Compare commits

..

210 Commits

Author SHA1 Message Date
Richard Purdie
11f05ffddd build-appliance-image: Update to dunfell head revision
(From OE-Core rev: efb1a73a13907bed3acac8e06053aef3e2ef57f5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:43 +00:00
Ming Liu
9fbfbf002e linux: inherit pkgconfig in kernel.bbclass
pkgconfig is being required to find dependencies for building kernel
native tools, move "inherit pkgconfig" to kernel.bbclass so BSP kernel
recipes can also benefit from it.

(From OE-Core rev: a5e62888768be641d5da00fd847e0cac96820c75)

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8a84bd98e3fbc16c782f83064801e469d086911e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:24 +00:00
Ross Burton
6b2a22bc7b vim: add missing pkgconfig inherit
Vim uses pkgconfig to find dependencies but it wasn't present, so it
silently doesn't enable features like GTK+ UI.

[ YOCTO #15044 ]

(From OE-Core rev: c84f0822e7cffc62e2f042bf9d2e424f85f74ecd)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70900616298f5e70732a34e7406e585e323479ed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:24 +00:00
Richard Purdie
10108d0ebf oeqa/selftest/prservice: Improve debug output for failure
We keep seeing this failure on the autobuilder but the output amounts
to "False is not True". Improve the debug message on the chance it may
make the issue clearer.

(From OE-Core rev: 68d3766c37e4b3a1b49dc27226b2513e3b0db9a9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d03f4cf19c2cc96e9d942252a451521dfec42ebc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:23 +00:00
Ross Burton
ba90fb0f3d shadow: ignore CVE-2016-15024
This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.

(From OE-Core rev: 9d5a05c27a01b3859eae70590ba7dd836abe2719)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2331e98abb09cbcd56625d65c4e5d258dc29dd04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:23 +00:00
Siddharth Doshi
1982d0cc7c harfbuzz: Security fix for CVE-2023-25193
Upstream-Status: Backport from [8708b9e081]
(From OE-Core rev: c22bbe9b45e38601b89138999dd157fad8513262)

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:23 +00:00
Vivek Kumbhar
3acc83f91a gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code
Remove branching that depends on secret data.

since the `ok` variable isn't used any more, we can remove all code
used to calculate it

(From OE-Core rev: 5b8a3601ebff7a0cdfaa50d7a0b5e384a7e2514c)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-15 23:09:23 +00:00
Peter Kjellerstedt
2a1cf26ba4 devshell: Do not add scripts/git-intercept to PATH
The use of scripts/git-intercept was introduced in commit 3266c327df
(install/devshell: Introduce git intercept script due to fakeroot
issues) and later reverted in commit af27c81eaf (scripts: Make git
intercept global).

(From OE-Core rev: 51424b9955374196307aaf73cf4b6c184ce4fb6d)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f6c260c8e2a33e282a35afc99de4ef8cc1791b08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Mauro Queiros
9ab9e48d36 image.bbclass: print all QA functions exceptions
For the QA checks in `image.bbclass`, all exceptions
other than `oe.utils.ImageQAFailed` always print the
following generic message:
"Image QA function func_name failed"

This can be very misleading, as it may hide
python syntax errors and other kind of issues that are
hard to detect without more explicit error messages.

This change makes sure that the error message of all
exceptions are displayed.

Before this change:
 "Image QA function func_name failed"

After this change:
 "Image QA function func_name failed: f-string: empty expression not allowed (<string>, line 13)"

(From OE-Core rev: c4e3b86f2bcb2b445efc72bd8e06b1b89d88daa2)

Signed-off-by: Mauro Queiros <maurofrqueiros@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d85b30d8704d38b86f5b006748cebc74bd2a4fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Ulrich Ölmann
a2147d6d27 kernel-yocto: fix kernel-meta data detection
Fixes: 7ef7af5c03ba ("kernel-yocto: restore kernel-meta data detection for SRC_URI elements")
(From OE-Core rev: 4533e8363549f87a0484d7c0a43a162c918f33bc)

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c77754f23e3fb49a62602a6c6a04d5525d1cf457)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Virendra Thakur
e2b5de2c77 gcc: Fix inconsistent noexcept specifier for valarray in libstdc++
Backport of gcc upstream commit 2b2d97fc545635a0f6aa9c9ee3b017394bc494bf
to gcc release 9.5.0. This fix is available to all release-branches
except releases/gcc-9 because upstream do not support gcc-9 now.

(From OE-Core rev: 9779b66162a014f26594bdde43afdc4332617240)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Hugo SIMELIERE
144748fed8 openssl: upgrade 1.1.1s to 1.1.1t
Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
* Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
* Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
* Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)

(From OE-Core rev: 22de5ecae3ebb04a4bab05010c04b205c52ee888)

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Alexander Kanavin
507f16e1bc apr-util: update 1.6.1 -> 1.6.3
Changes with APR-util 1.6.3

  *) Correct a packaging issue in 1.6.2. The contents of the release were
     correct, but the top level directory was misnamed.

Changes with APR-util 1.6.2

  *) SECURITY: CVE-2022-25147 (cve.mitre.org)
     Integer Overflow or Wraparound vulnerability in apr_base64 functions
     of Apache Portable Runtime Utility (APR-util) allows an attacker to
     write beyond bounds of a buffer.

  *) Teach configure how to find and build against MariaDB 10.2. PR 61517
     [Kris Karas <bugs-a17 moonlit-rail.com>]

  *) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
     prevented commoncrypto being enabled. [Graham Leggett]

  *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]

  *) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
     apr_dbm_gdbm will now also return error codes starting with
     APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
     returning APR_EGENERAL. [Stefan Fritsch]

Drop backport.

(From OE-Core rev: 9eb027bebb19bfb0fb136169e865ca269890fa6f)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dca707f9fecc805503e17f6db3e4c88069ac0125)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 43cd36b178ebb602edd5919c26f8b8642736a3a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit e24b38a14b3520648ec418783fb74fcf61df7ff2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Richard Purdie
e0059335fb apr-util: Fix CFLAGS used in build
We need to use CFLAGS with the correct WORKDIR in them, replace those
in the sysroot file with the ones appropriate to the current recipe.

(From OE-Core rev: 92fb7261a1c7ebe6330832a9a71d1bed82c85a6a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45edf189961aff1858be9bb7b63116073c0a0c10)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Alexander Kanavin
75022804d8 apr: update 1.7.0 -> 1.7.2
Changes for APR 1.7.2

  *) Correct a packaging issue in 1.7.1. The contents of the release were
     correct, but the top level directory was misnamed.

Changes for APR 1.7.1

  *) SECURITY: CVE-2022-24963 (cve.mitre.org)
     Integer Overflow or Wraparound vulnerability in apr_encode functions of
     Apache Portable Runtime (APR) allows an attacker to write beyond bounds
     of a buffer.

  *) SECURITY: CVE-2022-28331 (cve.mitre.org)
     On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
     the end of a stack based buffer in apr_socket_sendv(). This is a result
     of integer overflow.

  *) SECURITY: CVE-2021-35940 (cve.mitre.org)
     Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
     (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
     later 1.6.x releases, but was missing in 1.7.0.)  [Stefan Sperling]

  *) configure: Fix various build issues for compilers enforcing
     strict C99 compliance.  PR 66396, 66408, 66426.
     [Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]

  *) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]

  *) configure: Prefer posix name-based shared memory over SysV IPC.
     [Jim Jagielski]

  *) configure: Add --disable-sctp argument to forcibly disable SCTP
     support, or --enable-sctp which fails if SCTP support is not
     detected.  [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]

  *) Fix handle leak in the Win32 apr_uid_current implementation.
     PR 61165. [Ivan Zhakov]

  *) Add error handling for lseek() failures in apr_file_write() and
     apr_file_writev().  [Joe Orton]

  *) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
     to avoid a fd and inode leak when/if later passed to apr_file_setaside().
     [Yann Ylavic]

  *) APR's configure script uses AC_TRY_RUN to detect whether the return type
     of strerror_r is int. When cross-compiling this defaults to no.

     This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
     influence the outcome with a configure variable. [Sebastian Kemper
     <sebastian_ml gmx net>]

  *) Add a cache check with which users who cross-compile APR
     can influence the outcome of the /dev/zero test by setting the variable
     ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]

  *) Trick autoconf into printing the correct default prefix in the help.
     [Stefan Fritsch]

  *) Don't try to use PROC_PTHREAD by default when cross compiling.
     [Yann Ylavic]

  *) Add the ability to cross compile APR. [Graham Leggett]

  *) While cross-compiling, the tools/gen_test_char could not
     be executed at build time, use AX_PROG_CC_FOR_BUILD to
     build native tools/gen_test_char

     Support explicit libtool by variable assigning before buildcheck.sh,
     it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
     [Hongxu Jia <hongxu.jia windriver.com>]

  *) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
     <r... hjortskov.dk>]

  *) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
     [Mike Frysinger <vapier gentoo.org>]

  *) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]

  *) apr_pools: Fix pool debugging output so that creation events are
     always emitted before allocation events and subpool destruction
     events are emitted on pool clear/destroy for proper accounting.
     [Brane Čibej]

  *) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
     [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]

  *) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10

  *) Fix attempt to free invalid memory on exit when apr_app is used
     on Windows. [Ivan Zhakov]

  *) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]

  *) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]

Dropped patches have all been merged, addressed separately or are backports.

(From OE-Core rev: 013633b9f4b7dff2616c6d2e59e4d8118e3ce51f)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ffae93f24bb1e3954b232099153fd059cfd7daf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit a308e10ef4ad9e097b025f009866eae178259781)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Khem Raj
818ad186ae apr: Cache configure tests which use AC_TRY_RUN
AC_TRY_RUN macro means the test needs to run to find the result and we
are cross compiling so this will always get wrong results, this results
in miscompiling apache2 on musl because it disables rlimit
(ac_cv_struct_rlimit) wrongly.

All these variables are determined with AC_TRY_RUN checks

(From OE-Core rev: 104c9ddf7a5323e5193c611b98b3e7465157aecd)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Khem Raj
1904daa987 apr: Use correct strerror_r implementation based on libc type
musl does not implement GNU extention of strerror_r but XSI compliant
version, therefore add it via a packageconfig to set right variables
during configure to cache the value.

configure detection logic depends on runtime test which will always be
wrong on cross compiles therefore backport a patch to make it possible
to cache the needed configure variable.

(From OE-Core rev: 993cfeaefa73e3b82cf15db78584e5f9b9f86ddf)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ded3d76a844dd1aef9ac610fbe506bf76285369b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Richard Purdie
c86b92df02 apr: Fix to work with autoconf 2.70
Fix an issue with autoconf 2.70 where duplicate macro includes
caused configure failures.

(From OE-Core rev: 41121149212b3684991a62261c17a45afd50bb83)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
(cherry picked from commit 4e5d7c86a8a5e752df451d988861a86236e8c8ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Alexander Kanavin
76b5620df7 wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
(From OE-Core rev: a9a7c73b2b2b584b80f3a70029d1c5ce5fd6784f)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a8e8ea1b4b100b6f0ba5ca9441a8f3f1ac31fbfd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Alexander Kanavin
d47b9fe7c8 linux-firmware: upgrade 20230117 -> 20230210
License-Update: additional firmwares

(From OE-Core rev: f19ceec135e6afd2a31367a28744eb413b3d2e42)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8e6134d39b840d96e1c37d3df21a522afea8bc76)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Dmitry Baryshkov
4c78aab891 linux-firmware: add yamato fw files to qcom-adreno-a2xx package
Newest linux-firmware release got firmware for Adreno A200. Add these
two files to the ${PN}-qcom-adreno-a2xx package. As these files are
licensed under a separate BSD-3-Clause license, add separate license
package too.

(From OE-Core rev: 420c41b9560574b10aa56fbe073509c56adda93e)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 56e1b2b06ef7f22d4ac5899046f650ae8ec0d547)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Dmitry Baryshkov
d20a4df83b linux-firmware: properly set license for all Qualcomm firmware
It is not enough to depend on the ${PN}-qcom-license package. Set
LICENSE variable for all the qcom packages to point to the proper
license.

(From OE-Core rev: 2cb8f5efb99df37c8e2103ecdc7f482ee129650a)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9dc41e18dc138a7cce920f8e4c85eb3130c0d553)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Alexander Kanavin
139406c025 linux-firmware: upgrade 20221214 -> 20230117
License-Update: additional firmwares, copyright years

(From OE-Core rev: 4cfe4c03904cb313d5cfbb6739cd9964a61c5fa0)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fdb8c12fc71b4a985372f5d02ce59a1402c14c4a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Alexander Kanavin
1231009682 vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
(From OE-Core rev: ea88ec38aa0e42b8c45e300e69dae7c2f7a13299)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d77dbe499ee362b6e28902f1efcf52b961037a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Rodolfo Quesada Zumbado
aa673e1427 tar: CVE-2022-48303
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303

Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8

(From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b)

(From OE-Core rev: af77a413db59863a898c32dc7536b680473ae9c5)

Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a00f15354)

Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Shubham Kulkarni
770bb4a64a glibc: Security fix for CVE-2023-0687
Backport from https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc

(From OE-Core rev: d7c7e9acd5b5699e4a0c2c7f2664cce7a5a08641)

Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Hugo SIMELIERE
d7fa5a35aa bluez5: Exclude CVE-2022-39177 from cve-check
CVE already fixed in CVE-2022-39176.patch

(From OE-Core rev: 27c59788ce8b97666429981104d9e5d38634230e)

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Vijay Anusuri
7b9f7437ed git: Security fix for CVE-2022-41903
Upstream-Status: Backport from https://github.com/git/git/commit/a244dc5b & https://github.com/git/git/commit/81dc898d &
			       https://github.com/git/git/commit/b49f309a & https://github.com/git/git/commit/f6e0b9f3 &
			       https://github.com/git/git/commit/1de69c0c & https://github.com/git/git/commit/48050c42 &
			       https://github.com/git/git/commit/522cc87f & https://github.com/git/git/commit/17d23e8a &
			       https://github.com/git/git/commit/937b71cc & https://github.com/git/git/commit/81c2d4c3 &
			       https://github.com/git/git/commit/f930a239 & https://github.com/git/git/commit/304a50ad

(From OE-Core rev: d591ac4dfeff7b69086a47c7e88a8127f1d31299)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Chee Yang Lee
c35692c6eb tiff: fix multiple CVEs
import patches from debian
http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz

fix multiple CVEs:
CVE-2022-3570
CVE-2022-3597
CVE-2022-3598
CVE-2022-3599
CVE-2022-3626
CVE-2022-3627
CVE-2022-3970
CVE-2022-48281
CVE-2023-0795
CVE-2023-0796
CVE-2023-0797
CVE-2023-0798
CVE-2023-0799
CVE-2023-0800
CVE-2023-0801
CVE-2023-0802
CVE-2023-0803
CVE-2023-0804

(From OE-Core rev: a6859c967e6e0079dd197fc36844b862938f4eed)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Hitendra Prajapati
9fa2eba749 curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response
Upstream-Status: Backport from 4f20188ac6

(From OE-Core rev: e172a9d7dc92561e26b8ec7ff11d4c598dcaf5c8)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
Steve Sakoman
f1dbb005c8 poky.conf: bump version for 3.1.24
(From meta-yocto rev: 8485f6da8c49c7a8cd1d768facf3ff3b746f3b49)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:58:11 +00:00
Steve Sakoman
1a96c7537f documentation: update for 3.1.24
(From yocto-docs rev: f4ef0e9c695207bde309434191b5d6d82149683c)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 07:29:20 +00:00
Antonin Godard
7618011039 busybox: rm temporary files if do_compile was interrupted
To avoid working with undeterministic config files, remove all the
temporary files to start from scratch.

(From OE-Core rev: a3f31997c633e8476bad68c81fac0dcd0750c7d4)

Signed-off-by: Antonin Godard <antoningodard@pm.me>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Antonin Godard
b4802e2fdb busybox: always start do_compile with orig config files
When compiling busybox a second time (e.g. with `compile -f`), busybox
can use an altered autoconf.h file for compiling, which can ultimately
produces different and unwanted binaries.

This can produce errors like this one:

ERROR: busybox-1.35.0-r0 do_package: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
     0001:
 *** 0002:ptest_update_alternatives(d)
     0003:
File: '…/poky/meta/classes/ptest.bbclass', lineno: 100, function: ptest_update_alternatives
     0096:        for alt_name, alt_link, alt_target, _ in alternatives:
     0097:            # Some alternatives are for man pages,
     0098:            # check if the alternative is in PATH
     0099:            if os.path.dirname(alt_link) in bin_paths:
 *** 0100:                os.symlink(alt_target, os.path.join(ptest_bindir, alt_name))
     0101:}
     0102:
     0103:do_configure_ptest_base[dirs] = "${B}"
     0104:do_compile_ptest_base[dirs] = "${B}"
Exception: FileExistsError: [Errno 17] File exists: '/bin/busybox.suid' -> '…/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'

This happens because ALTERNATIVE:busybox contains `/bin/login` twice,
initially that's because `/bin/login` is present in both
busybox.links.suid and busybox.links.nosuid. The reason for that is
because of the altered autoconf.h.

Steps to reproduce above error:

<add ptest to distro configs>
bitbake busybox -c clean
bitbake busybox -c package -f
bitbake busybox -c compile -f
bitbake busybox -c package -f

This patch guards against potential bugs by:

- making a backup of .config and autoconf.h that have matching
  timestamps.
- make sure do_compile always starts with these files.
- restore .config and autoconf.h at the end of do_compile.

(From OE-Core rev: 7ef76eaf5b68d52afdc4292bbe20309e29bb464a)

Signed-off-by: Antonin Godard <antoningodard@pm.me>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Mikko Rapeli
0d3339a23a oeqa context.py: fix --target-ip comment to include ssh port number
Providing ssh port number is supported too with
"--target-ip 192.168.0.10:22".

(From OE-Core rev: 4a9bf2d4693fd9e6eb2186a39e50c7e1630fb823)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 637919b9df0abc06da5b2f9b389cf25376bd6b7c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Richard Purdie
3d32267b52 libc-locale: Fix on target locale generation
If on target locale generation is used, it fails at first boot showing
errors about a missing directory. Ensure the directory exists.

(From OE-Core rev: 63141bd8c19285bbef33f3d32a89ca127da0c658)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f2844c9f1bbb729562063d96a3d1cc9d44dafa0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Martin Jansa
9d8cb501f7 meta: remove True option to getVar and getVarFlag calls (again)
* True is default since 2016 and most layers were already updated
  not to pass this parameter where not necessary, e.g. oe-core was
  updated couple times, first in:
  https://git.openembedded.org/openembedded-core/commit/?id=7c552996597faaee2fbee185b250c0ee30ea3b5f

  Updated with the same regexp as later oe-core update:
  https://git.openembedded.org/openembedded-core/commit/?id=9f551d588693328e4d99d33be94f26684eafcaba

  with small modification to replace not only d.getVar, but also data.getVar as in e.g.:
  e.data.getVar('ERR_REPORT_USERNAME', True)

  and for getVarFlag:
  sed -e 's|\(d\.getVarFlag \?\)( \?\([^,()]*, \?[^,()]*\), \?True)|\1(\2)|g' \
      -i $(git grep -E 'getVarFlag ?\( ?([^,()]*), ?([^,()]*), ?True\)' \
          | cut -d':' -f1 \
          | sort -u)

(From OE-Core rev: 4ec04d14899cb7725ce908e3ef6302838275f0a8)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 26c74fd10614582e177437608908eb43688ab510)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 24a86d0c55ee89ae0dc77975e1d0ee02898d2289)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit de7bf6689a19dc614ce4b39c84ffd825bee1b962)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Alexander Kanavin
59bfcd7299 oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
This does not actually guarantee that the child runqemu process has completely exited:
poll() may return prematurely while the SIGTERM handler in runqemu is still running.
This thwarts the rest of the processing, and may terminate the handler before
it completes.

Use Popen.communicate() instead: this is what python documentation recommends as well:
https://docs.python.org/3/library/subprocess.html#subprocess.Popen.communicate

(From OE-Core rev: 3793662bcfdab230d7b98bde2bc6757949b0aca0)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd3e55606c427287f37585c5d7cde936471e52f4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Richard Purdie
c3fb76fc72 make-mod-scripts: Ensure kernel build output is deterministic
The definitions in linux-kernel-base are needed to ensure the generated headers
are consistent. This was a small step that was missing from the previous
changes to linux-kernel-base as both kernel-devsrc and make-mod-scripts
need this information defined consistently.

(From OE-Core rev: 85cb9212a85e32715209705a29c6928b368d87c7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0d79d4883f924cef0d0ba361506ad75d441b9721)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Pawel Zalewski
b4675ad33f classes/fs-uuid: Fix command output decoding issue
The default return value from subprocess.check_output is an encoded byte.
The applied fix will decode the value to a string.

(From OE-Core rev: 622fea338a0c43f95185469b54cc72c545b73100)

Signed-off-by: Pawel Zalewski <pzalewski@thegoodpenguin.co.uk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 046769fa952a511865c416b80d10af6287147fb7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Ross Burton
3f4da8c618 git: ignore CVE-2022-41953
This is specific to Git-for-Windows.

(From OE-Core rev: dfb042a6159d128aa4ee8d899c447cf33a2be7ae)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8849af809e0213d43e18e5d01067eeeb61b330d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Ross Burton
358c909fc7 quilt: use upstreamed faildiff.test fix
(From OE-Core rev: 444494290c349d481a164b865ef97db7f84ffd44)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50b81a263187af4452d3b99967bffd01c6ddb476)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Ross Burton
1d3f2be1e6 quilt: fix intermittent failure in faildiff.test
This test assumes that if a child process writes one line to stderr and
then another line to stdout, and stderr is redirected to stdout, that
the order the lines will be read is stable.

This isn't the case and occasionally the lines will be read in a
different order.  Change the test to ignore line ordering.

[ YOCTO #14469 ]

(From OE-Core rev: 2c9fe8c3bb1cc1883c7bd445d019b2107e85ab2b)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1ddbe4d2bd8d8da10dac8a054f130fcd1d242219)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Richard Purdie
e22da98e79 nativesdk: Handle chown/chgrp calls in nativesdk do_install tasks
We disable the useradd code for nativesdk targets since we don't support
postinstalls or multiple users in those cases. This means any usage
of chown/chgrp inside do_install tasks won't work and would have to be
conditional. Rather than require all recipes to do that, add intercepts
of the calls and map those to root/root user/groups. We can't just ignore
them as some calls are used to remove host contamination from the host
user ID so they need to be made, just as root.

(From OE-Core rev: a05c116c517e0700837c335d0691c3fcc4462dda)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1f40670c438e33cae87678425de72ca03566888)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Hitendra Prajapati
580df9b4c4 git: CVE-2022-23521 gitattributes parsing integer overflow
Backport from:

eb22e7dfa2
8d0d48cf21
2455720950
34ace8bad0
447ac906e1
e1e12e97ac
a60a66e409
d74b1fd54f
dfa6b32b5e
3c50032ff5

(From OE-Core rev: 4f4baa56656291b259b9474a3637cf31f6569ff3)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Omkar Patil
50108e2180 sudo: Fix CVE-2023-22809
Add CVE-2023-22809.patch to fix CVE-2023-22809.

(From OE-Core rev: 186a5ab41927e6be0920e03e743f32ae4477c58e)

Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:42 +00:00
Vivek Kumbhar
3c3039aac4 qemu: fix CVE-2021-3929 nvme DMA reentrancy issue leads to use-after-free
(From OE-Core rev: 18056190f72eef9a44397cd87d79022dd2a9d4e3)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:41 +00:00
Steve Sakoman
4853705635 qemu: Fix slirp determinism issue
Add a PACKAGECONFIG option for slirp, defaulting to internal. This avoids
the presence of libslirp on the host causing qemu to link against that
instead breaking reproducibility and usability of the binary on hosts
where the library isn't present.

We need to add it to PACKAGECONFIG by default since users do expect slirp
to be enabled in the wider community.

Note: qemu version 4.2.0 doesn't support an "internal" option for
enable-slirp, so use "git" instead which uses the same configure
code path, avoids host libslirp contamination and forces use of the
qemu internal slirp implementation.

(From OE-Core rev: e5dc03e4a3b71ff144896a8ce56a34b8677e8e27)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a9a64132bf5ecac9d611d29751226a466c4a2c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-24 16:41:41 +00:00
Steve Sakoman
c58bdcd15c ref-system-requirements.rst: add AlmaLinux 8.7 to list of supported distros
(From yocto-docs rev: 777db2fff5170b20b8d163c90a427bce208cbeb0)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-23 08:16:59 +00:00
Steve Sakoman
ba201fc313 ref-system-requirements.rst: add Fedora 35, Fedora 36, and Ubuntu 22.04 to list of supported distros
(From yocto-docs rev: b397ad83b63d3c6f4133227c5f338d7be93b6c4e)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-23 08:16:59 +00:00
Steve Sakoman
d160225d21 poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
The autobuilder workers change over time, update the sanity testing list
to match the current autobuilder workers OS list.

(From meta-yocto rev: ddce0c8b95d89b6a380b01299f118f7c5a47dc47)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 11:22:28 +00:00
Richard Purdie
86e2430d3f bitbake: cooker: Drop sre_constants usage
As reported by Martin Jansa <Martin.Jansa@gmail.com>:

bitbake/lib/bb/cooker.py:16: DeprecationWarning: module 'sre_constants' is deprecated
  import sre_constants

it's deprecated since 3.11 with:

  https://github.com/python/cpython/issues/91308

The correct replacement for our usage is re.error so use that instead.

(Bitbake rev: a4cd5b0b4b355b7b75fb48c61289700e3e908b2a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:33 +00:00
Richard Purdie
bf604a8fa8 bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
We have to prefer one multiconfig over another when deferring tasks, else
we'll have cross-linked build trees and nothing will be able to build.

In the original population code, we sort like this but we don't after
rehashing. Ensure we have the same sorting after rehashing toa void
deadlocks.

(Bitbake rev: 657940c7c2a9dea4963a5063e4bf900d6b454903)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27228c7f026acb8ae9e1211d0486ffb7338123a2)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:33 +00:00
Richard Purdie
f6899f9b94 bitbake: runqueue: Fix issues with multiconfig deferred task deadlock messages
In multiconfig builds with large numbers of identical tasks, builds were
deadlocking after recent runqueue changes upon rebuilds where there was
heavy sstate usage (i.e. on second builds after a first completed).

The issue was that deferred tasks were being left indefinitely on
the deferred list. The deadlock handler was then "breaking" things
by failing tasks that had already succeeded, leading to the task
being on both covered and not covered lists, giving a further error.

The fix is to clean up the deferred task list when each setscene task
completes. I'd previously been hoping to avoid iterating that list
but it appears unavoidable.

[YOCTO #14342]

(Bitbake rev: 03cf0d9fedfef1ae43b3c3cac07710487857af36)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae24a0f2d2d8b4b5ec10efabd0e9362e560832ea)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:33 +00:00
Richard Purdie
3c76d0ad71 bitbake: runqueue: Avoid deadlock avoidance task graph corruption
If the deferred task deadlock avoidance code triggers, it could mark an executed
task as failed which leads to "covered and not covered" error messages. Improve
the logic so if the deadlock code is triggered, it doesn't cause the errors.

(Bitbake rev: 2e1354525217505ce34fe775ee6ec8af46ff5324)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51bdd6cb3bd9e2c02e261fb578bb945b86b82c75)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:33 +00:00
Richard Purdie
826011d497 bitbake: runqueue: Improve multiconfig deferred task issues
The previous patches have exposed new issues with this code path,
the issues being around what should happen when the hash of a task
changes and the task is or is not on the deferred task list.

Rather than rebuilding the deferred task list during each rehash
event, build it once at the start of a build. This avoids the problem
of tasks being added back after they have run and also avoids problems
of always ensuring the same task is deferred. It also allows the
'outrightfail' codepath to be handled separately as the conditions
are subtly differnt.

One significant win for the new approch is the build is not continually
printing out lists of deferred tasks, that list remains fairly static
from the start of the build. Logic is added in to ensure a rehashed
task with a hash matching other deferred tasks is deferred along with
them as a small optimization.

An interesting test case for this code was reported by Mark Hatle
with four multiconfigs, each the same apart from TMPDIR and running a
build of:

bitbake buildtools-tarball mc:{one,two,three,four}:core-image-minimal

which is interesting in that the build of buildtools partially overlaps
core-image-minimal and the build has a rehash event for qemuwrapper-cross
even without any external hash equivalence server or preexisting data.

(Bitbake rev: 4316e9f60ce5fd250a16586a1772dcc0adfeb932)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb424e0a6d274d398f434f7df63951da9ce305b3)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:33 +00:00
Richard Purdie
0922cef2f4 bitbake: runqueue: Handle deferred task rehashing in multiconfig builds
If the hash of a task changes and that hash is a deferred task (e.g. a multiconfig
build), we need to ensure that the hash change propagates through to all the tasks
else the build will run multiple copies of the task, sometimes with oddly differing
results as the outhashes of native tasks built in differing locations can confuse
things.

(Bitbake rev: 01936b4dd8e680f1f8035ff2d6231673f61efeab)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2db571324f755edc4981deecbcfdf0aaa5a97627)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:32 +00:00
Richard Purdie
e5414e5962 bitbake: runqueue: Fix multiconfig deferred task sstate validity caching issue
We were testing the validity of deferred tasks setscene status "up front" which
is very unlikely to succeed and leads to cache invalidation issues. With the
change to rebuild the deferred task list, this status becomes out of sync. The
result was tasks being executed when they should not have been leading to extra
work for the build unnecessarily.

Instead, don't process validity status for deferred tasks and assume their
data will become available. If it doesn't, this will now result in a build
error as the setscene task will fail and the main task will run instead.

In theory we could try and track the state changes in the deferred list and
re-test validity then but I'm not sure it is worth the effort when the other
code path and errors in setscene tasks will give a pretty good idea of what
is happening anyway.

(Bitbake rev: f95ed69e6c91ca6aa18d6fa9a6ac6319035c4661)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edcafac13b3b241b6687419e59018d21811507a1)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-22 10:12:32 +00:00
Michael Opdenacker
17aad7feac overview-manual: update patchwork instance URL
Better to mention https://patchwork.yoctoproject.org/
than the patchwork home page.

(From yocto-docs rev: d39950cdaecf0f5c9699fd5155d989bf0d6e6cbd)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-15 10:26:44 +00:00
Michael Opdenacker
b200c2d16e profile-manual: update WireShark hyperlinks
(From yocto-docs rev: 69f38a9e3495e7ca54b5c98420429dd788b6f487)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-15 10:26:44 +00:00
Michael Opdenacker
eb79d76099 ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
Backport from master:
https://git.yoctoproject.org/yocto-docs/commit/?id=b6690011c14ce4bf30571f045152a9d324ad5039

(From yocto-docs rev: 733cbdc608d87b36e115689e97467117aee40442)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-15 10:26:44 +00:00
Richard Purdie
aec83663aa build-appliance-image: Update to dunfell head revision
(From OE-Core rev: daaee6fcb0d201f041678af433d8e1cd6f924d09)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:48:24 +00:00
Steve Sakoman
f5e8301b20 poky.conf: bump version for 3.1.23
(From meta-yocto rev: e422c92724c8456d57c7914dd29615b13861fefd)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:48:16 +00:00
Marek Vasut
d2a464dd59 bitbake: fetch2/git: Clarify the meaning of namespace
Namespace in this context means a branch, a tag, etc., clarify
it in the description. Also, fix a typo "a any", replace with
plain "any".

This patch is based of feedback on new applied patch
d32e5b0e ("fetch2/git: Prevent git fetcher from fetching gitlab repository metadata")

(Bitbake rev: c527976e28165de9606497c48d834872fe68372e)

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4999425c812b25cb359d5163d11e3c1b030dc28)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:48:16 +00:00
Marek Vasut
6b4ee014f3 bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
The bitbake git fetcher currently fetches 'refs/*:refs/*', i.e. every
single object in the remote repository. This works poorly with gitlab
and github, which use the remote git repository to track its metadata
like merge requests, CI pipelines and such.

Specifically, gitlab generates refs/merge-requests/*, refs/pipelines/*
and refs/keep-around/* and they all contain massive amount of data that
are useless for the bitbake build purposes. The amount of useless data
can in fact be so massive (e.g. with FDO mesa.git repository) that some
proxies may outright terminate the 'git fetch' connection, and make it
appear as if bitbake got stuck on 'git fetch' with no output.

To avoid fetching all these useless metadata, tweak the git fetcher such
that it only fetches refs/heads/* and refs/tags/* . Avoid using negative
refspecs as those are only available in new git versions.

Per feedback on the ML, Gerrit may push commits outsides of branches or
tags during CI runs, which currently works with the 'nobranch=1' fetcher
parameter. To retain this functionality, keep fetching everything in case
the 'nobranch=1' is present. This still avoids fetching massive amount of
data in the common case, since 'nobranch=1' is rare. Update 'nobranch'
documentation.

Reviewed-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
(Bitbake rev: efb2903e6c94a5c884485ecb91f1fca7e8ee18f1)

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d32e5b0ec2ab85ffad7e56ac5b3160860b732556)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:48:16 +00:00
Charlie Davies
a99017d705 bitbake: bitbake: fetch/git: use shlex.quote() to support spaces in SRC_URI url
This commit replaces the instances where escaped double quotes
are used to support SRC_URI url containing spaces with the more
pythonic shlex.quote().

(Bitbake rev: ecc1dac4ad8c8593810c69a25d674b0e0bed6097)

Signed-off-by: Charlie Davies <charles.davies@whitetree.xyz>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f9ba9c794de55bea0343267467bddea99844374)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:48:16 +00:00
Niko Mauno
88cf58e2f5 Fix missing leading whitespace with ':append'
Mitigate occurences where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.

(From OE-Core rev: fcd340ec53ff8352b8cae0eb351810072b025a08)

(From OE-Core rev: b21e5524e3326c77598d30f6fe9268a5fdac91dd)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Khem Raj
a4d08aebae libtirpc: Check if file exists before operating on it
In some cases (e.g. mingw) this file may not be installed

(From OE-Core rev: a764e19736f24b8bf67ea87d58dd74652d6d81c9)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 547f3a13ee9268bbdd439c96108ba1fe9ab78873)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Thomas Roos
81a5f76511 devtool: fix devtool finish when gitmodules file is empty
When a .gitmodules file exists but is empty then devtool finish fails.
Add an additional check for this.

[YOCTO #14999]

(From OE-Core rev: 077edd3992683985f0779afc73d4207a795ced39)

Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4f0f7c4934bade9e4d4a1086f9d8b29d8e9ad45)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Xiaobing Luo
25ace79510 devtool: Fix _copy_file() TypeError
when devtool finish, the _copy_file() failed.
--------------------------------------------
TypeError: _copy_file() got an unexpected keyword argument
'base_outdir'
--------------------------------------------

Fixes: 05f2d5d2ce00 ("devtool: finish: add dry-run option")

(From OE-Core rev: a434079b7e8e23e9cf0b45f5fb56e8be7b8d885e)

Signed-off-by: Xiaobing Luo <luoxiaobing0926@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a45d9dc089fb2719ca69b92870917f8c0925f632)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Bruce Ashfield
8369253493 linux-yocto/5.4: update to v5.4.230
Updating  to the latest korg -stable release that comprises
the following commits:

    90245959a5b9 Linux 5.4.230
    29487eed37ae mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
    7242fc8c2f5e x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
    2b1375fac0de drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
    763a74e1de74 drm/amd/display: Fix set scaling doesn's work
    39e0844a1e96 drm/i915: re-disable RC6p on Sandy Bridge
    ffef77794fb5 gsmi: fix null-deref in gsmi_get_variable
    b4461af0a5e6 serial: atmel: fix incorrect baudrate setup
    55f9aca283d5 dmaengine: tegra210-adma: fix global intr clear
    5d99369685a6 serial: pch_uart: Pass correct sg to dma_unmap_sg()
    97697a252ba0 dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
    aa1b22daa019 usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
    a21da7f7aae6 usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
    83b0aac55df0 usb: gadget: g_webcam: Send color matching descriptor per frame
    004fbb049b84 usb: typec: altmodes/displayport: Fix pin assignment calculation
    a1478ef59b0e usb: typec: altmodes/displayport: Add pin assignment helper
    040e0d1281c7 usb: host: ehci-fsl: Fix module alias
    8d5740ad8f76 USB: serial: cp210x: add SCALANCE LPE-9000 device id
    9a39f4626b36 USB: gadgetfs: Fix race between mounting and unmounting
    1bc1fdd73f3d cifs: do not include page data when checking signature
    89ac597e3e80 btrfs: fix race between quota rescan and disable leading to NULL pointer deref
    61cad0c61cdb mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
    4f96ae71d336 comedi: adv_pci1760: Fix PWM instruction handling
    f11a68916422 usb: core: hub: disable autosuspend for TI TUSB8041
    556dfdb226ce misc: fastrpc: Fix use-after-free race condition for maps
    4b5c44e924a5 misc: fastrpc: Don't remove map on creater_process and device_release
    04eb41ec9611 USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
    7ebb3ecab1ff USB: serial: option: add Quectel EM05CN modem
    32165699a08d USB: serial: option: add Quectel EM05CN (SG) modem
    81affe3b469e USB: serial: option: add Quectel EC200U modem
    a7c19d94b899 USB: serial: option: add Quectel EM05-G (RS) modem
    5966eda55028 USB: serial: option: add Quectel EM05-G (CS) modem
    eece7a6c97cf USB: serial: option: add Quectel EM05-G (GR) modem
    96b02125dd68 prlimit: do_prlimit needs to have a speculation check
    afcb4e0ab843 xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
    84e2e57769af usb: acpi: add helper to check port lpm capability using acpi _DSM
    8a6e963bf280 xhci: Add a flag to disable USB3 lpm on a xhci root port level.
    cf6e5d3c2de1 xhci: Add update_hub_device override for PCI xHCI hosts
    133b902378e4 xhci: Fix null pointer dereference when host dies
    9891e5c73cab usb: xhci: Check endpoint is valid before dereferencing it
    643f7da7828d xhci-pci: set the dma max_seg_size
    890792b57990 ALSA: hda/realtek - Turn on power early
    e60730280b57 drm/i915/gt: Reset twice
    2e3e2649ea38 efi: fix userspace infinite retry read efivars after EFI runtime services page fault
    b0ba060d3287 nilfs2: fix general protection fault in nilfs_btree_insert()
    53dd833fd0a2 Add exception protection processing for vd in axi_chan_handle_err function
    33a4d05138df wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
    557e85ff9afe f2fs: let's avoid panic if extent_tree is not created
    7165dd4c3b07 RDMA/srp: Move large values to a new enum for gcc13
    19304ffb7b38 net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
    4de1a5af1be3 selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID
    a869f7b05411 pNFS/filelayout: Fix coalescing test for single DS

(From OE-Core rev: f4b8d8b2240ef1edc42d2ca873195fcb8d25886b)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Bruce Ashfield
fe25a5ea27 linux-yocto/5.4: update to v5.4.229
Updating  to the latest korg -stable release that comprises
the following commits:

