| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the latest korg -stable release that comprises
the following commits:
d330ef1d295d Linux 5.10.203
9c957e2b5254 driver core: Release all resources during unbind before updating device links
2325d3b6b10f r8169: fix deadlock on RTL8125 in jumbo mtu mode
b29e6055db1e r8169: disable ASPM in case of tx timeout
8b76708eb9f1 mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
b532bc9b73e6 mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
376fabe3677a mmc: block: Retry commands in CQE error recovery
bf62a283a779 mmc: core: convert comma to semicolon
bb785011843e mmc: cqhci: Fix task clearing in CQE error recovery
cb9ca7cc273b mmc: cqhci: Warn of halt or task clear failure
e94ededefc42 mmc: cqhci: Increase recovery halt timeout
2011f06e32ab cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
6b35f36ff8f0 cpufreq: imx6q: don't warn for disabling a non-existing frequency
910566a789a2 scsi: qla2xxx: Fix system crash due to bad pointer access
46a4bf13502f scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
b19fe82b4b92 scsi: core: Introduce the scsi_cmd_to_rq() function
c2b6f7e48e38 smb3: fix caching of ctime on setxattr
f9aa2857c6e6 fs: add ctime accessors infrastructure
8d4237a149e3 drm/amdgpu: don't use ATRM for external devices
2df04d76c97d driver core: Move the "removable" attribute from USB to core
01fbfcd8105c ima: annotate iint mutex to avoid lockdep false positive warnings
8a3322a35f74 fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
15bc430fc176 misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
a6128ad78771 misc: pci_endpoint_test: Add deviceID for AM64 and J7200
c922282d11b3 s390/cmma: fix detection of DAT pages
03e07092c6ce s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
cb420e35571c ASoC: SOF: sof-pci-dev: Fix community key quirk detection
b37e1fbe6d30 ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks
3a79fcb743f7 ASoC: SOF: sof-pci-dev: add parameter to override topology filename
4aeb3320d70e ASoC: SOF: sof-pci-dev: use community key on all Up boards
6368a32d26a3 ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header
8e52b19d92e1 smb3: fix touch -h of symlink
889c84e2b200 net: ravb: Start TX queues after HW initialization succeeded
5d428cda38e8 net: ravb: Use pm_runtime_resume_and_get()
f78d0f301395 ravb: Fix races between ravb_tx_timeout_work() and net related ops
a36e00e957a2 r8169: prevent potential deadlock in rtl8169_close
8a909c119827 Revert "workqueue: remove unused cancel_work()"
72ce3379cd5e octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
ef7af2105a25 net: stmmac: xgmac: Disable FPE MMC interrupts
f18bcace1294 selftests/net: mptcp: fix uninitialized variable warnings
cb1644f9f005 selftests/net: ipsec: fix constant out of range
fe7fd9c209e8 dpaa2-eth: increase the needed headroom to account for alignment
772fe1da9a8d ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
9ef94ec8e52e usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
713530d3c8f1 USB: core: Change configuration warnings to notices
ae6e41066e6e hv_netvsc: fix race of netvsc and VF register_netdevice
4937fb36bbb8 Input: xpad - add HyperX Clutch Gladiate Support
5c4d5c8556ee btrfs: make error messages more clear when getting a chunk map
74ff16c84433 btrfs: send: ensure send_fd is writable
12a0ec5ed7cf btrfs: fix off-by-one when checking chunk map includes logical address
baaab02a8c0b btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
2d6c2238acf8 btrfs: add dmesg output for first mount and last unmount of a filesystem
bab9cec493b6 parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
b53dc7c766ae powerpc: Don't clobber f0/vs0 during fp|altivec register save
b5cbbc2b2da9 iommu/vt-d: Add MTL to quirk list to skip TE disabling
f62ceb880a71 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
18ac427906af dm verity: don't perform FEC for failed readahead IO
c3c9f9273822 dm-verity: align struct dm_verity_fec_io properly
5de40a7ffaa0 ALSA: hda/realtek: Add supported ALC257 for ChromeOS
cf80c538061e ALSA: hda/realtek: Headset Mic VREF to 100%
f338f738d7bd ALSA: hda: Disable power-save on KONTRON SinglePC
b02b66194d54 mmc: block: Do not lose cache flush during CQE error recovery
71c9fb31e18b firewire: core: fix possible memory leak in create_units()
