Macs
    440d345d0274 fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
    e0dddab01f94 iwlwifi: mvm: fix assert 1F04 upon reconfig
    265bec4779a3 wifi: mac80211: fix use-after-free in chanctx code
    9259227605df f2fs: fix fallocate to use file_modified to update permissions consistently
    1f926457c3e7 f2fs: don't need inode lock for system hidden quota
    12ffc0044aba f2fs: fix deadloop in foreground GC
    54c116615c99 f2fs: fix to clear dirty inode in f2fs_evict_inode()
    7361c9f2bd6a f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
    f8b3c3fcf331 f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
    7f51f2734555 perf jevents: Fix event syntax error caused by ExtSel
    9eb684dc41d8 perf c2c: Use stdio interface if slang is not supported
    e23eb2f43f4d iommu/amd: Increase timeout waiting for GA log enablement
    db7ea8b261ef dmaengine: stm32-mdma: remove GISR1 register
    8db59df7f582 video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
    dcc00106c325 NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
    3d216510f8af NFS: Don't report errors from nfs_pageio_complete() more than once
    55f0fc32b2f2 NFS: Do not report flush errors in nfs_write_end()
    59137943af75 NFS: Do not report EINTR/ERESTARTSYS as mapping errors
    4826af9a07cf i2c: at91: Initialize dma_buf in at91_twi_xfer()
    d77a0f2842b3 i2c: at91: use dma safe buffers
    e4db5f4b680a iommu/mediatek: Add list_del in mtk_iommu_remove
    5e47a7add3dd f2fs: fix dereference of stale list iterator after loop body
    c8735252f93f Input: stmfts - do not leave device disabled in stmfts_input_open
    addb192000d8 RDMA/hfi1: Prevent use of lock before it is initialized
    6d8b9f574bca mailbox: forward the hrtimer if not queued and under a lock
    49c1e32e7b3f mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
    bcb6c4c5eb48 powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
    2631fe5b53b5 macintosh: via-pmu and via-cuda need RTC_LIB
    bc21634ce430 powerpc/perf: Fix the threshold compare group constraint for power9
    cf0b52858f74 powerpc/64: Only WARN if __pa()/__va() called with bad addresses
    bbc2b0ce6042 Input: sparcspkr - fix refcount leak in bbc_beep_probe
    6d7b2cf5c7ed crypto: cryptd - Protect per-CPU resource by disabling BH.
    3219ac364ac3 tty: fix deadlock caused by calling printk() under tty_port->lock
    ded067f24b90 PCI: imx6: Fix PERST# start-up sequence
    0b35a685d911 ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
    203537caad3c proc: fix dentry/inode overinstantiating under /proc/${pid}/net
    6cdb6582b566 powerpc/4xx/cpm: Fix return value of __setup() handler
    337eef19aad8 powerpc/idle: Fix return value of __setup() handler
    1d83f304215b powerpc/8xx: export 'cpm_setbrg' for modules
    662b70a45b32 dax: fix cache flush on PMD-mapped pages
    386e69e06817 drivers/base/node.c: fix compaction sysfs file leak
    d1f908bd0100 pinctrl: mvebu: Fix irq_of_parse_and_map() return value
    9282496aac8b nvdimm: Allow overwrite in the presence of disabled dimms
    b0e4bafac896 firmware: arm_scmi: Fix list protocols enumeration in the base protocol
    ffd3bed66b54 scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
    829ea474876f mfd: ipaq-micro: Fix error check return value of platform_get_irq()
    8c4eeab72608 powerpc/fadump: fix PT_LOAD segment for boot memory area
    bbf58e97426d arm: mediatek: select arch timer for mt7629
    e7a0d0c2802f crypto: marvell/cesa - ECB does not IV
    de65c32ace9a misc: ocxl: fix possible double free in ocxl_file_register_afu
    7f287d0c7001 ARM: dts: bcm2835-rpi-b: Fix GPIO line names
    3a37022d48a5 ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
    fd1c098b3bdd ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
    e0bf7f084412 ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
    e4594ca90b4e can: xilinx_can: mark bit timing constants as const
    6077a1e637b3 KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
    9cccb3f6ed9a PCI: rockchip: Fix find_first_zero_bit() limit
    f063429ac33f PCI: cadence: Fix find_first_zero_bit() limit
    5543752a48ad soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
    669575521633 soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
    56b8d748ec43 ARM: dts: suniv: F1C100: fix watchdog compatible
    754ef324b70b arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
    60546c0b4b46 net/smc: postpone sk_refcnt increment in connect()
    91121ee57414 rxrpc: Fix decision on when to generate an IDLE ACK
    d7b16ee15fc6 rxrpc: Don't let ack.previousPacket regress
    2fd958ae29fd rxrpc: Fix overlapping ACK accounting
    5aa14dafd2b0 rxrpc: Don't try to resend the request if we're receiving the reply
    91b34bf0409f rxrpc: Fix listen() setting the bar too high for the prealloc rings
    0bfaff00d1a7 NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
    9934025c4d66 ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
    b3461ccaa5d2 thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
    449374565f34 drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
    6832e36f156e drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
    48d331a03b0d ext4: reject the 'commit' option on ext2 filesystems
    3dc032375595 media: ov7670: remove ov7670_power_off from ov7670_remove
    dc794fa2b3c4 sctp: read sk->sk_bound_dev_if once in sctp_rcv()
    d43a87d66039 m68k: math-emu: Fix dependencies of math emulation support
    6f55fac0af35 Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
    c3c8c7e409d0 media: vsp1: Fix offset calculation for plane cropping
    1310fc3538dc media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
    83345b536599 media: exynos4-is: Change clk_disable to clk_disable_unprepare
    b87d3a043b32 media: st-delta: Fix PM disable depth imbalance in delta_probe
    12480f757810 media: aspeed: Fix an error handling path in aspeed_video_probe()
    d2b1dc3a0432 scripts/faddr2line: Fix overlapping text section failures
    0be5d9da5743 regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
    18b907ff0ae4 ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
    96fc3da6184a ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
    ddb1a77f94d7 perf/amd/ibs: Use interrupt regs ip for stack unwinding
    f2e2e934d2b6 Revert "cpufreq: Fix possible race in cpufreq online error path"
    1253811c71e0 iomap: iomap_write_failed fix
    6b8291e574a8 media: uvcvideo: Fix missing check to determine if element is found in list
    ab888b1a9a6d drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
    22d8424913b1 drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
    b2aa2c4efe93 drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
    cd4cfd99ec14 regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
    db5a21f2dd62 x86/mm: Cleanup the control_va_addr_alignment() __setup handler
    d2476a1fc50b irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
    b97eb924a234 irqchip/exiu: Fix acknowledgment of edge triggered interrupts
    9777de28cfea x86: Fix return value of __setup handlers
    ee3901d7c7f4 virtio_blk: fix the discard_granularity and discard_alignment queue limits
    a9b4599665e4 drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
    35d9a84e3b35 drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
    2b3ed7547b1a drm/msm/hdmi: check return value after calling platform_get_resource_byname()
    11709592b350 drm/msm/dsi: fix error checks and return values for DSI xmit functions
    ef10d0c68e86 drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
    db681127e96d perf tools: Add missing headers needed by util/data.h
    31de06ef06a8 ASoC: rk3328: fix disabling mclk on pclk probe failure
    ed8d5cf1dcad x86/speculation: Add missing prototype for unpriv_ebpf_notify()
    1d0c4bc628ca x86/pm: Fix false positive kmemleak report in msr_build_context()
    b889619eba6f scsi: ufs: core: Exclude UECxx from SFR dump list
    e120d31d04bf of: overlay: do not break notify on NOTIFY_{OK|STOP}
    b0be017bc59d fsnotify: fix wrong lockdep annotations
    60d159e0d084 inotify: show inotify mask flags in proc fdinfo
    2326d398ccd4 ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
    cd1f386120d0 cpufreq: Fix possible race in cpufreq online error path
    e7f0fd6f2566 spi: img-spfi: Fix pm_runtime_get_sync() error checking
    735b57a96088 sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
    55fddbb1e278 drm/bridge: Fix error handling in analogix_dp_probe
    f1d4f19a7965 HID: elan: Fix potential double free in elan_input_configured
    75a89bc1baee HID: hid-led: fix maximum brightness for Dream Cheeky
    3caa2d7943ca drbd: fix duplicate array initializer
    65065f96d53e efi: Add missing prototype for efi_capsule_setup_info
    fbf9c4c714d3 NFC: NULL out the dev->rfkill to prevent UAF
    2c59535b6be0 spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
    fa0d7ba25a53 drm: mali-dp: potential dereference of null pointer
    797f8ee35f03 drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
    1a994f1f1841 nl80211: show SSID for P2P_GO interfaces
    93c0f9d78ddd bpf: Fix excessive memory allocation in stack_map_alloc()
    c398c2149b17 drm/vc4: txp: Force alpha to be 0xff if it's disabled
    8a60b54e41c9 drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
    a0c890c0ae9f drm/mediatek: Fix mtk_cec_mask()
    ea8b2ecc920d x86/delay: Fix the wrong asm constraint in delay_loop()
    c71494f5f2b4 ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
    23f340ed906c ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
    e92b927fffb6 drm/bridge: adv7511: clean up CEC adapter when probe fails
    224e1eef0386 drm/edid: fix invalid EDID extension block filtering
    657734866839 ath9k: fix ar9003_get_eepmisc
    ebede9aadfa3 drm: fix EDID struct for old ARM OABI format
    e60ad83f645e RDMA/hfi1: Prevent panic when SDMA is disabled
    cb4f2dc513e9 powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
    6557555a86f3 macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
    793b82d1c424 powerpc/powernv: fix missing of_node_put in uv_init()
    537a317e5ff4 powerpc/xics: fix refcount leak in icp_opal_init()
    a910e9613130 tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
    c9a81f9ed6ae PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
    e10905816513 ARM: hisi: Add missing of_node_put after of_find_compatible_node
    2f46a955b6f5 ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
    fcd1999ba974 ARM: versatile: Add missing of_node_put in dcscb_init
    fd48cf8f972f fat: add ratelimit to fat*_ent_bread()
    60ce637c194b powerpc/fadump: Fix fadump to work with a different endian capture kernel
    41c7096286aa ARM: OMAP1: clock: Fix UART rate reporting algorithm
    e54fd01178eb fs: jfs: fix possible NULL pointer dereference in dbFree()
    a0180e324a9a PM / devfreq: rk3399_dmc: Disable edev on remove()
    1995a60be7cb ARM: dts: ox820: align interrupt controller node name with dtschema
    58e55f4f5a2a IB/rdmavt: add missing locks in rvt_ruc_loopback
    56fd9dcfe10c selftests/bpf: fix btf_dump/btf_dump due to recent clang change
    063d945795a0 eth: tg3: silence the GCC 12 array-bounds warning
    88d730463e9b rxrpc: Return an error to sendmsg if call failed
    1ec0bc72f5da hwmon: Make chip parameter for with_info API mandatory
    a7a41dd47303 ASoC: max98357a: remove dependency on GPIOLIB
    3cf43978ffd1 media: exynos4-is: Fix compile warning
    1e5fbfc2a6f3 net: phy: micrel: Allow probing without .driver_data
    9d1764b9266b nbd: Fix hung on disconnect request if socket is closed before
    abe7554da62c ASoC: rt5645: Fix errorenous cleanup order
    f76729662650 nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
    69edf28d2c42 openrisc: start CPU timer early in boot
    67fb49438858 media: cec-adap.c: fix is_configuring state
    4172a34ef93f media: coda: limit frame interval enumeration to supported encoder frame sizes
    8f2a5721cdc3 rtlwifi: Use pr_warn instead of WARN_ONCE
    2d966c94adce ipmi: Fix pr_fmt to avoid compilation issues
    2064a1eab2ec ipmi:ssif: Check for NULL msg when handling events and messages
    17cfc9455830 ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
    5a71f14a9b2e dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
    6583d0d6ad6d spi: stm32-qspi: Fix wait_cmd timeout in APM mode
    1651a95517fb s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
    890b16b4709d ASoC: tscs454: Add endianness flag in snd_soc_component_driver
    00771de7cc28 HID: bigben: fix slab-out-of-bounds Write in bigben_probe
    0d7074792bb9 drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
    2317f3bfda6d mlxsw: spectrum_dcb: Do not warn about priority changes
    121f56a9a832 ASoC: dapm: Don't fold register value changes into notifications
    430af81135d5 net/mlx5: fs, delete the FTE when there are no rules attached to it
    f857855a8a83 ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
    b507f067e9fc drm: msm: fix error check return value of irq_of_parse_and_map()
    efd183d988b4 arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
    a610cfe56c38 drm/amd/pm: fix the compile warning
    1e29d829ad51 drm/plane: Move range check for format_count earlier
    e1599ced6be1 scsi: megaraid: Fix error check return value of register_chrdev()
    7923f95997a7 mmc: jz4740: Apply DMA engine limits to maximum segment size
    0959aa00f976 md/bitmap: don't set sb values if can't pass sanity check
    222292930c8e media: cx25821: Fix the warning when removing the module
    fa636e9ee444 media: pci: cx23885: Fix the error handling in cx23885_initdev()
    0ac84ab50712 media: venus: hfi: avoid null dereference in deinit
    de16cdf0b73d ath9k: fix QCA9561 PA bias level
    af832028af6f drm/amd/pm: fix double free in si_parse_power_table()
    7bd0ac1e2345 tools/power turbostat: fix ICX DRAM power numbers
    6266ab1f31fa spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
    f68bed124c76 ALSA: jack: Access input_dev under mutex
    aea748501d09 drm/komeda: return early if drm_universal_plane_init() fails.
    8ded0af90e97 ACPICA: Avoid cache flush inside virtual machines
    c7b41fd76ce2 fbcon: Consistently protect deferred_takeover with console_lock()
    4460066eb248 ipv6: fix locking issues with loops over idev->addr_list
    8fb1b9beb085 ipw2x00: Fix potential NULL dereference in libipw_xmit()
    303380919df7 b43: Fix assigning negative value to unsigned variable
    60d515fd8797 b43legacy: Fix assigning negative value to unsigned variable
    92225d3c2241 mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
    f85cb059fad0 drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
    670f5e40d7b3 btrfs: repair super block num_devices automatically
    622ced791ed8 btrfs: add "0x" prefix for unsupported optional features
    0ca511204740 ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
    f5faa24137d7 ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
    e10356eae1c2 ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
    00c93ce2665c perf/x86/intel: Fix event constraints for ICL
    1b767500d151 usb: core: hcd: Add support for deferring roothub registration
    114790876393 USB: new quirk for Dell Gen 2 devices
    7c5a52dd4d91 USB: serial: option: add Quectel BG95 modem
    6b3ecb2d92a0 ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
    1c6cfb9e8a5c binfmt_flat: do not stop relocating GOT entries prematurely on riscv
    35c6471fd2c1 Linux 5.4.197
    e00c2f22fbfa bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
    a2235bc65ade NFSD: Fix possible sleep during nfsd4_release_lockowner()
    f5b6bc69a792 NFS: Memory allocation failures are not server fatal errors
    0490cd2aee18 docs: submitting-patches: Fix crossref to 'The canonical patch format'
    72ef5d01fe37 tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
    7ecd237e5036 tpm: Fix buffer access in tpm2_get_tpm_pt()
    396d1f51764d HID: multitouch: Add support for Google Whiskers Touchpad
    25f0e9459f94 raid5: introduce MD_BROKEN
    fd2f7e998485 dm verity: set DM_TARGET_IMMUTABLE feature flag
    f00597350210 dm stats: add cond_resched when looping over entries
    65e6282f0d75 dm crypt: make printing of the key constant-time
    a4415f39e3e8 dm integrity: fix error code in dm_integrity_ctr()
    fc658c083904 zsmalloc: fix races between asynchronous zspage free and page migration
    7632451ad926 crypto: ecrdsa - Fix incorrect use of vli_cmp
    b16bb373988d netfilter: conntrack: re-fetch conntrack after insertion
    1fe82bfd9e4c exec: Force single empty string when argv is empty
    241b566e0403 drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
    3dbab9e37ca1 cfg80211: set custom regdomain after wiphy registration
    039fa25d95ce assoc_array: Fix BUG_ON during garbage collect
    8c668da61bd0 drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
    fdcbdb3d089a i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
    827980029d0f net: ftgmac100: Disable hardware checksum on AST2600
    e619506ed010 net: af_key: check encryption module availability consistency
    fa77d2a3a755 pinctrl: sunxi: fix f1c100s uart2 function
    2208c31d864e ACPI: sysfs: Fix BERT error region memory mapping
    92d4b5e14830 ACPI: sysfs: Make sparse happy about address space in use
    5a73bd4f4710 media: vim2m: initialize the media device earlier
    b7248281afb1 media: vim2m: Register video device after setting up internals
    ab5b00cfe050 secure_seq: use the 64 bits of the siphash for port offset calculation
    80cca53a48c8 tcp: change source port randomizarion at connect() time
    9ce35dad5a1a Input: goodix - fix spurious key release events
    bdbc7ef3eb2c staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
    4f0750839421 x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
    8bb828229da9 lockdown: also lock down previous kgdb use

(From OE-Core rev: 5503425172d832dae12bad6af8ca22ece454e4b0)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
60a98feb86 vim: 8.2.5083 -> 9.0.0005
The license checksum changed due to a major version change in the referenced file.

(From OE-Core rev: cc245b75ebd8dfc4925a21e3ff08d841fef77635)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89f34d8aa4f4572d048dbb732ca4c83d443157fb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Ranjitsinh Rathod
6a3d60d873 openssl: Minor security upgrade 1.1.1o to 1.1.1p
This security upgrade fixes CVE-2022-2068 as per below link
Link: https://www.openssl.org/news/cl111.txt
Also, remove 73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch and
b7ce611887cfac633aacc052b2e71a7f195418b8.patch as these two are part
1.1.1p now

(From OE-Core rev: a8283f9251f59d86f93f9d7cfd4c7e29c61e4631)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Ross Burton
1c38d0d3d6 cve-check: hook cleanup to the BuildCompleted event, not CookerExit
The cve-check class writes temporary files to preserve state across the
build, and cleans them up in a CookerExit handler.

However, in memory-resident builds the cooker won't exit in between
builds, so the state isn't cleared and the CVE report generation fails:

NOTE: Generating JSON CVE summary
ERROR: Error adding the same package twice

Easily solved by hooking to BuildCompleted, instead of CookerExit.

(From OE-Core rev: ee3270709158aff463fec6798f3b8968268b4d4b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fccdcfd301de281a427bfee48d8ff47fa07b7259)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Richard Purdie
ca90350d13 cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
Remove obsolete comments/data from the file. Add in three CVEs to ignore.
Two are qemu CVEs which upstream aren't particularly intersted in and aren't
serious issues. Also ignore the nasm CVE found from fuzzing as this isn't
a issue we'd expose from OE.

(From OE-Core rev: b82c95720488eea8ea4b5684c9f89e4931085fa5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68291026aab2fa6ee1260ca95198dd1d568521e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-15 12:29:17 +01:00
Ahmed Hossam
159a2de146 insane.bbclass: host-user-contaminated: Correct per package home path
The current home path that is compared against is incorrect as it is missing the
package name, this patch adds it.

[YOCTO #14553]

(From OE-Core rev: b75caf4a985e3c20996531785125eaffdc832104)

Signed-off-by: Ahmed Hossam <Ahmed.Hossam@opensynergy.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit ae8f22d9e2694eea5ede3b31c6f3bca404ea4a5a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Martin Jansa
684c5d4c12 wic: fix WicError message
* add missing % to print the values instead of:
  | INFO: Build artifacts not found, exiting.
  | INFO:   (Please check that the build artifacts for the machine
  | INFO:    selected in local.conf actually exist and that they
  | INFO:    are the correct artifacts for the image (.wks file)).
  |
  | ERROR: ("The artifact that couldn't be found was %s:\n  %s", 'kernel-dir', '/OE/build/deploy/images/qemux86-64')

(From OE-Core rev: c83cabad78dbc98bb72be7fd7dd51023853a3ff9)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e104c2b1273d8c5bd97893f318bf2a2699ef7f2d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Muhammad Hamza
8dfc7162e3 initramfs-framework: move storage mounts to actual rootfs
Operations such as mkfs fail on devices that are not
switched to the actual rootfs before switch_root is
called. The kernel interprets these devices as still
being used even after unmounting and errors such as
below are seen when the target is fully booted

root@v1000:~# umount /dev/sdb1
root@v1000:~# mkfs.ext4 /dev/sdb1
mke2fs 1.43.8 (1-Jan-2018)
/dev/sdb1 contains a ext4 file system
        last mounted on Wed Nov 28 07:33:54 2018
Proceed anyway? (y,N) y
/dev/sdb1 is apparently in use by the system; will not make a filesystem here!

(From OE-Core rev: ce27982c24d2398c9eadb9d4d9e7475509424195)

Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Muhammad Hamza <muhammad_hamza@mentor.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ec53ffd01972d1be2d6a28de828b3f0b80dc1e61)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Marek Vasut
d2f8a57a30 lttng-modules: Backport Linux 5.18+, 5.15.44+, 5.10.119+ fixes
The Linux kernel commit 14c174633f349 ("random: remove unused tracepoints")
removed unused tracepoints and has been backported to stable Linux kernel
releases. This causes build failure of lttng-modules:

"
lttng-modules-2.11.6/probes/lttng-probe-random.c:18:10: fatal error: trace/events/random.h: No such file or directory
|    18 | #include <trace/events/random.h>
|       |          ^~~~~~~~~~~~~~~~~~~~~~~
| compilation terminated.
"

Backport patches from lttng-modules master branch to address the build
failure on all of Linux 5.18.y, 5.15.y 5.10.y, 5.4, 4.19, 4.14, and 4.9 kernel versions.

(From OE-Core rev: 9f301f5563df868626d624c2d0781dae1b81a4c0)

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Cc: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Alexander Kanavin
0a0e0663ab wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
(From OE-Core rev: a0415549af8d10f4915c519433b49ce812bd2324)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c27711292f93dfad1ffdeab6d715becad32a4ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Marta Rybczynska
79b3e05767 oeqa/selftest/cve_check: add tests for Ignored and partial reports
Add testcases for partial reports with CVE_CHECK_REPORT_PATCHED and
Ignored CVEs.

(From OE-Core rev: 577d297babd7b399f631c8a95155265f08c5e193)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from 3f7639b90004973782a2e74925fd2e9a764c1090)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Hitendra Prajapati
b6f4778e37 grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content
Source: https://git.savannah.gnu.org/cgit/grub.git/
MR: 116495
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4
ChangeID: fce3d59e50320bef247bb981352051b8f953a4fc
Description:
        CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content.

Affects "grub2 < 2.06"

(From OE-Core rev: fd9dc688ead5cf0225cba94c380a618e332d548f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Marta Rybczynska
6e79d96c6d cve-check: add support for Ignored CVEs
Ignored CVEs aren't patched, but do not apply in our configuration
for some reason. Up till now they were only partially supported
and reported as "Patched".

This patch adds separate reporting of Ignored CVEs. The variable
CVE_CHECK_REPORT_PATCHED now manages reporting of both patched
and ignored CVEs.

(From OE-Core rev: 14b3c0ca46a0aa97565a24b7a5116306237d7cfe)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from c773102d4828fc4ddd1024f6115d577e23f1afe4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Richard Purdie
31b4392e6e unzip: Port debian fixes for two CVEs
Add two fixes from debian for two CVEs. From:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355

I wans't able to get the reproducers to work but the added error
checking isn't probably a bad thing.

(From OE-Core rev: 097469513f6dea7c678438e71a152f4e77fe670d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 054be00a632c2918dd1f973e76514e459fc6f017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Joe Slater
4bc2324a25 unzip: fix CVE-2021-4217
Avoid a null pointer dereference.

(From OE-Core rev: 357791da82f767ad695e4476aa12fea3d7db5e04)

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 36db85b9b127e5a9f5d3d6e428168cf597ab95f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Hitendra Prajapati
6013fc2606 golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header
Source: https://github.com/argoheyard/lang-net
MR: 114874
Type: Security Fix
Disposition: Backport from 701957006e
ChangeID: bd3c4f9f44dd1c45e810172087004778522d28eb
Description:
       CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header.

(From OE-Core rev: 2850ef58f2a39a5ab19b1062d1b50160fec4daa8)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Hitendra Prajapati
3f2da49c2b golang: CVE-2022-24675 encoding/pem: fix stack overflow in Decode
Source: https://go-review.googlesource.com/c/go
MR: 117551
Type: Security Fix
Disposition: Backport from https://go-review.googlesource.com/c/go/+/399816/
ChangeID: 347f22f93e8eaecb3d39f8d6c0fe5a70c5cf7b7c
Description:
        CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode.

(From OE-Core rev: 6625e24a6143765ce2e4e08d25e3fe021bc2cdf6)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-08 08:27:20 +01:00
Michael Opdenacker
02867c9039 manuals: switch to the sstate mirror shared between all versions
Following https://git.yoctoproject.org/poky/commit/?id=cf7d8894545b83f55420fa33f7848e1bfc6754ff

(From yocto-docs rev: 5a5499609bc1f6ac99ad909dc1aeb91505f5bd48)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-28 23:58:30 +01:00
Ross Burton
33a08f7b8f bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes
The keep alive timeout is excessively long at 83 minutes (5000 seconds),
reduce this to 10 minutes: this should be long enough that it rarely
triggers in normal builds, but when it does it has useful information.

(Bitbake rev: a496a8952d8542ce814b13f460811d8849d25a3c)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dcf52157d3635925491783be656c6b76d1efe1a4)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:23 +01:00
Ross Burton
07eca06c71 bitbake: knotty: display active tasks when printing keepAlive() message
In interactive bitbake sessions it is obvious what tasks are running
when one of them hangs or otherwise takes a long time. However, in
non-interactive sessions (such as automated builds) bitbake just prints
a message saying that it is "still alive" with no clues as to what tasks
are active still.

By simply listing the active tasks when printing the keep alive message,
we don't need to parse the bitbake log to identify which of the tasks
is still active and has presumably hung.

(Bitbake rev: 36fe8bae9fec61547ee0b13bcb721033afd3ac0e)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 30f6c3f175617beea8e8bb75dcf255611e3fc2fd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:22 +01:00
Richard Purdie
9f20f682ff bitbake: bin/bitbake-getvar: Add a new command to query a variable value (with history)
We've talked about having this for long enough. Add a command which queries a single
variable value with history. This saves "bitbake -e | grep" and avoids the
various pitfalls that has.

It also provides a neat example of using tinfoil to make such a query.

Parameters to limit the output to just the value, to limit to a variable flag
and to not expand the output are provided.

[YOCTO #10748]

(Bitbake rev: 47ed06d441152f8b6d374cacfac2c668c354423e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c1881b620e885f55d7772f8626b8a76c2828333)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:22 +01:00
Richard Purdie
6d1f8412be bitbake: tinfoil/data_smart: Allow variable history emit() to function remotely
We can't access the emit() function of varhistory currently as the datastore parameter
isn't handled correctly, nor is the output stream. Add a custom wrapper for this
function which handles the two details correctly.

(Bitbake rev: 144a1cfe8b60c677bb6ec66c242e064c7ba3ed88)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba0fa084ccd2b1ade96425d158fd31e49e42f286)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-26 12:14:22 +01:00
Dmitry Baryshkov
872caf23ad linux-firmware: upgrade 20220509 -> 20220610
Drop 0001-Makefile-replace-mkdir-by-install.patch merged upstream.

License-Update: additional files
(From OE-Core rev: c6f5fb5e7545636ef7948ad1562548b7b64dac35)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91cd99267157e860a108282aee13e162e8c10572)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit bcc5a22cd2b25c777315fe9d677fc0338ae2ab68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:46 +01:00
Dmitry Baryshkov
b9bffd7650 linux-firmware: add support for building snapshots
In some cases it is useful to be able to test the snapshot of
linux-firmware (e.g. to test if the updated firmware works on the
particular hardware). Allow building the linux-firmware snapshots.

To switch to the most recent branch, add the following lines to the
local.conf file:

PREFERRED_VERSION_linux-firmware = "1:20220509+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "4288aad55d189fa225d492526b8406d5"

(From OE-Core rev: 6654baf267003ac62bc886901e5197fc211239f4)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b023570ae1d239de14b50a0e827582d0e84ddf81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:46 +01:00
Nick Potenski
0b84202a2b systemd: systemd-systemctl: Support instance conf files during enable
Add ability to parse instance-specific conf files when
enabling an instance of a templated unit during postinstall.

