| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e]
CVE's Fixed:
CVE-2024-5535 openssl: SSL_select_next_proto buffer overread
(From OE-Core rev: 7d270bfe23cb5a543851ff6d3c9e273732a30865)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive).
Race condition resulting in potential remote code execution.
A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.
This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config)
though this makes denial-of service against sshd(8) considerably easier.
For more information, please refer to the release notes [1] and the
report from the Qualys Security Advisory Team [2] who discovered the bug.
[1] https://www.openssh.com/txt/release-9.8
[2] https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
References:
https://www.openssh.com/security.html
(From OE-Core rev: 39537bf4f9c0e25c63e984da367e6915da986ff5)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 06b5a2db1d079c86652534b6fc7e504f77604af4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 127df0ac9b55fa2a7f3269934854f805843d01cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
work arounds for:
oe-core/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb:do_compile
oe-core/meta/recipes-connectivity/connman/connman-gnome_0.7.bb:do_compile
oe-core/meta/recipes-support/libfm/libfm_1.3.2.bb:do_compile
http://errors.yoctoproject.org/Errors/Build/183127/
More fixes on ML (especially for -native with gcc-14 on host)
cdrtools: https://lists.openembedded.org/g/openembedded-core/message/198899
syslinux: https://lists.openembedded.org/g/openembedded-core/message/198901
(From OE-Core rev: 924dc9bd3b1b21a60ebb117b0abf81d2650aedd0)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 856ffc7d0893c1dc549baf401899947f70d31896)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes build with gcc-14, where default visibility is extended to
inline functions and getAll() function now falls into this category
and functions are marked hidden resulting in linking errors
Fixes
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/kea/2.5.8/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/14.0.1/ld: ./.libs/libdhcp4.a(dhcp4_srv.o): in function `isc::dhcp::Dhcpv4Srv::appendRequestedVendorOptions(isc::dhcp::Dhcpv4Exchange&)':
/usr/src/debug/kea/2.5.8/src/bin/dhcp4/dhcp4_srv.cc:2356:(.text+0xaac2): undefined reference to `isc::dhcp::CfgOption::getAll(unsigned int) const'
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/kea/2.5.8/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/14.0.1/ld: ./.libs/libdhcp4.a(dhcp4_srv.o): in function `isc::dhcp::OptionDescriptor isc::dhcp::CfgOption::get<unsigned int>(unsigned int const&, unsigned short) const':
/usr/src/debug/kea/2.5.8/src/lib/dhcpsrv/cfg_option.h:609:(.text+0xb288): undefined reference to `isc::dhcp::CfgOption::getAll(unsigned int) const'
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/kea/2.5.8/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/14.0.1/ld: ./.libs/libdhcp4.a(dhcp4_srv.o): in function `isc::dhcp::Dhcpv4Srv::appendRequestedOptions(isc::dhcp::Dhcpv4Exchange&)':
/usr/src/debug/kea/2.5.8/src/bin/dhcp4/dhcp4_srv.cc:2128:(.text+0xc556): undefined reference to `isc::dhcp::CfgOption::getAll(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const'
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/kea/2.5.8/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/14.0.1/ld: ./.libs/libdhcp4.a(dhcp4_srv.o): in function `std::vector<isc::dhcp::OptionDescriptor, std::allocator<isc::dhcp::OptionDescriptor> > isc::dhcp::CfgOption::getList<char [6]>(char const (&) [6], unsigned short) const':
/usr/src/debug/kea/2.5.8/src/lib/dhcpsrv/cfg_option.h:641:(.text._ZNK3isc4dhcp9CfgOption7getListIA6_cEESt6vectorINS0_16OptionDescriptorESaIS5_EERKT_t[_ZNK3isc4dhcp9CfgOption7getListIA6_cEESt6vectorINS0_16OptionDescriptorESaIS5_EERKT_t]+0x86): undefined reference to `isc::dhcp::CfgOption::getAll(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const'
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/kea/2.5.8/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/14.0.1/ld: ./.libs/libdhcp4.a(dhcp4_srv.o): in function `isc::dhcp::OptionDescriptor isc::dhcp::CfgOption::get<char [6]>(char const (&) [6], unsigned short) const':
/usr/src/debug/kea/2.5.8/src/lib/dhcpsrv/cfg_option.h:609:(.text._ZNK3isc4dhcp9CfgOption3getIA6_cEENS0_16OptionDescriptorERKT_t[_ZNK3isc4dhcp9CfgOption3getIA6_cEENS0_16OptionDescriptorERKT_t]+0x77): undefined reference to `isc::dhcp::CfgOption::getAll(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:651: kea-dhcp4] Error 1
(From OE-Core rev: a68a3d40bf9226158d2c6433d3124be82eb02c63)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 584940c2f3234bfaf579429e162e683934e86538)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libc-compat.h fix for musl was obsolete after 4.16.0 release of iproute2.