    1349fe3a332a Linux 5.4.229
    68a37dc77e2f tipc: call tipc_lxc_xmit without holding node_read_lock
    1140c3f7adbc ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
    2db88851fa4d tipc: Add a missing case of TIPC_DIRECT_MSG type
    38b5d7054d75 tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
    3188f80b80d6 tipc: fix use-after-free in tipc_disc_rcv()
    3eeb06132d36 Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
    ecd47ffc99d3 mm: Always release pages to the buddy allocator in memblock_free_late().
    5fcf75a8a4c3 efi: fix NULL-deref in init error path
    b30e5dd0778e arm64: cmpxchg_double*: hazard against entire exchange variable
    ecdd65051b17 arm64: atomics: remove LL/SC trampolines
    f840000928af arm64: atomics: format whitespace consistently
    d01d6d2b06c0 drm/virtio: Fix GEM handle creation UAF
    3030f11f27e7 x86/resctrl: Fix task CLOSID/RMID update race
    22c4eeafc31b x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
    b3f924246700 iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
    ecfe33e0757d iommu/mediatek-v1: Add error handle for mtk_iommu_probe
    ec049ae2b462 net/mlx5: Fix ptp max frequency adjustment range
    62d707dabb5c net/mlx5: Rename ptp clock info
    2b157c3c5d6b net/sched: act_mpls: Fix warning during failed attribute validation
    9424d2205fe9 nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
    576eadef2c8d hvc/xen: lock console list traversal
    7d04fe153dfc tipc: fix unexpected link reset due to discovery messages
    95b2d4889fbd tipc: eliminate checking netns if node established
    d6418829cef1 tipc: improve throughput between nodes in netns
    d443308edbfb regulator: da9211: Use irq handler when ready
    43f48e6c3076 EDAC/device: Fix period calculation in edac_device_reset_delay_period()
    a5b737623eaa x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
    d0c6d2a31026 powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
    feefb33eefa1 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
    e431b4fb1fb8 ext4: fix uninititialized value in 'ext4_evict_inode'
    026a4490b538 ext4: fix use-after-free in ext4_orphan_cleanup
    fa41a133ea23 ext4: lost matching-pair of trace in ext4_truncate
    1d5524832ff2 ext4: fix bug_on in __es_tree_search caused by bad quota inode
    3da22d06e078 quota: Factor out setup of quota inode
    ecb9d0d2e123 jbd2: use the correct print format
    06bb3f4e3b06 usb: ulpi: defer ulpi_register on ulpi_read_id timeout
    a2689a446427 wifi: wilc1000: sdio: fix module autoloading
    3998dba0f78a ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
    53cefa802f07 ixgbe: fix pci device refcount leak
    e0d6f3b62b29 platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
    1ad759df6a6f drm/msm/adreno: Make adreno quirks not overwrite each other
    098416c4e322 cifs: Fix uninitialized memory read for smb311 posix symlink create
    d6546426cdf4 ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
    eaa5580a74cc ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
    c6d29a5ffdbc net/ulp: prevent ULP without clone op from entering the LISTEN status
    b318d41f1bd1 s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
    f6da927c92ec s390/kexec: fix ipl report address for kdump
    4bf6e11c34c5 perf auxtrace: Fix address filter duplicate symbol selection
    2e4164d3d1e7 docs: Fix the docs build with Sphinx 6.0
    3ed183074c20 efi: tpm: Avoid READ_ONCE() for accessing the event log
    3ad31129ce72 KVM: arm64: Fix S1PTW handling on RO memslots
    9b83ec63d0de net: sched: disallow noqueue for qdisc classes
    aa52acefc629 driver core: Fix bus_type.match() error handling in __driver_attach()
    8d60a90560ef selftests: set the BUILD variable to absolute path
    cad6d2bb4726 selftests: Fix kselftest O=objdir build from cluttering top level objdir
    320dbbd86f81 parisc: Align parisc MADV_XXX constants with all other architectures
    d868597b71c1 mbcache: Avoid nesting of cache->c_list_lock under bit locks
    da23752d9660 hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
    781fa141414e hfs/hfsplus: use WARN_ON for sanity check
    b47c69010943 ext4: don't allow journal inode to have encrypt flag
    1464feb5b6fa riscv: uaccess: fix type of 0 variable on error in get_user()
    da41069c613d nfsd: fix handling of readdir in v4root vs. mount upcall timeout
    8cbd7f264387 x86/bugs: Flush IBP in ib_prctl_set()
    ba780bff9ff9 ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
    e66ae100e7c7 udf: Fix extension of the last extent in the file
    33df9c5d5e2a caif: fix memory leak in cfctrl_linkup_request()
    3cb1ee82e4ed drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
    ebe6d2fcf783 usb: rndis_host: Secure rndis_query check against int overflow
    a07b4895b9d1 drivers/net/bonding/bond_3ad: return when there's no aggregator
    2f7a09c1eebc perf tools: Fix resources leak in perf_data__open_dir()
    6b17b84634f9 net: sched: cbq: dont intepret cls results when asked to drop
    63e469cb54a8 net: sched: atm: dont intepret cls results when asked to drop
    d16e5fefd8e4 RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
    564fdc2f8bff RDMA/uverbs: Silence shiftTooManyBitsSigned warning
    00616bd1913a net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
    904ad95b3985 net: amd-xgbe: add missed tasklet_kill
    a15cbe9b8453 vhost: fix range used in translate_desc()
    d8e410315ad3 nfc: Fix potential resource leaks
    8f97eeb02a55 qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
    55ac68b53f1c net: sched: fix memory leak in tcindex_set_parms
    b6a0623f756b net: hns3: add interrupts re-initialization while doing VF FLR
    f9c551d87426 nfsd: shut down the NFSv4 state objects before the filecache
    7eaaee526809 bpf: pull before calling skb_postpull_rcsum()
    1d449cd2409a SUNRPC: ensure the matching upcall is in-flight upon downcall
    af5306527637 ext4: fix deadlock due to mbcache entry corruption
    711ef736dd99 mbcache: automatically delete entries from cache on freeing
    af8ecc8d20e7 ext4: fix race when reusing xattr blocks
    ea4b9091aae7 ext4: unindent codeblock in ext4_xattr_block_set()
    a5f9bd4beae8 ext4: remove EA inode entry from mbcache on inode eviction
    951ea4d3dfa9 mbcache: add functions to delete entry if unused
    81b0bb1eb2c6 mbcache: don't reclaim used entries
    c2f1e12b659b ext4: use kmemdup() to replace kmalloc + memcpy
    6453836e371f fs: ext4: initialize fsdata in pagecache_write()
    1af609646c60 ext4: use memcpy_to_page() in pagecache_write()
    49dac5e017eb mm/highmem: Lift memcpy_[to|from]_page to core
    f44dcd9dceb8 ext4: correct inconsistent error msg in nojournal mode
    b02aa6a05a5f ext4: goto right label 'failed_mount3a'
    e0fce1d665d8 ravb: Fix "failed to switch device to config mode" message during unbind
    0ebcfdc8c920 KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
    e723bafd8f61 KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING
    72906690452b KVM: VMX: Rename NMI_PENDING to NMI_WINDOW
    da8ff59210b4 KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW
    db99c8d6b78b KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
    2c82f134b9af KVM: x86: optimize more exit handlers in vmx.c
    6e3f6d95625a perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
    fc67c00def19 perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
    d06a7e2049e3 dm thin: resume even if in FAIL mode
    28cdd90c26f3 media: s5p-mfc: Fix in register read and write for H264
    640075400c7c media: s5p-mfc: Clear workbit to handle error condition
    4a52a1a3eac8 media: s5p-mfc: Fix to handle reference queue during finishing
    b9275d8a927f PM/devfreq: governor: Add a private governor_data for governor
    839f3ca8bc02 btrfs: replace strncpy() with strscpy()
    b5db13545759 ext4: allocate extended attribute value in vmalloc area
    6ef8b0a74350 ext4: avoid unaccounted block allocation when expanding inode
    b14a553b0f87 ext4: initialize quota before expanding inode in setproject ioctl
    9ef603086c5b ext4: fix inode leak in ext4_xattr_inode_create() on an error path
    7138ef745ef4 ext4: avoid BUG_ON when creating xattrs
    4d84ec8e5c3e ext4: fix error code return to user-space in ext4_get_branch()
    a4c3c1d57db3 ext4: fix corruption when online resizing a 1K bigalloc fs
    6f4200ec76a0 ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
    f263e349bacc ext4: init quota for 'old.inode' in 'ext4_rename'
    78e335fb573e ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
    362ce137d56b ext4: fix reserved cluster accounting in __es_remove_extent()
    e1d946d9c82f ext4: add helper to check quota inums
    2142dfa1de61 ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
    4690a4bdcf14 ext4: fix undefined behavior in bit shift for ext4_check_flag_values
    e347c269b5d6 ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
    94b283341f9f drm/vmwgfx: Validate the box size for the snooped cursor
    eea62f0461a9 drm/connector: send hotplug uevent on connector cleanup
    fbfd6dee521e device_cgroup: Roll back to original exceptions after copy failure
    5e4500454d75 parisc: led: Fix potential null-ptr-deref in start_task()
    662dc7c6be7b iommu/amd: Fix ivrs_acpihid cmdline parsing code
    93e919d9acb2 crypto: n2 - add missing hash statesize
    a5866d531b47 PCI/sysfs: Fix double free in error path
    65bd0962992a PCI: Fix pci_device_is_present() for VFs by checking PF
    d23006f2a56e ipmi: fix use after free in _ipmi_destroy_user()
    cf19abbe4b9a ima: Fix a potential NULL pointer access in ima_restore_measurement_list
    b16336353576 mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
    74531c23adc5 ipmi: fix long wait in unload when IPMI disconnect
    d4f48c648a66 efi: Add iMac Pro 2017 to uefi skip cert quirk
    2c4832a0893a md/bitmap: Fix bitmap chunk size overflow issues
    b869cb7a3d52 cifs: fix missing display of three mount options
    149babe5e019 cifs: fix confusing debug message
    a29d62130988 media: dvb-core: Fix UAF due to refcount races at releasing
    b21f62b49ee9 media: dvb-core: Fix double free in dvb_register_device()
    50c2379f8795 ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
    c42cb66a8915 tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
    cb03fc217b0d tracing/hist: Fix wrong return value in parse_action_params()
    f5489d5a2420 x86/microcode/intel: Do not retry microcode reloading on the APs
    cf79d5410a56 tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
    1a5165e80a80 dm cache: set needs_check flag after aborting metadata
    2f097dfac757 dm cache: Fix UAF in destroy()
    520b56cfd9fa dm clone: Fix UAF in clone_dtr()
    792e51aac376 dm integrity: Fix UAF in dm_integrity_dtr()
    7ae6aa649394 dm thin: Fix UAF in run_timer_softirq()
    f758987ff0af dm thin: Use last transaction's pmd->root when commit failed
    200aa33b5d78 dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
    f472bfc95d9c dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
    52ba5b87a36e binfmt: Fix error return code in load_elf_fdpic_binary()
    33933af45d1d binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
    3cdd91a91632 cpufreq: Init completion before kobject_init_and_add()
    6ccb116e6b99 selftests: Use optional USERCFLAGS and USERLDFLAGS
    2b8f2e127d7a arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
    b22d683c9014 ARM: ux500: do not directly dereference __iomem
    c59ee1528b34 btrfs: fix resolving backrefs for inline extent followed by prealloc
    e63e1c67932d mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
    3de2c3628351 ktest.pl minconfig: Unset configs instead of just removing them
    d10523afa822 kest.pl: Fix grub2 menu handling for rebooting
    d089baa5b68a soc: qcom: Select REMAP_MMIO for LLCC driver
    bcce46e11594 media: stv0288: use explicitly signed char
    de2ea2a0ad51 net/af_packet: make sure to pull mac header
    ad3f90a9c4a2 net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
    aa91afe59740 SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
    e027f3b9fabd tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
    927860dfa161 tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
    f1c08947ab05 mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
    f4b5a27f56c5 f2fs: should put a page when checking the summary info
    f02d2e2b9b89 mm, compaction: fix fast_isolate_around() to stay within boundaries
    384ef33d37ce md: fix a crash in mempool_free
    2dae4211b579 pnode: terminate at peers of source
    25e8c6ecb468 ALSA: line6: fix stack overflow in line6_midi_transmit
    10a07d81f693 ALSA: line6: correct midi status byte when receiving data from podxt
    0e727c328eeb ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
    cae6dddef222 hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
    fe83242eab19 HID: plantronics: Additional PIDs for double volume key presses quirk
    b201fe49eeb8 HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
    515959eb49e6 powerpc/rtas: avoid scheduling in rtas_os_term()
    c2fa91abf22a powerpc/rtas: avoid device tree lookups in rtas_os_term()
    418ef921cce2 objtool: Fix SEGFAULT
    28046827c305 nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
    24561f5d0990 nvme: resync include/linux/nvme.h with nvmecli
    e69e8d78679d ata: ahci: Fix PCS quirk application for suspend
    e74d9f13a408 nvme-pci: fix doorbell buffer value endianness
    e8e2861cc325 cifs: fix oops during encryption
    3c3baa40dcf8 media: dvbdev: fix refcnt bug
    334a76861b25 media: dvbdev: fix build warning due to comments
    2a0e42877dff gcov: add support for checksum field
    328f3c084fd8 regulator: core: fix deadlock on regulator enable
    fb0407d8cd35 iio: adc128s052: add proper .data members in adc128_of_match table
    bcb052a87d8b iio: adc: ad_sigma_delta: do not use internal iio_dev lock
    ad4eb32cedfa reiserfs: Add missing calls to reiserfs_security_free()
    5a5ef1882fd6 HID: wacom: Ensure bootloader PID is usable in hidraw mode
    9e8f60094e34 usb: dwc3: core: defer probe on ulpi_read_id timeout
    7778fa1ca85f ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
    12622fa053c1 ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
    fad324bc0717 pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
    e56423bb8e04 pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
    e8a1ccd12017 ASoC: rt5670: Remove unbalanced pm_runtime_put()
    737058bd0bfe ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
    d456c253f3ea ASoC: wm8994: Fix potential deadlock
    2705bb1661c9 ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
    ed1376f77140 ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()
    df9cd38c3b5e ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
    56f630a0d5a9 ASoC: Intel: Skylake: Fix driver hang during shutdown
    fd0d3bf37d73 ALSA: hda: add snd_hdac_stop_streams() helper
    d5952155d6d8 ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
    bdc2d33fa232 orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
    2e7c09121064 orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
    511b48ee8e4a drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
    6c00350c9f1d drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
    fa7163987351 hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
    713ad301c2d4 clk: st: Fix memory leak in st_of_quadfs_setup()
    0ca298d54846 media: si470x: Fix use-after-free in si470x_int_in_callback()
    21d26381e1f9 mmc: f-sdh30: Add quirks for broken timeout clock capability
    5bfc53df288e regulator: core: fix use_count leakage when handling boot-on
    87fd18016a47 blk-mq: fix possible memleak when register 'hctx' failed
    17217737c174 media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
    6d18b44bb44e media: dvbdev: adopts refcnt to avoid UAF
    438a4a8dece2 media: dvb-frontends: fix leak of memory fw
    89357aa97b52 bpf: Prevent decl_tag from being referenced in func_proto arg
    7da524781c53 ppp: associate skb with a device at tx
    aadb1507a77b mrp: introduce active flags to prevent UAF when applicant uninit
    4bdcc6a5aa9f net: add atomic_long_t to net_device_stats fields
    19d5a0e17aba md/raid1: stop mdx_raid1 thread when raid1 array run failed
    5d8d046f3dba drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
    2b1b145ca17b drm/sti: Use drm_mode_copy()
    272d12b5f322 drm/rockchip: Use drm_mode_copy()
    20022d551f20 s390/lcs: Fix return type of lcs_start_xmit()
    4bee3c75d5bf s390/netiucv: Fix return type of netiucv_tx()
    e859e02fbfa7 s390/ctcm: Fix return type of ctc{mp,}m_tx()
    f96bd8adc8ad igb: Do not free q_vector unless new one was allocated
    5b06a8a25eba wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
    e390838eeffb hamradio: baycom_epp: Fix return type of baycom_send_packet()
    dbe1a6b930ae net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
    772431f30ca0 bpf: make sure skb->len != 0 when redirecting to a tunneling device
    9066300fe8bf ipmi: fix memleak when unload ipmi driver
    8234c522effc ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
    7360b323e034 wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
    ca57748593dd wifi: ath9k: verify the expected usb_endpoints are present
    3cc9299036bd brcmfmac: return error when getting invalid max_flowrings from dongle
    e44bfef5bffb drm/etnaviv: add missing quirks for GC300
    90103ccb6e60 hfs: fix OOB Read in __hfs_brec_find
    a815a3e01945 acct: fix potential integer overflow in encode_comp_t()
    d706485dffbb nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
    9ef353c92f9d ACPICA: Fix error code path in acpi_ds_call_control_method()
    50163a115831 fs: jfs: fix shift-out-of-bounds in dbDiscardAG
    156d440dea97 udf: Avoid double brelse() in udf_rename()
    359616ce587e fs: jfs: fix shift-out-of-bounds in dbAllocAG
    419b808504c2 binfmt_misc: fix shift-out-of-bounds in check_special_flags
    3d92527a919e rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
    4f1d37ff4226 net: stream: purge sk_error_queue in sk_stream_kill_queues()
    fbae0dc7e22a myri10ge: Fix an error handling path in myri10ge_probe()
    67af8655c889 rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
    93e794d4fe48 net_sched: reject TCF_EM_SIMPLE case for complex ematch module
    b3a5c76f61e2 mailbox: zynq-ipi: fix error handling while device_register() fails
    668dc454bcbd skbuff: Account for tail adjustment during pull operations
    8b74211bf60b openvswitch: Fix flow lookup to use unmasked key
    0e91836628d6 rtc: mxc_v2: Add missing clk_disable_unprepare()
    b0a61359026b r6040: Fix kmemleak in probe and remove
    8bddef54cbe9 nfc: pn533: Clear nfc_target before being used
    db77d4d005c2 mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
    82ff73638cd6 mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
    5a35d18e7952 mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
    fddac3b4578d nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
    f06d3feee910 NFSD: Add tracepoints to NFSD's duplicate reply cache
    fe142d5ceeb5 nfsd: Define the file access mode enum for tracing
    aa5fafd4a6b4 rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
    686f0793f790 rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
    1240ed71a0f6 remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
    27441fab2651 remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
    292c0f3b4ae0 pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
    2b7ad4357438 selftests/powerpc: Fix resource leaks
    39633b4051ee powerpc/hv-gpci: Fix hv_gpci event list
    aed862896d53 powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
    d539b77bae1e powerpc/perf: callchain validate kernel stack pointer bounds
    cfb5bbfcb63b powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
    f2d60f6ba173 cxl: Fix refcount leak in cxl_calc_capp_routing
    9bf842ffdd21 powerpc/52xx: Fix a resource leak in an error handling path
    b703da16dc97 macintosh/macio-adb: check the return value of ioremap()
    b29a2f1dd33a macintosh: fix possible memory leak in macio_add_one_device()
    17fd44059496 iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
    8581ec1feb89 iommu/amd: Fix pci device refcount leak in ppr_notifier()
    0d96a6f5db64 rtc: pcf85063: Fix reading alarm
    bb1bdc72dd24 rtc: snvs: Allow a time difference on clock register read
    6a54d033372d include/uapi/linux/swab: Fix potentially missing __always_inline
    f170d4bd38dd RDMA/siw: Fix pointer cast warning
    8ea68b4e3fa9 power: supply: fix null pointer dereferencing in power_supply_get_battery_info
    61e80e792918 HSI: omap_ssi_core: Fix error handling in ssi_init()
    7ae85631aead perf symbol: correction while adjusting symbol
    739b4294f86a perf trace: Handle failure when trace point folder is missed
    1b4053ad54b7 perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
    443aaf605f9f perf trace: Add a strtoul() method to 'struct syscall_arg_fmt'
    339e08e1858d perf trace: Allow associating scnprintf routines with well known arg names
    97cc27a28ddc perf trace: Add the syscall_arg_fmt pointer to syscall_arg
    a2fcb44f5e55 perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf
    ba67de37ad20 perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts variable
    6086919d8c2a perf trace: Return error if a system call doesn't exist
    f84fff700dea power: supply: fix residue sysfs file in error handle route of __power_supply_register()
    ef87ed9added HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
    e9a32f7523eb HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
    0f049375ad49 fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
    3c9aaa58f71d fbdev: vermilion: decrease reference count in error path
    9413f188efc5 fbdev: via: Fix error in via_core_init()
    65dbd8eefaa8 fbdev: pm2fb: fix missing pci_disable_device()
    77738055e203 fbdev: ssd1307fb: Drop optional dependency
    72c8770e3526 samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
    19b651db9421 tracing/hist: Fix issue of losting command info in error_log
    fab2536ba13d usb: storage: Add check for kcalloc
    cdcbae2c5003 i2c: ismt: Fix an out-of-bounds bug in ismt_access()
    f3f65c417784 vme: Fix error not catched in fake_init()
    e5c97a433cc3 staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
    288ada16a93a staging: rtl8192u: Fix use after free in ieee80211_rx()
    c226717aa864 i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
    d85b5247a793 chardev: fix error handling in cdev_device_add()
    110dc34c9fa3 mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
    68e54d9ee822 drivers: mcb: fix resource leak in mcb_probe()
    80dc47e751a8 usb: gadget: f_hid: fix refcount leak on error path
    c78c87c4e389 usb: gadget: f_hid: fix f_hidg lifetime vs cdev
    efa2ed93e5b4 usb: gadget: f_hid: optional SETUP/SET_REPORT mode
    5e193764c26e usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
    76740fd8c608 counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
    361412dae169 cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
    60b2ed21a65f cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
    0078dd875856 misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
    ee2715faf7e7 misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
    0cd05062371a misc: ocxl: fix possible name leak in ocxl_file_register_afu()
    628de998a3ab test_firmware: fix memory leak in test_firmware_init()
    98c01a728b46 serial: sunsab: Fix error handling in sunsab_init()
    61f4146a7e5f serial: altera_uart: fix locking in polling mode
    ce40c44e62bc tty: serial: altera_uart_{r,t}x_chars() need only uart_port
    071bb9e36327 tty: serial: clean up stop-tx part in altera_uart_tx_chars()
    d165388227aa serial: pch: Fix PCI device refcount leak in pch_request_dma()
    06c886548c03 serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
    965f07ea5fd1 serial: amba-pl011: avoid SBSA UART accessing DMACR register
    4f257e2eba41 usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
    af4049a2ff7b usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
    a45ba33d398a staging: vme_user: Fix possible UAF in tsi148_dma_list_add
    90e227d8b48b usb: fotg210-udc: Fix ages old endianness issues
    12d20ba3ce2c uio: uio_dmem_genirq: Fix deadlock between irq config and handling
    eca77a25a7cb uio: uio_dmem_genirq: Fix missing unlock in irq configuration
    c2163ecc4873 vfio: platform: Do not pass return buffer to ACPI _RST method
    3e0efc3f3f5e class: fix possible memory leak in __class_register()
    0c44f584e387 serial: tegra: Read DMA status before terminating
    dcb26ea75d40 tty: serial: tegra: Activate RX DMA transfer by request
    da64e01da40c drivers: dio: fix possible memory leak in dio_init()
    d4bf3fcccd18 IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
    5cc818ad53df hwrng: geode - Fix PCI device refcount leak
    1199f8e02941 hwrng: amd - Fix PCI device refcount leak
    c75ea343e4b9 crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
    76a9a58a7141 orangefs: Fix sysfs not cleanup when dev init failed
    5a2028369de8 RDMA/hfi1: Fix error return code in parse_platform_config()
    7917484c9923 crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
    c21a09ed1e08 f2fs: avoid victim selection from previous victim section
    91f63dd62272 RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
    6866154c23fb scsi: snic: Fix possible UAF in snic_tgt_create()
    be5f1a82ad60 scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
    eccbec017c95 scsi: ipr: Fix WARNING in ipr_init()
    c9f83544fbfc scsi: fcoe: Fix possible name leak when device_register() fails
    3c4bb9446d72 scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
    6fac40d80691 scsi: hpsa: Fix error handling in hpsa_add_sas_host()
    d60000cb1195 scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
    89e3f7324a38 crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
    f8fc2f186529 scsi: hpsa: Fix possible memory leak in hpsa_init_one()
    bd7106a6004f RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
    a36c929fd78d crypto: ccree - Make cc_debugfs_global_fini() available for module init function
    895bbed5ae53 RDMA/hfi: Decrease PCI device reference count in error path
    7e68c0d09573 PCI: Check for alloc failure in pci_request_irq()
    a234815cee9e crypto: ccree - Remove debugfs when platform_driver_register failed
    ca438aa466b8 crypto: ccree - swap SHA384 and SHA512 larval hashes at build time
    263d21afbac0 scsi: scsi_debug: Fix a warning in resp_write_scat()
    b5848661f123 RDMA/siw: Set defined status for work completion with undefined status
    ad1676587c54 RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
    6af043089d3f RDMA/siw: Fix immediate work request flush to completion queue
    ef6079d98f49 f2fs: fix normal discard process
    7826e4c85ed8 RDMA/core: Fix order of nldev_exit call
    3339d808b609 apparmor: Use pointer to struct aa_label for lbs_cred
    f7368ac846ae apparmor: Fix abi check to include v8 abi
    e1a68ac0154a apparmor: fix lockdep warning when removing a namespace
    eb0f78e28cbc apparmor: fix a memleak in multi_transaction_new()
    df121012e439 stmmac: fix potential division by 0
    203d604bd521 Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
    5e832e018288 Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
    8ae86c1ec22e Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
    f36058569115 Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
    78e76830c73a Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
    b38b064cba7a Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
    f6d822ce4b56 Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
    a6b9e0940310 ntb_netdev: Use dev_kfree_skb_any() in interrupt context
    3f2946a54b89 net: lan9303: Fix read error execution path
    7d67e8ccfc5f can: tcan4x5x: Remove invalid write in clear_interrupts
    068672e75b08 net: amd-xgbe: Check only the minimum speed for active/passive cables
    291b9669f664 net: amd-xgbe: Fix logic around active and passive cables
    bc06c239d54c net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
    1e39d57a0ec8 hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
    20dd87360543 net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
    3b748ba07bae net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
    4b8256d9bf0a net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
    bc51a3cadffc net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
    303000c793f7 net/tunnel: wait until all sk_user_data reader finish before releasing the sock
    0c5f2c7700cb net: farsync: Fix kmemleak when rmmods farsync
    cf7416aa019b ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
    9ec5781879b4 of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
    a44490abaf00 drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
    429370c40d03 net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
    bba527e4ec0a net: defxx: Fix missing err handling in dfx_init()
    f54731a70c8d net: vmw_vsock: vmci: Check memcpy_from_msg()
    6f2198914fb9 clk: socfpga: Fix memory leak in socfpga_gate_init()
    dbd1a4fdf5ed clk: socfpga: use clk_hw_register for a5/c5
    49513eabda46 clk: socfpga: clk-pll: Remove unused variable 'rc'
    fe783eeac48c blktrace: Fix output non-blktrace event when blk_classic option enabled
    d628d5c5b4f5 wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
    1a49bba59db0 wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
    9e8440a65711 spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
    a00b4e0fa273 clk: samsung: Fix memory leak in _samsung_clk_register_pll()
    7a2c66429b04 media: coda: Add check for kmalloc
    2b436f141024 media: coda: Add check for dcoda_iram_alloc
    6250bc73317a media: c8sectpfe: Add of_node_put() when breaking out of loop
    0fcee27507aa mmc: mmci: fix return value check of mmc_add_host()
    0a41ea4fd449 mmc: wbsd: fix return value check of mmc_add_host()
    f59ef2a47a22 mmc: via-sdmmc: fix return value check of mmc_add_host()
    9e11c6bb745b mmc: meson-gx: fix return value check of mmc_add_host()
    f153c9e15f89 mmc: omap_hsmmc: fix return value check of mmc_add_host()
    6bb26abb92f2 mmc: atmel-mci: fix return value check of mmc_add_host()
    c7a328cea791 mmc: wmt-sdmmc: fix return value check of mmc_add_host()
    3b29f8769d32 mmc: vub300: fix return value check of mmc_add_host()
    3dbb69a0242c mmc: toshsd: fix return value check of mmc_add_host()
    937112e991ed mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
    0b7b63422579 mmc: pxamci: fix return value check of mmc_add_host()
    32eb502c972d mmc: mxcmmc: fix return value check of mmc_add_host()
    b174f2b36c63 mmc: moxart: fix return value check of mmc_add_host()
    289c964fe182 mmc: alcor: fix return value check of mmc_add_host()
    e8f20523cf98 NFSv4.x: Fail client initialisation if state manager thread can't run
    f7a8a1e36ded SUNRPC: Fix missing release socket in rpc_sockname()
    bcebcb11fcbc xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    c7e9624d90bf ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
    6a8c0abcb502 media: saa7164: fix missing pci_disable_device()
    4cabc3af4a6f bpf, sockmap: fix race in sock_map_free()
    35593d60b162 regulator: core: fix resource leak in regulator_register()
    90c38f57a821 configfs: fix possible memory leak in configfs_create_dir()
    6dea95f64069 hsr: Avoid double remove of a node.
    de7dbee4bd4a clk: qcom: clk-krait: fix wrong div2 functions
    339ba693daaf regulator: core: fix module refcount leak in set_supply()
    46dfff91025b wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
    624a989db916 spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
    52fb0ffee06d bonding: uninitialized variable in bond_miimon_inspect()
    31631c2ab4a9 bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
    7508b9f4daac bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
    d4145d028a12 netfilter: conntrack: set icmpv6 redirects as RELATED
    27c09443ddcc ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
    981024abf5fe drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
    470a77989037 drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
    190685ff4ee0 ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
    0e1e311fd929 wifi: iwlwifi: mvm: fix double free on tx path.
    8b0c003e37d5 ALSA: asihpi: fix missing pci_disable_device()
    5447f1ad0bc1 NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
    e53a7c28a428 NFSv4.2: Fix initialisation of struct nfs4_label
    b2b472bcda7b NFSv4.2: Fix a memory stomp in decode_attr_security_label
    96f3c70600a5 NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
    2672977dc089 ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
    d63e9eca9485 ASoC: dt-bindings: wcd9335: fix reset line polarity in example
    4ea79d074776 drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
    542a87f1cfc6 media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
    8b256d23361c media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
    9103bf21874e media: dvb-core: Fix ignored return value in dvb_register_frontend()
    3359f8d5338d pinctrl: pinconf-generic: add missing of_node_put()
    ffd53b7892c8 clk: imx: replace osc_hdmi with dummy
    aa79b53df799 clk: imx8mn: correct the usb1_ctrl parent to be usb_bus
    1d8521e1121a media: imon: fix a race condition in send_packet()
    cf9c4c25caad mtd: maps: pxa2xx-flash: fix memory leak in probe
    a7fc25159d6f bonding: fix link recovery in mode 2 when updelay is nonzero
    0879f594a7c4 bonding: Rename slave_arr to usable_slaves
    9eaeb3e460b9 bonding: Export skip slave logic to function
    26b94635f1c8 clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
    96be283d10ef regulator: core: use kfree_const() to free space conditionally
    d884ed9a2f0e ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
    497279199d4c ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
    e6364854f5b0 HID: hid-sensor-custom: set fixed size for custom attributes
    75a5bf8eebc8 bpf: Move skb->len == 0 checks into __bpf_redirect
    61688b8819ea media: videobuf-dma-contig: use dma_mmap_coherent
    9ca9d7fd7df4 media: platform: exynos4-is: Fix error handling in fimc_md_init()
    7b02c50d3978 media: solo6x10: fix possible memory leak in solo_sysfs_init()
    f81f63168f08 Input: elants_i2c - properly handle the reset GPIO when power is off
    8eb64dc5a790 mtd: lpddr2_nvm: Fix possible null-ptr-deref
    8e51f5894df2 wifi: ath10k: Fix return value in ath10k_pci_init()
    8176538866cb ima: Fix misuse of dereference of pointer in template_desc_init_fields()
    9b7c44885a07 integrity: Fix memory leakage in keyring allocation error path
    4d3dc0de9c46 amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
    d39937f8de64 regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
    a8baccb79de2 ASoC: pxa: fix null-pointer dereference in filter()
    6f13a895cef8 drm/mediatek: Modify dpi power on/off sequence.
    a0f26560be2c drm/radeon: Add the missed acpi_put_table() to fix memory leak
    832d0e19ce12 rxrpc: Fix ack.bufferSize to be 0 when generating an ack
    c9c9350d30e9 net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
    fe443b3fe36c media: camss: Clean up received buffers on failed start of streaming
    08114dc18580 wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
    fa0d32ab8407 mtd: Fix device name leak when register device failed in add_mtd_device()
    d70fa0a6ce74 bpf: propagate precision in ALU/ALU64 operations
    54f259906039 media: vivid: fix compose size exceed boundary
    38d48fd22403 ima: Handle -ESTALE returned by ima_filter_rule_match()
    ecd0a6f81a1a ima: Fix fall-through warnings for Clang
    55e2430e4325 ima: Rename internal filter rule functions
    0b7c47b7f358 drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
    3fcdc1534b4c spi: Update reference to struct spi_controller
    d87dd4528d0e clk: renesas: r9a06g032: Repair grave increment error
    a2046e5a361f can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
    7482f95315d2 can: kvaser_usb: Add struct kvaser_usb_busparams
    f3d20de76fc9 can: kvaser_usb_leaf: Fix bogus restart events
    ad63992b6488 can: kvaser_usb_leaf: Fix wrong CAN state after stopping
    920879577060 can: kvaser_usb_leaf: Fix improved state not being reported
    60ad08be78fd can: kvaser_usb_leaf: Set Warning state even without bus errors
    12d95e65f709 can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
    5779a9d0e358 can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
    0e56748852f1 can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
    3a9d74f33988 can: kvaser_usb: do not increase tx statistics when sending error message frames
    3f2384f09ba0 media: i2c: ad5820: Fix error path
    e8e2da03c287 pata_ipx4xx_cf: Fix unsigned comparison with less than zero
    5994e7a806a0 wifi: rtl8xxxu: Fix reading the vendor of combo chips
    988bd27de248 wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
    9850791d389b wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
    bb7397f6312d rapidio: devices: fix missing put_device in mport_cdev_open
    6a95b17e4d4c hfs: Fix OOB Write in hfs_asc2mac
    657fea0a8df0 relay: fix type mismatch when allocating memory in relay_create_buf()
    e275249e5e65 eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
    311b488405ac rapidio: fix possible UAF when kfifo_alloc() fails
    7aa5325e1b50 fs: sysv: Fix sysv_nblocks() returns wrong value
    cb5859603cd1 MIPS: OCTEON: warn only once if deprecated link status is being used
    b7ca75207e4a MIPS: BCM63xx: Add check for NULL for clk in clk_enable
    14bb4bde3b7b platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
    11ad95912b8b PM: runtime: Do not call __rpm_callback() from rpm_idle()
    c40ee4e04b4c PM: runtime: Improve path in rpm_idle() when no callback
    4f983ee5e5de xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
    29198f667f44 x86/xen: Fix memory leak in xen_init_lock_cpu()
    ec88254208dd x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
    6e98158d97e1 xen/events: only register debug interrupt for 2-level events
    314d51053524 uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
    dfdde4d5138b ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
    805665aa5295 clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
    1bbad5793f40 rapidio: rio: fix possible name leak in rio_register_mport()
    440afd7fd9b1 rapidio: fix possible name leaks when rio_add_device() fails
    7ef516888c4d ocfs2: fix memory leak in ocfs2_mount_volume()
    a4d3062f0ac7 ocfs2: rewrite error handling of ocfs2_fill_super
    227cc62e0049 ocfs2: ocfs2_mount_volume does cleanup job before return error
    5c27b46c20ec debugfs: fix error when writing negative value to atomic_t debugfs file
    c7bd49275da3 docs: fault-injection: fix non-working usage of negative values
    6865a549f261 lib/notifier-error-inject: fix error when writing -errno to debugfs file
    6fc6461672a4 libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
    75940697c040 cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
    d25bf9af860e genirq/irqdesc: Don't try to remove non-existing sysfs files
    b4e28099cd70 nfsd: don't call nfsd_file_put from client states seqfile display
    e6e295a434d1 EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
    d5c06dba4612 irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
    e293263248f2 perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
    81b024df4755 PNP: fix name memory leak in pnp_alloc_dev()
    821afb8c89c0 selftests/efivarfs: Add checking of the test return value
    c0b8cff0146b MIPS: vpe-cmp: fix possible memory leak while module exiting
    b3325a443525 MIPS: vpe-mt: fix possible memory leak while module exiting
    7c8bf45cea9c ocfs2: fix memory leak in ocfs2_stack_glue_init()
    e039929e3681 lib/fonts: fix undefined behavior in bit shift for get_default_font
    160d6d6f1479 proc: fixup uptime selftest
    d7b9e43a5c57 timerqueue: Use rb_entry_safe() in timerqueue_getnext()
    248fa44cde6d perf: Fix possible memleak in pmu_dev_alloc()
    044ede4c38ee selftests/ftrace: event_triggers: wait longer for test_event_enable
    8511186f10a4 fs: don't audit the capability check in simple_xattr_list()
    c907c55dc7a5 PM: hibernate: Fix mistake in kerneldoc comment
    f0ff6c60bc82 alpha: fix syscall entry in !AUDUT_SYSCALL case
    1399ce344ee8 cpuidle: dt: Return the correct numbers of parsed idle states
    082b55fe9fc6 tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
    4d3126f242a0 pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
    e2516652da3f ARM: mmp: fix timer_read delay
    2de791ff6f80 pstore/ram: Fix error return code in ramoops_probe()
    ded1b827164f arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
    03a666631aa4 ARM: dts: turris-omnia: Add switch port 6 node
    fe1fc4d84d2a ARM: dts: turris-omnia: Add ethernet aliases
    b20454ea05f6 ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
    1b7017211ecc ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
    87b951b7c2e5 ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
    e3cf3f7a6d54 ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
    e302758caf72 ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
    0a8544b7236f ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
    f707c3fee2e0 arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
    fdf511fc076d arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
    06fbfc5f4374 arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
    f0c1f46e4975 arm64: dts: mt2712e: Fix unit address for pinctrl node
    aaabd7e3e4aa arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
    d69bdb61d577 perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
    af2256d7784f perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
    1e9186d628d3 soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
    83cfc38091ed soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
    5f07c85ca107 soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync
    f5c521195e49 arm: dts: spear600: Fix clcd interrupt
    3a90edbab8d1 drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
    3459e05ad32b arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
    6a24277840dd ARM: dts: qcom: apq8064: fix coresight compatible
    1a19212a711e usb: musb: remove extra check in musb_gadget_vbus_draw
    40075e797577 net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    9fdc79b57143 Bluetooth: L2CAP: Fix u8 overflow
    77d5e6f260ac HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    c05a7fa01020 HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    d535a33e83a0 HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
    7346b2529fed HID: ite: Add support for Acer S1002 keyboard-dock
    2d91b7a0b0e8 xen-netback: move removal of "hotplug-status" to the right place
    c581439a9775 igb: Initialize mailbox message for VF reset
    50aa193a4bf4 USB: serial: f81534: fix division by zero on line-speed change
    0d6bf63eb3ec USB: serial: f81232: fix division by zero on line-speed change
    fe0f214385d4 USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    d48767065423 USB: serial: option: add Quectel EM05-G modem
    b8fb1cba934e usb: gadget: uvc: Prevent buffer overflow in setup handler
    2610c2e59c66 udf: Fix extending file within last block
    ade1726d8c2c udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
    4d835efd561d udf: Fix preallocation discarding at indirect extent boundary
    0905c78f623e udf: Discard preallocation before extending file with a hole
    0758b5069294 tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS

(From OE-Core rev: 2861fb021aa16483fd6c5e91017b380dac33d2b3)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Steve Sakoman
8d7596c0eb lttng-modules: fix build with 5.4.229 kernel
Fixes:

In file included from TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/../probes/define_trace.h:87,
                 from TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/../instrumentation/events/lttng-module/jbd2.h:183,
                 from TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/lttng-probe-jbd2.c:29:
TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/../probes/lttng-tracepoint-event-impl.h:130:6: error: conflicting types for 'trace_jbd2_run_stats'
  130 | void trace_##_name(_proto);
      |      ^~~~~~
TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/../probes/lttng-tracepoint-event-impl.h:42:2: note: in expansion of macro 'LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP'
   42 |  LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(map, name, map, PARAMS(proto), PARAMS(args))
      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/../probes/lttng-tracepoint-event-impl.h:84:2: note: in expansion of macro 'LTTNG_TRACEPOINT_EVENT_MAP'
   84 |  LTTNG_TRACEPOINT_EVENT_MAP(name, name,    \
      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~
TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/../instrumentation/events/lttng-module/jbd2.h:107:1: note: in expansion of macro 'LTTNG_TRACEPOINT_EVENT'
  107 | LTTNG_TRACEPOINT_EVENT(jbd2_run_stats,
      | ^~~~~~~~~~~~~~~~~~~~~~
In file included from TOPDIR/tmp/work-shared/qemuarm/kernel-source/include/trace/events/jbd2.h:9,
                 from TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/lttng-probe-jbd2.c:18:
TOPDIR/tmp/work-shared/qemuarm/kernel-source/include/linux/tracepoint.h:243:21: note: previous definition of 'trace_jbd2_run_stats' was here
  243 |  static inline void trace_##name(proto)    \
      |                     ^~~~~~
TOPDIR/tmp/work-shared/qemuarm/kernel-source/include/linux/tracepoint.h:406:2: note: in expansion of macro '__DECLARE_TRACE'
  406 |  __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args),  \
      |  ^~~~~~~~~~~~~~~
TOPDIR/tmp/work-shared/qemuarm/kernel-source/include/linux/tracepoint.h:542:2: note: in expansion of macro 'DECLARE_TRACE'
  542 |  DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
      |  ^~~~~~~~~~~~~
TOPDIR/tmp/work-shared/qemuarm/kernel-source/include/trace/events/jbd2.h:234:1: note: in expansion of macro 'TRACE_EVENT'
  234 | TRACE_EVENT(jbd2_run_stats,
      | ^~~~~~~~~~~
  CC [M]  TOPDIR/tmp/work/qemuarm-poky-linux-gnueabi/lttng-modules/2.11.6-r0/lttng-modules-2.11.6/probes/lttng-probe-ext4.o

Backport from upstream master branch fixes:

b28830a0dc
4fd2615b87
612c99eb24

Note that master branch upstream has restructured the location of header files, so the patches
do not apply cleanly.  This patch combines the changes in the above commits in the old header location.

(From OE-Core rev: 520d957e14be77f73c82a295f685d189381d8f72)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Steve Sakoman
b952c3f07a lttng-modules: update 2.11.8 -> 2.11.9
2021-05-14 (National Dance Like a Chicken Day) LTTng modules 2.11.9
	* fix: adjust ranges for RHEL 8.2 and 8.3
	* Sync `show_inode_state()` macro with upstream stable kernels
	* fix: block: remove disk_part_iter (v5.12)
	* Fix: Backport of "Fix: increment buffer offset when failing to copy from user-space"
	* Fix: increment buffer offset when failing to copy from user-space
	* Sync `show_inode_state()` macro with Ubuntu 4.15 kernel
	* fix: mm, tracing: kfree event name mismatching with provider kmem (v5.12)
	* Set 'stable-2.11' branch in git review config
	* fix backport: block: add a disk_uevent helper (v5.12)
	* fix: Adjust ranges for Ubuntu 5.4.0-67 kernel
	* fix: block: add a disk_uevent helper (v5.12)
	* Fix: properly compare type enumeration
	* compiler warning cleanup: is_signed_type: compare -1 to 1
	* Fix: bytecode linker: validate event and field array/sequence encoding
	* Fix: kretprobe: null ptr deref on session destroy
	* fix: mm, tracing: record slab name for kmem_cache_free() (v5.12)
	* Fix: filter interpreter early-exits on uninitialized value
	* Fix: memory leaks on event destroy

(From OE-Core rev: 146cc298e9dcb9ea7fe54669899accafee123e46)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Steve Sakoman
560a0ba359 lttng-modules: update 2.11.7 -> 2.11.8
2021-02-17 (Random Act of Kindness Day) LTTng modules 2.11.8
	* fix: Adjust ranges for Ubuntu 5.8.0-44 kernel
	* Fix: do not use bdi_unknown_name symbol
	* fix: memcg: fix a crash in wb_workfn when a device disappears (5.6)
	* Fix: writeback: out-of-bound reads
	* fix: Add one digit to RHEL major release version
	* fix: Add one digit to SLES minor release version
	* fix: RT_PATCH_VERSION is close to overflow
	* fix: cast LTTNG_KERNEL_VERSION/LTTNG_LINUX_VERSION_CODE to uint64_t
	* fix: UTS_UBUNTU_RELEASE_ABI is close to overflow
	* fix: sublevel version overflow in LINUX_VERSION_CODE
	* Namespace kernel version macros
	* aarch64: blacklist gcc prior to 5.1
	* fix: missing include for 'task_struct' in fdtable.h
	* fix: genirq: Restrict export of irq_to_desc() (v5.11)
	* fix: block: merge struct block_device and struct hd_struct (v5.11)
	* fix: kprobes: Remove kretprobe hash (v5.11)
	* fix: file: Rename fcheck lookup_fd_rcu (v5.11)
	* fix: block: remove the request_queue argument to the block_bio_remap tracepoint (v5.11)
	* fix: block: remove the request_queue argument to the block_split tracepoint (v5.11)
	* fix: block: simplify and extend the block_bio_merge tracepoint class (v5.11)
	* fix: block: remove the request_queue to argument request based tracepoints (v5.11)

(From OE-Core rev: fa1056f62017ea764b494c41cc7cdaefe0a80fb6)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Steve Sakoman
fb8372aa70 lttng-modules: update 2.11.6 -> 2.11.7
2021-01-11 (National Clean Off Your Desk Day) LTTng modules 2.11.7
	* fix: adjust version range for trace_find_free_extent()
	* fix: backport of fix: tracepoint: Optimize using static_call() (v5.10)
	* Revert "fix: include order for older kernels"
	* fix: backport of fix: ext4: fast commit recovery path (v5.10)
	* Improve the release script
	* Add release maintainer script
	* fix: include order for older kernels
	* fix: tracepoint: Optimize using static_call() (v5.10)
	* fix: KVM: x86/mmu: Return unique RET_PF_* values if the fault was fixed (v5.10)
	* fix: kvm: x86/mmu: Add TDP MMU PF handler (v5.10)
	* fix: KVM: x86: Add intr/vectoring info and error code to kvm_exit tracepoint (v5.10)
	* fix: ext4: fast commit recovery path (v5.10)
	* fix: btrfs: make ordered extent tracepoint take btrfs_inode (v5.10)
	* fix: btrfs: tracepoints: output proper root owner for trace_find_free_extent() (v5.10)
	* fix: objtool: Rename frame.h -> objtool.h (v5.10)
	* fix: strncpy equals destination size warning

Remove patches now included in 2.11.7

(From OE-Core rev: f3c18d4eda42debf40dcd7de02b2f761c476dcca)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Ranjitsinh Rathod
4f6333a564 libsdl2: Add fix for CVE-2022-4743
Add a patch to fix CVE-2022-4743 security issue "A potential memory leak
issue was discovered in SDL2 in GLES_CreateTexture() function in
SDL_render_gles.c. The vulnerability allows an attacker to cause a
denial of service attack. The vulnerability affects SDL2 v2.0.4 and
above. SDL-1.x are not affected." as per NVD

(From OE-Core rev: f40ad856e814366c2d3588001dea1e0df7a3fed6)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Vivek Kumbhar
262f47eff8 go: fix CVE-2022-1962 go/parser stack exhaustion in all Parse* functions
(From OE-Core rev: 3126830360ca431fb5eecf3d1e5fde7e928b1365)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Steve Sakoman
82af51171e python3: fix packaging of Windows distutils installer stubs
The python3 Windows distutils installer stubs were split into a separate package
in poky commit dc1ab6482c. This has regressed
during the upgrade to Python 3.8.2 in yocto-3.1

[YOCTO #13889]

https://bugzilla.yoctoproject.org/show_bug.cgi?id=13889

(From OE-Core rev: 4f069121ddb99bb6e2f186724cd60ca07f74f503)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Alexander Kanavin
2d6b838a3a selftest/virgl: use pkg-config from the host
The check needs to report dri location on the host machine,
so pkg-config binary needs to be capable of finding the needed
dri.pc file on the host, and therefore needs to know where
host .pc files are located.

This may not be the case when using pkg-config from buildtools,
so this forces usage of host pkg-config.

runqemu already does the same PATH tweak, so this simply brings
the two in sync.

(From OE-Core rev: b2e06c9cf88b4d48e36d845a3cfabf4f3668d605)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f0521f8a3ba7e15482756529ee7b0a95b3d53e7d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Benoît Mauduit
97f9525f2f lib/oe/reproducible: Use git log without gpg signature
Previously, if "showSignature" is present in user gitconfig, parsing
of the timestamp will fail.

Ideally we should replace this command with a git plumbing command.

(From OE-Core rev: e872f6636f4cb51426edc6c985e58d2fb74e0f96)

Signed-off-by: Benoît Mauduit <bmauduit@beneth.fr>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 3bd6f78f79b3d3e87d8db1e11f58d8021f929843)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Jan Kircher
c28f0905a2 toolchain-scripts: compatibility with unbound variable protection
Fixed an error when Bash's unbound variable protection is enabled (set -u) and variable "LD_LIBRARY_PATH" does not exist.

(From OE-Core rev: 2c7309eea616ec88338d508bc9f284e3bd44f5a1)

Signed-off-by: Jan Kircher <openembedded@hetsh.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85685370b0ad93291cda59fb091a15eeecf5e0d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Niko Mauno
a8de3a2233 systemd: Consider PACKAGECONFIG in RRECOMMENDS
Since RRECOMMENDS declaration implictly induces building the recipes
that provide the runtime recommended packages, conditionalize adding
such values according to associated PACKAGECONFIG settings in order
to avoid redundant building.

(From OE-Core rev: a1989add927f7805378fe4d5afbde780b747ba77)

(From OE-Core rev: a35444fa035d551b6a4dcb9609ab8de960258618)

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Randy MacLeod
c611f71574 vim: upgrade 9.0.0947 -> 9.0.1211
Includes fixes for:
   https://nvd.nist.gov/vuln/detail/CVE-2023-0049
   https://nvd.nist.gov/vuln/detail/CVE-2023-0051
   https://nvd.nist.gov/vuln/detail/CVE-2023-0054
   https://nvd.nist.gov/vuln/detail/CVE-2023-0288

(From OE-Core rev: ac7c32ee2c3624052c2a22aa66758c4ab4d9f5c5)

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c51068c78d12ee02789a6dbecf5e7e91d141af5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Alexander Kanavin
c8149df17e linux-firmware: upgrade 20221109 -> 20221214
License-Update: additional files

(From OE-Core rev: 5b56a80e29aacf3b5fc8da027a137b9cf1da102b)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 15f3a9f6c4406ddc00f7dc0ca7e1beafe9c71a9f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Hitendra Prajapati
40bfc5ff44 xserver-xorg: Fix Multiple CVEs
CVE-2022-4283: xkb: reset the radio_groups pointer to NULL after freeing it
Upstream-Status: Backport from ccdd431cd8

CVE-2022-46340: Xtest: disallow GenericEvents in XTestSwapFakeInput
Upstream-Status: Backport from b320ca0ffe

CVE-2022-46341: Xi: disallow passive grabs with a detail > 255
Upstream-Status: Backport from 51eb63b0ee

CVE-2022-46342: Xext: free the XvRTVideoNotify when turning off from the same client
Upstream-Status: Backport from b79f32b57c

CVE-2022-46343: Xext: free the screen saver resource when replacing it
Upstream-Status: Backport from 842ca3ccef

CVE-2022-46344: Xi: avoid integer truncation in length check of ProcXIChangeProperty
Upstream-Status: Backport from 8f454b793e

(From OE-Core rev: dcc597d52a579fca44581ebd81b4a15fa56456fe)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Bhabu Bindu
e3af3f6915 ffmpeg: Fix CVE-2022-3109
Add patch to fix CVE-2022-3109

Link: 656cb0450a

(From OE-Core rev: a626228a4be4c52c9d3f43eb1756c1defc22a5e4)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Quentin Schulz
6c3fc7df68 cairo: fix CVE patches assigned wrong CVE number
CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is
incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462
and vice-versa.

This swaps both files and edit the CVE field to report the correct
identifier.

Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: 8b1f40639c16286937f04b9b50cef3d759bf442e)

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f12c2a5ac94cb29f473f3c7e335463c7fb6d8a6e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Jermain Horsman
113f05b50e cve-check: write the cve manifest to IMGDEPLOYDIR
When building an image cve_check_write_rootfs_manifest() would sometimes fail
with a FileNotFoundError when writing the manifest.cve due to the parent
directory (DEPLOY_DIR_IMAGE) not (yet) existing.

The image task will provide the manifest in the deploy directory afterwards,
so other recipes depending on the manifest being in DEPLOY_DIR_IMAGE should
continue to function properly.

(From OE-Core rev: c25a5c5f6fede29893a2ac1502216e9deccfa6c3)

Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00fb2aae22ce0d7ff5f3f8766fa770eeb4e73483)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Ross Burton
c7fafc86a1 cve-update-db-native: show IP on failure
We get random SSL failures when fetching the CVE database, and it's
notable that the NVD server is behind a DNS round-robin or geographically
diverse servers.

On a hunch that there is one misconfigured server, dump the IP that we
connected to.

(From OE-Core rev: 48c0e427675f4c99c395cc0a75743ac70eb64802)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Marta Rybczynska
a4eed21341 cve-update-db-native: avoid incomplete updates
The database update has been done on the original file. In case of
network connection issues, temporary outage of the NVD server or
a similar situation, the function could exit with incomplete data
in the database. This patch solves the issue by performing the update
on a copy of the database. It replaces the main one only if the whole
update was successful.

See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14929

Reported-by: Alberto Pianon <alberto@pianon.eu>
(From OE-Core rev: 6a219c50ee12b7fb584e2db3e4dde171903acfb7)

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8efe99214d8b005f0ecac690ce5ba17b31758f92)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Ross Burton
4d69f69082 cve-update-db-native: add more logging when fetching
Add some debug logging when fetching the CVE data.

(From OE-Core rev: 60fa8135437ab1e2bc7cead5f838ac787c8dab26)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9b230584664873af2ab453b8153b1ad276d3b0af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
jan
accc5ad750 cve-update-db-native: Allow to overrule the URL in a bbappend.
With this small patch, it's possible to overrule the public
URL with a local mirror for those without Internet access.

(From OE-Core rev: 7290b3217c31cec7dd9985cbf5a003a9c368fa54)

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2d903126e8bbece3a5171c3488c3deae1f0aa3ee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-13 07:44:09 +00:00
Steve Sakoman
b93a3fcbcd documentation: update for 3.1.23
(From yocto-docs rev: 28f22e068aaf9598ac3426b35b6655102852590d)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-08 14:44:33 +00:00
Ross Burton
7d78d5f6e9 bitbake: bb/utils: include SSL certificate paths in export_proxies
bb.utils.export_proxies() is a poor-man's alternative for the
environment setup code in bb/fetch2, but it's used in several places
where recipes want to download manually (such as cve-update-db-native).

Notably, export_proxies() doesn't pass on the SSL certificate paths from
the original environment, so if SSL_CERT_FILE needs to be set (for
example, in a buildtools environment) then proxies work but SSL doesn't.

In an ideal world export_proxies and the same logic in fetch2 would
merge, but until then we can add the SSL_CERT_ variables and duplicate
the basic logic: check the datastore first and then the original
environment for variables.

[ YOCTO #15000 ]

(Bitbake rev: c16d364dbf68d2a500fecaf8d6e6d62b11475d9f)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c19035e8e71c419c5688a86bfc9c946c96f638e8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-06 23:42:55 +00:00
Richard Purdie
6b8a307b78 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: db81e3c7e7f1d4d9eba52ac35ac97627d0240b63)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:43 +00:00
Steve Sakoman
f1292a552f ovmf: fix gcc12 warning for device path handling
Backport [22130dcd98]

Fixes:

In function ?SetDevicePathEndNode?,
    inlined from ?FileDevicePath? at DevicePathUtilities.c:857:5:
DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 [-Werror=stringop-overflow=]
  321 |   memcpy (Node, &mUefiDevicePathLibEndDevicePath, sizeof (mUefiDevicePathLibEndDevicePath));
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from UefiDevicePathLib.h:22,
                 from DevicePathUtilities.c:16:
../Include/Protocol/DevicePath.h: In function ?FileDevicePath?:
../Include/Protocol/DevicePath.h:51:9: note: destination object ?Type? of size 1
   51 |   UINT8 Type;       ///< 0x01 Hardware Device Path.
      |         ^~~~

(From OE-Core rev: a33abd759e2e9f41e056f87024de3b333e9b948b)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Steve Sakoman
2e0077aeb8 ovmf: fix gcc12 warning in LzmaEnc
Backport [85021f8cf2]

Fixes:

Sdk/C/LzmaEnc.c: In function ?LzmaEnc_CodeOneMemBlock?:
Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*p.rc.outStream? [-Werror=dangling-pointer=]
 2828 |   p->rc.outStream = &outStream.vt;
      |   ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here
 2811 |   CLzmaEnc_SeqOutStreamBuf outStream;
      |                            ^~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here
Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*(CLzmaEnc *)pp.rc.outStream? [-Werror=dangling-pointer=]
 2828 |   p->rc.outStream = &outStream.vt;
      |   ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here
 2811 |   CLzmaEnc_SeqOutStreamBuf outStream;
      |                            ^~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here
cc1: all warnings being treated as errors

(From OE-Core rev: 25cc13c1016c2565694d0e0959a69c8b91054309)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Steve Sakoman
a9f1e9d277 ovmf: fix gcc12 warning in GenFfs
Backport [7b005f344e]

Fixes:

    GenFfs.c:545:5: error: pointer ?InFileHandle? used after ?fclose? [-Werror=use-after-free]
      545 |     Error(NULL, 0, 4001, "Resource", "memory cannot be allocated  of %s", InFileHandle);
          |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    GenFfs.c:544:5: note: call to ?fclose? here
      544 |     fclose (InFileHandle);
          |     ^~~~~~~~~~~~~~~~~~~~~

(From OE-Core rev: 19da9603f4e7e64d4ffcb6d1e927965dcd161079)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Pavel Zhukov
2dbbcdb7a6 oeqa/rpm.py: Increase timeout and add debug output
[Yocto #14346]
Systemd may be slow in killing pam session sometimes [1][2]. It may cause rpm
test to fail because there's process (sd_pam) running and own by "test1" user
after timeout.
Increasing timeout to 2 mins and assert earlier with debug output if
there's such process(es). If increasing of timeout doesn't help we may
want to force deletion of the user as [2] suggests.

[1] https://github.com/systemd/systemd/issues/8598
[2] https://access.redhat.com/solutions/6969188

(From OE-Core rev: e4d2351a2b5aa0c4d900abc5d75ab5da9b5e1f8a)

Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 972fcc0ed1e0d36c3470071a9c667c5327c1ef78)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Luis
dc9ccb5071 rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
The do_rm_work() task is using the first available 'rm' binary
available in PATH to remove files and folders.
However, depending on the PATH setup and RECIPE_SYSROOT_NATIVE
contents, the function can be using the 'rm' binary available
in RECIPE_SYSROOT_NATIVE, a folder that will get removed.
This causes a sporadic race-condition when trying to access the
'rm' binary of a folder already deleted.
Solve this by exclusively using the HOSTTOOLS 'rm' binary, as
this folder will not get removed.