d6bac7048f28 pinctrl: avoid reload of p state in list iteration
8fb79be6e980 io_uring: fix off-by one bvec index
f5f85ea5bb6a USB: dwc3: qcom: fix wakeup after probe deferral
5ac96667ea32 usb: dwc3: set the dma max_seg_size
2620c5977f49 usb: dwc3: Fix default mode initialization
d5325ed6eb7c USB: dwc2: write HCINT with INTMASK applied
5d7a5e63dc3b USB: serial: option: don't claim interface 4 for ZTE MF290
f1432dff5dd6 USB: serial: option: fix FM101R-GL defines
14a6e089d610 USB: serial: option: add Fibocom L7xx modules
f49ad460a2c8 bcache: fixup lock c->root error
be327b8f76c2 bcache: fixup init dirty data errors
3ebf83df623a bcache: prevent potential division by zero error
e74c2e6fecb7 bcache: check return value from btree_node_alloc_replacement()
c73dd8f4b476 dm-delay: fix a race between delay_presuspend and delay_bio
a70b6da7c640 hv_netvsc: Mark VF as slave before exposing it to user-mode
ff6c130e48a7 hv_netvsc: Fix race of register_netdevice_notifier and VF register
518ef825016d USB: serial: option: add Luat Air72*U series products
c841de6247e9 s390/dasd: protect device queue against concurrent access
89f9ba7ee702 bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race
cd7a0695906d bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce()
be8af3b6c80d swiotlb-xen: provide the "max_mapping_size" method
8c4b5cc90843 ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
0f312dc1eb2f ASoC: simple-card: fixup asoc_simple_probe() error handling
fcc60c0a1870 nfsd: lock_rename() needs both directories to live on the same fs
ec75d1d0cd2c ext4: make sure allocate pending entry not fail
10341e77e49f ext4: fix slab-use-after-free in ext4_es_insert_extent()
5527898c6a9f ext4: using nofail preallocation in ext4_es_insert_extent()
2ae2be6e7cd7 ext4: using nofail preallocation in ext4_es_insert_delayed_block()
aa6568033cfb ext4: using nofail preallocation in ext4_es_remove_extent()
608758ef8670 ext4: use pre-allocated es in __es_remove_extent()
fcb07d8ea363 ext4: use pre-allocated es in __es_insert_extent()
0cc7653887b0 ext4: factor out __es_alloc_extent() and __es_free_extent()
8234c1c690a3 ext4: add a new helper to check if es must be kept
62526a55fee7 MIPS: KVM: Fix a build warning about variable set but not used
3b2e8b30b0d7 media: ccs: Correctly initialise try compose rectangle
1301467cbe4c lockdep: Fix block chain corruption
cbfa5aadd650 USB: dwc3: qcom: fix ACPI platform device leak
68fe711312f1 USB: dwc3: qcom: fix resource leaks on probe deferral
2be451e7a2f1 nvmet: nul-terminate the NQNs passed in the connect command
86a7f67d7605 nvmet: remove unnecessary ctrl parameter
d24a18cb51bf afs: Fix file locking on R/O volumes to operate in local mode
6e48c3175d0b afs: Return ENOENT if no cell DNS record can be found
497e9b0b21a6 net: axienet: Fix check for partial TX checksum
8fb804dabdda amd-xgbe: propagate the correct speed and duplex status
b7c9e8c038f5 amd-xgbe: handle the corner-case during tx completion
a2e868ad07eb amd-xgbe: handle corner-case during sfp hotplug
ebc7fbd15a64 arm/xen: fix xen_vcpu_info allocation alignment
5ada292b5c50 net/smc: avoid data corruption caused by decline
3ae55e3a3734 net: usb: ax88179_178a: fix failed operations during ax88179_reset
27914bff9602 ipv4: Correct/silence an endian warning in __ip_do_redirect
f8467afa754d HID: fix HID device resource race between HID core and debugging support
2f0ea5e0944a HID: core: store the unique system identifier in hid_device
650e43dfe7d2 drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
cc3b63c089e7 ata: pata_isapnp: Add missing error check for devm_ioport_map()
9942c1948346 wireguard: use DEV_STATS_INC()
939352ad6502 drm/panel: simple: Fix Innolux G101ICE-L01 timings
a5e82e345f4a drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
60660af9577a drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
2c688ae2dd78 drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
3b797242d178 afs: Make error on cell lookup failure consistent with OpenAFS
dbc1929a5214 afs: Fix afs_server_list to be cleaned up with RCU
c3bead2f8fca PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
ac65f8979b0e RDMA/irdma: Prevent zero-length STAG registration
(From OE-Core rev: 501af4c5f91746f934083178efdb1a59ff82ff51)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the latest/last of the 9.0.z upgrades, since 9.1 is now
released.