Drop it.
(From OE-Core rev: 2e3588ce3f0f14e6e0e6d2f4b6d8a52b68309394)
Signed-off-by: Maxin John <maxin.john@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad57a1e124a1de7af7ef8479ed779230e923d3af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ppp package has "RSA Data Security" license text in
Message-Digest Algorithm source file ppp-md5.c and ppp-md4.c
Add RSA-MD in LICENSE field for ppp package
(From OE-Core rev: 5feddad534ecf97279dfe5ec076aa3ed2eec6456)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c58193c898b0ea28c3931a57dca5bb829a44051)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather, adjust the sed invocation to do the correct thing directly.
(From OE-Core rev: a57f48c3bb37d5154ea2ef821525aa8706f9cb37)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 804afb2eb9cc2b5650faa80816f377fa5b72fb38)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE's Fixed by upgrade:
CVE-2024-4741: Fixed potential use after free after SSL_free_buffers() is called
CVE-2024-4603: Fixed an issue where checking excessively long DSA keys or parameters may be very slow
CVE-2024-2511: Fixed unbounded memory growth with session handling in TLSv1.3
Bugs Fixed by upgrade:
#23560: Fixed bug where SSL_export_keying_material() could not be used with QUIC connections
Removed backports of CVE-2024-2511, CVE-2024-4603 and bti.patch as they
are already fixed.
Detailed Information:
https://github.com/openssl/openssl/blob/openssl-3.2/CHANGES.md#changes-between-321-and-322-4-jun-2024
(From OE-Core rev: f99c9346c225b862cc26923e823c35484beb797f)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Advisory: https://github.com/advisories/GHSA-85xr-ghj6-6m46
(From OE-Core rev: bd6a6733c9a7af90ef86ef9316ff31bc996250b5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
-Create the pruning task in the dns_cache_flush(), so
the cache pruning still works after the flush.
-Improve the TTL-based cleaning by removing the expired
headers from the heap, so they don't block the next
cleaning round and clean more than a single item for
each new addition to the RBTDB.
-Revert change 6319 and decrease lock contention during
RBTDB tree pruning by not cleaning up nodes recursively
within a single prune_tree() call.
-Address use after free in expire_lru_headers.
(From OE-Core rev: 5b3ba5f021f3bd532238dad57772c8416da61c14)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17cecd0d9d0d734d408701d861692ca5987f4ad9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Patch: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
News: https://github.com/openssl/openssl/commit/b7acb6731a96b073d6150465bd090e2052a595c2
(From OE-Core rev: b439d1c9e5a115bbb5193a2df25e84291cc07bec)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
OpenSSH supports FIDO security keys in both the client
and server. Add an option to support them in oe.
This change requires a new recipe that I've submitted to
meta-openembedded that has not merged yet.