(From OE-Core rev: 75b7e86c9d9931c9e4e114af026b51710f1920a2)

Signed-off-by: Luis Martins <luis.pinto.martins@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edcd9ad333bc4e504594e8af83e8cb7007d2e35c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Changqing Li
dbe88ee83e base.bbclass: Fix way to check ccache path
The previous code had 2 issues:
1. make hosttools/ccache always link to host's ccache (/usr/bin/ccache)
even we have one buildtools
2. make hosttools/gcc etc, link to host's gcc event we have one
buildtools when keyword ccache in buildtools's path, eg:
/mnt/ccache/bin/buildtools

This patch is for fix above issues.

(From OE-Core rev: f2f70bf8d93b33b65875828c0402a98e943f660a)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b7c81414cf252a7203d95703810a770184d7e4d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Chee Yang Lee
286af7e044 libksba: fix CVE-2022-47629
(From OE-Core rev: e9f2d3e18db0c7b3e6e4ea385f54fbb8a02ad324)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Hitendra Prajapati
95649c2878 grub2: Fix CVE-2022-2601 & CVE-2022-3775
Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency:

font: Fix size overflow in grub_font_get_glyph_internal()
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532

CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph()
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e

CVE-2022-3775: font: Fix an integer underflow in blit_comb()
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af

(From OE-Core rev: 6149febd53b32406dc4b07b1721b3dfbae70723e)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-13 18:11:19 +00:00
Steve Sakoman
fcaac4852d poky.conf: bump version for 3.1.22
(From meta-yocto rev: 8d37dd79d8e87bb50856446dce08d8fd0202f95e)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-09 23:26:03 +00:00
Steve Sakoman
49175a7478 documentation: update for 3.1.22
(From yocto-docs rev: 3dc2c423484585d04f586b721010c129571638c0)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-09 23:26:03 +00:00
Ross Burton
fb6d32853f lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
The /proc/pressure support in buildstats is creating directories in the
buildstats tree called reduced_proc_pressure, which confuses the parsing
logic as that cannot be parsed as a name-epoc-version-revision tuple.

Explicitly skip this directory to solve the problem.

(From OE-Core rev: deb919a693e4371ace649680ca06ca6b6e3da4e2)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 24f0331f0b7e51161b1fa43d4592b491d2037fe9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:34:54 +00:00
Jagadeesh Krishnanjanappa
99d085ecc3 qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
The QB_DEFAULT_KERNEL is set to pick bundled initramfs kernel image
if the Linux kernel image is generated with INITRAMFS_IMAGE_BUNDLE="1".

This makes runqemu to automatically pick bundled initramfs kernel image
instead of explicitly mentioning bundled initramfs kernel image in
runqemu.

[YOCTO #14748]

(From OE-Core rev: 0c63018ef3843cfefd2be31c0a6693181037410d)

Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52371624313184e1a825519160c3833e282df8b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Robert Andersson
4c5d832fe9 go-crosssdk: avoid host contamination by GOCACHE
By default GOCACHE is set to $HOME/.cache.

Same issue for all other go recipes had been fixed by commit 9a6d208b:
[ go: avoid host contamination by GOCACHE ]

but that commit missed go-crosssdk recipe.

(From OE-Core rev: 22fef4e278beae60d1a6afbe4645fb36732bc736)

Signed-off-by: Robert Andersson <robert.m.andersson@atlascopco.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e5fd10c647ac4baad65f9efa964c3380aad7dd10)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Peter Marko
785e988a3d externalsrc: fix lookup for .gitmodules
Commit 0533edac27 broke
bitbake parsing when bitbake is executed from directory with existing .gitmodules
and the recipe in externalsrc does not have .gitmodules

The check needs to search for .gitmodules in sources path, not cwd.

iParsing recipes...ERROR: ExpansionError during parsing <path to recipe>
...
bb.data_smart.ExpansionError: Failure expanding variable do_compile[file-checksums], expression was ${@srctree_hash_files(d)} which triggered exception CalledProcessError: Command '['git', 'config', '--file', '.gitmodules', '--get-regexp', 'path']' returned non-zero exit status 1.

(From OE-Core rev: c58d82b98348b167b60ec3c8b9651d73b1bdfbdc)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 66ff3d1f65cd2e7f5319e98fa41f47a59b714c72)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Chen Qi
2ef094198e bc: extend to nativesdk
bc is needed for compiling kernel modules, more specifially
whenr running `make scripts prepare'.

In linux-yocto.inc, we have bc-native in DEPENDS. But we will
need nativesdk-bc in case we compile a kernel module inside
SDK.

(From OE-Core rev: aab8d528ceeb2ee1ab7cffdeff4007fd66275f1b)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 95b5c89066baccb1e64bfba7d9a66feeeb086da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Joshua Watt
c778df8884 sudo: Use specific BSD license variant
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.

(From OE-Core rev: ff27ea21d7c14086335da5c3e2fac353e44438da)

(From OE-Core rev: 0624c7a77cfc7288fd3154624150b49adce8d8f8)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1596d37ba)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Alexander Kanavin
227c428eb1 tzdata: update 2022d -> 2022g
(From OE-Core rev: 7ce0cd9ef0b40c23be8fe30fa3bb6ef810464fd0)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2394a481db1b41ad4581e22ba901ac76fa7b3dcd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
493d3217dd linux-yocto/5.4: update to v5.4.228
Updating  to the latest korg -stable release that comprises
the following commits:

    851c2b5fb793 Linux 5.4.228
    ff484a9ba449 ASoC: ops: Correct bounds check for second channel on SX controls
    7d4aa0929963 can: mcba_usb: Fix termination command argument
    f843fdcac054 can: sja1000: fix size of OCR_MODE_MASK define
    b439b12d1050 pinctrl: meditatek: Startup with the IRQs disabled
    9796d07c7531 ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    3c837460f920 nfp: fix use-after-free in area_cache_get()
    a40c3c9ae58f block: unhash blkdev part inode when the part is deleted
    176ba4c19d1b mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    69d4f3baa694 x86/smpboot: Move rcu_cpu_starting() earlier
    d1988bf2bba3 net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head
    66bb2e2b24ce Linux 5.4.227
    898270ec11be can: esd_usb: Allow REC and TEC to return to zero
    08bf219d62f5 net: mvneta: Fix an out of bounds check
    6b6d3be3661b ipv6: avoid use-after-free in ip6_fragment()
    f73eb3fc9b41 net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    f0af234e2e55 xen/netback: fix build warning
    99669d94ce14 ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    3295582cd7a5 ipv4: Fix incorrect route flushing when table ID 0 is used
    2537b637eac0 ipv4: Fix incorrect route flushing when source address is deleted
    36eedb9a05a7 tipc: Fix potential OOB in tipc_link_proto_rcv()
    1b6360a093ab net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    e71a46cc8c9a net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    7081cf86e1f6 net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    bc06207b4c1c net: stmmac: fix "snps,axi-config" node property parsing
    7fab7add08f5 nvme initialize core quirks before calling nvme_init_subsystem
    677843470694 NFC: nci: Bounds check struct nfc_target arrays
    e5292711b020 i40e: Disallow ip4 and ip6 l4_4_bytes
    9337d87da417 i40e: Fix for VF MAC address 0
    a1e295517b36 i40e: Fix not setting default xps_cpus after reset
    eec1fc21edc2 net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    ed773dd798bf xen-netfront: Fix NULL sring after live migration
    18e10a9e0e32 net: encx24j600: Fix invalid logic in reading of MISTAT register
    1356c17758b8 net: encx24j600: Add parentheses to fix precedence
    1831d4540406 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    8fb4b50f5436 selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    0834d4b121e7 net: dsa: ksz: Check return value
    2c6cf0afc385 Bluetooth: Fix not cleanup led when bt_init fails
    07ea5d74fc12 Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    c66d78aee55d af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    9d2ee8abf160 igb: Allocate MSI-X vector when testing
    cff8ba243f5f e1000e: Fix TX dispatch condition
    48bd5d3801f6 gpio: amd8111: Fix PCI device reference count leak
    d2be7ba2d47b drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    e2e218177271 ca8210: Fix crash by zero initializing data
    efbca8234aee ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    3982652957e8 can: af_can: fix NULL pointer dereference in can_rcv_filter
    db1ed1b3fb4e HID: core: fix shift-out-of-bounds in hid_report_raw_event
    60bce926a8f3 HID: hid-lg4ff: Add check for empty lbuf
    625814b85f74 HID: usbhid: Add ALWAYS_POLL quirk for some mice
    585a07b82005 drm/shmem-helper: Remove errant put in error path
    b8419d16f47e KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    04edfa3dc06e mm/gup: fix gup_pud_range() for dax
    35963b318219 memcg: fix possible use-after-free in memcg_write_event_control()
    4afc77068e36 media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    91516ba54a02 Revert "net: dsa: b53: Fix valid setting for MDB entries"
    50e1ab7e638f xen/netback: don't call kfree_skb() with interrupts disabled
    6b1d47f9c34b xen/netback: do some code cleanup
    8fe1bf6f32cd xen/netback: Ensure protocol headers don't fall in the non-linear area
    5ffc2a75534d mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    48b00ceb5472 mm/khugepaged: fix GUP-fast interaction by sending IPI
    324abbd8b91c mm/khugepaged: take the right locks for page table retraction
    b2963819d03b net: usb: qmi_wwan: add u-blox 0x1342 composition
    e35c3ad0c208 9p/xen: check logical size for buffer size
    9d5126b574c9 fbcon: Use kzalloc() in fbcon_prepare_logo()
    102459222d41 regulator: twl6030: fix get status of twl6032 regulators
    f2ba66d87385 ASoC: soc-pcm: Add NULL check in BE reparenting
    3b2c064a8e11 btrfs: send: avoid unaligned encoded writes when attempting to clone range
    63badfed2002 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    8d16d3826ff2 regulator: slg51000: Wait after asserting CS pin
    9327a9c624ee 9p/fd: Use P9_HDRSZ for header size
    671f950d17d5 ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    2c2c5d1d10f7 ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    29917e381e02 ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    3f39d53bc731 ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    135fcc458170 ARM: dts: rockchip: fix ir-receiver node names
    368f2c2640be arm: dts: rockchip: fix node name for hym8563 rtc
    4b346f07f064 arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series
    316cdfc48d4d Linux 5.4.226
    3ab84e89135b ipc/sem: Fix dangling sem_array access in semtimedop race
    210f96fb7ed5 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    0390da0565ad proc: proc_skip_spaces() shouldn't think it is working on C strings
    dd3124a051a1 proc: avoid integer type confusion in get_proc_long
    1061bf5d018b mmc: sdhci: Fix voltage switch delay
    9a5f49c0f532 mmc: sdhci: use FIELD_GET for preset value bit masks
    d699373ac5f3 char: tpm: Protect tpm_pm_suspend with locks
    9decec299337 Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    e67e119adf3e x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    0d87bb607036 Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    b5041a3daa7f x86/pm: Add enumeration check before spec MSRs save/restore setup
    3b2859457688 x86/tsx: Add a feature bit for TSX control MSR support
    99c59256ea00 nvme: ensure subsystem reset is single threaded
    dc85ff0a5f32 nvme: restrict management ioctls to admin
    c41a89af7b7a epoll: check for events when removing a timed out thread from the wait queue
    b8e803cda58b epoll: call final ep_events_available() check under the lock
    e65ac2bdda54 tracing/ring-buffer: Have polling block on watermark
    899e148171c6 ipv4: Fix route deletion when nexthop info is not specified
    cc3cd130ecfb ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
    a14f1a9c5313 selftests: net: fix nexthop warning cleanup double ip typo
    8aefb9329522 selftests: net: add delete nexthop route warning test
    dd6d2d82f0be Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
    7da3a10f39c9 parisc: Increase FRAME_WARN to 2048 bytes on parisc
    15568cdbe599 xtensa: increase size of gcc stack frame check
    76f48511a1c8 parisc: Increase size of gcc stack frame check
    cbdd83bd2fd6 iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    0090231df2cf pinctrl: single: Fix potential division by zero
    73dce3c1d48c ASoC: ops: Fix bounds check for _sx controls
    ced17a55a8e7 mm: Fix '.data.once' orphan section warning
    c9ecc420941f arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
    44ccd8c52fb7 arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
    1603feac154f tracing: Free buffers when a used dynamic event is removed
    dcd1daad31ac mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    9e5581c772cf mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    bfdfe86d839f mmc: core: Fix ambiguous TRIM and DISCARD arg
    040d08c99620 mmc: mmc_test: Fix removal of debugfs file
    eb5001ecfb4f pinctrl: intel: Save and restore pins in "direct IRQ" mode
    ae34a4f4a209 x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    9a130b72e6bd nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    3ae3bb33c47e tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    cf1c12bc5c8c error-injection: Add prompt for function error injection
    2f6fd2de726d net/mlx5: DR, Fix uninitialized var warning
    ea5844f946b1 hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    89eecabe6a47 hwmon: (coretemp) Check for null before removing sysfs attrs
    0aacac75b8d6 net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    a7555681e50b sctp: fix memory leak in sctp_stream_outq_migrate()
    168de4096b9c packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    16c244bc65d1 net: tun: Fix use-after-free in tun_detach()
    1c1d4830a960 afs: Fix fileserver probe RTT handling
    53a62c5efe91 net: hsr: Fix potential use-after-free
    ae633816ddf1 dsa: lan9303: Correct stat name
    910c0264b64e net: ethernet: nixge: fix NULL dereference
    2d24d91b9f44 net/9p: Fix a potential socket leak in p9_socket_open
    4720725e22e1 net: net_netdev: Fix error handling in ntb_netdev_init_module()
    3e21f85d87c8 net: phy: fix null-ptr-deref while probe() failed
    f5c2ec288a86 wifi: cfg80211: fix buffer overflow in elem comparison
    06785845e150 qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    78f8a34b375f can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    e4b474fa787c can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    0a2d73a77060 net/mlx5e: Fix use-after-free when reverting termination table
    093ccc2f8450 net/mlx5: Fix uninitialized variable bug in outlen_write()
    b10dd3bd14ec of: property: decrement node refcount in of_fwnode_get_reference_args()
    7b2b67fe1339 hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    45a643783435 hwmon: (i5500_temp) fix missing pci_disable_device()
    dbcc3390015f scripts/faddr2line: Fix regression in name resolution on ppc64le
    2b916ee1d37c iio: light: rpr0521: add missing Kconfig dependencies
    3f566b626029 iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    2d6a437064ff iio: health: afe4403: Fix oob read in afe4403_read_raw
    8eb912af5250 btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    7e88a416ed43 drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
    41f0abeadc09 drm/amdgpu: update drm_display_info correctly when the edid is read
    787138e4b9e1 btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker
    255289adce05 spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    83aae3204e5c btrfs: free btrfs_path before copying inodes to userspace
    9fd11e2de746 fuse: lock inode unconditionally in fuse_fallocate()
    3659e33c1e4f drm/i915: fix TLB invalidation for Gen12 video and compute engines
    0d1cad597199 drm/amdgpu: always register an MMU notifier for userptr
    d4e9bab771aa drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    a541f1f0ce90 btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    d037681515b6 btrfs: free btrfs_path before copying subvol info to userspace
    69e2f1dd93c1 btrfs: free btrfs_path before copying fspath to userspace
    3cde2bc70819 btrfs: free btrfs_path before copying root refs to userspace
    4741b00cac23 binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    4e682ce5601a binder: Address corner cases in deferred copy and fixup
    15e098ab1d3c binder: fix pointer cast warning
    74e7f1828ab4 binder: defer copies of pre-patched txn data
    7b31ab0d9efb binder: read pre-translated fds from sender buffer
    c056a6ba35e0 binder: avoid potential data leakage when copying txn
    f8fee36515f4 dm integrity: flush the journal on suspend
    096e1bd659d8 net: usb: qmi_wwan: add Telit 0x103a composition
    86136bf62387 tcp: configurable source port perturb table size
    07da8fca307e platform/x86: hp-wmi: Ignore Smart Experience App event
    82d758c9daf1 platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    846c0f9cd05b platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    6579436fd1a6 xen/platform-pci: add missing free_irq() in error path
    375e79c57155 serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    e3a2211fe17c ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    3e2452cbc6f6 Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    47b4949335cb gcov: clang: fix the buffer overflow issue
    ecbde4222e6b nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    7d08b4eba1e1 firmware: coreboot: Register bus in module init
    a2012335aa53 firmware: google: Release devices before unregistering the bus
    cb7495fe9575 ceph: avoid putting the realm twice when decoding snaps fails
    12a93545b2ed ceph: do not update snapshot context when there is no new snapshot
    0528b19d5701 iio: pressure: ms5611: fixed value compensation bug
    562f415bb378 iio: ms5611: Simplify IO callback parameters
    def48fbbac1c nios2: add FORCE for vmlinuz.gz
    da849abded31 init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    03949acb58f0 iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    f8a76c28e957 iio: light: apds9960: fix wrong register for gesture gain
    d3ad47426a58 arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    ae6bcb26984b usb: dwc3: exynos: Fix remove() function
    15f8b52523ba lib/vdso: use "grep -E" instead of "egrep"
    960cf3c7ff95 s390/crashdump: fix TOD programmable field size
    fabd3ab6a19d net: thunderx: Fix the ACPI memory leak
    1633e6d6aa82 nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    0e2a4560db77 nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    420b21235d63 s390/dasd: fix no record found for raw_track_access
    9d1264c914d3 dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    08f25427d81a bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    59612acf6b5e regulator: twl6030: re-add TWL6032_SUBCLASS
    1c12909a7820 NFC: nci: fix memory leak in nci_rx_data_packet()
    23b83a3c76b3 xfrm: Fix ignored return value in xfrm6_init()
    23ba1997ebc0 tipc: check skb_linearize() return value in tipc_disc_rcv()
    59f9aad22fd7 tipc: add an extra conn_get in tipc_conn_alloc
    30f91687fa25 tipc: set con sock in tipc_conn_alloc
    5c12136c00b5 net/mlx5: Fix FW tracer timestamp calculation
    00492f823f30 Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    e0d5becab1d0 Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
    ec3d7202e99f nfp: add port from netdev validation for EEPROM access
    9b8061a6dbd0 net: pch_gbe: fix pci device refcount leak while module exiting
    9a39ea43f16a net/qla3xxx: fix potential memleak in ql3xxx_send()
    a07149c10bae net/mlx4: Check retval of mlx4_bitmap_init
    bbf6d1bc077f ARM: mxs: fix memory leak in mxs_machine_init()
    3afa86449ee8 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    bfadcbf5bac5 net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    e00b42cbec15 nfc/nci: fix race with opening and closing
    04ffa53ab7ae net: liquidio: simplify if expression
    79c55e66caa0 ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    897f6a309138 tee: optee: fix possible memory leak in optee_register_device()
    9c1fbac623cb bus: sunxi-rsb: Support atomic transfers
    347875ff9ad4 regulator: core: fix UAF in destroy_regulator()
    556121103170 regulator: core: fix kobject release warning and memory leak in regulator_register()
    c06267652886 ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    168d59f7f72d ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    dd56c671ccca af_key: Fix send_acquire race with pfkey_register
    9221a53bfcba MIPS: pic32: treat port as signed integer
    dff9b25cb977 RISC-V: vdso: Do not add missing symbols to version section in linker script
    b0e025dd87ab arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    0ba7c091f7f1 block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    b848811655db drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    5dfbb54fe115 spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    9029aee8742e wifi: mac80211: Fix ack frame idr leak when mesh has no route
    1f75f9c1af6a audit: fix undefined behavior in bit shift for AUDIT_BIT
    3129cec05f3d wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    b4cb3dc11185 wifi: mac80211: fix memory free error when registering wiphy fail

(From OE-Core rev: f261daa8a04e97bfc932a72deedddbd87209daec)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
6af184a678 linux-yocto/5.4: update to v5.4.225
Updating  to the latest korg -stable release that comprises
the following commits:

    4d2a309b5c28 Linux 5.4.225
    b612f924f296 ntfs: check overflow when iterating ATTR_RECORDs
    0e2ce0954b39 ntfs: fix out-of-bounds read in ntfs_attr_find()
    266bd5306286 ntfs: fix use-after-free in ntfs_attr_find()
    ed8b990e89aa mm: fs: initialize fsdata passed to write_begin/write_end interface
    b1ad04da7fe4 9p/trans_fd: always use O_NONBLOCK read/write
    179236a122a1 gfs2: Switch from strlcpy to strscpy
    8b6534c9ae9d gfs2: Check sb_bsize_shift after reading superblock
    96760723aae1 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    ce57d6474ae9 kcm: close race conditions on sk_receive_queue
    7a704dbfd373 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    ad39d09190a5 kcm: avoid potential race in kcm_tx_work
    78be2ee01124 tcp: cdg: allow tcp_cdg_release() to be called multiple times
    a62aa84fe19e macvlan: enforce a consistent minimal mtu
    4f348b60c796 Input: i8042 - fix leaking of platform device on module removal
    7b0007b28dd9 kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    28f7ff5e7559 scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    ec59a1325230 ring-buffer: Include dropped pages in counting dirty patches
    32a7f0645111 serial: 8250: Flush DMA Rx on RLSI
    e7061dd1fef2 misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    3da7098e8ffa docs: update mediator contact information in CoC doc
    27f712cd47d6 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    616c6695dd42 mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
    076712ff50dc mmc: core: properly select voltage range without power cycle
    1bf8ed585501 scsi: zfcp: Fix double free of FSF request when qdio send fails
    5d53797ce7ce Input: iforce - invert valid length check when fetching device IDs
    89c0c27ab39a serial: 8250_lpss: Configure DMA also w/o DMA filter
    d6ebe11ad322 serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    b545c0e1e409 dm ioctl: fix misbehavior if list_versions races with module loading
    1c5866b4ddec iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    0dd52e141afd iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    7b75515728b6 iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    c025c4505fba usb: chipidea: fix deadlock in ci_otg_del_timer
    8c8039ede2f9 usb: add NO_LPM quirk for Realforce 87U Keyboard
    bec9f91f7b0c USB: serial: option: add Fibocom FM160 0x0111 composition
    1972f20f365d USB: serial: option: add u-blox LARA-L6 modem
    089839cccf82 USB: serial: option: add u-blox LARA-R6 00B modem
    31e6aba26b44 USB: serial: option: remove old LARA-R6 PID
    5ee0a017e52a USB: serial: option: add Sierra Wireless EM9191
    0410c2ae2105 speakup: fix a segfault caused by switching consoles
    6ed6a5dfa3fa slimbus: stream: correct presence rate frequencies
    56607f0bfc9a Revert "usb: dwc3: disable USB core PHY management"
    e7dc436aea80 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    72c2ea34faa1 ring_buffer: Do not deactivate non-existant pages
    f715f31559b8 ftrace: Fix null pointer dereference in ftrace_add_mod()
    c50e0bcf4a1b ftrace: Optimize the allocation for mcount entries
    3041feeedbdd ftrace: Fix the possible incorrect kernel message
    04e9e5eb4551 cifs: add check for returning value of SMB2_set_info_init
    293c0d7182ee net: thunderbolt: Fix error handling in tbnet_init()
    e6546d541206 cifs: Fix wrong return value checking when GETFLAGS
    e109b41870db net/x25: Fix skb leak in x25_lapb_receive_frame()
    e313efddce71 platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized
    813a8dd9c45f drbd: use after free in drbd_create_device()
    0199bf0a8f74 xen/pcpu: fix possible memory leak in register_pcpu()
    aa2ba356507f bnxt_en: Remove debugfs when pci_register_driver failed
    6134357f568e net: caif: fix double disconnect client in chnl_net_open()
    90638373f19f net: macvlan: Use built-in RCU list checking
    83672c1b83d1 mISDN: fix misuse of put_device() in mISDN_register_device()
    8c85770d1ad0 net: liquidio: release resources when liquidio driver open failed
    0f2c681900a0 mISDN: fix possible memory leak in mISDN_dsp_element_register()
    d697f78cab64 net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    bec9ded5404c ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    2ff7e852bd4c arm64: dts: imx8mn: Fix NAND controller size-cells
    bb4a2f898ef7 arm64: dts: imx8mm: Fix NAND controller size-cells
    040f726fecd8 pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    5b3d6d510bb8 parport_pc: Avoid FIFO port location truncation
    f9fe7ba4ea5b siox: fix possible memory leak in siox_device_add()
    6bb50c14c958 block: sed-opal: kmalloc the cmd/resp buffers
    8555c6c1125f ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    b768afc68b10 tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    476b09e07bd5 serial: imx: Add missing .thaw_noirq hook
    b7c6033a8fa3 serial: 8250: omap: Flush PM QOS work on remove
    2d66412563ef serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    747e76f4ccb2 serial: 8250_omap: remove wait loop from Errata i202 workaround
    2ec3f558db34 ASoC: core: Fix use-after-free in snd_soc_exit()
    ee31abd04754 spi: stm32: Print summary 'callbacks suppressed' message
    a39357b4ec86 ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
    1a5f13b0c542 Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
    6fa082ad96d6 btrfs: remove pointless and double ulist frees in error paths of qgroup tests
    741bded210db drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    761976a6175d i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    18a501e5c7a8 NFSv4: Retry LOCK on OLD_STATEID during delegation return
    281b93e42e40 selftests/intel_pstate: fix build for ARCH=x86_64
    2cce0a36cec9 selftests/futex: fix build for clang
    c81ab3d7d1e2 ASoC: codecs: jz4725b: fix capture selector naming
    5b94d1bb1ea2 ASoC: codecs: jz4725b: use right control for Capture Volume
    21b6fbb934b5 ASoC: codecs: jz4725b: fix reported volume for Master ctl
    c9fb6a03112d ASoC: codecs: jz4725b: add missed Line In power control bit
    1719b9c0fb37 spi: intel: Fix the offset to get the 64K erase opcode
    af93d7c9d94c ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    a3b07bb0b3fc ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
    4d487873ba5f ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
    f0901e1551a8 ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
    1fd66e3b02d5 x86/cpu: Restore AMD's DE_CFG MSR after resume
    30b0263d0366 net: tun: call napi_schedule_prep() to ensure we own a napi
    7a6e564ff259 dmaengine: at_hdmac: Check return code of dma_async_device_register
    966dd087de9a dmaengine: at_hdmac: Fix impossible condition
    d6ce23165ccc dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    a5352470299f dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    77b97ef4908a dmaengine: at_hdmac: Don't start transactions at tx_submit level
    3d35e36d7a90 dmaengine: at_hdmac: Fix at_lli struct definition
    ab390c532e3c cert host tools: Stop complaining about deprecated OpenSSL functions
    d0513b095e1e can: j1939: j1939_send_one(): fix missing CAN header initialization
    d8971f410739 udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    c914c56ac058 btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    aa05252ab4b8 platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
    431b70544bb1 drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    9b162e810452 nilfs2: fix use-after-free bug of ns_writer on remount
    36ff974b0310 nilfs2: fix deadlock in nilfs_count_free_blocks()
    b4421e6d9a96 vmlinux.lds.h: Fix placement of '.data..decrypted' section
    022d8696a7dd ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    ded2d51b85e3 ALSA: usb-audio: Add quirk entry for M-Audio Micro
    02dea987ec1c ALSA: hda: fix potential memleak in 'add_widget_node'
    9ab40b1df6ab ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    d51861d2911b mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    d2cf28caf5f1 mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    ae2aeee895ec mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    9fbe02082912 MIPS: jump_label: Fix compat branch range check
    f967bbc72f20 arm64: efi: Fix handling of misaligned runtime regions and drop warning
    c5c0b3167537 riscv: process: fix kernel info leakage
    685e73e3f7a9 net: macvlan: fix memory leaks of macvlan_common_newlink
    d1dddadf4cbb ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    1b7a5651432e net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
    ec8a47afc5ee ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    b03f505c5d1e cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
    834d2da28fd9 net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    834445168191 net: cpsw: disable napi in cpsw_ndo_open()
    3892c2d33573 net/mlx5: Allow async trigger completion execution on single CPU systems
    5b72cf7a4066 net: nixge: disable napi when enable interrupts failed in nixge_open()
    a8aade318d7e perf stat: Fix printing os->prefix in CSV metrics output
    da4daa36ea2e drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
    1d8488732765 dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    7c77e272b4b3 dmaengine: pxa_dma: use platform_get_irq_optional
    36769b947749 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
    afab4655750f can: af_can: fix NULL pointer dereference in can_rx_register()
    58cd7fdc8c1e ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    3ad34145911d drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
    831ea56c3470 hamradio: fix issue of dev reference count leakage in bpq_device_event()
    c7e0024852c3 net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
    5661f111a161 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    08c3d22f1080 net: fman: Unregister ethernet device on removal
    aa94d1a607c7 bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    a5a05fbef4a0 bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    a4f73f6adc53 net: tun: Fix memory leaks of napi_get_frags
    65ad047fd835 net: gso: fix panic on frag_list with mixed head alloc types
    e29289d0d819 HID: hyperv: fix possible memory leak in mousevsc_probe()
    d975bec1eaeb bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    0ede1a988299 wifi: cfg80211: fix memory leak in query_regdb_file()
    1c8d06631749 wifi: cfg80211: silence a sparse RCU warning
    c38ea831691b phy: stm32: fix an error code in probe
    45a841719fe0 xfs: drain the buf delwri queue before xfsaild idles
    e107e953d24d xfs: preserve inode versioning across remounts
    7d57979052c4 xfs: use MMAPLOCK around filemap_map_pages()
    8b27e684a6a9 xfs: redesign the reflink remap loop to fix blkres depletion crash
    ece1eb995787 xfs: rename xfs_bmap_is_real_extent to is_written_extent
    d304fafb978d xfs: preserve rmapbt swapext block reservation from freed blocks

(From OE-Core rev: 0c760227657062eae0a14ddd91e5f8b4654c8cd5)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
2c43a87e79 linux-yocto/5.4: update to v5.4.224
Updating  to the latest korg -stable release that comprises
the following commits:

    771a8acbb841 Linux 5.4.224
    3e0c1ab197eb ipc: remove memcg accounting for sops objects in do_semtimedop()
    a16415c8f156 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    a24bf3c317b2 drm/i915/sdvo: Setup DDC fully before output init
    4dadd4b16178 drm/i915/sdvo: Filter out invalid outputs more sensibly
    57306fef4d10 drm/rockchip: dsi: Force synchronous probe
    e09ff743e30b mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    8b1174d05896 KVM: x86: emulator: update the emulation mode after CR0 write
    ac3bc06c9ac5 KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    f159cd915d73 KVM: x86: emulator: em_sysexit should update ctxt->mode
    ef3094c4e9ee KVM: x86: Mask off reserved bits in CPUID.80000008H
    da1bf3732d0f KVM: x86: Mask off reserved bits in CPUID.8000001AH
    2fa24d0274fb ext4: fix BUG_ON() when directory entry has invalid rec_len
    72743d5598b9 ext4: fix warning in 'ext4_da_release_space'
    eed040fd35e9 parisc: Avoid printing the hardware path twice
    9e902284ee3e parisc: Export iosapic_serial_irq() symbol for serial port driver
    506ae301672e parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    c586068aad62 ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    4e8ee3cf74e2 perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    6ffa48150b9b perf/x86/intel: Fix pebs event constraints for ICL
    fee896d4534f efi: random: reduce seed size to 32 bytes
    0c7275743498 fuse: add file_modified() to fallocate
    0c3e6288da65 capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    4bc52ddf6347 tracing/histogram: Update document for KEYS_MAX size
    c8938263e640 tools/nolibc/string: Fix memcmp() implementation
    993bd0de8b53 kprobe: reverse kp->flags when arm_kprobe failed
    fe3da74428bf tcp/udp: Make early_demux back namespacified.
    4ae03c869c9a btrfs: fix type of parameter generation in btrfs_get_dentry
    27a594bc7a7c binder: fix UAF of alloc->vma in race with munmap()
    bad83d55134e memcg: enable accounting of ipc resources
    92aaa5e8fe90 tcp/udp: Fix memory leak in ipv6_renew_options().
    c494ae149858 block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    6949400ec9fe Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    ad18f624e3da xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster()
    0802130a4d0b xfs: don't fail unwritten extent conversion on writeback due to edquot
    fef141f9e4c1 xfs: group quota should return EDQUOT when prj quota enabled
    4267433dd3d3 xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
    24e7e3935309 xfs: use ordered buffers to initialize dquot buffers during quotacheck
    52802e9a035f xfs: don't fail verifier on empty attr3 leaf block
    71d487a82d2c i2c: xiic: Add platform module alias
    cdd19e559a72 HID: saitek: add madcatz variant of MMO7 mouse device ID
    efdcd1e32c0d scsi: core: Restrict legal sdev_state transitions via sysfs
    70119756311a media: meson: vdec: fix possible refcount leak in vdec_probe()
    bfa8ccf70597 media: dvb-frontends/drxk: initialize err to 0
    11c8f19e0f5a media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    4a449430ecfb media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    381453770f73 ipv6: fix WARNING in ip6_route_net_exit_late()
    b49f6b2f21f5 net, neigh: Fix null-ptr-deref in neigh_table_clear()
    4954b5359eb1 net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    c1f594dddd9f Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    4cd094fd5d87 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
    5d1a47ebf845 btrfs: fix ulist leaks in error paths of qgroup self tests
    6a6731a0df8c btrfs: fix inode list leak during backref walking at find_parent_nodes()
    2c0329406bb2 btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    3d74329d8cff isdn: mISDN: netjet: fix wrong check of device registration
    2ff6b669523d mISDN: fix possible memory leak in mISDN_register_device()
    b13be5e852b0 rose: Fix NULL pointer dereference in rose_send_frame()
    8457a00c981f ipvs: fix WARNING in ip_vs_app_net_cleanup()
    7effc4ce3d14 ipvs: fix WARNING in __ip_vs_cleanup_batch()
    2cc523978f1c ipvs: use explicitly signed chars
    74fd58394670 netfilter: nf_tables: release flow rule object from commit path
    ca791952d42c net: tun: fix bugs for oversize packet when napi frags enabled
    52e042947197 net: sched: Fix use after free in red_enqueue()
    d605da3e5f74 ata: pata_legacy: fix pdc20230_set_piomode()
    704b92c51b64 net: fec: fix improper use of NETDEV_TX_BUSY
    f30060efcf18 nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    aef89b91c7d7 nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    875082ae8329 RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    af8fb5a0600e RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    bbc5d7b46a72 net: dsa: Fix possible memory leaks in dsa_loop_init()
    925cb538bd58 nfs4: Fix kmemleak when allocate slot failed
    0bc335d0100e NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    405309d86021 NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    25760a41e380 IB/hfi1: Correctly move list in sc_disable()
    6b5c87f9b3f8 RDMA/cma: Use output interface for net_dev check
    a0d938496721 Linux 5.4.223
    a0a2a4bdd101 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
    fc0eecb8b457 net: enetc: survive memory pressure without crashing
    69dd3ad406c4 net/mlx5: Fix possible use-after-free in async command interface
    827e36a031e4 net/mlx5e: Do not increment ESN when updating IPsec ESN state
    7dc6ce3ef20f nh: fix scope used to find saddr when adding non gw nh
    ba6ee85355ad net: ehea: fix possible memory leak in ehea_register_port()
    4175d6381f6f openvswitch: switch from WARN to pr_warn
    0667bb60000d ALSA: aoa: Fix I2S device accounting
    5bdea6745341 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    2a47cc2a3d04 PM: domains: Fix handling of unavailable/disabled idle states
    a49e74cc7489 net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    e46f699ac23d i40e: Fix flow-type by setting GL_HASH_INSET registers
    e88c2a1e28c5 i40e: Fix VF hang when reset is triggered on another VF
    28c47fd23c20 i40e: Fix ethtool rx-flow-hash setting for X722
    d303dabe7e03 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    b4a3a01762ae media: v4l2-dv-timings: add sanity checks for blanking values
    d8f479c777b4 media: vivid: dev->bitmap_cap wasn't freed in all cases
    9d6870949c2c media: vivid: s_fbuf: add more sanity checks
    8e1592d41519 PM: hibernate: Allow hybrid sleep to work with s2idle
    77454bc744e2 can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
    f79de6451eaf tcp: fix indefinite deferral of RTO with SACK reneging
    38e451696057 net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    97ad240fd9aa net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    663682cd3192 kcm: annotate data-races around kcm->rx_wait
    e94395e916b4 kcm: annotate data-races around kcm->rx_psock
    f85e54b4f3e5 amd-xgbe: add the bit rate quirk for Molex cables
    71ba2a95663a amd-xgbe: fix the SFP compliance codes check for DAC cables
    fe3fd27083db x86/unwind/orc: Fix unreliable stack dump with gcov
    fda2d07234a2 net: netsec: fix error handling in netsec_register_mdio()
    24b129aed873 tipc: fix a null-ptr-deref in tipc_topsrv_accept
    758dbcc6fbf2 ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    ccaeef126ed1 arc: iounmap() arg is volatile
    fa434a64a4ea drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    29a6902eb076 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    6f3511eb8654 net: ieee802154: fix error return code in dgram_bind()
    11993652d0b4 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    5a2d7c93d9b9 cgroup-v1: add disabled controller check in cgroup1_parse_param()
    3d056d81b93a xen/gntdev: Prevent leaking grants
    8f589b5c0e7b Xen/gntdev: don't ignore kernel unmapping error
    f45ee2038464 xfs: force the log after remapping a synchronous-writes file
    102de7717d63 xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush
    03b449a880d1 xfs: finish dfops on every insert range shift iteration
    3d295076ba4e s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
    344e1cb0bafe s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    4f969d0753bd perf auxtrace: Fix address filter symbol name match for modules
    c78b0dc6fb7f kernfs: fix use-after-free in __kernfs_remove
    7a09c64b7da0 mmc: core: Fix kernel panic when remove non-standard SDIO card
    ed7f1ff87a4a drm/msm/hdmi: fix memory corruption with too many bridges
    f649ed0e1b7a drm/msm/dsi: fix memory corruption with too many bridges
    e7348308f668 mac802154: Fix LQI recording
    5385af2f89bc fbdev: smscufx: Fix several use-after-free bugs
    07ef3be6cae3 iio: light: tsl2583: Fix module unloading
    cb972e6d01ef tools: iio: iio_utils: fix digit calculation
    8f1cd9633d1f xhci: Remove device endpoints from bandwidth list when freeing the device
    914704e0d283 mtd: rawnand: marvell: Use correct logic for nand-keep-config
    5d36037b224d usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
    7b7a0d54333c usb: bdc: change state when port disconnected
    6827b58a957d usb: dwc3: gadget: Don't set IMI for no_interrupt
    9aa025430346 usb: dwc3: gadget: Stop processing more requests on IMI
    035dda2bfd7f USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    e4045fbcd98e ALSA: au88x0: use explicitly signed char
    d853b4380835 ALSA: Use del_timer_sync() before freeing timer
    caea5b20ef9b can: kvaser_usb: Fix possible completions during init_completion
    5437642f91fd can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
    5282d4de783b Linux 5.4.222
    59f89518f510 once: fix section mismatch on clang builds

(From OE-Core rev: a886ee55d6137efbcc194f7c4ba09e3b5c66990b)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Bruce Ashfield
ea69dd1bf5 linux-yocto/5.4: update to v5.4.221
Updating  to the latest korg -stable release that comprises
the following commits:

    b70bfeb98635 Linux 5.4.221
    6bb8769326c4 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    a351077e589d hv_netvsc: Fix race between VF offering and VF association message from host
    2f1b3377b6fc Makefile.debug: re-enable debug info for .S files
    9220881831c3 ACPI: video: Force backlight native for more TongFang devices
    8ad8fc82eee8 riscv: topology: fix default topology reporting
    60dd3dc2acc4 arm64: topology: move store_cpu_topology() to shared code
    724483b585a1 iommu/vt-d: Clean up si_domain in the init_dmars() error path
    dfc0337c6dce net: hns: fix possible memory leak in hnae_ae_register()
    bc8301ea7e7f net: sched: cake: fix null pointer access issue when cake_init() fails
    b87f88d58f1b net: phy: dp83867: Extend RX strap quirk for SGMII mode
    6453077a00c1 net/atm: fix proc_mpc_write incorrect return value
    4258c473ee03 HID: magicmouse: Do not set BTN_MOUSE on double report
    567f8de358b6 tipc: fix an information leak in tipc_topsrv_kern_subscr
    27ee73c1199e tipc: Fix recognition of trial period
    fa0676d94fa4 ACPI: extlog: Handle multiple records
    13a2719ec89f btrfs: fix processing of delayed tree block refs during backref walking
    b397ce347775 btrfs: fix processing of delayed data refs during backref walking
    96894a4fe6b0 r8152: add PID for the Lenovo OneLink+ Dock
    7f6d2188ec33 arm64: errata: Remove AES hwcap for COMPAT tasks
    aae35081633f media: venus: dec: Handle the case where find_format fails
    fd596e7371ac KVM: arm64: vgic: Fix exit condition in scan_its_table()
    383b7c50f544 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
    da9793150297 ata: ahci-imx: Fix MODULE_ALIAS
    c00cdfc9bd76 hwmon/coretemp: Handle large core ID value
    3ea7da6a97d5 x86/microcode/AMD: Apply the patch early on every logical thread
    3064c74198cf ocfs2: fix BUG when iput after ocfs2_mknod fails
    c2489774a2f0 ocfs2: clear dinode links count in case of error
    6391ed32b101 xfs: fix use-after-free on CIL context on shutdown
    ac055fee2544 xfs: move inode flush to the sync workqueue
    d3eb14b8ea26 xfs: reflink should force the log out if mounted with wsync
    05e2b279ead4 xfs: factor out a new xfs_log_force_inode helper
    f1172b08bb8e xfs: trylock underlying buffer on dquot flush
    890d7dfff79d xfs: don't write a corrupt unmount record to force summary counter recalc
    8ebd3ba932df xfs: tail updates only need to occur when LSN changes
    87b8a7fb6263 xfs: factor common AIL item deletion code
    4202b103d382 xfs: Throttle commits on delayed background CIL push
    7a8f95bfb9e3 xfs: Lower CIL flush limit for large logs
    f43ff28b0183 xfs: preserve default grace interval during quotacheck
    553e5c8031f5 xfs: fix unmount hang and memory leak on shutdown during quotaoff
    835306dd3f0c xfs: factor out quotaoff intent AIL removal and memory free
    a1e03f160019 xfs: Replace function declaration by actual definition
    fdce40c8fd92 xfs: remove the xfs_qoff_logitem_t typedef
    926ddf7846ee xfs: remove the xfs_dq_logitem_t typedef
    80f78aa76a17 xfs: remove the xfs_disk_dquot_t and xfs_dquot_t
    4776ae328ccb xfs: Use scnprintf() for avoiding potential buffer overflow
    2f55a0389154 xfs: check owner of dir3 blocks
    15b0651f383f xfs: check owner of dir3 data blocks
    bc013efdcf17 xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails
    6e204b9e67f3 xfs: xfs_buf_corruption_error should take __this_address
    0213ee5f4c93 xfs: add a function to deal with corrupt buffers post-verifiers
    3c88c3c00c97 xfs: rework collapse range into an atomic operation
    3602df3f1f5f xfs: rework insert range into an atomic operation
    7cd181cb2333 xfs: open code insert range extent split helper
    fe18f1af38a7 Linux 5.4.220
    d9fdda5efe76 thermal: intel_powerclamp: Use first online CPU as control_cpu
    c3bb4a7e8cbc inet: fully convert sk->sk_rx_dst to RCU rules
    96e2e21284ca efi: libstub: drop pointless get_memory_map() call
    97238b88583c md: Replace snprintf with scnprintf
    8b766dd70791 ext4: continue to expand file system when the target size doesn't reach
    4a36de894779 net/ieee802154: don't warn zero-sized raw_sendmsg()
    cff6131217e6 Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    1210359a6854 net: ieee802154: return -EINVAL for unknown addr type
    04df9719df18 io_uring/af_unix: defer registered files gc to io_uring release
    f5dd24a66462 perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    036b1f3bca7e clk: bcm2835: Make peripheral PLLC critical
    1eae30c0113d usb: idmouse: fix an uninit-value in idmouse_open
    0d150ccd55db nvmet-tcp: add bounds check on Transfer Tag
    3a3a8d75af4d nvme: copy firmware_rev on each init
    e5d8f05edb36 staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    072b5a41c5f8 Revert "usb: storage: Add quirk for Samsung Fit flash"
    d6afcab1b48f usb: musb: Fix musb_gadget.c rxstate overflow bug
    9fa81cbd2dd3 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    1c00bb624cd0 md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    e30c3a9a8881 HID: roccat: Fix use-after-free in roccat_read()
    81247850b8ab bcache: fix set_at_max_writeback_rate() for multiple attached devices
    7cfc77f4fe1d ata: libahci_platform: Sanity check the DT child nodes number
    16a45e78a687 staging: vt6655: fix potential memory leak
    3376a0cf138d power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    3575949513ea nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    22f49d9d6e04 scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    66de92207600 clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    9181af2dbf06 media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    5dbfcf7b0803 clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    715fe15785b4 btrfs: scrub: try to fix super block errors
    8054f824a725 ARM: dts: imx6sx: add missing properties for sram
    05f789afaf69 ARM: dts: imx6sll: add missing properties for sram
    48d1766b35f3 ARM: dts: imx6sl: add missing properties for sram
    ef4a3baf0042 ARM: dts: imx6qp: add missing properties for sram
    ee239c0340a2 ARM: dts: imx6dl: add missing properties for sram
    82e5191b124a ARM: dts: imx6q: add missing properties for sram
    0b2013ace8df ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    aec01503ba7f mmc: sdhci-msm: add compatible string check for sdm670
    e67c2cda3d60 drm/amdgpu: fix initial connector audio value
    079f64a1ea33 platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
    30a3601c2f59 drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    7de3e3514cab drm/vc4: vec: Fix timings for VEC modes
    8f6cad7c4b68 drm/amd/display: fix overflow on MIN_I64 definition
    cdde55f97298 drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    fb282b4e8aef drm: Use size_t type for len variable in drm_copy_field()
    1d0803b1532d drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    61fd56b0a1a3 r8152: Rate limit overflow messages
    7d6f9cb24d2b Bluetooth: L2CAP: Fix user-after-free
    a76462dbdd8b net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    4037270ea6d6 wifi: rt2x00: correctly set BBP register 86 for MT7620
    2021a5aaf835 wifi: rt2x00: set SoC wmac clock register
    f9c053c3e4e9 wifi: rt2x00: set VGC gain for both chains of MT7620
    0facbe608305 wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    2f383edcb703 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    fdcc57ef8c1f can: bcm: check the result of can_send() in bcm_can_tx()
    6e85d2ad958c Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    776f33c12fdb Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    49c742afd60f wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    18373ed500f7 xfrm: Update ipcomp_scratches with NULL when freed
    2c485f4f2a64 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    42d579d91051 tcp: annotate data-race around tcp_md5sig_pool_populated
    ce25d7caf35d openvswitch: Fix overreporting of drops in dropwatch
    a7fe12cea515 openvswitch: Fix double reporting of drops in dropwatch
    06d73f4e6bd6 bpftool: Clear errno after libcap's checks
    56a0ac486341 wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    38ca9ece960d NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    5a646c38f648 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
    49a6ffdaed60 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    ac84b26a1689 MIPS: BCM47XX: Cast memcmp() of function to (void *)
    13f4d3665bf6 ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    c5ed3a378978 f2fs: fix race condition on setting FI_NO_EXTENT flag
    584561e94260 crypto: cavium - prevent integer overflow loading firmware
    00791e017b5f kbuild: remove the target in signal traps when interrupted
    d59d36aa4c3f iommu/iova: Fix module config properly
    0f224fde6324 crypto: ccp - Release dma channels before dmaengine unrgister
    95c4e20adc3e crypto: akcipher - default implementation for setting a private key
    4010a1afaae1 iommu/omap: Fix buffer overflow in debugfs
    b32a285998d4 cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    3317c7d211ef powerpc: Fix SPE Power ISA properties for e500v1 platforms
    6191f0310ebf powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    f11bce700b7a x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    828d19038019 powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    0a5cee97c017 powerpc/pci_dn: Add missing of_node_put()
    1535e14731e9 powerpc/sysdev/fsl_msi: Add missing of_node_put()
    85d23c49336c powerpc/math_emu/efp: Include module.h
    e77a85c3fbfd mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    f28eec40785e clk: ast2600: BCLK comes from EPLL
    fc39ebf85d03 clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    111369bb8cd9 clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    2ee652f072cf spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    1ea4efc09fee dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
    8498490b3c91 clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    8542422192d0 mfd: sm501: Add check for platform_driver_register()
    f95ba4aab698 mfd: fsl-imx25: Fix check for platform_get_irq() errors
    6804b4fedee2 mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
    595d077f3cf5 mfd: lp8788: Fix an error handling path in lp8788_probe()
    b75f4912b371 mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    1f4f8b6adb3d mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
    b6c2c3059e72 fsi: core: Check error number after calling ida_simple_get
    117331a2a522 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    558a9fcb6ce7 serial: 8250: Fix restoring termios speed after suspend
    c969316eeefb firmware: google: Test spinlock on panic path to avoid lockups
    88b9cc60f26e staging: vt6655: fix some erroneous memory clean-up loops
    83d11dd92a51 phy: qualcomm: call clk_disable_unprepare in the error handling
    29b897ac7b99 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    744c2d33a88b drivers: serial: jsm: fix some leaks in probe
    9fe0a8c0694c usb: gadget: function: fix dangling pnp_string in f_printer.c
    59e3d41265f3 xhci: Don't show warning for reinit on known broken suspend
    f8ba29ae237e md/raid5: Ensure stripe_fill happens on non-read IO with journal
    9b881a2ca0c6 mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    22830560eb2f ata: fix ata_id_has_dipm()
    10d52d8dd1cb ata: fix ata_id_has_ncq_autosense()
    99e7e6445154 ata: fix ata_id_has_devslp()
    6ea4b3303abf ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    e09caa38e10b RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    b21b0d17ad99 mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    3ca6939b5d1a dyndbg: let query-modname override actual module name
    ad0a65517cff dyndbg: fix module.dyndbg handling
    fc797285c40a misc: ocxl: fix possible refcount leak in afu_ioctl()
    7ed37be3a2ce RDMA/rxe: Fix the error caused by qp->sk
    0d773c58d702 RDMA/rxe: Fix "kernel NULL pointer dereference" error
    59b315353252 media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    80a955dabb82 tty: xilinx_uartps: Fix the ignore_status
    3e77ac46f290 media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    3baf53328aee HSI: omap_ssi_port: Fix dma_map_sg error check
    aa9c0598b109 HSI: omap_ssi: Fix refcount leak in ssi_probe
    5d9fb09612de clk: tegra20: Fix refcount leak in tegra20_clock_init
    5984b1d66126 clk: tegra: Fix refcount leak in tegra114_clock_init
    6d3ac23b952f clk: tegra: Fix refcount leak in tegra210_clock_init
    aa3898dec1b6 clk: berlin: Add of_node_put() for of_get_parent()
    fcaff9bc6bbc clk: oxnas: Hold reference returned by of_get_parent()
    ad3a056982b7 clk: meson: Hold reference returned by of_get_parent()
    633c574e0f8b iio: ABI: Fix wrong format of differential capacitance channel ABI.
    0111032d9a02 iio: inkern: only release the device node when done with it
    246af4216379 iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    46778752bbd5 iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    d50e3817a4b6 iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    c29c3d32bd01 ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    e00480d42b1a ARM: Drop CMDLINE_* dependency on ATAGS
    fcad2eef0030 ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    6858d8599c65 ARM: dts: kirkwood: lsxl: remove first ethernet port
    d45424d980e8 ARM: dts: kirkwood: lsxl: fix serial line
    1edbceda073d ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    673db1cf4db8 soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    1e3ed59370c7 soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    85a40bfb8e7a memory: of: Fix refcount leak bug in of_get_ddr_timings()
    b37f4a711e5d memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    56c4299f7670 ALSA: hda/hdmi: Don't skip notification handling during PM operation
    45387ca42277 ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    371d4dbece4d ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    aa182988c0e6 ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    28a12e24d125 mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    93c86281838c ALSA: dmaengine: increment buffer pointer atomically
    6c85495e5882 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    c240431717d6 ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    9e421bd9fd29 mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    9d7af9b1624d drm/omap: dss: Fix refcount leak bugs
    0c55618aaad3 ALSA: hda: beep: Simplify keep-power-at-enable behavior
    3ac2045d0419 ASoC: rsnd: Add check for rsnd_mod_power_on
    1daf69228e31 drm/bridge: megachips: Fix a null pointer dereference bug
    b33b60afa53c drm: fix drm_mipi_dbi build errors
    a367b7a96a5e platform/x86: msi-laptop: Fix resource cleanup
    a9b32c9fe56d platform/x86: msi-laptop: Fix old-ec check for backlight registering
    e548f9503c4b platform/chrome: fix memory corruption in ioctl
    783c1c5000e8 platform/chrome: fix double-free in chromeos_laptop_prepare()
    8242167cfc83 drm/mipi-dsi: Detach devices when removing the host
    4d4a58c9d4db drm: bridge: adv7511: fix CEC power down control register offset
    72c0d361940a net: mvpp2: fix mvpp2 debugfs leak
    131287ff833d once: add DO_ONCE_SLOW() for sleepable contexts
    03ac583eefc9 net/ieee802154: reject zero-sized raw_sendmsg()
    71e0ab5b7598 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    360aa7219285 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
    3625b684a285 tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    382ff4471660 sctp: handle the error returned from sctp_auth_asoc_init_active_key
    466ed722f205 mISDN: fix use-after-free bugs in l1oip timer handlers
    e6d0152c9510 vhost/vsock: Use kvmalloc/kvfree for larger packets.
    c202ad048f50 spi: s3c64xx: Fix large transfers with DMA
    60a7496b40e8 netfilter: nft_fib: Fix for rpath check with VRF devices
    610798a58e72 spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    1d8c928ed729 x86/microcode/AMD: Track patch allocation size explicitly
    215c146b4021 bpf: Ensure correct locking around vulnerable function find_vpid()
    4017e91ff25d net: fs_enet: Fix wrong check in do_pd_setup
    08a441a4ad54 wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    e0bab93245b6 bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    374dd4e51966 wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    df0b024ade10 spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
    026ffbb07f8f spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    321c51aa59df wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    7993680752bb x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
    bbe293db7e67 bpftool: Fix a wrong type cast in btf_dumper_int
    9ee70c3cb4f8 wifi: mac80211: allow bw change during channel switch in mesh
    4494ec1c0bb8 wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    acc393aecda0 nfsd: Fix a memory leak in an error handling path
    d7f1e7af1ef4 ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    5abd2626ca37 sh: machvec: Use char[] for section boundaries
    c0f4be8303d0 userfaultfd: open userfaultfds with O_RDONLY
    29d0c45cf16e tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    b0c2e34be932 selinux: use "grep -E" instead of "egrep"
    56ee9577915d drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    16435e58e57c gcov: support GCC 12.1 and newer compilers
    b6094c482935 KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    764478646115 KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    45779be5ced6 KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    c3a98fc6c2f2 media: cedrus: Set the platform driver data earlier
    3cf2ef86e01a ring-buffer: Fix race between reset page and reading page
    7e06ef0345ea ring-buffer: Check pending waiters when doing wake ups as well
    cc1f35733c19 ring-buffer: Have the shortest_full queue be the shortest not longest
    22707f033d8e ring-buffer: Allow splice to read previous partially read pages
    e755b65a4727 ftrace: Properly unset FTRACE_HASH_FL_MOD
    f66de70930f7 livepatch: fix race between fork and KLP transition
    1211121f0e73 ext4: place buffer head allocation before handle start
    52c7b8d3b75e ext4: make ext4_lazyinit_thread freezable
    3638aa1c7d87 ext4: fix null-ptr-deref in ext4_write_info
    a22f52d88331 ext4: avoid crash when inline data creation follows DIO write
    21ea616f1e59 jbd2: wake up journal waiters in FIFO order, not LIFO
    d1c2d820a2cd nilfs2: fix use-after-free bug of struct nilfs_root
    c99860f9a750 f2fs: fix to do sanity check on summary info
    68b1e607559d f2fs: fix to do sanity check on destination blkaddr during recovery
    c5d8198ce863 f2fs: increase the limit for reserve_root
    26b7c0ac49a3 btrfs: fix race between quota enable and quota rescan ioctl
    3742e9fd552e fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    52895c495b62 powerpc/boot: Explicitly disable usage of SPE instructions
    e3f7e99337c6 PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    cd251d39b134 UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    08f03b333c4f riscv: Pass -mno-relax only on lld < 15.0.0
    c61f553ba87c riscv: Allow PROT_WRITE-only mmap()
    09058e5ef7c1 parisc: fbdev/stifb: Align graphics memory size to 4MB
    2c60db6869fe RISC-V: Make port I/O string accessors actually work
    14c06375c853 regulator: qcom_rpm: Fix circular deferral regression
    79b7547eeb37 ASoC: wcd9335: fix order of Slimbus unprepare/disable
    6927ee818fe1 quota: Check next/prev free block number after reading from quota file
    4cf9233eb175 HID: multitouch: Add memory barriers
    477ac1d57f60 fs: dlm: handle -EBUSY first in lock arg validation
    d3961f732d85 fs: dlm: fix race between test_bit() and queue_work()
    4352db1e330a mmc: sdhci-sprd: Fix minimum clock limit
    fbefc5cce481 can: kvaser_usb_leaf: Fix CAN state after restart
    9948b80910e2 can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    76d9afd30ef3 can: kvaser_usb_leaf: Fix overread with an invalid command
    953bb1dfea88 can: kvaser_usb: Fix use of uninitialized completion
    42f7d9339612 usb: add quirks for Lenovo OneLink+ Dock
    37daa23f2850 iio: pressure: dps310: Reset chip after timeout
    228348a9fe5f iio: pressure: dps310: Refactor startup procedure
    974c1f15ac9a iio: dac: ad5593r: Fix i2c read protocol requirements
    d0050ec3ebbc cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    bd09adde6771 cifs: destage dirty pages before re-reading them for cache=none
    8298f20e1149 mtd: rawnand: atmel: Unmap streaming DMA mappings
    8d763c8e6cdb ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    4c354105176f ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    a943c4a16bfb ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    19731649623b ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    121fadc0cae5 ALSA: usb-audio: Fix NULL dererence at error path
    988ec0cd0a26 ALSA: usb-audio: Fix potential memory leaks
    de7d80d0fe10 ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    afb507303ea9 ALSA: oss: Fix potential deadlock at unregistration