CVE: CVE-2024-22667
(includes the patch for .2142 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47)
Changes:
https://github.com/vim/vim/compare/v9.0.2130...v9.0.2190
(From OE-Core rev: e7976311a79f05608bbac46a5699ef9206a2aaf5)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629]
Upstream-Status: Backport [https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70]
Upstream-Status: Backport [https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39]
(From OE-Core rev: 9aa207a91a78309015aa0070a98769c821a7ecd6)
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
The original CVE-2023-29406.patch is not complete, causing docker
failures at runtime, backport a complementary fix from golang upstream.
(From OE-Core rev: 973901530c98bc3f1b10d8bb89d55decf6848713)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit d9273edae80978c34f8426f34f991b9598828aa9.
This commit is causing breakage for some vendor kernel builds.
(From OE-Core rev: 59cc2e75c15f8c6371a4c4a3b7bd2e6c3f145fbc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The license of ghostscript has switched to Affero GPL since version 9.07
via commit:
* 3cc5318 Switch Ghostscript/GhostPDL to Affero GPL
https://github.com/ArtifexSoftware/ghostpdl/commit/3cc5318
Correct it with `AGPL-3.0-or-later`.
(From OE-Core rev: 8e192a2e0c2fdad18ea4c08774493225f31931a0)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During testing of the v6.4 reference kernel, it was noticed that
on-target modules no longer matched the magic value of the running
kernel.
This was due to a different localversion in the cross built kernel
and the scripts / resources created on target.
This was due to changes in the setlocalversion script introduced
in the v6.3 series.
The .scmversion file is no longer used (or packaged) to inhibit
the addition of a "+" (through querying of the git status of the
kernel) or the setting of a local version.
We recently introduced the KERNEL_LOCALVERSION variable to allow
recipes to place a value in .scmversion, so we extend the use of
that variable to kernel-arch.bbclass and use it to set the
exported variable LOCALVERSION.
We must do it at the kernel-arch level, as the variable must be
exported in any kernel build to ensure that setlocalversion always
correctly sets the localversion.
(From OE-Core rev: d9273edae80978c34f8426f34f991b9598828aa9)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry-picked from master 765b13b7305c8d2f222cfc66d77c02e6a088c691
Signed-off-by: Andreas Helbech Kleist <andreaskleist@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently myhostname is always added to nsswitch.conf even if it is
not included in PACKAGECONFIG.
This is based on changes made in OE-core rev:
ba3a78c08cb0ce08afde049610d3172b9e3b0695
Cc: Chen Qi <Qi.Chen@windriver.com>
(From OE-Core rev: 17e20ce90b5b3abb5a597d4a5b470c8eaa3fd296)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel
leakage for OAEP decryption, exploitable for a Manger attack.