(From OE-Core rev: 74451a65f29b16f78b008b3ac70c99c2d61a7cad)
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On aarch64, if the processor doesn't have the Crypto instructions then
OpenSSL will fall back onto the "bit-sliced" assembler routines. When
branch protection (BTI) was enabled in OpenSSL these routines were
missed, so if BTI is available libssl will immediately abort when it
enters this assembler.
Backport a patch submitted upstream to add the required call target
annotations so that BTI doesn't believe the code is being exploited.
(From OE-Core rev: 438a390e8e1811bc2d3820c1cd2b8e099e70064a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO #15415]
The new openssh version has an ICE on powerpc64le similar to the one on
mips/mips64[1]. By adding flag "--without-hardening" to "./configure",
compiler option "-fzero-call-used-regs" will be removed when compiling. This
prevents certain functions from triggering the following ICE:
unimplemented: argument 'used' is not supported for '-fzero-call-used-regs' on this target
References
[1] https://git.openembedded.org/openembedded-core/commit/?id=5b290566519a87c563945a033cb49863317ad63d
(From OE-Core rev: bc793fa9d1fe24c102d91e97b7002b6e637cbfa5)
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
-Add support for new provision database format.
-Add support for Quectel EG96 modem.
(From OE-Core rev: c24adeab8287bcedfd04dc67b08dd8b57cfa42ef)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
PEAP client: Update Phase 2 authentication requirements. Also see
https://www.top10vpn.com/research/wifi-vulnerabilities/
(From OE-Core rev: 57b6a329df897de69ae8b90706d9fe37e0ed6d35)
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is updated in openssl [1] since opensssl 3.2.0-alpha1 onwards
[1] https://github.com/openssl/openssl/commit/b625e21e67666213ffd3ba6b1f2cd8a847ba6b66
(From OE-Core rev: 1e5b30d92da2e51e6a4ba75e2cc1e9ccebc8efe7)
Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
CVE_STATUS was set for those components, but meanwhile databases are updated
with corrected information, so setting the CVE_STATUS is not needed anymore.
(From OE-Core rev: 5ec6057cfa66ceeb33bec013e320f8e3fa7d7ecf)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since be0e796299b0 ("build: ship all config files with
--enable-datafiles") in bluez, installing input.conf and network.conf
has been redundant, as the bluez5 recipe already includes
--enable-datafiles.
(From OE-Core rev: 49391fdcf71b32c5fd3c7b134c1d1c45cc1db388)
Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
- Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
- Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
9.18.22:
- Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
- Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
- Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
- Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
- Address race conditions in dns_tsigkey_find().
[GL #4182]
- Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
- Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
- Log more details about the cause of "not exact" errors.
[GL #4500]
- The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
- The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
- Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
- NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
(From OE-Core rev: d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade libuv to pull in the fix for CVE-2024-24806
Changes:
* misc: remove deprecated stalebot file (Jameson Nash)
* build: disable windows asan buildbot (Ben Noordhuis)
* test: don't run tcp_writealot under msan (Ben Noordhuis)
* build,win: remove extraneous -lshell32 (Ben Noordhuis)
* unix: ignore ifaddrs with NULL ifa_addr (Stephen Gallagher)
* unix,win: utility for setting priority for thread (Hao Hu)
* pipe: add back error handling to connect / bind (Jameson Nash)
* test: check if ipv6 link-local traffic is routable (Ben Noordhuis)
* win: remove check for UV_PIPE_NO_TRUNCATE (Jameson Nash)
* linux: disable io_uring on hppa below kernel 6.1.51 (matoro)