(From OE-Core rev: d066c78c0946f76b3a0a6720b41b3c865dbba012)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Quentin Schulz
6e97ceb858 cairo: update patch for CVE-2019-6461 with upstream solution
Upstream went with something slightly different so let's update the
patch so we don't have to carry a patch that isn't going to be merged.

This patch is part of snapshot 1.17.6.

Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: d40dbaf85511f074fde32b22dc864b856976d7c8)

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 19eb1e388fbbe5bfb8462710c745f2bb5446b5b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Minjae Kim
2f3d5da3b0 ppp: fix CVE-2022-4603
<CVE-2022-4603>
Avoid out-of-range access to packet buffer
Upstream-Status: Backport[a75fb7b198]

(From OE-Core rev: 7f33a49f7aaae67288389eacbe8b13318694e07c)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Vivek Kumbhar
d3a522d857 qemu: fix CVE-2021-3507 fdc heap buffer overflow in DMA read data transfers
(From OE-Core rev: 39a9f2056d4794dc75390b9a4a903c1745545095)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Vivek Kumbhar
f5b71296f7 libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of xcb_disp.c
(From OE-Core rev: f17a61d12ceb5be203e1a1af9125bb61673a8b41)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:15 +00:00
Vivek Kumbhar
0a61076d20 rsync: fix CVE-2022-29154 remote arbitrary files write inside the directories of connecting peers
(From OE-Core rev: d92312146832cd14963422b8c14b2f2c409821c7)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:14 +00:00
Vivek Kumbhar
da2f8dd755 go: fix CVE-2022-41717 Excessive memory use in got server
(From OE-Core rev: a483f182676d87b7035e37fac8e21226fbd9fd63)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:14 +00:00
Hitendra Prajapati
16b4b0bd4b grub2: CVE-2022-28735 shim_lock verifier allows non-kernel files to be loaded
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53

(From OE-Core rev: 17c3c6ce685ef5b8ff4266154ac830210b234708)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:14 +00:00
Richard Purdie
d0a8cd82f6 oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
We've seen two different regressions in this API since it is used by
layer-index but not be the core code. Add a test for it to try and
ensure we don't break it again.

(From OE-Core rev: cc8ec63310f9a936371ea1070cb257c926808755)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b07de5de43ec9c9a2c5d496a64940ccdc5b47cf8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:45 +00:00
Chen Qi
e0919b7a16 psplash: consider the situation of psplash not exist for systemd
In current psplash framework, the psplash might not exist at all.
For example, in case DSITRO is set to nodistro, the psplash does
not exist.

In our psplash recipe, we have:
SPLASH_IMAGES = "file://psplash-poky-img.h;outsuffix=default"
This variable is parsed to if psplash-poky-img.h exists, a package
named psplash-default is created and is added to RDEPENDS:${PN}.

We can see that the psplash-poky-img.h resides in meta-poky,
and in psplash_git.bbappend file in meta-poky, we have:
FILESEXTRAPATHS:prepend:poky := "${THISDIR}/files:"
So this file is only available in case poky distro is used.

To fix this issue, add condition check in the corresponding systemd
services.

(From OE-Core rev: bf9cb1a3d68da6463195f79caf8baf94cd01a30a)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7a62ff9ed39c179d2b9b0c40f4f8423ced413063)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Alexey Smirnov
df2f9f09d7 classes: make TOOLCHAIN more permissive for kernel
Currently TOOLCHAIN is strictly set to gcc in kernel-arch.bbclass.
And this prevents any TOOLCHAIN changes for any kernel recipe.
This change makes TOOLCHAIN configurable as usual.

(From OE-Core rev: 7d45d4696970c45534b905dc7a65418073108f97)

Signed-off-by: Alexey Smirnov <pyih.soft@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit be1634fc35dcc81f0301d942064a6eed584e0704)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Harald Seiler
8b710efc2a opkg: Set correct info_dir and status_file in opkg.conf
Distros can customize the location of OPKG data using OPKGLIBDIR.  In
OE-Core commit 11f1956cf5d7 ("package_manager.py: define info_dir and
status_file when OPKGLIBDIR isn't the default"), a fix was applied to
correctly set the info_dir and status_file options relative to
OPKGLIBDIR.

However, as the commit message notes, the opkg.conf file deployed as
part of the opkg package must also be adjusted to correctly reflect the
changed location.  Otherwise, opkg running inside the image cannot find
its data.

Fix this by also setting the info_dir and status_file options in
opkg.conf to the correct location relative to OPKGLIBDIR.

Fixes: 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default")
(From OE-Core rev: 38224b19bda2592705ef4274c28cb250d9e980dc)

Signed-off-by: Harald Seiler <hws@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit adb939ae3635de6e02208859fbf29cf0ed39f565)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Qiu, Zheng
eae8d7d3a2 vim: upgrade 9.0.0820 -> 9.0.0947
Includes fixes for CVE-2022-4141
https://nvd.nist.gov/vuln/detail/CVE-2022-4141

For a short list of important changes, see:
https://www.arp242.net/vimlog/

(From OE-Core rev: 64c323a444f43a7c7b3390720c4d1eafa3b982ac)

Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 160f459febc7fb36cc0fe85c63eb26780ace3bfd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Pawan Badganchi
15d8a11b99 python3: Fix CVE-2022-37454
Add below patch to fix CVE-2022-37454

CVE-2022-37454.patch
Link: https://security-tracker.debian.org/tracker/CVE-2022-37454
Link: 948c679471

(From OE-Core rev: 6a8ef6cc3604008860dcb6aa5d7155b914d7c391)

Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Hitendra Prajapati
893481f07a golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
Upstream-Status: Backport from e9017c2416

(From OE-Core rev: 2470c52db633f206dbfcd049fcca828d1ff5f82a)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Lee Chee Yang
9b1d9ad3b4 dropbear: fix CVE-2021-36369
(From OE-Core rev: c0e44595555a81d1a1cd206c2235cbc419d02bd1)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Hitendra Prajapati
0ca0313980 sysstat: fix CVE-2022-39377
(From OE-Core rev: 2e770eb2213f3d5ff25a75467395ed4738c756ea)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Hitendra Prajapati
3ff484966d libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c
Upstream-Status: Backport from bff38efe8c

(From OE-Core rev: c39fd8264ac623f3cfb26305420b527dd9c4c891)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Mathieu Dubois-Briand
b4fc8a65f5 curl: Fix CVE CVE-2022-35260
(From OE-Core rev: fe81ee17a2dc9924178fdd98614ed9e264204492)

Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Riyaz Khan
80e00ba9b9 rpm: Fix rpm CVE CVE-2021-3521
Links:
Dependent Patches:
CVE-2021-3521-01
b5e8bc74b2
CVE-2021-3521-02
9f03f42e26
CVE-2021-3521-03
5ff86764b1
CVE-2021-3521
bd36c5dc9f

(From OE-Core rev: ddb4f775a86855e4ddc6c0d0d1f24a55e0ecbfe0)

Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Minjae Kim
cc26cf0eb4 xserver-xorg: backport fixes for CVE-2022-3550, CVE-2022-3551 and CVE-2022-3553
<CVE-2022-3550>
xkb: proof GetCountedString against request length attacks
Upstream-Status: Backport [https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e]

<CVE-2022-3551>
xkb: fix some possible memleaks in XkbGetKbdByName
Upstream-Status: Backport [https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2]

<CVE-2022-3553>
xquartz: Fix a possible crash when editing the Application
menu due to mutaing immutable arrays
Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3]

(From OE-Core rev: 081ac12677096886b25023a03df06b99585ef18c)

Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-23 23:05:44 +00:00
Ravula Adhitya Siddartha
eb5651b443 linux-yocto/5.4: update genericx86* machines to v5.4.219
(From meta-yocto rev: 1a19e6d4eae26106378d28153db1fd44804770f1)

Signed-off-by: Ravula Adhitya Siddartha <adhityax.siddartha.ravula@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-19 16:40:41 +00:00
Michael Opdenacker
3155eb565f dev-manual: update session about multiconfig
Aligning with contents from the "master" branch.
[YOCTO #14980]

(From yocto-docs rev: 4961ddc9848f6569307107c10ff132532944ccaa)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-08 10:52:00 +00:00
Chen Qi
fb5a8ed05e kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
Currently, the KERNEL_DEBUG_TIMESTAMPS is not working as expected
at rebuild. That is, even if we set it to "1", the kernel build time
is not changed. The problem could be reproduced by the following steps.
  1. bitbake core-image-minimal; start image and check `uname -a` output.
  2. set in local.conf: KERNEL_DEBUG_TIMESTAMPS = "1"
  3. bitbake core-image-minimal; start image and check `uname -a` output.

It's expected that after enabling KERNEL_DEBUG_TIMESTAMPS, the kernel
build time will be set to current date. But it's not. This is because
the compile.h was not re-generated when do_compile task was re-executed.

In mkcompile_h, we have:
"""
 # Only replace the real compile.h if the new one is different,
 # in order to preserve the timestamp and avoid unnecessary
 # recompilations.
 # We don't consider the file changed if only the date/time changed,
 # unless KBUILD_BUILD_TIMESTAMP was explicitly set (e.g. for
 # reproducible builds with that value referring to a commit timestamp).
 # A kernel config change will increase the generation number, thus
 # causing compile.h to be updated (including date/time) due to the
 # changed comment in the
 # first line.
"""
It has made it very clear that it will not be re-generated unless
we have KBUILD_BUILD_TIMESTAMP set explicitly. So we set this variable
explicitly in do_compile to fix this issue.

(From OE-Core rev: e44f0cda8176186d42a752631810c1cb5f1971eb)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1b68c2d2d385013a1c535ef81172494302a36d74)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Mike Crowe
f7ecae8d15 kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE
In 526bdd88ccd758204452579333ba188e29270bde the imageType loop in
kernel_do_deploy was changed to use KERNEL_IMAGETYPE_FOR_MAKE rather
than KERNEL_IMAGETYPES. This broke the special handling for fitImage
immediately below because KERNEL_IMAGETYPE_FOR_MAKE never contains
fitImage.

It has always been my understanding that KERNEL_IMAGETYPE_FOR_MAKE
controlled what was passed to make, but KERNEL_IMAGETYPE controlled what
was installed/deployed. When the two are different then it's the
responsibility of whoever set KERNEL_IMAGETYPE_FOR_MAKE to ensure that
whatever comes out of the kernel build system has been transformed in to
the requested form by the time of installation. This is what happens for
kernel.bbclass's own support for vmlinux.gz.

I think this means that for KERNEL_IMAGETYPE vmlinux.gz, kernel.bbclass
is responsible for generating vmlinux.gz.initramfs[1] so that
kernel_do_deploy can deploy it. This means that the change in
526bdd88ccd758204452579333ba188e29270bde can be reverted, fixing
KERNEL_IMAGETYPE = "fitImage".

In addition, it ought to be possible for recipes and other classes that
use kernel.bbclass to hook into this mechanism by setting
KERNEL_IMAGETYPE_FOR_MAKE and performing their own transformations.

do_bundle_initramfs calls kernel_do_compile and we don't want it to
transform vmlinux to vmlinux.gz at that point, since it will fight
against the careful renaming and preserving that do_bundle_initramfs
does. Let's separate the transformation out of kernel_do_compile to a
new do_transform_kernel task that can be run at the right time. This
means that it's also logical to perform the equivalent translation for
the kernel with the initramfs in a separate
do_transform_bundled_initramfs task too.

This leaves two clear customisation points for recipes and other classes
to hook into the process and perform their transformations:
do_transform_kernel and do_transform_bundled_initramfs.

(I care about this because our recipes that use kernel.bbclass also set
KERNEL_IMAGETYPE_FOR_MAKE and transform vmlinux into a form suitable for
our bootloader after do_compile and do_bundle_initramfs into the format
matching KERNEL_IMAGETYPE. I'm unable to successfully bundle an
initramfs after 526bdd88ccd758204452579333ba188e29270bde, but I didn't
want to just revert that change to reintroduce the bug that it was
fixing.)

I can't say that I'm entirely happy with this change, but I'm unsure
what to do to improve it. I find the way that both the bare kernel and
the one with the initramfs both get deployed to be confusing, and a
waste of build time. I would like to not actually generate a publishable
kernel image at all during do_compile when an initramfs is in use, but I
suspect that this would affect valid use cases that I'm not aware of.

(From OE-Core rev: d9e9653616638f2b187d5e04540071ac34d99f56)

Signed-off-by: Mike Crowe <mac@mcrowe.com>

[1] It could be argued that this should be vmlinux.initramfs.gz, but
that would require another special case in kernel_do_deploy and the
filename is only visible within this class and the recipes that use it
anyway.

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 10a4a132e87e835726bf5da81a60f6f509b90765)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Wang Mingyu
8e544b6e34 mobile-broadband-provider-info: upgrade 20220725 -> 20221107
(From OE-Core rev: 5d1add59695baf597ff52ae97844572215fa325b)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7e12fa1e6250fc358ba159a6b626458d871f7ccf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Dmitry Baryshkov
5e17b15094 linux-firmware: upgrade 20221012 -> 20221109
License-Update: additional files
(From OE-Core rev: bb804245dea980796e8f861fabef46cf3572e462)

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6940f297243a66bd58d6adee7d690bcee9b9ccb2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Alexander Kanavin
d4836ffd14 linux-firmware: upgrade 20220913 -> 20221012
License-Update: copyright years, additional firmwares

(From OE-Core rev: 2e31e08b5792828d7969f9642190b24e56319ab7)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9f658c724b6635e5745f30b25601bcc51a004be4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Vivek Kumbhar
5a4433a52b qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead to guest crash
Upstream-Status: Backport [1ab95af033]

(From OE-Core rev: 1523fcbb6fef60d30c07377673fca265c5c9781c)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ross Burton
44c4df6fba pixman: backport fix for CVE-2022-44638
(From OE-Core rev: 1d2e131d9ba55626354264d454b2808e84751600)

(From OE-Core rev: fe5a5009939f056ff4d9d3426832d0b67a668ed6)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 23df4760ebc153c484d467e51b414910c570a6f8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37595eeddf)
Signed-off-by: Bhabu Bindu <bindu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Manuel Leonhardt
a1323a9e67 sstate: Account for reserved characters when shortening sstate filenames
Previously, when shortening sstate filenames, the reserved
characters for .siginfo were not considered, when siginfo=False,
resulting in differently shortend filenames for the sstate and siginfo
files. With this change, the filenames of the truncated sstate and
siginfo files have the same basename, just as is already the case for
untruncated filenames.

Making sure that the .siginfo files always have the filename of the
corresponding sstate file plus its .siginfo suffix, also when being
truncated, makes it easier to manage the sstate cache and an sstate
mirror outside of Bitbake/Yocto.

(From OE-Core rev: 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba)

Signed-off-by: Manuel Leonhardt <mleonhardt@arri.de>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c2e0e43b7123cf5149833e0072c8edaea3629112)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Tim Orling
4caa67f395 vim: upgrade 9.0.0614 -> 9.0.0820
Includes fixes for CVE-2022-3705
https://nvd.nist.gov/vuln/detail/CVE-2022-3705

For a short list of important changes, see:
https://www.arp242.net/vimlog/

(From OE-Core rev: 3251dc441a31b2d4d7acb690bd6db13f0f99a1d0)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Steve Sakoman
417fef99f2 maintainers: update gcc version to 9.5
SIgned-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Sundeep KOKKONDA
f86814103a gcc: upgrade to v9.5
gcc stable version upgraded from v9.3 to v9.5

Below is the bug fix list for v9.5
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=9.5

(From OE-Core rev: 698c3323fd95592e815345acd9070e5089a1bd00)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
4104d39151 golang: ignore CVE-2022-30630
The CVE is in the io/fs package, which first appeared in go1.16.
Since dunfell is using go1.14, this issue does not apply.

CVE was fixed in fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
Original code in b64202bc29b9c1cf0118878d1c0acc9cdb2308f6

(From OE-Core rev: 1e258940e9a6fabda6e7e60841082c113fdf9500)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
d6dd3b49bd golang: ignore CVE-2022-30580
Only affects Windows platform, as per the release announcement [1]:

"If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput
are executed when Cmd.Path is unset and, in the working directory, there
are binaries named either "..com" or "..exe", they will be executed."

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

(From OE-Core rev: 54c40730bc54aa2b2c12b37decbcc99bbcafd07a)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
d9cfb16b8b golang: ignore CVE-2021-41772
Dunfell uses golang 1.14 which does not contain the affected code (it
was introduced in golang 1.16). From the golang announcement [1]

"Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can
be made to panic by an attacker providing either a crafted ZIP archive
containing completely invalid names or an empty filename argument.

[1] https://groups.google.com/g/golang-announce/c/0fM21h43arc

(From OE-Core rev: 2329902f994b631d6b77e8bd501d5599db6d5306)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
122b22b366 golang: ignore CVE-2021-33194
This is a bug in golang.org/x/net/html/parse.go. The golang compiler
includes a partial copy of this under src/vendor/golang.org/x/net/
however the "html" subdirectory is not included. So this bug does not
apply to the compiler itself.

(From OE-Core rev: b8a851faef9990ccb41ded875fc79cf28abd4a4e)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:37 +00:00
Ralph Siemsen
e4a273eb58 golang: ignore CVE-2022-29804
The issue only affects Windows per the golang announcement [1]:

On Windows, the filepath.Clean function could convert an invalid path to
a valid, absolute path. For example, Clean(`.\c:`) returned `c:`.

[1] https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg

(From OE-Core rev: bca720eca95929752436b56aa01e7fddfa1c834f)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
cf0e66cf7a golang: fix CVE-2022-28327
Upstream-Status: Backport [7139e8b024]
CVE: CVE-2022-28327
(From OE-Core rev: aab2a343be4b0b21dcaf22a7fbf77007d48c08d6)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
40df9e039a golang: fix CVE-2022-28131
Upstream-Status: Backport [58facfbe7d]
CVE: CVE-2022-28131
(From OE-Core rev: 09a820fe21d7884c6733d569f6560ef1ded5435d)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
fdca6ac5fa golang: fix CVE-2022-24291
Upstream-Status: Backport [2b65cde586]
CVE: CVE-2022-24921
(From OE-Core rev: a2d3d80a7df5b8f57105ef2b680e9e01a9da6486)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
b574cdd1e0 golang: fix CVE-2021-44716
Upstream-Status: Backport [d0aebe3e74]
CVE: CVE-2021-44716
(From OE-Core rev: c5ec3e8701a1b81d8e5b17d2521530345892a09b)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
9bb56c4550 golang: fix CVE-2021-33198
Upstream-Status: Backport [df9ce19db6]
CVE: CVE-2021-33198
(From OE-Core rev: 078260dd63e205d3a433b03357f2332f44daa397)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ralph Siemsen
a4683ad5a1 golang: fix CVE-2021-33195
Upstream-Status: Backport [31d60cda1f]
CVE: CVE-2021-33195
(From OE-Core rev: f1051e11fd0eb5b0e9924a0acdcb078ddc8f9772)

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Bhabu Bindu
9bd10b1548 libxml2: Fix CVE-2022-40304
Fix dict corruption caused by entity reference cycles

Link: 1b41ec4e94

Upstream-Status: Pending

(From OE-Core rev: 8e195f0a01b4cc1017bf9df67ffc3c6d6c15d24a)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Bhabu Bindu
471e3cee02 libxml2: Fix CVE-2022-40303
Fix integer overflows with XML_PARSE_HUGE

Link: c846986356

Upstream-Status: Pending

(From OE-Core rev: d16d5660a32386158632ee5599ad92a9f2dc08dd)

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Vivek Kumbhar
1ab1a5821e libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der
Upstream-Status: Backport [44a700d205]

(From OE-Core rev: 305f1c56121436da7be39c5980fc11f779188ab7)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Omkar
124e5c8391 python3: Fix CVE-2022-45061
Fix CVE-2022-45061, referenced as
https://github.com/python/cpython/issues/98433
patch taken from
064ec20bf7

(From OE-Core rev: 4498ca9a299bd5d9a7173ec67daf17cb66b6d286)

Signed-off-by: Omkar <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Ranjitsinh Rathod
4341dc9953 systemd: Fix CVE-2022-3821 issue
An off-by-one Error issue was discovered in Systemd in format_timespan()
function of time-util.c. An attacker could supply specific values for
time and accuracy that leads to buffer overrun in format_timespan(),
leading to a Denial of Service.
Add a patch to solve above CVE issue
Link: 9102c625a6

(From OE-Core rev: e2db40ca49b8ed217f14c7f861087837e8b3f389)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Hitendra Prajapati
4978b9a24f sudo: CVE-2022-43995 heap-based overflow with very small passwords
Upstream-Status: Backport from bd209b9f16

(From OE-Core rev: d1bdb663e6a69993d3f42547a27296b606965d47)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-12-07 15:06:36 +00:00
Richard Purdie
aa00730418 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: 1ee082e979baaba871bbe1d91181bb04951faf3b)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:26:20 +00:00
Richard Purdie
2b7d97af74 bitbake: utils: Fix lockfile path length issues
If the path to bitbake.lock is in a deep directory, bitbake will hang. The
reason was that the max file length limiting code (to 255 chars) was including
the directory name and it should only act on the filename within the directory.
Fix it to just use the base filename.

[YOCTO #14766]

(Bitbake rev: e3db9c2e9eded3c5cb6040714a6054b44f6b3880)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89d70e7b71eecfe06592202f326e566c579ba01d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:26:15 +00:00
Richard Purdie
0711fd83cd bitbake: utils: Handle lockfile filenames that are too long for filesystems
The fetcher mirror code can go crazy creating lock filenames which exceed the
filesystem limits. When this happens, the code will loop/hang.

Handle the filename too long exception correctly but also truncate lockfile
lengths to under 256 since the worst case situation is lockfile overlap
and lack of parallelism.

(Bitbake rev: 30d42ef030d03e11322b6b05ea7bbb64ab3d6f21)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63baf3440b16e41ac6601de21ced94a94bdf1509)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:26:15 +00:00
Richard Purdie
b7420c15b3 build-appliance-image: Update to dunfell head revision
(From OE-Core rev: a5d90bf22c037044c471daefe326ae14702b173e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 23:24:39 +00:00
Steve Sakoman
f6f7f22992 poky.conf: bump version for 3.1.21
(From meta-yocto rev: 9b713fe0cc7c5f5cb51bcf760d1a1c6540b485f1)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 12:32:23 +00:00
Steve Sakoman
a6aa9198ae documentation: update for 3.1.21
(From yocto-docs rev: 01d31151d5c4a87a466cb49b97eabf75cf47ed98)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-22 12:32:23 +00:00
ciarancourtney
ef1a755b3c wic: swap partitions are not added to fstab
- Regression in 7aa678ce804c21dc1dc51b9be442671bc33c4041

(From OE-Core rev: ce99d451a54b8ce46b7f9030deaba86355009b1a)

Signed-off-by: Ciaran Courtney <ciaran.courtney@activeenergy.ie>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f1243572ad6b6303fe562e4eb7a9826fd51ea3c3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Ross Burton
c3c1224664 sanity: check for GNU tar specifically
We need the system tar to be GNU tar, as we reply on --xattrs.  Some
distributions may be using libarchive's tar binary, which is definitely
not as featureful, so check for this and abort early with a clear
message instead of later with mysterious errors.

(From OE-Core rev: 8f852648fe730615c99bcdaace8a4748ef4e96a5)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7dd2b1cd1bb10e67485dab8600c0787df6c2eee7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Peter Kjellerstedt
01cafb753b externalsrc.bbclass: Remove a trailing slash from ${B}
The trailing slash in ${B} caused -fdebug-prefix-map=${B}=... to not
match as intended, resulting in ${TMPDIR} ending up in files in
${PN}-dbg when externalsrc was in use, which in turn triggered buildpath
QA warnings.

(From OE-Core rev: fa89e048e223ae2e96d0f55979f93f29904b5229)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9b5031ed5a0d102905fa75acc418246c23df6eef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Martin Jansa
c0b9a560b7 externalsrc.bbclass: fix git repo detection
* fix issue introduced in:
  https://git.openembedded.org/openembedded-core/commit/?id=95fbac8dcad6c93f4c9737e9fe13e92ab6befa09

* it added check for s_dir + git-dir (typically '.git') isn't
  the same as ${TOPDIR} + git-dir, but due to copy-paste issue
  it was just comparing it with s_dir + git-dir again, resulting
  in most external repos (where git-dir is '.git') to be processed
  as regular directory (not taking advantage of git write-tree).

* normally this wouldn't be an issue, but for big repo with a lot of
  files this added a lot of checksums in:
  d.setVarFlag('do_compile', 'file-checksums', '${@srctree_hash_files(d)}')

  and I mean *a lot, e.g. in chromium build it was 380227 paths
  which still wouldn't that bad, but the checksum processing in
  siggen.py isn't trivial and just looping through all these
  checksums takes very long time (over 1000sec on fast NVME drive
  with warm cache) and then
  https://git.openembedded.org/bitbake/commit/?id=b4975d2ecf615ac4c240808fbc5a3f879a93846b
  made the processing a bit more complicated and the loop in
  get_taskhash() function took 6448sec and to make things worse
  there was no output from bitbake during that time, so even with -DDD
  it looks like this:

  DEBUG: virtual/libgles2 resolved to: mesa (langdale/oe-core/meta/recipes-graphics/mesa/mesa_22.2.0.bb)
  Bitbake still alive (no events for 600s). Active tasks:
  Bitbake still alive (no events for 1200s). Active tasks:
  Bitbake still alive (no events for 1800s). Active tasks:
  Bitbake still alive (no events for 2400s). Active tasks:
  Bitbake still alive (no events for 3000s). Active tasks:
  Bitbake still alive (no events for 3600s). Active tasks:
  Bitbake still alive (no events for 4200s). Active tasks:
  Bitbake still alive (no events for 4800s). Active tasks:
  Bitbake still alive (no events for 5400s). Active tasks:
  Bitbake still alive (no events for 6000s). Active tasks:
  DEBUG: Starting bitbake-worker

  without -DDD it will get stuck for almost 2 hours in:
  "Initialising tasks..."
  before it finally writes sstate summary like:
  "Sstate summary: Wanted 3102 Local 0 Mirrors 0 Missed 3102 Current 1483 (0% match, 32% complete)"

* fix the copy&paste typo to use git work-tree in most cases, but
  be aware that this issue still exists for huge local source
  trees not in git

[YOCTO #14942]

(From OE-Core rev: 1f0e4de8d92edd7438d462c779d917ac0ccd5499)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9102e5a94b8146cb1da27afbe41d3db999a914ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Alex Kiernan
308cefb86b openssl: upgrade 1.1.1q to 1.1.1s
Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
* Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
  certificate data to be signed before signing the certificate.

Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [11 Oct 2022]
* Added a missing header for memcmp that caused compilation failure on
  some platforms

(From OE-Core rev: a39a32efd41c92a3ada49d667979c79101a4a2da)

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Sundeep KOKKONDA
9d340b5ed2 glibc : stable 2.31 branch updates.
Below commits on glibc-2.31 stable branch are updated.
d4b7559457 x86-64: Require BMI2 for avx2 functions [BZ #29611]
b8bb48a18d x86-64: Require BMI2 for strchr-avx2.S [BZ #29611]
c8f2a3e803 Add test for bug 29530
e6ae5b25cd Fix memmove call in vfprintf-internal.c:group_number
1dbe841a67 Remove most vfprintf width/precision-dependent allocations (bug 14231, bug 26211).
5a802723db stdio: Add tests for printf multibyte convertion leak [BZ#25691]
ae7748e67f stdio: Remove memory leak from multibyte convertion [BZ#25691]
174d0b61c7 Linux: Require properly configured /dev/pts for PTYs
0a167374fd Linux: Detect user namespace support in io/tst-getcwd-smallbuff
4ad1659d8c getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
3319cea99e support: Add helpers to create paths longer than PATH_MAX
f733e291bb support: Fix xclone build failures on ia64 and hppa
43757c70ee support: Add xclone
29d3aeb0e8 Add xchdir to libsupport.
2d7720f316 support: Add create_temp_file_in_dir
183709983d NEWS: Add a bug fix entry for BZ #28896
d385079bd5 x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c
7df3ad6560 x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896]
fc133fcf49 x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896]
775c05b28c string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755]
c6b346ec55 x86-64: Test strlen and wcslen with 0 in the RSI register [BZ #28064]
0675185923 x86: Remove wcsnlen-sse4_1 from wcslen ifunc-impl-list [BZ #28064]
5db3239baf x86: Black list more Intel CPUs for TSX [BZ #27398]
5b99f172b8 x86: Check RTM_ALWAYS_ABORT for RTM [BZ #28033]
70d293a158 NEWS: Add a bug fix entry for BZ #27974
a2be2c0f5d String: Add overflow tests for strnlen, memchr, and strncat [BZ #27974]
489006c3c5 x86: Optimize strlen-evex.S
937f2c783a x86: Fix overflow bug in wcsnlen-sse4_1 and wcsnlen-avx2 [BZ #27974]
0058c73d11 x86-64: Add wcslen optimize for sse4.1
665d0252f1 x86-64: Move strlen.S to multiarch/strlen-vec.S
82ff13e2cc x86-64: Fix an unknown vector operation in memchr-evex.S
539b593a1d x86: Optimize memchr-evex.S
7b37ae60c6 x86: Optimize strlen-avx2.S
0381c1c10d x86: Fix overflow bug with wmemchr-sse2 and wmemchr-avx2 [BZ #27974]
10368cb76b x86: Optimize memchr-avx2.S
66ca40582e test-strnlen.c: Check that strnlen won't go beyond the maximum length
927bcaf892 test-strnlen.c: Initialize wchar_t string with wmemset [BZ #27655]
0d4159c36c x86-64: Require BMI2 for __strlen_evex and __strnlen_evex
c0cbb9345e NEWS: Add a bug fix entry for BZ #27457
e81b975fcc x86-64: Fix ifdef indentation in strlen-evex.S
aa4e48e73c x86-64: Use ZMM16-ZMM31 in AVX512 memmove family functions
ac911d3b57 x86-64: Use ZMM16-ZMM31 in AVX512 memset family functions
20d37de533 x86: Add string/memory function tests in RTM region
fbaa99ed41 x86-64: Add AVX optimized string/memory functions for RTM
096e14f632 x86-64: Add memcmp family functions with 256-bit EVEX
f00fad4e4c x86-64: Add memset family functions with 256-bit EVEX
cf239ddd2e x86-64: Add memmove family functions with 256-bit EVEX
7257ba7bf2 x86-64: Add strcpy family functions with 256-bit EVEX
db9071c0f6 x86-64: Add ifunc-avx2.h functions with 256-bit EVEX
2d612b2c5f x86: Set Prefer_No_VZEROUPPER and add Prefer_AVX2_STRCMP
5b13651085 NEWS: Add a bug fix entry for BZ #28755
5ee8a436ab x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]

(From OE-Core rev: 1d047a1f19ea57f919180273589cdf7fb4dacaa3)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Sundeep KOKKONDA
d86149ba65 binutils: stable 2.34 branch updates
Below commits on binutils-2.34 stable branch are updated.
c4e78c0868a PR27755, powerpc-ld infinite loop
33973d228c9 gas, arm: PR26858 Fix availability of single precision vmul/vmla in arm mode
0c8652fe288 x86: Update GNU property tests
5c1bd3f52c6 x86: Properly merge -z ibt and -z shstk
93b9bf1651a PowerPC TPREL_HA/LO optimisation
58950a3bfd4 Date update
e3b314d3a61 aarch64: set sh_entsize of .plt to 0
26b6ab7a0e4 S/390: z13: Accept vector alignment hints
7324292cd94 gas: Fix checking for backwards .org with negative offset
463ec189fe9 Prevent a potential use-after-fee memory corruption bug in the linker (for PE format files).
ef2826c0fdb Fix the ARM assembler to generate a Realtime profile for armv8-r.
8524bb5bd28 Re: Fix tight loop on recursively-defined symbols
5768460022b Fix tight loop on recursively-defined symbols
a72427b1ae0 gas: PR 25863: Fix scalar vmul inside it block when assembling for MVE
9f57ab49b32 BFD: Exclude sections with no content from compress check.
aaf3f0599a2 Arm: Fix LSB of GOT for Thumb2 only PLT.
97f92b3e90a Arm: Fix thumb2 PLT branch offsets.
3053d7a163c include: Sync plugin-api.h with GCC
f7aec2b8e09 PR25745, powerpc64-ld overflows string buffer in --stats mode
1b2bf0f65c1 include: Sync plugin-api.h with GCC
5e8619b9597 include: Sync lto-symtab.h and plugin-api.h with GCC
23820109ced plugin: Don't invoke LTO-wrapper
64f5c0afcc4 plugin: Use LDPT_ADD_SYMBOLS_V2 to get symbol type
aaa1e160040 Silence warnings due to plugin API change
e7c0ee5110c Include: Sync lto-symtab.h and plugin-api.h with GCC
b6520be37fd Fix dwarf.c build with GCC 10
a560c29ca5a bfd: Change num_group to unsigned int
3ca4cd1ebde gas, arm: Fix bad backport
b3174859c4b gas, arm: PR25660L Fix vadd/vsub with lt and le condition codes for MVE
de9c1b7cfe6 powerpc64-ld infinite loop
0318fc4e18e Adjust PR25355 testcase
40bfb976274 Re: PR24511, nm should not mark symbols in .init_array as "t"
42b2380cdce Don't call lto-wrapper for ar and ranlib
acc4a8b8ac8 PR25585, PHDR segment not covered by LOAD segment

(From OE-Core rev: ad15d44b6c56ccbbe8e4c12717e7dfe3492a659a)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Vivek Kumbhar
93fa878377 qemu: fix CVE-2021-3638 ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write
Upstream-Status: Backport from https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html

(From OE-Core rev: 8b5d38abdbfd3bdeb175c793b4d33f9054e89f77)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Vivek Kumbhar
213cf8004c curl: fix CVE-2022-32221 POST following PUT
Upstream-Status: Backport from https://github.com/curl/curl/commit/a64e3e59938abd7d6

(From OE-Core rev: 9af175e122acb93a412ad7a099f0eaa793a1c097)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Sunil Kumar
b39245d723 go: Security Fix for CVE-2022-2879
archive/tar: limit size of headers

Set a 1MiB limit on special file blocks (PAX headers, GNU long names,
GNU link names), to avoid reading arbitrarily large amounts of data
into memory.

Link: https://github.com/golang/go/commit/0a723816cd2

(From OE-Core rev: a8e2f91edfe2df5204a482c4e53fbdd08f80e878)

Signed-off-by: Sunil Kumar <sukumar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Hitendra Prajapati
21370990c6 bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c
Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f

(From OE-Core rev: c008c56e9b03f0ce3eccf4c01799ae8e987e5cd5)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00
Bartosz Golaszewski
4ddc26f4e4 bluez5: add dbus to RDEPENDS
Unless we're using systemd, dbus is not pulled into the system
automatically. Bluez5 will not work without dbus so add it to RDEPENDS
explicitly.

(From OE-Core rev: babcb7cd3bbefe9c0ea28e960e4fd6cefbc03cae)

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 377ef7009a8638efe688b6b61f67ae399eb1f23d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Daniel McGregor
50c5d5a788 coreutils: add openssl PACKAGECONFIG
coreutils-native will pick up openssl on the host if it's GPL
compatible (version >= 3), which causes uninative failures with hosts
that don't have openssl3.

Add a PACKAGECONFIG entry for openssl so it can be enabled, but isn't
by default.

(From OE-Core rev: 590d8f2bdbb7ea558b9e99e58a1dae2b5eb58153)

Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9859a8124a0c09ac38d476445e7df7097f41d153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Alexander Kanavin
6000f42a26 tzdata: update to 2022d
(From OE-Core rev: d325f5389a09ba03b4ded7c57c29dad773dbc0af)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceac0492e75baa63a46365d8b63275437ad5671f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Teoh Jay Shen
d143bac2a1 vim: Upgrade 9.0.0598 -> 9.0.0614
Include fixes for CVE-2022-3352.

(From OE-Core rev: 30ade05280760253bb1de4f5d757363e1b7e4fc0)

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Frank de Brabander
600261eafa cve-update-db-native: add timeout to urlopen() calls
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.

This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.

(From OE-Core rev: f51a6742bcae3a151a326d17cd44935815eb78c7)

Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Ranjitsinh Rathod
5502d7326c expat: Fix CVE-2022-43680 for expat
Add a patch to fix CVE-2022-43680 issue where use-after free caused by
overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
in out-of-memory situations
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680

(From OE-Core rev: ac4476e6594417b14bfb05a110009ef245f419b0)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Hitendra Prajapati
32c25a0202 libX11: CVE-2022-3554 Fix memory leak
Upstream-Status: Backport from 1d11822601

(From OE-Core rev: 1d36df9c9ec0ea13c4e0c3794b0d97305e2c6ac1)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Hitendra Prajapati
3903d753f9 golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters
Upstream-Status: Backport from 9d2c73a9fd

(From OE-Core rev: f977d712455411c091aeee04ea7096d9e8c5b563)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-09 17:42:03 +00:00
Steve Sakoman
eb8e26214e selftest: skip virgl test on all Alma Linux
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 54bbfe94ae4514386c572564bf221edfdbb2ce38)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
43a224f247 devtool: add HostKeyAlgorithms option to ssh and scp commands
With the newer version of ssh in Ubuntu 22.04 we are getting errors of this type:

Unable to negotiate with 192.168.7.2 port 22: no matching host key type found. Their offer: ssh-rsa

Add -o HostKeyAlgorithms=+ssh-rsa to command invocation as suggested at:

http://www.openssh.com/legacy.html

(From OE-Core rev: 9275d23c782071382c201bca2d647f6426a64e2f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Paul Eggleton
8ce85b6c6c classes/kernel-fitimage: add ability to add additional signing options
Add a UBOOT_MKIMAGE_SIGN_ARGS variable to enable passing additional
options to uboot-mkimage when it is run the second time to perform
signing.

