summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* cve-check: write empty fragment files in the text modeMarta Rybczynska2022-06-111-14/+13
| | | | | | | | | | | | | | | | | | | | In the cve-check text mode output, we didn't write fragment files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1), or no unpached CVEs otherwise. However, in a system after multiple builds, cve_check_write_rootfs_manifest might find older files and use them as current, what leads to incorrect reporting. Fix it by always writing a fragment file, even if empty. (From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: move update_symlinks to a libraryMarta Rybczynska2022-06-112-8/+13
| | | | | | | | | | | | Move the function to a library, it could be useful in other places. (From OE-Core rev: c8a0e7ecee15985f7eed10ce9c86c48a77c5b7c5) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit debd37abcdde8788761ebdb4a05bc61f7394cbb8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE_CHECK_WHITELIST typoRobert Joslyn2022-06-111-1/+1
| | | | | | | | | | Fix typo to properly whitelist CVE-2021-22945. (From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport CVE fixesRobert Joslyn2022-06-118-0/+730
| | | | | | | | | | | Backport patches to address CVE-2022-27774, CVE-2022-27781, and CVE-2022-27782. (From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Mark CVE-2022-29824 as not applyingRichard Purdie2022-06-111-0/+4
| | | | | | | | | | | | | | | We have libxml2 2.9.10 and we don't link statically against libxml2 anyway so the CVE doesn't apply to libxslt. (From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c) (From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2) Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Fix CVE-2021-30560omkar patil2022-06-112-0/+202
| | | | | | | | | | CVE: CVE-2021-30560 (From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817) Signed-off-by: omkar patil <omkar.patil@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1587 Out-of-bounds readHitendra Prajapati2022-06-112-0/+661
| | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118031 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933 Description: CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c. (From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystemHitendra Prajapati2022-06-112-0/+43
| | | | | | | | | | | | | | | Source: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git MR: 117430 Type: Security Fix Disposition: Backport from https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76 ChangeID: e6db00c6e8375a2e869fd2e4ead61ca9149eb8fa Description: CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem. (From OE-Core rev: b4f9ba859ed1fe5e1d42258fee1dd2e8e85e7eba) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update the epoch time for ct_test ptestSteve Sakoman2022-06-112-0/+30
| | | | | | | | | | | We are getting an additional ptest failure after fixing the expired certificates. Backport a patch from upstream to fix this. (From OE-Core rev: 3af161acc13189cb68549f898f3964d83d00ce56) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: backport fix for ptest certificate expirationSteve Sakoman2022-06-112-0/+193
| | | | | | | | | | | ptests in in openssl have started failing as test certificates have expired. Backport a fix for this from upstream, replacing the test certificates to allow the ptests to pass again. (From OE-Core rev: 40858a05989d45b0c772fdec837d3dc95d4df59d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "openssl: Backport fix for ptest cert expiry"Steve Sakoman2022-06-112-56/+0
| | | | | | | | Version 1.1.1 requires additional changes This reverts commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Backport fix for ptest cert expiryyocto-3.1.17dunfell-23.0.17Richard Purdie2022-06-072-0/+56
| | | | | | | | | | | | | ptests in in openssl have started failing as one of the test certificates has expired. Backport a fix for this from upstream, replacing the test certificate to allow the ptests to pass again. (From OE-Core rev: 4051d1a3aa5f70da96c381f9dea5f52cd9306939) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f26f0b34f12bbca2beed153da402a3594d127374) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: bump version for 3.1.17 releaseSteve Sakoman2022-06-061-1/+1
| | | | | | | (From meta-yocto rev: 215cfdaeb88bbfdb995d0a09685271d586558af6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* documentation: update for 3.1.17 releaseSteve Sakoman2022-06-061-5/+5