(From OE-Core rev: f2d59bf2240eaf4c483edc4feb6e5d66b8dc387f)

Signed-off-by: Nick Potenski <nick.potenski@garmin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baa0ecf3271008cf60cd830c54a71f191aebb81c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:46 +01:00
Chee Yang Lee
ae90fa778a dpkg: update to 1.19.8
update include fixes for CVE-2022-1664.

(From OE-Core rev: 12169c1104adbfd9f5196fdbdab16536e98fd43f)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:45 +01:00
Hitendra Prajapati
fe6c34c48d golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
        CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
(From OE-Core rev: b835c65845b1445e1bb547c192cb22c2db4c7e6f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:45 +01:00
Hitendra Prajapati
2ae3d43628 python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references
Source: https://github.com/pypa/pip
MR: 113864
Type: Security Fix
Disposition: Backport from e46bdda971
ChangeID: 717948e217d6219d1f03afb4d984342d7dea4636
Description:
       CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references.

(From OE-Core rev: 841a8fb5b6351f79a4d756232a544d1a6480c562)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-24 23:57:45 +01:00
Jose Quaresma
5582ab6aae archiver: don't use machine variables in shared recipes
When using multiconfig with the same TMP folder we can have
races because the shared recipes like gcc-source run twice.

ARCHIVER_OUTDIR = ${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/
which includes TARGET_SYS and between the two different MACHINE values,
this changes  from 'arm-poky-linux-gnueabi' to 'aarch64-poky-linux'.
This leads to the task running twice, once for each multiconfig.

To solve this we need to store the shared output in a common place
for all machines and in this way the stamps will be the same for each
machine so the gcc-source will on run once regardless of the machine used.

(From OE-Core rev: 135adeb82c9303c26193bb6f6bd3bc696793aa62)

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5abe497aad39a6ce8d72556fcdda1938a0f8c1bc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Richard Purdie
d4c7b40039 gcc-source: Fix incorrect task dependencies from ${B}
Some tasks may reference ${B} for gcc-source which in general would not exist.
It has dependencies on HOST_SYS and TARGET_SYS which are not appropriate for a
shared recipe like gcc-source. This causes problems for the archiver and
multiconfigs in particlar.

Set B to something else to avoid these task hash issues.

Acked-by: Jose Quaresma <jose.quaresma@foundries.io>
(From OE-Core rev: 14aa189c2e47a2c5a4a0099235a2605666651f74)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit beb2a76c591e985c6fc7ed473abd1bee27f955a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Rasmus Villemoes
a2805141e9 e2fsprogs: add alternatives handling of lsattr as well
Building busybox with CONFIG_LSATTR=y and installing that in the same
filesystem as e2fsprogs breaks:

  ERROR: ... do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
  then please place them into pkg_postinst_ontarget:${PN} ().
  Deferring to first boot via 'exit 1' is no longer supported.

Fix that by also alternatifying lsattr just as chattr already is.

(From OE-Core rev: 28090d32c88d99ea36a03f3bb723838746001e4b)

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96703961eeb3460e9da26503d7942cc965d1e573)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Mingli Yu
7d9d97368b oescripts: change compare logic in OEListPackageconfigTests
When multilib enabled and add layers/meta-openembedded/meta-oe in
conf/bblayers.conf, it reports below error when run oe-selftest.
 $ oe-selftest -r  oescripts
 [snip]
 [20:36:33-0700] 2022-05-16 03:36:33,494 - oe-selftest - INFO - RESULTS - oescripts.OEListPackageconfigTests.test_packageconfig_flags_option_flags: FAILED (585.37s)
 [snip]

 It is because the output of "list-packageconfig-flags.py -f" as below:
 $ ../scripts/contrib/list-packageconfig-flags.py -f
 [snip]
 qt                     lib32-pinentry  lib32-wxwidgets  nativesdk-pinentry  pinentry  pinentry-native  wxwidgets  wxwidgets-native
 secret                 lib32-pinentry  nativesdk-pinentry  pinentry  pinentry-native
 [snip]

 But the check logic as below:
 class OEListPackageconfigTests(OEScriptTests):
    #oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
    def check_endlines(self, results,  expected_endlines):
        for line in results.output.splitlines():
            for el in expected_endlines:
                if line.split() == el.split():
                    expected_endlines.remove(el)
                    break

 def test_packageconfig_flags_option_flags(self):
        results = runCmd('%s/contrib/list-packageconfig-flags.py -f' % self.scripts_dir)
        expected_endlines = []
        expected_endlines.append("PACKAGECONFIG FLAG     RECIPE NAMES")
        expected_endlines.append("qt                     nativesdk-pinentry  pinentry  pinentry-native")
        expected_endlines.append("secret                 nativesdk-pinentry  pinentry  pinentry-native")

        self.check_endlines(results, expected_endlines)

And the test will fail as line.split() doesn't equal el.split() as
line.split() is ['lib32-pinentry', 'lib32-wxwidgets', 'nativesdk-pinentry',
'pinentry', 'pinentry-native', 'wxwidgets', 'wxwidgets-native'] and
el.split() is ['nativesdk-pinentry', 'pinentry', 'pinentry-native'].

So change the compare logic to fix the gap.

(From OE-Core rev: 9eecfbfc957359b7933f1e1bde3aba1780dde202)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 239f22847bcae0cb31769adb0a42b5440173a7c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Jose Quaresma
69fb63b4fc archiver: use bb.note instead of echo
(From OE-Core rev: fd1ed873ec00fda2f58370770ad7aed039bdc470)

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6420c8a6a8143f53ccad7ab2d56b2ba06db83099)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Martin Jansa
9638dc4826 rootfs.py: close kernel_abi_ver_file
* fixes:
  oe-core/meta/lib/oe/rootfs.py:331: ResourceWarning: unclosed file <_io.TextIOWrapper name='pkgdata/mach/kernel-depmod/kernel-abiversion' mode='r' encoding='UTF-8'>
  kernel_ver = open(kernel_abi_ver_file).read().strip(' \n')

(From OE-Core rev: b761150790231792b42a8eb534013f1e17b4efb3)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f9dd8ee063c1132265248457fcd628e1e93727be)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Peter Kjellerstedt
f51a254415 license.bbclass: Bound beginline and endline in copy_license_files()
Ensure that begin_idx (i.e., beginline - 1) and end_idx (i.e.,
endline) are positive numbers in copy_license_files(). This makes sure
the same lines are copied as populate_lic_qa_checksum() uses when it
calculates the checksum. Before, beginline=0 would typically lead to
that no lines were copied at all.

(From OE-Core rev: 27cd074d747c5ef4b475c8a62a8ede2bbe58f996)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ab3cc3651d08d226675c461da760cda0bb6c0ce0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Marcel Ziswiler
1487d68388 alsa-plugins: fix libavtp vs. avtp packageconfig
Fix PACKAGECONFIG to refer to libavtp instead of avtp as this is what
the project and everything is really called everywhere.

(From OE-Core rev: a1b73bc6ba90fb079e514e4eeda8e231a950b9f4)

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8824d91fe2063195014c38c134b97946d3b429c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Stefan Wiehler
8a382d8655 kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task
Several tasks deactivate exiting on non-zero return codes via set +e because
they run subcommands that have legitimate non-zero return codes. However when
appending to those tasks, this behavior is not expected and can lead to builds
silently proceeding in case of an error. Therefore reset the default behavior
at the end of the respective tasks via set -e.

(From OE-Core rev: 7777cc853db7200b819095be6f6a3561738ac94d)

Signed-off-by: Stefan Wiehler <stefan.wiehler@nokia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 83a6f28d2e464f00202090e998a63045adba9e4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Richard Purdie
8d6f9680e4 vim: Upgrade 8.2.5034 -> 8.2.5083
Includes fixes for CVE-2022-1927, CVE-2022-1942.

(From OE-Core rev: 2bba60d687fb45a8367cb683a8e9d385384ad51a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Pawan Badganchi
23ed0037b6 openssh: Whitelist CVE-2021-36368
As per debian, the issue is fixed by a feature called
"agent restriction" in openssh 8.9.
Urgency is unimportant as per debian, Hence this CVE is whitelisting.
Link:
https://security-tracker.debian.org/tracker/CVE-2021-36368
https://bugzilla.mindrot.org/show_bug.cgi?id=3316#c2
https://docs.ssh-mitm.at/trivialauth.html

(From OE-Core rev: 179b862e97d95ef57f8ee847e54a78b5f3f52ee7)

Signed-off-by: Pawan Badganchi <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Steve Sakoman
95cda9d091 cups: fix CVE-2022-26691
In scheduler/cert.c the previous algorithm didn't expect the strings can
have a different length, so one string can be a substring of the other
and such substring was reported as equal to the longer string.

Backport patch from upstream to fix:
de4f8c1961

CVE: CVE-2022-26691

(From OE-Core rev: cc657868d31cc8b4218a07aa10fa098c379e473c)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-22 23:46:32 +01:00
Richard Purdie
238fb89434 local.conf.sample: Update sstate url to new 'all' path
(From meta-yocto rev: 36f7c6b9ddbcd4f518aa199b523a0606d1f4018a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-15 17:12:41 +01:00
Bruce Ashfield
7f694e46a8 linux-yocto/5.4: update to v5.4.196
Updating  to the latest korg -stable release that comprises
the following commits:

    04b092e4a01a Linux 5.4.196
    dba1941f5bc3 afs: Fix afs_getattr() to refetch file status if callback break occurred
    ef5374d532ca i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
    10a221e2d3d8 x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
    a12884ff4340 x86/xen: fix booting 32-bit pv guest
    b2f140a9f980 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
    060f38b1dfb4 ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
    b38cf3cb17df firmware_loader: use kernel credentials when reading firmware
    e14e3856e94d net: stmmac: disable Split Header (SPH) for Intel platforms
    9ea8e6a8323e block: return ELEVATOR_DISCARD_MERGE if possible
    36ac6caf742d Input: ili210x - fix reset timing
    1c450bdf2e8c net: atlantic: verify hw_head_ lies within TX buffer ring
    e5307704c4ad net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
    91d8d7edf192 ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
    dd5de66f5c8a selftests: add ping test with ping_group_range tuned
    9919585e5f41 mac80211: fix rx reordering with non explicit / psmp ack policy
    19e2cd737c16 scsi: qla2xxx: Fix missed DMA unmap for aborted commands
    74168c2207a5 perf bench numa: Address compiler error on s390
    d1915d9c9fa3 gpio: mvebu/pwm: Refuse requests with inverted polarity
    3fdd67e83c42 gpio: gpio-vf610: do not touch other bits when set the target bit
    1fe6dc5f5d19 net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
    622be11fa385 igb: skip phy status check where unavailable
    eb92a8ecce23 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
    463a7b957db0 ARM: 9196/1: spectre-bhb: enable for Cortex-A15
    1b93631c77c9 net: af_key: add check for pfkey_broadcast in function pfkey_process
    c0be5fec786b net/mlx5e: Properly block LRO when XDP is enabled
    3277789f332e NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
    b368e07fb44d net/qla3xxx: Fix a test in ql_reset_work()
    d672eee9e404 clk: at91: generated: consider range when calculating best rate
    8cb1a05fe38b ice: fix possible under reporting of ethtool Tx and Rx statistics
    dc64e8874e87 net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
    32f779e6fbbe net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
    1eb2d7858155 net/sched: act_pedit: sanitize shift argument before usage
    50f70ee30236 net: macb: Increment rx bd head after allocating skb and buffer
    a42ffe88332c ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
    6493ff94c022 ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
    fe2a9469eca0 dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
    8cf6c24ed488 drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
    8be06f62b426 crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
    f4a093215b8e KVM: x86/mmu: Update number of zapped pages even if page list is stable
    de8745182749 PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
    3a12b2c413b2 Fix double fget() in vhost_net_set_backend()
    dd0ea88b0a0f perf: Fix sys_perf_event_open() race against self
    c8a5e14cb407 ALSA: wavefront: Proper check of get_user() error
    2f8f6c393b11 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
    975a0f14d5cd SUNRPC: Don't call connect() more than once on a TCP socket
    aa4d71edd609 SUNRPC: Prevent immediate close+reconnect
    2d6f096476e6 SUNRPC: Clean up scheduling of autoclose
    f3fe8d13ac89 mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
    def047ae1266 mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
    f10260f35992 mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
    1e93f939927d nilfs2: fix lockdep warnings during disk space reclamation
    307d021b1a7f nilfs2: fix lockdep warnings in page operations for btree nodes
    77b71a4c8767 ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
    54f7358be14d platform/chrome: cros_ec_debugfs: detach log reader wq from devm
    232128f6e60f drbd: remove usage of list iterator variable after loop
    83abb076f473 MIPS: lantiq: check the return value of kzalloc()
    e7947c031ffe rtc: mc146818-lib: Fix the AltCentury for AMD platforms
    7be785032c05 nvme-multipath: fix hang when disk goes live over reconnect
    ee0323cc8bbb ALSA: hda/realtek: Enable headset mic on Lenovo P360
    c0d86f2a3c03 crypto: x86/chacha20 - Avoid spurious jumps to other functions
    f0213894337a crypto: stm32 - fix reference leak in stm32_crc_remove
    8c015cd52442 Input: stmfts - fix reference leak in stmfts_input_open
    bb83a744bc67 Input: add bounds checking to input_set_capability()
    4fd396695646 um: Cleanup syscall_handler_t definition/cast, fix warning
    0c319b998835 rtc: fix use-after-free on device removal
    05df3bdbc259 x86/xen: Make the secondary CPU idle tasks reliable
    0d3817cb4ebe x86/xen: Make the boot CPU idle task reliable
    67e2b62461b5 floppy: use a statically allocated error counter
    0187300e6aa6 Linux 5.4.195
    8fcefb43ecfc tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
    6d80857c4fc7 ping: fix address binding wrt vrf
    7845532adb53 arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
    c0b735fef2af net: phy: Fix race condition on link status change
    a60def756821 MIPS: fix build with gcc-12
    a3112d5da17c drm/vmwgfx: Initialize drm_mode_fb_cmd2
    463c7431490d cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
    f25145c37c4e i40e: i40e_main: fix a missing check on list iterator
    17c744716af5 drm/nouveau/tegra: Stop using iommu_present()
    c8f567c46543 serial: 8250_mtk: Fix register address for XON/XOFF character
    aa3ea7451bd6 serial: 8250_mtk: Fix UART_EFR register address
    031fda28d0a6 slimbus: qcom: Fix IRQ check in qcom_slim_probe
    7de6f3059629 USB: serial: option: add Fibocom MA510 modem
    65732f62f730 USB: serial: option: add Fibocom L610 modem
    6c78537f3e29 USB: serial: qcserial: add support for Sierra Wireless EM7590
    e40d00494712 USB: serial: pl2303: add device id for HP LM930 Display
    056a56f8fbfe usb: typec: tcpci: Don't skip cleanup in .remove() on error
    457d9401b8c1 usb: cdc-wdm: fix reading stuck on device close
    4d93303fd877 tty: n_gsm: fix mux activation issues in gsm_config()
    6e34ee5b5b92 tcp: resalt the secret every 10 seconds
    39c26fe93c76 net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
    638bfbc84cca s390: disable -Warray-bounds
    f66d3fa5089f ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    13b850a6cc80 ASoC: max98090: Generate notifications on changes for custom control
    5c766c000a64 ASoC: max98090: Reject invalid values in custom control put()
    22f6c68b4927 hwmon: (f71882fg) Fix negative temperature
    208200e573bd gfs2: Fix filesystem block deallocation for short writes
    42daae7d845c net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    e038c457bd12 net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
    2ec2dd7d51a9 net/sched: act_pedit: really ensure the skb is writable
    48c6a40e2f25 s390/lcs: fix variable dereferenced before check
    467ddbbe7e74 s390/ctcm: fix potential memory leak
    2cbce0110070 s390/ctcm: fix variable dereferenced before check
    1c40e85d0aa0 hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    0a778db9319f dim: initialize all struct fields
    522986cc39c1 mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    0729594cb788 netlink: do not reset transport header in netlink_recvmsg()
    33ce32587c44 drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
    5809a1c53049 ipv4: drop dst in multicast routing path
    c9d75e87f45b net: Fix features skip in for_each_netdev_feature()
    5c9057670504 mac80211: Reset MBSSID parameters upon connection
    cfe74fd41f18 hwmon: (tmp401) Add OF device ID table
    3915341a935f batman-adv: Don't skb_split skbuffs with frag_list
    90659487578c Linux 5.4.194
    2f4e0bf651e3 mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
    e4db0c3ce0c5 mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
    ea9cad1c5d95 mm: fix missing cache flush for all tail pages of compound page
    45c05171d6e3 Bluetooth: Fix the creation of hdev->name
    f52c4c067aa5 KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
    c1bdf1e6e706 x86: kprobes: Prohibit probing on instruction which has emulate prefix
    6af6427a9600 x86: xen: insn: Decode Xen and KVM emulate-prefix signature
    c67a4a91f5e1 x86: xen: kvm: Gather the definition of emulate prefixes
    4c39e1ace3dc x86/asm: Allow to pass macros to __ASM_FORM()
    29afcd5af012 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
    ea65a7d76c00 arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
    5755f946a89f can: grcan: only use the NAPI poll budget for RX
    caba5c13a892 can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
    76b64c690f03 nfp: bpf: silence bitwise vs. logical OR warning
    86ccefb83ede drm/i915: Cast remain to unsigned long in eb_relocate_vma
    de542bd76541 drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
    e6ff94d31c53 block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
    f668da98ad83 MIPS: Use address-of operator on section symbols
    01565c91b789 Linux 5.4.193
    8a7f92053dc9 mmc: rtsx: add 74 Clocks in power on flow
    d789b9891761 PCI: aardvark: Fix reading MSI interrupt number
    253bc43ca5b7 PCI: aardvark: Clear all MSIs at setup
    786dc86c8434 dm: interlock pending dm_io and dm_wait_for_bios_completion
    ad1393b92e50 dm: fix mempool NULL pointer race when completing IO
    40bcd39a0093 tcp: make sure treq->af_specific is initialized
    9661bf674d6a ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
    37b12c16beb6 ALSA: pcm: Fix races among concurrent prealloc proc writes
    2a559eec81ac ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    08d1807f097a ALSA: pcm: Fix races among concurrent read/write and buffer changes
    fbeb492694ce ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    f098f8b9820f mm: fix unexpected zeroed page mapping with zram swap
    c7337efd1d11 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
    9588ac2eddc2 net: ipv6: ensure we call ipv6_mc_down() at most once
    367b49086b41 KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
    c2fadf2d0ab4 x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
    8b78939f4b0b kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
    f455c8e657e3 NFSv4: Don't invalidate inode attributes on delegation return
    89e7a625ec5c drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
    1d14c1c7a3bd net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
    2b99ff4c3e3e btrfs: always log symlinks in full mode
    dc4784489426 smsc911x: allow using IRQ0
    cff6cb162f7a bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
    64ece01adb42 selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
    52401926c863 net: emaclite: Add error handling for of_address_to_resource()
    354cac1e392b net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
    0510b6ccfb4f net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
    102986592ffd RDMA/siw: Fix a condition race issue in MPA request processing
    e6ae21eb948a ASoC: dmaengine: Restore NULL prepare_slave_config() callback
    df3ea6cc1af5 hwmon: (adt7470) Fix warning on module removal
    01d4363dd717 NFC: netlink: fix sleep in atomic bug when firmware download timeout
    33d3e76fc7a7 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
    85aecdef77f9 nfc: replace improper check device_is_registered() in netlink related functions
    da9eb43b9a56 can: grcan: use ofdev->dev when allocating DMA memory
    8b451b7d7e95 can: grcan: grcan_close(): fix deadlock
    8f4246450a95 s390/dasd: Fix read inconsistency for ESE DASD devices
    91193a2c2f4f s390/dasd: Fix read for ESE with blksize < 4k
    1aa75808edd8 s390/dasd: prevent double format of tracks for ESE devices
    061a424dd1c4 s390/dasd: fix data corruption for ESE devices
    860db6cdc5be ASoC: meson: Fix event generation for G12A tohdmi mux
    d4864e8c4ba8 ASoC: wm8958: Fix change notifications for DSP controls
    6723ab2ed8bb ASoC: da7219: Fix change notifications for tone generator frequency
    ac5894fb8626 genirq: Synchronize interrupt thread startup
    8624e2c5af95 ACPICA: Always create namespace nodes using acpi_ns_create_node()
    27183539cfac firewire: core: extend card->lock in fw_core_handle_bus_reset
    2fefc6259861 firewire: remove check of list iterator against head past the loop body
    34b9b9182911 firewire: fix potential uaf in outbound_phy_packet_callback()
    f6b6e9336936 Revert "SUNRPC: attempt AF_LOCAL connect on setup"
    d403ff32e566 gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
    94842485b4ec ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
    73ce49fa59a7 parisc: Merge model and model name into one line in /proc/cpuinfo
    0d5bb59858c6 MIPS: Fix CP0 counter erratum detection for R4k CPUs

(From OE-Core rev: 7e056e79a5acce8261cb5124c172cc40ad608b82)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
e873840317 cve-update-db-native: make it possible to disable database updates
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.

Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.

(From OE-Core rev: 487a53522a739b9a52720c4c40b93f88ad77d242)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c2269240327c2a8f93b9e55354698f52c976f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
9868f99149 cve-check: add coverage statistics on recipes with/without CVEs
Until now the CVE checker was giving information about CVEs found for
a product (or more products) contained in a recipe. However, there was
no easy way to find out which products or recipes have no CVEs. Having
no reported CVEs might mean there are simply none, but can also mean
a product name (CPE) mismatch.

This patch adds CVE_CHECK_COVERAGE option enabling a new type of
statistics. Then we use the new JSON format to report the information.
The legacy text mode report does not contain it.

This option is expected to help with an identification of recipes with
mismatched CPEs, issues in the database and more.

This work is based on [1], but adding the JSON format makes it easier
to implement, without additional result files.

[1] https://lists.openembedded.org/g/openembedded-core/message/159873

(From OE-Core rev: c63d06becc340270573bdef2630749db1f5230d4)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d1849a1facd64fa0bcf8336a0ed5fbf71b2e3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
f2d12bc50b cve-check: write empty fragment files in the text mode
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.

However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.

Fix it by always writing a fragment file, even if empty.

(From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Marta Rybczynska
6cf824520a cve-check: move update_symlinks to a library
Move the function to a library, it could be useful in other places.

(From OE-Core rev: c8a0e7ecee15985f7eed10ce9c86c48a77c5b7c5)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit debd37abcdde8788761ebdb4a05bc61f7394cbb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Robert Joslyn
42bb9689a0 curl: Fix CVE_CHECK_WHITELIST typo
Fix typo to properly whitelist CVE-2021-22945.

(From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Robert Joslyn
7da79fcac2 curl: Backport CVE fixes
Backport patches to address CVE-2022-27774, CVE-2022-27781, and
CVE-2022-27782.

(From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Richard Purdie
1be2437fd2 libxslt: Mark CVE-2022-29824 as not applying
We have libxml2 2.9.10 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.

(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)

(From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2)

Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad63694e6d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
omkar patil
d3d92d7852 libxslt: Fix CVE-2021-30560
CVE: CVE-2021-30560

(From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817)

Signed-off-by: omkar patil <omkar.patil@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Hitendra Prajapati
6be9d793a3 pcre2: CVE-2022-1587 Out-of-bounds read
Source:  https://github.com/PCRE2Project/pcre2
MR: 118031
Type: Security Fix
Disposition: Backport from 03654e751e
ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933
Description:
	CVE-2022-1587  pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c.
(From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Hitendra Prajapati
77332ffb9b e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem
Source: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git
MR: 117430
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
ChangeID: e6db00c6e8375a2e869fd2e4ead61ca9149eb8fa
Description:
          CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem.
(From OE-Core rev: b4f9ba859ed1fe5e1d42258fee1dd2e8e85e7eba)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Steve Sakoman
99478d73c5 openssl: update the epoch time for ct_test ptest
We are getting an additional ptest failure after fixing the expired certificates.

Backport a patch from upstream to fix this.

(From OE-Core rev: 3af161acc13189cb68549f898f3964d83d00ce56)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:09 +01:00
Steve Sakoman
196895a482 openssl: backport fix for ptest certificate expiration
ptests in in openssl have started failing as test certificates have
expired. Backport a fix for this from upstream, replacing the test
certificates to allow the ptests to pass again.