(From OE-Core rev: fd39b936b03a6416e7a66408c47578daa2a08cf1)

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8fd7ee7414b45a1feeef7982af3583475902a677)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Omkar
bff6562223 dbus: upgrade 1.12.22 -> 1.12.24
Upgrade dbus from 1.12.22 to 1.12.24

Fix Below CVE's:
2022-42010
2022-42011
2022-42012

(From OE-Core rev: f00cb90cb4169ecbc003c61b50ae9e0dd4b75254)

Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
wangmy
3a7007cb35 dbus: upgrade 1.12.20 -> 1.12.22
(From OE-Core rev: 1fb8ea03cf6c4df4d8c2cc9329dfe80c83a37e2d)

(From OE-Core rev: f2632f0e5f814aac9f0c8f7294fb1d8439167c36)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc98fba73a)
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Bruce Ashfield
b6df248293 linux-yocto/5.4: update to v5.4.219
Updating  to the latest korg -stable release that comprises
the following commits:

    fd92cfed8bc6 Linux 5.4.219
    0cb5be43dc4b wifi: mac80211: fix MBSSID parsing use-after-free
    9478c5f9c007 wifi: mac80211: don't parse mbssid in assoc response
    7f441a6c90fe mac80211: mlme: find auth challenge directly
    c248c3330d5f Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
    1d0da8674c23 Linux 5.4.218
    3ff54a91e4ea Input: xpad - fix wireless 360 controller breaking after suspend
    690467759573 Input: xpad - add supported devices as contributed on github
    9389750ac6b0 wifi: cfg80211: update hidden BSSes to avoid WARN_ON
    7fab3bf52059 wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
    77bb20ccb9df wifi: cfg80211: avoid nontransmitted BSS list corruption
    785eaabfe310 wifi: cfg80211: fix BSS refcounting bugs
    359ce507f751 wifi: cfg80211: ensure length byte is present before access
    43689bf2cd8e wifi: cfg80211/mac80211: reject bad MBSSID elements
    020402c7dd58 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
    c634a9107f6a random: use expired timer rather than wq for mixing fast pool
    39800adc38f6 random: avoid reading two cache lines on irq randomness
    bc0375ca434b random: restore O_NONBLOCK support
    49d2fc9f998b USB: serial: qcserial: add new usb-id for Dell branded EM7455
    20a5bde60597 scsi: stex: Properly zero out the passthrough command structure
    46b822a7550d efi: Correct Macmini DMI match in uefi cert quirk
    b719d10f7ec3 ALSA: hda: Fix position reporting on Poulsbo
    e5d25a3bfde4 random: clamp credited irq bits to maximum mixed
    194f59391d6c ceph: don't truncate file in atomic_open
    259c0f68168a nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    b7e409d11db9 nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    792211333ad7 nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
    963089ad76cb rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    2da677c0c725 mmc: core: Terminate infinite loop in SD-UHS voltage switch
    373eca05b5b8 mmc: core: Replace with already defined values for readability
    7ec8f073c2bf USB: serial: ftdi_sio: fix 300 bps rate for SIO
    21446ad9cb98 usb: mon: make mmapped memory read only
    d2f3a51ca27e arch: um: Mark the stack non-executable to fix a binutils warning
    bb2d4c37b1fc um: Cleanup compiler warning in arch/x86/um/tls_32.c
    9e26e0eef622 um: Cleanup syscall_handler_t cast in syscalls_32.h
    3c9a75b3d2f7 net/ieee802154: fix uninit value bug in dgram_sendmsg
    61be8898d704 scsi: qedf: Fix a UAF bug in __qedf_probe()
    c790d3a00d42 ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    aefe2f55a986 dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
    db702ecd713a dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    59684c877783 firmware: arm_scmi: Add SCMI PM driver remove routine
    70e4f70d54e0 fs: fix UAF/GPF bug in nilfs_mdt_destroy
    398312c687bb perf tools: Fixup get_current_dir_name() compilation
    393a1aa4215b mm: pagewalk: Fix race between unmap and page walker
    6e150d605c9e Linux 5.4.217
    0c41153c367b docs: update mediator information in CoC docs
    096740d67560 Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    e911caf9a158 Revert "drm/amdgpu: use dirty framebuffer helper"
    ae19c3c76dc4 xfs: remove unused variable 'done'
    538657def702 xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    9ff41b8d71ba xfs: streamline xfs_attr3_leaf_inactive
    c893fedaf10c xfs: move incore structures out of xfs_da_format.h
    5e13ad940a2a xfs: fix memory corruption during remote attr value buffer invalidation
    821e0951b4b3 xfs: refactor remote attr value buffer invalidation
    a1b66abe30da xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    1e4a0723eb38 xfs: fix s_maxbytes computation on 32-bit kernels
    16de74ee3ad6 xfs: truncate should remove all blocks, not just to the end of the page cache
    87e73331e4b7 xfs: introduce XFS_MAX_FILEOFF
    bd67d06b099d xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    24f45c878299 x86/speculation: Add RSB VM Exit protections
    564275d4b93f x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    4891e5fd1001 x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    9862c0f4fd6c x86/speculation: Disable RRSBA behavior
    b9ae02c3c253 x86/bugs: Add Cannon lake to RETBleed affected CPU list
    d6a8a470dc22 x86/cpu/amd: Enumerate BTC_NO
    2edfa537f3b1 x86/common: Stamp out the stepping madness
    17a9fc4a7b91 x86/speculation: Fill RSB on vmexit for IBRS
    2242cf215013 KVM: VMX: Fix IBRS handling after vmexit
    51c71ed134e9 KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    a31bdec99a95 KVM: VMX: Convert launched argument to flags
    5895a9297e60 KVM: VMX: Flatten __vmx_vcpu_run()
    64723cd346ea KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
    57ba312f1037 KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
    87dfe68a3513 x86/speculation: Remove x86_spec_ctrl_mask
    4109a8ce107d x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    0fd086edf887 x86/speculation: Fix SPEC_CTRL write on SMT state change
    18d5a93fd202 x86/speculation: Fix firmware entry SPEC_CTRL handling
    03a575a0f954 x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    8afd1c7da2b0 x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
    3ee9e9a5af07 intel_idle: Disable IBRS during long idle
    97bc52c14a93 x86/bugs: Report Intel retbleed vulnerability
    fd67fe3db93f x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
    2d4ce2d72c3b x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    e2d793a3742a x86/bugs: Optimize SPEC_CTRL MSR writes
    a3111faed5c1 x86/entry: Add kernel IBRS implementation
    fd32a31553a1 x86/entry: Remove skip_r11rcx
    3c93ff4e23ea x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    9a596426d7bd x86/bugs: Add AMD retbleed= boot parameter
    063b7f980607 x86/bugs: Report AMD retbleed vulnerability
    954d591a84d0 x86/cpufeatures: Move RETPOLINE flags to word 11
    893cd858b09c x86/kvm/vmx: Make noinstr clean
    f62d272c2fec x86/cpu: Add a steppings field to struct x86_cpu_id
    69460b1ed63d x86/cpu: Add consistent CPU match macros
    87449d94e75c x86/devicetable: Move x86 specific macro out of generic code
    fbd29b7549b2 Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
    3a8ff61e6f13 Revert "x86/speculation: Add RSB VM Exit protections"

(From OE-Core rev: 285fdd43a20ccb12231bd36e5e75fe13ad2a32fd)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Bruce Ashfield
e736037243 linux-yocto/5.4: update to v5.4.216
Updating  to the latest korg -stable release that comprises
the following commits:

    f28b7414ab71 Linux 5.4.216
    b8b87cb13681 clk: iproc: Do not rely on node name for correct PLL setup
    d417d5eb29d7 clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    762706bd12a6 selftests: Fix the if conditions of in test_extra_filter()
    ae0d3a431639 nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    18ef5cd4c53c nvme: add new line after variable declatation
    3ea4a5342452 usbnet: Fix memory leak in usbnet_disconnect()
    6ca922ec7598 Input: melfas_mip4 - fix return value check in mip4_probe()
    38c4d8230f93 Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time"
    7291d19a9eeb soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    cdbcdfc96126 soc: sunxi: sram: Fix probe function ordering issues
    73dbc6e136b5 soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource()
    26170e4fd145 soc: sunxi: sram: Prevent the driver from being unbound
    883778a1f4fa soc: sunxi: sram: Actually claim SRAM regions
    1ba52486082b ARM: dts: am33xx: Fix MMCHS0 dma properties
    d0c69c722ff1 ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    d18565280076 media: dvb_vb2: fix possible out of bound access
    0f4634f70bfd mm: fix madivse_pageout mishandling on non-LRU page
    ffd11370b74f mm/migrate_device.c: flush TLB while holding PTL
    b9e31f4885c4 mm: prevent page_frag_alloc() from corrupting the memory
    d535fb83844e mm/page_alloc: fix race condition between build_all_zonelists and page allocation
    2ec4949738c8 mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    bb7c23e4e523 libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    5cebfac6a8c9 Revert "net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()"
    9a3740f448be ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    46e784cf4a84 ARM: dts: integrator: Tag PCI host with device_type
    85b5edb1b429 clk: ingenic-tcu: Properly enable registers before accessing timers
    f8a2e22289e4 net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    43699b8fbcf1 uas: ignore UAS for Thinkplus chips
    fc540f6e4bb4 usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    383c663c7359 uas: add no-uas quirk for Hiksemi usb_disk
    6215647d9699 Linux 5.4.215
    579976dc0d9f ext4: make directory inode spreading reflect flexbg size
    26e7c965f41b xfs: fix use-after-free when aborting corrupt attr inactivation
    8b3c9eb1b3dd xfs: fix an ABBA deadlock in xfs_rename
    37ec5a20c80d xfs: don't commit sunit/swidth updates to disk if that would cause repair failures
    4668f08cda30 xfs: split the sunit parameter update into two parts
    fd6c5da3fa2b xfs: refactor agfl length computation function
    6363fdf7acac xfs: use bitops interface for buf log item AIL flag check
    a95582d9d500 xfs: stabilize insert range start boundary to avoid COW writeback race
    7a20c664a7d8 xfs: fix some memory leaks in log recovery
    ad9759d48802 xfs: always log corruption errors
    0336599b645e xfs: constify the buffer pointer arguments to error functions
    8856a6572fed xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    9185003c93b3 xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()
    796ff09598cd xfs: attach dquots and reserve quota blocks during unwritten conversion
    a33bcad48b48 xfs: range check ri_cnt when recovering log items
    a102869fb173 xfs: add missing assert in xfs_fsmap_owner_from_rmap
    979eb1230413 xfs: slightly tweak an assert in xfs_fs_map_blocks
    c494dbca9928 xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    bb7eb3ca4b3b ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    04aa8187eba5 workqueue: don't skip lockdep work dependency in cancel_work_sync()
    a874609522b5 drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    75ed7dee26ab drm/amd/display: Limit user regamma to a valid value
    c89849ecfd2e drm/amdgpu: use dirty framebuffer helper
    0b467eab0aad Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
    8c8d0f7ac82f cifs: always initialize struct msghdr smb_msg completely
    1438e412aeda usb: xhci-mtk: fix issue of out-of-bounds array access
    2e473351400e s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    9eb710d1843a serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    6cc0434f9d44 serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    556e827b0f63 serial: Create uart_xmit_advance()
    903f7d322c17 net: sched: fix possible refcount leak in tc_new_tfilter()
    0e8de8f54b04 net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    67199c26a006 perf kcore_copy: Do not check /proc/modules is unchanged
    80b2f37b3370 perf jit: Include program header in ELF files
    95c5637d3d1f can: gs_usb: gs_can_open(): fix race dev->can.state condition
    11ebf32fde46 netfilter: ebtables: fix memory leak when blob is malformed
    6a3239f80682 net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
    d12a1eb07003 net/sched: taprio: avoid disabling offload when it was never enabled
    420c9b10737b of: mdio: Add of_node_put() when breaking out of for_each_xx
    d2ac2baf1fc4 i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    450d106804ff i40e: Fix VF set max MTU size
    3daf09781982 iavf: Fix set max MTU size with port VLAN and jumbo frames
    bfaff9adaa89 iavf: Fix bad page state
    9bf52411eeaa MIPS: Loongson32: Fix PHY-mode being left unspecified
    405bd0ebb00c MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    37f79374bba4 net: team: Unsync device addresses on ndo_stop
    346e94aa4a99 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    b84fdb6be105 iavf: Fix cached head and tail value for iavf_get_tx_pending
    721ea8ac063d netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    d0a24bc8e2aa netfilter: nf_conntrack_irc: Tighten matching on DCC message
    0376a77fa7bc netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    c9355b7e5a6f arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    312eb4574d16 arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    a52ef6ae2842 arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    016b150992ee mm/slub: fix to return errno if kmalloc() fails
    cafb9cad9bcc efi: libstub: check Shim mode using MokSBStateRT
    9599d4601941 ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    befadcf8f7f2 ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    b90ac48c0540 ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    5f622518a7d0 ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    8f8a740e9160 ALSA: hda/realtek: Re-arrange quirk table entries
    dafeac1226a4 ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    95b9a7f0bfbb ALSA: hda: add Intel 5 Series / 3400 PCI DID
    7fff38ab90b8 ALSA: hda/tegra: set depop delay for tegra
    78d3ae9bfad6 USB: serial: option: add Quectel RM520N
    55f0f59e8227 USB: serial: option: add Quectel BG95 0x0203 composition
    95b97afdde75 USB: core: Fix RST error in hub.c
    f5e322ffe7aa Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    430c9bd664ec Revert "usb: add quirks for Lenovo OneLink+ Dock"
    05ec31717feb usb: cdns3: fix issue with rearming ISO OUT endpoint
    10c5d34f6f68 usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    ddf7bc221817 usb: add quirks for Lenovo OneLink+ Dock
    da8ac086943e tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    e56a40281997 serial: atmel: remove redundant assignment in rs485_config
    85a64208b319 tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    9ad48cbf8b07 wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    9a3695bde9c7 usb: xhci-mtk: relax TT periodic bandwidth allocation
    174645cc63c3 usb: xhci-mtk: allow multiple Start-Split in a microframe
    6cfde07c5d8e usb: xhci-mtk: add some schedule error number
    664b0b8f4efa usb: xhci-mtk: add a function to (un)load bandwidth info
    d1eed0d3fb8c usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    1833e8e049d0 usb: xhci-mtk: add only one extra CS for FS/LS INTR
    3826d4f0ef89 usb: xhci-mtk: get the microframe boundary for ESIT
    4ccf7afa4729 usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    a5bdea59f43d usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    67bf926f16b3 usb: dwc3: gadget: Refactor pullup()
    24e4f6308d95 usb: dwc3: gadget: Prevent repeat pullup()
    62b6cbc5983e usb: dwc3: Issue core soft reset before enabling run/stop
    e24f90d7617b usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    85371aad2855 ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    07191f984842 cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    1878eaf0edb8 video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    47c5ef29e52f mksysmap: Fix the mismatch of 'L0' symbols in System.map
    f0ebdfc10bd1 MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    c53c3cbca5ef afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    1aea20f98ed3 net: usb: qmi_wwan: add Quectel RM520N
    447f95d41397 ALSA: hda/tegra: Align BDL entry to 4KB boundary
    9f55da12d05d ALSA: hda/sigmatel: Keep power up while beep is enabled
    39265647c4a6 rxrpc: Fix calc of resend age
    cc273ed79e7c rxrpc: Fix local destruction being repeated
    da01ec04a0b0 regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
    17a21341d953 ASoC: nau8824: Fix semaphore unbalance at error paths
    323f289a9044 iomap: iomap that extends beyond EOF should be marked dirty
    d88039e6fee4 MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    36128fd71f03 cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    81081a5c9c74 cifs: revalidate mapping when doing direct writes
    834f4d856fda tracing: hold caller_addr to hardirq_{enable,disable}_ip
    2c4e260d45fd task_stack, x86/cea: Force-inline stack helpers
    4051324a6daf ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    47d7e6af5bd4 parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    2aae9b7d0723 drm/meson: Fix OSD1 RGB to YCbCr coefficient
    5dd9cb66b712 drm/meson: Correct OSD1 global alpha value
    f1de50e1db99 gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    82e276e5fcdc NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    e0e88c25f88b of: fdt: fix off-by-one error in unflatten_dt_nodes()
    9f02aa34e179 Linux 5.4.214
    c629ec4ddd4f tracefs: Only clobber mode/uid/gid on remount if asked
    fe26b6ca0404 soc: fsl: select FSL_GUTS driver for DPIO
    1bd66f1053be net: dp83822: disable rx error interrupt
    c128bff9ff35 mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    bf3cd8f2c69b usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    72b31dc26415 platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    0573dc9f154a perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    baba0cfc3df0 nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    161e7555520b Input: iforce - add support for Boeder Force Feedback Wheel
    a725bc34d81a ieee802154: cc2520: add rc code in cc2520_tx()
    2670d1d3f59c tg3: Disable tg3 device on system reboot to avoid triggering AER
    c118ae56a5fb hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    3e89e8d1c634 HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    7e214f5b2f34 drm/msm/rd: Fix FIFO-full deadlock

(From OE-Core rev: 8cf29e02798b98ed8f5fe504cf5f10f63d491300)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Richard Purdie
8e9e9263e3 qemu: Avoid accidental librdmacm linkage
Avoid accidentally linking to the rdma library from the host by
adding a PACKAGECONFIG for the option. This was found on new
Fedora 36 autobuilder workers.

(From OE-Core rev: aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a0f3cb225e4d5471155abbcd05d09bd6bf1620f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
2ea050d3fb qemu: Add PACKAGECONFIG for rbd
Avoid accidentally linking to the rbd library from the host by
adding a PACKAGECONFIG for the option.

(From OE-Core rev: bb32854dbe68335d834aaa80e42d6a524ea4e1b2)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
29ae351d1d qemu: Avoid accidental libvdeplug linkage
Avoid accidentally linking to the vde library from the host by
adding a PACKAGECONFIG for the option.

(From OE-Core rev: cc979908beec8a40a636d00a1fdcf2769358377f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8839e9540528b0b46c4fb4f95e508f038bcef8b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
John Edward Broadbent
a83b2d8200 externalsrc: git submodule--helper list unsupported
Git has removed support for "git submodule--helper list".
31955475d1

This change provides an alternate method for gathering the submodules
information.

Tested:
Build recipes with and without submodules

(From OE-Core rev: 6c50d83af0af677c2dff864ac40c580ae446372b)

Signed-off-by: Carson Labrado <clabrado@google.com>
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d9364e5f3535954f65cbbc694ee7933ac1d664f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Michael Halstead
7bf5de9a3f uninative: Upgrade to 3.7 to work with glibc 2.36
Update uninative to work with the new glibc 2.36 version

(From OE-Core rev: 1ca9b676175d7efc72185fed5b09aba40ac0f669)

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 410226b053e14e32add1f9b4b811f84a1c445a7c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Steve Sakoman
1a9dac1b51 selftest: skip virgl test on ubuntu 22.04
This test will fail any time the host has libdrm > 2.4.107

(From OE-Core rev: 8f53bba4936b79dfe8dfa30216990b3d440150a7)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Tim Orling
87ecc7cef6 python3: upgrade 3.8.13 -> 3.8.14
Security and bug fixes.

* Drop CVE-2021-28861.patch as it was merged in 3.8.14 release.

Fixes:
  * CVE-2020-10735
    https://nvd.nist.gov/vuln/detail/CVE-2020-10735
  * CVE-2021-28861
    https://nvd.nist.gov/vuln/detail/CVE-2021-28861
  * CVE-2018-25032
    https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Python 3.8.14
Release Date: Sept. 6, 2022

This is a security release of Python 3.8
Note: The release you're looking at is Python 3.8.14, a security bugfix
      release for the legacy 3.8 series. Python 3.10 is now the latest
      feature release series of Python 3.

Security content in this release
CVE-2020-10735: converting between int and str in bases other than
  2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
  10 (decimal) now raises a ValueError if the number of digits in string
  form is above a limit to avoid potential denial of service attacks due
  to the algorithmic complexity.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
  server when an URI path starts with //.
gh-93065: Fix contextvars HAMT implementation to handle iteration over
  deep trees to avoid a potential crash of the interpreter.
gh-90355: Fix ensurepip environment isolation for the subprocess running
  pip.
gh-80254: Raise ProgrammingError instead of segfaulting on recursive usage
  of cursors in sqlite3 converters.

(From OE-Core rev: 25fafd35a4698daa0d4abb814a91601e68223128)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Hitendra Prajapati
e1f932366f qemu: CVE-2021-3750 hcd-ehci: DMA reentrancy issue leads to use-after-free
Source: https://git.qemu.org/?p=qemu.git
MR: 117886
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=b9d383ab797f54ae5fa8746117770709921dc529 && https://git.qemu.org/?p=qemu.git;a=commit;h=3ab6fdc91b72e156da22848f0003ff4225690ced && https://git.qemu.org/?p=qemu.git;a=commit;h=58e74682baf4e1ad26b064d8c02e5bc99c75c5d9
ChangeID: 3af901d20ad8ff389468eda2c53b4943e3a77bb8
Description:
	CVE-2021-3750 QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free.

(From OE-Core rev: 0f4b1db4fdc655e880ec66525eb7642978529e82)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Hitendra Prajapati
17ecf62a19 dhcp: Fix CVE-2022-2928 & CVE-2022-2929
Source: https://downloads.isc.org/isc/dhcp
MR: 122797, 122812
Type: Security Fix
Disposition: Backport from https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
ChangeID: 31490133cae8fc9c77073f9023955d3ff39c0b6e
Description:

Fixed CVEs:
	1. CVE-2022-2928
	2. CVE-2022-2929

(From OE-Core rev: 89d8ac907cbb5a0e214cb306a2d7bb4896165278)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:54:43 +01:00
Richard Purdie
f593a11bf5 bitbake: tests/fetch: Allow handling of a file:// url within a submodule
CVE-2022-39253 in git meant file:// urls within submodules were disabled. Add
a parameter to the commands in the tests to allow this to continue to work.

(Bitbake rev: 8ea8e443005ad92f4ad264d9abd9e90e33fb5c17)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-27 16:39:14 +01:00
Michael Opdenacker
90a6f6a110 dev-manual: fix reference to BitBake user manual
Fix a wrong reference no longer tolerated by Sphinx 5.x
(missing "bitbake:" prefix)

(From yocto-docs rev: 2359aff814f5faccffbf3cb2cd180979c248fc3c)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-10-11 21:57:53 +01:00
296 changed files with 11819 additions and 4076 deletions

View File

@@ -405,8 +405,8 @@ This fetcher supports the following parameters:
- *"nobranch":* Tells the fetcher to not check the SHA validation for
the branch when set to "1". The default is "0". Set this option for
the recipe that refers to the commit that is valid for a tag instead
of the branch.
the recipe that refers to the commit that is valid for any namespace
(branch, tag, ...) instead of the branch.
- *"bareclone":* Tells the fetcher to clone a bare clone into the
destination directory without checking out a working tree. Only the

View File

@@ -13,7 +13,6 @@ import sys, os, glob, os.path, re, time
import itertools
import logging
import multiprocessing
import sre_constants
import threading
from io import StringIO, UnsupportedOperation
from contextlib import closing
@@ -1795,7 +1794,7 @@ class CookerCollectFiles(object):
try:
re.compile(mask)
bbmasks.append(mask)
except sre_constants.error:
except re.error:
collectlog.critical("BBMASK contains an invalid regular expression, ignoring: %s" % mask)
# Then validate the combined regular expressions. This should never
@@ -1803,7 +1802,7 @@ class CookerCollectFiles(object):
bbmask = "|".join(bbmasks)
try:
bbmask_compiled = re.compile(bbmask)
except sre_constants.error:
except re.error:
collectlog.critical("BBMASK is not a valid regular expression, ignoring: %s" % bbmask)
bbmask = None

View File

@@ -44,7 +44,8 @@ Supported SRC_URI options are:
- nobranch
Don't check the SHA validation for branch. set this option for the recipe
referring to commit which is valid in tag instead of branch.
referring to commit which is valid in any namespace (branch, tag, ...)
instead of branch.
The default is "0", set nobranch=1 if needed.
- usehead
@@ -63,6 +64,7 @@ import errno
import fnmatch
import os
import re
import shlex
import subprocess
import tempfile
import bb
@@ -352,7 +354,7 @@ class Git(FetchMethod):
# We do this since git will use a "-l" option automatically for local urls where possible
if repourl.startswith("file://"):
repourl = repourl[7:]
clone_cmd = "LANG=C %s clone --bare --mirror \"%s\" %s --progress" % (ud.basecmd, repourl, ud.clonedir)
clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, shlex.quote(repourl), ud.clonedir)
if ud.proto.lower() != 'file':
bb.fetch2.check_network_access(d, clone_cmd, ud.url)
progresshandler = GitProgressHandler(d)
@@ -364,8 +366,12 @@ class Git(FetchMethod):
if "origin" in output:
runfetchcmd("%s remote rm origin" % ud.basecmd, d, workdir=ud.clonedir)
runfetchcmd("%s remote add --mirror=fetch origin \"%s\"" % (ud.basecmd, repourl), d, workdir=ud.clonedir)
fetch_cmd = "LANG=C %s fetch -f --progress \"%s\" refs/*:refs/*" % (ud.basecmd, repourl)
runfetchcmd("%s remote add --mirror=fetch origin %s" % (ud.basecmd, shlex.quote(repourl)), d, workdir=ud.clonedir)
if ud.nobranch:
fetch_cmd = "LANG=C %s fetch -f --progress %s refs/*:refs/*" % (ud.basecmd, shlex.quote(repourl))
else:
fetch_cmd = "LANG=C %s fetch -f --progress %s refs/heads/*:refs/heads/* refs/tags/*:refs/tags/*" % (ud.basecmd, shlex.quote(repourl))
if ud.proto.lower() != 'file':
bb.fetch2.check_network_access(d, fetch_cmd, ud.url)
progresshandler = GitProgressHandler(d)
@@ -559,7 +565,7 @@ class Git(FetchMethod):
raise bb.fetch2.UnpackError("No up to date source found: " + "; ".join(source_error), ud.url)
repourl = self._get_repo_url(ud)
runfetchcmd("%s remote set-url origin \"%s\"" % (ud.basecmd, repourl), d, workdir=destdir)
runfetchcmd("%s remote set-url origin %s" % (ud.basecmd, shlex.quote(repourl)), d, workdir=destdir)
if self._contains_lfs(ud, d, destdir):
if need_lfs and not self._find_git_lfs(d):
@@ -687,8 +693,8 @@ class Git(FetchMethod):
d.setVar('_BB_GIT_IN_LSREMOTE', '1')
try:
repourl = self._get_repo_url(ud)
cmd = "%s ls-remote \"%s\" %s" % \
(ud.basecmd, repourl, search)
cmd = "%s ls-remote %s %s" % \
(ud.basecmd, shlex.quote(repourl), search)
if ud.proto.lower() != 'file':
bb.fetch2.check_network_access(d, cmd, repourl)
output = runfetchcmd(cmd, d, True)

View File

@@ -1975,6 +1975,12 @@ class RunQueueExecute:
self.setbuildable(revdep)
logger.debug(1, "Marking task %s as buildable", revdep)
for t in self.sq_deferred.copy():
if self.sq_deferred[t] == task:
logger.debug(2, "Deferred task %s now buildable" % t)
del self.sq_deferred[t]
update_scenequeue_data([t], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
def task_complete(self, task):
self.stats.taskCompleted()
bb.event.fire(runQueueTaskCompleted(task, self.stats, self.rq), self.cfgData)
@@ -2084,8 +2090,6 @@ class RunQueueExecute:
logger.debug(1, "%s didn't become valid, skipping setscene" % nexttask)
self.sq_task_failoutright(nexttask)
return True
else:
self.sqdata.outrightfail.remove(nexttask)
if nexttask in self.sqdata.outrightfail:
logger.debug(2, 'No package found, so skipping setscene task %s', nexttask)
self.sq_task_failoutright(nexttask)
@@ -2236,7 +2240,8 @@ class RunQueueExecute:
if self.sq_deferred:
tid = self.sq_deferred.pop(list(self.sq_deferred.keys())[0])
logger.warning("Runqeueue deadlocked on deferred tasks, forcing task %s" % tid)
self.sq_task_failoutright(tid)
if tid not in self.runq_complete:
self.sq_task_failoutright(tid)
return True
if len(self.failed_tids) != 0:
@@ -2350,10 +2355,16 @@ class RunQueueExecute:
self.updated_taskhash_queue.remove((tid, unihash))
if unihash != self.rqdata.runtaskentries[tid].unihash:
hashequiv_logger.verbose("Task %s unihash changed to %s" % (tid, unihash))
self.rqdata.runtaskentries[tid].unihash = unihash
bb.parse.siggen.set_unihash(tid, unihash)
toprocess.add(tid)
# Make sure we rehash any other tasks with the same task hash that we're deferred against.
torehash = [tid]
for deftid in self.sq_deferred:
if self.sq_deferred[deftid] == tid:
torehash.append(deftid)
for hashtid in torehash:
hashequiv_logger.verbose("Task %s unihash changed to %s" % (hashtid, unihash))
self.rqdata.runtaskentries[hashtid].unihash = unihash
bb.parse.siggen.set_unihash(hashtid, unihash)
toprocess.add(hashtid)
# Work out all tasks which depend upon these
total = set()
@@ -2492,6 +2503,14 @@ class RunQueueExecute:
if update_tasks:
self.sqdone = False
for mc in sorted(self.sqdata.multiconfigs):
for tid in sorted([t[0] for t in update_tasks]):
if mc_from_tid(tid) != mc:
continue
h = pending_hash_index(tid, self.rqdata)
if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]:
self.sq_deferred[tid] = self.sqdata.hashes[h]
bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h]))
update_scenequeue_data([t[0] for t in update_tasks], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
for (tid, harddepfail, origvalid) in update_tasks:
@@ -2832,6 +2851,19 @@ def build_scenequeue_data(sqdata, rqdata, rq, cooker, stampcache, sqrq):
sqdata.stamppresent = set()
sqdata.valid = set()
sqdata.hashes = {}
sqrq.sq_deferred = {}
for mc in sorted(sqdata.multiconfigs):
for tid in sorted(sqdata.sq_revdeps):
if mc_from_tid(tid) != mc:
continue
h = pending_hash_index(tid, rqdata)
if h not in sqdata.hashes:
sqdata.hashes[h] = tid
else:
sqrq.sq_deferred[tid] = sqdata.hashes[h]
bb.note("Deferring %s after %s" % (tid, sqdata.hashes[h]))
update_scenequeue_data(sqdata.sq_revdeps, sqdata, rqdata, rq, cooker, stampcache, sqrq, summary=True)
def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, summary=True):
@@ -2843,6 +2875,8 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s
sqdata.stamppresent.remove(tid)
if tid in sqdata.valid:
sqdata.valid.remove(tid)
if tid in sqdata.outrightfail:
sqdata.outrightfail.remove(tid)
(mc, fn, taskname, taskfn) = split_tid_mcfn(tid)
@@ -2870,32 +2904,20 @@ def update_scenequeue_data(tids, sqdata, rqdata, rq, cooker, stampcache, sqrq, s
sqdata.valid |= rq.validate_hashes(tocheck, cooker.data, len(sqdata.stamppresent), False, summary=summary)
sqdata.hashes = {}
sqrq.sq_deferred = {}
for mc in sorted(sqdata.multiconfigs):
for tid in sorted(sqdata.sq_revdeps):
if mc_from_tid(tid) != mc:
continue
if tid in sqdata.stamppresent:
continue
if tid in sqdata.valid:
continue
if tid in sqdata.noexec:
continue
if tid in sqrq.scenequeue_notcovered:
continue
if tid in sqrq.scenequeue_covered:
continue
sqdata.outrightfail.add(tid)
h = pending_hash_index(tid, rqdata)
if h not in sqdata.hashes:
sqdata.hashes[h] = tid
else:
sqrq.sq_deferred[tid] = sqdata.hashes[h]
bb.note("Deferring %s after %s" % (tid, sqdata.hashes[h]))
for tid in tids:
if tid in sqdata.stamppresent:
continue
if tid in sqdata.valid:
continue
if tid in sqdata.noexec:
continue
if tid in sqrq.scenequeue_covered:
continue
if tid in sqrq.scenequeue_notcovered:
continue
if tid in sqrq.sq_deferred:
continue
sqdata.outrightfail.add(tid)
class TaskFailure(Exception):
"""

View File

@@ -1750,7 +1750,7 @@ class GitShallowTest(FetcherTest):
self.add_empty_file('bsub', cwd=smdir)
self.git('submodule init', cwd=self.srcdir)
self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('-c protocol.file.allow=always submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('submodule update', cwd=self.srcdir)
self.git('commit -m submodule -a', cwd=self.srcdir)
@@ -1782,7 +1782,7 @@ class GitShallowTest(FetcherTest):
self.add_empty_file('bsub', cwd=smdir)
self.git('submodule init', cwd=self.srcdir)
self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('-c protocol.file.allow=always submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('submodule update', cwd=self.srcdir)
self.git('commit -m submodule -a', cwd=self.srcdir)

View File

@@ -461,9 +461,16 @@ def lockfile(name, shared=False, retry=True, block=False):
consider the possibility of sending a signal to the process to break
out - at which point you want block=True rather than retry=True.
"""
basename = os.path.basename(name)
if len(basename) > 255:
root, ext = os.path.splitext(basename)
basename = root[:255 - len(ext)] + ext
dirname = os.path.dirname(name)
mkdirhier(dirname)
name = os.path.join(dirname, basename)
if not os.access(dirname, os.W_OK):
logger.error("Unable to acquire lock '%s', directory is not writable",
name)
@@ -497,7 +504,7 @@ def lockfile(name, shared=False, retry=True, block=False):
return lf
lf.close()
except OSError as e:
if e.errno == errno.EACCES:
if e.errno == errno.EACCES or e.errno == errno.ENAMETOOLONG:
logger.error("Unable to acquire lock '%s', %s",
e.strerror, name)
sys.exit(1)
@@ -1563,21 +1570,22 @@ def set_process_name(name):
# export common proxies variables from datastore to environment
def export_proxies(d):
import os
""" export common proxies variables from datastore to environment """
variables = ['http_proxy', 'HTTP_PROXY', 'https_proxy', 'HTTPS_PROXY',
'ftp_proxy', 'FTP_PROXY', 'no_proxy', 'NO_PROXY',
'GIT_PROXY_COMMAND']
'GIT_PROXY_COMMAND', 'SSL_CERT_FILE', 'SSL_CERT_DIR']
exported = False
for v in variables:
if v in os.environ.keys():
origenv = d.getVar("BB_ORIGENV")
for name in variables:
value = d.getVar(name)
if not value and origenv:
value = origenv.getVar(name)
if value:
os.environ[name] = value
exported = True
else:
v_proxy = d.getVar(v)
if v_proxy is not None:
os.environ[v] = v_proxy
exported = True
return exported

View File

@@ -97,6 +97,7 @@ extlinks = {
'yocto_git': ('https://git.yoctoproject.org%s', None),
'oe_home': ('https://www.openembedded.org%s', None),
'oe_lists': ('https://lists.openembedded.org%s', None),
'oe_git': ('https://git.openembedded.org%s', None),
}
# Intersphinx config to use cross reference with Bitbake user manual

View File

@@ -2628,7 +2628,7 @@ Recipe Syntax
Understanding recipe file syntax is important for writing recipes. The
following list overviews the basic items that make up a BitBake recipe
file. For more complete BitBake syntax descriptions, see the
":doc:`bitbake-user-manual/bitbake-user-manual-metadata`"
":doc:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata`"
chapter of the BitBake User Manual.
- *Variable Assignments and Manipulations:* Variable assignments allow
@@ -3854,7 +3854,7 @@ Setting Up and Running a Multiple Configuration Build
To accomplish a multiple configuration build, you must define each
target's configuration separately using a parallel configuration file in
the :term:`Build Directory`, and you
the :term:`Build Directory` or configuration directory within a layer, and you
must follow a required file hierarchy. Additionally, you must enable the
multiple configuration builds in your ``local.conf`` file.
@@ -3862,47 +3862,47 @@ Follow these steps to set up and execute multiple configuration builds:
- *Create Separate Configuration Files*: You need to create a single
configuration file for each build target (each multiconfig).
Minimally, each configuration file must define the machine and the
temporary directory BitBake uses for the build. Suggested practice
dictates that you do not overlap the temporary directories used
during the builds. However, it is possible that you can share the
temporary directory
(:term:`TMPDIR`). For example,
consider a scenario with two different multiconfigs for the same
The configuration definitions are implementation dependent but often
each configuration file will define the machine and the
temporary directory BitBake uses for the build. Whether the same
temporary directory (:term:`TMPDIR`) can be shared will depend on what is
similar and what is different between the configurations. Multiple MACHINE
targets can share the same (:term:`TMPDIR`) as long as the rest of the
configuration is the same, multiple DISTRO settings would need separate
(:term:`TMPDIR`) directories.
For example, consider a scenario with two different multiconfigs for the same
:term:`MACHINE`: "qemux86" built
for two distributions such as "poky" and "poky-lsb". In this case,
you might want to use the same ``TMPDIR``.
you would need to use the different :term:`TMPDIR`.
Here is an example showing the minimal statements needed in a
configuration file for a "qemux86" target whose temporary build
directory is ``tmpmultix86``:
::
directory is ``tmpmultix86``::
MACHINE = "qemux86"
TMPDIR = "${TOPDIR}/tmpmultix86"
The location for these multiconfig configuration files is specific.
They must reside in the current build directory in a sub-directory of
``conf`` named ``multiconfig``. Following is an example that defines
They must reside in the current :term:`Build Directory` in a sub-directory of
``conf`` named ``multiconfig`` or within a layer's ``conf`` directory
under a directory named ``multiconfig``. Following is an example that defines
two configuration files for the "x86" and "arm" multiconfigs:
.. image:: figures/multiconfig_files.png
:align: center
:width: 50%
The reason for this required file hierarchy is because the ``BBPATH``
variable is not constructed until the layers are parsed.
Consequently, using the configuration file as a pre-configuration
file is not possible unless it is located in the current working
directory.
The usual :term:`BBPATH` search path is used to locate multiconfig files in
a similar way to other conf files.
- *Add the BitBake Multi-configuration Variable to the Local
Configuration File*: Use the
:term:`BBMULTICONFIG`
variable in your ``conf/local.conf`` configuration file to specify
each multiconfig. Continuing with the example from the previous
figure, the ``BBMULTICONFIG`` variable needs to enable two
multiconfigs: "x86" and "arm" by specifying each configuration file:
::
figure, the :term:`BBMULTICONFIG` variable needs to enable two
multiconfigs: "x86" and "arm" by specifying each configuration file::
BBMULTICONFIG = "x86 arm"
@@ -3916,13 +3916,11 @@ Follow these steps to set up and execute multiple configuration builds:
with "".
- *Launch BitBake*: Use the following BitBake command form to launch
the multiple configuration build:
::
the multiple configuration build::
$ bitbake [mc:multiconfigname:]target [[[mc:multiconfigname:]target] ... ]
For the example in this section, the following command applies:
::
For the example in this section, the following command applies::
$ bitbake mc:x86:core-image-minimal mc:arm:core-image-sato mc::core-image-base
@@ -3937,7 +3935,7 @@ Follow these steps to set up and execute multiple configuration builds:
Support for multiple configuration builds in the Yocto Project &DISTRO;
(&DISTRO_NAME;) Release does not include Shared State (sstate)
optimizations. Consequently, if a build uses the same object twice
in, for example, two different ``TMPDIR``
in, for example, two different :term:`TMPDIR`
directories, the build either loads from an existing sstate cache for
that build at the start or builds the object fresh.
@@ -3958,38 +3956,34 @@ essentially that the
To enable dependencies in a multiple configuration build, you must
declare the dependencies in the recipe using the following statement
form:
::
form::
task_or_package[mcdepends] = "mc:from_multiconfig:to_multiconfig:recipe_name:task_on_which_to_depend"
To better show how to use this statement, consider the example scenario
from the first paragraph of this section. The following statement needs
to be added to the recipe that builds the ``core-image-sato`` image:
::
to be added to the recipe that builds the ``core-image-sato`` image::
do_image[mcdepends] = "mc:x86:arm:core-image-minimal:do_rootfs"
In this example, the `from_multiconfig` is "x86". The `to_multiconfig` is "arm". The
task on which the ``do_image`` task in the recipe depends is the
``do_rootfs`` task from the ``core-image-minimal`` recipe associated
task on which the :ref:`ref-tasks-image` task in the recipe depends is the
:ref:`ref-tasks-rootfs` task from the ``core-image-minimal`` recipe associated
with the "arm" multiconfig.
Once you set up this dependency, you can build the "x86" multiconfig
using a BitBake command as follows:
::
using a BitBake command as follows::
$ bitbake mc:x86:core-image-sato
This command executes all the tasks needed to create the
``core-image-sato`` image for the "x86" multiconfig. Because of the
dependency, BitBake also executes through the ``do_rootfs`` task for the
dependency, BitBake also executes through the :ref:`ref-tasks-rootfs` task for the
"arm" multiconfig build.
Having a recipe depend on the root filesystem of another build might not
seem that useful. Consider this change to the statement in the
``core-image-sato`` recipe:
::
``core-image-sato`` recipe::
do_image[mcdepends] = "mc:x86:arm:core-image-minimal:do_image"

View File

@@ -377,7 +377,7 @@ activities using the Yocto Project:
Index <http://layers.openembedded.org/layerindex/layers/>`__, which
is a website that indexes OpenEmbedded-Core layers.
- *Patchwork:* `Patchwork <http://jk.ozlabs.org/projects/patchwork/>`__
- *Patchwork:* `Patchwork <https://patchwork.yoctoproject.org/>`__
is a fork of a project originally started by
`OzLabs <http://ozlabs.org/>`__. The project is a web-based tracking
system designed to streamline the process of bringing contributions

View File

@@ -1,13 +1,13 @@
DISTRO : "3.1.20"
DISTRO : "3.1.24"
DISTRO_NAME_NO_CAP : "dunfell"
DISTRO_NAME : "Dunfell"
DISTRO_NAME_NO_CAP_MINUS_ONE : "zeus"
YOCTO_DOC_VERSION : "3.1.20"
YOCTO_DOC_VERSION : "3.1.24"
YOCTO_DOC_VERSION_MINUS_ONE : "3.0.4"
DISTRO_REL_TAG : "yocto-3.1.20"
DOCCONF_VERSION : "3.1.20"
DISTRO_REL_TAG : "yocto-3.1.24"
DOCCONF_VERSION : "3.1.24"
BITBAKE_SERIES : "1.46"
POKYVERSION : "23.0.20"
POKYVERSION : "23.0.24"
YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"
YOCTO_DL_URL : "https://downloads.yoctoproject.org"
YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"

View File

@@ -1734,7 +1734,7 @@ events':
The tool is pretty self-explanatory, but for more detailed information
on navigating through the data, see the `kernelshark
website <http://rostedt.homelinux.com/kernelshark/>`__.
website <https://kernelshark.org/Documentation.html>`__.
.. _ftrace-documentation:
@@ -1765,8 +1765,8 @@ There is a nice series of articles on using ftrace and trace-cmd at LWN:
- `trace-cmd: A front-end for
Ftrace <https://lwn.net/Articles/410200/>`__
There's more detailed documentation kernelshark usage here:
`KernelShark <http://rostedt.homelinux.com/kernelshark/>`__
See also `KernelShark's documentation <https://kernelshark.org/Documentation.html>`__
for further usage details.
An amusing yet useful README (a tracing mini-HOWTO) can be found in
``/sys/kernel/debug/tracing/README``.

View File

@@ -45,6 +45,8 @@ distributions:
- Ubuntu 20.04
- Ubuntu 22.04
- Fedora 28
- Fedora 29
@@ -61,6 +63,8 @@ distributions:
- Fedora 35
- Fedora 36
- CentOS 7.x
- Debian GNU/Linux 8.x (Jessie)
@@ -79,6 +83,8 @@ distributions:
- AlmaLinux 8.5
- AlmaLinux 8.7
.. note::
- While the Yocto Project Team attempts to ensure all Yocto Project

View File

@@ -7147,6 +7147,32 @@ system and gives an overview of their function and contents.
:term:`SSTATE_DIR`
The directory for the shared state cache.
:term:`SSTATE_EXCLUDEDEPS_SYSROOT`
This variable allows to specify indirect dependencies to exclude
from sysroots, for example to avoid the situations when a dependency on
any ``-native`` recipe will pull in all dependencies of that recipe
in the recipe sysroot. This behaviour might not always be wanted,
for example when that ``-native`` recipe depends on build tools
that are not relevant for the current recipe.
This way, irrelevant dependencies are ignored, which could have
prevented the reuse of prebuilt artifacts stored in the Shared
State Cache.
:term:`SSTATE_EXCLUDEDEPS_SYSROOT` is evaluated as two regular
expressions of recipe and dependency to ignore. An example
is the rule in :oe_git:`meta/conf/layer.conf </openembedded-core/tree/meta/conf/layer.conf>`::
# Nothing needs to depend on libc-initial
# base-passwd/shadow-sysroot don't need their dependencies
SSTATE_EXCLUDEDEPS_SYSROOT += "\
.*->.*-initial.* \
.*(base-passwd|shadow-sysroot)->.* \
"
The ``->`` substring represents the dependency between
the two regular expressions.
:term:`SSTATE_MIRROR_ALLOW_NETWORK`
If set to "1", allows fetches from mirrors that are specified in
:term:`SSTATE_MIRRORS` to work even when

View File

@@ -1,6 +1,6 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
DISTRO_VERSION = "3.1.20"
DISTRO_VERSION = "3.1.24"
DISTRO_CODENAME = "dunfell"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${DATE}', 'snapshot')}"
@@ -47,12 +47,14 @@ SANITY_TESTED_DISTROS ?= " \
ubuntu-18.04 \n \
ubuntu-19.04 \n \
ubuntu-20.04 \n \
ubuntu-22.04 \n \
fedora-30 \n \
fedora-31 \n \
fedora-32 \n \
fedora-33 \n \
fedora-34 \n \
fedora-35 \n \
fedora-36 \n \
centos-7 \n \
centos-8 \n \
debian-8 \n \
@@ -63,6 +65,7 @@ SANITY_TESTED_DISTROS ?= " \
opensuseleap-15.2 \n \
opensuseleap-15.3 \n \
almalinux-8.5 \n \
almalinux-8.7 \n \
"
# add poky sanity bbclass
INHERIT += "poky-sanity"

View File

@@ -7,8 +7,8 @@ KMACHINE_genericx86 ?= "common-pc"
KMACHINE_genericx86-64 ?= "common-pc-64"
KMACHINE_beaglebone-yocto ?= "beaglebone"
SRCREV_machine_genericx86 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86"
SRCREV_machine_genericx86-64 ?= "8a59dfded81659402005acfb06fbb00b71c8ce86"
SRCREV_machine_genericx86 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
SRCREV_machine_genericx86-64 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
SRCREV_machine_edgerouter ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
SRCREV_machine_beaglebone-yocto ?= "706efec4c1e270ec5dda92275898cd465dfdc7dd"
@@ -17,7 +17,7 @@ COMPATIBLE_MACHINE_genericx86-64 = "genericx86-64"
COMPATIBLE_MACHINE_edgerouter = "edgerouter"
COMPATIBLE_MACHINE_beaglebone-yocto = "beaglebone-yocto"
LINUX_VERSION_genericx86 = "5.4.205"
LINUX_VERSION_genericx86-64 = "5.4.205"
LINUX_VERSION_genericx86 = "5.4.219"
LINUX_VERSION_genericx86-64 = "5.4.219"
LINUX_VERSION_edgerouter = "5.4.58"
LINUX_VERSION_beaglebone-yocto = "5.4.58"

View File

@@ -139,7 +139,7 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
# /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc)
# would return /usr/local/bin/ccache/gcc, but what we need is
# /usr/bin/gcc, this code can check and fix that.
if "ccache" in srctool:
if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache':
srctool = bb.utils.which(path, tool, executable=True, direction=1)
if srctool:
os.symlink(srctool, desttool)

View File

@@ -42,8 +42,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
@@ -195,7 +195,7 @@ python cve_check_write_rootfs_manifest () {
recipies.add(pkg_data["PN"])
bb.note("Writing rootfs CVE manifest")
deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
deploy_dir = d.getVar("IMGDEPLOYDIR")
link_name = d.getVar("IMAGE_LINK_NAME")
json_data = {"version":"1", "package": []}

View File

@@ -2,8 +2,6 @@ inherit terminal
DEVSHELL = "${SHELL}"
PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:"
python do_devshell () {
if d.getVarFlag("do_devshell", "manualfakeroot"):
d.prependVar("DEVSHELL", "pseudo ")

View File

@@ -60,7 +60,7 @@ python () {
if externalsrcbuild:
d.setVar('B', externalsrcbuild)
else:
d.setVar('B', '${WORKDIR}/${BPN}-${PV}/')
d.setVar('B', '${WORKDIR}/${BPN}-${PV}')
local_srcuri = []
fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d)
@@ -207,8 +207,8 @@ def srctree_hash_files(d, srcdir=None):
try:
git_dir = os.path.join(s_dir,
subprocess.check_output(['git', '-C', s_dir, 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
top_git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'],
stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
top_git_dir = os.path.join(d.getVar("TOPDIR"),
subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
if git_dir == top_git_dir:
git_dir = None
except subprocess.CalledProcessError:
@@ -225,15 +225,16 @@ def srctree_hash_files(d, srcdir=None):
env['GIT_INDEX_FILE'] = tmp_index.name
subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env)
git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8")
submodule_helper = subprocess.check_output(['git', 'submodule--helper', 'list'], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
if os.path.isdir(module_dir):
proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
proc.communicate()
proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
stdout, _ = proc.communicate()
git_sha1 += stdout.decode("utf-8")
if os.path.exists(os.path.join(s_dir, ".gitmodules")) and os.path.getsize(os.path.join(s_dir, ".gitmodules")) > 0:
submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
if os.path.isdir(module_dir):
proc = subprocess.Popen(['git', 'add', '-A', '.'], cwd=module_dir, env=env, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
proc.communicate()
proc = subprocess.Popen(['git', 'write-tree'], cwd=module_dir, env=env, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
stdout, _ = proc.communicate()
git_sha1 += stdout.decode("utf-8")
sha1 = hashlib.sha1(git_sha1.encode("utf-8")).hexdigest()
with open(oe_hash_file, 'w') as fobj:
fobj.write(sha1)

View File

@@ -4,7 +4,7 @@
def get_rootfs_uuid(d):
import subprocess
rootfs = d.getVar('ROOTFS')
output = subprocess.check_output(['tune2fs', '-l', rootfs])
output = subprocess.check_output(['tune2fs', '-l', rootfs], text=True)
for line in output.split('\n'):
if line.startswith('Filesystem UUID:'):
uuid = line.split()[-1]

View File

@@ -311,7 +311,7 @@ fakeroot python do_image_qa () {
except oe.utils.ImageQAFailed as e:
qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description)
except Exception as e:
qamsg = qamsg + '\tImage QA function %s failed\n' % cmd
qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e)
if qamsg:
imgname = d.getVar('IMAGE_NAME')
@@ -437,7 +437,7 @@ python () {
localdata.delVar('DATETIME')
localdata.delVar('DATE')
localdata.delVar('TMPDIR')
vardepsexclude = (d.getVarFlag('IMAGE_CMD_' + realt, 'vardepsexclude', True) or '').split()
vardepsexclude = (d.getVarFlag('IMAGE_CMD_' + realt, 'vardepsexclude') or '').split()
for dep in vardepsexclude:
localdata.delVar(dep)