| | | | | | | | (From yocto-docs rev: 8dd19c901813263554ac2bc6bda2cf9a1c3c1e58) Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: Allow warnings to be disabledRichard Purdie2022-06-041-1/+2
| | | | | | | | | | | | | | | When running CVE checks in CI we're usually not interested in warnings on the console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS to allow this to be disabled (it is left enabled by default). (From OE-Core rev: d009233f36fb866f6bdaa12fb6deedf5e253e9c9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1054d3366ba528f2ad52585cf951e508958c5c68) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 8fd6a9f521ea6b1e10c80fe33968943db30991ba) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: Only include installed packages for rootfs manifestErnst Sjöstrand2022-06-041-15/+54
| | | | | | | | | | | | | | | | | | | Before this the rootfs manifest and the summary were identical. We should separate the summary and rootfs manifest more clearly, now the summary is for all CVEs and the rootfs manifest is only for things in that image. This is even more useful if you build multiple images. (From OE-Core rev: 2bacd7cc67b2f624885ce9c9c9e48950b359387d) Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3b8cc6fc45f0ea5677729ee2b1819bdc7a441ab1) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 65498411d73e8008d5550c2d0a1148f990717587) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: Add helper for symlink handlingErnst Sjöstrand2022-06-041-21/+13
| | | | | | | | | | | (From OE-Core rev: 8a178a728f2318c55d5ecaef0ef9e0fd8ebc333b) Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5046d54df2c3057be2afa4143a2833183fca0d67) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: Added do_populate_sdk[recrdeptask].leimaohui2022-06-041-0/+1
| | | | | | | | | | | | As product, sdk should do cve check as well as rootfs. (From OE-Core rev: df09cd71b4cd3f830fced9ce91aa202c1609bfc5) Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit cc17753935c5f9e08aaa6c5886f059303147c07b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEsRichard Purdie2022-06-041-2/+2
| | | | | | | | | | | | Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735 CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 (From OE-Core rev: cd259a00503af360524f58c9cea51aa142dee250) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fafce97bd440150ac5c586b53b887ee70a5b66bd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2022-29824 for libxml2Riyaz2022-06-043-0/+403
| | | | | | | | | | | | | | Add patch for CVE issue: CVE-2022-29824 CVE-2022-29824 Link: [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab] Dependent patch: [https://gitlab.gnome.org/GNOME/libxml2/-/commit/b07251215ef48c70c6e56f7351406c47cfca4d5b] (From OE-Core rev: 096ca5fa8cc4672e5e9b25dffe81b176b252d570) Signed-off-by: Riyaz <Riyaz.Khan@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses: Fix CVE-2022-29458Dan Tran2022-06-042-0/+136
| | | | | | | | | | | | | | | | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. Backported from the link below, extracting only the relevant changes. https://github.com/ThomasDickey/ncurses-snapshots/commit/9d1d651878d4bf0695872a64cc65ba0acb825f36 (From OE-Core rev: 2287d591cf32f5580ea6679805d04c3a5146ecd5) Signed-off-by: Gustavo Lima Chaves <gustavo.chaves@microsoft.com> Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: Fix for CVE-2022-1475Virendra Thakur2022-06-042-0/+37
| | | | | | | | | | Add patch to fix CVE-2022-1475 (From OE-Core rev: 2a97ba89f236b751b333622fbbc14180e9b72245) Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsdl2: Add fix for CVE-2021-33657Ranjitsinh Rathod2022-06-042-0/+39
| | | | | | | | | | | | Add patch to fix CVE-2021-33657 issue for libsdl2 Link: https://security-tracker.debian.org/tracker/CVE-2021-33657 (From OE-Core rev: 1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: Whitelist CVE-2021-28966 as this affects Windows OS onlyRanjitsinh Rathod2022-06-041-0/+4
| | | | | | | | | | | | As per below debian link, CVE-2021-28966 affects Windows only Link: https://security-tracker.debian.org/tracker/CVE-2021-28966 (From OE-Core rev: df6242b72b0477fb61c7dc18ad52a1f147ec7d07) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: Upgrade ruby to 2.7.6 for security fixRanjitsinh Rathod2022-06-041-2/+2