(From OE-Core rev: 40858a05989d45b0c772fdec837d3dc95d4df59d)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:08 +01:00
Steve Sakoman
27877797c7 Revert "openssl: Backport fix for ptest cert expiry"
Version 1.1.1 requires additional changes

This reverts commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-06-11 10:06:08 +01:00
349 changed files with 16854 additions and 2265 deletions

48
bitbake/bin/bitbake-getvar Executable file
View File

@@ -0,0 +1,48 @@
#! /usr/bin/env python3
#
# Copyright (C) 2021 Richard Purdie
#
# SPDX-License-Identifier: GPL-2.0-only
#
import argparse
import io
import os
import sys
bindir = os.path.dirname(__file__)
topdir = os.path.dirname(bindir)
sys.path[0:0] = [os.path.join(topdir, 'lib')]
import bb.tinfoil
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Bitbake Query Variable")
parser.add_argument("variable", help="variable name to query")
parser.add_argument("-r", "--recipe", help="Recipe name to query", default=None, required=False)
parser.add_argument('-u', '--unexpand', help='Do not expand the value (with --value)', action="store_true")
parser.add_argument('-f', '--flag', help='Specify a variable flag to query (with --value)', default=None)
parser.add_argument('--value', help='Only report the value, no history and no variable name', action="store_true")
args = parser.parse_args()
if args.unexpand and not args.value:
print("--unexpand only makes sense with --value")
sys.exit(1)
if args.flag and not args.value:
print("--flag only makes sense with --value")
sys.exit(1)
with bb.tinfoil.Tinfoil(tracking=True) as tinfoil:
if args.recipe:
tinfoil.prepare(quiet=2)
d = tinfoil.parse_recipe(args.recipe)
else:
tinfoil.prepare(quiet=2, config_only=True)
d = tinfoil.config_data
if args.flag:
print(str(d.getVarFlag(args.variable, args.flag, expand=(not args.unexpand))))
elif args.value:
print(str(d.getVar(args.variable, expand=(not args.unexpand))))
else:
bb.data.emit_var(args.variable, d=d, all=True)

View File

@@ -20,6 +20,7 @@ Commands are queued in a CommandQueue
from collections import OrderedDict, defaultdict
import io
import bb.event
import bb.cooker
import bb.remotedata
@@ -478,6 +479,17 @@ class CommandsSync:
d = command.remotedatastores[dsindex].varhistory
return getattr(d, method)(*args, **kwargs)
def dataStoreConnectorVarHistCmdEmit(self, command, params):
dsindex = params[0]
var = params[1]
oval = params[2]
val = params[3]
d = command.remotedatastores[params[4]]
o = io.StringIO()
command.remotedatastores[dsindex].varhistory.emit(var, oval, val, o, d)
return o.getvalue()
def dataStoreConnectorIncHistCmd(self, command, params):
dsindex = params[0]
method = params[1]

View File

@@ -224,7 +224,12 @@ class Git(FetchMethod):
ud.shallow = False
if ud.usehead:
ud.unresolvedrev['default'] = 'HEAD'
# When usehead is set let's associate 'HEAD' with the unresolved
# rev of this repository. This will get resolved into a revision
# later. If an actual revision happens to have also been provided
# then this setting will be overridden.
for name in ud.names:
ud.unresolvedrev[name] = 'HEAD'
ud.basecmd = d.getVar("FETCHCMD_git") or "git -c core.fsyncobjectfiles=0"

View File

@@ -52,6 +52,12 @@ class WgetProgressHandler(bb.progress.LineFilterProgressHandler):
class Wget(FetchMethod):
# CDNs like CloudFlare may do a 'browser integrity test' which can fail
# with the standard wget/urllib User-Agent, so pretend to be a modern
# browser.
user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
"""Class to fetch urls via 'wget'"""
def supports(self, ud, d):
"""
@@ -91,10 +97,9 @@ class Wget(FetchMethod):
fetchcmd = self.basecmd
if 'downloadfilename' in ud.parm:
localpath = os.path.join(d.getVar("DL_DIR"), ud.localfile)
bb.utils.mkdirhier(os.path.dirname(localpath))
fetchcmd += " -O %s" % shlex.quote(localpath)
localpath = os.path.join(d.getVar("DL_DIR"), ud.localfile) + ".tmp"
bb.utils.mkdirhier(os.path.dirname(localpath))
fetchcmd += " -O %s" % shlex.quote(localpath)
if ud.user and ud.pswd:
fetchcmd += " --user=%s --password=%s --auth-no-challenge" % (ud.user, ud.pswd)
@@ -108,6 +113,10 @@ class Wget(FetchMethod):
self._runwget(ud, d, fetchcmd, False)
# Remove the ".tmp" and move the file into position atomically
# Our lock prevents multiple writers but mirroring code may grab incomplete files
os.rename(localpath, localpath[:-4])
# Sanity check since wget can pretend it succeed when it didn't
# Also, this used to happen if sourceforge sent us to the mirror page
if not os.path.exists(ud.localpath):
@@ -300,7 +309,7 @@ class Wget(FetchMethod):
# Some servers (FusionForge, as used on Alioth) require that the
# optional Accept header is set.
r.add_header("Accept", "*/*")
r.add_header("User-Agent", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/9.10 (karmic) Firefox/3.6.12")
r.add_header("User-Agent", self.user_agent)
def add_basic_auth(login_str, request):
'''Adds Basic auth to http request, pass in login:password as string'''
import base64
@@ -404,9 +413,8 @@ class Wget(FetchMethod):
"""
f = tempfile.NamedTemporaryFile()
with tempfile.TemporaryDirectory(prefix="wget-index-") as workdir, tempfile.NamedTemporaryFile(dir=workdir, prefix="wget-listing-") as f:
agent = "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/9.10 (karmic) Firefox/3.6.12"
fetchcmd = self.basecmd
fetchcmd += " -O " + f.name + " --user-agent='" + agent + "' '" + uri + "'"
fetchcmd += " -O " + f.name + " --user-agent='" + self.user_agent + "' '" + uri + "'"
try:
self._runwget(ud, d, fetchcmd, True, workdir=workdir)
fetchresult = f.read()

View File

@@ -24,6 +24,7 @@ import pickle
from multiprocessing import Process
import shlex
import pprint
import time
bblogger = logging.getLogger("BitBake")
logger = logging.getLogger("BitBake.RunQueue")
@@ -142,6 +143,55 @@ class RunQueueScheduler(object):
self.buildable.append(tid)
self.rev_prio_map = None
self.is_pressure_usable()
def is_pressure_usable(self):
"""
If monitoring pressure, return True if pressure files can be open and read. For example
openSUSE /proc/pressure/* files have readable file permissions but when read the error EOPNOTSUPP (Operation not supported)
is returned.
"""
if self.rq.max_cpu_pressure or self.rq.max_io_pressure or self.rq.max_memory_pressure:
try:
with open("/proc/pressure/cpu") as cpu_pressure_fds, \
open("/proc/pressure/io") as io_pressure_fds, \
open("/proc/pressure/memory") as memory_pressure_fds:
self.prev_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1]
self.prev_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1]
self.prev_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1]
self.prev_pressure_time = time.time()
self.check_pressure = True
except:
bb.note("The /proc/pressure files can't be read. Continuing build without monitoring pressure")
self.check_pressure = False
else:
self.check_pressure = False
def exceeds_max_pressure(self):
"""
Monitor the difference in total pressure at least once per second, if
BB_PRESSURE_MAX_{CPU|IO|MEMORY} are set, return True if above threshold.
"""
if self.check_pressure:
with open("/proc/pressure/cpu") as cpu_pressure_fds, \
open("/proc/pressure/io") as io_pressure_fds, \
open("/proc/pressure/memory") as memory_pressure_fds:
# extract "total" from /proc/pressure/{cpu|io}
curr_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1]
curr_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1]
curr_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1]
exceeds_cpu_pressure = self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure
exceeds_io_pressure = self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure
exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure
now = time.time()
if now - self.prev_pressure_time > 1.0:
self.prev_cpu_pressure = curr_cpu_pressure
self.prev_io_pressure = curr_io_pressure
self.prev_memory_pressure = curr_memory_pressure
self.prev_pressure_time = now
return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure)
return False
def next_buildable_task(self):
"""
@@ -155,6 +205,12 @@ class RunQueueScheduler(object):
if not buildable:
return None
# Bitbake requires that at least one task be active. Only check for pressure if
# this is the case, otherwise the pressure limitation could result in no tasks
# being active and no new tasks started thereby, at times, breaking the scheduler.
if self.rq.stats.active and self.exceeds_max_pressure():
return None
# Filter out tasks that have a max number of threads that have been exceeded
skip_buildable = {}
for running in self.rq.runq_running.difference(self.rq.runq_complete):
@@ -1700,6 +1756,9 @@ class RunQueueExecute:
self.number_tasks = int(self.cfgData.getVar("BB_NUMBER_THREADS") or 1)
self.scheduler = self.cfgData.getVar("BB_SCHEDULER") or "speed"
self.max_cpu_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_CPU")
self.max_io_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_IO")
self.max_memory_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_MEMORY")
self.sq_buildable = set()
self.sq_running = set()
@@ -1735,6 +1794,29 @@ class RunQueueExecute:
if self.number_tasks <= 0:
bb.fatal("Invalid BB_NUMBER_THREADS %s" % self.number_tasks)
lower_limit = 1.0
upper_limit = 1000000.0
if self.max_cpu_pressure:
self.max_cpu_pressure = float(self.max_cpu_pressure)
if self.max_cpu_pressure < lower_limit:
bb.fatal("Invalid BB_PRESSURE_MAX_CPU %s, minimum value is %s." % (self.max_cpu_pressure, lower_limit))
if self.max_cpu_pressure > upper_limit:
bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_CPU is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_cpu_pressure))
if self.max_io_pressure:
self.max_io_pressure = float(self.max_io_pressure)
if self.max_io_pressure < lower_limit:
bb.fatal("Invalid BB_PRESSURE_MAX_IO %s, minimum value is %s." % (self.max_io_pressure, lower_limit))
if self.max_io_pressure > upper_limit:
bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_IO is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure))
if self.max_memory_pressure:
self.max_memory_pressure = float(self.max_memory_pressure)
if self.max_memory_pressure < lower_limit:
bb.fatal("Invalid BB_PRESSURE_MAX_MEMORY %s, minimum value is %s." % (self.max_memory_pressure, lower_limit))
if self.max_memory_pressure > upper_limit:
bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_MEMORY is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure))
# List of setscene tasks which we've covered
self.scenequeue_covered = set()
# List of tasks which are covered (including setscene ones)

View File

@@ -650,6 +650,58 @@ class FetcherLocalTest(FetcherTest):
with self.assertRaises(bb.fetch2.UnpackError):
self.fetchUnpack(['file://a;subdir=/bin/sh'])
def test_local_gitfetch_usehead(self):
# Create dummy local Git repo
src_dir = tempfile.mkdtemp(dir=self.tempdir,
prefix='gitfetch_localusehead_')
src_dir = os.path.abspath(src_dir)
bb.process.run("git init", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit'",
cwd=src_dir)
# Use other branch than master
bb.process.run("git checkout -b my-devel", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit 2'",
cwd=src_dir)
stdout = bb.process.run("git rev-parse HEAD", cwd=src_dir)
orig_rev = stdout[0].strip()
# Fetch and check revision
self.d.setVar("SRCREV", "AUTOINC")
url = "git://" + src_dir + ";protocol=file;usehead=1"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
fetcher.unpack(self.unpackdir)
stdout = bb.process.run("git rev-parse HEAD",
cwd=os.path.join(self.unpackdir, 'git'))
unpack_rev = stdout[0].strip()
self.assertEqual(orig_rev, unpack_rev)
def test_local_gitfetch_usehead_withname(self):
# Create dummy local Git repo
src_dir = tempfile.mkdtemp(dir=self.tempdir,
prefix='gitfetch_localusehead_')
src_dir = os.path.abspath(src_dir)
bb.process.run("git init", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit'",
cwd=src_dir)
# Use other branch than master
bb.process.run("git checkout -b my-devel", cwd=src_dir)
bb.process.run("git commit --allow-empty -m'Dummy commit 2'",
cwd=src_dir)
stdout = bb.process.run("git rev-parse HEAD", cwd=src_dir)
orig_rev = stdout[0].strip()
# Fetch and check revision
self.d.setVar("SRCREV", "AUTOINC")
url = "git://" + src_dir + ";protocol=file;usehead=1;name=newName"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
fetcher.unpack(self.unpackdir)
stdout = bb.process.run("git rev-parse HEAD",
cwd=os.path.join(self.unpackdir, 'git'))
unpack_rev = stdout[0].strip()
self.assertEqual(orig_rev, unpack_rev)
class FetcherNoNetworkTest(FetcherTest):
def setUp(self):
super().setUp()
@@ -1698,7 +1750,7 @@ class GitShallowTest(FetcherTest):
self.add_empty_file('bsub', cwd=smdir)
self.git('submodule init', cwd=self.srcdir)
self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('-c protocol.file.allow=always submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('submodule update', cwd=self.srcdir)
self.git('commit -m submodule -a', cwd=self.srcdir)
@@ -1730,7 +1782,7 @@ class GitShallowTest(FetcherTest):
self.add_empty_file('bsub', cwd=smdir)
self.git('submodule init', cwd=self.srcdir)
self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('-c protocol.file.allow=always submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('submodule update', cwd=self.srcdir)
self.git('commit -m submodule -a', cwd=self.srcdir)

View File

@@ -53,6 +53,10 @@ class TinfoilDataStoreConnectorVarHistory:
def remoteCommand(self, cmd, *args, **kwargs):
return self.tinfoil.run_command('dataStoreConnectorVarHistCmd', self.dsindex, cmd, args, kwargs)
def emit(self, var, oval, val, o, d):
ret = self.tinfoil.run_command('dataStoreConnectorVarHistCmdEmit', self.dsindex, var, oval, val, d.dsindex)
o.write(ret)
def __getattr__(self, name):
if not hasattr(bb.data_smart.VariableHistory, name):
raise AttributeError("VariableHistory has no such method %s" % name)

View File

@@ -227,7 +227,9 @@ class TerminalFilter(object):
def keepAlive(self, t):
if not self.cuu:
print("Bitbake still alive (%ds)" % t)
print("Bitbake still alive (no events for %ds). Active tasks:" % t)
for t in self.helper.running_tasks:
print(t)
sys.stdout.flush()
def updateFooter(self):
@@ -597,7 +599,8 @@ def main(server, eventHandler, params, tf = TerminalFilter):
warnings = 0
taskfailures = []
printinterval = 5000
printintervaldelta = 10 * 60 # 10 minutes
printinterval = printintervaldelta
lastprint = time.time()
termfilter = tf(main, helper, console_handlers, params.options.quiet)
@@ -607,7 +610,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
try:
if (lastprint + printinterval) <= time.time():
termfilter.keepAlive(printinterval)
printinterval += 5000
printinterval += printintervaldelta
event = eventHandler.waitEvent(0)
if event is None:
if main.shutdown > 1:
@@ -638,7 +641,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
if isinstance(event, logging.LogRecord):
lastprint = time.time()
printinterval = 5000
printinterval = printintervaldelta
if event.levelno >= bb.msg.BBLogFormatter.ERROR:
errors = errors + 1
return_value = 1

View File

@@ -421,12 +421,14 @@ def better_eval(source, locals, extraglobals = None):
return eval(source, ctx, locals)
@contextmanager
def fileslocked(files):
def fileslocked(files, *args, **kwargs):
"""Context manager for locking and unlocking file locks."""
locks = []
if files:
for lockfile in files:
locks.append(bb.utils.lockfile(lockfile))
l = bb.utils.lockfile(lockfile, *args, **kwargs)
if l is not None:
locks.append(l)
try:
yield
@@ -459,9 +461,16 @@ def lockfile(name, shared=False, retry=True, block=False):
consider the possibility of sending a signal to the process to break
out - at which point you want block=True rather than retry=True.
"""
basename = os.path.basename(name)
if len(basename) > 255:
root, ext = os.path.splitext(basename)
basename = root[:255 - len(ext)] + ext
dirname = os.path.dirname(name)
mkdirhier(dirname)
name = os.path.join(dirname, basename)
if not os.access(dirname, os.W_OK):
logger.error("Unable to acquire lock '%s', directory is not writable",
name)
@@ -495,7 +504,7 @@ def lockfile(name, shared=False, retry=True, block=False):
return lf
lf.close()
except OSError as e:
if e.errno == errno.EACCES:
if e.errno == errno.EACCES or e.errno == errno.ENAMETOOLONG:
logger.error("Unable to acquire lock '%s', %s",
e.strerror, name)
sys.exit(1)

View File

@@ -222,19 +222,10 @@ an entire Linux distribution, including the toolchain, from source.
.. tip::
You can significantly speed up your build and guard against fetcher
failures by using mirrors. To use mirrors, add these lines to your
local.conf file in the Build directory: ::
failures by using mirrors. To use mirrors, add this line to your
``local.conf`` file in the :term:`Build Directory`: ::
SSTATE_MIRRORS = "\
file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n \
file://.* http://sstate.yoctoproject.org/&YOCTO_DOC_VERSION_MINUS_ONE;/PATH;downloadfilename=PATH \n \
file://.* http://sstate.yoctoproject.org/&YOCTO_DOC_VERSION;/PATH;downloadfilename=PATH \n \
"
The previous examples showed how to add sstate paths for Yocto Project
&YOCTO_DOC_VERSION_MINUS_ONE;, &YOCTO_DOC_VERSION;, and a development
area. For a complete index of sstate locations, see http://sstate.yoctoproject.org/.
SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
#. **Start the Build:** Continue with the following command to build an OS
image for the target, which is ``core-image-sato`` in this example:

View File

@@ -2628,7 +2628,7 @@ Recipe Syntax
Understanding recipe file syntax is important for writing recipes. The
following list overviews the basic items that make up a BitBake recipe
file. For more complete BitBake syntax descriptions, see the
":doc:`bitbake-user-manual/bitbake-user-manual-metadata`"
":doc:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata`"
chapter of the BitBake User Manual.
- *Variable Assignments and Manipulations:* Variable assignments allow
@@ -3854,7 +3854,7 @@ Setting Up and Running a Multiple Configuration Build
To accomplish a multiple configuration build, you must define each
target's configuration separately using a parallel configuration file in
the :term:`Build Directory`, and you
the :term:`Build Directory` or configuration directory within a layer, and you
must follow a required file hierarchy. Additionally, you must enable the
multiple configuration builds in your ``local.conf`` file.
@@ -3862,47 +3862,47 @@ Follow these steps to set up and execute multiple configuration builds:
- *Create Separate Configuration Files*: You need to create a single
configuration file for each build target (each multiconfig).
Minimally, each configuration file must define the machine and the
temporary directory BitBake uses for the build. Suggested practice
dictates that you do not overlap the temporary directories used
during the builds. However, it is possible that you can share the
temporary directory
(:term:`TMPDIR`). For example,
consider a scenario with two different multiconfigs for the same
The configuration definitions are implementation dependent but often
each configuration file will define the machine and the
temporary directory BitBake uses for the build. Whether the same
temporary directory (:term:`TMPDIR`) can be shared will depend on what is
similar and what is different between the configurations. Multiple MACHINE
targets can share the same (:term:`TMPDIR`) as long as the rest of the
configuration is the same, multiple DISTRO settings would need separate
(:term:`TMPDIR`) directories.
For example, consider a scenario with two different multiconfigs for the same
:term:`MACHINE`: "qemux86" built
for two distributions such as "poky" and "poky-lsb". In this case,
you might want to use the same ``TMPDIR``.
you would need to use the different :term:`TMPDIR`.
Here is an example showing the minimal statements needed in a
configuration file for a "qemux86" target whose temporary build
directory is ``tmpmultix86``:
::
directory is ``tmpmultix86``::
MACHINE = "qemux86"
TMPDIR = "${TOPDIR}/tmpmultix86"
The location for these multiconfig configuration files is specific.
They must reside in the current build directory in a sub-directory of
``conf`` named ``multiconfig``. Following is an example that defines
They must reside in the current :term:`Build Directory` in a sub-directory of
``conf`` named ``multiconfig`` or within a layer's ``conf`` directory
under a directory named ``multiconfig``. Following is an example that defines
two configuration files for the "x86" and "arm" multiconfigs:
.. image:: figures/multiconfig_files.png
:align: center
:width: 50%
The reason for this required file hierarchy is because the ``BBPATH``
variable is not constructed until the layers are parsed.
Consequently, using the configuration file as a pre-configuration
file is not possible unless it is located in the current working
directory.
The usual :term:`BBPATH` search path is used to locate multiconfig files in
a similar way to other conf files.
- *Add the BitBake Multi-configuration Variable to the Local
Configuration File*: Use the
:term:`BBMULTICONFIG`
variable in your ``conf/local.conf`` configuration file to specify
each multiconfig. Continuing with the example from the previous
figure, the ``BBMULTICONFIG`` variable needs to enable two
multiconfigs: "x86" and "arm" by specifying each configuration file:
::
figure, the :term:`BBMULTICONFIG` variable needs to enable two
multiconfigs: "x86" and "arm" by specifying each configuration file::
BBMULTICONFIG = "x86 arm"
@@ -3916,13 +3916,11 @@ Follow these steps to set up and execute multiple configuration builds:
with "".
- *Launch BitBake*: Use the following BitBake command form to launch
the multiple configuration build:
::
the multiple configuration build::
$ bitbake [mc:multiconfigname:]target [[[mc:multiconfigname:]target] ... ]
For the example in this section, the following command applies:
::
For the example in this section, the following command applies::
$ bitbake mc:x86:core-image-minimal mc:arm:core-image-sato mc::core-image-base
@@ -3937,7 +3935,7 @@ Follow these steps to set up and execute multiple configuration builds:
Support for multiple configuration builds in the Yocto Project &DISTRO;
(&DISTRO_NAME;) Release does not include Shared State (sstate)
optimizations. Consequently, if a build uses the same object twice
in, for example, two different ``TMPDIR``
in, for example, two different :term:`TMPDIR`
directories, the build either loads from an existing sstate cache for
that build at the start or builds the object fresh.
@@ -3958,38 +3956,34 @@ essentially that the
To enable dependencies in a multiple configuration build, you must
declare the dependencies in the recipe using the following statement
form:
::
form::
task_or_package[mcdepends] = "mc:from_multiconfig:to_multiconfig:recipe_name:task_on_which_to_depend"
To better show how to use this statement, consider the example scenario
from the first paragraph of this section. The following statement needs
to be added to the recipe that builds the ``core-image-sato`` image:
::
to be added to the recipe that builds the ``core-image-sato`` image::
do_image[mcdepends] = "mc:x86:arm:core-image-minimal:do_rootfs"
In this example, the `from_multiconfig` is "x86". The `to_multiconfig` is "arm". The
task on which the ``do_image`` task in the recipe depends is the
``do_rootfs`` task from the ``core-image-minimal`` recipe associated
task on which the :ref:`ref-tasks-image` task in the recipe depends is the
:ref:`ref-tasks-rootfs` task from the ``core-image-minimal`` recipe associated
with the "arm" multiconfig.
Once you set up this dependency, you can build the "x86" multiconfig
using a BitBake command as follows:
::
using a BitBake command as follows::
$ bitbake mc:x86:core-image-sato
This command executes all the tasks needed to create the
``core-image-sato`` image for the "x86" multiconfig. Because of the
dependency, BitBake also executes through the ``do_rootfs`` task for the
dependency, BitBake also executes through the :ref:`ref-tasks-rootfs` task for the
"arm" multiconfig build.
Having a recipe depend on the root filesystem of another build might not
seem that useful. Consider this change to the statement in the
``core-image-sato`` recipe:
::
``core-image-sato`` recipe::
do_image[mcdepends] = "mc:x86:arm:core-image-minimal:do_image"

View File

@@ -1986,9 +1986,7 @@ Behind the scenes, the shared state code works by looking in
shared state files. Here is an example:
::
SSTATE_MIRRORS ?= "\
file://.\* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \
file://.\* file:///some/local/dir/sstate/PATH"
SSTATE_MIRRORS ?= "file://.* https://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
.. note::

View File

@@ -1,13 +1,13 @@
DISTRO : "3.1.17"
DISTRO : "3.1.22"
DISTRO_NAME_NO_CAP : "dunfell"
DISTRO_NAME : "Dunfell"
DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus"
YOCTO_DOC_VERSION : "3.1.17"
YOCTO_DOC_VERSION : "3.1.22"
YOCTO_DOC_VERSION_MINUS_ONE : "3.0.4"
DISTRO_REL_TAG : "yocto-3.1.17"
DOCCONF_VERSION : "3.1.17"
DISTRO_REL_TAG : "yocto-3.1.22"
DOCCONF_VERSION : "3.1.22"
BITBAKE_SERIES : "1.46"
POKYVERSION : "23.0.17"
POKYVERSION : "23.0.22"
YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"
YOCTO_DL_URL : "https://downloads.yoctoproject.org"
YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"

View File

@@ -63,6 +63,8 @@ Project metadata:
- *keyboard:* Hardware has a keyboard
- *numa:* Hardware has non-uniform memory access
- *pcbios:* Support for booting through BIOS
- *pci:* Hardware has a PCI bus

View File

@@ -7542,7 +7542,7 @@ system and gives an overview of their function and contents.
``SYSTEMD_BOOT_CFG`` as follows:
::
SYSTEMD_BOOT_CFG ?= "${:term:`S`}/loader.conf"
SYSTEMD_BOOT_CFG ?= "${S}/loader.conf"
For information on Systemd-boot, see the `Systemd-boot
documentation <http://www.freedesktop.org/wiki/Software/systemd/systemd-boot/>`__.
@@ -8745,4 +8745,22 @@ system and gives an overview of their function and contents.
The default value of ``XSERVER``, if not specified in the machine
configuration, is "xserver-xorg xf86-video-fbdev xf86-input-evdev".
:term:`XZ_THREADS`
Specifies the number of parallel threads that should be used when
using xz compression.
By default this scales with core count, but is never set less than 2
to ensure that multi-threaded mode is always used so that the output
file contents are deterministic. Builds will work with a value of 1
but the output will differ compared to the output from the compression
generated when more than one thread is used.
On systems where many tasks run in parallel, setting a limit to this
can be helpful in controlling system resource usage.
:term:`XZ_MEMLIMIT`
Specifies the maximum memory the xz compression should use as a percentage
of system memory. If unconstrained the xz compressor can use large amounts of
memory and become problematic with parallelism elsewhere in the build.
"50%" has been found to be a good value.

View File

@@ -1,6 +1,6 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
DISTRO_VERSION = "3.1.17"
DISTRO_VERSION = "3.1.22"
DISTRO_CODENAME = "dunfell"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"

View File

@@ -231,7 +231,7 @@ BB_DISKMON_DIRS ??= "\
# present in the cache. It assumes you can download something faster than you can build it
# which will depend on your network.
#
#SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/2.5/PATH;downloadfilename=PATH"
#SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
#
# Qemu configuration

View File

@@ -1,6 +1,6 @@
SUMMARY = "An image used during oe-selftest tests"
IMAGE_INSTALL = "packagegroup-core-boot dropbear"
IMAGE_INSTALL = "packagegroup-core-boot packagegroup-core-ssh-dropbear"
IMAGE_FEATURES = "debug-tweaks"
IMAGE_LINGUAS = " "

View File

@@ -7,8 +7,8 @@ KMACHINE_genericx86 ?= "common-pc"
KMACHINE_genericx86-64 ?= "common-pc-64"
KMACHINE_beaglebone-yocto ?= "beaglebone"
SRCREV_machine_genericx86 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
SRCREV_machine_genericx86-64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
SRCREV_machine_genericx86 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
SRCREV_machine_genericx86-64 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
SRCREV_machine_edgerouter ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
SRCREV_machine_beaglebone-yocto ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
@@ -17,7 +17,7 @@ COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64"
COMPATIBLE_MACHINE_edgerouter = "edgerouter"
COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
LINUX_VERSION_genericx86 = "5.4.178"
LINUX_VERSION_genericx86-64 = "5.4.178"
LINUX_VERSION_genericx86 = "5.4.219"
LINUX_VERSION_genericx86-64 = "5.4.219"
LINUX_VERSION_edgerouter = "5.4.58"
LINUX_VERSION_beaglebone-yocto = "5.4.58"

View File

@@ -54,9 +54,10 @@ ARCHIVER_MODE[mirror] ?= "split"
DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources"
ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources"
ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/"
ARCHIVER_ARCH = "${TARGET_SYS}"
ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${ARCHIVER_ARCH}/${PF}/"
ARCHIVER_RPMTOPDIR ?= "${WORKDIR}/deploy-sources-rpm"
ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${TARGET_SYS}/${PF}/"
ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${ARCHIVER_ARCH}/${PF}/"
ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/"
# When producing a combined mirror directory, allow duplicates for the case
@@ -100,6 +101,10 @@ python () {
bb.debug(1, 'archiver: %s is excluded, covered by gcc-source' % pn)
return
# TARGET_SYS in ARCHIVER_ARCH will break the stamp for gcc-source in multiconfig
if pn.startswith('gcc-source'):
d.setVar('ARCHIVER_ARCH', "allarch")
def hasTask(task):
return bool(d.getVarFlag(task, "task", False)) and not bool(d.getVarFlag(task, "noexec", False))
@@ -578,7 +583,7 @@ python do_dumpdata () {
SSTATETASKS += "do_deploy_archives"
do_deploy_archives () {
echo "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}."
bbnote "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}."
}
python do_deploy_archives_setscene () {
sstate_setscene(d)

View File

@@ -139,7 +139,7 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
# /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc)
# would return /usr/local/bin/ccache/gcc, but what we need is
# /usr/bin/gcc, this code can check and fix that.
if "ccache" in srctool:
if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache':
srctool = bb.utils.which(path, tool, executable=True, direction=1)
if srctool:
os.symlink(srctool, desttool)

View File

@@ -30,8 +30,9 @@ bin_package_do_install () {
bbfatal bin_package has nothing to install. Be sure the SRC_URI unpacks into S.
fi
cd ${S}
install -d ${D}${base_prefix}
tar --no-same-owner --exclude='./patches' --exclude='./.pc' -cpf - . \
| tar --no-same-owner -xpf - -C ${D}
| tar --no-same-owner -xpf - -C ${D}${base_prefix}
}
FILES_${PN} = "/"