View File

@@ -64,5 +64,5 @@ HOST_AR_KERNEL_ARCH ?= "${TARGET_AR_KERNEL_ARCH}"
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
TOOLCHAIN = "gcc"
TOOLCHAIN ?= "gcc"

View File

@@ -59,6 +59,9 @@ FIT_SIGN_ALG ?= "rsa2048"
# fitImage Padding Algo
FIT_PAD_ALG ?= "pkcs-1.5"
# Arguments passed to mkimage for signing
UBOOT_MKIMAGE_SIGN_ARGS ?= ""
#
# Emit the fitImage ITS header
#
@@ -479,7 +482,8 @@ fitimage_assemble() {
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-F -k "${UBOOT_SIGN_KEYDIR}" \
$add_key_to_u_boot \
-r arch/${ARCH}/boot/${2}
-r arch/${ARCH}/boot/${2} \
${UBOOT_MKIMAGE_SIGN_ARGS}
fi
}

View File

@@ -194,7 +194,7 @@ do_kernel_metadata() {
# SRC_URI. If they were supplied, we convert them into include directives
# for the update part of the process
for f in ${feat_dirs}; do
if [ -d "${WORKDIR}/$f/meta" ]; then
if [ -d "${WORKDIR}/$f/kernel-meta" ]; then
includes="$includes -I${WORKDIR}/$f/kernel-meta"
elif [ -d "${WORKDIR}/../oe-local-files/$f" ]; then
includes="$includes -I${WORKDIR}/../oe-local-files/$f"

View File

@@ -75,7 +75,7 @@ python __anonymous () {
# KERNEL_IMAGETYPES may contain a mixture of image types supported directly
# by the kernel build system and types which are created by post-processing
# the output of the kernel build system (e.g. compressing vmlinux ->
# vmlinux.gz in kernel_do_compile()).
# vmlinux.gz in kernel_do_transform_kernel()).
# KERNEL_IMAGETYPE_FOR_MAKE should contain only image types supported
# directly by the kernel build system.
if not d.getVar('KERNEL_IMAGETYPE_FOR_MAKE'):
@@ -106,6 +106,8 @@ python __anonymous () {
# standalone for use by wic and other tools.
if image:
d.appendVarFlag('do_bundle_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete')
if image and bb.utils.to_boolean(d.getVar('INITRAMFS_IMAGE_BUNDLE')):
bb.build.addtask('do_transform_bundled_initramfs', 'do_deploy', 'do_bundle_initramfs', d)
# NOTE: setting INITRAMFS_TASK is for backward compatibility
# The preferred method is to set INITRAMFS_IMAGE, because
@@ -280,6 +282,14 @@ do_bundle_initramfs () {
}
do_bundle_initramfs[dirs] = "${B}"
kernel_do_transform_bundled_initramfs() {
# vmlinux.gz is not built by kernel
if (echo "${KERNEL_IMAGETYPES}" | grep -wq "vmlinux\.gz"); then
gzip -9cn < ${KERNEL_OUTPUT_DIR}/vmlinux.initramfs > ${KERNEL_OUTPUT_DIR}/vmlinux.gz.initramfs
fi
}
do_transform_bundled_initramfs[dirs] = "${B}"
python do_devshell_prepend () {
os.environ["LDFLAGS"] = ''
}
@@ -311,6 +321,10 @@ kernel_do_compile() {
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
else
ts=`LC_ALL=C date`
export KBUILD_BUILD_TIMESTAMP="$ts"
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
# The $use_alternate_initrd is only set from
# do_bundle_initramfs() This variable is specifically for the
@@ -329,12 +343,17 @@ kernel_do_compile() {
for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
oe_runmake ${typeformake} CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} $use_alternate_initrd
done
}
kernel_do_transform_kernel() {
# vmlinux.gz is not built by kernel
if (echo "${KERNEL_IMAGETYPES}" | grep -wq "vmlinux\.gz"); then
mkdir -p "${KERNEL_OUTPUT_DIR}"
gzip -9cn < ${B}/vmlinux > "${KERNEL_OUTPUT_DIR}/vmlinux.gz"
fi
}
do_transform_kernel[dirs] = "${B}"
addtask transform_kernel after do_compile before do_install
do_compile_kernelmodules() {
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE
@@ -352,6 +371,10 @@ do_compile_kernelmodules() {
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
else
ts=`LC_ALL=C date`
export KBUILD_BUILD_TIMESTAMP="$ts"
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then
cc_extra=$(get_cc_option)
@@ -572,11 +595,11 @@ do_savedefconfig() {
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
inherit cml1
inherit cml1 pkgconfig
KCONFIG_CONFIG_COMMAND_append = " LD='${KERNEL_LD}' HOSTLDFLAGS='${BUILD_LDFLAGS}'"
EXPORT_FUNCTIONS do_compile do_install do_configure
EXPORT_FUNCTIONS do_compile do_transform_kernel do_transform_bundled_initramfs do_install do_configure
# kernel-base becomes kernel-${KERNEL_VERSION}
# kernel-image becomes kernel-image-${KERNEL_VERSION}
@@ -721,7 +744,7 @@ kernel_do_deploy() {
fi
if [ ! -z "${INITRAMFS_IMAGE}" -a x"${INITRAMFS_IMAGE_BUNDLE}" = x1 ]; then
for imageType in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
for imageType in ${KERNEL_IMAGETYPES} ; do
if [ "$imageType" = "fitImage" ] ; then
continue
fi

View File

@@ -45,6 +45,7 @@ PACKAGE_NO_GCONV ?= "0"
OVERRIDES_append = ":${TARGET_ARCH}-${TARGET_OS}"
locale_base_postinst_ontarget() {
mkdir ${libdir}/locale
localedef --inputfile=${datadir}/i18n/locales/%s --charmap=%s %s
}

View File

@@ -211,7 +211,7 @@ def get_deployed_dependencies(d):
deploy = {}
# Get all the dependencies for the current task (rootfs).
taskdata = d.getVar("BB_TASKDEPDATA", False)
pn = d.getVar("PN", True)
pn = d.getVar("PN")
depends = list(set([dep[0] for dep
in list(taskdata.values())
if not dep[0].endswith("-native") and not dep[0] == pn]))

View File

@@ -113,3 +113,5 @@ do_packagedata[stamp-extra-info] = ""
USE_NLS = "${SDKUSE_NLS}"
OLDEST_KERNEL = "${SDK_OLDEST_KERNEL}"
PATH_prepend = "${COREBASE}/scripts/nativesdk-intercept:"

View File

@@ -117,7 +117,7 @@ python write_host_sdk_ext_manifest () {
f.write("%s %s %s\n" % (info[1], info[2], info[3]))
}
SDK_POSTPROCESS_COMMAND_append_task-populate-sdk-ext = "write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; "
SDK_POSTPROCESS_COMMAND_append_task-populate-sdk-ext = " write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; "
SDK_TITLE_task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} Extensible SDK"

View File

@@ -7,6 +7,7 @@
# QB_OPT_APPEND: options to append to qemu, e.g., "-show-cursor"
#
# QB_DEFAULT_KERNEL: default kernel to boot, e.g., "bzImage"
# e.g., "bzImage-initramfs-qemux86-64.bin" if INITRAMFS_IMAGE_BUNDLE is set to 1.
#
# QB_DEFAULT_FSTYPE: default FSTYPE to boot, e.g., "ext4"
#
@@ -75,7 +76,7 @@
QB_MEM ?= "-m 256"
QB_SERIAL_OPT ?= "-serial mon:stdio -serial null"
QB_DEFAULT_KERNEL ?= "${KERNEL_IMAGETYPE}"
QB_DEFAULT_KERNEL ?= "${@bb.utils.contains("INITRAMFS_IMAGE_BUNDLE", "1", "${KERNEL_IMAGETYPE}-${INITRAMFS_LINK_NAME}.bin", "${KERNEL_IMAGETYPE}", d)}"
QB_DEFAULT_FSTYPE ?= "ext4"
QB_OPT_APPEND ?= "-show-cursor"
QB_NETWORK_DEVICE ?= "-device virtio-net-pci,netdev=net0,mac=@MAC@"

View File

@@ -27,6 +27,13 @@ BB_SCHEDULER ?= "completion"
BB_TASK_IONICE_LEVEL_task-rm_work = "3.0"
do_rm_work () {
# Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH
# Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function
RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)"
if [ -z "${RM_BIN}" ]; then
bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data."
fi
# If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe.
for p in ${RM_WORK_EXCLUDE}; do
if [ "$p" = "${PN}" ]; then
@@ -73,7 +80,7 @@ do_rm_work () {
# sstate version since otherwise we'd need to leave 'plaindirs' around
# such as 'packages' and 'packages-split' and these can be large. No end
# of chain tasks depend directly on do_package anymore.
rm -f -- $i;
"${RM_BIN}" -f -- $i;
;;
*_setscene*)
# Skip stamps which are already setscene versions
@@ -90,7 +97,7 @@ do_rm_work () {
;;
esac
done
rm -f -- $i
"${RM_BIN}" -f -- $i
esac
done
@@ -100,9 +107,9 @@ do_rm_work () {
# Retain only logs and other files in temp, safely ignore
# failures of removing pseudo folers on NFS2/3 server.
if [ $dir = 'pseudo' ]; then
rm -rf -- $dir 2> /dev/null || true
"${RM_BIN}" -rf -- $dir 2> /dev/null || true
elif ! echo "$excludes" | grep -q -w "$dir"; then
rm -rf -- $dir
"${RM_BIN}" -rf -- $dir
fi
done
}

View File

@@ -561,6 +561,14 @@ def check_tar_version(sanity_data):
version = result.split()[3]
if LooseVersion(version) < LooseVersion("1.28"):
return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n"
try:
result = subprocess.check_output(["tar", "--help"], stderr=subprocess.STDOUT).decode('utf-8')
if "--xattrs" not in result:
return "Your tar doesn't support --xattrs, please use GNU tar.\n"
except subprocess.CalledProcessError as e:
return "Unable to execute tar --help, exit code %d\n%s\n" % (e.returncode, e.output)
return None
# We use git parameters and functionality only found in 1.7.8 or later

View File

@@ -20,7 +20,7 @@ def generate_sstatefn(spec, hash, taskname, siginfo, d):
components = spec.split(":")
# Fields 0,5,6 are mandatory, 1 is most useful, 2,3,4 are just for information
# 7 is for the separators
avail = (254 - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
avail = (limit - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
components[2] = components[2][:avail]
components[3] = components[3][:avail]
components[4] = components[4][:avail]

View File

@@ -29,7 +29,7 @@ toolchain_create_sdk_env_script () {
echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script
echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script
echo '# Only disable this check if you are absolutely know what you are doing!' >> $script
echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script
echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script
echo " echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script
echo " echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script
echo ' echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script

View File

@@ -194,7 +194,7 @@ RECIPE_MAINTAINER_pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
RECIPE_MAINTAINER_pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-source-9.3.0 = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gcc-source-9.5.0 = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER_pn-gconf = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER_pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER_pn-gdb = "Khem Raj <raj.khem@gmail.com>"

View File

@@ -6,10 +6,10 @@
# to the distro running on the build machine.
#
UNINATIVE_MAXGLIBCVERSION = "2.35"
UNINATIVE_VERSION = "3.6"
UNINATIVE_MAXGLIBCVERSION = "2.36"
UNINATIVE_VERSION = "3.7"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
UNINATIVE_CHECKSUM[aarch64] ?= "d64831cf2792c8e470c2e42230660e1a8e5de56a579cdd59978791f663c2f3ed"
UNINATIVE_CHECKSUM[i686] ?= "2f0ee9b66b1bb2c85e2b592fb3c9c7f5d77399fa638d74961330cdb8de34ca3b"
UNINATIVE_CHECKSUM[x86_64] ?= "9bfc4c970495b3716b2f9e52c4df9f968c02463a9a95000f6657fbc3fde1f098"
UNINATIVE_CHECKSUM[aarch64] ?= "6a29bcae4b5b716d2d520e18800b33943b65f8a835eac1ff8793fc5ee65b4be6"
UNINATIVE_CHECKSUM[i686] ?= "3f6d52e64996570c716108d49f8108baccf499a283bbefae438c7266b7a93305"
UNINATIVE_CHECKSUM[x86_64] ?= "b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570"

View File

@@ -62,7 +62,8 @@ def get_source_date_epoch_from_git(d, sourcedir):
return None
bb.debug(1, "git repository: %s" % gitpath)
p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE)
p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'],
check=True, stdout=subprocess.PIPE)
return int(p.stdout.decode('utf-8'))
def get_source_date_epoch_from_youngest_file(d, sourcedir):

View File

@@ -49,21 +49,20 @@ class RpmBasicTest(OERuntimeTestCase):
msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output)
self.assertEqual(status, 0, msg=msg)
def check_no_process_for_user(u):
_, output = self.target.run(self.tc.target_cmds['ps'])
if u + ' ' in output:
return False
else:
return True
def wait_for_no_process_for_user(u, timeout = 120):
timeout_at = time.time() + timeout
while time.time() < timeout_at:
_, output = self.target.run(self.tc.target_cmds['ps'])
if u + ' ' not in output:
return
time.sleep(1)
user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
assertTrue(True, msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
timeout = time.time() + 30
while time.time() < timeout:
if check_no_process_for_user(u):
break
else:
time.sleep(1)
wait_for_no_process_for_user(u)
status, output = self.target.run('userdel -r %s' % u)
msg = 'Failed to erase user: %s' % output
self.assertTrue(status == 0, msg=msg)

View File

@@ -67,11 +67,11 @@ class OERuntimeTestContextExecutor(OETestContextExecutor):
% self.default_target_type)
runtime_group.add_argument('--target-ip', action='store',
default=self.default_target_ip,
help="IP address of device under test, default: %s" \
help="IP address and optionally ssh port (default 22) of device under test, for example '192.168.0.7:22'. Default: %s" \
% self.default_target_ip)
runtime_group.add_argument('--server-ip', action='store',
default=self.default_target_ip,
help="IP address of device under test, default: %s" \
help="IP address of the test host from test target machine, default: %s" \
% self.default_server_ip)
runtime_group.add_argument('--host-dumper-dir', action='store',

View File

@@ -1323,7 +1323,7 @@ class DevtoolExtractTests(DevtoolBase):
# Now really test deploy-target
result = runCmd('devtool deploy-target -c %s root@%s' % (testrecipe, qemu.ip))
# Run a test command to see if it was installed properly
sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-rsa'
result = runCmd('ssh %s root@%s %s' % (sshargs, qemu.ip, testcommand))
# Check if it deployed all of the files with the right ownership/perms
# First look on the host - need to do this under pseudo to get the correct ownership/perms

View File

@@ -75,7 +75,7 @@ class BitbakePrTests(OESelftestTestCase):
exported_db_path = os.path.join(self.builddir, 'export.inc')
export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True)
self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output)
self.assertTrue(os.path.exists(exported_db_path))
self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output))
if replace_current_db:
current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3')

View File

@@ -39,7 +39,6 @@ exclude_packages = [
'gstreamer1.0-python',
'hwlatdetect',
'kernel-devsrc',
'libaprutil',
'libcap-ng',
'libjson',
'libproxy',

View File

@@ -175,8 +175,8 @@ class TestImage(OESelftestTestCase):
if "DISPLAY" not in os.environ:
self.skipTest("virgl gtk test must be run inside a X session")
distro = oe.lsb.distro_identifier()
if distro and distro == 'almalinux-8.6':
self.skipTest('virgl isn\'t working with Alma 8')
if distro and distro.startswith('almalinux'):
self.skipTest('virgl isn\'t working with Alma Linux')
if distro and distro == 'debian-8':
self.skipTest('virgl isn\'t working with Debian 8')
if distro and distro == 'centos-7':
@@ -191,6 +191,8 @@ class TestImage(OESelftestTestCase):
self.skipTest('virgl isn\'t working with Fedora 36')
if distro and distro == 'opensuseleap-15.0':
self.skipTest('virgl isn\'t working with Opensuse 15.0')
if distro and distro == 'ubuntu-22.04':
self.skipTest('virgl isn\'t working with Ubuntu 22.04')
qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native')
sdl_packageconfig = get_bb_var('PACKAGECONFIG', 'libsdl2-native')
@@ -234,7 +236,7 @@ class TestImage(OESelftestTestCase):
except FileNotFoundError:
self.skipTest("/dev/dri directory does not exist; no render nodes available on this machine.")
try:
dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True)
dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True)
except subprocess.CalledProcessError as e:
self.skipTest("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.")
qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native')

View File

@@ -65,6 +65,20 @@ class TinfoilTests(OESelftestTestCase):
localdata.setVar('PN', 'hello')
self.assertEqual('hello', localdata.getVar('BPN'))
# The config_data API tp parse_recipe_file is used by:
# layerindex-web layerindex/update_layer.py
def test_parse_recipe_custom_data(self):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=False, quiet=2)
localdata = bb.data.createCopy(tinfoil.config_data)
localdata.setVar("TESTVAR", "testval")
testrecipe = 'mdadm'
best = tinfoil.find_best_provider(testrecipe)
if not best:
self.fail('Unable to find recipe providing %s' % testrecipe)
rd = tinfoil.parse_recipe_file(best[3], config_data=localdata)
self.assertEqual("testval", rd.getVar('TESTVAR'))
def test_list_recipes(self):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=False, quiet=2)

View File

@@ -432,10 +432,13 @@ class QemuRunner:
except OSError as e:
if e.errno != errno.ESRCH:
raise
endtime = time.time() + self.runqemutime
while self.runqemu.poll() is None and time.time() < endtime:
time.sleep(1)
if self.runqemu.poll() is None:
try:
outs, errs = self.runqemu.communicate(timeout = self.runqemutime)
if outs:
self.logger.info("Output from runqemu:\n%s", outs.decode("utf-8"))
if errs:
self.logger.info("Stderr from runqemu:\n%s", errs.decode("utf-8"))
except TimeoutExpired:
self.logger.debug("Sending SIGKILL to runqemu")
os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL)
if not self.runqemu.stdout.closed:

View File

@@ -0,0 +1,87 @@
From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Fri, 5 Aug 2022 01:58:27 +0800
Subject: [PATCH] font: Fix several integer overflows in
grub_font_construct_glyph()
This patch fixes several integer overflows in grub_font_construct_glyph().
Glyphs of invalid size, zero or leading to an overflow, are rejected.
The inconsistency between "glyph" and "max_glyph_size" when grub_malloc()
returns NULL is fixed too.
Fixes: CVE-2022-2601
Reported-by: Zhang Boyang <zhangboyang.id@gmail.com>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e]
CVE: CVE-2022-2601
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
grub-core/font/font.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index df17dba..f110db9 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -1509,6 +1509,7 @@ grub_font_construct_glyph (grub_font_t hinted_font,
struct grub_video_signed_rect bounds;
static struct grub_font_glyph *glyph = 0;
static grub_size_t max_glyph_size = 0;
+ grub_size_t cur_glyph_size;
ensure_comb_space (glyph_id);
@@ -1525,29 +1526,33 @@ grub_font_construct_glyph (grub_font_t hinted_font,
if (!glyph_id->ncomb && !glyph_id->attributes)
return main_glyph;
- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT)
+ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) ||
+ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size))
+ return main_glyph;
+
+ if (max_glyph_size < cur_glyph_size)
{
grub_free (glyph);
- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2;
- if (max_glyph_size < 8)
- max_glyph_size = 8;
- glyph = grub_malloc (max_glyph_size);
+ if (grub_mul (cur_glyph_size, 2, &max_glyph_size))
+ max_glyph_size = 0;
+ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL;
}
if (!glyph)
{
+ max_glyph_size = 0;
grub_errno = GRUB_ERR_NONE;
return main_glyph;
}
- grub_memset (glyph, 0, sizeof (*glyph)
- + (bounds.width * bounds.height
- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT);
+ grub_memset (glyph, 0, cur_glyph_size);
glyph->font = main_glyph->font;
- glyph->width = bounds.width;
- glyph->height = bounds.height;
- glyph->offset_x = bounds.x;
- glyph->offset_y = bounds.y;
+ if (bounds.width == 0 || bounds.height == 0 ||
+ grub_cast (bounds.width, &glyph->width) ||
+ grub_cast (bounds.height, &glyph->height) ||
+ grub_cast (bounds.x, &glyph->offset_x) ||
+ grub_cast (bounds.y, &glyph->offset_y))
+ return main_glyph;
if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR)
grub_font_blit_glyph_mirror (glyph, main_glyph,
--
2.25.1

View File

@@ -0,0 +1,271 @@
From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Thu, 2 Dec 2021 15:03:53 +0100
Subject: kern/efi/sb: Reject non-kernel files in the shim_lock verifier
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53]
CVE: CVE-2022-28735
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
We must not allow other verifiers to pass things like the GRUB modules.
Instead of maintaining a blocklist, maintain an allowlist of things
that we do not care about.
This allowlist really should be made reusable, and shared by the
lockdown verifier, but this is the minimal patch addressing
security concerns where the TPM verifier was able to mark modules
as verified (or the OpenPGP verifier for that matter), when it
should not do so on shim-powered secure boot systems.
Fixes: CVE-2022-28735
Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/kern/efi/sb.c | 221 ++++++++++++++++++++++++++++++++++++++++
include/grub/verify.h | 1 +
2 files changed, 222 insertions(+)
create mode 100644 grub-core/kern/efi/sb.c
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
new file mode 100644
index 0000000..89c4bb3
--- /dev/null
+++ b/grub-core/kern/efi/sb.c
@@ -0,0 +1,221 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * UEFI Secure Boot related checkings.
+ */
+
+#include <grub/efi/efi.h>
+#include <grub/efi/pe32.h>
+#include <grub/efi/sb.h>
+#include <grub/env.h>
+#include <grub/err.h>
+#include <grub/file.h>
+#include <grub/i386/linux.h>
+#include <grub/kernel.h>
+#include <grub/mm.h>
+#include <grub/types.h>
+#include <grub/verify.h>
+
+static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+
+/*
+ * Determine whether we're in secure boot mode.
+ *
+ * Please keep the logic in sync with the Linux kernel,
+ * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
+ */
+grub_uint8_t
+grub_efi_get_secureboot (void)
+{
+ static grub_efi_guid_t efi_variable_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+ grub_efi_status_t status;
+ grub_efi_uint32_t attr = 0;
+ grub_size_t size = 0;
+ grub_uint8_t *secboot = NULL;
+ grub_uint8_t *setupmode = NULL;
+ grub_uint8_t *moksbstate = NULL;
+ grub_uint8_t secureboot = GRUB_EFI_SECUREBOOT_MODE_UNKNOWN;
+ const char *secureboot_str = "UNKNOWN";
+
+ status = grub_efi_get_variable ("SecureBoot", &efi_variable_guid,
+ &size, (void **) &secboot);
+
+ if (status == GRUB_EFI_NOT_FOUND)
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
+ goto out;
+ }
+
+ if (status != GRUB_EFI_SUCCESS)
+ goto out;
+
+ status = grub_efi_get_variable ("SetupMode", &efi_variable_guid,
+ &size, (void **) &setupmode);
+
+ if (status != GRUB_EFI_SUCCESS)
+ goto out;
+
+ if ((*secboot == 0) || (*setupmode == 1))
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
+ goto out;
+ }
+
+ /*
+ * See if a user has put the shim into insecure mode. If so, and if the
+ * variable doesn't have the runtime attribute set, we might as well
+ * honor that.
+ */
+ status = grub_efi_get_variable_with_attributes ("MokSBState", &shim_lock_guid,
+ &size, (void **) &moksbstate, &attr);
+
+ /* If it fails, we don't care why. Default to secure. */
+ if (status != GRUB_EFI_SUCCESS)
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED;
+ goto out;
+ }
+
+ if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1)
+ {
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
+ goto out;
+ }
+
+ secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED;
+
+ out:
+ grub_free (moksbstate);
+ grub_free (setupmode);
+ grub_free (secboot);
+
+ if (secureboot == GRUB_EFI_SECUREBOOT_MODE_DISABLED)
+ secureboot_str = "Disabled";
+ else if (secureboot == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ secureboot_str = "Enabled";
+
+ grub_dprintf ("efi", "UEFI Secure Boot state: %s\n", secureboot_str);
+
+ return secureboot;
+}
+
+static grub_err_t
+shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
+ enum grub_file_type type,
+ void **context __attribute__ ((unused)),
+ enum grub_verify_flags *flags)
+{
+ *flags = GRUB_VERIFY_FLAGS_NONE;
+
+ switch (type & GRUB_FILE_TYPE_MASK)
+ {
+ /* Files we check. */
+ case GRUB_FILE_TYPE_LINUX_KERNEL:
+ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
+ case GRUB_FILE_TYPE_BSD_KERNEL:
+ case GRUB_FILE_TYPE_XNU_KERNEL:
+ case GRUB_FILE_TYPE_PLAN9_KERNEL:
+ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
+ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+ return GRUB_ERR_NONE;
+
+ /* Files that do not affect secureboot state. */
+ case GRUB_FILE_TYPE_NONE:
+ case GRUB_FILE_TYPE_LOOPBACK:
+ case GRUB_FILE_TYPE_LINUX_INITRD:
+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
+ case GRUB_FILE_TYPE_XNU_RAMDISK:
+ case GRUB_FILE_TYPE_SIGNATURE:
+ case GRUB_FILE_TYPE_PUBLIC_KEY:
+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
+ case GRUB_FILE_TYPE_TESTLOAD:
+ case GRUB_FILE_TYPE_GET_SIZE:
+ case GRUB_FILE_TYPE_FONT:
+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
+ case GRUB_FILE_TYPE_CAT:
+ case GRUB_FILE_TYPE_HEXCAT:
+ case GRUB_FILE_TYPE_CMP:
+ case GRUB_FILE_TYPE_HASHLIST:
+ case GRUB_FILE_TYPE_TO_HASH:
+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
+ case GRUB_FILE_TYPE_PIXMAP:
+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
+ case GRUB_FILE_TYPE_CONFIG:
+ case GRUB_FILE_TYPE_THEME:
+ case GRUB_FILE_TYPE_GETTEXT_CATALOG:
+ case GRUB_FILE_TYPE_FS_SEARCH:
+ case GRUB_FILE_TYPE_LOADENV:
+ case GRUB_FILE_TYPE_SAVEENV:
+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ return GRUB_ERR_NONE;
+
+ /* Other files. */
+ default:
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
+ }
+}
+
+static grub_err_t
+shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size)
+{
+ grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0);
+
+ if (!sl)
+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found"));
+
+ if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+
+ return GRUB_ERR_NONE;
+}
+
+struct grub_file_verifier shim_lock_verifier =
+ {
+ .name = "shim_lock_verifier",
+ .init = shim_lock_verifier_init,
+ .write = shim_lock_verifier_write
+ };
+
+void
+grub_shim_lock_verifier_setup (void)
+{
+ struct grub_module_header *header;
+ grub_efi_shim_lock_protocol_t *sl =
+ grub_efi_locate_protocol (&shim_lock_guid, 0);
+
+ /* shim_lock is missing, check if GRUB image is built with --disable-shim-lock. */
+ if (!sl)
+ {
+ FOR_MODULES (header)
+ {
+ if (header->type == OBJ_TYPE_DISABLE_SHIM_LOCK)
+ return;
+ }
+ }
+
+ /* Secure Boot is off. Do not load shim_lock. */
+ if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ return;
+
+ /* Enforce shim_lock_verifier. */
+ grub_verifier_register (&shim_lock_verifier);
+
+ grub_env_set ("shim_lock", "y");
+ grub_env_export ("shim_lock");
+}
diff --git a/include/grub/verify.h b/include/grub/verify.h
index cd129c3..672ae16 100644
--- a/include/grub/verify.h
+++ b/include/grub/verify.h
@@ -24,6 +24,7 @@
enum grub_verify_flags
{
+ GRUB_VERIFY_FLAGS_NONE = 0,
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
/* Defer verification to another authority. */
--
2.25.1

View File

@@ -0,0 +1,97 @@
From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Mon, 24 Oct 2022 08:05:35 +0800
Subject: [PATCH] font: Fix an integer underflow in blit_comb()
The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may
evaluate to a very big invalid value even if both ctx.bounds.height and
combining_glyphs[i]->height are small integers. For example, if
ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this
expression evaluates to 2147483647 (expected -1). This is because
coordinates are allowed to be negative but ctx.bounds.height is an
unsigned int. So, the subtraction operates on unsigned ints and
underflows to a very big value. The division makes things even worse.
The quotient is still an invalid value even if converted back to int.
This patch fixes the problem by casting ctx.bounds.height to int. As
a result the subtraction will operate on int and grub_uint16_t which
will be promoted to an int. So, the underflow will no longer happen. Other
uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int,
to ensure coordinates are always calculated on signed integers.
Fixes: CVE-2022-3775
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af]
CVE: CVE-2022-3775
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
grub-core/font/font.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index f110db9..3b76b22 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -1200,12 +1200,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
ctx.bounds.height = main_glyph->height;
above_rightx = main_glyph->offset_x + main_glyph->width;
- above_righty = ctx.bounds.y + ctx.bounds.height;
+ above_righty = ctx.bounds.y + (int) ctx.bounds.height;
above_leftx = main_glyph->offset_x;
- above_lefty = ctx.bounds.y + ctx.bounds.height;
+ above_lefty = ctx.bounds.y + (int) ctx.bounds.height;
- below_rightx = ctx.bounds.x + ctx.bounds.width;
+ below_rightx = ctx.bounds.x + (int) ctx.bounds.width;
below_righty = ctx.bounds.y;
comb = grub_unicode_get_comb (glyph_id);
@@ -1218,7 +1218,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
if (!combining_glyphs[i])
continue;
- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
+ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
/* CGJ is to avoid diacritics reordering. */
if (comb[i].code
== GRUB_UNICODE_COMBINING_GRAPHEME_JOINER)
@@ -1228,8 +1228,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
case GRUB_UNICODE_COMB_OVERLAY:
do_blit (combining_glyphs[i],
targetx,
- (ctx.bounds.height - combining_glyphs[i]->height) / 2
- - (ctx.bounds.height + ctx.bounds.y), &ctx);
+ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2
+ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
break;
@@ -1302,7 +1302,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
/* Fallthrough. */
case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
do_blit (combining_glyphs[i], targetx,
- -(ctx.bounds.height + ctx.bounds.y + space
+ -((int) ctx.bounds.height + ctx.bounds.y + space
+ combining_glyphs[i]->height), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
@@ -1310,7 +1310,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
case GRUB_UNICODE_COMB_HEBREW_DAGESH:
do_blit (combining_glyphs[i], targetx,
- -(ctx.bounds.height / 2 + ctx.bounds.y
+ -((int) ctx.bounds.height / 2 + ctx.bounds.y
+ combining_glyphs[i]->height / 2), &ctx);
if (min_devwidth < combining_glyphs[i]->width)
min_devwidth = combining_glyphs[i]->width;
--
2.25.1

View File

@@ -0,0 +1,117 @@
From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001
From: Zhang Boyang <zhangboyang.id@gmail.com>
Date: Fri, 5 Aug 2022 00:51:20 +0800
Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
The length of memory allocation and file read may overflow. This patch
fixes the problem by using safemath macros.
There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
It is safe replacement for such code. It has safemath-like prototype.
This patch also introduces grub_cast(value, pointer), it casts value to
typeof(*pointer) then store the value to *pointer. It returns true when
overflow occurs or false if there is no overflow. The semantics of arguments
and return value are designed to be consistent with other safemath macros.
Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532]
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
grub-core/font/font.c | 17 +++++++++++++----
include/grub/bitmap.h | 18 ++++++++++++++++++
include/grub/safemath.h | 2 ++
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 5edb477..df17dba 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -733,7 +733,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
grub_int16_t xoff;
grub_int16_t yoff;
grub_int16_t dwidth;
- int len;
+ grub_ssize_t len;
+ grub_size_t sz;
if (index_entry->glyph)
/* Return cached glyph. */
@@ -760,9 +761,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
return 0;
}
- len = (width * height + 7) / 8;
- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
- if (!glyph)
+ /* Calculate real struct size of current glyph. */
+ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
+ grub_add (sizeof (struct grub_font_glyph), len, &sz))
+ {
+ remove_font (font);
+ return 0;
+ }
+
+ /* Allocate and initialize the glyph struct. */
+ glyph = grub_malloc (sz);
+ if (glyph == NULL)
{
remove_font (font);
return 0;
diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
index 5728f8c..0d9603f 100644
--- a/include/grub/bitmap.h
+++ b/include/grub/bitmap.h
@@ -23,6 +23,7 @@
#include <grub/symbol.h>
#include <grub/types.h>
#include <grub/video.h>
+#include <grub/safemath.h>
struct grub_video_bitmap
{
@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap)
return bitmap->mode_info.height;
}
+/*
+ * Calculate and store the size of data buffer of 1bit bitmap in result.
+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
+ * Return true when overflow occurs or false if there is no overflow.
+ * This function is intentionally implemented as a macro instead of
+ * an inline function. Although a bit awkward, it preserves data types for
+ * safemath macros and reduces macro side effects as much as possible.
+ *
+ * XXX: Will report false overflow if width * height > UINT64_MAX.
+ */
+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \
+({ \
+ grub_uint64_t _bitmap_pixels; \
+ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \
+ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \
+})
+
void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap,
struct grub_video_mode_info *mode_info);
diff --git a/include/grub/safemath.h b/include/grub/safemath.h
index c17b89b..bb0f826 100644
--- a/include/grub/safemath.h
+++ b/include/grub/safemath.h
@@ -30,6 +30,8 @@
#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+#define grub_cast(a, res) grub_add ((a), 0, (res))
+
#else
#error gcc 5.1 or newer or clang 3.8 or newer is required
#endif
--
2.25.1

View File

@@ -102,6 +102,10 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://CVE-2022-28733.patch \
file://CVE-2022-28734.patch \
file://CVE-2022-28736.patch \
file://CVE-2022-28735.patch \
file://font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \
file://CVE-2022-2601.patch \
file://CVE-2022-3775.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"

View File

@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
DEPENDS = "dbus glib-2.0"
RDEPENDS:${PN} += "dbus"
PROVIDES += "bluez-hcidump"
RPROVIDES_${PN} += "bluez-hcidump"
@@ -57,6 +58,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
file://CVE-2021-3658.patch \
file://CVE-2022-0204.patch \
file://CVE-2022-39176.patch \
file://CVE-2022-3637.patch \
"
S = "${WORKDIR}/bluez-${PV}"

View File

@@ -0,0 +1,39 @@
From b808b2852a0b48c6f9dbb038f932613cea3126c2 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 27 Oct 2022 09:51:27 +0530
Subject: [PATCH] CVE-2022-3637
Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/monitor/jlink.c?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f]
CVE: CVE-2022-3637
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
monitor: Fix crash when using RTT backend
This fix regression introduced by "monitor: Fix memory leaks".
J-Link shared library is in use if jlink_init() returns 0 and thus
handle shall not be closed.
---
monitor/jlink.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/monitor/jlink.c b/monitor/jlink.c
index afa9d93..5bd4aed 100644
--- a/monitor/jlink.c
+++ b/monitor/jlink.c
@@ -120,9 +120,12 @@ int jlink_init(void)
!jlink.tif_select || !jlink.setspeed ||
!jlink.connect || !jlink.getsn ||
!jlink.emu_getproductname ||
- !jlink.rtterminal_control || !jlink.rtterminal_read)
+ !jlink.rtterminal_control || !jlink.rtterminal_read) {
+ dlclose(so);
return -EIO;
+ }
+ /* don't dlclose(so) here cause symbols from it are in use now */
return 0;
}
--
2.25.1

View File

@@ -6,6 +6,13 @@ SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089
# These issues have kernel fixes rather than bluez fixes so exclude here
CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490"
# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, e2b0f0d8d63e1223bb714a9efb37e2257818268b
# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177
# already backport in CVE-2022-39176.patch
# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
CVE_CHECK_WHITELIST += "CVE-2022-39177"
# noinst programs in Makefile.tools that are conditional on READLINE
# support
NOINST_TOOLS_READLINE ?= " \

View File

@@ -0,0 +1,120 @@
From 8a5d739eea10ee6e193f053b1662142d5657cbc6 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 6 Oct 2022 09:39:18 +0530
Subject: [PATCH] CVE-2022-2928
Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
CVE: CVE-2022-2928
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
common/options.c | 7 +++++
common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
diff --git a/common/options.c b/common/options.c
index a7ed84c..4e53bb4 100644
--- a/common/options.c
+++ b/common/options.c
@@ -4452,6 +4452,8 @@ add_option(struct option_state *options,
if (!option_cache_allocate(&oc, MDL)) {
log_error("No memory for option cache adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
return 0;
}
@@ -4463,6 +4465,8 @@ add_option(struct option_state *options,
MDL)) {
log_error("No memory for constant data adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
option_cache_dereference(&oc, MDL);
return 0;
}
@@ -4471,6 +4475,9 @@ add_option(struct option_state *options,
save_option(&dhcp_universe, options, oc);
option_cache_dereference(&oc, MDL);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
+
return 1;
}
diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c
index cd52cfb..690704d 100644
--- a/common/tests/option_unittest.c
+++ b/common/tests/option_unittest.c
@@ -130,6 +130,59 @@ ATF_TC_BODY(pretty_print_option, tc)
}
+ATF_TC(add_option_ref_cnt);
+
+ATF_TC_HEAD(add_option_ref_cnt, tc)
+{
+ atf_tc_set_md_var(tc, "descr",
+ "Verify add_option() does not leak option ref counts.");
+}
+
+ATF_TC_BODY(add_option_ref_cnt, tc)
+{
+ struct option_state *options = NULL;
+ struct option *option = NULL;
+ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER;
+ char *cid_str = "1234";
+ int refcnt_before = 0;
+
+ // Look up the option we're going to add.
+ initialize_common_option_spaces();
+ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
+ &cid_code, 0, MDL)) {
+ atf_tc_fail("cannot find option definition?");
+ }
+
+ // Get the option's reference count before we call add_options.
+ refcnt_before = option->refcnt;
+
+ // Allocate a option_state to which to add an option.
+ if (!option_state_allocate(&options, MDL)) {
+ atf_tc_fail("cannot allocat options state");
+ }
+
+ // Call add_option() to add the option to the option state.
+ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) {
+ atf_tc_fail("add_option returned 0");
+ }
+
+ // Verify that calling add_option() only adds 1 to the option ref count.
+ if (option->refcnt != (refcnt_before + 1)) {
+ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+
+ // Derefrence the option_state, this should reduce the ref count to
+ // it's starting value.
+ option_state_dereference(&options, MDL);
+
+ // Verify that dereferencing option_state restores option ref count.
+ if (option->refcnt != refcnt_before) {
+ atf_tc_fail("after state deref, count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+}
+
/* This macro defines main() method that will call specified
test cases. tp and simple_test_case names can be whatever you want
as long as it is a valid variable identifier. */
@@ -137,6 +190,7 @@ ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, option_refcnt);
ATF_TP_ADD_TC(tp, pretty_print_option);
+ ATF_TP_ADD_TC(tp, add_option_ref_cnt);
return (atf_no_error());
}
--
2.25.1

View File

@@ -0,0 +1,40 @@
From 5c959166ebee7605e2048de573f2475b4d731ff7 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 6 Oct 2022 09:42:59 +0530
Subject: [PATCH] CVE-2022-2929
Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/]
CVE: CVE-2022-2929
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
common/options.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/options.c b/common/options.c
index 4e53bb4..28800fc 100644
--- a/common/options.c
+++ b/common/options.c
@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options,
while (s < &bp -> data[0] + length + 2) {
len = *s;
if (len > 63) {
- log_info ("fancy bits in fqdn option");
- return 0;
+ log_info ("label length exceeds 63 in fqdn option");
+ goto bad;
}
if (len == 0) {
terminated = 1;
break;
}
if (s + len > &bp -> data [0] + length + 3) {
- log_info ("fqdn tag longer than buffer");
- return 0;
+ log_info ("fqdn label longer than buffer");
+ goto bad;
}
if (first_len == 0) {
--
2.25.1

View File

@@ -11,6 +11,8 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
file://0013-fixup_use_libbind.patch \
file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \
file://CVE-2021-25217.patch \
file://CVE-2022-2928.patch \
file://CVE-2022-2929.patch \
"
SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1"

View File

@@ -5,8 +5,8 @@ SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5"
PV = "20220725"
SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f"
PV = "20221107"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"

View File

@@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
SRC_URI[sha256sum] = "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca"
SRC_URI[sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

View File

@@ -0,0 +1,50 @@
From 2aeb41a9a3a43b11b1e46628d0bf98197ff9f141 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Thu, 29 Dec 2022 18:00:20 +0100
Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
This fixes a potential vulnerability where data is written to spkt.buf
and rpkt.buf without a check on the array index. To fix this, we
check the array index (pkt->cnt) before storing the byte or
incrementing the count. This also means we no longer have a potential
signed integer overflow on the increment of pkt->cnt.
Fortunately, pppdump is not used in the normal process of setting up a
PPP connection, is not installed setuid-root, and is not invoked
automatically in any scenario that I am aware of.
Ustream-Status: Backport [https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf]
CVE: CVE-2022-4603
Signed-off-by:Minjae Kim <flowergom@gmail.com>
---
pppdump/pppdump.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
index 87c2e8f..dec4def 100644
--- a/pppdump/pppdump.c
+++ b/pppdump/pppdump.c
@@ -296,6 +296,10 @@ dumpppp(f)
printf("%s aborted packet:\n ", dir);
q = " ";
}
+ if (pkt->cnt >= sizeof(pkt->buf)) {
+ printf("%s over-long packet truncated:\n ", dir);
+ q = " ";
+ }
nb = pkt->cnt;
p = pkt->buf;
pkt->cnt = 0;
@@ -399,7 +403,8 @@ dumpppp(f)
c ^= 0x20;
pkt->esc = 0;
}
- pkt->buf[pkt->cnt++] = c;
+ if (pkt->cnt < sizeof(pkt->buf))
+ pkt->buf[pkt->cnt++] = c;
break;
}
}
--
2.25.1

View File

@@ -34,6 +34,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
file://0001-ppp-Remove-unneeded-include.patch \
file://ppp-2.4.7-DES-openssl.patch \
file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
file://CVE-2022-4603.patch \
"
SRC_URI_append_libc-musl = "\

View File

@@ -139,6 +139,10 @@ do_configure () {
do_prepare_config
merge_config.sh -m .config ${@" ".join(find_cfgs(d))}
cml1_do_configure
# Save a copy of .config and autoconf.h.
cp .config .config.orig
cp include/autoconf.h include/autoconf.h.orig
}
do_compile() {
@@ -146,13 +150,17 @@ do_compile() {
if [ "${BUILD_REPRODUCIBLE_BINARIES}" = "1" ]; then
export KCONFIG_NOTIMESTAMP=1
fi
# Ensure we start do_compile with the original .config and autoconf.h.
# These files should always have matching timestamps.
cp .config.orig .config
cp include/autoconf.h.orig include/autoconf.h
if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
# Guard againt interrupted do_compile: clean temporary files.
rm -f .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
# split the .config into two parts, and make two busybox binaries
if [ -e .config.orig ]; then
# Need to guard again an interrupted do_compile - restore any backup
cp .config.orig .config
fi
cp .config .config.orig
oe_runmake busybox.cfg.suid
oe_runmake busybox.cfg.nosuid
@@ -189,15 +197,18 @@ do_compile() {
bbfatal "busybox suid binary incorrectly provides /bin/sh"
fi
# copy .config.orig back to .config, because the install process may check this file
cp .config.orig .config
# cleanup
rm .config.orig .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
rm .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
else
oe_runmake busybox_unstripped
cp busybox_unstripped busybox
oe_runmake busybox.links
fi
# restore original .config and autoconf.h, because the install process
# may check these files
cp .config.orig .config
cp include/autoconf.h.orig include/autoconf.h
}
do_install () {

View File

@@ -51,6 +51,7 @@ PACKAGECONFIG_class-nativesdk ??= "xattr"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,,"
PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl"
# [ df mktemp nice printenv base64 gets a special treatment and is not included in this
bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \

View File

@@ -10,8 +10,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
"
SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4"
SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe"
SRC_URI[sha256sum] = "bc42d196c1756ac520d61bf3ccd6f42013617def45dd1e591a6091abf51dca38"
EXTRA_OECONF = "--disable-xml-docs \
--disable-doxygen-docs \

View File

@@ -29,6 +29,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
file://CVE-2020-36254.patch \
file://CVE-2021-36369.patch \
"
PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \

View File

@@ -0,0 +1,145 @@
From e10dec82930863e487b22978d3df107274f366b2 Mon Sep 17 00:00:00 2001
From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
Date: Thu, 19 Aug 2021 17:37:14 +0200
Subject: [PATCH] added option to disable trivial auth methods (#128)
* added option to disable trivial auth methods
* rename argument to match with other ssh clients
* fixed trivial auth detection for pubkeys
[https://github.com/mkj/dropbear/pull/128]
Upstream-Status: Backport
CVE: CVE-2021-36369
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
cli-auth.c | 3 +++
cli-authinteract.c | 1 +
cli-authpasswd.c | 2 +-
cli-authpubkey.c | 1 +
cli-runopts.c | 7 +++++++
cli-session.c | 1 +
runopts.h | 1 +
session.h | 1 +
8 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/cli-auth.c b/cli-auth.c
index 2e509e5..6f04495 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -267,6 +267,9 @@ void recv_msg_userauth_success() {
if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
TRACE(("received msg_userauth_success"))
+ if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) {
+ dropbear_exit("trivial authentication not allowed");
+ }
/* Note: in delayed-zlib mode, setting authdone here
* will enable compression in the transport layer */
ses.authstate.authdone = 1;
diff --git a/cli-authinteract.c b/cli-authinteract.c
index e1cc9a1..f7128ee 100644
--- a/cli-authinteract.c
+++ b/cli-authinteract.c
@@ -114,6 +114,7 @@ void recv_msg_userauth_info_request() {
m_free(instruction);
for (i = 0; i < num_prompts; i++) {
+ cli_ses.is_trivial_auth = 0;
unsigned int response_len = 0;
prompt = buf_getstring(ses.payload, NULL);
cleantext(prompt);
diff --git a/cli-authpasswd.c b/cli-authpasswd.c
index 00fdd8b..a24d43e 100644
--- a/cli-authpasswd.c
+++ b/cli-authpasswd.c
@@ -155,7 +155,7 @@ void cli_auth_password() {
encrypt_packet();
m_burn(password, strlen(password));
-
+ cli_ses.is_trivial_auth = 0;
TRACE(("leave cli_auth_password"))
}
#endif /* DROPBEAR_CLI_PASSWORD_AUTH */
diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 7cee164..7da1a04 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -174,6 +174,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
cli_buf_put_sign(ses.writepayload, key, type, sigbuf);
buf_free(sigbuf); /* Nothing confidential in the buffer */
+ cli_ses.is_trivial_auth = 0;
}
encrypt_packet();
diff --git a/cli-runopts.c b/cli-runopts.c
index 7d1fffe..6bf8b8e 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -152,6 +152,7 @@ void cli_getopts(int argc, char ** argv) {
#if DROPBEAR_CLI_ANYTCPFWD
cli_opts.exit_on_fwd_failure = 0;
#endif
+ cli_opts.disable_trivial_auth = 0;
#if DROPBEAR_CLI_LOCALTCPFWD
cli_opts.localfwds = list_new();
opts.listen_fwd_all = 0;
@@ -888,6 +889,7 @@ static void add_extendedopt(const char* origstr) {
#if DROPBEAR_CLI_ANYTCPFWD
"\tExitOnForwardFailure\n"
#endif
+ "\tDisableTrivialAuth\n"
#ifndef DISABLE_SYSLOG
"\tUseSyslog\n"
#endif
@@ -915,5 +917,10 @@ static void add_extendedopt(const char* origstr) {
return;
}
+ if (match_extendedopt(&optstr, "DisableTrivialAuth") == DROPBEAR_SUCCESS) {
+ cli_opts.disable_trivial_auth = parse_flag_value(optstr);
+ return;
+ }
+
dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr);
}
diff --git a/cli-session.c b/cli-session.c
index 56dd4af..73ef0db 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -164,6 +164,7 @@ static void cli_session_init(pid_t proxy_cmd_pid) {
/* Auth */
cli_ses.lastprivkey = NULL;
cli_ses.lastauthtype = 0;
+ cli_ses.is_trivial_auth = 1;
/* For printing "remote host closed" for the user */
ses.remoteclosed = cli_remoteclosed;
diff --git a/runopts.h b/runopts.h
index 31eae1f..8519626 100644
--- a/runopts.h
+++ b/runopts.h
@@ -154,6 +154,7 @@ typedef struct cli_runopts {
#if DROPBEAR_CLI_ANYTCPFWD
int exit_on_fwd_failure;
#endif
+ int disable_trivial_auth;
#if DROPBEAR_CLI_REMOTETCPFWD
m_list * remotefwds;
#endif
diff --git a/session.h b/session.h
index 0f77055..8676054 100644
--- a/session.h
+++ b/session.h
@@ -287,6 +287,7 @@ struct clientsession {
int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
for the last type of auth we tried */
+ int is_trivial_auth;
int ignore_next_auth_response;
#if DROPBEAR_CLI_INTERACT_AUTH
int auth_interact_failed; /* flag whether interactive auth can still