| | | | | | | | | | | | | Upgrade ruby to 2.7.6 Link: https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/ This includes CVE-2022-28739 security fix (From OE-Core rev: 4514b1b8cacb92b1790b636b111c071190b2e4b2) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/cve_check: add tests for recipe and image reportsRoss Burton2022-05-281-1/+76
| | | | | | | | | | | | | | | | Add a test to verify that the JSON reports are generated correctly for both single recipe builds and image builds. More tests are needed, but this is better than nothing. (From OE-Core rev: add860e1a69f848097bbc511137a62d5746e5019) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit df0f35555b09c4bc75470eb45ec9c74e6587d460) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mobile-broadband-provider-info: upgrade 20220315 -> 20220511Alexander Kanavin2022-05-281-2/+2
| | | | | | | | | | | (From OE-Core rev: 9d5b4fdc7ce0458577af5a16b6d7277e3d812e36) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f14c8094e7a049ac1b04c45b76855d0503559932) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1586 Out-of-bounds readHitendra Prajapati2022-05-282-0/+60
| | | | | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118027 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713 Description: CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c. (From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: Fix report generationMarta Rybczynska2022-05-241-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The addition of summary output caused two issues: error when building an image and the fact that JSON output was generated even when CVE_CHECK_FORMAT_JSON. When generating an image it caused an error like: ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in exec_func_python() autogenerated: The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: <module> 0001: *** 0002:cve_check_write_rootfs_manifest(d) 0003: File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, function: cve_check_write_rootfs_manifest 0209: 0210: link_path = os.path.join(deploy_dir, "%s.json" % link_name) 0211: manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON") 0212: bb.note("Generating JSON CVE manifest") *** 0213: generate_json_report(json_summary_name, json_summary_link_name) 0214: bb.plain("Image CVE JSON report stored in: %s" % link_path) 0215:} 0216: 0217:ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}" Exception: NameError: name 'json_summary_name' is not defined The fix is to pass the d variable to the pure python function generate_json_report to get correct values of variables and add conditions for the JSON output where needed. In addition clarify the message presenting the summary JSON file, which isn't related to an image. Uses partial fixes from Alex Kiernan, Ernst Sjöstrand (ernstp), and Davide Gardenal. Fixes: f2987891d315 ("cve-check: add JSON format to summary output") (From OE-Core rev: 665f981fccbb09d51349c4bd4cfe4ca91001e3bd) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9015dec93233c7d45fd0c9885ff5d4ec23ad377d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* manuals: add missing space in appendsMichael Opdenacker2022-05-243-6/+6
| | | | | | | | (From yocto-docs rev: 447be1d6b8f770171799c2275edb65cbdc0fee2d) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reported-by: Quentin Schulz <foss@0leil.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest: skip virgl test on alma 8.6Steve Sakoman2022-05-201-0/+2
| | | | | | | | | This test will fail any time the host has libdrm > 2.4.107 (From OE-Core rev: 48ce924dc82aa959fb897ec36873db7dc3813b71) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: upgrade 20220411 -> 20220509Dmitry Baryshkov2022-05-201-2/+2
| | | | | | | | | | | | License-Update: additional files (From OE-Core rev: 1ec7c6f0f048482ae902fd15beab5cdfc7b50c7b) Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 85b1fef733683be09a1efdb2d8b8ffe543053ace) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: replace mkdir by installKonrad Weihmann2022-05-202-1/+88