References:
https://security-tracker.debian.org/tracker/CVE-2023-52323
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst
(From OE-Core rev: 04c9b6b081914005209bac8eeb9f417e7b989cca)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-24575:
libgit2 is a portable C implementation of the Git core methods provided
as a linkable library with a solid API, allowing to build Git functionality
into your application. Using well-crafted inputs to `git_revparse_single`
can cause the function to enter an infinite loop, potentially causing a
Denial of Service attack in the calling application. The revparse function
in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec
string. There is an edge-case during parsing that allows a bad actor to
force the loop conditions to access arbitrary memory. Potentially, this
could also leak memory if the extracted rev spec is reflected back to the
attacker. As such, libgit2 versions before 1.4.0 are not affected. Users
should upgrade to version 1.6.5 or 1.7.2.
CVE-2024-24577:
libgit2 is a portable C implementation of the Git core methods provided
as a linkable library with a solid API, allowing to build Git functionality
into your application. Using well-crafted inputs to `git_index_add` can
cause heap corruption that could be leveraged for arbitrary code execution.
There is an issue in the `has_dir_name` function in `src/libgit2/index.c`,
which frees an entry that should not be freed. The freed entry is later
used and overwritten with potentially bad actor-controlled data leading to
controlled heap corruption. Depending on the application that uses libgit2,
this could lead to arbitrary code execution. This issue has been patched
in version 1.6.5 and 1.7.2.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-24575
https://security-tracker.debian.org/tracker/CVE-2024-24575
https://nvd.nist.gov/vuln/detail/CVE-2024-24577
https://security-tracker.debian.org/tracker/CVE-2024-24577
(From OE-Core rev: 942254eb3ef29c8672a35015c086721c4fbe5a4f)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware
of the HSTS status they should otherwise use.
(From OE-Core rev: e0f503594e7bc0da9771b69ca7243a34dcadbdde)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-45285:
Using go get to fetch a module with the ".git" suffix may unexpectedly
fallback to the insecure "git://" protocol if the module is unavailable
via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE
is not set for said module. This only affects users who are not using
the module proxy and are fetching modules directly (i.e. GOPROXY=off).
CVE-2023-45287:
Before Go 1.20, the RSA based TLS key exchanges used the math/big
library, which is not constant time. RSA blinding was applied to prevent
timing attacks, but analysis shows this may not have been fully effective.
In particular it appears as if the removal of PKCS#1 padding may leak
timing information, which in turn could be used to recover session key
bits. In Go 1.20, the crypto/tls library switched to a fully constant
time RSA implementation, which we do not believe exhibits any timing
side channels.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45285
https://nvd.nist.gov/vuln/detail/CVE-2023-45287
https://security-tracker.debian.org/tracker/CVE-2023-45285
https://security-tracker.debian.org/tracker/CVE-2023-45287
(From OE-Core rev: 616857b9918e8d2e576239b3db2f9f077d1a7222)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
(From OE-Core rev: 55027bc882cf6cab830f4e4f21fa9a2ffb4ad72e)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Align with text in the other branches.
(From yocto-docs rev: 394ccddfa357d186006439600833fce917a1ffac)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
(From yocto-docs rev: af340c7d9a327af0de14d7a6f19215866a0ea835)
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add the hint to the test setup that runqemu-gen-tapdevs will need the
iptables package installed.
(From yocto-docs rev: ca4c984006972d34aa51f05797ec8bd47dc675bb)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-0727
Removed included CVE patch backports.
New module was implemented in tests and needs to be installed
to successfully pass 04-test_provider.t test.
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3012-and-openssl-3013-30-jan-2024
(From OE-Core rev: 2bdae590ab20dc4518ba247c903060fa67ed0fc4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Concept of gcc-source prevents cve-check to detect existing
CVE patch file.
So ignore this CVE in all recipes using gcc-source via this
include file.