View File

@@ -47,7 +47,9 @@ CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
# Report Patched or Ignored/Whitelisted CVEs
CVE_CHECK_REPORT_PATCHED ??= "1"
CVE_CHECK_SHOW_WARNINGS ??= "1"
# Provide text output
@@ -56,6 +58,9 @@ CVE_CHECK_FORMAT_TEXT ??= "1"
# Provide JSON output - disabled by default for backward compatibility
CVE_CHECK_FORMAT_JSON ??= "0"
# Check for packages without CVEs (no issues or missing product name)
CVE_CHECK_COVERAGE ??= "1"
# Whitelist for packages (PN)
CVE_CHECK_PN_WHITELIST ?= ""
@@ -76,16 +81,10 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
# set to "alphabetical" for version using single alphabetical character as increment release
CVE_VERSION_SUFFIX ??= ""
def update_symlinks(target_path, link_path):
if link_path != target_path and os.path.exists(target_path):
if os.path.exists(os.path.realpath(link_path)):
os.remove(link_path)
os.symlink(os.path.basename(target_path), link_path)
def generate_json_report(d, out_path, link_path):
if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
import json
from oe.cve_check import cve_check_merge_jsons
from oe.cve_check import cve_check_merge_jsons, update_symlinks
bb.note("Generating JSON CVE summary")
index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
@@ -106,6 +105,7 @@ def generate_json_report(d, out_path, link_path):
python cve_save_summary_handler () {
import shutil
import datetime
from oe.cve_check import update_symlinks
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
@@ -136,18 +136,20 @@ python do_cve_check () {
"""
Check recipe for patched and unpatched CVEs
"""
from oe.cve_check import get_patched_cves
if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
try:
patched_cves = get_patches_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
whitelisted, patched, unpatched = check_cves(d, patched_cves)
if patched or unpatched:
cve_data = get_cve_info(d, patched + unpatched)
cve_write_data(d, patched, unpatched, whitelisted, cve_data)
else:
bb.note("No CVE database found, skipping CVE check")
with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True):
if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
try:
patched_cves = get_patched_cves(d)
except FileNotFoundError:
bb.fatal("Failure in searching patches")
ignored, patched, unpatched, status = check_cves(d, patched_cves)
if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
cve_data = get_cve_info(d, patched + unpatched + ignored)
cve_write_data(d, patched, unpatched, ignored, cve_data, status)
else:
bb.note("No CVE database found, skipping CVE check")
}
@@ -164,7 +166,7 @@ python cve_check_cleanup () {
}
addhandler cve_check_cleanup
cve_check_cleanup[eventmask] = "bb.cooker.CookerExit"
cve_check_cleanup[eventmask] = "bb.event.BuildCompleted"
python cve_check_write_rootfs_manifest () {
"""
@@ -174,7 +176,7 @@ python cve_check_write_rootfs_manifest () {
import shutil
import json
from oe.rootfs import image_list_installed_packages
from oe.cve_check import cve_check_merge_jsons
from oe.cve_check import cve_check_merge_jsons, update_symlinks
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
@@ -247,65 +249,6 @@ ROOTFS_POSTPROCESS_COMMAND_prepend = "${@'cve_check_write_rootfs_manifest; ' if
do_rootfs[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
do_populate_sdk[recrdeptask] += "${@'do_cve_check' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
def get_patches_cves(d):
"""
Get patches that solve CVEs using the "CVE: " tag.
"""
import re
pn = d.getVar("PN")
cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
# Matches the last "CVE-YYYY-ID" in the file name, also if written
# in lowercase. Possible to have multiple CVE IDs in a single
# file name, but only the last one will be detected from the file name.
# However, patch files contents addressing multiple CVE IDs are supported
# (cve_match regular expression)
cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
patched_cves = set()
bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
for url in src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
if not os.path.isfile(patch_file):
bb.error("File Not found: %s" % patch_file)
raise FileNotFoundError
# Check patch file name for CVE ID
fname_match = cve_file_name_match.search(patch_file)
if fname_match:
cve = fname_match.group(1).upper()
patched_cves.add(cve)
bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
with open(patch_file, "r", encoding="utf-8") as f:
try:
patch_text = f.read()
except UnicodeDecodeError:
bb.debug(1, "Failed to read patch %s using UTF-8 encoding"
" trying with iso8859-1" % patch_file)
f.close()
with open(patch_file, "r", encoding="iso8859-1") as f:
patch_text = f.read()
# Search for one or more "CVE: " lines
text_match = False
for match in cve_match.finditer(patch_text):
# Get only the CVEs without the "CVE: " tag
cves = patch_text[match.start()+5:match.end()]
for cve in cves.split():
bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
patched_cves.add(cve)
text_match = True
if not fname_match and not text_match:
bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
return patched_cves
def check_cves(d, patched_cves):
"""
Connect to the NVD database and find unpatched cves.
@@ -317,17 +260,20 @@ def check_cves(d, patched_cves):
suffix = d.getVar("CVE_VERSION_SUFFIX")
cves_unpatched = []
cves_ignored = []
cves_status = []
cves_in_recipe = False
# CVE_PRODUCT can contain more than one product (eg. curl/libcurl)
products = d.getVar("CVE_PRODUCT").split()
# If this has been unset then we're not scanning for CVEs here (for example, image recipes)
if not products:
return ([], [], [])
return ([], [], [], [])
pv = d.getVar("CVE_VERSION").split("+git")[0]
# If the recipe has been whitelisted we return empty lists
if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
bb.note("Recipe has been whitelisted, skipping check")
return ([], [], [])
return ([], [], [], [])
cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
@@ -337,28 +283,39 @@ def check_cves(d, patched_cves):
# For each of the known product names (e.g. curl has CPEs using curl and libcurl)...
for product in products:
cves_in_product = False
if ":" in product:
vendor, product = product.split(":", 1)
else:
vendor = "%"
# Find all relevant CVE IDs.
for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
for cverow in cve_cursor:
cve = cverow[0]
if cve in cve_whitelist:
bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
# TODO: this should be in the report as 'whitelisted'
patched_cves.add(cve)
cves_ignored.append(cve)
continue
elif cve in patched_cves:
bb.note("%s has been patched" % (cve))
continue
# Write status once only for each product
if not cves_in_product:
cves_status.append([product, True])
cves_in_product = True
cves_in_recipe = True
vulnerable = False
for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
ignored = False
product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
for row in product_cursor:
(_, _, _, version_start, operator_start, version_end, operator_end) = row
#bb.debug(2, "Evaluating row " + str(row))
if cve in cve_whitelist:
ignored = True
if (operator_start == '=' and pv == version_start) or version_start == '-':
vulnerable = True
@@ -391,18 +348,27 @@ def check_cves(d, patched_cves):
vulnerable = vulnerable_start or vulnerable_end
if vulnerable:
bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
cves_unpatched.append(cve)
if ignored:
bb.note("%s is ignored in %s-%s" % (cve, pn, real_pv))
cves_ignored.append(cve)
else:
bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
cves_unpatched.append(cve)
break
product_cursor.close()
if not vulnerable:
bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
# TODO: not patched but not vulnerable
patched_cves.add(cve)
cve_cursor.close()
if not cves_in_product:
bb.note("No CVE records found for product %s, pn %s" % (product, pn))
cves_status.append([product, False])
conn.close()
return (list(cve_whitelist), list(patched_cves), cves_unpatched)
return (list(cves_ignored), list(patched_cves), cves_unpatched, cves_status)
def get_cve_info(d, cves):
"""
@@ -416,14 +382,15 @@ def get_cve_info(d, cves):
conn = sqlite3.connect(db_file, uri=True)
for cve in cves:
for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
for row in cursor:
cve_data[row[0]] = {}
cve_data[row[0]]["summary"] = row[1]
cve_data[row[0]]["scorev2"] = row[2]
cve_data[row[0]]["scorev3"] = row[3]
cve_data[row[0]]["modified"] = row[4]
cve_data[row[0]]["vector"] = row[5]
cursor.close()
conn.close()
return cve_data
@@ -433,7 +400,6 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
CVE manifest if enabled.
"""
cve_file = d.getVar("CVE_CHECK_LOG")
fdir_name = d.getVar("FILE_DIRNAME")
layer = fdir_name.split("/")[-3]
@@ -441,12 +407,18 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1"
if exclude_layers and layer in exclude_layers:
return
if include_layers and layer not in include_layers:
return
# Early exit, the text format does not report packages without CVEs
if not patched+unpatched+whitelisted:
return
nvd_link = "https://nvd.nist.gov/vuln/detail/"
write_string = ""
unpatched_cves = []
@@ -454,13 +426,16 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
for cve in sorted(cve_data):
is_patched = cve in patched
if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
is_ignored = cve in whitelisted
if (is_patched or is_ignored) and not report_all:
continue
write_string += "LAYER: %s\n" % layer
write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
write_string += "CVE: %s\n" % cve
if cve in whitelisted:
if is_ignored:
write_string += "CVE STATUS: Whitelisted\n"
elif is_patched:
write_string += "CVE STATUS: Patched\n"
@@ -476,23 +451,22 @@ def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
if write_string:
with open(cve_file, "w") as f:
bb.note("Writing file %s with CVE information" % cve_file)
with open(cve_file, "w") as f:
bb.note("Writing file %s with CVE information" % cve_file)
f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
bb.utils.mkdirhier(os.path.dirname(deploy_file))
with open(deploy_file, "w") as f:
f.write(write_string)
if d.getVar("CVE_CHECK_COPY_FILES") == "1":
deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
bb.utils.mkdirhier(os.path.dirname(deploy_file))
with open(deploy_file, "w") as f:
f.write(write_string)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
bb.utils.mkdirhier(cvelogpath)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
bb.utils.mkdirhier(cvelogpath)
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file):
"""
@@ -524,7 +498,7 @@ def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_fi
with open(index_path, "a+") as f:
f.write("%s\n" % fragment_path)
def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
"""
Prepare CVE data for the JSON format, then write it.
"""
@@ -538,6 +512,8 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
report_all = d.getVar("CVE_CHECK_REPORT_PATCHED") == "1"
if exclude_layers and layer in exclude_layers:
return
@@ -546,20 +522,29 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
unpatched_cves = []
product_data = []
for s in cve_status:
p = {"product": s[0], "cvesInRecord": "Yes"}
if s[1] == False:
p["cvesInRecord"] = "No"
product_data.append(p)
package_version = "%s%s" % (d.getVar("EXTENDPE"), d.getVar("PV"))
package_data = {
"name" : d.getVar("PN"),
"layer" : layer,
"version" : package_version
"version" : package_version,
"products": product_data
}
cve_list = []
for cve in sorted(cve_data):
is_patched = cve in patched
is_ignored = cve in ignored
status = "Unpatched"
if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
if (is_patched or is_ignored) and not report_all:
continue
if cve in ignored:
if is_ignored:
status = "Ignored"
elif is_patched:
status = "Patched"
@@ -589,7 +574,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data):
cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file)
def cve_write_data(d, patched, unpatched, ignored, cve_data):
def cve_write_data(d, patched, unpatched, ignored, cve_data, status):
"""
Write CVE data in each enabled format.
"""
@@ -597,4 +582,4 @@ def cve_write_data(d, patched, unpatched, ignored, cve_data):
if d.getVar("CVE_CHECK_FORMAT_TEXT") == "1":
cve_write_data_text(d, patched, unpatched, ignored, cve_data)
if d.getVar("CVE_CHECK_FORMAT_JSON") == "1":
cve_write_data_json(d, patched, unpatched, ignored, cve_data)
cve_write_data_json(d, patched, unpatched, ignored, cve_data, status)

View File

@@ -60,7 +60,7 @@ python () {
if externalsrcbuild:
d.setVar('B', externalsrcbuild)
else:
d.setVar('B', '${WORKDIR}/${BPN}-${PV}/')
d.setVar('B', '${WORKDIR}/${BPN}-${PV}')
local_srcuri = []
fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d)
@@ -207,8 +207,8 @@ def srctree_hash_files(d, srcdir=None):
try:
git_dir = os.path.join(s_dir,
subprocess.check_output(['git', '-C', s_dir, 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
top_git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'],
stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
top_git_dir = os.path.join(d.getVar("TOPDIR"),
subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
if git_dir == top_git_dir:
git_dir = None
except subprocess.CalledProcessError:
@@ -225,15 +225,16 @@ def srctree_hash_files(d, srcdir=None):
env['GIT_INDEX_FILE'] = tmp_index.name
subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env)
git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8")
submodule_helper = subprocess.check_output(['git', 'submodule--helper', 'list'], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
if os.path.isdir(module_dir):
proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
proc.communicate()
proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
stdout, _ = proc.communicate()
git_sha1 += stdout.decode("utf-8")
if os.path.exists(os.path.join(s_dir, ".gitmodules")):
submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
if os.path.isdir(module_dir):
proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
proc.communicate()
proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
stdout, _ = proc.communicate()
git_sha1 += stdout.decode("utf-8")
sha1 = hashlib.sha1(git_sha1.encode("utf-8")).hexdigest()
with open(oe_hash_file, 'w') as fobj:
fobj.write(sha1)

View File

@@ -124,7 +124,7 @@ python () {
def rootfs_variables(d):
from oe.rootfs import variable_depends
variables = ['IMAGE_DEVICE_TABLE','IMAGE_DEVICE_TABLES','BUILD_IMAGES_FROM_FEEDS','IMAGE_TYPES_MASKED','IMAGE_ROOTFS_ALIGNMENT','IMAGE_OVERHEAD_FACTOR','IMAGE_ROOTFS_SIZE','IMAGE_ROOTFS_EXTRA_SPACE',
'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS', 'IMAGE_LINGUAS_COMPLEMENTARY',
'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS', 'IMAGE_LINGUAS_COMPLEMENTARY', 'IMAGE_LOCALES_ARCHIVE',
'MULTILIBRE_ALLOW_REP','MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS',
'PACKAGE_ARCHS','PACKAGE_CLASSES','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS',
'CONVERSIONTYPES', 'IMAGE_GEN_DEBUGFS', 'ROOTFS_RO_UNNEEDED', 'IMGDEPLOYDIR', 'PACKAGE_EXCLUDE_COMPLEMENTARY', 'REPRODUCIBLE_TIMESTAMP_ROOTFS', 'IMAGE_INSTALL_DEBUGFS']
@@ -176,6 +176,9 @@ IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}"
# per default create a locale archive
IMAGE_LOCALES_ARCHIVE ?= '1'
# Prefer image, but use the fallback files for lookups if the image ones
# aren't yet available.
PSEUDO_PASSWD = "${IMAGE_ROOTFS}:${STAGING_DIR_NATIVE}"

View File

@@ -452,12 +452,14 @@ def package_qa_check_buildpaths(path, name, d, elf, messages):
"""
Check for build paths inside target files and error if not found in the whitelist
"""
import stat
# Ignore .debug files, not interesting
if path.find(".debug") != -1:
return
# Ignore symlinks
if os.path.islink(path):
# Ignore symlinks/devs/fifos
mode = os.lstat(path).st_mode
if stat.S_ISLNK(mode) or stat.S_ISBLK(mode) or stat.S_ISFIFO(mode) or stat.S_ISCHR(mode) or stat.S_ISSOCK(mode):
return
tmpdir = bytes(d.getVar('TMPDIR'), encoding="utf-8")
@@ -945,7 +947,7 @@ def package_qa_check_host_user(path, name, d, elf, messages):
dest = d.getVar('PKGDEST')
pn = d.getVar('PN')
home = os.path.join(dest, 'home')
home = os.path.join(dest, name, 'home')
if path == home or path.startswith(home + os.sep):
return

View File

@@ -61,8 +61,8 @@ HOST_LD_KERNEL_ARCH ?= "${TARGET_LD_KERNEL_ARCH}"
TARGET_AR_KERNEL_ARCH ?= ""
HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}"
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH}"
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
TOOLCHAIN = "gcc"
TOOLCHAIN ?= "gcc"

View File

@@ -56,6 +56,12 @@ FIT_HASH_ALG ?= "sha256"
# fitImage Signature Algo
FIT_SIGN_ALG ?= "rsa2048"
# fitImage Padding Algo
FIT_PAD_ALG ?= "pkcs-1.5"
# Arguments passed to mkimage for signing
UBOOT_MKIMAGE_SIGN_ARGS ?= ""
#
# Emit the fitImage ITS header
#
@@ -250,6 +256,7 @@ fitimage_emit_section_config() {
conf_csum="${FIT_HASH_ALG}"
conf_sign_algo="${FIT_SIGN_ALG}"
conf_padding_algo="${FIT_PAD_ALG}"
if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
fi
@@ -333,6 +340,7 @@ EOF
signature-1 {
algo = "${conf_csum},${conf_sign_algo}";
key-name-hint = "${conf_sign_keyname}";
padding = "${conf_padding_algo}";
${sign_line}
};
EOF
@@ -474,7 +482,8 @@ fitimage_assemble() {
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-F -k "${UBOOT_SIGN_KEYDIR}" \
$add_key_to_u_boot \
-r arch/${ARCH}/boot/${2}
-r arch/${ARCH}/boot/${2} \
${UBOOT_MKIMAGE_SIGN_ARGS}
fi
}

View File

@@ -269,6 +269,8 @@ do_kernel_metadata() {
bbnote "KERNEL_FEATURES: $KERNEL_FEATURES_FINAL"
bbnote "Final scc/cfg list: $sccs_defconfig $bsp_definition $sccs $KERNEL_FEATURES_FINAL"
fi
set -e
}
do_patch() {
@@ -298,6 +300,8 @@ do_patch() {
fi
done
fi
set -e
}
do_kernel_checkout() {
@@ -356,6 +360,8 @@ do_kernel_checkout() {
git commit -q -m "baseline commit: creating repo for ${PN}-${PV}"
git clean -d -f
fi
set -e
}
do_kernel_checkout[dirs] = "${S}"
@@ -523,6 +529,8 @@ do_validate_branches() {
kgit-s2q --clean
fi
fi
set -e
}
OE_TERMINAL_EXPORTS += "KBUILD_OUTPUT"

View File

@@ -75,7 +75,7 @@ python __anonymous () {
# KERNEL_IMAGETYPES may contain a mixture of image types supported directly
# by the kernel build system and types which are created by post-processing
# the output of the kernel build system (e.g. compressing vmlinux ->
# vmlinux.gz in kernel_do_compile()).
# vmlinux.gz in kernel_do_transform_kernel()).
# KERNEL_IMAGETYPE_FOR_MAKE should contain only image types supported
# directly by the kernel build system.
if not d.getVar('KERNEL_IMAGETYPE_FOR_MAKE'):
@@ -106,6 +106,8 @@ python __anonymous () {
# standalone for use by wic and other tools.
if image:
d.appendVarFlag('do_bundle_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
if image and bb.utils.to_boolean(d.getVar('INITRAMFS_IMAGE_BUNDLE')):
bb.build.addtask('do_transform_bundled_initramfs', 'do_deploy', 'do_bundle_initramfs', d)
# NOTE: setting INITRAMFS_TASK is for backward compatibility
# The preferred method is to set INITRAMFS_IMAGE, because
@@ -280,6 +282,14 @@ do_bundle_initramfs () {
}
do_bundle_initramfs[dirs] = "${B}"
kernel_do_transform_bundled_initramfs() {
# vmlinux.gz is not built by kernel
if (echo "${KERNEL_IMAGETYPES}" | grep -wq "vmlinux\.gz"); then
gzip -9cn < ${KERNEL_OUTPUT_DIR}/vmlinux.initramfs > ${KERNEL_OUTPUT_DIR}/vmlinux.gz.initramfs
fi
}
do_transform_bundled_initramfs[dirs] = "${B}"
python do_devshell_prepend () {
os.environ["LDFLAGS"] = ''
}
@@ -311,6 +321,10 @@ kernel_do_compile() {
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
else
ts=`LC_ALL=C date`
export KBUILD_BUILD_TIMESTAMP="$ts"
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
# The $use_alternate_initrd is only set from
# do_bundle_initramfs() This variable is specifically for the
@@ -329,12 +343,17 @@ kernel_do_compile() {
for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
oe_runmake ${typeformake} CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} $use_alternate_initrd
done
}
kernel_do_transform_kernel() {
# vmlinux.gz is not built by kernel
if (echo "${KERNEL_IMAGETYPES}" | grep -wq "vmlinux\.gz"); then
mkdir -p "${KERNEL_OUTPUT_DIR}"
gzip -9cn < ${B}/vmlinux > "${KERNEL_OUTPUT_DIR}/vmlinux.gz"
fi
}
do_transform_kernel[dirs] = "${B}"
addtask transform_kernel after do_compile before do_install
do_compile_kernelmodules() {
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE
@@ -352,6 +371,10 @@ do_compile_kernelmodules() {
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
else
ts=`LC_ALL=C date`
export KBUILD_BUILD_TIMESTAMP="$ts"
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then
cc_extra=$(get_cc_option)
@@ -576,7 +599,7 @@ inherit cml1
KCONFIG_CONFIG_COMMAND_append = " LD='${KERNEL_LD}' HOSTLDFLAGS='${BUILD_LDFLAGS}'"
EXPORT_FUNCTIONS do_compile do_install do_configure
EXPORT_FUNCTIONS do_compile do_transform_kernel do_transform_bundled_initramfs do_install do_configure
# kernel-base becomes kernel-${KERNEL_VERSION}
# kernel-image becomes kernel-image-${KERNEL_VERSION}
@@ -721,7 +744,7 @@ kernel_do_deploy() {
fi
if [ ! -z "${INITRAMFS_IMAGE}" -a x"${INITRAMFS_IMAGE_BUNDLE}" = x1 ]; then
for imageType in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
for imageType in ${KERNEL_IMAGETYPES} ; do
if [ "$imageType" = "fitImage" ] ; then
continue
fi

View File

@@ -91,17 +91,17 @@ def copy_license_files(lic_files_paths, destdir):
os.link(src, dst)
except OSError as err:
if err.errno == errno.EXDEV:
# Copy license files if hard-link is not possible even if st_dev is the
# Copy license files if hardlink is not possible even if st_dev is the
# same on source and destination (docker container with device-mapper?)
canlink = False
else:
raise
# Only chown if we did hardling, and, we're running under pseudo
# Only chown if we did hardlink and we're running under pseudo
if canlink and os.environ.get('PSEUDO_DISABLED') == '0':
os.chown(dst,0,0)
if not canlink:
begin_idx = int(beginline)-1 if beginline is not None else None
end_idx = int(endline) if endline is not None else None
begin_idx = max(0, int(beginline) - 1) if beginline is not None else None
end_idx = max(0, int(endline)) if endline is not None else None
if begin_idx is None and end_idx is None:
shutil.copyfile(src, dst)
else:

View File

@@ -7,6 +7,7 @@
# QB_OPT_APPEND: options to append to qemu, e.g., "-show-cursor"
#
# QB_DEFAULT_KERNEL: default kernel to boot, e.g., "bzImage"
# e.g., "bzImage-initramfs-qemux86-64.bin" if INITRAMFS_IMAGE_BUNDLE is set to 1.
#
# QB_DEFAULT_FSTYPE: default FSTYPE to boot, e.g., "ext4"
#
@@ -75,7 +76,7 @@
QB_MEM ?= "-m 256"
QB_SERIAL_OPT ?= "-serial mon:stdio -serial null"
QB_DEFAULT_KERNEL ?= "${KERNEL_IMAGETYPE}"
QB_DEFAULT_KERNEL ?= "${@bb.utils.contains("INITRAMFS_IMAGE_BUNDLE", "1", "${KERNEL_IMAGETYPE}-${INITRAMFS_LINK_NAME}.bin", "${KERNEL_IMAGETYPE}", d)}"
QB_DEFAULT_FSTYPE ?= "ext4"
QB_OPT_APPEND ?= "-show-cursor"
QB_NETWORK_DEVICE ?= "-device virtio-net-pci,netdev=net0,mac=@MAC@"

View File

@@ -27,6 +27,13 @@ BB_SCHEDULER ?= "completion"
BB_TASK_IONICE_LEVEL_task-rm_work = "3.0"
do_rm_work () {
# Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH
# Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function
RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)"
if [ -z "${RM_BIN}" ]; then
bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data."
fi
# If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe.
for p in ${RM_WORK_EXCLUDE}; do
if [ "$p" = "${PN}" ]; then
@@ -73,7 +80,7 @@ do_rm_work () {
# sstate version since otherwise we'd need to leave 'plaindirs' around
# such as 'packages' and 'packages-split' and these can be large. No end
# of chain tasks depend directly on do_package anymore.
rm -f -- $i;
"${RM_BIN}" -f -- $i;
;;
*_setscene*)
# Skip stamps which are already setscene versions
@@ -90,7 +97,7 @@ do_rm_work () {
;;
esac
done
rm -f -- $i
"${RM_BIN}" -f -- $i
esac
done
@@ -100,9 +107,9 @@ do_rm_work () {
# Retain only logs and other files in temp, safely ignore
# failures of removing pseudo folers on NFS2/3 server.
if [ $dir = 'pseudo' ]; then
rm -rf -- $dir 2> /dev/null || true
"${RM_BIN}" -rf -- $dir 2> /dev/null || true
elif ! echo "$excludes" | grep -q -w "$dir"; then
rm -rf -- $dir
"${RM_BIN}" -rf -- $dir
fi
done
}

View File

@@ -305,7 +305,7 @@ rootfs_trim_schemas () {
}
rootfs_check_host_user_contaminated () {
contaminated="${WORKDIR}/host-user-contaminated.txt"
contaminated="${S}/host-user-contaminated.txt"
HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)"
HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)"

View File

@@ -561,6 +561,14 @@ def check_tar_version(sanity_data):
version = result.split()[3]
if LooseVersion(version) < LooseVersion("1.28"):
return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n"
try:
result = subprocess.check_output(["tar", "--help"], stderr=subprocess.STDOUT).decode('utf-8')
if "--xattrs" not in result:
return "Your tar doesn't support --xattrs, please use GNU tar.\n"
except subprocess.CalledProcessError as e:
return "Unable to execute tar --help, exit code %d\n%s\n" % (e.returncode, e.output)
return None
# We use git parameters and functionality only found in 1.7.8 or later

View File

@@ -20,7 +20,7 @@ def generate_sstatefn(spec, hash, taskname, siginfo, d):
components = spec.split(":")
# Fields 0,5,6 are mandatory, 1 is most useful, 2,3,4 are just for information
# 7 is for the separators
avail = (254 - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
avail = (limit - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
components[2] = components[2][:avail]
components[3] = components[3][:avail]
components[4] = components[4][:avail]

View File

@@ -53,24 +53,23 @@ CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4
CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
#### CPE update pending ####
# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803
# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7
# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
#CVE_CHECK_WHITELIST += "CVE-2000-0803"
#### Upstream still working on ####
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
# however qemu maintainers are sure the patch is incorrect and should not be applied.
# qemu maintainers say the patch is incorrect and should not be applied
# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable
CVE_CHECK_WHITELIST += "CVE-2021-20255"
# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879
# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
# No response upstream as of 2021/5/12
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067
# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can
# still be reproduced or where exactly any bug is.
# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one.
CVE_CHECK_WHITELIST += "CVE-2019-12067"
# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
# It is a fuzzing related buffer overflow. It is of low impact since most devices
# wouldn't expose an assembler. The upstream is inactive and there is little to be
# done about the bug, ignore from an OE perspective.
CVE_CHECK_WHITELIST += "CVE-2020-18974"

View File

@@ -194,7 +194,7 @@ RECIPE_MAINTAINER_pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
RECIPE_MAINTAINER_pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-source-9.3.0 = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-source-9.5.0 = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gconf = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER_pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER_pn-gdb = "Khem Raj <raj.khem@gmail.com>"

View File

@@ -6,10 +6,10 @@
# to the distro running on the build machine.
#
UNINATIVE_MAXGLIBCVERSION = "2.35"
UNINATIVE_VERSION = "3.6"
UNINATIVE_MAXGLIBCVERSION = "2.36"
UNINATIVE_VERSION = "3.7"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
UNINATIVE_CHECKSUM[aarch64] ?= "d64831cf2792c8e470c2e42230660e1a8e5de56a579cdd59978791f663c2f3ed"
UNINATIVE_CHECKSUM[i686] ?= "2f0ee9b66b1bb2c85e2b592fb3c9c7f5d77399fa638d74961330cdb8de34ca3b"
UNINATIVE_CHECKSUM[x86_64] ?= "9bfc4c970495b3716b2f9e52c4df9f968c02463a9a95000f6657fbc3fde1f098"
UNINATIVE_CHECKSUM[aarch64] ?= "6a29bcae4b5b716d2d520e18800b33943b65f8a835eac1ff8793fc5ee65b4be6"
UNINATIVE_CHECKSUM[i686] ?= "3f6d52e64996570c716108d49f8108baccf499a283bbefae438c7266b7a93305"
UNINATIVE_CHECKSUM[x86_64] ?= "b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570"

View File

@@ -13,24 +13,31 @@
SPDXLICENSEMAP[AGPL-3] = "AGPL-3.0"
SPDXLICENSEMAP[AGPLv3] = "AGPL-3.0"
SPDXLICENSEMAP[AGPLv3.0] = "AGPL-3.0"
SPDXLICENSEMAP[AGPL-3.0-only] = "AGPL-3.0"
# GPL variations
SPDXLICENSEMAP[GPL-1] = "GPL-1.0"
SPDXLICENSEMAP[GPLv1] = "GPL-1.0"
SPDXLICENSEMAP[GPLv1.0] = "GPL-1.0"
SPDXLICENSEMAP[GPL-1.0-only] = "GPL-1.0"
SPDXLICENSEMAP[GPL-2] = "GPL-2.0"
SPDXLICENSEMAP[GPLv2] = "GPL-2.0"
SPDXLICENSEMAP[GPLv2.0] = "GPL-2.0"
SPDXLICENSEMAP[GPL-2.0-only] = "GPL-2.0"
SPDXLICENSEMAP[GPL-3] = "GPL-3.0"
SPDXLICENSEMAP[GPLv3] = "GPL-3.0"
SPDXLICENSEMAP[GPLv3.0] = "GPL-3.0"
SPDXLICENSEMAP[GPL-3.0-only] = "GPL-3.0"
#LGPL variations
SPDXLICENSEMAP[LGPLv2] = "LGPL-2.0"
SPDXLICENSEMAP[LGPLv2.0] = "LGPL-2.0"
SPDXLICENSEMAP[LGPL-2.0-only] = "LGPL-2.0"
SPDXLICENSEMAP[LGPL2.1] = "LGPL-2.1"
SPDXLICENSEMAP[LGPLv2.1] = "LGPL-2.1"
SPDXLICENSEMAP[LGPL-2.1-only] = "LGPL-2.1"
SPDXLICENSEMAP[LGPLv3] = "LGPL-3.0"
SPDXLICENSEMAP[LGPL-3.0-only] = "LGPL-3.0"
#MPL variations
SPDXLICENSEMAP[MPL-1] = "MPL-1.0"