| | | | | | | | | | | | | | | | | | | | | | | if a setup is using RPM for packaging and there are multiple recipes that install to ${nonarch_base_libdir}/firmware by using install -d ${nonarch_base_libdir}/firmware, it will create installation clashes on image install, as linux-firmware in before this patch used mkdir -p, which creates different file mode bits (depending on the current user's settings). In a particular example linux-fimware created /lib/firmware with 0600 while other-firmware-package created it with 0644 making the combination not installable by rpm backend (From OE-Core rev: c89bc0fc7f8afdf8ff0e93c3ebd7538987170a0c) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 98bf3f427702687bf81ed759e7cde5d6d15e77eb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Minor security upgrade 1.1.1n to 1.1.1oRanjitsinh Rathod2022-05-201-1/+1
| | | | | | | | | | | | This security upgrade fixes CVE-2022-1292 as per below link Link: https://www.openssl.org/news/cl111.txt (From OE-Core rev: de0cafc01804a8d43b4b97e22fdc9a6b0adb8a48) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORERanjitsinh Rathod2022-05-201-1/+1
| | | | | | | | | | | Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell branch (From OE-Core rev: 970743af349e21a399da6241587b849b14933bc5) Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* freetype: Fix CVEs for freetypeRanjitsinh Rathod2022-05-204-0/+105
| | | | | | | | | | | | | | | | | | | | Apply below patches to fix the CVEs for freetype: CVE-2022-27404.patch Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db.patch CVE-2022-27405.patch Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5.patch CVE-2022-27406.patch Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2.patch (From OE-Core rev: 51a92860bdbab28a2b487be3b054f103a54b86ac) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add patches to fix multiple CVEsRanjitsinh Rathod2022-05-206-0/+267
| | | | | | | | | | | | | | | | Add patches to fix below CVE issues CVE-2022-0865 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 (From OE-Core rev: 7c71434832caf6a15f8fb884d028a8c1bf4090a9) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVEs for curlSana Kazi2022-05-204-0/+304
| | | | | | | | | | | | | | | | | | | Fix below listed CVEs: CVE-2022-22576 Link: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425.patch CVE-2022-27775 Link: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705.patch CVE-2022-27776 Link: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258.patch (From OE-Core rev: bbbd258a1c56d75ccb7e07ddc3bc1beb11d48a3a) Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4681 -> 8.2.4912Richard Purdie2022-05-201-2/+2
| | | | | | | | | | | Includes fixes for CVE-2022-1381, CVE-2022-1420. (From OE-Core rev: c7d43000ce137e1f9302b4b6cec149adb1435f47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts/git: Ensure we don't have circular referencesRichard Purdie2022-05-141-1/+8
| | | | | | | | | | | | | | | | This is horrible but I'm running out of better ideas. We hit circular reference issues which we were trying to avoid in the core HOSTTOOLS code. When building the eSDK, there can be two copies of the script. Therefore assume git will never be in a directory called scripts. This fixes eSDK build failures. (From OE-Core rev: 0f6ae13d76129d96f788b7ede312cfc361ee2bda) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 27de610ac30d4c81352efc794df7e9b1060f7a68) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts: Make git intercept globalRichard Purdie2022-05-141-0/+0
| | | | | | | | | | | | | | | | | | The previous minimially invasive git intercept simply isn't enough. For example, meson used in the igt-gpu-tools recipe hardcodes the path to git in the configure step so at install time, changing PATH has no effect. There are lots of interesting things we could do to try and avoid problems but making the git intercept and dropping fakeroot privs for git global is probably the least worst solution at this point. It will add slight overhead to git calls but we don't make many so the overall impact is likely minimal. (From OE-Core rev: ce6e606ba8b975a33df2f3dc6104abed9cfa7a36) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit af27c81eaf68ee681dcd9456a74cca6a9ab40bf6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base: Avoid circular references to our own scriptsRichard Purdie2022-05-141-0/+4
| | | | | | | | | | | | We'd like to intercept git calls but we don't want circular references and HOSTTOOLS currently sets them up. Tweak to avoid them. (From OE-Core rev: 1567b7cec5ccbe198bfd0cca9ee8a2b1cf6dbf42) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs-postcommands: fix symlinks where link and output path are equalDavide Gardenal2022-05-141-6/+8