View File

@@ -0,0 +1,33 @@
From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Tue, 20 Sep 2022 02:44:34 +0200
Subject: [PATCH] lib: Fix overeager DTD destruction in
XML_ExternalEntityParserCreate
CVE: CVE-2022-43680
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4.patch]
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Comments: Hunk refreshed
---
lib/xmlparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index aacd6e7fc..57bf103cc 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -1035,6 +1035,14 @@ parserCreate(const XML_Char *encodingNam
parserInit(parser, encodingName);
if (encodingName && ! parser->m_protocolEncodingName) {
+ if (dtd) {
+ // We need to stop the upcoming call to XML_ParserFree from happily
+ // destroying parser->m_dtd because the DTD is shared with the parent
+ // parser and the only guard that keeps XML_ParserFree from destroying
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+ parser->m_dtd = NULL;
+ }
XML_ParserFree(parser);
return NULL;
}

View File

@@ -21,6 +21,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
file://CVE-2022-25315.patch \
file://libtool-tag.patch \
file://CVE-2022-40674.patch \
file://CVE-2022-43680.patch \
"
SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13"

View File

@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.31/master"
PV = "2.31+git${SRCPV}"
SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f"
SRCREV_glibc ?= "d4b75594574ab8a9c2c41209cd8c62aac76b5a04"
SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"

View File

@@ -11,14 +11,10 @@ CVE: CVE-2021-33574 patch#1
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
NEWS | 4 ++++
sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
Index: git/NEWS
===================================================================
--- git.orig/NEWS
+++ git/NEWS
diff --git a/NEWS b/NEWS
index 8a20d3c4e3..be489243ac 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ using `glibc' in the "product" field.
Version 2.31.1
@@ -28,12 +24,12 @@ Index: git/NEWS
+ attribute with a non-default affinity mask.
+
The following bugs are resolved with this release:
[14231] stdio-common tests memory requirements
[19519] iconv(1) with -c option hangs on illegal multi-byte sequences
(CVE-2016-10228)
Index: git/sysdeps/unix/sysv/linux/mq_notify.c
===================================================================
--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c
+++ git/sysdeps/unix/sysv/linux/mq_notify.c
diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
index f288bac477..dd47f0b777 100644
--- a/sysdeps/unix/sysv/linux/mq_notify.c
+++ b/sysdeps/unix/sysv/linux/mq_notify.c
@@ -135,8 +135,11 @@ helper_thread (void *arg)
(void) __pthread_barrier_wait (&notify_barrier);
}
@@ -48,7 +44,7 @@ Index: git/sysdeps/unix/sysv/linux/mq_notify.c
}
return NULL;
}
@@ -257,8 +260,7 @@ mq_notify (mqd_t mqdes, const struct sig
@@ -257,8 +260,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
if (data.attr == NULL)
return -1;
@@ -58,7 +54,7 @@ Index: git/sysdeps/unix/sysv/linux/mq_notify.c
}
/* Construct the new request. */
@@ -272,7 +274,10 @@ mq_notify (mqd_t mqdes, const struct sig
@@ -272,7 +274,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
/* If it failed, free the allocated memory. */
if (__glibc_unlikely (retval != 0))

View File

@@ -0,0 +1,82 @@
From 952aff5c00ad7c6b83c3f310f2643939538827f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?=
=?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= <leo@yuriev.ru>
Date: Sat, 4 Feb 2023 14:41:38 +0300
Subject: [PATCH] gmon: Fix allocated buffer overflow (bug 29444)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `__monstartup()` allocates a buffer used to store all the data
accumulated by the monitor.
The size of this buffer depends on the size of the internal structures
used and the address range for which the monitor is activated, as well
as on the maximum density of call instructions and/or callable functions
that could be potentially on a segment of executable code.
In particular a hash table of arcs is placed at the end of this buffer.
The size of this hash table is calculated in bytes as
p->fromssize = p->textsize / HASHFRACTION;
but actually should be
p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
This results in writing beyond the end of the allocated buffer when an
added arc corresponds to a call near from the end of the monitored
address range, since `_mcount()` check the incoming caller address for
monitored range but not the intermediate result hash-like index that
uses to write into the table.
It should be noted that when the results are output to `gmon.out`, the
table is read to the last element calculated from the allocated size in
bytes, so the arcs stored outside the buffer boundary did not fall into
`gprof` for analysis. Thus this "feature" help me to found this bug
during working with https://sourceware.org/bugzilla/show_bug.cgi?id=29438
Just in case, I will explicitly note that the problem breaks the
`make test t=gmon/tst-gmon-dso` added for Bug 29438.
There, the arc of the `f3()` call disappears from the output, since in
the DSO case, the call to `f3` is located close to the end of the
monitored range.
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Another minor error seems a related typo in the calculation of
`kcountsize`, but since kcounts are smaller than froms, this is
actually to align the p->froms data.
Co-authored-by: DJ Delorie <dj@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc]
CVE: CVE-2023-0687
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
---
gmon/gmon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gmon/gmon.c b/gmon/gmon.c
index dee6480..bf76358 100644
--- a/gmon/gmon.c
+++ b/gmon/gmon.c
@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc)
p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER));
p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER));
p->textsize = p->highpc - p->lowpc;
+ /* This looks like a typo, but it's here to align the p->froms
+ section. */
p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms));
p->hashfraction = HASHFRACTION;
p->log_hashfraction = -1;
@@ -142,7 +144,7 @@ __monstartup (u_long lowpc, u_long highpc)
instead of integer division. Precompute shift amount. */
p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1;
}
- p->fromssize = p->textsize / HASHFRACTION;
+ p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
p->tolimit = p->textsize * ARCDENSITY / 100;
if (p->tolimit < MINARCS)
p->tolimit = MINARCS;
--
2.7.4

View File

@@ -79,6 +79,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \
file://CVE-2023-0687.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"

View File

@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image setuptools3
SRCREV ?= "9ae91384970637cd8880c07071fb44b7f5574012"
SRCREV ?= "9fbfbf002e210dbdb2a4b9f3adf8012f245cf38f"
SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \

View File

@@ -0,0 +1,623 @@
From c846986356fc149915a74972bf198abc266bc2c0 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 25 Aug 2022 17:43:08 +0200
Subject: [PATCH] [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
XML_MAX_HUGE_LENGTH (1 billion bytes).
Move some the length checks to the end of the respective loop to make
them strict.
xmlParseEntityValue didn't have a length limitation at all. But without
XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
Thanks to Maddie Stone working with Google Project Zero for the report!
CVE: CVE-2022-40303
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0]
Comments: Refreshed hunk
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
parser.c | 233 +++++++++++++++++++++++++++++--------------------------
1 file changed, 121 insertions(+), 112 deletions(-)
diff --git a/parser.c b/parser.c
index 93f031be..79479979 100644
--- a/parser.c
+++ b/parser.c
@@ -102,6 +102,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt);
* *
************************************************************************/
+#define XML_MAX_HUGE_LENGTH 1000000000
+
#define XML_PARSER_BIG_ENTITY 1000
#define XML_PARSER_LOT_ENTITY 5000
@@ -552,7 +554,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
errmsg = "Malformed declaration expecting version";
break;
case XML_ERR_NAME_TOO_LONG:
- errmsg = "Name too long use XML_PARSE_HUGE option";
+ errmsg = "Name too long";
break;
#if 0
case:
@@ -3202,6 +3204,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
int len = 0, l;
int c;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseNameComplex++;
@@ -3267,7 +3272,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
}
- len += l;
+ if (len <= INT_MAX - l)
+ len += l;
NEXTL(l);
c = CUR_CHAR(l);
}
@@ -3293,13 +3299,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
}
- len += l;
+ if (len <= INT_MAX - l)
+ len += l;
NEXTL(l);
c = CUR_CHAR(l);
}
}
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
return(NULL);
}
@@ -3338,7 +3344,10 @@ const xmlChar *
xmlParseName(xmlParserCtxtPtr ctxt) {
const xmlChar *in;
const xmlChar *ret;
- int count = 0;
+ size_t count = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
GROW;
@@ -3362,8 +3371,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
in++;
if ((*in > 0) && (*in < 0x80)) {
count = in - ctxt->input->cur;
- if ((count > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (count > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
return(NULL);
}
@@ -3384,6 +3392,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
int len = 0, l;
int c;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
size_t startPosition = 0;
#ifdef DEBUG
@@ -3404,17 +3415,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */
(xmlIsNameChar(ctxt, c) && (c != ':'))) {
if (count++ > XML_PARSER_CHUNK_SIZE) {
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
- return(NULL);
- }
count = 0;
GROW;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
}
- len += l;
+ if (len <= INT_MAX - l)
+ len += l;
NEXTL(l);
c = CUR_CHAR(l);
if (c == 0) {
@@ -3432,8 +3439,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
c = CUR_CHAR(l);
}
}
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
@@ -3459,7 +3465,10 @@ static const xmlChar *
xmlParseNCName(xmlParserCtxtPtr ctxt) {
const xmlChar *in, *e;
const xmlChar *ret;
- int count = 0;
+ size_t count = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseNCName++;
@@ -3484,8 +3493,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
goto complex;
if ((*in > 0) && (*in < 0x80)) {
count = in - ctxt->input->cur;
- if ((count > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (count > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
@@ -3567,6 +3575,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
const xmlChar *cur = *str;
int len = 0, l;
int c;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseStringName++;
@@ -3602,12 +3613,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
if (len + 10 > max) {
xmlChar *tmp;
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
- xmlFree(buffer);
- return(NULL);
- }
max *= 2;
tmp = (xmlChar *) xmlRealloc(buffer,
max * sizeof(xmlChar));
@@ -3621,14 +3626,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
COPY_BUF(l,buffer,len,c);
cur += l;
c = CUR_SCHAR(cur, l);
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ xmlFree(buffer);
+ return(NULL);
+ }
}
buffer[len] = 0;
*str = cur;
return(buffer);
}
}
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
@@ -3655,6 +3664,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
int len = 0, l;
int c;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseNmToken++;
@@ -3706,12 +3718,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
if (len + 10 > max) {
xmlChar *tmp;
- if ((max > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
- xmlFree(buffer);
- return(NULL);
- }
max *= 2;
tmp = (xmlChar *) xmlRealloc(buffer,
max * sizeof(xmlChar));
@@ -3725,6 +3731,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
COPY_BUF(l,buffer,len,c);
NEXTL(l);
c = CUR_CHAR(l);
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+ xmlFree(buffer);
+ return(NULL);
+ }
}
buffer[len] = 0;
return(buffer);
@@ -3732,8 +3743,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
}
if (len == 0)
return(NULL);
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
return(NULL);
}
@@ -3759,6 +3769,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
int len = 0;
int size = XML_PARSER_BUFFER_SIZE;
int c, l;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
xmlChar stop;
xmlChar *ret = NULL;
const xmlChar *cur = NULL;
@@ -3818,6 +3831,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
GROW;
c = CUR_CHAR(l);
}
+
+ if (len > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+ "entity value too long\n");
+ goto error;
+ }
}
buf[len] = 0;
if (ctxt->instate == XML_PARSER_EOF)
@@ -3905,6 +3924,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
xmlChar *rep = NULL;
size_t len = 0;
size_t buf_size = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
int c, l, in_space = 0;
xmlChar *current = NULL;
xmlEntityPtr ent;
@@ -3925,16 +3925,6 @@
while (((NXT(0) != limit) && /* checked */
(IS_CHAR(c)) && (c != '<')) &&
(ctxt->instate != XML_PARSER_EOF)) {
- /*
- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE
- * special option is given
- */
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
- "AttValue length too long\n");
- goto mem_error;
- }
if (c == 0) break;
if (c == '&') {
in_space = 0;
@@ -4093,6 +4105,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
}
GROW;
c = CUR_CHAR(l);
+ if (len > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ goto mem_error;
+ }
}
if (ctxt->instate == XML_PARSER_EOF)
goto error;
@@ -4114,16 +4131,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
} else
NEXT;
- /*
- * There we potentially risk an overflow, don't allow attribute value of
- * length more than INT_MAX it is a very reasonable assumption !
- */
- if (len >= INT_MAX) {
- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
- "AttValue length too long\n");
- goto mem_error;
- }
-
if (attlen != NULL) *attlen = (int) len;
return(buf);
@@ -4194,6 +4201,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
int len = 0;
int size = XML_PARSER_BUFFER_SIZE;
int cur, l;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
xmlChar stop;
int state = ctxt->instate;
int count = 0;
@@ -4221,13 +4231,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
if (len + 5 >= size) {
xmlChar *tmp;
- if ((size > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
- xmlFree(buf);
- ctxt->instate = (xmlParserInputState) state;
- return(NULL);
- }
size *= 2;
tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
if (tmp == NULL) {
@@ -4256,6 +4259,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
SHRINK;
cur = CUR_CHAR(l);
}
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
+ xmlFree(buf);
+ ctxt->instate = (xmlParserInputState) state;
+ return(NULL);
+ }
}
buf[len] = 0;
ctxt->instate = (xmlParserInputState) state;
@@ -4283,6 +4292,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
xmlChar *buf = NULL;
int len = 0;
int size = XML_PARSER_BUFFER_SIZE;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
xmlChar cur;
xmlChar stop;
int count = 0;
@@ -4310,12 +4322,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
if (len + 1 >= size) {
xmlChar *tmp;
- if ((size > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
- xmlFree(buf);
- return(NULL);
- }
size *= 2;
tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
if (tmp == NULL) {
@@ -4343,6 +4349,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
SHRINK;
cur = CUR;
}
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
+ xmlFree(buf);
+ return(NULL);
+ }
}
buf[len] = 0;
if (cur != stop) {
@@ -4742,6 +4753,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
int r, rl;
int cur, l;
size_t count = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
int inputid;
inputid = ctxt->input->id;
@@ -4787,13 +4801,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
if ((r == '-') && (q == '-')) {
xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL);
}
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
- "Comment too big found", NULL);
- xmlFree (buf);
- return;
- }
if (len + 5 >= size) {
xmlChar *new_buf;
size_t new_size;
@@ -4831,6 +4838,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
GROW;
cur = CUR_CHAR(l);
}
+
+ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment too big found", NULL);
+ xmlFree (buf);
+ return;
+ }
}
buf[len] = 0;
if (cur == 0) {
@@ -4875,6 +4889,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) {
xmlChar *buf = NULL;
size_t size = XML_PARSER_BUFFER_SIZE;
size_t len = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
xmlParserInputState state;
const xmlChar *in;
size_t nbchar = 0;
@@ -4958,8 +4975,7 @@ get_more:
buf[len] = 0;
}
}
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
"Comment too big found", NULL);
xmlFree (buf);
@@ -5159,6 +5175,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
xmlChar *buf = NULL;
size_t len = 0;
size_t size = XML_PARSER_BUFFER_SIZE;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
int cur, l;
const xmlChar *target;
xmlParserInputState state;
@@ -5234,14 +5253,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
return;
}
count = 0;
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
- "PI %s too big found", target);
- xmlFree(buf);
- ctxt->instate = state;
- return;
- }
}
COPY_BUF(l,buf,len,cur);
NEXTL(l);
@@ -5251,15 +5262,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
GROW;
cur = CUR_CHAR(l);
}
+ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+ "PI %s too big found", target);
+ xmlFree(buf);
+ ctxt->instate = state;
+ return;
+ }
}
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
- "PI %s too big found", target);
- xmlFree(buf);
- ctxt->instate = state;
- return;
- }
buf[len] = 0;
if (cur != '?') {
xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
@@ -8954,6 +8964,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
const xmlChar *in = NULL, *start, *end, *last;
xmlChar *ret = NULL;
int line, col;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
GROW;
in = (xmlChar *) CUR_PTR;
@@ -8993,8 +9006,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
start = in;
if (in >= end) {
GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9007,8 +9019,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
if ((*in++ == 0x20) && (*in == 0x20)) break;
if (in >= end) {
GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9041,16 +9052,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
last = last + delta;
}
end = ctxt->input->end;
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
}
}
}
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9063,8 +9072,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
col++;
if (in >= end) {
GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9072,8 +9080,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
}
}
last = in;
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9763,6 +9770,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
int s, sl;
int cur, l;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
/* Check 2.6.0 was NXT(0) not RAW */
if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) {
@@ -9796,13 +9806,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
if (len + 5 >= size) {
xmlChar *tmp;
- if ((size > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
- "CData section too big found", NULL);
- xmlFree (buf);
- return;
- }
tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
if (tmp == NULL) {
xmlFree(buf);
@@ -9829,6 +9832,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
}
NEXTL(l);
cur = CUR_CHAR(l);
+ if (len > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
+ "CData section too big found\n");
+ xmlFree(buf);
+ return;
+ }
}
buf[len] = 0;
ctxt->instate = XML_PARSER_CONTENT;
--
GitLab

View File

@@ -0,0 +1,104 @@
From 1b41ec4e9433b05bb0376be4725804c54ef1d80b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 31 Aug 2022 22:11:25 +0200
Subject: [PATCH] [CVE-2022-40304] Fix dict corruption caused by entity
reference cycles
When an entity reference cycle is detected, the entity content is
cleared by setting its first byte to zero. But the entity content might
be allocated from a dict. In this case, the dict entry becomes corrupted
leading to all kinds of logic errors, including memory errors like
double-frees.
Stop storing entity content, orig, ExternalID and SystemID in a dict.
These values are unlikely to occur multiple times in a document, so they
shouldn't have been stored in a dict in the first place.
Thanks to Ned Williamson and Nathan Wachholz working with Google Project
Zero for the report!
CVE: CVE-2022-40304
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b]
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
entities.c | 55 ++++++++++++++++--------------------------------------
1 file changed, 16 insertions(+), 39 deletions(-)
diff --git a/entities.c b/entities.c
index 84435515..d4e5412e 100644
--- a/entities.c
+++ b/entities.c
@@ -128,36 +128,19 @@ xmlFreeEntity(xmlEntityPtr entity)
if ((entity->children) && (entity->owner == 1) &&
(entity == (xmlEntityPtr) entity->children->parent))
xmlFreeNodeList(entity->children);
- if (dict != NULL) {
- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name)))
- xmlFree((char *) entity->name);
- if ((entity->ExternalID != NULL) &&
- (!xmlDictOwns(dict, entity->ExternalID)))
- xmlFree((char *) entity->ExternalID);
- if ((entity->SystemID != NULL) &&
- (!xmlDictOwns(dict, entity->SystemID)))
- xmlFree((char *) entity->SystemID);
- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI)))
- xmlFree((char *) entity->URI);
- if ((entity->content != NULL)
- && (!xmlDictOwns(dict, entity->content)))
- xmlFree((char *) entity->content);
- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig)))
- xmlFree((char *) entity->orig);
- } else {
- if (entity->name != NULL)
- xmlFree((char *) entity->name);
- if (entity->ExternalID != NULL)
- xmlFree((char *) entity->ExternalID);
- if (entity->SystemID != NULL)
- xmlFree((char *) entity->SystemID);
- if (entity->URI != NULL)
- xmlFree((char *) entity->URI);
- if (entity->content != NULL)
- xmlFree((char *) entity->content);
- if (entity->orig != NULL)
- xmlFree((char *) entity->orig);
- }
+ if ((entity->name != NULL) &&
+ ((dict == NULL) || (!xmlDictOwns(dict, entity->name))))
+ xmlFree((char *) entity->name);
+ if (entity->ExternalID != NULL)
+ xmlFree((char *) entity->ExternalID);
+ if (entity->SystemID != NULL)
+ xmlFree((char *) entity->SystemID);
+ if (entity->URI != NULL)
+ xmlFree((char *) entity->URI);
+ if (entity->content != NULL)
+ xmlFree((char *) entity->content);
+ if (entity->orig != NULL)
+ xmlFree((char *) entity->orig);
xmlFree(entity);
}
@@ -193,18 +176,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type,
ret->SystemID = xmlStrdup(SystemID);
} else {
ret->name = xmlDictLookup(dict, name, -1);
- if (ExternalID != NULL)
- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1);
- if (SystemID != NULL)
- ret->SystemID = xmlDictLookup(dict, SystemID, -1);
+ ret->ExternalID = xmlStrdup(ExternalID);
+ ret->SystemID = xmlStrdup(SystemID);
}
if (content != NULL) {
ret->length = xmlStrlen(content);
- if ((dict != NULL) && (ret->length < 5))
- ret->content = (xmlChar *)
- xmlDictLookup(dict, content, ret->length);
- else
- ret->content = xmlStrndup(content, ret->length);
+ ret->content = xmlStrndup(content, ret->length);
} else {
ret->length = 0;
ret->content = NULL;
--
GitLab

View File

@@ -34,6 +34,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://CVE-2022-29824.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
file://CVE-2016-3709.patch \
file://CVE-2022-40303.patch \
file://CVE-2022-40304.patch \
"
SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"

View File

@@ -17,6 +17,12 @@ deltask do_populate_sysroot
# Use a negative value to skip the update
CVE_DB_UPDATE_INTERVAL ?= "86400"
# Timeout for blocking socket operations, such as the connection attempt.
CVE_SOCKET_TIMEOUT ?= "60"
NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -28,24 +34,15 @@ python do_fetch() {
"""
import bb.utils
import bb.progress
import sqlite3, urllib, urllib.parse, shutil, gzip
from datetime import date
import shutil
bb.utils.export_proxies(d)
BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
YEAR_START = 2002
db_file = d.getVar("CVE_CHECK_DB_FILE")
db_dir = os.path.dirname(db_file)
db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
if os.path.exists("{0}-journal".format(db_file)):
# If a journal is present the last update might have been interrupted. In that case,
# just wipe any leftovers and force the DB to be recreated.
os.remove("{0}-journal".format(db_file))
if os.path.exists(db_file):
os.remove(db_file)
cleanup_db_download(db_file, db_tmp_file)
# The NVD database changes once a day, so no need to update more frequently
# Allow the user to force-update
@@ -62,26 +59,81 @@ python do_fetch() {
pass
bb.utils.mkdirhier(db_dir)
if os.path.exists(db_file):
shutil.copy2(db_file, db_tmp_file)
if update_db_file(db_tmp_file, d) == True:
# Update downloaded correctly, can swap files
shutil.move(db_tmp_file, db_file)
else:
# Update failed, do not modify the database
bb.note("CVE database update failed")
os.remove(db_tmp_file)
}
do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
do_fetch[file-checksums] = ""
do_fetch[vardeps] = ""
def cleanup_db_download(db_file, db_tmp_file):
"""
Cleanup the download space from possible failed downloads
"""
# Clean up the updates done on the main file
# Remove it only if a journal file exists - it means a complete re-download
if os.path.exists("{0}-journal".format(db_file)):
# If a journal is present the last update might have been interrupted. In that case,
# just wipe any leftovers and force the DB to be recreated.
os.remove("{0}-journal".format(db_file))
if os.path.exists(db_file):
os.remove(db_file)
# Clean-up the temporary file downloads, we can remove both journal
# and the temporary database
if os.path.exists("{0}-journal".format(db_tmp_file)):
# If a journal is present the last update might have been interrupted. In that case,
# just wipe any leftovers and force the DB to be recreated.
os.remove("{0}-journal".format(db_tmp_file))
if os.path.exists(db_tmp_file):
os.remove(db_tmp_file)
def update_db_file(db_tmp_file, d):
"""
Update the given database file
"""
import bb.utils, bb.progress
from datetime import date
import urllib, gzip, sqlite3
YEAR_START = 2002
cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
# Connect to database
conn = sqlite3.connect(db_file)
conn = sqlite3.connect(db_tmp_file)
initialize_db(conn)
with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
total_years = date.today().year + 1 - YEAR_START
for i, year in enumerate(range(YEAR_START, date.today().year + 1)):
bb.debug(2, "Updating %d" % year)
ph.update((float(i + 1) / total_years) * 100)
year_url = BASE_URL + str(year)
year_url = (d.getVar('NVDCVE_URL')) + str(year)
meta_url = year_url + ".meta"
json_url = year_url + ".json.gz"
# Retrieve meta last modified date
try:
response = urllib.request.urlopen(meta_url)
response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
bb.warn("Failed to fetch CVE data (%s)" % e.reason)
return
bb.warn("Failed to fetch CVE data (%s)" % e)
import socket
result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP)
bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result)))
return False
if response:
for l in response.read().decode("utf-8").splitlines():
@@ -91,7 +143,7 @@ python do_fetch() {
break
else:
bb.warn("Cannot parse CVE metadata, update failed")
return
return False
# Compare with current db last modified date
cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
@@ -99,31 +151,29 @@ python do_fetch() {
cursor.close()
if not meta or meta[0] != last_modified:
bb.debug(2, "Updating entries")
# Clear products table entries corresponding to current year
conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close()
# Update db with current year json file
try:
response = urllib.request.urlopen(json_url)
response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout)
if response:
update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
return
return False
else:
bb.debug(2, "Already up to date (last modified %s)" % last_modified)
# Update success, set the date to cve_check file.
if year == date.today().year:
cve_f.write('CVE database update : %s\n\n' % date.today())
conn.commit()
conn.close()
}
do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
do_fetch[file-checksums] = ""
do_fetch[vardeps] = ""
return True
def initialize_db(conn):
with conn:

View File

@@ -0,0 +1,49 @@
From 7b005f344e533cd913c3ca05b266f9872df886d1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 24 Mar 2022 20:04:34 +0800
Subject: [PATCH] BaseTools: fix gcc12 warning
GenFfs.c:545:5: error: pointer ?InFileHandle? used after ?fclose? [-Werror=use-after-free]
545 | Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GenFfs.c:544:5: note: call to ?fclose? here
544 | fclose (InFileHandle);
| ^~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/7b005f344e533cd913c3ca05b266f9872df886d1]
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
BaseTools/Source/C/GenFfs/GenFfs.c | 2 +-
BaseTools/Source/C/GenSec/GenSec.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/C/GenFfs/GenFfs.c b/BaseTools/Source/C/GenFfs/GenFfs.c
index 949025c33325..d78d62ab3689 100644
--- a/BaseTools/Source/C/GenFfs/GenFfs.c
+++ b/BaseTools/Source/C/GenFfs/GenFfs.c
@@ -542,7 +542,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment)
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
if (PeFileBuffer == NULL) {
fclose (InFileHandle);
- Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
+ Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile);
return EFI_OUT_OF_RESOURCES;
}
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);
diff --git a/BaseTools/Source/C/GenSec/GenSec.c b/BaseTools/Source/C/GenSec/GenSec.c
index d54a4f9e0a7d..b1d05367ec0b 100644
--- a/BaseTools/Source/C/GenSec/GenSec.c
+++ b/BaseTools/Source/C/GenSec/GenSec.c
@@ -1062,7 +1062,7 @@ GetAlignmentFromFile(char *InFile, UINT32 *Alignment)
PeFileBuffer = (UINT8 *) malloc (PeFileSize);
if (PeFileBuffer == NULL) {
fclose (InFileHandle);
- Error(NULL, 0, 4001, "Resource", "memory cannot be allocated of %s", InFileHandle);
+ Error(NULL, 0, 4001, "Resource", "memory cannot be allocated for %s", InFile);
return EFI_OUT_OF_RESOURCES;
}
fread (PeFileBuffer, sizeof (UINT8), PeFileSize, InFileHandle);

View File

@@ -0,0 +1,53 @@
From 24551a99d1f765c891a4dc21a36f18ccbf56e612 Mon Sep 17 00:00:00 2001
From: Steve Sakoman <steve@sakoman.com>
Date: Tue, 10 Jan 2023 06:15:00 -1000
Subject: [PATCH] BaseTools: fix gcc12 warning
Sdk/C/LzmaEnc.c: In function ?LzmaEnc_CodeOneMemBlock?:
Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*p.rc.outStream? [-Werror=dangling-pointer=]
2828 | p->rc.outStream = &outStream.vt;
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here
2811 | CLzmaEnc_SeqOutStreamBuf outStream;
| ^~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here
Sdk/C/LzmaEnc.c:2828:19: error: storing the address of local variable ?outStream? in ?*(CLzmaEnc *)pp.rc.outStream? [-Werror=dangling-pointer=]
2828 | p->rc.outStream = &outStream.vt;
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?outStream? declared here
2811 | CLzmaEnc_SeqOutStreamBuf outStream;
| ^~~~~~~~~
Sdk/C/LzmaEnc.c:2811:28: note: ?pp? declared here
cc1: all warnings being treated as errors
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/85021f8cf22d1bd4114803c6c610dea5ef0059f1]
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
index e281716fee..b575c4f888 100644
--- a/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
+++ b/BaseTools/Source/C/LzmaCompress/Sdk/C/LzmaEnc.c
@@ -2638,12 +2638,13 @@ SRes LzmaEnc_CodeOneMemBlock(CLzmaEncHandle pp, Bool reInit,
nowPos64 = p->nowPos64;
RangeEnc_Init(&p->rc);
- p->rc.outStream = &outStream.vt;
if (desiredPackSize == 0)
return SZ_ERROR_OUTPUT_EOF;
+ p->rc.outStream = &outStream.vt;
res = LzmaEnc_CodeOneBlock(p, desiredPackSize, *unpackSize);
+ p->rc.outStream = NULL;
*unpackSize = (UInt32)(p->nowPos64 - nowPos64);
*destLen -= outStream.rem;
--
2.25.1

View File

@@ -0,0 +1,41 @@
From 22130dcd98b4d4b76ac8d922adb4a2dbc86fa52c Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 24 Mar 2022 20:04:36 +0800
Subject: [PATCH] Basetools: turn off gcc12 warning
In function ?SetDevicePathEndNode?,
inlined from ?FileDevicePath? at DevicePathUtilities.c:857:5:
DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 [-Werror=stringop-overflow=]
321 | memcpy (Node, &mUefiDevicePathLibEndDevicePath, sizeof (mUefiDevicePathLibEndDevicePath));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from UefiDevicePathLib.h:22,
from DevicePathUtilities.c:16:
../Include/Protocol/DevicePath.h: In function ?FileDevicePath?:
../Include/Protocol/DevicePath.h:51:9: note: destination object ?Type? of size 1
51 | UINT8 Type; ///< 0x01 Hardware Device Path.
| ^~~~
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/22130dcd98b4d4b76ac8d922adb4a2dbc86fa52c]
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
BaseTools/Source/C/DevicePath/GNUmakefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/BaseTools/Source/C/DevicePath/GNUmakefile b/BaseTools/Source/C/DevicePath/GNUmakefile
index 7ca08af9662d..b05d2bddfa68 100644
--- a/BaseTools/Source/C/DevicePath/GNUmakefile
+++ b/BaseTools/Source/C/DevicePath/GNUmakefile
@@ -13,6 +13,9 @@ OBJECTS = DevicePath.o UefiDevicePathLib.o DevicePathFromText.o DevicePathUtili
include $(MAKEROOT)/Makefiles/app.makefile
+# gcc 12 trips over device path handling
+BUILD_CFLAGS += -Wno-error=stringop-overflow
+
LIBS = -lCommon
ifeq ($(CYGWIN), CYGWIN)
LIBS += -L/lib/e2fsprogs -luuid

View File

@@ -18,6 +18,9 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0003-ovmf-enable-long-path-file.patch \
file://0004-ovmf-Update-to-latest.patch \
file://0001-Fix-VLA-parameter-warning.patch \
file://0001-Basetools-genffs-fix-gcc12-warning.patch \
file://0001-Basetools-lzmaenc-fix-gcc12-warning.patch \
file://0001-Basetools-turn-off-gcc12-warning.patch \
"
PV = "edk2-stable202008"

View File

@@ -2,6 +2,7 @@
Description=Start psplash boot splash screen
DefaultDependencies=no
RequiresMountsFor=/run
ConditionFileIsExecutable=/usr/bin/psplash
[Service]
Type=notify

View File

@@ -4,6 +4,7 @@ DefaultDependencies=no
After=psplash-start.service
Requires=psplash-start.service
RequiresMountsFor=/run
ConditionFileIsExecutable=/usr/bin/psplash
[Service]
ExecStart=/usr/bin/psplash-systemd

View File

@@ -0,0 +1,47 @@
From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 7 Jul 2022 18:27:02 +0900
Subject: [PATCH] time-util: fix buffer-over-run
Fixes #23928.
CVE: CVE-2022-3821
Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e.patch]
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Comment: Both the hunks refreshed to backport
---
src/basic/time-util.c | 2 +-
src/test/test-time-util.c | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index abbc4ad5cd70..26d59de12348 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t
t = b;
}
- n = MIN((size_t) k, l);
+ n = MIN((size_t) k, l-1);
l -= n;
p += n;
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index e8e4e2a67bb1..58c5fa9be40c 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -501,6 +501,12 @@ int main(int argc, char *argv[]) {
test_format_timespan(1);
test_format_timespan(USEC_PER_MSEC);
test_format_timespan(USEC_PER_SEC);
+
+ /* See issue #23928. */
+ _cleanup_free_ char *buf;
+ assert_se(buf = new(char, 5));
+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
+
test_timezone_is_valid();
test_get_timezones();
test_usec_add();

View File

@@ -33,6 +33,7 @@ SRC_URI += "file://touchscreen.rules \
file://CVE-2021-3997-1.patch \
file://CVE-2021-3997-2.patch \
file://CVE-2021-3997-3.patch \
file://CVE-2022-3821.patch \
"
# patches needed by musl
@@ -403,9 +404,9 @@ FILES_${PN}-binfmt = "${sysconfdir}/binfmt.d/ \
${rootlibexecdir}/systemd/systemd-binfmt \
${systemd_unitdir}/system/proc-sys-fs-binfmt_misc.* \
${systemd_unitdir}/system/systemd-binfmt.service"
RRECOMMENDS_${PN}-binfmt = "kernel-module-binfmt-misc"
RRECOMMENDS_${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}"
RRECOMMENDS_${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps"
RRECOMMENDS_${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}"
FILES_${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \

View File

@@ -24,7 +24,7 @@ BRANCH ?= "binutils-2_34-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
SRCREV ?= "d4b50999b3b287b5f984ade2f8734aa8c9359440"
SRCREV ?= "c4e78c0868a22971680217a41fdb73516a26813d"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${BRANCH};protocol=git"
SRC_URI = "\
${BINUTILS_GIT_URI} \

View File

@@ -199,6 +199,6 @@ Index: git/bfd/ChangeLog
+ * dwarf2.c (scan_unit_for_symbols): Wrap overlong lines. Don't
+ strdup(0).
+
2020-02-19 H.J. Lu <hongjiu.lu@intel.com>
2021-05-03 Alan Modra <amodra@gmail.com>
PR binutils/25355
PR 27755

View File

@@ -7,31 +7,49 @@ Adds missing sanity checks for avr device info note, to avoid
potential buffer overflows. Uses bfd_malloc_and_get_section for
sanity checking section size.
PR 27290
PR 27293
PR 27295
* od-elf32_avr.c (elf32_avr_get_note_section_contents): Formatting.
Use bfd_malloc_and_get_section.
(elf32_avr_get_note_desc): Formatting. Return descsz. Sanity
check namesz. Return NULL if descsz is too small. Ensure
string table is terminated.
(elf32_avr_get_device_info): Formatting. Add note_size param.
Sanity check note.
(elf32_avr_dump_mem_usage): Adjust to suit.
PR 27290
PR 27293
PR 27295
* od-elf32_avr.c (elf32_avr_get_note_section_contents): Formatting.
Use bfd_malloc_and_get_section.
(elf32_avr_get_note_desc): Formatting. Return descsz. Sanity
check namesz. Return NULL if descsz is too small. Ensure
string table is terminated.
(elf32_avr_get_device_info): Formatting. Add note_size param.
Sanity check note.
(elf32_avr_dump_mem_usage): Adjust to suit.
Upstream-Status: Backport
CVE: CVE-2021-3549
Signed-of-by: Armin Kuster <akuster@mvista.com>
---
binutils/ChangeLog | 14 +++++++++
binutils/od-elf32_avr.c | 66 ++++++++++++++++++++++++++---------------
2 files changed, 56 insertions(+), 24 deletions(-)
Index: git/binutils/od-elf32_avr.c
===================================================================
--- git.orig/binutils/od-elf32_avr.c
+++ git/binutils/od-elf32_avr.c
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 1e9a96c9bb6..02e5019204e 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,17 @@
+2021-02-11 Alan Modra <amodra@gmail.com>
+
+ PR 27290
+ PR 27293
+ PR 27295
+ * od-elf32_avr.c (elf32_avr_get_note_section_contents): Formatting.
+ Use bfd_malloc_and_get_section.
+ (elf32_avr_get_note_desc): Formatting. Return descsz. Sanity
+ check namesz. Return NULL if descsz is too small. Ensure
+ string table is terminated.
+ (elf32_avr_get_device_info): Formatting. Add note_size param.
+ Sanity check note.
+ (elf32_avr_dump_mem_usage): Adjust to suit.
+
2020-03-25 H.J. Lu <hongjiu.lu@intel.com>
* ar.c (main): Update bfd_plugin_set_program_name call.
diff --git a/binutils/od-elf32_avr.c b/binutils/od-elf32_avr.c
index 5ec99957fe9..1d32bce918e 100644
--- a/binutils/od-elf32_avr.c
+++ b/binutils/od-elf32_avr.c
@@ -77,23 +77,29 @@ elf32_avr_filter (bfd *abfd)
return bfd_get_flavour (abfd) == bfd_target_elf_flavour;
}
@@ -70,7 +88,7 @@ Index: git/binutils/od-elf32_avr.c
{
Elf_External_Note *xnp = (Elf_External_Note *) contents;
Elf_Internal_Note in;
@@ -107,42 +113,54 @@ static char* elf32_avr_get_note_desc (bf
@@ -107,42 +113,54 @@ static char* elf32_avr_get_note_desc (bfd *abfd, char *contents,
if (in.namesz > contents - in.namedata + size)
return NULL;
@@ -163,25 +181,3 @@ Index: git/binutils/od-elf32_avr.c
}
elf32_avr_get_memory_usage (abfd, &text_usage, &data_usage,
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
@@ -1,3 +1,17 @@
+2021-02-11 Alan Modra <amodra@gmail.com>
+
+ PR 27290
+ PR 27293
+ PR 27295
+ * od-elf32_avr.c (elf32_avr_get_note_section_contents): Formatting.
+ Use bfd_malloc_and_get_section.
+ (elf32_avr_get_note_desc): Formatting. Return descsz. Sanity
+ check namesz. Return NULL if descsz is too small. Ensure
+ string table is terminated.
+ (elf32_avr_get_device_info): Formatting. Add note_size param.
+ Sanity check note.
+ (elf32_avr_dump_mem_usage): Adjust to suit.
+
2020-02-01 Nick Clifton <nickc@redhat.com>
* configure: Regenerate.

View File

@@ -1,119 +0,0 @@
Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=97b668f9a8c6ec565c278a60e7d1492a6932e409]
Signed-off-by: Jon Mason <jon.mason@arm.com>
From 97b668f9a8c6ec565c278a60e7d1492a6932e409 Mon Sep 17 00:00:00 2001
From: Matthias Klose <doko@ubuntu.com>
Date: Tue, 6 Oct 2020 13:41:37 +0200
Subject: [PATCH] Backport fix for PR/tree-optimization/97236 - fix bad use of
VMAT_CONTIGUOUS
This avoids using VMAT_CONTIGUOUS with single-element interleaving
when using V1mode vectors. Instead keep VMAT_ELEMENTWISE but
continue to avoid load-lanes and gathers.
2020-10-01 Richard Biener <rguenther@suse.de>
PR tree-optimization/97236
* tree-vect-stmts.c (get_group_load_store_type): Keep
VMAT_ELEMENTWISE for single-element vectors.
* gcc.dg/vect/pr97236.c: New testcase.
(cherry picked from commit 1ab88985631dd2c5a5e3b5c0dce47cf8b6ed2f82)
---
gcc/testsuite/gcc.dg/vect/pr97236.c | 43 +++++++++++++++++++++++++++++
gcc/tree-vect-stmts.c | 20 ++++++--------
2 files changed, 52 insertions(+), 11 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/vect/pr97236.c
diff --git a/gcc/testsuite/gcc.dg/vect/pr97236.c b/gcc/testsuite/gcc.dg/vect/pr97236.c
new file mode 100644
index 000000000000..9d3dc20d953d
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/vect/pr97236.c
@@ -0,0 +1,43 @@
+typedef unsigned char __uint8_t;
+typedef __uint8_t uint8_t;
+typedef struct plane_t {
+ uint8_t *p_pixels;
+ int i_lines;
+ int i_pitch;
+} plane_t;
+
+typedef struct {
+ plane_t p[5];
+} picture_t;
+
+#define N 4
+
+void __attribute__((noipa))
+picture_Clone(picture_t *picture, picture_t *res)
+{
+ for (int i = 0; i < N; i++) {
+ res->p[i].p_pixels = picture->p[i].p_pixels;
+ res->p[i].i_lines = picture->p[i].i_lines;
+ res->p[i].i_pitch = picture->p[i].i_pitch;
+ }
+}
+
+int
+main()
+{
+ picture_t aaa, bbb;
+ uint8_t pixels[10] = {1, 1, 1, 1, 1, 1, 1, 1};
+
+ for (unsigned i = 0; i < N; i++)
+ aaa.p[i].p_pixels = pixels;
+
+ picture_Clone (&aaa, &bbb);
+
+ uint8_t c = 0;
+ for (unsigned i = 0; i < N; i++)
+ c += bbb.p[i].p_pixels[0];
+
+ if (c != N)
+ __builtin_abort ();
+ return 0;
+}
diff --git a/gcc/tree-vect-stmts.c b/gcc/tree-vect-stmts.c
index 507f81b0a0e8..ffbba3441de2 100644
--- a/gcc/tree-vect-stmts.c
+++ b/gcc/tree-vect-stmts.c
@@ -2355,25 +2355,23 @@ get_group_load_store_type (stmt_vec_info stmt_info, tree vectype, bool slp,
/* First cope with the degenerate case of a single-element
vector. */
if (known_eq (TYPE_VECTOR_SUBPARTS (vectype), 1U))
- *memory_access_type = VMAT_CONTIGUOUS;
+ ;
/* Otherwise try using LOAD/STORE_LANES. */
- if (*memory_access_type == VMAT_ELEMENTWISE
- && (vls_type == VLS_LOAD
- ? vect_load_lanes_supported (vectype, group_size, masked_p)
- : vect_store_lanes_supported (vectype, group_size,
- masked_p)))
+ else if (vls_type == VLS_LOAD
+ ? vect_load_lanes_supported (vectype, group_size, masked_p)
+ : vect_store_lanes_supported (vectype, group_size,
+ masked_p))
{
*memory_access_type = VMAT_LOAD_STORE_LANES;
overrun_p = would_overrun_p;
}
/* If that fails, try using permuting loads. */
- if (*memory_access_type == VMAT_ELEMENTWISE
- && (vls_type == VLS_LOAD
- ? vect_grouped_load_supported (vectype, single_element_p,
- group_size)
- : vect_grouped_store_supported (vectype, group_size)))
+ else if (vls_type == VLS_LOAD
+ ? vect_grouped_load_supported (vectype, single_element_p,
+ group_size)
+ : vect_grouped_store_supported (vectype, group_size))
{
*memory_access_type = VMAT_CONTIGUOUS_PERMUTE;
overrun_p = would_overrun_p;
--
2.20.1

View File

@@ -1,204 +0,0 @@
CVE: CVE-2020-13844
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
From 20da13e395bde597d8337167c712039c8f923c3b Mon Sep 17 00:00:00 2001
From: Matthew Malcomson <matthew.malcomson@arm.com>
Date: Thu, 9 Jul 2020 09:11:58 +0100
Subject: [PATCH 1/3] aarch64: New Straight Line Speculation (SLS) mitigation
flags
Here we introduce the flags that will be used for straight line speculation.
The new flag introduced is `-mharden-sls=`.
This flag can take arguments of `none`, `all`, or a comma seperated list
of one or more of `retbr` or `blr`.
`none` indicates no special mitigation of the straight line speculation
vulnerability.
`all` requests all mitigations currently implemented.
`retbr` requests that the RET and BR instructions have a speculation
barrier inserted after them.
`blr` requests that BLR instructions are replaced by a BL to a function
stub using a BR with a speculation barrier after it.
Setting this on a per-function basis using attributes or the like is not
enabled, but may be in the future.
(cherry picked from commit a9ba2a9b77bec7eacaf066801f22d1c366a2bc86)
gcc/ChangeLog:
2020-06-02 Matthew Malcomson <matthew.malcomson@arm.com>
* config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
New.
(aarch64_harden_sls_blr_p): New.
* config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
New.
(aarch64_harden_sls_retbr_p): New.
(aarch64_harden_sls_blr_p): New.
(aarch64_validate_sls_mitigation): New.
(aarch64_override_options): Parse options for SLS mitigation.
* config/aarch64/aarch64.opt (-mharden-sls): New option.
* doc/invoke.texi: Document new option.
---
gcc/config/aarch64/aarch64-protos.h | 3 ++
gcc/config/aarch64/aarch64.c | 76 +++++++++++++++++++++++++++++
gcc/config/aarch64/aarch64.opt | 4 ++
gcc/doc/invoke.texi | 12 +++++
4 files changed, 95 insertions(+)
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index c083cad53..31493f412 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -644,4 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);
bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);
+extern bool aarch64_harden_sls_retbr_p (void);
+extern bool aarch64_harden_sls_blr_p (void);
+
#endif /* GCC_AARCH64_PROTOS_H */
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index b452a53af..269ff6c92 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -11734,6 +11734,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res,
return false;
}
+/* Straight line speculation indicators. */
+enum aarch64_sls_hardening_type
+{
+ SLS_NONE = 0,
+ SLS_RETBR = 1,
+ SLS_BLR = 2,
+ SLS_ALL = 3,
+};
+static enum aarch64_sls_hardening_type aarch64_sls_hardening;
+
+/* Return whether we should mitigatate Straight Line Speculation for the RET
+ and BR instructions. */
+bool
+aarch64_harden_sls_retbr_p (void)
+{
+ return aarch64_sls_hardening & SLS_RETBR;
+}
+
+/* Return whether we should mitigatate Straight Line Speculation for the BLR
+ instruction. */
+bool
+aarch64_harden_sls_blr_p (void)
+{
+ return aarch64_sls_hardening & SLS_BLR;
+}
+
+/* As of yet we only allow setting these options globally, in the future we may
+ allow setting them per function. */
+static void
+aarch64_validate_sls_mitigation (const char *const_str)
+{
+ char *token_save = NULL;
+ char *str = NULL;
+
+ if (strcmp (const_str, "none") == 0)
+ {
+ aarch64_sls_hardening = SLS_NONE;
+ return;
+ }
+ if (strcmp (const_str, "all") == 0)
+ {
+ aarch64_sls_hardening = SLS_ALL;
+ return;
+ }
+
+ char *str_root = xstrdup (const_str);
+ str = strtok_r (str_root, ",", &token_save);
+ if (!str)
+ error ("invalid argument given to %<-mharden-sls=%>");
+
+ int temp = SLS_NONE;
+ while (str)
+ {
+ if (strcmp (str, "blr") == 0)
+ temp |= SLS_BLR;
+ else if (strcmp (str, "retbr") == 0)
+ temp |= SLS_RETBR;
+ else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0)
+ {
+ error ("%<%s%> must be by itself for %<-mharden-sls=%>", str);
+ break;
+ }
+ else
+ {
+ error ("invalid argument %<%s%> for %<-mharden-sls=%>", str);
+ break;
+ }
+ str = strtok_r (NULL, ",", &token_save);
+ }
+ aarch64_sls_hardening = (aarch64_sls_hardening_type) temp;
+ free (str_root);
+}
+
/* Parses CONST_STR for branch protection features specified in
aarch64_branch_protect_types, and set any global variables required. Returns
the parsing result and assigns LAST_STR to the last processed token from
@@ -11972,6 +12045,9 @@ aarch64_override_options (void)
selected_arch = NULL;
selected_tune = NULL;
+ if (aarch64_harden_sls_string)
+ aarch64_validate_sls_mitigation (aarch64_harden_sls_string);
+
if (aarch64_branch_protection_string)
aarch64_validate_mbranch_protection (aarch64_branch_protection_string);
diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
index 3c6d1cc90..d27ab6df8 100644
--- a/gcc/config/aarch64/aarch64.opt
+++ b/gcc/config/aarch64/aarch64.opt
@@ -71,6 +71,10 @@ mgeneral-regs-only
Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save
Generate code which uses only the general registers.
+mharden-sls=
+Target RejectNegative Joined Var(aarch64_harden_sls_string)
+Generate code to mitigate against straight line speculation.
+
mfix-cortex-a53-835769
Target Report Var(aarch64_fix_a53_err835769) Init(2) Save
Workaround for ARM Cortex-A53 Erratum number 835769.
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 2f7ffe456..5f04a7d2b 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -638,6 +638,7 @@ Objective-C and Objective-C++ Dialects}.
-mpc-relative-literal-loads @gol
-msign-return-address=@var{scope} @gol
-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]|@var{bti} @gol
+-mharden-sls=@var{opts} @gol
-march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol
-moverride=@var{string} -mverbose-cost-dump @gol
-mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
@@ -15955,6 +15956,17 @@ argument @samp{leaf} can be used to extend the signing to include leaf
functions.
@samp{bti} turns on branch target identification mechanism.
+@item -mharden-sls=@var{opts}
+@opindex mharden-sls
+Enable compiler hardening against straight line speculation (SLS).
+@var{opts} is a comma-separated list of the following options:
+@table @samp
+@item retbr
+@item blr
+@end table
+In addition, @samp{-mharden-sls=all} enables all SLS hardening while
+@samp{-mharden-sls=none} disables all SLS hardening.
+
@item -msve-vector-bits=@var{bits}
@opindex msve-vector-bits
Specify the number of bits in an SVE vector register. This option only has
--
2.25.1