View File

@@ -79,3 +79,96 @@ def cve_check_merge_jsons(output, data):
return
output["package"].append(data["package"][0])
def update_symlinks(target_path, link_path):
"""
Update a symbolic link link_path to point to target_path.
Remove the link and recreate it if exist and is different.
"""
if link_path != target_path and os.path.exists(target_path):
if os.path.exists(os.path.realpath(link_path)):
os.remove(link_path)
os.symlink(os.path.basename(target_path), link_path)
def get_patched_cves(d):
"""
Get patches that solve CVEs using the "CVE: " tag.
"""
import re
import oe.patch
pn = d.getVar("PN")
cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
# Matches the last "CVE-YYYY-ID" in the file name, also if written
# in lowercase. Possible to have multiple CVE IDs in a single
# file name, but only the last one will be detected from the file name.
# However, patch files contents addressing multiple CVE IDs are supported
# (cve_match regular expression)
cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
patched_cves = set()
bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
for url in oe.patch.src_patches(d):
patch_file = bb.fetch.decodeurl(url)[2]
# Remote compressed patches may not be unpacked, so silently ignore them
if not os.path.isfile(patch_file):
bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
continue
# Check patch file name for CVE ID
fname_match = cve_file_name_match.search(patch_file)
if fname_match:
cve = fname_match.group(1).upper()
patched_cves.add(cve)
bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
with open(patch_file, "r", encoding="utf-8") as f:
try:
patch_text = f.read()
except UnicodeDecodeError:
bb.debug(1, "Failed to read patch %s using UTF-8 encoding"
" trying with iso8859-1" % patch_file)
f.close()
with open(patch_file, "r", encoding="iso8859-1") as f:
patch_text = f.read()
# Search for one or more "CVE: " lines
text_match = False
for match in cve_match.finditer(patch_text):
# Get only the CVEs without the "CVE: " tag
cves = patch_text[match.start()+5:match.end()]
for cve in cves.split():
bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
patched_cves.add(cve)
text_match = True
if not fname_match and not text_match:
bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
return patched_cves
def get_cpe_ids(cve_product, version):
"""
Get list of CPE identifiers for the given product and version
"""
version = version.split("+git")[0]
cpe_ids = []
for product in cve_product.split():
# CVE_PRODUCT in recipes may include vendor information for CPE identifiers. If not,
# use wildcard for vendor.
if ":" in product:
vendor, product = product.split(":", 1)
else:
vendor = "*"
cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
cpe_ids.append(cpe_id)
return cpe_ids

View File

@@ -611,12 +611,13 @@ class PackageManager(object, metaclass=ABCMeta):
"'%s' returned %d:\n%s" %
(' '.join(cmd), e.returncode, e.output.decode("utf-8")))
target_arch = self.d.getVar('TARGET_ARCH')
localedir = oe.path.join(self.target_rootfs, self.d.getVar("libdir"), "locale")
if os.path.exists(localedir) and os.listdir(localedir):
generate_locale_archive(self.d, self.target_rootfs, target_arch, localedir)
# And now delete the binary locales
self.remove(fnmatch.filter(self.list_installed(), "glibc-binary-localedata-*"), False)
if self.d.getVar('IMAGE_LOCALES_ARCHIVE') == '1':
target_arch = self.d.getVar('TARGET_ARCH')
localedir = oe.path.join(self.target_rootfs, self.d.getVar("libdir"), "locale")
if os.path.exists(localedir) and os.listdir(localedir):
generate_locale_archive(self.d, self.target_rootfs, target_arch, localedir)
# And now delete the binary locales
self.remove(fnmatch.filter(self.list_installed(), "glibc-binary-localedata-*"), False)
def deploy_dir_lock(self):
if self.deploy_dir is None:

View File

@@ -321,7 +321,9 @@ class Rootfs(object, metaclass=ABCMeta):
if not os.path.exists(kernel_abi_ver_file):
bb.fatal("No kernel-abiversion file found (%s), cannot run depmod, aborting" % kernel_abi_ver_file)
kernel_ver = open(kernel_abi_ver_file).read().strip(' \n')
with open(kernel_abi_ver_file) as f:
kernel_ver = f.read().strip(' \n')
versioned_modules_dir = os.path.join(self.image_rootfs, modules_dir, kernel_ver)
bb.utils.mkdirhier(versioned_modules_dir)

View File

@@ -49,21 +49,20 @@ class RpmBasicTest(OERuntimeTestCase):
msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output)
self.assertEqual(status, 0, msg=msg)
def check_no_process_for_user(u):
_, output = self.target.run(self.tc.target_cmds['ps'])
if u + ' ' in output:
return False
else:
return True
def wait_for_no_process_for_user(u, timeout = 120):
timeout_at = time.time() + timeout
while time.time() < timeout_at:
_, output = self.target.run(self.tc.target_cmds['ps'])
if u + ' ' not in output:
return
time.sleep(1)
user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
assertTrue(True, msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
timeout = time.time() + 30
while time.time() < timeout:
if check_no_process_for_user(u):
break
else:
time.sleep(1)
wait_for_no_process_for_user(u)
status, output = self.target.run('userdel -r %s' % u)
msg = 'Failed to erase user: %s' % output
self.assertTrue(status == 0, msg=msg)

View File

@@ -23,7 +23,7 @@ class ScpTest(OERuntimeTestCase):
os.remove(cls.tmp_path)
@OETestDepends(['ssh.SSHTest.test_ssh'])
@OEHasPackage(['openssh-scp', 'dropbear'])
@OEHasPackage(['openssh-scp'])
def test_scp_file(self):
dst = '/tmp/test_scp_file'

View File

@@ -117,3 +117,85 @@ CVE_CHECK_FORMAT_JSON = "1"
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
self.assertEqual(report["package"][0]["name"], recipename)
def test_recipe_report_json_unpatched(self):
config = """
INHERIT += "cve-check"
CVE_CHECK_FORMAT_JSON = "1"
CVE_CHECK_REPORT_PATCHED = "0"
"""
self.write_config(config)
vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
try:
os.remove(summary_json)
os.remove(recipe_json)
except FileNotFoundError:
pass
bitbake("m4-native -c cve_check")
def check_m4_json(filename):
with open(filename) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
package = report["package"][0]
self.assertEqual(package["name"], "m4-native")
#m4 had only Patched CVEs, so the issues array will be empty
self.assertEqual(package["issue"], [])
self.assertExists(summary_json)
check_m4_json(summary_json)
self.assertExists(recipe_json)
check_m4_json(recipe_json)
def test_recipe_report_json_ignored(self):
config = """
INHERIT += "cve-check"
CVE_CHECK_FORMAT_JSON = "1"
CVE_CHECK_REPORT_PATCHED = "1"
"""
self.write_config(config)
vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "logrotate_cve.json")
try:
os.remove(summary_json)
os.remove(recipe_json)
except FileNotFoundError:
pass
bitbake("logrotate -c cve_check")
def check_m4_json(filename):
with open(filename) as f:
report = json.load(f)
self.assertEqual(report["version"], "1")
self.assertEqual(len(report["package"]), 1)
package = report["package"][0]
self.assertEqual(package["name"], "logrotate")
found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
# m4 CVE should not be in logrotate
self.assertNotIn("CVE-2008-1687", found_cves)
# logrotate has both Patched and Ignored CVEs
self.assertIn("CVE-2011-1098", found_cves)
self.assertEqual(found_cves["CVE-2011-1098"], "Patched")
self.assertIn("CVE-2011-1548", found_cves)
self.assertEqual(found_cves["CVE-2011-1548"], "Ignored")
self.assertIn("CVE-2011-1549", found_cves)
self.assertEqual(found_cves["CVE-2011-1549"], "Ignored")
self.assertIn("CVE-2011-1550", found_cves)
self.assertEqual(found_cves["CVE-2011-1550"], "Ignored")
self.assertExists(summary_json)
check_m4_json(summary_json)
self.assertExists(recipe_json)
check_m4_json(recipe_json)

View File

@@ -1323,7 +1323,7 @@ class DevtoolExtractTests(DevtoolBase):
# Now really test deploy-target
result = runCmd('devtool deploy-target -c %s root@%s' % (testrecipe, qemu.ip))
# Run a test command to see if it was installed properly
sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-rsa'
result = runCmd('ssh %s root@%s %s' % (sshargs, qemu.ip, testcommand))
# Check if it deployed all of the files with the right ownership/perms
# First look on the host - need to do this under pseudo to get the correct ownership/perms

View File

@@ -133,7 +133,8 @@ class OEListPackageconfigTests(OEScriptTests):
def check_endlines(self, results, expected_endlines):
for line in results.output.splitlines():
for el in expected_endlines:
if line.split() == el.split():
if line and line.split()[0] == el.split()[0] and \
' '.join(sorted(el.split())) in ' '.join(sorted(line.split())):
expected_endlines.remove(el)
break

View File

@@ -175,8 +175,8 @@ class TestImage(OESelftestTestCase):
if "DISPLAY" not in os.environ:
self.skipTest("virgl gtk test must be run inside a X session")
distro = oe.lsb.distro_identifier()
if distro and distro == 'almalinux-8.6':
self.skipTest('virgl isn\'t working with Alma 8')
if distro and distro.startswith('almalinux'):
self.skipTest('virgl isn\'t working with Alma Linux')
if distro and distro == 'debian-8':
self.skipTest('virgl isn\'t working with Debian 8')
if distro and distro == 'centos-7':
@@ -187,8 +187,12 @@ class TestImage(OESelftestTestCase):
self.skipTest('virgl isn\'t working with Fedora 34')
if distro and distro == 'fedora-35':
self.skipTest('virgl isn\'t working with Fedora 35')
if distro and distro == 'fedora-36':
self.skipTest('virgl isn\'t working with Fedora 36')
if distro and distro == 'opensuseleap-15.0':
self.skipTest('virgl isn\'t working with Opensuse 15.0')
if distro and distro == 'ubuntu-22.04':
self.skipTest('virgl isn\'t working with Ubuntu 22.04')
qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native')
sdl_packageconfig = get_bb_var('PACKAGECONFIG', 'libsdl2-native')

View File

@@ -65,6 +65,20 @@ class TinfoilTests(OESelftestTestCase):
localdata.setVar('PN', 'hello')
self.assertEqual('hello', localdata.getVar('BPN'))
# The config_data API tp parse_recipe_file is used by:
# layerindex-web layerindex/update_layer.py
def test_parse_recipe_custom_data(self):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=False, quiet=2)
localdata = bb.data.createCopy(tinfoil.config_data)
localdata.setVar("TESTVAR", "testval")
testrecipe = 'mdadm'
best = tinfoil.find_best_provider(testrecipe)
if not best:
self.fail('Unable to find recipe providing %s' % testrecipe)
rd = tinfoil.parse_recipe_file(best[3], config_data=localdata)
self.assertEqual("testval", rd.getVar('TESTVAR'))
def test_list_recipes(self):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=False, quiet=2)

View File

@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=master;protocol=https \
SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=main;protocol=https \
file://determinism.patch \
file://no-werror.patch"
SRCREV = "c1d6b10e1ed4ba2be07f385eae5bceb694478a10"

View File

@@ -0,0 +1,178 @@
From 0693d672abcf720419f86c56bda6428c540e2bb1 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Wed, 20 Jul 2022 10:01:35 +0530
Subject: [PATCH] CVE-2021-3695
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e623866d9286410156e8b9d2c82d6253a1b22d08]
CVE: CVE-2021-3695
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
video/readers/png: Drop greyscale support to fix heap out-of-bounds write
A 16-bit greyscale PNG without alpha is processed in the following loop:
for (i = 0; i < (data->image_width * data->image_height);
i++, d1 += 4, d2 += 2)
{
d1[R3] = d2[1];
d1[G3] = d2[1];
d1[B3] = d2[1];
}
The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration,
but there are only 3 bytes allocated for storage. This means that image
data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes
out of every 4 following the end of the image.
This has existed since greyscale support was added in 2013 in commit
3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale).
Saving starfield.png as a 16-bit greyscale image without alpha in the gimp
and attempting to load it causes grub-emu to crash - I don't think this code
has ever worked.
Delete all PNG greyscale support.
Fixes: CVE-2021-3695
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/png.c | 89 ++++-------------------------------
1 file changed, 8 insertions(+), 81 deletions(-)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 0157ff7..db4a9d4 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -100,7 +100,7 @@ struct grub_png_data
unsigned image_width, image_height;
int bpp, is_16bit;
- int raw_bytes, is_gray, is_alpha, is_palette;
+ int raw_bytes, is_alpha, is_palette;
int row_bytes, color_bits;
grub_uint8_t *image_data;
@@ -280,13 +280,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
data->bpp = 3;
else
{
- data->is_gray = 1;
- data->bpp = 1;
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: color type not supported");
}
if ((color_bits != 8) && (color_bits != 16)
&& (color_bits != 4
- || !(data->is_gray || data->is_palette)))
+ || !data->is_palette))
return grub_error (GRUB_ERR_BAD_FILE_TYPE,
"png: bit depth must be 8 or 16");
@@ -315,7 +315,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
}
#ifndef GRUB_CPU_WORDS_BIGENDIAN
- if (data->is_16bit || data->is_gray || data->is_palette)
+ if (data->is_16bit || data->is_palette)
#endif
{
data->image_data = grub_calloc (data->image_height, data->row_bytes);
@@ -859,27 +859,8 @@ grub_png_convert_image (struct grub_png_data *data)
int shift;
int mask = (1 << data->color_bits) - 1;
unsigned j;
- if (data->is_gray)
- {
- /* Generic formula is
- (0xff * i) / ((1U << data->color_bits) - 1)
- but for allowed bit depth of 1, 2 and for it's
- equivalent to
- (0xff / ((1U << data->color_bits) - 1)) * i
- Precompute the multipliers to avoid division.
- */
-
- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 };
- for (i = 0; i < (1U << data->color_bits); i++)
- {
- grub_uint8_t col = multipliers[data->color_bits] * i;
- palette[i][0] = col;
- palette[i][1] = col;
- palette[i][2] = col;
- }
- }
- else
- grub_memcpy (palette, data->palette, 3 << data->color_bits);
+
+ grub_memcpy (palette, data->palette, 3 << data->color_bits);
d1c = d1;
d2c = d2;
for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3,
@@ -917,61 +898,7 @@ grub_png_convert_image (struct grub_png_data *data)
return;
}
- if (data->is_gray)
- {
- switch (data->bpp)
- {
- case 4:
- /* 16-bit gray with alpha. */
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 4)
- {
- d1[R4] = d2[3];
- d1[G4] = d2[3];
- d1[B4] = d2[3];
- d1[A4] = d2[1];
- }
- break;
- case 2:
- if (data->is_16bit)
- /* 16-bit gray without alpha. */
- {
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 2)
- {
- d1[R3] = d2[1];
- d1[G3] = d2[1];
- d1[B3] = d2[1];
- }
- }
- else
- /* 8-bit gray with alpha. */
- {
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 4, d2 += 2)
- {
- d1[R4] = d2[1];
- d1[G4] = d2[1];
- d1[B4] = d2[1];
- d1[A4] = d2[0];
- }
- }
- break;
- /* 8-bit gray without alpha. */
- case 1:
- for (i = 0; i < (data->image_width * data->image_height);
- i++, d1 += 3, d2++)
- {
- d1[R3] = d2[0];
- d1[G3] = d2[0];
- d1[B3] = d2[0];
- }
- break;
- }
- return;
- }
-
- {
+ {
/* Only copy the upper 8 bit. */
#ifndef GRUB_CPU_WORDS_BIGENDIAN
for (i = 0; i < (data->image_width * data->image_height * data->bpp >> 1);
--
2.25.1

View File

@@ -0,0 +1,46 @@
From b18ce59d6496a9313d75f9497a0efac61dcf4191 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Wed, 20 Jul 2022 10:05:42 +0530
Subject: [PATCH] CVE-2021-3696
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=210245129c932dc9e1c2748d9d35524fb95b5042]
CVE: CVE-2021-3696
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
video/readers/png: Avoid heap OOB R/W inserting huff table items
In fuzzing we observed crashes where a code would attempt to be inserted
into a huffman table before the start, leading to a set of heap OOB reads
and writes as table entries with negative indices were shifted around and
the new code written in.
Catch the case where we would underflow the array and bail.
Fixes: CVE-2021-3696
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/png.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
index 36b3f10..3c05951 100644
--- a/grub-core/video/readers/png.c
+++ b/grub-core/video/readers/png.c
@@ -416,6 +416,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len)
for (i = len; i < ht->max_length; i++)
n += ht->maxval[i];
+ if (n > ht->num_values)
+ {
+ grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: out of range inserting huffman table item");
+ return;
+ }
+
for (i = 0; i < n; i++)
ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1];
--
2.25.1

View File

@@ -0,0 +1,82 @@
From 4de9de9d14f4ac27229e45514627534e32cc4406 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 19 Jul 2022 11:13:02 +0530
Subject: [PATCH] CVE-2021-3697
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6]
CVE: CVE-2021-3697
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
video/readers/jpeg: Block int underflow -> wild pointer write
Certain 1 px wide images caused a wild pointer write in
grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(),
we have the following loop:
for (; data->r1 < nr1 && (!data->dri || rst);
data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
We did not check if vb * width >= hb * nc1.
On a 64-bit platform, if that turns out to be negative, it will underflow,
be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so
we see data->bitmap_ptr jump, e.g.:
0x6180_0000_0480 to
0x6181_0000_0498
^
~--- carry has occurred and this pointer is now far away from
any object.
On a 32-bit platform, it will decrement the pointer, creating a pointer
that won't crash but will overwrite random data.
Catch the underflow and error out.
Fixes: CVE-2021-3697
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/video/readers/jpeg.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
index 31359a4..545a60b 100644
--- a/grub-core/video/readers/jpeg.c
+++ b/grub-core/video/readers/jpeg.c
@@ -23,6 +23,7 @@
#include <grub/mm.h>
#include <grub/misc.h>
#include <grub/bufio.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -617,6 +618,7 @@ static grub_err_t
grub_jpeg_decode_data (struct grub_jpeg_data *data)
{
unsigned c1, vb, hb, nr1, nc1;
+ unsigned stride_a, stride_b, stride;
int rst = data->dri;
vb = 8 << data->log_vs;
@@ -624,8 +626,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
nr1 = (data->image_height + vb - 1) >> (3 + data->log_vs);
nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs);
+ if (grub_mul(vb, data->image_width, &stride_a) ||
+ grub_mul(hb, nc1, &stride_b) ||
+ grub_sub(stride_a, stride_b, &stride))
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: cannot decode image with these dimensions");
+
for (; data->r1 < nr1 && (!data->dri || rst);
- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
+ data->r1++, data->bitmap_ptr += stride * 3)
for (c1 = 0; c1 < nc1 && (!data->dri || rst);
c1++, rst--, data->bitmap_ptr += hb * 3)
{
--
2.25.1

View File

@@ -0,0 +1,32 @@
From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 27 Jun 2022 10:15:29 +0530
Subject: [PATCH] CVE-2021-3981
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
CVE: CVE-2021-3981
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
util/grub-mkconfig.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 9f477ff..ead94a6 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
exit 1
else
# none of the children aborted with error, install the new grub.cfg
- mv -f ${grub_cfg}.new ${grub_cfg}
+ oldumask=$(umask)
+ umask 077
+ cat ${grub_cfg}.new > ${grub_cfg}
+ umask $oldumask
+ rm -f ${grub_cfg}.new
fi
fi
--
2.25.1

View File

@@ -0,0 +1,87 @@
From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Fri, 5 Aug 2022 01:58:27 +0800
Subject: [PATCH] font: Fix several integer overflows in
grub_font_construct_glyph()
This patch fixes several integer overflows in grub_font_construct_glyph().
Glyphs of invalid size, zero or leading to an overflow, are rejected.
The inconsistency between "glyph" and "max_glyph_size" when grub_malloc()
returns NULL is fixed too.
Fixes: CVE-2022-2601
Reported-by: Zhang Boyang <zhangboyang.id@gmail.com>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e]
CVE: CVE-2022-2601
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
grub-core/font/font.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index df17dba..f110db9 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -1509,6 +1509,7 @@ grub_font_construct_glyph (grub_font_t hinted_font,
struct grub_video_signed_rect bounds;
static struct grub_font_glyph *glyph = 0;
static grub_size_t max_glyph_size = 0;
+ grub_size_t cur_glyph_size;
ensure_comb_space (glyph_id);
@@ -1525,29 +1526,33 @@ grub_font_construct_glyph (grub_font_t hinted_font,
if (!glyph_id->ncomb && !glyph_id->attributes)
return main_glyph;
- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT)
+ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) ||
+ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size))
+ return main_glyph;
+
+ if (max_glyph_size < cur_glyph_size)
{
grub_free (glyph);
- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2;
- if (max_glyph_size < 8)
- max_glyph_size = 8;
- glyph = grub_malloc (max_glyph_size);
+ if (grub_mul (cur_glyph_size, 2, &max_glyph_size))
+ max_glyph_size = 0;
+ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL;
}
if (!glyph)
{
+ max_glyph_size = 0;
grub_errno = GRUB_ERR_NONE;
return main_glyph;
}
- grub_memset (glyph, 0, sizeof (*glyph)
- + (bounds.width * bounds.height
- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT);
+ grub_memset (glyph, 0, cur_glyph_size);
glyph->font = main_glyph->font;
- glyph->width = bounds.width;
- glyph->height = bounds.height;
- glyph->offset_x = bounds.x;
- glyph->offset_y = bounds.y;
+ if (bounds.width == 0 || bounds.height == 0 ||
+ grub_cast (bounds.width, &glyph->width) ||
+ grub_cast (bounds.height, &glyph->height) ||
+ grub_cast (bounds.x, &glyph->offset_x) ||
+ grub_cast (bounds.y, &glyph->offset_y))
+ return main_glyph;
if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR)
grub_font_blit_glyph_mirror (glyph, main_glyph,
--
2.25.1

View File

@@ -0,0 +1,60 @@
From 415fb5eb83cbd3b5cfc25ac1290f2de4fe3d231c Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 1 Aug 2022 10:48:34 +0530
Subject: [PATCH] CVE-2022-28733
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3e4817538de828319ba6d59ced2fbb9b5ca13287]
CVE: CVE-2022-28733
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
net/ip: Do IP fragment maths safely
We can receive packets with invalid IP fragmentation information. This
can lead to rsm->total_len underflowing and becoming very large.
Then, in grub_netbuff_alloc(), we add to this very large number, which can
cause it to overflow and wrap back around to a small positive number.
The allocation then succeeds, but the resulting buffer is too small and
subsequent operations can write past the end of the buffer.
Catch the underflow here.
Fixes: CVE-2022-28733
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/net/ip.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c
index ea5edf8..74e4e8b 100644
--- a/grub-core/net/ip.c
+++ b/grub-core/net/ip.c
@@ -25,6 +25,7 @@
#include <grub/net/netbuff.h>
#include <grub/mm.h>
#include <grub/priority_queue.h>
+#include <grub/safemath.h>
#include <grub/time.h>
struct iphdr {
@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb,
{
rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK)
+ (nb->tail - nb->data));
- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t));
+
+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t),
+ &rsm->total_len))
+ {
+ grub_dprintf ("net", "IP reassembly size underflow\n");
+ return GRUB_ERR_NONE;
+ }
+
rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len);
if (!rsm->asm_netbuff)
{
--
2.25.1

View File

@@ -0,0 +1,67 @@
From f03f09c2a07eae7f3a4646e33a406ae2689afb9e Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 1 Aug 2022 10:59:41 +0530
Subject: [PATCH] CVE-2022-28734
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4]
CVE: CVE-2022-28734
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
net/http: Fix OOB write for split http headers
GRUB has special code for handling an http header that is split
across two packets.
The code tracks the end of line by looking for a "\n" byte. The
code for split headers has always advanced the pointer just past the
end of the line, whereas the code that handles unsplit headers does
not advance the pointer. This extra advance causes the length to be
one greater, which breaks an assumption in parse_line(), leading to
it writing a NUL byte one byte past the end of the buffer where we
reconstruct the line from the two packets.
It's conceivable that an attacker controlled set of packets could
cause this to zero out the first byte of the "next" pointer of the
grub_mm_region structure following the current_line buffer.
Do not advance the pointer in the split header case.
Fixes: CVE-2022-28734
---
grub-core/net/http.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index 5aa4ad3..a220d21 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
char *end = ptr + len;
while (end > ptr && *(end - 1) == '\r')
end--;
+
+ /* LF without CR. */
+ if (end == ptr + len)
+ {
+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR"));
+ return GRUB_ERR_NONE;
+ }
*end = 0;
+
/* Trailing CRLF. */
if (data->in_chunk_len == 1)
{
@@ -190,9 +198,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)),
int have_line = 1;
char *t;
ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data);
- if (ptr)
- ptr++;
- else
+ if (ptr == NULL)
{
have_line = 0;
ptr = (char *) nb->tail;
--
2.25.1