(From OE-Core rev: 04511734c6dc8c7dda3a943b385cd273d012d8c7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
CVE: CVE-2023-39130
(From OE-Core rev: 7b93bb0ba1513a60cf75ebe55b29723831dfb79a)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
CVE: CVE-2023-39129
(From OE-Core rev: 67b62fd57d7073b42db2747227d07841d0d064e3)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
CVE: CVE-2023-39130
(From OE-Core rev: 97b5bf2505d68bea6d1c2a66318cfbc51335463a)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
CVE: CVE-2023-39129
(From OE-Core rev: fd3f20e1e8bcd63b75e8800fe60d6194a4fd6bd4)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE reports that apple had to upgrade curl because of other
already reported CVEs:
* CVE-2023-38039: not affected, introduced in 7.84.0
* CVE-2023-38545: patch already backported
* CVE-2023-38546: patch already backported
* CVE-2023-42915: reference to itself
(From OE-Core rev: 2771a1248a251650f6e2e64731f56ed928c29ce5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: e2f538547ace9f441795d51591dc620bfe517454)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The task for fstypes with compression is the same as the task for the
uncompressed fstypes, e.g. when adding tar.xz to `IMAGE_FSTYPES`, it will
be included into the do_image_tar task and not creating a separate
do_image_tar.xz task.
This commit fixes `LIVE_ROOTFS_TYPE` with compressed fstypes by
depending on the actual task instead of the non-existent
do_image_<fstype>.<compression> task.
Fixes [YOCTO #15331]
(From OE-Core rev: 60d88989698968c13f8e641f0ba1a82fcf700fb7)
Signed-off-by: Ludovic Jozeau <ludovic.jozeau@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67c507e3d42e52a6d452c4a453eeaf7f2e2d68d6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix compiler error when checking if required blocks in parent templates are empty.
-xmlattr filter does not allow keys with spaces.
-Make error messages stemming from invalid nesting of {% trans %} blocks more helpful
(cherry picked from OE-Core rev: 8a0524464583d69df7746253f5020c2c125a8e1f)
(From OE-Core rev: 0f0dcf520505d809599a63961ecb5b1e74053b24)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from OE-Core rev: 1e58fa1fff649a4ab07290d2b0e5a8d69d51ef16)
(From OE-Core rev: 90960bdef877c5dc03cc2cb03c77139d6d1e2f8f)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 89974b7fa33f3e9d3e3a4df7ad219898fe400d3a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
import/add local layer
(Bitbake rev: a4c516ef5e72b2d77ac5ff7e86c5ee2190ebc42f)
Signed-off-by: Alassane Yattara <alassane.yattara@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: a744a897f0ea7d34c31c024c13031221f9a85f24)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From meta-yocto rev: fa70fbb1ebf2a712eebc5b154ce6d754324fb6ef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
UBOOT_CONFIG accepts a third parameter for the UBOOT_BINARY that isn't
documented. To show its usage another example from the meta-freescale layer
was picked.
(From yocto-docs rev: aba67b58711019a6ba439b2b77337f813ed799ac)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The VSCode extension is now officially maintained and published by the
Yocto Project so it should be referenced in the manuals to help users
discover it.
I located the most relevant places to reference the extension by looking
at how the old Eclipse plugin was documented in the 2.6 manuals as well
as the current Toaster references.
(From yocto-docs rev: 21ec0d3b52069dfc85ff47fb4f913a26a092c480)
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: 0c3596248cee47079a4c99ed6b476cee36cc84de)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
insserv.bbclass was removed from oe-core:
commit e6bb5dbb62257a7de730ea9085dfd89520f3e47d
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun May 10 12:30:49 2015 +0100
insserv: Remove
(From yocto-docs rev: eddb6c4e36e298218c23bf688cb1c9c06f32b0d6)
Signed-off-by: Maxin John <maxin.john@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The yocto website has changed its structure. Update the section for
Accessing the Downloads page to match the new structure.
(From yocto-docs rev: c67d471145cf09162059368ffd99f0c80df92520)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
As used in the rest of the manual.