* unix,win: fix read past end of pipe name buffer (Ben Noordhuis)
* unix: unbreak macOS < 10.14 (Sergey Fedorov)
* aix: disable ipv6 link local (Abdirahim Musse)
* doc: move cjihrig to emeriti (cjihrig)
* unix: correct pwritev conditional (Bo Anderson)
* test_fs.c: Fix issue on 32-bit systems using btrfs (Stephen Gallagher)
* misc: ignore libuv-release-tool files (Jameson Nash)
* win: honor NoDefaultCurrentDirectoryInExePath env var (Ardi Nugraha)
* idna: fix compilation warning (Saúl Ibarra Corretgé)
* linux: remove HAVE_IFADDRS_H macro (Ben Noordhuis)
* test: skip tcp-write-in-a-row on IBM i (Abdirahim Musse)
* build,win: work around missing uuid.dll on MinGW (Anton Bachin)
* win: stop using deprecated names (Matheus Izvekov)
* unix,win: fix busy loop with zero timeout timers (Matheus Izvekov)
* aix,ibmi: use uv_interface_addresses instead of getifaddrs (Abdirahim
Musse)
* linux: fix bind/connect for abstract sockets (Santiago Gimeno)
* win: replace c99 comments with c89 comments (Trevor Flynn)
* build: add .cache clangd folder to .gitignore (Juan José Arboleda)
* unix: support full TCP keep-alive on Solaris (Andy Pan)
* freebsd: fix F_KINFO file path handling (David Carlier)
* linux: retry fs op if unsupported by io_uring (Santiago Gimeno)
* freebsd: fix build on non-intel archs (David Carlier)
* unix: optimize uv__tcp_keepalive cpp directives (Andy Pan)
* linux: disable io_uring on ppc64 and ppc64le (Brad King)
* doc: add very basic Security Policy document (Santiago Gimeno)
* build: re-enable msvc-asan job on CI (Jameson Nash)
* win/spawn: optionally run executable paths with no file extension
(Brad King)
* win: fix ESRCH implementation (Jameson Nash)
* unix,win: reset the timer queue on stop (Santiago Gimeno)
* fix: always zero-terminate idna output (Ben Noordhuis)
* fix: reject zero-length idna inputs (Ben Noordhuis)
* test: empty strings are not valid IDNA (Santiago Gimeno)
* Merge pull request from GHSA-f74f-cvh7-c6q6 (Ben Noordhuis)
(From OE-Core rev: 15110dc982bd65a6165693568b57c91c662812b4)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately the new openssh version has an ICE on mips. This looks similar to:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104817
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104820
Given how long these have been open, workaround the issue by disabling the compiler
hardening options on mips.
It is likely better to do this than have the open CVEs for everyone
as we can't upgrade.
An example:
| during RTL pass: zero_call_used_regs
| clientloop.c: In function 'client_loop':
| clientloop.c:1699:1: internal compiler error: in int_mode_for_mode, at stor-layout.cc:407
| 1699 | }
| | ^
| 0x14d0acc internal_error(char const*, ...)
| ???:0
| 0x5cf765 fancy_abort(char const*, int, char const*)
| ???:0
| 0x826f1f emit_move_insn_1(rtx_def*, rtx_def*)
| ???:0
| 0x8270c5 emit_move_insn(rtx_def*, rtx_def*)
| ???:0
| 0xb7b994 default_zero_call_used_regs(HARD_REG_SET)
| ???:0
| Please submit a full bug report, with preprocessed source (by using -freport-bug).
| Please include the complete backtrace with any bug report.
(From OE-Core rev: 5b290566519a87c563945a033cb49863317ad63d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Relocate Upstream-Status in 0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
so it will not throw an error in AUH
https://www.openssh.com/txt/release-9.6
https://github.com/openssh/openssh-portable/compare/V_9_5_P1...V_9_6_P1
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://nvd.nist.gov/vuln/detail/CVE-2023-51384
https://nvd.nist.gov/vuln/detail/CVE-2023-51385
CVE: CVE-2023-48795
CVE: CVE-2023-51384
CVE: CVE-2023-51385
(From OE-Core rev: 8416c8d1b57dd6c9c7890aac962feb63bac6429b)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libpcap is requirements to other recipes that could be integrated in
a SDK.
Add nativesdk to BBCLASSEXTEND.
(From OE-Core rev: c085ddaa1d4a508470f9a9b37352d62a4587bc7f)
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-0727 and CVE-2023-6237
Removed included patch backports.