View File

@@ -0,0 +1,271 @@
From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Thu, 2 Dec 2021 15:03:53 +0100
Subject: kern/efi/sb: Reject non-kernel files in the shim_lock verifier
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53]
CVE: CVE-2022-28735
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
We must not allow other verifiers to pass things like the GRUB modules.
Instead of maintaining a blocklist, maintain an allowlist of things
that we do not care about.
This allowlist really should be made reusable, and shared by the
lockdown verifier, but this is the minimal patch addressing
security concerns where the TPM verifier was able to mark modules
as verified (or the OpenPGP verifier for that matter), when it
should not do so on shim-powered secure boot systems.
Fixes: CVE-2022-28735
Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/sb.c | 221 ++++++++++++++++++++++++++++++++++++++++
include/grub/verify.h | 1 +
2 files changed, 222 insertions(+)
create mode 100644 grub-core/kern/efi/sb.c
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
new file mode 100644
index 0000000..89c4bb3
--- /dev/null
+++ b/grub-core/kern/efi/sb.c
@@ -0,0 +1,221 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * UEFI Secure Boot related checkings.
+ */
+
+#include <grub/efi/efi.h>
+#include <grub/efi/pe32.h>
+#include <grub/efi/sb.h>
+#include <grub/env.h>
+#include <grub/err.h>
+#include <grub/file.h>
+#include <grub/i386/linux.h>
+#include <grub/kernel.h>
+#include <grub/mm.h>
+#include <grub/types.h>
+#include <grub/verify.h>
+
+static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+
+/*
+ * Determine whether we're in secure boot mode.
+ *
+ * Please keep the logic in sync with the Linux kernel,
+ * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
+ */
+grub_uint8_t
+grub_efi_get_secureboot (void)
+{
+ static grub_efi_guid_t efi_variable_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+ grub_efi_status_t status;
+ grub_efi_uint32_t attr = 0;
+ grub_size_t size = 0;
+ grub_uint8_t *secboot = NULL;
+ grub_uint8_t *setupmode = NULL;
+ grub_uint8_t *moksbstate = NULL;
+ grub_uint8_t secureboot = GRUB_EFI_SECUREBOOT_MODE_UNKNOWN;
+ const char *secureboot_str = "UNKNOWN";
+
+ status = grub_efi_get_variable ("SecureBoot", &efi_variable_guid,
+ &size, (void **) &secboot);
+
+ if (status == GRUB_EFI_NOT_FOUND)
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
+ goto out;
+ }
+
+ if (status != GRUB_EFI_SUCCESS)
+ goto out;
+
+ status = grub_efi_get_variable ("SetupMode", &efi_variable_guid,
+ &size, (void **) &setupmode);
+
+ if (status != GRUB_EFI_SUCCESS)
+ goto out;
+
+ if ((*secboot == 0) || (*setupmode == 1))
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
+ goto out;
+ }
+
+ /*
+ * See if a user has put the shim into insecure mode. If so, and if the
+ * variable doesn't have the runtime attribute set, we might as well
+ * honor that.
+ */
+ status = grub_efi_get_variable_with_attributes ("MokSBState", &shim_lock_guid,
+ &size, (void **) &moksbstate, &attr);
+
+ /* If it fails, we don't care why. Default to secure. */
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED;
+ goto out;
+ }
+
+ if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1)
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
+ goto out;
+ }
+
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED;
+
+ out:
+ grub_free (moksbstate);
+ grub_free (setupmode);
+ grub_free (secboot);
+
+ if (secureboot == GRUB_EFI_SECUREBOOT_MODE_DISABLED)
+ secureboot_str = "Disabled";
+ else if (secureboot == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ secureboot_str = "Enabled";
+
+ grub_dprintf ("efi", "UEFI Secure Boot state: %s\n", secureboot_str);
+
+ return secureboot;
+}
+
+static grub_err_t
+shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
+ enum grub_file_type type,
+ void **context __attribute__ ((unused)),
+ enum grub_verify_flags *flags)
+{
+ *flags = GRUB_VERIFY_FLAGS_NONE;
+
+ switch (type & GRUB_FILE_TYPE_MASK)
+ {
+ /* Files we check. */
+ case GRUB_FILE_TYPE_LINUX_KERNEL:
+ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
+ case GRUB_FILE_TYPE_BSD_KERNEL:
+ case GRUB_FILE_TYPE_XNU_KERNEL:
+ case GRUB_FILE_TYPE_PLAN9_KERNEL:
+ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
+ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+ return GRUB_ERR_NONE;
+
+ /* Files that do not affect secureboot state. */
+ case GRUB_FILE_TYPE_NONE:
+ case GRUB_FILE_TYPE_LOOPBACK:
+ case GRUB_FILE_TYPE_LINUX_INITRD:
+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
+ case GRUB_FILE_TYPE_XNU_RAMDISK:
+ case GRUB_FILE_TYPE_SIGNATURE:
+ case GRUB_FILE_TYPE_PUBLIC_KEY:
+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
+ case GRUB_FILE_TYPE_TESTLOAD:
+ case GRUB_FILE_TYPE_GET_SIZE:
+ case GRUB_FILE_TYPE_FONT:
+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
+ case GRUB_FILE_TYPE_CAT:
+ case GRUB_FILE_TYPE_HEXCAT:
+ case GRUB_FILE_TYPE_CMP:
+ case GRUB_FILE_TYPE_HASHLIST:
+ case GRUB_FILE_TYPE_TO_HASH:
+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
+ case GRUB_FILE_TYPE_PIXMAP:
+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
+ case GRUB_FILE_TYPE_CONFIG:
+ case GRUB_FILE_TYPE_THEME:
+ case GRUB_FILE_TYPE_GETTEXT_CATALOG:
+ case GRUB_FILE_TYPE_FS_SEARCH:
+ case GRUB_FILE_TYPE_LOADENV:
+ case GRUB_FILE_TYPE_SAVEENV:
+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ return GRUB_ERR_NONE;
+
+ /* Other files. */
+ default:
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
+ }
+}
+
+static grub_err_t
+shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size)
+{
+ grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0);
+
+ if (!sl)
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found"));
+
+ if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+
+ return GRUB_ERR_NONE;
+}
+
+struct grub_file_verifier shim_lock_verifier =
+ {
+ .name = "shim_lock_verifier",
+ .init = shim_lock_verifier_init,
+ .write = shim_lock_verifier_write
+ };
+
+void
+grub_shim_lock_verifier_setup (void)
+{
+ struct grub_module_header *header;
+ grub_efi_shim_lock_protocol_t *sl =
+ grub_efi_locate_protocol (&shim_lock_guid, 0);
+
+ /* shim_lock is missing, check if GRUB image is built with --disable-shim-lock. */
+ if (!sl)
+ {
+ FOR_MODULES (header)
+ {
+ if (header->type == OBJ_TYPE_DISABLE_SHIM_LOCK)
+ return;
+ }
+ }
+
+ /* Secure Boot is off. Do not load shim_lock. */
+ if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
+ /* Enforce shim_lock_verifier. */
+ grub_verifier_register (&shim_lock_verifier);
+
+ grub_env_set ("shim_lock", "y");
+ grub_env_export ("shim_lock");
+}
diff --git a/include/grub/verify.h b/include/grub/verify.h
index cd129c3..672ae16 100644
--- a/include/grub/verify.h
+++ b/include/grub/verify.h
@@ -24,6 +24,7 @@
enum grub_verify_flags
{
+ GRUB_VERIFY_FLAGS_NONE = 0,
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
/* Defer verification to another authority. */
--
2.25.1

View File

@@ -0,0 +1,275 @@
From 431a111c60095fc973d83fe9209f26f29ce78784 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 1 Aug 2022 11:17:17 +0530
Subject: [PATCH] CVE-2022-28736
Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=04c86e0bb7b58fc2f913f798cdb18934933e532d]
CVE: CVE-2022-28736
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
loader/efi/chainloader: Use grub_loader_set_ex()
This ports the EFI chainloader to use grub_loader_set_ex() in order to fix
a use-after-free bug that occurs when grub_cmd_chainloader() is executed
more than once before a boot attempt is performed.
Fixes: CVE-2022-28736
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++----
grub-core/loader/efi/chainloader.c | 46 +++++++++++----------
include/grub/loader.h | 5 +++
3 files changed, 87 insertions(+), 30 deletions(-)
diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
index bbca81e..6151478 100644
--- a/grub-core/commands/boot.c
+++ b/grub-core/commands/boot.c
@@ -27,10 +27,20 @@
GRUB_MOD_LICENSE ("GPLv3+");
-static grub_err_t (*grub_loader_boot_func) (void);
-static grub_err_t (*grub_loader_unload_func) (void);
+static grub_err_t (*grub_loader_boot_func) (void *context);
+static grub_err_t (*grub_loader_unload_func) (void *context);
+static void *grub_loader_context;
static int grub_loader_flags;
+struct grub_simple_loader_hooks
+{
+ grub_err_t (*boot) (void);
+ grub_err_t (*unload) (void);
+};
+
+/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
+static struct grub_simple_loader_hooks simple_loader_hooks;
+
struct grub_preboot
{
grub_err_t (*preboot_func) (int);
@@ -44,6 +54,29 @@ static int grub_loader_loaded;
static struct grub_preboot *preboots_head = 0,
*preboots_tail = 0;
+static grub_err_t
+grub_simple_boot_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+ return hooks->boot ();
+}
+
+static grub_err_t
+grub_simple_unload_hook (void *context)
+{
+ struct grub_simple_loader_hooks *hooks;
+ grub_err_t ret;
+
+ hooks = (struct grub_simple_loader_hooks *) context;
+
+ ret = hooks->unload ();
+ grub_memset (hooks, 0, sizeof (*hooks));
+
+ return ret;
+}
+
int
grub_loader_is_loaded (void)
{
@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
}
void
-grub_loader_set (grub_err_t (*boot) (void),
- grub_err_t (*unload) (void),
- int flags)
+grub_loader_set_ex (grub_err_t (*boot) (void *context),
+ grub_err_t (*unload) (void *context),
+ void *context,
+ int flags)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = boot;
grub_loader_unload_func = unload;
+ grub_loader_context = context;
grub_loader_flags = flags;
grub_loader_loaded = 1;
}
+void
+grub_loader_set (grub_err_t (*boot) (void),
+ grub_err_t (*unload) (void),
+ int flags)
+{
+ grub_loader_set_ex (grub_simple_boot_hook,
+ grub_simple_unload_hook,
+ &simple_loader_hooks,
+ flags);
+
+ simple_loader_hooks.boot = boot;
+ simple_loader_hooks.unload = unload;
+}
+
void
grub_loader_unset(void)
{
if (grub_loader_loaded && grub_loader_unload_func)
- grub_loader_unload_func ();
+ grub_loader_unload_func (grub_loader_context);
grub_loader_boot_func = 0;
grub_loader_unload_func = 0;
+ grub_loader_context = 0;
grub_loader_loaded = 0;
}
@@ -158,7 +208,7 @@ grub_loader_boot (void)
return err;
}
}
- err = (grub_loader_boot_func) ();
+ err = (grub_loader_boot_func) (grub_loader_context);
for (cur = preboots_tail; cur; cur = cur->prev)
if (! err)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index a8d7b91..93a028a 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -44,33 +44,28 @@ GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
-static grub_efi_physical_address_t address;
-static grub_efi_uintn_t pages;
-static grub_efi_device_path_t *file_path;
-static grub_efi_handle_t image_handle;
-static grub_efi_char16_t *cmdline;
-
static grub_err_t
-grub_chainloader_unload (void)
+grub_chainloader_unload (void *context)
{
+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
+ grub_efi_loaded_image_t *loaded_image;
grub_efi_boot_services_t *b;
+ loaded_image = grub_efi_get_loaded_image (image_handle);
+ if (loaded_image != NULL)
+ grub_free (loaded_image->load_options);
+
b = grub_efi_system_table->boot_services;
efi_call_1 (b->unload_image, image_handle);
- efi_call_2 (b->free_pages, address, pages);
-
- grub_free (file_path);
- grub_free (cmdline);
- cmdline = 0;
- file_path = 0;
grub_dl_unref (my_mod);
return GRUB_ERR_NONE;
}
static grub_err_t
-grub_chainloader_boot (void)
+grub_chainloader_boot (void *context)
{
+ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
grub_efi_boot_services_t *b;
grub_efi_status_t status;
grub_efi_uintn_t exit_data_size;
@@ -139,7 +134,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
char *dir_start;
char *dir_end;
grub_size_t size;
- grub_efi_device_path_t *d;
+ grub_efi_device_path_t *d, *file_path;
dir_start = grub_strchr (filename, ')');
if (! dir_start)
@@ -215,11 +210,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_efi_status_t status;
grub_efi_boot_services_t *b;
grub_device_t dev = 0;
- grub_efi_device_path_t *dp = 0;
+ grub_efi_device_path_t *dp = NULL, *file_path = NULL;
grub_efi_loaded_image_t *loaded_image;
char *filename;
void *boot_image = 0;
grub_efi_handle_t dev_handle = 0;
+ grub_efi_physical_address_t address = 0;
+ grub_efi_uintn_t pages = 0;
+ grub_efi_char16_t *cmdline = NULL;
+ grub_efi_handle_t image_handle = NULL;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -227,11 +226,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_dl_ref (my_mod);
- /* Initialize some global variables. */
- address = 0;
- image_handle = 0;
- file_path = 0;
-
b = grub_efi_system_table->boot_services;
file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
@@ -401,7 +395,11 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
grub_file_close (file);
grub_device_close (dev);
- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+ /* We're finished with the source image buffer and file path now. */
+ efi_call_2 (b->free_pages, address, pages);
+ grub_free (file_path);
+
+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0);
return 0;
fail:
@@ -412,11 +410,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
if (file)
grub_file_close (file);
+ grub_free (cmdline);
grub_free (file_path);
if (address)
efi_call_2 (b->free_pages, address, pages);
+ if (image_handle != NULL)
+ efi_call_1 (b->unload_image, image_handle);
+
grub_dl_unref (my_mod);
return grub_errno;
diff --git a/include/grub/loader.h b/include/grub/loader.h
index 7f82a49..3071a50 100644
--- a/include/grub/loader.h
+++ b/include/grub/loader.h
@@ -39,6 +39,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
grub_err_t (*unload) (void),
int flags);
+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context),
+ grub_err_t (*unload) (void *context),
+ void *context,
+ int flags);
+
/* Unset current loader, if any. */
void EXPORT_FUNC (grub_loader_unset) (void);
--
2.25.1

View File

@@ -0,0 +1,97 @@
From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Mon, 24 Oct 2022 08:05:35 +0800
Subject: [PATCH] font: Fix an integer underflow in blit_comb()
The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may
evaluate to a very big invalid value even if both ctx.bounds.height and
combining_glyphs[i]->height are small integers. For example, if
ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this
expression evaluates to 2147483647 (expected -1). This is because
coordinates are allowed to be negative but ctx.bounds.height is an
unsigned int. So, the subtraction operates on unsigned ints and
underflows to a very big value. The division makes things even worse.
The quotient is still an invalid value even if converted back to int.
This patch fixes the problem by casting ctx.bounds.height to int. As
a result the subtraction will operate on int and grub_uint16_t which
will be promoted to an int. So, the underflow will no longer happen. Other
uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int,
to ensure coordinates are always calculated on signed integers.
Fixes: CVE-2022-3775
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af]
CVE: CVE-2022-3775
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
grub-core/font/font.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index f110db9..3b76b22 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -1200,12 +1200,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
ctx.bounds.height = main_glyph->height;
above_rightx = main_glyph->offset_x + main_glyph->width;
- above_righty = ctx.bounds.y + ctx.bounds.height;
+ above_righty = ctx.bounds.y + (int) ctx.bounds.height;
above_leftx = main_glyph->offset_x;
- above_lefty = ctx.bounds.y + ctx.bounds.height;
+ above_lefty = ctx.bounds.y + (int) ctx.bounds.height;
- below_rightx = ctx.bounds.x + ctx.bounds.width;
+ below_rightx = ctx.bounds.x + (int) ctx.bounds.width;
below_righty = ctx.bounds.y;
comb = grub_unicode_get_comb (glyph_id);
@@ -1218,7 +1218,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
if (!combining_glyphs[i])
continue;
- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
+ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
/* CGJ is to avoid diacritics reordering. */
if (comb[i].code
== GRUB_UNICODE_COMBINING_GRAPHEME_JOINER)
@@ -1228,8 +1228,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
case GRUB_UNICODE_COMB_OVERLAY:
do_blit (combining_glyphs[i],
targetx,
- (ctx.bounds.height - combining_glyphs[i]->height) / 2
- - (ctx.bounds.height + ctx.bounds.y), &ctx);
+ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2
+ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
break;
@@ -1302,7 +1302,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
/* Fallthrough. */
case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
do_blit (combining_glyphs[i], targetx,
- -(ctx.bounds.height + ctx.bounds.y + space
+ -((int) ctx.bounds.height + ctx.bounds.y + space
+ combining_glyphs[i]->height), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
@@ -1310,7 +1310,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
case GRUB_UNICODE_COMB_HEBREW_DAGESH:
do_blit (combining_glyphs[i], targetx,
- -(ctx.bounds.height / 2 + ctx.bounds.y
+ -((int) ctx.bounds.height / 2 + ctx.bounds.y
+ combining_glyphs[i]->height / 2), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
--
2.25.1

View File

@@ -0,0 +1,117 @@
From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Fri, 5 Aug 2022 00:51:20 +0800
Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
The length of memory allocation and file read may overflow. This patch
fixes the problem by using safemath macros.
There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
It is safe replacement for such code. It has safemath-like prototype.
This patch also introduces grub_cast(value, pointer), it casts value to
typeof(*pointer) then store the value to *pointer. It returns true when
overflow occurs or false if there is no overflow. The semantics of arguments
and return value are designed to be consistent with other safemath macros.
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532]
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
grub-core/font/font.c | 17 +++++++++++++----
include/grub/bitmap.h | 18 ++++++++++++++++++
include/grub/safemath.h | 2 ++
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 5edb477..df17dba 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -733,7 +733,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
grub_int16_t xoff;
grub_int16_t yoff;
grub_int16_t dwidth;
- int len;
+ grub_ssize_t len;
+ grub_size_t sz;
if (index_entry->glyph)
/* Return cached glyph. */
@@ -760,9 +761,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
return 0;
}
- len = (width * height + 7) / 8;
- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
- if (!glyph)
+ /* Calculate real struct size of current glyph. */
+ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
+ grub_add (sizeof (struct grub_font_glyph), len, &sz))
+ {
+ remove_font (font);
+ return 0;
+ }
+
+ /* Allocate and initialize the glyph struct. */
+ glyph = grub_malloc (sz);
+ if (glyph == NULL)
{
remove_font (font);
return 0;
diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
index 5728f8c..0d9603f 100644
--- a/include/grub/bitmap.h
+++ b/include/grub/bitmap.h
@@ -23,6 +23,7 @@
#include <grub/symbol.h>
#include <grub/types.h>
#include <grub/video.h>
+#include <grub/safemath.h>
struct grub_video_bitmap
{
@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap)
return bitmap->mode_info.height;
}
+/*
+ * Calculate and store the size of data buffer of 1bit bitmap in result.
+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
+ * Return true when overflow occurs or false if there is no overflow.
+ * This function is intentionally implemented as a macro instead of
+ * an inline function. Although a bit awkward, it preserves data types for
+ * safemath macros and reduces macro side effects as much as possible.
+ *
+ * XXX: Will report false overflow if width * height > UINT64_MAX.
+ */
+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \
+({ \
+ grub_uint64_t _bitmap_pixels; \
+ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \
+ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \
+})
+
void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap,
struct grub_video_mode_info *mode_info);
diff --git a/include/grub/safemath.h b/include/grub/safemath.h
index c17b89b..bb0f826 100644
--- a/include/grub/safemath.h
+++ b/include/grub/safemath.h
@@ -30,6 +30,8 @@
#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+#define grub_cast(a, res) grub_add ((a), 0, (res))
+
#else
#error gcc 5.1 or newer or clang 3.8 or newer is required
#endif
--
2.25.1

View File

@@ -95,6 +95,17 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
file://CVE-2021-3981.patch \
file://CVE-2021-3695.patch \
file://CVE-2021-3696.patch \
file://CVE-2021-3697.patch \
file://CVE-2022-28733.patch \
file://CVE-2022-28734.patch \
file://CVE-2022-28736.patch \
file://CVE-2022-28735.patch \
file://font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \
file://CVE-2022-2601.patch \
file://CVE-2022-3775.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

View File

@@ -0,0 +1,67 @@
From 36c878a0124973f29b7ca49e6bb18310f9b2601f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Thu, 8 Sep 2022 11:11:30 +0200
Subject: [PATCH 1/3] Bound the amount of work performed for delegations
Limit the amount of database lookups that can be triggered in
fctx_getaddresses() (i.e. when determining the name server addresses to
query next) by setting a hard limit on the number of NS RRs processed
for any delegation encountered. Without any limit in place, named can
be forced to perform large amounts of database lookups per each query
received, which severely impacts resolver performance.
The limit used (20) is an arbitrary value that is considered to be big
enough for any sane DNS delegation.
(cherry picked from commit 3a44097fd6c6c260765b628cd1d2c9cb7efb0b2a)
Upstream-Status: Backport
CVE: CVE-2022-2795
Reference to upstream patch:
https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
lib/dns/resolver.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 8ae9a993bbd7..ac9a9ef5d009 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -180,6 +180,12 @@
*/
#define NS_FAIL_LIMIT 4
#define NS_RR_LIMIT 5
+/*
+ * IP address lookups are performed for at most NS_PROCESSING_LIMIT NS RRs in
+ * any NS RRset encountered, to avoid excessive resource use while processing
+ * large delegations.
+ */
+#define NS_PROCESSING_LIMIT 20
/* Number of hash buckets for zone counters */
#ifndef RES_DOMAIN_BUCKETS
@@ -3318,6 +3324,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
bool need_alternate = false;
bool all_spilled = true;
unsigned int no_addresses = 0;
+ unsigned int ns_processed = 0;
FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
@@ -3504,6 +3511,11 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
dns_rdata_reset(&rdata);
dns_rdata_freestruct(&ns);
+
+ if (++ns_processed >= NS_PROCESSING_LIMIT) {
+ result = ISC_R_NOMORE;
+ break;
+ }
}
if (result != ISC_R_NOMORE) {
return (result);
--
2.34.1

View File

@@ -0,0 +1,31 @@
From ef3d1a84ff807eea27b4fef601a15932c5ffbfbf Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 11 Aug 2022 15:15:34 +1000
Subject: [PATCH 2/3] Free eckey on siglen mismatch
Upstream-Status: Backport
CVE: CVE-2022-38177
Reference to upstream patch:
https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
lib/dns/opensslecdsa_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 83b5b51cd78c..7576e04ac635 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
siglen = DNS_SIG_ECDSA384SIZE;
if (sig->length != siglen)
- return (DST_R_VERIFYFAILURE);
+ DST_RET(DST_R_VERIFYFAILURE);
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
DST_RET (dst__openssl_toresult3(dctx->category,
--
2.34.1

View File

@@ -0,0 +1,33 @@
From 65f5b2f0162d5d2ab25f463aa14a8bae71ace3d9 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 11 Aug 2022 15:28:13 +1000
Subject: [PATCH 3/3] Free ctx on invalid siglen
(cherry picked from commit 6ddb480a84836641a0711768a94122972c166825)
Upstream-Status: Backport
CVE: CVE-2022-38178
Reference to upstream patch:
https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
lib/dns/openssleddsa_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index 8b115ec283f0..b4fcd607c131 100644
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
siglen = DNS_SIG_ED448SIZE;
if (sig->length != siglen)
- return (DST_R_VERIFYFAILURE);
+ DST_RET(ISC_R_NOTIMPLEMENTED);
isc_buffer_usedregion(buf, &tbsreg);
--
2.34.1

View File

@@ -19,6 +19,9 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
file://CVE-2022-2795.patch \
file://CVE-2022-38177.patch \
file://CVE-2022-38178.patch \
"
SRC_URI[sha256sum] = "0d8efbe7ec166ada90e46add4267b7e7c934790cba9bd5af6b8380a4fbfb5aff"

View File

@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
DEPENDS = "dbus glib-2.0"
RDEPENDS:${PN} += "dbus"
PROVIDES += "bluez-hcidump"
RPROVIDES_${PN} += "bluez-hcidump"
@@ -56,6 +57,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
file://CVE-2021-3588.patch \
file://CVE-2021-3658.patch \
file://CVE-2022-0204.patch \
file://CVE-2022-39176.patch \
file://CVE-2022-3637.patch \
"
S = "${WORKDIR}/bluez-${PV}"

View File

@@ -0,0 +1,39 @@
From b808b2852a0b48c6f9dbb038f932613cea3126c2 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 27 Oct 2022 09:51:27 +0530
Subject: [PATCH] CVE-2022-3637
Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f]
CVE: CVE-2022-3637
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
monitor: Fix crash when using RTT backend
This fix regression introduced by "monitor: Fix memory leaks".
J-Link shared library is in use if jlink_init() returns 0 and thus
handle shall not be closed.
---
monitor/jlink.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/monitor/jlink.c b/monitor/jlink.c
index afa9d93..5bd4aed 100644
--- a/monitor/jlink.c
+++ b/monitor/jlink.c
@@ -120,9 +120,12 @@ int jlink_init(void)
!jlink.tif_select || !jlink.setspeed ||
!jlink.connect || !jlink.getsn ||
!jlink.emu_getproductname ||
- !jlink.rtterminal_control || !jlink.rtterminal_read)
+ !jlink.rtterminal_control || !jlink.rtterminal_read) {
+ dlclose(so);
return -EIO;
+ }
+ /* don't dlclose(so) here cause symbols from it are in use now */
return 0;
}
--
2.25.1

View File

@@ -0,0 +1,126 @@
From 752c7f707c3cc1eb12eadc13bc336a5c484d4bdf Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Wed, 28 Sep 2022 10:45:53 +0530
Subject: [PATCH] CVE-2022-39176
Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.6]
CVE: CVE-2022-39176
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
profiles/audio/avdtp.c | 56 +++++++++++++++++++++++++++---------------
profiles/audio/avrcp.c | 8 ++++++
2 files changed, 44 insertions(+), 20 deletions(-)
diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
index 782268c..0adf413 100644
--- a/profiles/audio/avdtp.c
+++ b/profiles/audio/avdtp.c
@@ -1261,43 +1261,53 @@ struct avdtp_remote_sep *avdtp_find_remote_sep(struct avdtp *session,
return NULL;
}
-static GSList *caps_to_list(uint8_t *data, int size,
+static GSList *caps_to_list(uint8_t *data, size_t size,
struct avdtp_service_capability **codec,
gboolean *delay_reporting)
{
+ struct avdtp_service_capability *cap;
GSList *caps;
- int processed;
if (delay_reporting)
*delay_reporting = FALSE;
- for (processed = 0, caps = NULL; processed + 2 <= size;) {
- struct avdtp_service_capability *cap;
- uint8_t length, category;
+ if (size < sizeof(*cap))
+ return NULL;
+
+ for (caps = NULL; size >= sizeof(*cap);) {
+ struct avdtp_service_capability *cpy;
- category = data[0];
- length = data[1];
+ cap = (struct avdtp_service_capability *)data;
- if (processed + 2 + length > size) {
+ if (sizeof(*cap) + cap->length > size) {
error("Invalid capability data in getcap resp");
break;
}
- cap = g_malloc(sizeof(struct avdtp_service_capability) +
- length);
- memcpy(cap, data, 2 + length);
+ if (cap->category == AVDTP_MEDIA_CODEC &&
+ cap->length < sizeof(**codec)) {
+ error("Invalid codec data in getcap resp");
+ break;
+ }
+
+ cpy = btd_malloc(sizeof(*cpy) + cap->length);
+ memcpy(cpy, cap, sizeof(*cap) + cap->length);
- processed += 2 + length;
- data += 2 + length;
+ size -= sizeof(*cap) + cap->length;
+ data += sizeof(*cap) + cap->length;
- caps = g_slist_append(caps, cap);
+ caps = g_slist_append(caps, cpy);
- if (category == AVDTP_MEDIA_CODEC &&
- length >=
- sizeof(struct avdtp_media_codec_capability))
- *codec = cap;
- else if (category == AVDTP_DELAY_REPORTING && delay_reporting)
- *delay_reporting = TRUE;
+ switch (cap->category) {
+ case AVDTP_MEDIA_CODEC:
+ if (codec)
+ *codec = cpy;
+ break;
+ case AVDTP_DELAY_REPORTING:
+ if (delay_reporting)
+ *delay_reporting = TRUE;
+ break;
+ }
}
return caps;
@@ -1494,6 +1504,12 @@ static gboolean avdtp_setconf_cmd(struct avdtp *session, uint8_t transaction,
&stream->codec,
&stream->delay_reporting);
+ if (!stream->caps || !stream->codec) {
+ err = AVDTP_UNSUPPORTED_CONFIGURATION;
+ category = 0x00;
+ goto failed_stream;
+ }
+
/* Verify that the Media Transport capability's length = 0. Reject otherwise */
for (l = stream->caps; l != NULL; l = g_slist_next(l)) {
struct avdtp_service_capability *cap = l->data;
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index d9471c0..0233d53 100644
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -1916,6 +1916,14 @@ static size_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
goto err_metadata;
}
+ operands += sizeof(*pdu);
+ operand_count -= sizeof(*pdu);
+
+ if (pdu->params_len != operand_count) {
+ DBG("AVRCP PDU parameters length don't match");
+ pdu->params_len = operand_count;
+ }
+
for (handler = session->control_handlers; handler->pdu_id; handler++) {
if (handler->pdu_id == pdu->pdu_id)
break;
--
2.25.1

View File

@@ -0,0 +1,37 @@
From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001
From: Nathan Crandall <ncrandall@tesla.com>
Date: Tue, 12 Jul 2022 08:56:34 +0200
Subject: gweb: Fix OOB write in received_data()
There is a mismatch of handling binary vs. C-string data with memchr
and strlen, resulting in pos, count, and bytes_read to become out of
sync and result in a heap overflow. Instead, do not treat the buffer
as an ASCII C-string. We calculate the count based on the return value
of memchr, instead of strlen.
Fixes: CVE-2022-32292
Upstream-Status: Backport
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312b
CVE: CVE-2022-32292
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
gweb/gweb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gweb/gweb.c b/gweb/gweb.c
index 12fcb1d8..13c6c5f2 100644
--- a/gweb/gweb.c
+++ b/gweb/gweb.c
@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond,
}
*pos = '\0';
- count = strlen((char *) ptr);
+ count = pos - ptr;
if (count > 0 && ptr[count - 1] == '\r') {
ptr[--count] = '\0';
bytes_read--;
--
cgit