| | | | | | | | | | | | | | | When creating the manifest and the testdata.json links, if the link name is equal to the output name the link is not created, otherwise it is. This prevents a link-to-self in the first case. (From OE-Core rev: e3672b5ccd6e0f130b1657017802db130a859d20) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* volatile-binds: Change DefaultDependencies from false to noPortia2022-05-141-1/+1
| | | | | | | | | | | | | | | The systemd-unit parameter DefaultDependencies changed from true/false to yes/no. This changed in systemd in v242. (From OE-Core rev: 00db62342e67b916213c3b54db23c8090621462f) Signed-off-by: Portia Stephens <stephensportia@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 9da23a2b912edd043037a8e2e1047f7f3ba6886a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: fix symlinks where link and output path are equalDavide Gardenal2022-05-141-8/+11
| | | | | | | | | | | | | | An if statement now checks if the link and output path are the same, if they are then the link is not created, otherwise it is. (From OE-Core rev: 62965ca8ca7077c12d75dac37efe204d7159cddd) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: add JSON format to summary outputDavide Gardenal2022-05-141-18/+33
| | | | | | | | | | | | | | Create generate_json_report including all the code used to generate the JSON manifest file. Add to cve_save_summary_handler the ability to create the summary in JSON format. (From OE-Core rev: d8ef964ffeb92684d01d71c983af9dbb1e1b0c4f) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: let the user to drive the update intervalMarta Rybczynska2022-05-141-1/+10
| | | | | | | | | | | | | | | | Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set the database update interval. - a positive value sets an interval (in seconds) - a zero ("0") forces the database update (From OE-Core rev: ce79a724dc0f9baac480cbadc05894ffcaf48eb7) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: update the CVE database once a day onlyMarta Rybczynska2022-05-141-2/+2
| | | | | | | | | | | | | | | | | | | | | The update of the NVD database was expected to happen once per hour. However, the database file date changes only if the content was actually updated. In practice, the check worked for the first hour after the new download. As the NVD database changes usually only once a day, we can just update it less frequently. (From OE-Core rev: d0a56ad3a278e18e766f833619cf97869bdf6a4c) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 88f2fb1581a17b2cf59a694ca9afb89e38ed40b5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: no need to depend on the fetch taskRoss Burton2022-05-141-1/+1
| | | | | | | | | | | | | | | The only part of the cve-check task which needs files is the patch examination, and typically these patches are local so fetch isn't needed. (From OE-Core rev: 72e5204bc7272414cc7bcfba18f52a177242ed79) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 3dc8edd6611e7ad4abcece44ca4701eda7aeff94) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/5.4: update to v5.4.192Bruce Ashfield2022-05-143-18/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updating to the latest korg -stable release that comprises the following commits: 1d72b776f6dc Linux 5.4.192 aa2a047b5842 mm, hugetlb: allow for "high" userspace addresses 6a79b2433eb1 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs b69e60f6fc00 tty: n_gsm: fix incorrect UA handling 0f4be29febdc tty: n_gsm: fix wrong command frame length field encoding 21cc640385b4 tty: n_gsm: fix wrong command retry handling 49c40febd45c tty: n_gsm: fix missing explicit ldisc flush 85522dcf0053 tty: n_gsm: fix insufficient txframe size 563bb0f794ca netfilter: nft_socket: only do sk lookups when indev is available fae209521000 tty: n_gsm: fix malformed counter for out of frame data cec2d0782a7b tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 a6d9847a4f82 x86/cpu: Load microcode during restore_processor_state() 9e9d12b81df6 net: ethernet: stmmac: fix write to sgmii_adapter_base 10ba1ac9a22a drivers: net: hippi: Fix deadlock in rr_close() a8275219759e cifs: destage any unwritten data to the server before calling copychunk_write 5335370366a3 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 0ecc5304e80a ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() 781571034993 ASoC: wm8731: Disable the regulator when probing fails a71df406a6a5 tcp: fix F-RTO may not work correctly when receiving DSACK a4ed61e30e32 ixgbe: ensure IPsec VF<->PF compatibility 406aaef0feae bnx2x: fix napi API usage sequence c3e7ea58608a tls: Skip tls_append_frag on zero copy size cd5cec3a0c8f drm/amd/display: Fix memory leak in dcn21_clock_source_create ffce11a39102 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK 3a179538bfd7 net: bcmgenet: hide status block before TX timestamping 8ef6d60aa2f1 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() 194f474ad9b4 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() e80054ea0cde tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT 685ff7d24487 ip_gre: Make o_seqno start from 0 in native mode 69555bb27b2e net/smc: sync err code when tcp connection was refused daca23846eb3 net: hns3: add validity check for message data length 7763a7956632 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe f5bb5940d754 pinctrl: pistachio: fix use of irq_of_parse_and_map() d22fc603694b arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock 68f5200a1f60 ARM: dts: imx6ull-colibri: fix vqmmc regulator c45180375afd sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2cba635570d8 tcp: ensure to use the most recently sent skb when filling the rate sample 3ea6190be92f tcp: md5: incorrect tcp_header_len for incoming connections 2b9a13d98dfc bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook 2e7f70d324ef mtd: rawnand: Fix return value check of wait_for_completion_timeout 2a36ba067b36 ipvs: correctly print the memory size of ip_vs_conn_tab abe86a10dc5c ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 54212850e38f ARM: dts: am3517-evm: Fix misc pinmuxing bba67fe6b022 ARM: dts: Fix mmc order for omap3-gta04 416e0f890732 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe 6ff7c1b827c8 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe 59bdaed5dd73 ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek dbce8fc16a08 phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks b7fc45354be6 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init dd99939b70c4 phy: samsung: exynos5250-sata: fix missing device put in probe error paths 6331b77fdc17 phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe fccbc3168e5e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue b8f0c19d4864 USB: Fix xhci event ring dequeue pointer ERDP update issue 1f47c2625773 mtd: rawnand: fix ecc parameters for mt7622 0405bd7f1888 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards 5f80b5c5f406 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards f6db63819db6 video: fbdev: udlfb: properly check endpoint type c00f3892f4f0 hex2bin: fix access beyond string end 15b78a8e38e8 hex2bin: make the function hex_to_bin constant-time 73f4668ee875 arch_topology: Do not set llc_sibling if llc_id is invalid a3cdd33ca163 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device 89a5728b053c serial: 8250: Also set sticky MCR bits in console restoration 42f749f2232a serial: imx: fix overrun interrupts in DMA mode d29c197df7fa usb: dwc3: gadget: Return proper request status 0f3d081315c5 usb: dwc3: core: Fix tx/rx threshold settings e2ec7b1f6a06 usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() debb276670b0 usb: gadget: uvc: Fix crash when encoding data for usb request 324e67c3b2fc usb: typec: ucsi: Fix role swapping 0366beb40239 usb: misc: fix improper handling of refcount in uss720_probe() 2c97a2b5ef84 iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() e82c726c94ec iio: dac: ad5446: Fix read_raw not returning set value 1aea30f87c65 iio: dac: ad5592r: Fix the missing return value. 1e8716a5c087 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms b8d3a4681f28 xhci: stop polling roothubs after shutdown c8fbc2f875b6 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions 68088dec9b3c USB: serial: option: add support for Cinterion MV32-WA/MV32-WB 56cbdb9d958a USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader 6b10dd966c12 USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS 890fc65448ea USB: quirks: add STRING quirk for VCOM device c4b31d41f5f2 USB: quirks: add a Realtek card reader 5666334ce3bf usb: mtu3: fix USB 3.0 dual-role-switch from device to host b2589647008f lightnvm: disable the subsystem c9af90f0c6b8 hamradio: remove needs_free_netdev to avoid UAF 7361a35bf330 hamradio: defer 6pack kfree after unregister_netdev 7dea5913000c floppy: disable FDRAWCMD by default 4426e6017f73 Linux 5.4.191 3c946909a3ed Revert "net: micrel: fix KS8851_MLL Kconfig" c028b81d062e block/compat_ioctl: fix range check in BLKGETSIZE 27da8d16e4f0 staging: ion: Prevent incorrect reference counting behavour cb158b152ea6 spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller 1b6ad2421084 jbd2: fix a potential race while discarding reserved buffers after an abort 0b1ba14ab263 ext4: force overhead calculation if the s_overhead_cluster makes no sense 425301ef608a ext4: fix overhead calculation to account for the reserved gdt blocks ea9c206111ea ext4, doc: fix incorrect h_reserved size 259dc49deaa2 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole faadbf7ac4f2 ext4: fix use-after-free in ext4_search_dir 0309665eb244 ext4: fix symlink file size not match to file content ddfe3babc546 arm_pmu: Validate single/group leader events 852b02d1f808 ARC: entry: fix syscall_trace_exit argument 016ba7cbed57 e1000e: Fix possible overflow in LTR decoding 1217cf141b24 ASoC: soc-dapm: fix two incorrect uses of list iterator aa7070556087 openvswitch: fix OOB access in reserve_sfa_size() d24e0d9d691b xtensa: fix a7 clobbering in coprocessor context load/store 4c26a96d0c29 xtensa: patch_text: Fixup last cpu should be master 8d6937c1e093 powerpc/perf: Fix power9 event alternatives 0dafb826ed70 drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage 013231f75fce KVM: PPC: Fix TCE handling for VFIO 9cf05812cb10 drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare 4f08e85ca0fc drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised 23f0ba5585a5 dma: at_xdmac: fix a missing check on list iterator a22f3c99268c ata: pata_marvell: Check the 'bmdma_addr' beforing reading 0441d3e95bca oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup 530d32ac52f7 EDAC/synopsys: Read the error count from the correct register 91367af460da stat: fix inconsistency between struct stat and struct compat_stat 837e319ebe62 scsi: qedi: Fix failed disconnect handling 4b813ce289ed net: macb: Restart tx only if queue pointer is lagging a1419bee4dde drm/msm/mdp5: check the return of kzalloc() 80b188da30aa dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info() 46f9fa0a6632 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant 12a753edd963 mt76: Fix undefined behavior due to shift overflowing the constant 7c48a6e62ddb cifs: Check the IOCB_DIRECT flag, not O_DIRECT 435142fbdcc0 vxlan: fix error return code in vxlan_fdb_append 99c2d9a52f37 ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant 3e28d157e5f2 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative 54be94d33660 reset: tegra-bpmp: Restore Handle errors in BPMP response 0cb2c00dd1ab ARM: vexpress/spc: Avoid negative array index when !SMP 3a5ad1b8db9f selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets d37295129efa netlink: reset network and mac headers in netlink_dump() 4c4f2a019ff9 l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 8c5ca6492a86 net/sched: cls_u32: fix possible leak in u32_init_knode() f883def54654 net/packet: fix packet_sock xmit return value checking e1bc684c81f1 net/smc: Fix sock leak when release after smc_shutdown() f10e5c9f226c rxrpc: Restore removed timer deletion 9a9c48159365 igc: Fix BUG: scheduling while atomic f9d5d17d234f igc: Fix infinite loop in release_swfw_sync 6d6271dbbbe5 dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources 65c36555bd7d dmaengine: imx-sdma: Fix error checking in sdma_event_remap ccf554d148eb ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component 6a20bf46c625 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek 6a54979c7830 ALSA: usb-audio: Clear MIDI port active flag after draining 9c99aacfb4c6 tcp: Fix potential use-after-free due to double kfree() 5a4f3eba211a net/sched: cls_u32: fix netns refcount changes in u32_change() b01b700e0c5a tcp: fix race condition when creating child sockets from syncookies ebb3b84596bd gfs2: assign rgrp glock before compute_bitstructs 660784e7194a can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path 2da11442a1e3 tracing: Dump stacktrace trigger to the corresponding instance bad7ed55756f mm: page_alloc: fix building error on -Werror=array-compare ac94e87675b2 etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (From OE-Core rev: 9784b5a0629cd223865a21a9b72641116d332cf0) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>