New module was implemented in tests and needs to be installed
to successfully pass 04-test_provider.t test.
Release information:
https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-320-and-openssl-321-30-jan-2024
(From OE-Core rev: b50f1c4ccac12e9dbdeb5a6fec0413c9cd901d88)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 7fa10f29b31f8aae572026a00a6354aec539d044)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 42337d49cdd4f4598236f996a5db8517fd9e8ca8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix issue with handling SMS submit report sizes.
-Fix issue with handling operator name and ISI modems.
(From OE-Core rev: b9b0e4967845baac137905e12e63535046bf7256)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 569285695e43128dafd77ad33d12a8eeb29fd88d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bind-ensure-searching-for-json-headers-searches-sysr.patch
refreshed for 9.18.21
Changelog:
==========
-Improve LRU cleaning behaviour.
-The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are
deprecated; a warning will be logged if they are used.
-BIND might sometimes crash after startup or re-configuration when one 'tls'
entry is used multiple times to connect to remote servers due to initialisation
attempts from contexts of multiple threads. That has been fixed.
-Dig +yaml will now report "no servers could be reached" also for UDP setup
failure when no other servers or tries are left.
-Recognize escapes when reading the public key from file.
-Dig +yaml will now report "no servers could be reached" on TCP connection
failure as well as for UDP timeouts.
-Deprecate AES-based DNS cookies.
(From OE-Core rev: b750d54622a0fa0a35d83ddc59f07661e903360b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Backport a typo fix RISCV_HAS_ZKND_ZKNE -> RISCV_HAS_ZKND_AND_ZKNE
(From OE-Core rev: 2b2bf78c7250a23a476f168d3f1789496c1c27e9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
52ae965 bump version to 6.7
ac7e46b update nl80211.h
44686ac iw: allow extra cflags
e2224c7 iw: S1G: add 802.11ah support for link command display
7298198 update nl80211.h
a1c9376 iw: connect: Fix segfault during open authentication
ea706b3 iw: fix attribute size mismatch
cb491fa iw: add more extended capa bits
cf26fc9 iw: Fix EHT rates printing.
f2d9f5b iw: S1G: add list command support for 802.11ah
1bc6ab0 iw: S1G: add parsing for 802.11ah scan IE's
a32046b iw: S1G: add frequency set in kHz and offset options
f5e3b43 util: don't print EHT info if not present
7794573 interface: print links
221875e link: update for MLO
5f64b70 link: fix some formatting
29555e1 iw: scan: set NL80211_SCAN_FLAG_COLOCATED_6GHZ in case of full sched scan
997e5f1 util: add support for 320MHz bandwidth without cf1
81d112f util: add support for 320Mhz bandwidth
de3da80 update nl80211.h
d6fd275 iw: event: fix printf format error
cc660cc iw: add support for retrieving keys
c4743bb iw: info: fix bug reading preambles and bandwidths
82e6fba iw: add cac background command
ad2f2f8 iw: info: print PMSR capabilities
(From OE-Core rev: e44ce3000864407b773f64581ba6eac38b8297c6)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: d0139bcbe0499e570f02f8f7b7e364763f7359ec)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add systemd-sshd-socket-mode PACKAGECONFIG option to choose installing
sshd.socket and systemd-sshd-service-mode PACKAGECONFIG option to choose
installing sshd.service.
The systemd-sshd-socket-mode PACKAGECONFIG option is enabled by default
and user can choose the above two PACKAGECONFIG option to customize the
sshd mode.
(From OE-Core rev: bc830ad3c6a11af1a350dca7f33f0682aeee0d21)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The update from 2.4 to 2.5 was almost something AUH could take care of.
However, we had backported two patches to address CVE-2023-40303 and
that threw off AUH. These changes are confirmed to be in 2.5, so drop
them and update to 2.5.