View File

@@ -0,0 +1,266 @@
From 358a44b1442fae0f82846e10da0708b5c4e1ce27 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 20 Sep 2022 17:58:19 +0530
Subject: [PATCH] CVE-2022-32293
CVE: CVE-2022-32293
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
src/wispr.c | 83 ++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 63 insertions(+), 20 deletions(-)
diff --git a/src/wispr.c b/src/wispr.c
index 473c0e0..97e0242 100644
--- a/src/wispr.c
+++ b/src/wispr.c
@@ -59,6 +59,7 @@ struct wispr_route {
};
struct connman_wispr_portal_context {
+ int refcount;
struct connman_service *service;
enum connman_ipconfig_type type;
struct connman_wispr_portal *wispr_portal;
@@ -96,10 +97,13 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data);
static GHashTable *wispr_portal_list = NULL;
+#define wispr_portal_context_ref(wp_context) \
+ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__)
+#define wispr_portal_context_unref(wp_context) \
+ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__)
+
static void connman_wispr_message_init(struct connman_wispr_message *msg)
{
- DBG("");
-
msg->has_error = false;
msg->current_element = NULL;
@@ -159,11 +163,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context)
static void free_connman_wispr_portal_context(
struct connman_wispr_portal_context *wp_context)
{
- DBG("context %p", wp_context);
-
- if (!wp_context)
- return;
-
if (wp_context->wispr_portal) {
if (wp_context->wispr_portal->ipv4_context == wp_context)
wp_context->wispr_portal->ipv4_context = NULL;
@@ -200,9 +199,38 @@ static void free_connman_wispr_portal_context(
g_free(wp_context);
}
+static struct connman_wispr_portal_context *
+wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context,
+ const char *file, int line, const char *caller)
+{
+ DBG("%p ref %d by %s:%d:%s()", wp_context,
+ wp_context->refcount + 1, file, line, caller);
+
+ __sync_fetch_and_add(&wp_context->refcount, 1);
+
+ return wp_context;
+}
+
+static void wispr_portal_context_unref_debug(
+ struct connman_wispr_portal_context *wp_context,
+ const char *file, int line, const char *caller)
+{
+ if (!wp_context)
+ return;
+
+ DBG("%p ref %d by %s:%d:%s()", wp_context,
+ wp_context->refcount - 1, file, line, caller);
+
+ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1)
+ return;
+
+ free_connman_wispr_portal_context(wp_context);
+}
+
static struct connman_wispr_portal_context *create_wispr_portal_context(void)
{
- return g_try_new0(struct connman_wispr_portal_context, 1);
+ return wispr_portal_context_ref(
+ g_new0(struct connman_wispr_portal_context, 1));
}
static void free_connman_wispr_portal(gpointer data)
@@ -214,8 +242,8 @@ static void free_connman_wispr_portal(gpointer data)
if (!wispr_portal)
return;
- free_connman_wispr_portal_context(wispr_portal->ipv4_context);
- free_connman_wispr_portal_context(wispr_portal->ipv6_context);
+ wispr_portal_context_unref(wispr_portal->ipv4_context);
+ wispr_portal_context_unref(wispr_portal->ipv6_context);
g_free(wispr_portal);
}
@@ -450,8 +478,6 @@ static void portal_manage_status(GWebResult *result,
&str))
connman_info("Client-Timezone: %s", str);
- free_connman_wispr_portal_context(wp_context);
-
__connman_service_ipconfig_indicate_state(service,
CONNMAN_SERVICE_STATE_ONLINE, type);
}
@@ -509,14 +535,17 @@ static void wispr_portal_request_portal(
{
DBG("");
+ wispr_portal_context_ref(wp_context);
wp_context->request_id = g_web_request_get(wp_context->web,
wp_context->status_url,
wispr_portal_web_result,
wispr_route_request,
wp_context);
- if (wp_context->request_id == 0)
+ if (wp_context->request_id == 0) {
wispr_portal_error(wp_context);
+ wispr_portal_context_unref(wp_context);
+ }
}
static bool wispr_input(const guint8 **data, gsize *length,
@@ -562,13 +591,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service,
return;
if (!authentication_done) {
- wispr_portal_error(wp_context);
free_wispr_routes(wp_context);
+ wispr_portal_error(wp_context);
+ wispr_portal_context_unref(wp_context);
return;
}
/* Restarting the test */
__connman_service_wispr_start(service, wp_context->type);
+ wispr_portal_context_unref(wp_context);
}
static void wispr_portal_request_wispr_login(struct connman_service *service,
@@ -592,7 +623,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service,
return;
}
- free_connman_wispr_portal_context(wp_context);
+ wispr_portal_context_unref(wp_context);
return;
}
@@ -644,11 +675,13 @@ static bool wispr_manage_message(GWebResult *result,
wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN;
+ wispr_portal_context_ref(wp_context);
if (__connman_agent_request_login_input(wp_context->service,
wispr_portal_request_wispr_login,
- wp_context) != -EINPROGRESS)
+ wp_context) != -EINPROGRESS) {
wispr_portal_error(wp_context);
- else
+ wispr_portal_context_unref(wp_context);
+ } else
return true;
break;
@@ -697,6 +730,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
if (length > 0) {
g_web_parser_feed_data(wp_context->wispr_parser,
chunk, length);
+ wispr_portal_context_unref(wp_context);
return true;
}
@@ -714,6 +748,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
switch (status) {
case 000:
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->status_url, wp_context);
@@ -725,11 +760,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
if (g_web_result_get_header(result, "X-ConnMan-Status",
&str)) {
portal_manage_status(result, wp_context);
+ wispr_portal_context_unref(wp_context);
return false;
- } else
+ } else {
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->redirect_url, wp_context);
+ }
break;
case 302:
@@ -737,6 +775,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
!g_web_result_get_header(result, "Location",
&redirect)) {
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->status_url, wp_context);
@@ -747,6 +786,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
wp_context->redirect_url = g_strdup(redirect);
+ wispr_portal_context_ref(wp_context);
wp_context->request_id = g_web_request_get(wp_context->web,
redirect, wispr_portal_web_result,
wispr_route_request, wp_context);
@@ -763,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
break;
case 505:
+ wispr_portal_context_ref(wp_context);
__connman_agent_request_browser(wp_context->service,
wispr_portal_browser_reply_cb,
wp_context->status_url, wp_context);
@@ -775,6 +816,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
wp_context->request_id = 0;
done:
wp_context->wispr_msg.message_type = -1;
+ wispr_portal_context_unref(wp_context);
return false;
}
@@ -809,6 +851,7 @@ static void proxy_callback(const char *proxy, void *user_data)
xml_wispr_parser_callback, wp_context);
wispr_portal_request_portal(wp_context);
+ wispr_portal_context_unref(wp_context);
}
static gboolean no_proxy_callback(gpointer user_data)
@@ -903,7 +946,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context)
if (wp_context->token == 0) {
err = -EINVAL;
- free_connman_wispr_portal_context(wp_context);
+ wispr_portal_context_unref(wp_context);
}
} else if (wp_context->timeout == 0) {
wp_context->timeout = g_idle_add(no_proxy_callback, wp_context);
@@ -952,7 +995,7 @@ int __connman_wispr_start(struct connman_service *service,
/* If there is already an existing context, we wipe it */
if (wp_context)
- free_connman_wispr_portal_context(wp_context);
+ wispr_portal_context_unref(wp_context);
wp_context = create_wispr_portal_context();
if (!wp_context)
--
2.25.1

View File

@@ -12,6 +12,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://CVE-2021-33833.patch \
file://CVE-2022-23096-7.patch \
file://CVE-2022-23098.patch \
file://CVE-2022-32292.patch \
file://CVE-2022-32293.patch \
"
SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"

View File

@@ -0,0 +1,120 @@
From 8a5d739eea10ee6e193f053b1662142d5657cbc6 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 6 Oct 2022 09:39:18 +0530
Subject: [PATCH] CVE-2022-2928
Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
CVE: CVE-2022-2928
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
common/options.c | 7 +++++
common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
diff --git a/common/options.c b/common/options.c
index a7ed84c..4e53bb4 100644
--- a/common/options.c
+++ b/common/options.c
@@ -4452,6 +4452,8 @@ add_option(struct option_state *options,
if (!option_cache_allocate(&oc, MDL)) {
log_error("No memory for option cache adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
return 0;
}
@@ -4463,6 +4465,8 @@ add_option(struct option_state *options,
MDL)) {
log_error("No memory for constant data adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
option_cache_dereference(&oc, MDL);
return 0;
}
@@ -4471,6 +4475,9 @@ add_option(struct option_state *options,
save_option(&dhcp_universe, options, oc);
option_cache_dereference(&oc, MDL);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
+
return 1;
}
diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c
index cd52cfb..690704d 100644
--- a/common/tests/option_unittest.c
+++ b/common/tests/option_unittest.c
@@ -130,6 +130,59 @@ ATF_TC_BODY(pretty_print_option, tc)
}
+ATF_TC(add_option_ref_cnt);
+
+ATF_TC_HEAD(add_option_ref_cnt, tc)
+{
+ atf_tc_set_md_var(tc, "descr",
+ "Verify add_option() does not leak option ref counts.");
+}
+
+ATF_TC_BODY(add_option_ref_cnt, tc)
+{
+ struct option_state *options = NULL;
+ struct option *option = NULL;
+ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER;
+ char *cid_str = "1234";
+ int refcnt_before = 0;
+
+ // Look up the option we're going to add.
+ initialize_common_option_spaces();
+ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
+ &cid_code, 0, MDL)) {
+ atf_tc_fail("cannot find option definition?");
+ }
+
+ // Get the option's reference count before we call add_options.
+ refcnt_before = option->refcnt;
+
+ // Allocate a option_state to which to add an option.
+ if (!option_state_allocate(&options, MDL)) {
+ atf_tc_fail("cannot allocat options state");
+ }
+
+ // Call add_option() to add the option to the option state.
+ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) {
+ atf_tc_fail("add_option returned 0");
+ }
+
+ // Verify that calling add_option() only adds 1 to the option ref count.
+ if (option->refcnt != (refcnt_before + 1)) {
+ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+
+ // Derefrence the option_state, this should reduce the ref count to
+ // it's starting value.
+ option_state_dereference(&options, MDL);
+
+ // Verify that dereferencing option_state restores option ref count.
+ if (option->refcnt != refcnt_before) {
+ atf_tc_fail("after state deref, count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+}
+
/* This macro defines main() method that will call specified
test cases. tp and simple_test_case names can be whatever you want
as long as it is a valid variable identifier. */
@@ -137,6 +190,7 @@ ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, option_refcnt);
ATF_TP_ADD_TC(tp, pretty_print_option);
+ ATF_TP_ADD_TC(tp, add_option_ref_cnt);
return (atf_no_error());
}
--
2.25.1

View File

@@ -0,0 +1,40 @@
From 5c959166ebee7605e2048de573f2475b4d731ff7 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 6 Oct 2022 09:42:59 +0530
Subject: [PATCH] CVE-2022-2929
Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
CVE: CVE-2022-2929
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
common/options.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/options.c b/common/options.c
index 4e53bb4..28800fc 100644
--- a/common/options.c
+++ b/common/options.c
@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options,
while (s < &bp -> data[0] + length + 2) {
len = *s;
if (len > 63) {
- log_info ("fancy bits in fqdn option");
- return 0;
+ log_info ("label length exceeds 63 in fqdn option");
+ goto bad;
}
if (len == 0) {
terminated = 1;
break;
}
if (s + len > &bp -> data [0] + length + 3) {
- log_info ("fqdn tag longer than buffer");
- return 0;
+ log_info ("fqdn label longer than buffer");
+ goto bad;
}
if (first_len == 0) {
--
2.25.1

View File

@@ -11,6 +11,8 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
file://0013-fixup_use_libbind.patch \
file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \
file://CVE-2021-25217.patch \
file://CVE-2022-2928.patch \
file://CVE-2022-2929.patch \
"
SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1"

View File

@@ -0,0 +1,54 @@
From eaae65aac967f9628787dca4a2501ca860bb6598 Mon Sep 17 00:00:00 2001
From: Minjae Kim <flowergom@gmail.com>
Date: Mon, 26 Sep 2022 22:05:07 +0200
Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt
Fix telnetd crash if the first two bytes of a new connection
are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
The problem was reported in:
<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>.
* NEWS: Mention fix.
* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and
zero slctab[SLC_EL].sptr.
CVE: CVE-2022-39028
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f]
Signed-off-by: Minjae Kim<flowergom@gmail.com>
---
telnetd/state.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/telnetd/state.c b/telnetd/state.c
index 2184bca..7948503 100644
--- a/telnetd/state.c
+++ b/telnetd/state.c
@@ -314,15 +314,21 @@ telrcv (void)
case EC:
case EL:
{
- cc_t ch;
+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
ptyflush (); /* half-hearted */
init_termbuf ();
if (c == EC)
- ch = *slctab[SLC_EC].sptr;
+ {
+ if (slctab[SLC_EC].sptr)
+ ch = *slctab[SLC_EC].sptr;
+ }
else
- ch = *slctab[SLC_EL].sptr;
+ {
+ if (slctab[SLC_EL].sptr)
+ ch = *slctab[SLC_EL].sptr;
+ }
if (ch != (cc_t) (_POSIX_VDISABLE))
pty_output_byte ((unsigned char) ch);
break;
--
2.25.1

View File

@@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
file://0001-rcp-fix-to-work-with-large-files.patch \
file://fix-buffer-fortify-tfpt.patch \
file://CVE-2021-40491.patch \
file://CVE-2022-39028.patch \
"
SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"

View File

@@ -5,8 +5,8 @@ SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
SRCREV = "3d5c8d0f7e0264768a2c000d0fd4b4d4a991e041"
PV = "20220511"
SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f"
PV = "20221107"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"

View File

@@ -60,6 +60,13 @@ CVE_CHECK_WHITELIST += "CVE-2008-3844"
# https://ubuntu.com/security/CVE-2016-20012
CVE_CHECK_WHITELIST += "CVE-2016-20012"
# As per debian, the issue is fixed by a feature called "agent restriction" in openssh 8.9
# Urgency is unimportant as per debian, Hence this CVE is whitelisting.
# https://security-tracker.debian.org/tracker/CVE-2021-36368
# https://bugzilla.mindrot.org/show_bug.cgi?id=3316#c2
# https://docs.ssh-mitm.at/trivialauth.html
CVE_CHECK_WHITELIST += "CVE-2021-36368"
PAM_SRC_URI = "file://sshd"
inherit manpages useradd update-rc.d update-alternatives systemd
@@ -183,12 +190,17 @@ FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
RRECOMMENDS_${PN}-sshd_append_class-target = "\
${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
"
# break dependency on base package for -dev package
# otherwise SDK fails to build as the main openssh and dropbear packages
# conflict with each other
RDEPENDS:${PN}-dev = ""
# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"

View File

@@ -1,55 +0,0 @@
From 770aea88c3888cc5cb3ebc94ffcef706c68bc1d2 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 1 Jun 2022 12:06:33 +0200
Subject: [PATCH] Update expired SCT issuer certificate
Fixes #15179
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18444)
Upstream-Status: Backport
[Fixes ptest failures in OE-Core]
---
test/certs/embeddedSCTs1_issuer.pem | 30 ++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
index 1fa449d5a098..6aa9455f09ed 100644
--- a/test/certs/embeddedSCTs1_issuer.pem
+++ b/test/certs/embeddedSCTs1_issuer.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
-OwqULg==
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
+Doud4XrO
-----END CERTIFICATE-----

View File

@@ -18,14 +18,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://afalg.patch \
file://reproducible.patch \
file://reproducibility.patch \
file://770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch \
"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
SRC_URI[sha256sum] = "9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f"
SRC_URI[sha256sum] = "c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

View File

@@ -0,0 +1,50 @@
From 2aeb41a9a3a43b11b1e46628d0bf98197ff9f141 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Thu, 29 Dec 2022 18:00:20 +0100
Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
This fixes a potential vulnerability where data is written to spkt.buf
and rpkt.buf without a check on the array index. To fix this, we
check the array index (pkt->cnt) before storing the byte or
incrementing the count. This also means we no longer have a potential
signed integer overflow on the increment of pkt->cnt.
Fortunately, pppdump is not used in the normal process of setting up a
PPP connection, is not installed setuid-root, and is not invoked
automatically in any scenario that I am aware of.
Ustream-Status: Backport [https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf]
CVE: CVE-2022-4603
Signed-off-by:Minjae Kim <flowergom@gmail.com>
---
pppdump/pppdump.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
index 87c2e8f..dec4def 100644
--- a/pppdump/pppdump.c
+++ b/pppdump/pppdump.c
@@ -296,6 +296,10 @@ dumpppp(f)
printf("%s aborted packet:\n ", dir);
q = " ";
}
+ if (pkt->cnt >= sizeof(pkt->buf)) {
+ printf("%s over-long packet truncated:\n ", dir);
+ q = " ";
+ }
nb = pkt->cnt;
p = pkt->buf;
pkt->cnt = 0;
@@ -399,7 +403,8 @@ dumpppp(f)
c ^= 0x20;
pkt->esc = 0;
}
- pkt->buf[pkt->cnt++] = c;
+ if (pkt->cnt < sizeof(pkt->buf))
+ pkt->buf[pkt->cnt++] = c;
break;
}
}
--
2.25.1

View File

@@ -34,6 +34,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
file://0001-ppp-Remove-unneeded-include.patch \
file://ppp-2.4.7-DES-openssl.patch \
file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
file://CVE-2022-4603.patch \
"
SRC_URI_append_libc-musl = "\

View File

@@ -51,6 +51,7 @@ PACKAGECONFIG_class-nativesdk ??= "xattr"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,,"
PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl"
# [ df mktemp nice printenv base64 gets a special treatment and is not included in this
bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \

View File

@@ -10,8 +10,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
"
SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4"
SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe"
SRC_URI[sha256sum] = "bc42d196c1756ac520d61bf3ccd6f42013617def45dd1e591a6091abf51dca38"
EXTRA_OECONF = "--disable-xml-docs \
--disable-doxygen-docs \

View File

@@ -12,6 +12,11 @@ DEPENDS = "zlib virtual/crypt"
RPROVIDES_${PN} = "ssh sshd"
RCONFLICTS_${PN} = "openssh-sshd openssh"
# break dependency on base package for -dev package
# otherwise SDK fails to build as the main openssh and dropbear packages
# conflict with each other
RDEPENDS:${PN}-dev = ""
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
@@ -24,6 +29,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
file://CVE-2020-36254.patch \
file://CVE-2021-36369.patch \
"
PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \

View File

@@ -0,0 +1,145 @@
From e10dec82930863e487b22978d3df107274f366b2 Mon Sep 17 00:00:00 2001
From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
Date: Thu, 19 Aug 2021 17:37:14 +0200
Subject: [PATCH] added option to disable trivial auth methods (#128)
* added option to disable trivial auth methods
* rename argument to match with other ssh clients
* fixed trivial auth detection for pubkeys
[https://github.com/mkj/dropbear/pull/128]
Upstream-Status: Backport
CVE: CVE-2021-36369
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
cli-auth.c | 3 +++
cli-authinteract.c | 1 +
cli-authpasswd.c | 2 +-
cli-authpubkey.c | 1 +
cli-runopts.c | 7 +++++++
cli-session.c | 1 +
runopts.h | 1 +
session.h | 1 +
8 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/cli-auth.c b/cli-auth.c
index 2e509e5..6f04495 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -267,6 +267,9 @@ void recv_msg_userauth_success() {
if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
TRACE(("received msg_userauth_success"))
+ if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) {
+ dropbear_exit("trivial authentication not allowed");
+ }
/* Note: in delayed-zlib mode, setting authdone here
* will enable compression in the transport layer */
ses.authstate.authdone = 1;
diff --git a/cli-authinteract.c b/cli-authinteract.c
index e1cc9a1..f7128ee 100644
--- a/cli-authinteract.c
+++ b/cli-authinteract.c
@@ -114,6 +114,7 @@ void recv_msg_userauth_info_request() {
m_free(instruction);
for (i = 0; i < num_prompts; i++) {
+ cli_ses.is_trivial_auth = 0;
unsigned int response_len = 0;
prompt = buf_getstring(ses.payload, NULL);
cleantext(prompt);
diff --git a/cli-authpasswd.c b/cli-authpasswd.c
index 00fdd8b..a24d43e 100644
--- a/cli-authpasswd.c
+++ b/cli-authpasswd.c
@@ -155,7 +155,7 @@ void cli_auth_password() {
encrypt_packet();
m_burn(password, strlen(password));
-
+ cli_ses.is_trivial_auth = 0;
TRACE(("leave cli_auth_password"))
}
#endif /* DROPBEAR_CLI_PASSWORD_AUTH */
diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 7cee164..7da1a04 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -174,6 +174,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
cli_buf_put_sign(ses.writepayload, key, type, sigbuf);
buf_free(sigbuf); /* Nothing confidential in the buffer */
+ cli_ses.is_trivial_auth = 0;
}
encrypt_packet();
diff --git a/cli-runopts.c b/cli-runopts.c
index 7d1fffe..6bf8b8e 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -152,6 +152,7 @@ void cli_getopts(int argc, char ** argv) {
#if DROPBEAR_CLI_ANYTCPFWD
cli_opts.exit_on_fwd_failure = 0;
#endif
+ cli_opts.disable_trivial_auth = 0;
#if DROPBEAR_CLI_LOCALTCPFWD
cli_opts.localfwds = list_new();
opts.listen_fwd_all = 0;
@@ -888,6 +889,7 @@ static void add_extendedopt(const char* origstr) {
#if DROPBEAR_CLI_ANYTCPFWD
"\tExitOnForwardFailure\n"
#endif
+ "\tDisableTrivialAuth\n"
#ifndef DISABLE_SYSLOG
"\tUseSyslog\n"
#endif
@@ -915,5 +917,10 @@ static void add_extendedopt(const char* origstr) {
return;
}
+ if (match_extendedopt(&optstr, "DisableTrivialAuth") == DROPBEAR_SUCCESS) {
+ cli_opts.disable_trivial_auth = parse_flag_value(optstr);
+ return;
+ }
+
dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr);
}
diff --git a/cli-session.c b/cli-session.c
index 56dd4af..73ef0db 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -164,6 +164,7 @@ static void cli_session_init(pid_t proxy_cmd_pid) {
/* Auth */
cli_ses.lastprivkey = NULL;
cli_ses.lastauthtype = 0;
+ cli_ses.is_trivial_auth = 1;
/* For printing "remote host closed" for the user */
ses.remoteclosed = cli_remoteclosed;
diff --git a/runopts.h b/runopts.h
index 31eae1f..8519626 100644
--- a/runopts.h
+++ b/runopts.h
@@ -154,6 +154,7 @@ typedef struct cli_runopts {
#if DROPBEAR_CLI_ANYTCPFWD
int exit_on_fwd_failure;
#endif
+ int disable_trivial_auth;
#if DROPBEAR_CLI_REMOTETCPFWD
m_list * remotefwds;
#endif
diff --git a/session.h b/session.h
index 0f77055..8676054 100644
--- a/session.h
+++ b/session.h
@@ -287,6 +287,7 @@ struct clientsession {
int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
for the last type of auth we tried */
+ int is_trivial_auth;
int ignore_next_auth_response;
#if DROPBEAR_CLI_INTERACT_AUTH
int auth_interact_failed; /* flag whether interactive auth can still

View File

@@ -0,0 +1,53 @@
From 4a32da87e931ba54393d465bb77c40b5c33d343b Mon Sep 17 00:00:00 2001
From: Rhodri James <rhodri@wildebeest.org.uk>
Date: Wed, 17 Aug 2022 18:26:18 +0100
Subject: [PATCH] Ensure raw tagnames are safe exiting internalEntityParser
It is possible to concoct a situation in which parsing is
suspended while substituting in an internal entity, so that
XML_ResumeParser directly uses internalEntityProcessor as
its processor. If the subsequent parse includes some unclosed
tags, this will return without calling storeRawNames to ensure
that the raw versions of the tag names are stored in memory other
than the parse buffer itself. If the parse buffer is then changed
or reallocated (for example if processing a file line by line),
badness will ensue.
This patch ensures storeRawNames is always called when needed
after calling doContent. The earlier call do doContent does
not need the same protection; it only deals with entity
substitution, which cannot leave unbalanced tags, and in any
case the raw names will be pointing into the stored entity
value not the parse buffer.
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b]
CVE: CVE-2022-40674
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
---
expat/lib/xmlparse.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
Index: expat/lib/xmlparse.c
===================================================================
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -5657,10 +5657,15 @@ internalEntityProcessor(XML_Parser parse
{
parser->m_processor = contentProcessor;
/* see externalEntityContentProcessor vs contentProcessor */
- return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding,
- s, end, nextPtr,
- (XML_Bool)! parser->m_parsingStatus.finalBuffer,
- XML_ACCOUNT_DIRECT);
+ result = doContent(parser, parser->m_parentParser ? 1 : 0,
+ parser->m_encoding, s, end, nextPtr,
+ (XML_Bool)! parser->m_parsingStatus.finalBuffer,
+ XML_ACCOUNT_DIRECT);
+ if (result == XML_ERROR_NONE) {
+ if (! storeRawNames(parser))
+ return XML_ERROR_NO_MEMORY;
+ }
+ return result;
}
}

View File

@@ -0,0 +1,33 @@
From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Tue, 20 Sep 2022 02:44:34 +0200
Subject: [PATCH] lib: Fix overeager DTD destruction in
XML_ExternalEntityParserCreate
CVE: CVE-2022-43680
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4.patch]
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Comments: Hunk refreshed
---
lib/xmlparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index aacd6e7fc..57bf103cc 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -1035,6 +1035,14 @@ parserCreate(const XML_Char *encodingNam
parserInit(parser, encodingName);
if (encodingName && ! parser->m_protocolEncodingName) {
+ if (dtd) {
+ // We need to stop the upcoming call to XML_ParserFree from happily
+ // destroying parser->m_dtd because the DTD is shared with the parent
+ // parser and the only guard that keeps XML_ParserFree from destroying
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+ parser->m_dtd = NULL;
+ }
XML_ParserFree(parser);
return NULL;
}

View File

@@ -20,6 +20,8 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
file://CVE-2022-25314.patch \
file://CVE-2022-25315.patch \
file://libtool-tag.patch \
file://CVE-2022-40674.patch \
file://CVE-2022-43680.patch \
"
SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13"

View File

@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.31/master"
PV = "2.31+git${SRCPV}"
SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f"
SRCREV_glibc ?= "d4b75594574ab8a9c2c41209cd8c62aac76b5a04"
SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"

View File

@@ -11,14 +11,10 @@ CVE: CVE-2021-33574 patch#1
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
NEWS | 4 ++++
sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
Index: git/NEWS
===================================================================
--- git.orig/NEWS
+++ git/NEWS
diff --git a/NEWS b/NEWS
index 8a20d3c4e3..be489243ac 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ using `glibc' in the "product" field.
Version 2.31.1
@@ -28,12 +24,12 @@ Index: git/NEWS
+ attribute with a non-default affinity mask.
+
The following bugs are resolved with this release:
[14231] stdio-common tests memory requirements
[19519] iconv(1) with -c option hangs on illegal multi-byte sequences
(CVE-2016-10228)
Index: git/sysdeps/unix/sysv/linux/mq_notify.c
===================================================================
--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c
+++ git/sysdeps/unix/sysv/linux/mq_notify.c
diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
index f288bac477..dd47f0b777 100644
--- a/sysdeps/unix/sysv/linux/mq_notify.c
+++ b/sysdeps/unix/sysv/linux/mq_notify.c
@@ -135,8 +135,11 @@ helper_thread (void *arg)
(void) __pthread_barrier_wait (&notify_barrier);
}
@@ -48,7 +44,7 @@ Index: git/sysdeps/unix/sysv/linux/mq_notify.c
}
return NULL;
}
@@ -257,8 +260,7 @@ mq_notify (mqd_t mqdes, const struct sig
@@ -257,8 +260,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
if (data.attr == NULL)
return -1;
@@ -58,7 +54,7 @@ Index: git/sysdeps/unix/sysv/linux/mq_notify.c
}
/* Construct the new request. */
@@ -272,7 +274,10 @@ mq_notify (mqd_t mqdes, const struct sig
@@ -272,7 +274,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
/* If it failed, free the allocated memory. */
if (__glibc_unlikely (retval != 0))

View File

@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image setuptools3
SRCREV ?= "8a7fd5f633a2b72185501d4c4a8a51ed1fc7cea1"
SRCREV ?= "f1292a552f33a329ff27bbdea4c90250908d6301"
SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \

View File

@@ -14,6 +14,15 @@ finish_run() {
info "Switching root to '$ROOTFS_DIR'..."
debug "Moving basic mounts onto rootfs"
for dir in `awk '/\/dev.* \/run\/media/{print $2}' /proc/mounts`; do
# Parse any OCT or HEX encoded chars such as spaces
# in the mount points to actual ASCII chars
dir=`printf $dir`
mkdir -p "${ROOTFS_DIR}/media/${dir##*/}"
mount -n --move "$dir" "${ROOTFS_DIR}/media/${dir##*/}"
done
debug "Moving /dev, /proc and /sys onto rootfs..."
mount --move /dev $ROOTFS_DIR/dev
mount --move /proc $ROOTFS_DIR/proc

View File

@@ -129,7 +129,7 @@ do_install () {
update-rc.d -r ${D} rmnologin.sh start 99 2 3 4 5 .
update-rc.d -r ${D} sendsigs start 20 0 6 .
update-rc.d -r ${D} urandom start 38 S 0 6 .
update-rc.d -r ${D} umountnfs.sh start 31 0 1 6 .
update-rc.d -r ${D} umountnfs.sh stop 31 0 1 6 .
update-rc.d -r ${D} umountfs start 40 0 6 .
update-rc.d -r ${D} reboot start 90 6 .
update-rc.d -r ${D} halt start 90 0 .