View File

@@ -1,600 +0,0 @@
CVE: CVE-2020-13844
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
From dc586a749228ecfb71f72ec2ca10e6f7b6874af3 Mon Sep 17 00:00:00 2001
From: Matthew Malcomson <matthew.malcomson@arm.com>
Date: Thu, 9 Jul 2020 09:11:59 +0100
Subject: [PATCH 2/3] aarch64: Introduce SLS mitigation for RET and BR
instructions
Instructions following RET or BR are not necessarily executed. In order
to avoid speculation past RET and BR we can simply append a speculation
barrier.
Since these speculation barriers will not be architecturally executed,
they are not expected to add a high performance penalty.
The speculation barrier is to be SB when targeting architectures which
have this enabled, and DSB SY + ISB otherwise.
We add tests for each of the cases where such an instruction was seen.
This is implemented by modifying each machine description pattern that
emits either a RET or a BR instruction. We choose not to use something
like `TARGET_ASM_FUNCTION_EPILOGUE` since it does not affect the
`indirect_jump`, `jump`, `sibcall_insn` and `sibcall_value_insn`
patterns and we find it preferable to implement the functionality in the
same way for every pattern.
There is one particular case which is slightly tricky. The
implementation of TARGET_ASM_TRAMPOLINE_TEMPLATE uses a BR which needs
to be mitigated against. The trampoline template is used *once* per
compilation unit, and the TRAMPOLINE_SIZE is exposed to the user via the
builtin macro __LIBGCC_TRAMPOLINE_SIZE__.
In the future we may implement function specific attributes to turn on
and off hardening on a per-function basis.
The fixed nature of the trampoline described above implies it will be
safer to ensure this speculation barrier is always used.
Testing:
Bootstrap and regtest done on aarch64-none-linux
Used a temporary hack(1) to use these options on every test in the
testsuite and a script to check that the output never emitted an
unmitigated RET or BR.
1) Temporary hack was a change to the testsuite to always use
`-save-temps` and run a script on the assembly output of those
compilations which produced one to ensure every RET or BR is immediately
followed by a speculation barrier.
(cherry picked from be178ecd5ac1fe1510d960ff95c66d0ff831afe1)
gcc/ChangeLog:
* config/aarch64/aarch64-protos.h (aarch64_sls_barrier): New.
* config/aarch64/aarch64.c (aarch64_output_casesi): Emit
speculation barrier after BR instruction if needs be.
(aarch64_trampoline_init): Handle ptr_mode value & adjust size
of code copied.
(aarch64_sls_barrier): New.
(aarch64_asm_trampoline_template): Add needed barriers.
* config/aarch64/aarch64.h (AARCH64_ISA_SB): New.
(TARGET_SB): New.
(TRAMPOLINE_SIZE): Account for barrier.
* config/aarch64/aarch64.md (indirect_jump, *casesi_dispatch,
simple_return, *do_return, *sibcall_insn, *sibcall_value_insn):
Emit barrier if needs be, also account for possible barrier using
"sls_length" attribute.
(sls_length): New attribute.
(length): Determine default using any non-default sls_length
value.
gcc/testsuite/ChangeLog:
* gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c: New test.
* gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c:
New test.
* gcc.target/aarch64/sls-mitigation/sls-mitigation.exp: New file.
* lib/target-supports.exp (check_effective_target_aarch64_asm_sb_ok):
New proc.
---
gcc/config/aarch64/aarch64-protos.h | 1 +
gcc/config/aarch64/aarch64.c | 41 +++++-
gcc/config/aarch64/aarch64.h | 10 +-
gcc/config/aarch64/aarch64.md | 75 ++++++++---
.../sls-mitigation/sls-miti-retbr-pacret.c | 15 +++
.../aarch64/sls-mitigation/sls-miti-retbr.c | 119 ++++++++++++++++++
.../aarch64/sls-mitigation/sls-mitigation.exp | 73 +++++++++++
gcc/testsuite/lib/target-supports.exp | 3 +-
8 files changed, 312 insertions(+), 25 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index 31493f412..885eae893 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -644,6 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);
bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);
+const char *aarch64_sls_barrier (int);
extern bool aarch64_harden_sls_retbr_p (void);
extern bool aarch64_harden_sls_blr_p (void);
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index 269ff6c92..dff61105c 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -8412,8 +8412,8 @@ aarch64_return_addr (int count, rtx frame ATTRIBUTE_UNUSED)
static void
aarch64_asm_trampoline_template (FILE *f)
{
- int offset1 = 16;
- int offset2 = 20;
+ int offset1 = 24;
+ int offset2 = 28;
if (aarch64_bti_enabled ())
{
@@ -8436,6 +8436,17 @@ aarch64_asm_trampoline_template (FILE *f)
}
asm_fprintf (f, "\tbr\t%s\n", reg_names [IP1_REGNUM]);
+ /* We always emit a speculation barrier.
+ This is because the same trampoline template is used for every nested
+ function. Since nested functions are not particularly common or
+ performant we don't worry too much about the extra instructions to copy
+ around.
+ This is not yet a problem, since we have not yet implemented function
+ specific attributes to choose between hardening against straight line
+ speculation or not, but such function specific attributes are likely to
+ happen in the future. */
+ asm_fprintf (f, "\tdsb\tsy\n\tisb\n");
+
/* The trampoline needs an extra padding instruction. In case if BTI is
enabled the padding instruction is replaced by the BTI instruction at
the beginning. */
@@ -8450,10 +8461,14 @@ static void
aarch64_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value)
{
rtx fnaddr, mem, a_tramp;
- const int tramp_code_sz = 16;
+ const int tramp_code_sz = 24;
/* Don't need to copy the trailing D-words, we fill those in below. */
- emit_block_move (m_tramp, assemble_trampoline_template (),
+ /* We create our own memory address in Pmode so that `emit_block_move` can
+ use parts of the backend which expect Pmode addresses. */
+ rtx temp = convert_memory_address (Pmode, XEXP (m_tramp, 0));
+ emit_block_move (gen_rtx_MEM (BLKmode, temp),
+ assemble_trampoline_template (),
GEN_INT (tramp_code_sz), BLOCK_OP_NORMAL);
mem = adjust_address (m_tramp, ptr_mode, tramp_code_sz);
fnaddr = XEXP (DECL_RTL (fndecl), 0);
@@ -8640,6 +8655,8 @@ aarch64_output_casesi (rtx *operands)
output_asm_insn (buf, operands);
output_asm_insn (patterns[index][1], operands);
output_asm_insn ("br\t%3", operands);
+ output_asm_insn (aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()),
+ operands);
assemble_label (asm_out_file, label);
return "";
}
@@ -18976,6 +18993,22 @@ aarch64_file_end_indicate_exec_stack ()
#undef GNU_PROPERTY_AARCH64_FEATURE_1_BTI
#undef GNU_PROPERTY_AARCH64_FEATURE_1_AND
+/* Helper function for straight line speculation.
+ Return what barrier should be emitted for straight line speculation
+ mitigation.
+ When not mitigating against straight line speculation this function returns
+ an empty string.
+ When mitigating against straight line speculation, use:
+ * SB when the v8.5-A SB extension is enabled.
+ * DSB+ISB otherwise. */
+const char *
+aarch64_sls_barrier (int mitigation_required)
+{
+ return mitigation_required
+ ? (TARGET_SB ? "sb" : "dsb\tsy\n\tisb")
+ : "";
+}
+
/* Target-specific selftests. */
#if CHECKING_P
diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
index 772a97296..72ddc6fd9 100644
--- a/gcc/config/aarch64/aarch64.h
+++ b/gcc/config/aarch64/aarch64.h
@@ -235,6 +235,7 @@ extern unsigned aarch64_architecture_version;
#define AARCH64_ISA_F16FML (aarch64_isa_flags & AARCH64_FL_F16FML)
#define AARCH64_ISA_RCPC8_4 (aarch64_isa_flags & AARCH64_FL_RCPC8_4)
#define AARCH64_ISA_V8_5 (aarch64_isa_flags & AARCH64_FL_V8_5)
+#define AARCH64_ISA_SB (aarch64_isa_flags & AARCH64_FL_SB)
/* Crypto is an optional extension to AdvSIMD. */
#define TARGET_CRYPTO (TARGET_SIMD && AARCH64_ISA_CRYPTO)
@@ -285,6 +286,9 @@ extern unsigned aarch64_architecture_version;
#define TARGET_FIX_ERR_A53_835769_DEFAULT 1
#endif
+/* SB instruction is enabled through +sb. */
+#define TARGET_SB (AARCH64_ISA_SB)
+
/* Apply the workaround for Cortex-A53 erratum 835769. */
#define TARGET_FIX_ERR_A53_835769 \
((aarch64_fix_a53_err835769 == 2) \
@@ -931,8 +935,10 @@ typedef struct
#define RETURN_ADDR_RTX aarch64_return_addr
-/* BTI c + 3 insns + 2 pointer-sized entries. */
-#define TRAMPOLINE_SIZE (TARGET_ILP32 ? 24 : 32)
+/* BTI c + 3 insns
+ + sls barrier of DSB + ISB.
+ + 2 pointer-sized entries. */
+#define TRAMPOLINE_SIZE (24 + (TARGET_ILP32 ? 8 : 16))
/* Trampolines contain dwords, so must be dword aligned. */
#define TRAMPOLINE_ALIGNMENT 64
diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
index cc5a887d4..494aee964 100644
--- a/gcc/config/aarch64/aarch64.md
+++ b/gcc/config/aarch64/aarch64.md
@@ -331,10 +331,25 @@
;; Attribute that specifies whether the alternative uses MOVPRFX.
(define_attr "movprfx" "no,yes" (const_string "no"))
+;; Attribute to specify that an alternative has the length of a single
+;; instruction plus a speculation barrier.
+(define_attr "sls_length" "none,retbr,casesi" (const_string "none"))
+
(define_attr "length" ""
(cond [(eq_attr "movprfx" "yes")
(const_int 8)
- ] (const_int 4)))
+
+ (eq_attr "sls_length" "retbr")
+ (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 4)
+ (match_test "TARGET_SB") (const_int 8)]
+ (const_int 12))
+
+ (eq_attr "sls_length" "casesi")
+ (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 16)
+ (match_test "TARGET_SB") (const_int 20)]
+ (const_int 24))
+ ]
+ (const_int 4)))
;; Strictly for compatibility with AArch32 in pipeline models, since AArch64 has
;; no predicated insns.
@@ -370,8 +385,12 @@
(define_insn "indirect_jump"
[(set (pc) (match_operand:DI 0 "register_operand" "r"))]
""
- "br\\t%0"
- [(set_attr "type" "branch")]
+ {
+ output_asm_insn ("br\\t%0", operands);
+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
+ }
+ [(set_attr "type" "branch")
+ (set_attr "sls_length" "retbr")]
)
(define_insn "jump"
@@ -657,7 +676,7 @@
"*
return aarch64_output_casesi (operands);
"
- [(set_attr "length" "16")
+ [(set_attr "sls_length" "casesi")
(set_attr "type" "branch")]
)
@@ -736,14 +755,18 @@
[(return)]
""
{
+ const char *ret = NULL;
if (aarch64_return_address_signing_enabled ()
&& TARGET_ARMV8_3
&& !crtl->calls_eh_return)
- return "retaa";
-
- return "ret";
+ ret = "retaa";
+ else
+ ret = "ret";
+ output_asm_insn (ret, operands);
+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
}
- [(set_attr "type" "branch")]
+ [(set_attr "type" "branch")
+ (set_attr "sls_length" "retbr")]
)
(define_expand "return"
@@ -755,8 +778,12 @@
(define_insn "simple_return"
[(simple_return)]
"aarch64_use_simple_return_insn_p ()"
- "ret"
- [(set_attr "type" "branch")]
+ {
+ output_asm_insn ("ret", operands);
+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
+ }
+ [(set_attr "type" "branch")
+ (set_attr "sls_length" "retbr")]
)
(define_insn "*cb<optab><mode>1"
@@ -947,10 +974,16 @@
(match_operand 1 "" ""))
(return)]
"SIBLING_CALL_P (insn)"
- "@
- br\\t%0
- b\\t%c0"
- [(set_attr "type" "branch, branch")]
+ {
+ if (which_alternative == 0)
+ {
+ output_asm_insn ("br\\t%0", operands);
+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
+ }
+ return "b\\t%c0";
+ }
+ [(set_attr "type" "branch, branch")
+ (set_attr "sls_length" "retbr,none")]
)
(define_insn "*sibcall_value_insn"
@@ -960,10 +993,16 @@
(match_operand 2 "" "")))
(return)]
"SIBLING_CALL_P (insn)"
- "@
- br\\t%1
- b\\t%c1"
- [(set_attr "type" "branch, branch")]
+ {
+ if (which_alternative == 0)
+ {
+ output_asm_insn ("br\\t%1", operands);
+ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
+ }
+ return "b\\t%c1";
+ }
+ [(set_attr "type" "branch, branch")
+ (set_attr "sls_length" "retbr,none")]
)
;; Call subroutine returning any type.
diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
new file mode 100644
index 000000000..7656123ee
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
@@ -0,0 +1,15 @@
+/* Avoid ILP32 since pacret is only available for LP64 */
+/* { dg-do compile { target { ! ilp32 } } } */
+/* { dg-additional-options "-mharden-sls=retbr -mbranch-protection=pac-ret -march=armv8.3-a" } */
+
+/* Testing the do_return pattern for retaa. */
+long retbr_subcall(void);
+long retbr_do_return_retaa(void)
+{
+ return retbr_subcall()+1;
+}
+
+/* Ensure there are no BR or RET instructions which are not directly followed
+ by a speculation barrier. */
+/* { dg-final { scan-assembler-not {\t(br|ret|retaa)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb)} } } */
+/* { dg-final { scan-assembler-not {ret\t} } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
new file mode 100644
index 000000000..573b30cdc
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
@@ -0,0 +1,119 @@
+/* We ensure that -Wpedantic is off since it complains about the trampolines
+ we explicitly want to test. */
+/* { dg-additional-options "-mharden-sls=retbr -Wno-pedantic " } */
+/*
+ Ensure that the SLS hardening of RET and BR leaves no unprotected RET/BR
+ instructions.
+ */
+typedef int (foo) (int, int);
+typedef void (bar) (int, int);
+struct sls_testclass {
+ foo *x;
+ bar *y;
+ int left;
+ int right;
+};
+
+int
+retbr_sibcall_value_insn (struct sls_testclass x)
+{
+ return x.x(x.left, x.right);
+}
+
+void
+retbr_sibcall_insn (struct sls_testclass x)
+{
+ x.y(x.left, x.right);
+}
+
+/* Aim to test two different returns.
+ One that introduces a tail call in the middle of the function, and one that
+ has a normal return. */
+int
+retbr_multiple_returns (struct sls_testclass x)
+{
+ int temp;
+ if (x.left % 10)
+ return x.x(x.left, 100);
+ else if (x.right % 20)
+ {
+ return x.x(x.left * x.right, 100);
+ }
+ temp = x.left % x.right;
+ temp *= 100;
+ temp /= 2;
+ return temp % 3;
+}
+
+void
+retbr_multiple_returns_void (struct sls_testclass x)
+{
+ if (x.left % 10)
+ {
+ x.y(x.left, 100);
+ }
+ else if (x.right % 20)
+ {
+ x.y(x.left * x.right, 100);
+ }
+ return;
+}
+
+/* Testing the casesi jump via register. */
+__attribute__ ((optimize ("Os")))
+int
+retbr_casesi_dispatch (struct sls_testclass x)
+{
+ switch (x.left)
+ {
+ case -5:
+ return -2;
+ case -3:
+ return -1;
+ case 0:
+ return 0;
+ case 3:
+ return 1;
+ case 5:
+ break;
+ default:
+ __builtin_unreachable ();
+ }
+ return x.right;
+}
+
+/* Testing the BR in trampolines is mitigated against. */
+void f1 (void *);
+void f3 (void *, void (*)(void *));
+void f2 (void *);
+
+int
+retbr_trampolines (void *a, int b)
+{
+ if (!b)
+ {
+ f1 (a);
+ return 1;
+ }
+ if (b)
+ {
+ void retbr_tramp_internal (void *c)
+ {
+ if (c == a)
+ f2 (c);
+ }
+ f3 (a, retbr_tramp_internal);
+ }
+ return 0;
+}
+
+/* Testing the indirect_jump pattern. */
+void
+retbr_indirect_jump (int *buf)
+{
+ __builtin_longjmp(buf, 1);
+}
+
+/* Ensure there are no BR or RET instructions which are not directly followed
+ by a speculation barrier. */
+/* { dg-final { scan-assembler-not {\t(br|ret|retaa)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb|sb)} } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
new file mode 100644
index 000000000..812250379
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
@@ -0,0 +1,73 @@
+# Regression driver for SLS mitigation on AArch64.
+# Copyright (C) 2020 Free Software Foundation, Inc.
+# Contributed by ARM Ltd.
+#
+# This file is part of GCC.
+#
+# GCC is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+#
+# GCC is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GCC; see the file COPYING3. If not see
+# <http://www.gnu.org/licenses/>. */
+
+# Exit immediately if this isn't an AArch64 target.
+if {![istarget aarch64*-*-*] } then {
+ return
+}
+
+# Load support procs.
+load_lib gcc-dg.exp
+load_lib torture-options.exp
+
+# If a testcase doesn't have special options, use these.
+global DEFAULT_CFLAGS
+if ![info exists DEFAULT_CFLAGS] then {
+ set DEFAULT_CFLAGS " "
+}
+
+# Initialize `dg'.
+dg-init
+torture-init
+
+# Use different architectures as well as the normal optimisation options.
+# (i.e. use both SB and DSB+ISB barriers).
+
+set save-dg-do-what-default ${dg-do-what-default}
+# Main loop.
+# Run with torture tests (i.e. a bunch of different optimisation levels) just
+# to increase test coverage.
+set dg-do-what-default assemble
+gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \
+ "-save-temps" $DEFAULT_CFLAGS
+
+# Run the same tests but this time with SB extension.
+# Since not all supported assemblers will support that extension we decide
+# whether to assemble or just compile based on whether the extension is
+# supported for the available assembler.
+
+set templist {}
+foreach x $DG_TORTURE_OPTIONS {
+ lappend templist "$x -march=armv8.3-a+sb "
+ lappend templist "$x -march=armv8-a+sb "
+}
+set-torture-options $templist
+if { [check_effective_target_aarch64_asm_sb_ok] } {
+ set dg-do-what-default assemble
+} else {
+ set dg-do-what-default compile
+}
+gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \
+ "-save-temps" $DEFAULT_CFLAGS
+set dg-do-what-default ${save-dg-do-what-default}
+
+# All done.
+torture-finish
+dg-finish
diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
index ea9a50ccb..79482f9b6 100644
--- a/gcc/testsuite/lib/target-supports.exp
+++ b/gcc/testsuite/lib/target-supports.exp
@@ -8579,7 +8579,8 @@ proc check_effective_target_aarch64_tiny { } {
# Create functions to check that the AArch64 assembler supports the
# various architecture extensions via the .arch_extension pseudo-op.
-foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve"} {
+foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve"
+ "sb"} {
eval [string map [list FUNC $aarch64_ext] {
proc check_effective_target_aarch64_asm_FUNC_ok { } {
if { [istarget aarch64*-*-*] } {
--
2.25.1

View File

@@ -1,659 +0,0 @@
CVE: CVE-2020-13844
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
From 2155170525f93093b90a1a065e7ed71a925566e9 Mon Sep 17 00:00:00 2001
From: Matthew Malcomson <matthew.malcomson@arm.com>
Date: Thu, 9 Jul 2020 09:11:59 +0100
Subject: [PATCH 3/3] aarch64: Mitigate SLS for BLR instruction
This patch introduces the mitigation for Straight Line Speculation past
the BLR instruction.
This mitigation replaces BLR instructions with a BL to a stub which uses
a BR to jump to the original value. These function stubs are then
appended with a speculation barrier to ensure no straight line
speculation happens after these jumps.
When optimising for speed we use a set of stubs for each function since
this should help the branch predictor make more accurate predictions
about where a stub should branch.
When optimising for size we use one set of stubs for all functions.
This set of stubs can have human readable names, and we are using
`__call_indirect_x<N>` for register x<N>.
When BTI branch protection is enabled the BLR instruction can jump to a
`BTI c` instruction using any register, while the BR instruction can
only jump to a `BTI c` instruction using the x16 or x17 registers.
Hence, in order to ensure this transformation is safe we mov the value
of the original register into x16 and use x16 for the BR.
As an example when optimising for size:
a
BLR x0
instruction would get transformed to something like
BL __call_indirect_x0
where __call_indirect_x0 labels a thunk that contains
__call_indirect_x0:
MOV X16, X0
BR X16
<speculation barrier>
The first version of this patch used local symbols specific to a
compilation unit to try and avoid relocations.
This was mistaken since functions coming from the same compilation unit
can still be in different sections, and the assembler will insert
relocations at jumps between sections.
On any relocation the linker is permitted to emit a veneer to handle
jumps between symbols that are very far apart. The registers x16 and
x17 may be clobbered by these veneers.
Hence the function stubs cannot rely on the values of x16 and x17 being
the same as just before the function stub is called.
Similar can be said for the hot/cold partitioning of single functions,
so function-local stubs have the same restriction.
This updated version of the patch never emits function stubs for x16 and
x17, and instead forces other registers to be used.
Given the above, there is now no benefit to local symbols (since they
are not enough to avoid dealing with linker intricacies). This patch
now uses global symbols with hidden visibility each stored in their own
COMDAT section. This means stubs can be shared between compilation
units while still avoiding the PLT indirection.
This patch also removes the `__call_indirect_x30` stub (and
function-local equivalent) which would simply jump back to the original
location.
The function-local stubs are emitted to the assembly output file in one
chunk, which means we need not add the speculation barrier directly
after each one.
This is because we know for certain that the instructions directly after
the BR in all but the last function stub will be from another one of
these stubs and hence will not contain a speculation gadget.
Instead we add a speculation barrier at the end of the sequence of
stubs.
The global stubs are emitted in COMDAT/.linkonce sections by
themselves so that the linker can remove duplicates from multiple object
files. This means they are not emitted in one chunk, and each one must
include the speculation barrier.
Another difference is that since the global stubs are shared across
compilation units we do not know that all functions will be targeting an
architecture supporting the SB instruction.
Rather than provide multiple stubs for each architecture, we provide a
stub that will work for all architectures -- using the DSB+ISB barrier.
This mitigation does not apply for BLR instructions in the following
places:
- Some accesses to thread-local variables use a code sequence with a BLR
instruction. This code sequence is part of the binary interface between
compiler and linker. If this BLR instruction needs to be mitigated, it'd
probably be best to do so in the linker. It seems that the code sequence
for thread-local variable access is unlikely to lead to a Spectre Revalation
Gadget.
- PLT stubs are produced by the linker and each contain a BLR instruction.
It seems that at most only after the last PLT stub a Spectre Revalation
Gadget might appear.
Testing:
Bootstrap and regtest on AArch64
(with BOOT_CFLAGS="-mharden-sls=retbr,blr")
Used a temporary hack(1) in gcc-dg.exp to use these options on every
test in the testsuite, a slight modification to emit the speculation
barrier after every function stub, and a script to check that the
output never emitted a BLR, or unmitigated BR or RET instruction.
Similar on an aarch64-none-elf cross-compiler.
1) Temporary hack emitted a speculation barrier at the end of every stub
function, and used a script to ensure that:
a) Every RET or BR is immediately followed by a speculation barrier.
b) No BLR instruction is emitted by compiler.
(cherry picked from 96b7f495f9269d5448822e4fc28882edb35a58d7)
gcc/ChangeLog:
* config/aarch64/aarch64-protos.h (aarch64_indirect_call_asm):
New declaration.
* config/aarch64/aarch64.c (aarch64_regno_regclass): Handle new
stub registers class.
(aarch64_class_max_nregs): Likewise.
(aarch64_register_move_cost): Likewise.
(aarch64_sls_shared_thunks): Global array to store stub labels.
(aarch64_sls_emit_function_stub): New.
(aarch64_create_blr_label): New.
(aarch64_sls_emit_blr_function_thunks): New.
(aarch64_sls_emit_shared_blr_thunks): New.
(aarch64_asm_file_end): New.
(aarch64_indirect_call_asm): New.
(TARGET_ASM_FILE_END): Use aarch64_asm_file_end.
(TARGET_ASM_FUNCTION_EPILOGUE): Use
aarch64_sls_emit_blr_function_thunks.
* config/aarch64/aarch64.h (STB_REGNUM_P): New.
(enum reg_class): Add STUB_REGS class.
(machine_function): Introduce `call_via` array for
function-local stub labels.
* config/aarch64/aarch64.md (*call_insn, *call_value_insn): Use
aarch64_indirect_call_asm to emit code when hardening BLR
instructions.
* config/aarch64/constraints.md (Ucr): New constraint
representing registers for indirect calls. Is GENERAL_REGS
usually, and STUB_REGS when hardening BLR instruction against
SLS.
* config/aarch64/predicates.md (aarch64_general_reg): STUB_REGS class
is also a general register.
gcc/testsuite/ChangeLog:
* gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c: New test.
* gcc.target/aarch64/sls-mitigation/sls-miti-blr.c: New test.
---
gcc/config/aarch64/aarch64-protos.h | 1 +
gcc/config/aarch64/aarch64.c | 225 +++++++++++++++++-
gcc/config/aarch64/aarch64.h | 15 ++
gcc/config/aarch64/aarch64.md | 11 +-
gcc/config/aarch64/constraints.md | 9 +
gcc/config/aarch64/predicates.md | 3 +-
.../aarch64/sls-mitigation/sls-miti-blr-bti.c | 40 ++++
.../aarch64/sls-mitigation/sls-miti-blr.c | 33 +++
8 files changed, 328 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index 885eae893..2676e43ae 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -645,6 +645,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);
bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);
const char *aarch64_sls_barrier (int);
+const char *aarch64_indirect_call_asm (rtx);
extern bool aarch64_harden_sls_retbr_p (void);
extern bool aarch64_harden_sls_blr_p (void);
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index dff61105c..bc6c02c3a 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -8190,6 +8190,9 @@ aarch64_label_mentioned_p (rtx x)
enum reg_class
aarch64_regno_regclass (unsigned regno)
{
+ if (STUB_REGNUM_P (regno))
+ return STUB_REGS;
+
if (GP_REGNUM_P (regno))
return GENERAL_REGS;
@@ -8499,6 +8502,7 @@ aarch64_class_max_nregs (reg_class_t regclass, machine_mode mode)
unsigned int nregs;
switch (regclass)
{
+ case STUB_REGS:
case TAILCALL_ADDR_REGS:
case POINTER_REGS:
case GENERAL_REGS:
@@ -10693,10 +10697,12 @@ aarch64_register_move_cost (machine_mode mode,
= aarch64_tune_params.regmove_cost;
/* Caller save and pointer regs are equivalent to GENERAL_REGS. */
- if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS)
+ if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS
+ || to == STUB_REGS)
to = GENERAL_REGS;
- if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS)
+ if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS
+ || from == STUB_REGS)
from = GENERAL_REGS;
/* Moving between GPR and stack cost is the same as GP2GP. */
@@ -19009,6 +19015,215 @@ aarch64_sls_barrier (int mitigation_required)
: "";
}
+static GTY (()) tree aarch64_sls_shared_thunks[30];
+static GTY (()) bool aarch64_sls_shared_thunks_needed = false;
+const char *indirect_symbol_names[30] = {
+ "__call_indirect_x0",
+ "__call_indirect_x1",
+ "__call_indirect_x2",
+ "__call_indirect_x3",
+ "__call_indirect_x4",
+ "__call_indirect_x5",
+ "__call_indirect_x6",
+ "__call_indirect_x7",
+ "__call_indirect_x8",
+ "__call_indirect_x9",
+ "__call_indirect_x10",
+ "__call_indirect_x11",
+ "__call_indirect_x12",
+ "__call_indirect_x13",
+ "__call_indirect_x14",
+ "__call_indirect_x15",
+ "", /* "__call_indirect_x16", */
+ "", /* "__call_indirect_x17", */
+ "__call_indirect_x18",
+ "__call_indirect_x19",
+ "__call_indirect_x20",
+ "__call_indirect_x21",
+ "__call_indirect_x22",
+ "__call_indirect_x23",
+ "__call_indirect_x24",
+ "__call_indirect_x25",
+ "__call_indirect_x26",
+ "__call_indirect_x27",
+ "__call_indirect_x28",
+ "__call_indirect_x29",
+};
+
+/* Function to create a BLR thunk. This thunk is used to mitigate straight
+ line speculation. Instead of a simple BLR that can be speculated past,
+ we emit a BL to this thunk, and this thunk contains a BR to the relevant
+ register. These thunks have the relevant speculation barries put after
+ their indirect branch so that speculation is blocked.
+
+ We use such a thunk so the speculation barriers are kept off the
+ architecturally executed path in order to reduce the performance overhead.
+
+ When optimizing for size we use stubs shared by the linked object.
+ When optimizing for performance we emit stubs for each function in the hope
+ that the branch predictor can better train on jumps specific for a given
+ function. */
+rtx
+aarch64_sls_create_blr_label (int regnum)
+{
+ gcc_assert (STUB_REGNUM_P (regnum));
+ if (optimize_function_for_size_p (cfun))
+ {
+ /* For the thunks shared between different functions in this compilation
+ unit we use a named symbol -- this is just for users to more easily
+ understand the generated assembly. */
+ aarch64_sls_shared_thunks_needed = true;
+ const char *thunk_name = indirect_symbol_names[regnum];
+ if (aarch64_sls_shared_thunks[regnum] == NULL)
+ {
+ /* Build a decl representing this function stub and record it for
+ later. We build a decl here so we can use the GCC machinery for
+ handling sections automatically (through `get_named_section` and
+ `make_decl_one_only`). That saves us a lot of trouble handling
+ the specifics of different output file formats. */
+ tree decl = build_decl (BUILTINS_LOCATION, FUNCTION_DECL,
+ get_identifier (thunk_name),
+ build_function_type_list (void_type_node,
+ NULL_TREE));
+ DECL_RESULT (decl) = build_decl (BUILTINS_LOCATION, RESULT_DECL,
+ NULL_TREE, void_type_node);
+ TREE_PUBLIC (decl) = 1;
+ TREE_STATIC (decl) = 1;
+ DECL_IGNORED_P (decl) = 1;
+ DECL_ARTIFICIAL (decl) = 1;
+ make_decl_one_only (decl, DECL_ASSEMBLER_NAME (decl));
+ resolve_unique_section (decl, 0, false);
+ aarch64_sls_shared_thunks[regnum] = decl;
+ }
+
+ return gen_rtx_SYMBOL_REF (Pmode, thunk_name);
+ }
+
+ if (cfun->machine->call_via[regnum] == NULL)
+ cfun->machine->call_via[regnum]
+ = gen_rtx_LABEL_REF (Pmode, gen_label_rtx ());
+ return cfun->machine->call_via[regnum];
+}
+
+/* Helper function for aarch64_sls_emit_blr_function_thunks and
+ aarch64_sls_emit_shared_blr_thunks below. */
+static void
+aarch64_sls_emit_function_stub (FILE *out_file, int regnum)
+{
+ /* Save in x16 and branch to that function so this transformation does
+ not prevent jumping to `BTI c` instructions. */
+ asm_fprintf (out_file, "\tmov\tx16, x%d\n", regnum);
+ asm_fprintf (out_file, "\tbr\tx16\n");
+}
+
+/* Emit all BLR stubs for this particular function.
+ Here we emit all the BLR stubs needed for the current function. Since we
+ emit these stubs in a consecutive block we know there will be no speculation
+ gadgets between each stub, and hence we only emit a speculation barrier at
+ the end of the stub sequences.
+
+ This is called in the TARGET_ASM_FUNCTION_EPILOGUE hook. */
+void
+aarch64_sls_emit_blr_function_thunks (FILE *out_file)
+{
+ if (! aarch64_harden_sls_blr_p ())
+ return;
+
+ bool any_functions_emitted = false;
+ /* We must save and restore the current function section since this assembly
+ is emitted at the end of the function. This means it can be emitted *just
+ after* the cold section of a function. That cold part would be emitted in
+ a different section. That switch would trigger a `.cfi_endproc` directive
+ to be emitted in the original section and a `.cfi_startproc` directive to
+ be emitted in the new section. Switching to the original section without
+ restoring would mean that the `.cfi_endproc` emitted as a function ends
+ would happen in a different section -- leaving an unmatched
+ `.cfi_startproc` in the cold text section and an unmatched `.cfi_endproc`
+ in the standard text section. */
+ section *save_text_section = in_section;
+ switch_to_section (function_section (current_function_decl));
+ for (int regnum = 0; regnum < 30; ++regnum)
+ {
+ rtx specu_label = cfun->machine->call_via[regnum];
+ if (specu_label == NULL)
+ continue;
+
+ targetm.asm_out.print_operand (out_file, specu_label, 0);
+ asm_fprintf (out_file, ":\n");
+ aarch64_sls_emit_function_stub (out_file, regnum);
+ any_functions_emitted = true;
+ }
+ if (any_functions_emitted)
+ /* Can use the SB if needs be here, since this stub will only be used
+ by the current function, and hence for the current target. */
+ asm_fprintf (out_file, "\t%s\n", aarch64_sls_barrier (true));
+ switch_to_section (save_text_section);
+}
+
+/* Emit shared BLR stubs for the current compilation unit.
+ Over the course of compiling this unit we may have converted some BLR
+ instructions to a BL to a shared stub function. This is where we emit those
+ stub functions.
+ This function is for the stubs shared between different functions in this
+ compilation unit. We share when optimizing for size instead of speed.
+
+ This function is called through the TARGET_ASM_FILE_END hook. */
+void
+aarch64_sls_emit_shared_blr_thunks (FILE *out_file)
+{
+ if (! aarch64_sls_shared_thunks_needed)
+ return;
+
+ for (int regnum = 0; regnum < 30; ++regnum)
+ {
+ tree decl = aarch64_sls_shared_thunks[regnum];
+ if (!decl)
+ continue;
+
+ const char *name = indirect_symbol_names[regnum];
+ switch_to_section (get_named_section (decl, NULL, 0));
+ ASM_OUTPUT_ALIGN (out_file, 2);
+ targetm.asm_out.globalize_label (out_file, name);
+ /* Only emits if the compiler is configured for an assembler that can
+ handle visibility directives. */
+ targetm.asm_out.assemble_visibility (decl, VISIBILITY_HIDDEN);
+ ASM_OUTPUT_TYPE_DIRECTIVE (out_file, name, "function");
+ ASM_OUTPUT_LABEL (out_file, name);
+ aarch64_sls_emit_function_stub (out_file, regnum);
+ /* Use the most conservative target to ensure it can always be used by any
+ function in the translation unit. */
+ asm_fprintf (out_file, "\tdsb\tsy\n\tisb\n");
+ ASM_DECLARE_FUNCTION_SIZE (out_file, name, decl);
+ }
+}
+
+/* Implement TARGET_ASM_FILE_END. */
+void
+aarch64_asm_file_end ()
+{
+ aarch64_sls_emit_shared_blr_thunks (asm_out_file);
+ /* Since this function will be called for the ASM_FILE_END hook, we ensure
+ that what would be called otherwise (e.g. `file_end_indicate_exec_stack`
+ for FreeBSD) still gets called. */
+#ifdef TARGET_ASM_FILE_END
+ TARGET_ASM_FILE_END ();
+#endif
+}
+
+const char *
+aarch64_indirect_call_asm (rtx addr)
+{
+ gcc_assert (REG_P (addr));
+ if (aarch64_harden_sls_blr_p ())
+ {
+ rtx stub_label = aarch64_sls_create_blr_label (REGNO (addr));
+ output_asm_insn ("bl\t%0", &stub_label);
+ }
+ else
+ output_asm_insn ("blr\t%0", &addr);
+ return "";
+}
+
/* Target-specific selftests. */
#if CHECKING_P
@@ -19529,6 +19744,12 @@ aarch64_libgcc_floating_mode_supported_p
#define TARGET_RUN_TARGET_SELFTESTS selftest::aarch64_run_selftests
#endif /* #if CHECKING_P */
+#undef TARGET_ASM_FILE_END
+#define TARGET_ASM_FILE_END aarch64_asm_file_end
+
+#undef TARGET_ASM_FUNCTION_EPILOGUE
+#define TARGET_ASM_FUNCTION_EPILOGUE aarch64_sls_emit_blr_function_thunks
+
struct gcc_target targetm = TARGET_INITIALIZER;
#include "gt-aarch64.h"
diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
index 72ddc6fd9..60682a100 100644
--- a/gcc/config/aarch64/aarch64.h
+++ b/gcc/config/aarch64/aarch64.h
@@ -540,6 +540,16 @@ extern unsigned aarch64_architecture_version;
#define GP_REGNUM_P(REGNO) \
(((unsigned) (REGNO - R0_REGNUM)) <= (R30_REGNUM - R0_REGNUM))
+/* Registers known to be preserved over a BL instruction. This consists of the
+ GENERAL_REGS without x16, x17, and x30. The x30 register is changed by the
+ BL instruction itself, while the x16 and x17 registers may be used by
+ veneers which can be inserted by the linker. */
+#define STUB_REGNUM_P(REGNO) \
+ (GP_REGNUM_P (REGNO) \
+ && (REGNO) != R16_REGNUM \
+ && (REGNO) != R17_REGNUM \
+ && (REGNO) != R30_REGNUM) \
+
#define FP_REGNUM_P(REGNO) \
(((unsigned) (REGNO - V0_REGNUM)) <= (V31_REGNUM - V0_REGNUM))
@@ -561,6 +571,7 @@ enum reg_class
{
NO_REGS,
TAILCALL_ADDR_REGS,
+ STUB_REGS,
GENERAL_REGS,
STACK_REG,
POINTER_REGS,
@@ -580,6 +591,7 @@ enum reg_class
{ \
"NO_REGS", \
"TAILCALL_ADDR_REGS", \
+ "STUB_REGS", \
"GENERAL_REGS", \
"STACK_REG", \
"POINTER_REGS", \
@@ -596,6 +608,7 @@ enum reg_class
{ \
{ 0x00000000, 0x00000000, 0x00000000 }, /* NO_REGS */ \
{ 0x00030000, 0x00000000, 0x00000000 }, /* TAILCALL_ADDR_REGS */\
+ { 0x3ffcffff, 0x00000000, 0x00000000 }, /* STUB_REGS */ \
{ 0x7fffffff, 0x00000000, 0x00000003 }, /* GENERAL_REGS */ \
{ 0x80000000, 0x00000000, 0x00000000 }, /* STACK_REG */ \
{ 0xffffffff, 0x00000000, 0x00000003 }, /* POINTER_REGS */ \
@@ -735,6 +748,8 @@ typedef struct GTY (()) machine_function
struct aarch64_frame frame;
/* One entry for each hard register. */
bool reg_is_wrapped_separately[LAST_SAVED_REGNUM];
+ /* One entry for each general purpose register. */
+ rtx call_via[SP_REGNUM];
bool label_is_assembled;
} machine_function;
#endif
diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
index 494aee964..ed8cf8ece 100644
--- a/gcc/config/aarch64/aarch64.md
+++ b/gcc/config/aarch64/aarch64.md
@@ -908,15 +908,14 @@
)
(define_insn "*call_insn"
- [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "r, Usf"))
+ [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "Ucr, Usf"))
(match_operand 1 "" ""))
(clobber (reg:DI LR_REGNUM))]
""
"@
- blr\\t%0
+ * return aarch64_indirect_call_asm (operands[0]);
bl\\t%c0"
- [(set_attr "type" "call, call")]
-)
+ [(set_attr "type" "call, call")])
(define_expand "call_value"
[(parallel [(set (match_operand 0 "" "")
@@ -934,12 +933,12 @@
(define_insn "*call_value_insn"
[(set (match_operand 0 "" "")
- (call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "r, Usf"))
+ (call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "Ucr, Usf"))
(match_operand 2 "" "")))
(clobber (reg:DI LR_REGNUM))]
""
"@
- blr\\t%1
+ * return aarch64_indirect_call_asm (operands[1]);
bl\\t%c1"
[(set_attr "type" "call, call")]
)
diff --git a/gcc/config/aarch64/constraints.md b/gcc/config/aarch64/constraints.md
index 21f9549e6..7756dbe83 100644
--- a/gcc/config/aarch64/constraints.md
+++ b/gcc/config/aarch64/constraints.md
@@ -24,6 +24,15 @@
(define_register_constraint "Ucs" "TAILCALL_ADDR_REGS"
"@internal Registers suitable for an indirect tail call")
+(define_register_constraint "Ucr"
+ "aarch64_harden_sls_blr_p () ? STUB_REGS : GENERAL_REGS"
+ "@internal Registers to be used for an indirect call.
+ This is usually the general registers, but when we are hardening against
+ Straight Line Speculation we disallow x16, x17, and x30 so we can use
+ indirection stubs. These indirection stubs cannot use the above registers
+ since they will be reached by a BL that may have to go through a linker
+ veneer.")
+
(define_register_constraint "w" "FP_REGS"
"Floating point and SIMD vector registers.")
diff --git a/gcc/config/aarch64/predicates.md b/gcc/config/aarch64/predicates.md
index 8e1b78421..4250aecb3 100644
--- a/gcc/config/aarch64/predicates.md
+++ b/gcc/config/aarch64/predicates.md
@@ -32,7 +32,8 @@
(define_predicate "aarch64_general_reg"
(and (match_operand 0 "register_operand")
- (match_test "REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS")))
+ (match_test "REGNO_REG_CLASS (REGNO (op)) == STUB_REGS
+ || REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS")))
;; Return true if OP a (const_int 0) operand.
(define_predicate "const0_operand"
diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
new file mode 100644
index 000000000..b1fb754c7
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
@@ -0,0 +1,40 @@
+/* { dg-do compile } */
+/* { dg-additional-options "-mharden-sls=blr -mbranch-protection=bti" } */
+/*
+ Ensure that the SLS hardening of BLR leaves no BLR instructions.
+ Here we also check that there are no BR instructions with anything except an
+ x16 or x17 register. This is because a `BTI c` instruction can be branched
+ to using a BLR instruction using any register, but can only be branched to
+ with a BR using an x16 or x17 register.
+ */
+typedef int (foo) (int, int);
+typedef void (bar) (int, int);
+struct sls_testclass {
+ foo *x;
+ bar *y;
+ int left;
+ int right;
+};
+
+/* We test both RTL patterns for a call which returns a value and a call which
+ does not. */
+int blr_call_value (struct sls_testclass x)
+{
+ int retval = x.x(x.left, x.right);
+ if (retval % 10)
+ return 100;
+ return 9;
+}
+
+int blr_call (struct sls_testclass x)
+{
+ x.y(x.left, x.right);
+ if (x.left % 10)
+ return 100;
+ return 9;
+}
+
+/* { dg-final { scan-assembler-not {\tblr\t} } } */
+/* { dg-final { scan-assembler-not {\tbr\tx(?!16|17)} } } */
+/* { dg-final { scan-assembler {\tbr\tx(16|17)} } } */
+
diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
new file mode 100644
index 000000000..88baffffe
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
@@ -0,0 +1,33 @@
+/* { dg-additional-options "-mharden-sls=blr -save-temps" } */
+/* Ensure that the SLS hardening of BLR leaves no BLR instructions.
+ We only test that all BLR instructions have been removed, not that the
+ resulting code makes sense. */
+typedef int (foo) (int, int);
+typedef void (bar) (int, int);
+struct sls_testclass {
+ foo *x;
+ bar *y;
+ int left;
+ int right;
+};
+
+/* We test both RTL patterns for a call which returns a value and a call which
+ does not. */
+int blr_call_value (struct sls_testclass x)
+{
+ int retval = x.x(x.left, x.right);
+ if (retval % 10)
+ return 100;
+ return 9;
+}
+
+int blr_call (struct sls_testclass x)
+{
+ x.y(x.left, x.right);
+ if (x.left % 10)
+ return 100;
+ return 9;
+}
+
+/* { dg-final { scan-assembler-not {\tblr\t} } } */
+/* { dg-final { scan-assembler {\tbr\tx[0-9][0-9]?} } } */
--
2.25.1

View File

@@ -1,45 +0,0 @@
From b19d8aac15649f31a7588b2634411a1922906ea8 Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Wed, 3 Jun 2020 12:30:57 -0600
Subject: [PATCH] Fix missing dependencies for selftests which occasionally
causes failed builds.
gcc/
* Makefile.in (SELFTEST_DEPS): Move before including language makefile
fragments.
Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=b19d8aac15649f31a7588b2634411a1922906ea8]
Signed-off-by:Steve Sakoman <steve@sakoman.com>
---
gcc/Makefile.in | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gcc/Makefile.in b/gcc/Makefile.in
index aab1dbba57b..be11311b60d 100644
--- a/gcc/Makefile.in
+++ b/gcc/Makefile.in
@@ -1735,6 +1735,10 @@ $(FULL_DRIVER_NAME): ./xgcc$(exeext)
$(LN_S) $< $@
#
+# SELFTEST_DEPS need to be set before including language makefile fragments.
+# Otherwise $(SELFTEST_DEPS) is empty when used from <LANG>/Make-lang.in.
+SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests
+
# Language makefile fragments.
# The following targets define the interface between us and the languages.
@@ -2010,8 +2014,6 @@ DEVNULL=$(if $(findstring mingw,$(build)),nul,/dev/null)
SELFTEST_FLAGS = -nostdinc $(DEVNULL) -S -o $(DEVNULL) \
-fself-test=$(srcdir)/testsuite/selftests
-SELFTEST_DEPS = $(GCC_PASSES) stmp-int-hdrs $(srcdir)/testsuite/selftests
-
# Run the selftests during the build once we have a driver and the frontend,
# so that self-test failures are caught as early as possible.
# Use "s-selftest-FE" to ensure that we only run the selftests if the
--
2.27.0

View File

@@ -2,13 +2,13 @@ require gcc-common.inc
# Third digit in PV should be incremented after a minor release
PV = "9.3.0"
PV = "9.5.0"
# BINV should be incremented to a revision after a minor gcc release
BINV = "9.3.0"
BINV = "9.5.0"
FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-9.3:${FILE_DIRNAME}/gcc-9.3/backport:"
FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-9.5:${FILE_DIRNAME}/gcc-9.5/backport:"
DEPENDS =+ "mpfr gmp libmpc zlib flex-native"
NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native flex-native"
@@ -69,14 +69,10 @@ SRC_URI = "\
file://0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch \
file://0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \
file://0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch \
file://0040-fix-missing-dependencies-for-selftests.patch \
file://0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch \
file://0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch \
file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \
file://0001-Backport-fix-for-PR-tree-optimization-97236-fix-bad-.patch \
file://0002-libstdc-Fix-inconsistent-noexcept-specific-for-valar.patch \
"
S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
SRC_URI[sha256sum] = "71e197867611f6054aa1119b13a0c0abac12834765fe2d81f35ac57f84f742d1"
SRC_URI[sha256sum] = "27769f64ef1d4cd5e2be8682c0c93f9887983e6cfd1a927ce5a0a2915a95cf8f"
# For dev release snapshotting
#S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/official-gcc-${RELEASE}"
#B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"

View File

@@ -0,0 +1,44 @@
From 60d966708d7cf105dccf128d2b7a38b0b2580a1a Mon Sep 17 00:00:00 2001
From: Jonathan Wakely <jwakely@redhat.com>
Date: Fri, 5 Nov 2021 21:42:20 +0000
Subject: [PATCH] libstdc++: Fix inconsistent noexcept-specific for valarray
begin/end
These declarations should be noexcept after I added it to the
definitions in <valarray>.
libstdc++-v3/ChangeLog:
* include/bits/range_access.h (begin(valarray), end(valarray)):
Add noexcept.
(cherry picked from commit 2b2d97fc545635a0f6aa9c9ee3b017394bc494bf)
Upstream-Status: Backport [https://github.com/hkaelber/gcc/commit/2b2d97fc545635a0f6aa9c9ee3b017394bc494bf]
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
---
libstdc++-v3/include/bits/range_access.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libstdc++-v3/include/bits/range_access.h b/libstdc++-v3/include/bits/range_access.h
index 3d99ea92027..4736e75fda1 100644
--- a/libstdc++-v3/include/bits/range_access.h
+++ b/libstdc++-v3/include/bits/range_access.h
@@ -101,10 +101,10 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
template<typename _Tp> class valarray;
// These overloads must be declared for cbegin and cend to use them.
- template<typename _Tp> _Tp* begin(valarray<_Tp>&);
- template<typename _Tp> const _Tp* begin(const valarray<_Tp>&);
- template<typename _Tp> _Tp* end(valarray<_Tp>&);
- template<typename _Tp> const _Tp* end(const valarray<_Tp>&);
+ template<typename _Tp> _Tp* begin(valarray<_Tp>&) noexcept;
+ template<typename _Tp> const _Tp* begin(const valarray<_Tp>&) noexcept;
+ template<typename _Tp> _Tp* end(valarray<_Tp>&) noexcept;
+ template<typename _Tp> const _Tp* end(const valarray<_Tp>&) noexcept;
/**
* @brief Return an iterator pointing to the first element of
--
2.25.1

Some files were not shown because too many files have changed in this diff Show More