(From OE-Core rev: e1bffeab27b062884f6366cde24ce1c67e7ec03e)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
refreshed for 10.0.6
Changelog:
==========
-privsep: Stop proxying stderr to console and fix some detachment issues
-non-privsep: Fix launcher hangup
-DHCP6: Allow the invalid interface name - to mean don't assign an address from a delegated prefix
-DHCP6: Load the configuration for the interface being activated from prefix delegation
(From OE-Core rev: 9f813cdbb789423219cb83affd40cd0f3c377485)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
-The library version numbers have been bumped up for the Kea 2.4.1 stable release.
-Fixed interface redetection which had stopped working since Kea 2.3.6.
-Fixed a race condition in free lease queue allocator
fix-multilib-conflict.patch
fix_pid_keactrl.patch
refreshed for 2.4.
(From OE-Core rev: 7afab39fd1c3239df3bb2fa49b79a5efaaaf9db6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The assembler sections in OpenSSL were not marked as valid call targets,
so branch protection could not be enabled for libcrypto.so.
(From OE-Core rev: 4bf06bc5487da05e6b4a4895e5ca2da65cdc25d8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
import patches from ubuntu to fix
CVE-2023-1981
CVE-2023-38469-2
CVE-2023-38470-2
CVE-2023-38471-2
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
&
https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
&
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
&
https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]
Ref: https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/nanbield-nut&id=a9203c46cd64c3ec5e5b00e381bbac85733f85df
(From OE-Core rev: 2b0d8a63a212897b33e85cc3694cd9a3d6e09ca8)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Update Upstream-Status for 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch.
(From OE-Core rev: 7189d1ea5c066b9ffc52103160bb34945fd779d7)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: cb1b191fa4a275dab1f7f66a0e60563696c6d64d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove backported patch 0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch.
* Add 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch to fix build with musl
(From OE-Core rev: ff416e9fd6a1a65cf59ecd662613581b6190e05e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role
HID Device to initiate and establish an encrypted connection, and accept HID
keyboard reports,potentially permitting injection of HID messages when no user
interaction has occurred in the Central role to authorize such access. An example
affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases,
a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45866
Upstream patches:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
(From OE-Core rev: ef93aa6a815f2732dadf14e2d7e62c15c46b6007)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. No chagne on license [1], original md5 is not right because
beginline=241 does not match
2. Fix two compile and one install failures
[1] https://repo.or.cz/socat.git/blobdiff/c9ff62744f4140418f4edce7e395d1a30e9161b1..2da070164d454971d5c970b5278e645051f0d0f7:/README
(From OE-Core rev: a8cb052a78d0422acb52c402a3836f4ee174ee66)
Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Avahi has moved to a new parent organisation on GitHub, so update the
URLs to match.
(From OE-Core rev: 02caef1567186f250e64ae3ef84fcff33d7323e4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
upgrade include fix for CVE-2023-5678.
Changes in 3.2.0
https://www.openssl.org/news/cl32.txt
drop upstreamed 0001-Link-libatomic-on-riscv32.patch.
drop fix_random_labels.patch as fixed by
https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf
(From OE-Core rev: 5a40f27051a1d40af41e7260b9f693a3c27c321f)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
* resolvconf(8): Fix new paragraph.
* Move binaries to /usr.
(From OE-Core rev: 38d558ea63c66fd02d2c3fab79dae8ce65e4aa13)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix issue with udev tracking of devices.
-Fix issue with QMI WDA initialization.
-Fix issue with handling QMI premultiplexed contexts.
-Fix issue with additional context types in MBPI.
-Remove CDMA support.
(From OE-Core rev: 574d113dd56098e08fad9bfff79e93f0d35ca0b9)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bluez 5.69 added a regression. Bluetooth connection for playstation controllers
stopped working. This adds a backport patch for the issue
(From OE-Core rev: be05a177f943e9c8ce6c0fdbd157ee6f9103eef9)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