View File

@@ -0,0 +1,813 @@
From b5125000917810731bc28055c0445d571121f80e Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 21 Apr 2022 00:45:58 +0200
Subject: [PATCH] Port gentest.py to Python 3
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb]
* fixes:
make[1]: 'testReader' is up to date.
File "../libxml2-2.9.10/gentest.py", line 11
print "libxml2 python bindings not available, skipping testapi.c generation"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("libxml2 python bindings not available, skipping testapi.c generation")?
make[1]: [Makefile:2078: testapi.c] Error 1 (ignored)
...
make[1]: 'testReader' is up to date.
File "../libxml2-2.9.10/gentest.py", line 271
return 1
^
TabError: inconsistent use of tabs and spaces in indentation
make[1]: [Makefile:2078: testapi.c] Error 1 (ignored)
...
aarch64-oe-linux-gcc: error: testapi.c: No such file or directory
aarch64-oe-linux-gcc: fatal error: no input files
compilation terminated.
make[1]: *** [Makefile:1275: testapi.o] Error 1
But there is still a bit mystery why it worked before, because check-am
calls gentest.py with $(PYTHON), so it ignores the shebang in the script
and libxml2 is using python3native (through python3targetconfig.bbclass)
so something like:
libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 gentest.py
But that still fails (now without SyntaxError) with:
libxml2 python bindings not available, skipping testapi.c generation
because we don't have dependency on libxml2-native (to provide libxml2
python bindings form python3native) and exported PYTHON_SITE_PACKAGES
might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10
which uses python 3.10 and there is no site-packages with libxml2)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
gentest.py | 421 ++++++++++++++++++++++++++---------------------------
1 file changed, 209 insertions(+), 212 deletions(-)
diff --git a/gentest.py b/gentest.py
index b763300..0756706 100755
--- a/gentest.py
+++ b/gentest.py
@@ -8,7 +8,7 @@ import string
try:
import libxml2
except:
- print "libxml2 python bindings not available, skipping testapi.c generation"
+ print("libxml2 python bindings not available, skipping testapi.c generation")
sys.exit(0)
if len(sys.argv) > 1:
@@ -227,7 +227,7 @@ extra_post_call = {
if (old != NULL) {
xmlUnlinkNode(old);
xmlFreeNode(old) ; old = NULL ; }
- ret_val = NULL;""",
+\t ret_val = NULL;""",
"xmlTextMerge":
"""if ((first != NULL) && (first->type != XML_TEXT_NODE)) {
xmlUnlinkNode(second);
@@ -236,7 +236,7 @@ extra_post_call = {
"""if ((ret_val != NULL) && (ret_val != ncname) &&
(ret_val != prefix) && (ret_val != memory))
xmlFree(ret_val);
- ret_val = NULL;""",
+\t ret_val = NULL;""",
"xmlNewDocElementContent":
"""xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""",
"xmlDictReference": "xmlDictFree(dict);",
@@ -268,29 +268,29 @@ modules = []
def is_skipped_module(name):
for mod in skipped_modules:
if mod == name:
- return 1
+ return 1
return 0
def is_skipped_function(name):
for fun in skipped_functions:
if fun == name:
- return 1
+ return 1
# Do not test destructors
- if string.find(name, 'Free') != -1:
+ if name.find('Free') != -1:
return 1
return 0
def is_skipped_memcheck(name):
for fun in skipped_memcheck:
if fun == name:
- return 1
+ return 1
return 0
missing_types = {}
def add_missing_type(name, func):
try:
list = missing_types[name]
- list.append(func)
+ list.append(func)
except:
missing_types[name] = [func]
@@ -310,7 +310,7 @@ def add_missing_functions(name, module):
missing_functions_nr = missing_functions_nr + 1
try:
list = missing_functions[module]
- list.append(name)
+ list.append(name)
except:
missing_functions[module] = [name]
@@ -319,45 +319,45 @@ def add_missing_functions(name, module):
#
def type_convert(str, name, info, module, function, pos):
-# res = string.replace(str, " ", " ")
-# res = string.replace(str, " ", " ")
-# res = string.replace(str, " ", " ")
- res = string.replace(str, " *", "_ptr")
-# res = string.replace(str, "*", "_ptr")
- res = string.replace(res, " ", "_")
+# res = str.replace(" ", " ")
+# res = str.replace(" ", " ")
+# res = str.replace(" ", " ")
+ res = str.replace(" *", "_ptr")
+# res = str.replace("*", "_ptr")
+ res = res.replace(" ", "_")
if res == 'const_char_ptr':
- if string.find(name, "file") != -1 or \
- string.find(name, "uri") != -1 or \
- string.find(name, "URI") != -1 or \
- string.find(info, "filename") != -1 or \
- string.find(info, "URI") != -1 or \
- string.find(info, "URL") != -1:
- if string.find(function, "Save") != -1 or \
- string.find(function, "Create") != -1 or \
- string.find(function, "Write") != -1 or \
- string.find(function, "Fetch") != -1:
- return('fileoutput')
- return('filepath')
+ if name.find("file") != -1 or \
+ name.find("uri") != -1 or \
+ name.find("URI") != -1 or \
+ info.find("filename") != -1 or \
+ info.find("URI") != -1 or \
+ info.find("URL") != -1:
+ if function.find("Save") != -1 or \
+ function.find("Create") != -1 or \
+ function.find("Write") != -1 or \
+ function.find("Fetch") != -1:
+ return('fileoutput')
+ return('filepath')
if res == 'void_ptr':
if module == 'nanoftp' and name == 'ctx':
- return('xmlNanoFTPCtxtPtr')
+ return('xmlNanoFTPCtxtPtr')
if function == 'xmlNanoFTPNewCtxt' or \
- function == 'xmlNanoFTPConnectTo' or \
- function == 'xmlNanoFTPOpen':
- return('xmlNanoFTPCtxtPtr')
+ function == 'xmlNanoFTPConnectTo' or \
+ function == 'xmlNanoFTPOpen':
+ return('xmlNanoFTPCtxtPtr')
if module == 'nanohttp' and name == 'ctx':
- return('xmlNanoHTTPCtxtPtr')
- if function == 'xmlNanoHTTPMethod' or \
- function == 'xmlNanoHTTPMethodRedir' or \
- function == 'xmlNanoHTTPOpen' or \
- function == 'xmlNanoHTTPOpenRedir':
- return('xmlNanoHTTPCtxtPtr');
+ return('xmlNanoHTTPCtxtPtr')
+ if function == 'xmlNanoHTTPMethod' or \
+ function == 'xmlNanoHTTPMethodRedir' or \
+ function == 'xmlNanoHTTPOpen' or \
+ function == 'xmlNanoHTTPOpenRedir':
+ return('xmlNanoHTTPCtxtPtr');
if function == 'xmlIOHTTPOpen':
- return('xmlNanoHTTPCtxtPtr')
- if string.find(name, "data") != -1:
- return('userdata')
- if string.find(name, "user") != -1:
- return('userdata')
+ return('xmlNanoHTTPCtxtPtr')
+ if name.find("data") != -1:
+ return('userdata')
+ if name.find("user") != -1:
+ return('userdata')
if res == 'xmlDoc_ptr':
res = 'xmlDocPtr'
if res == 'xmlNode_ptr':
@@ -366,18 +366,18 @@ def type_convert(str, name, info, module, function, pos):
res = 'xmlDictPtr'
if res == 'xmlNodePtr' and pos != 0:
if (function == 'xmlAddChild' and pos == 2) or \
- (function == 'xmlAddChildList' and pos == 2) or \
+ (function == 'xmlAddChildList' and pos == 2) or \
(function == 'xmlAddNextSibling' and pos == 2) or \
(function == 'xmlAddSibling' and pos == 2) or \
(function == 'xmlDocSetRootElement' and pos == 2) or \
(function == 'xmlReplaceNode' and pos == 2) or \
(function == 'xmlTextMerge') or \
- (function == 'xmlAddPrevSibling' and pos == 2):
- return('xmlNodePtr_in');
+ (function == 'xmlAddPrevSibling' and pos == 2):
+ return('xmlNodePtr_in');
if res == 'const xmlBufferPtr':
res = 'xmlBufferPtr'
if res == 'xmlChar_ptr' and name == 'name' and \
- string.find(function, "EatName") != -1:
+ function.find("EatName") != -1:
return('eaten_name')
if res == 'void_ptr*':
res = 'void_ptr_ptr'
@@ -393,7 +393,7 @@ def type_convert(str, name, info, module, function, pos):
res = 'debug_FILE_ptr';
if res == 'int' and name == 'options':
if module == 'parser' or module == 'xmlreader':
- res = 'parseroptions'
+ res = 'parseroptions'
return res
@@ -402,28 +402,28 @@ known_param_types = []
def is_known_param_type(name):
for type in known_param_types:
if type == name:
- return 1
+ return 1
return name[-3:] == 'Ptr' or name[-4:] == '_ptr'
def generate_param_type(name, rtype):
global test
for type in known_param_types:
if type == name:
- return
+ return
for type in generated_param_types:
if type == name:
- return
+ return
if name[-3:] == 'Ptr' or name[-4:] == '_ptr':
if rtype[0:6] == 'const ':
- crtype = rtype[6:]
- else:
- crtype = rtype
+ crtype = rtype[6:]
+ else:
+ crtype = rtype
define = 0
- if modules_defines.has_key(module):
- test.write("#ifdef %s\n" % (modules_defines[module]))
- define = 1
+ if module in modules_defines:
+ test.write("#ifdef %s\n" % (modules_defines[module]))
+ define = 1
test.write("""
#define gen_nb_%s 1
static %s gen_%s(int no ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) {
@@ -433,7 +433,7 @@ static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTR
}
""" % (name, crtype, name, name, rtype))
if define == 1:
- test.write("#endif\n\n")
+ test.write("#endif\n\n")
add_generated_param_type(name)
#
@@ -445,7 +445,7 @@ known_return_types = []
def is_known_return_type(name):
for type in known_return_types:
if type == name:
- return 1
+ return 1
return 0
#
@@ -471,7 +471,7 @@ def compare_and_save():
try:
os.system("rm testapi.c; mv testapi.c.new testapi.c")
except:
- os.system("mv testapi.c.new testapi.c")
+ os.system("mv testapi.c.new testapi.c")
print("Updated testapi.c")
else:
print("Generated testapi.c is identical")
@@ -481,17 +481,17 @@ while line != "":
if line == "/* CUT HERE: everything below that line is generated */\n":
break;
if line[0:15] == "#define gen_nb_":
- type = string.split(line[15:])[0]
- known_param_types.append(type)
+ type = line[15:].split()[0]
+ known_param_types.append(type)
if line[0:19] == "static void desret_":
- type = string.split(line[19:], '(')[0]
- known_return_types.append(type)
+ type = line[19:].split('(')[0]
+ known_return_types.append(type)
test.write(line)
line = input.readline()
input.close()
if line == "":
- print "Could not find the CUT marker in testapi.c skipping generation"
+ print("Could not find the CUT marker in testapi.c skipping generation")
test.close()
sys.exit(0)
@@ -505,7 +505,7 @@ test.write("/* CUT HERE: everything below that line is generated */\n")
#
doc = libxml2.readFile(srcPref + 'doc/libxml2-api.xml', None, 0)
if doc == None:
- print "Failed to load doc/libxml2-api.xml"
+ print("Failed to load doc/libxml2-api.xml")
sys.exit(1)
ctxt = doc.xpathNewContext()
@@ -519,9 +519,9 @@ for arg in args:
mod = arg.xpathEval('string(../@file)')
func = arg.xpathEval('string(../@name)')
if (mod not in skipped_modules) and (func not in skipped_functions):
- type = arg.xpathEval('string(@type)')
- if not argtypes.has_key(type):
- argtypes[type] = func
+ type = arg.xpathEval('string(@type)')
+ if type not in argtypes:
+ argtypes[type] = func
# similarly for return types
rettypes = {}
@@ -531,8 +531,8 @@ for ret in rets:
func = ret.xpathEval('string(../@name)')
if (mod not in skipped_modules) and (func not in skipped_functions):
type = ret.xpathEval('string(@type)')
- if not rettypes.has_key(type):
- rettypes[type] = func
+ if type not in rettypes:
+ rettypes[type] = func
#
# Generate constructors and return type handling for all enums
@@ -549,49 +549,49 @@ for enum in enums:
continue;
define = 0
- if argtypes.has_key(name) and is_known_param_type(name) == 0:
- values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name)
- i = 0
- vals = []
- for value in values:
- vname = value.xpathEval('string(@name)')
- if vname == None:
- continue;
- i = i + 1
- if i >= 5:
- break;
- vals.append(vname)
- if vals == []:
- print "Didn't find any value for enum %s" % (name)
- continue
- if modules_defines.has_key(module):
- test.write("#ifdef %s\n" % (modules_defines[module]))
- define = 1
- test.write("#define gen_nb_%s %d\n" % (name, len(vals)))
- test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" %
- (name, name))
- i = 1
- for value in vals:
- test.write(" if (no == %d) return(%s);\n" % (i, value))
- i = i + 1
- test.write(""" return(0);
+ if (name in argtypes) and is_known_param_type(name) == 0:
+ values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name)
+ i = 0
+ vals = []
+ for value in values:
+ vname = value.xpathEval('string(@name)')
+ if vname == None:
+ continue;
+ i = i + 1
+ if i >= 5:
+ break;
+ vals.append(vname)
+ if vals == []:
+ print("Didn't find any value for enum %s" % (name))
+ continue
+ if module in modules_defines:
+ test.write("#ifdef %s\n" % (modules_defines[module]))
+ define = 1
+ test.write("#define gen_nb_%s %d\n" % (name, len(vals)))
+ test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" %
+ (name, name))
+ i = 1
+ for value in vals:
+ test.write(" if (no == %d) return(%s);\n" % (i, value))
+ i = i + 1
+ test.write(""" return(0);
}
static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) {
}
""" % (name, name));
- known_param_types.append(name)
+ known_param_types.append(name)
if (is_known_return_type(name) == 0) and (name in rettypes):
- if define == 0 and modules_defines.has_key(module):
- test.write("#ifdef %s\n" % (modules_defines[module]))
- define = 1
+ if define == 0 and (module in modules_defines):
+ test.write("#ifdef %s\n" % (modules_defines[module]))
+ define = 1
test.write("""static void desret_%s(%s val ATTRIBUTE_UNUSED) {
}
""" % (name, name))
- known_return_types.append(name)
+ known_return_types.append(name)
if define == 1:
test.write("#endif\n\n")
@@ -615,9 +615,9 @@ for file in headers:
# do not test deprecated APIs
#
desc = file.xpathEval('string(description)')
- if string.find(desc, 'DEPRECATED') != -1:
- print "Skipping deprecated interface %s" % name
- continue;
+ if desc.find('DEPRECATED') != -1:
+ print("Skipping deprecated interface %s" % name)
+ continue;
test.write("#include <libxml/%s.h>\n" % name)
modules.append(name)
@@ -679,7 +679,7 @@ def generate_test(module, node):
# and store the informations for the generation
#
try:
- args = node.xpathEval("arg")
+ args = node.xpathEval("arg")
except:
args = []
t_args = []
@@ -687,37 +687,37 @@ def generate_test(module, node):
for arg in args:
n = n + 1
rtype = arg.xpathEval("string(@type)")
- if rtype == 'void':
- break;
- info = arg.xpathEval("string(@info)")
- nam = arg.xpathEval("string(@name)")
+ if rtype == 'void':
+ break;
+ info = arg.xpathEval("string(@info)")
+ nam = arg.xpathEval("string(@name)")
type = type_convert(rtype, nam, info, module, name, n)
- if is_known_param_type(type) == 0:
- add_missing_type(type, name);
- no_gen = 1
+ if is_known_param_type(type) == 0:
+ add_missing_type(type, name);
+ no_gen = 1
if (type[-3:] == 'Ptr' or type[-4:] == '_ptr') and \
- rtype[0:6] == 'const ':
- crtype = rtype[6:]
- else:
- crtype = rtype
- t_args.append((nam, type, rtype, crtype, info))
+ rtype[0:6] == 'const ':
+ crtype = rtype[6:]
+ else:
+ crtype = rtype
+ t_args.append((nam, type, rtype, crtype, info))
try:
- rets = node.xpathEval("return")
+ rets = node.xpathEval("return")
except:
rets = []
t_ret = None
for ret in rets:
rtype = ret.xpathEval("string(@type)")
- info = ret.xpathEval("string(@info)")
+ info = ret.xpathEval("string(@info)")
type = type_convert(rtype, 'return', info, module, name, 0)
- if rtype == 'void':
- break
- if is_known_return_type(type) == 0:
- add_missing_type(type, name);
- no_gen = 1
- t_ret = (type, rtype, info)
- break
+ if rtype == 'void':
+ break
+ if is_known_return_type(type) == 0:
+ add_missing_type(type, name);
+ no_gen = 1
+ t_ret = (type, rtype, info)
+ break
if no_gen == 0:
for t_arg in t_args:
@@ -733,7 +733,7 @@ test_%s(void) {
if no_gen == 1:
add_missing_functions(name, module)
- test.write("""
+ test.write("""
/* missing type support */
return(test_ret);
}
@@ -742,22 +742,22 @@ test_%s(void) {
return
try:
- conds = node.xpathEval("cond")
- for cond in conds:
- test.write("#if %s\n" % (cond.get_content()))
- nb_cond = nb_cond + 1
+ conds = node.xpathEval("cond")
+ for cond in conds:
+ test.write("#if %s\n" % (cond.get_content()))
+ nb_cond = nb_cond + 1
except:
pass
define = 0
- if function_defines.has_key(name):
+ if name in function_defines:
test.write("#ifdef %s\n" % (function_defines[name]))
- define = 1
+ define = 1
# Declare the memory usage counter
no_mem = is_skipped_memcheck(name)
if no_mem == 0:
- test.write(" int mem_base;\n");
+ test.write(" int mem_base;\n");
# Declare the return value
if t_ret != None:
@@ -766,29 +766,29 @@ test_%s(void) {
# Declare the arguments
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- # add declaration
- test.write(" %s %s; /* %s */\n" % (crtype, nam, info))
- test.write(" int n_%s;\n" % (nam))
+ # add declaration
+ test.write(" %s %s; /* %s */\n" % (crtype, nam, info))
+ test.write(" int n_%s;\n" % (nam))
test.write("\n")
# Cascade loop on of each argument list of values
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- #
- test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % (
- nam, nam, type, nam))
+ #
+ test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % (
+ nam, nam, type, nam))
# log the memory usage
if no_mem == 0:
- test.write(" mem_base = xmlMemBlocks();\n");
+ test.write(" mem_base = xmlMemBlocks();\n");
# prepare the call
i = 0;
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- #
- test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i))
- i = i + 1;
+ #
+ test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i))
+ i = i + 1;
# add checks to avoid out-of-bounds array access
i = 0;
@@ -797,7 +797,7 @@ test_%s(void) {
# assume that "size", "len", and "start" parameters apply to either
# the nearest preceding or following char pointer
if type == "int" and (nam == "size" or nam == "len" or nam == "start"):
- for j in range(i - 1, -1, -1) + range(i + 1, len(t_args)):
+ for j in (*range(i - 1, -1, -1), *range(i + 1, len(t_args))):
(bnam, btype) = t_args[j][:2]
if btype == "const_char_ptr" or btype == "const_xmlChar_ptr":
test.write(
@@ -806,42 +806,42 @@ test_%s(void) {
" continue;\n"
% (bnam, nam, bnam))
break
- i = i + 1;
+ i = i + 1;
# do the call, and clanup the result
- if extra_pre_call.has_key(name):
- test.write(" %s\n"% (extra_pre_call[name]))
+ if name in extra_pre_call:
+ test.write(" %s\n"% (extra_pre_call[name]))
if t_ret != None:
- test.write("\n ret_val = %s(" % (name))
- need = 0
- for arg in t_args:
- (nam, type, rtype, crtype, info) = arg
- if need:
- test.write(", ")
- else:
- need = 1
- if rtype != crtype:
- test.write("(%s)" % rtype)
- test.write("%s" % nam);
- test.write(");\n")
- if extra_post_call.has_key(name):
- test.write(" %s\n"% (extra_post_call[name]))
- test.write(" desret_%s(ret_val);\n" % t_ret[0])
+ test.write("\n ret_val = %s(" % (name))
+ need = 0
+ for arg in t_args:
+ (nam, type, rtype, crtype, info) = arg
+ if need:
+ test.write(", ")
+ else:
+ need = 1
+ if rtype != crtype:
+ test.write("(%s)" % rtype)
+ test.write("%s" % nam);
+ test.write(");\n")
+ if name in extra_post_call:
+ test.write(" %s\n"% (extra_post_call[name]))
+ test.write(" desret_%s(ret_val);\n" % t_ret[0])
else:
- test.write("\n %s(" % (name));
- need = 0;
- for arg in t_args:
- (nam, type, rtype, crtype, info) = arg;
- if need:
- test.write(", ")
- else:
- need = 1
- if rtype != crtype:
- test.write("(%s)" % rtype)
- test.write("%s" % nam)
- test.write(");\n")
- if extra_post_call.has_key(name):
- test.write(" %s\n"% (extra_post_call[name]))
+ test.write("\n %s(" % (name));
+ need = 0;
+ for arg in t_args:
+ (nam, type, rtype, crtype, info) = arg;
+ if need:
+ test.write(", ")
+ else:
+ need = 1
+ if rtype != crtype:
+ test.write("(%s)" % rtype)
+ test.write("%s" % nam)
+ test.write(");\n")
+ if name in extra_post_call:
+ test.write(" %s\n"% (extra_post_call[name]))
test.write(" call_tests++;\n");
@@ -849,32 +849,32 @@ test_%s(void) {
i = 0;
for arg in t_args:
(nam, type, rtype, crtype, info) = arg;
- # This is a hack to prevent generating a destructor for the
- # 'input' argument in xmlTextReaderSetup. There should be
- # a better, more generic way to do this!
- if string.find(info, 'destroy') == -1:
- test.write(" des_%s(n_%s, " % (type, nam))
- if rtype != crtype:
- test.write("(%s)" % rtype)
- test.write("%s, %d);\n" % (nam, i))
- i = i + 1;
+ # This is a hack to prevent generating a destructor for the
+ # 'input' argument in xmlTextReaderSetup. There should be
+ # a better, more generic way to do this!
+ if info.find('destroy') == -1:
+ test.write(" des_%s(n_%s, " % (type, nam))
+ if rtype != crtype:
+ test.write("(%s)" % rtype)
+ test.write("%s, %d);\n" % (nam, i))
+ i = i + 1;
test.write(" xmlResetLastError();\n");
# Check the memory usage
if no_mem == 0:
- test.write(""" if (mem_base != xmlMemBlocks()) {
+ test.write(""" if (mem_base != xmlMemBlocks()) {
printf("Leak of %%d blocks found in %s",
- xmlMemBlocks() - mem_base);
- test_ret++;
+\t xmlMemBlocks() - mem_base);
+\t test_ret++;
""" % (name));
- for arg in t_args:
- (nam, type, rtype, crtype, info) = arg;
- test.write(""" printf(" %%d", n_%s);\n""" % (nam))
- test.write(""" printf("\\n");\n""")
- test.write(" }\n")
+ for arg in t_args:
+ (nam, type, rtype, crtype, info) = arg;
+ test.write(""" printf(" %%d", n_%s);\n""" % (nam))
+ test.write(""" printf("\\n");\n""")
+ test.write(" }\n")
for arg in t_args:
- test.write(" }\n")
+ test.write(" }\n")
test.write(" function_tests++;\n")
#
@@ -882,7 +882,7 @@ test_%s(void) {
#
while nb_cond > 0:
test.write("#endif\n")
- nb_cond = nb_cond -1
+ nb_cond = nb_cond -1
if define == 1:
test.write("#endif\n")
@@ -900,10 +900,10 @@ test_%s(void) {
for module in modules:
# gather all the functions exported by that module
try:
- functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module))
+ functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module))
except:
- print "Failed to gather functions from module %s" % (module)
- continue;
+ print("Failed to gather functions from module %s" % (module))
+ continue;
# iterate over all functions in the module generating the test
i = 0
@@ -923,14 +923,14 @@ test_%s(void) {
# iterate over all functions in the module generating the call
for function in functions:
name = function.xpathEval('string(@name)')
- if is_skipped_function(name):
- continue
- test.write(" test_ret += test_%s();\n" % (name))
+ if is_skipped_function(name):
+ continue
+ test.write(" test_ret += test_%s();\n" % (name))
# footer
test.write("""
if (test_ret != 0)
- printf("Module %s: %%d errors\\n", test_ret);
+\tprintf("Module %s: %%d errors\\n", test_ret);
return(test_ret);
}
""" % (module))
@@ -948,7 +948,7 @@ test.write(""" return(0);
}
""");
-print "Generated test for %d modules and %d functions" %(len(modules), nb_tests)
+print("Generated test for %d modules and %d functions" %(len(modules), nb_tests))
compare_and_save()
@@ -960,11 +960,8 @@ for missing in missing_types.keys():
n = len(missing_types[missing])
missing_list.append((n, missing))
-def compare_missing(a, b):
- return b[0] - a[0]
-
-missing_list.sort(compare_missing)
-print "Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list))
+missing_list.sort(key=lambda a: a[0])
+print("Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list)))
lst = open("missing.lst", "w")
lst.write("Missing support for %d types" % (len(missing_list)))
lst.write("\n")
@@ -974,9 +971,9 @@ for miss in missing_list:
for n in missing_types[miss[1]]:
i = i + 1
if i > 5:
- lst.write(" ...")
- break
- lst.write(" %s" % (n))
+ lst.write(" ...")
+ break
+ lst.write(" %s" % (n))
lst.write("\n")
lst.write("\n")
lst.write("\n")

View File

@@ -0,0 +1,89 @@
From c1ba6f54d32b707ca6d91cb3257ce9de82876b6f Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 15 Aug 2020 18:32:29 +0200
Subject: [PATCH] Revert "Do not URI escape in server side includes"
This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
This commit introduced
- an infinite loop, found by OSS-Fuzz, which could be easily fixed.
- an algorithm with quadratic runtime
- a security issue, see
https://bugzilla.gnome.org/show_bug.cgi?id=769760
A better approach is to add an option not to escape URLs at all
which libxml2 should have possibly done in the first place.
CVE: CVE-2016-3709
Upstream-Status: Backport [https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f]
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
---
HTMLtree.c | 49 +++++++++++--------------------------------------
1 file changed, 11 insertions(+), 38 deletions(-)
diff --git a/HTMLtree.c b/HTMLtree.c
index 8d236bb35..cdb7f86a6 100644
--- a/HTMLtree.c
+++ b/HTMLtree.c
@@ -706,49 +706,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
(!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
(!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
+ xmlChar *escaped;
xmlChar *tmp = value;
- /* xmlURIEscapeStr() escapes '"' so it can be safely used. */
- xmlBufCCat(buf->buffer, "\"");
while (IS_BLANK_CH(*tmp)) tmp++;
- /* URI Escape everything, except server side includes. */
- for ( ; ; ) {
- xmlChar *escaped;
- xmlChar endChar;
- xmlChar *end = NULL;
- xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
- if (start != NULL) {
- end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
- if (end != NULL) {
- *start = '\0';
- }
- }
-
- /* Escape the whole string, or until start (set to '\0'). */
- escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
- if (escaped != NULL) {
- xmlBufCat(buf->buffer, escaped);
- xmlFree(escaped);
- } else {
- xmlBufCat(buf->buffer, tmp);
- }
-
- if (end == NULL) { /* Everything has been written. */
- break;
- }
-
- /* Do not escape anything within server side includes. */
- *start = '<'; /* Restore the first character of "<!--". */
- end += 3; /* strlen("-->") */
- endChar = *end;
- *end = '\0';
- xmlBufCat(buf->buffer, start);
- *end = endChar;
- tmp = end;
+ /*
+ * the < and > have already been escaped at the entity level
+ * And doing so here breaks server side includes
+ */
+ escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
+ if (escaped != NULL) {
+ xmlBufWriteQuotedString(buf->buffer, escaped);
+ xmlFree(escaped);
+ } else {
+ xmlBufWriteQuotedString(buf->buffer, value);
}
-
- xmlBufCCat(buf->buffer, "\"");
} else {
xmlBufWriteQuotedString(buf->buffer, value);
}

Some files were not shown because too many files have changed in this diff Show More