(From yocto-docs rev: c68954d905f01f6cc4f7c8ceb90e77cf9068e639)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix below CVE's
CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
CVE-2024-0408
CVE-2024-0409
(From OE-Core rev: ad696a0067e11c332a4542ccacd76455f5fbd984)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
(From OE-Core rev: 9af2e012ee4483541559788dfb9510e0223daefe)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Upstream-Status: Backport
[https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e
&
https://gitlab.com/gnutls/gnutls/-/commit/9edbdaa84e38b1bfb53a7d72c1de44f8de373405]
Reference: https://ubuntu.com/security/CVE-2024-0553
https://ubuntu.com/security/CVE-2024-0567
(From OE-Core rev: de74fd5dea8cc71af1d457b4e688cfbe0f39e4d8)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-6228:
An issue was found in the tiffcp utility distributed by the
libtiff package where a crafted TIFF file on processing may
cause a heap-based buffer overflow leads to an application
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-6228
https://gitlab.com/libtiff/libtiff/-/issues/606
(From OE-Core rev: 0730806ae39093b05ce943df1f9f5d0a25a8a673)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db
(From OE-Core rev: 6bb64af6ce167eadd34570b061b3e6ed13c39c74)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Documentation for this patch is under
https://github.com/mkj/dropbear/commit/66bc1fcdee594c6cb1139df0ef8a6c9c5fc3fde3
(From OE-Core rev: 626711a95f387090a4705401d2f9406909821f95)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
scripts/pybootchartgui/pybootchartgui/draw.py:820: SyntaxWarning: "is not" with a literal. Did you mean "!="?
if (OPTIONS.show_pid or OPTIONS.show_all) and ipid is not 0:
scripts/pybootchartgui/pybootchartgui/draw.py:918: SyntaxWarning: "is not" with a literal. Did you mean "!="?
if i is not 0:
(From OE-Core rev: ebd61290a644a6d9f2b3701e0e7ea050636da76c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8d996616f0ca57220d939a41ca9ba6d696ea2a4f)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes fix for CVE-2023-7207.
Drop all submitted patches.
Apply a patch from git to fix the build with clang.
[ YOCTO #11674 ]
$git log --oneline release_2_13..v2.14
4a41909 (HEAD, tag: v2.14) Version 2.14
6f9e5d3 Update NEWS
807b3ea Use GNU ls algorithm for deciding timestamp format
19219d1 Fix integer overflows in timestamp output
ed28f14 Whitespace cleanup
4ab2813 Update version of gnulib
0987d63 Fix appending to archives bigger than 2G
1df0062 Fix combination of --create, --append, --directory
6a94d5e New option --ignore-dirnlink
376d663 Fix 45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.
beba8c0 Require automake 1.16.5
70fffa7 Update for newer autotools
a1b2f78 Fix calculation of CRC in copy-out mode.
18ea636 Upgrade gnulib
1a61f62 Update copyright years
a1c97c8 Fix wording in the manpage
97fab48 Update copyright years
86dacfe Remove redundant condition check
4d16930 Use inttostr to represent integer values as strings
236684f Fix dynamic string reallocations
dfc801c Fix previous commit
dd96882 Rewrite dynamic string support.
269d204 Improve online version of the documentation.
7dd8ba9 Update gnulib
905907c Update copyright years
4a78d77 Formatting changes in the documentation.
9fe8494 Update copyright years
641d3f4 Minor fix * src/global.c: Remove superfluous declaration of program_name
0c4ffde Fix handling of device numbers (part 2)
df55fb1 Fix handling of device numbers on copy out.
b1c8583 Improve 684b7ac5
684b7ac Fix cpio header verification.
(From OE-Core rev: 203804370997eeb015ef9da90b567ea2c2f9f3a6)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
(From OE-Core rev: 545fc081f16a63e5b012d4636deee98a788753bb)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: f46c9105d4253153a5986f2b307273e43ee98c33)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Backport https://sqlite.org/src/info/0e4e7a05c4204b47
(From OE-Core rev: 31fb83ac3dcd2dd55b184de22a296ab4dc150d2e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.
CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001
(From OE-Core rev: a3b6216bcb3425b6e30ca73488a5eb6ba58e4836)
Signed-off-by: Poonam Jadhav poonam.jadhav@kpit.com
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/8d847a3ffd4f0b17ee33962cf69c36224925b34f]
(From OE-Core rev: db1c8b434e1e249cf5a12fe39cf996373513f3dc)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
