| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
4aa2e7393e14 Linux 5.4.173
e245aaefef39 ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
d40f6eeaf513 mtd: fixup CFI on ixp4xx
1451deb164e1 ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
7b98f61b8388 KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
5c69ba9e80f0 firmware: qemu_fw_cfg: fix kobject leak in probe error path
1cc36ed56138 firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
b543e4141570 firmware: qemu_fw_cfg: fix sysfs information leak
b25e9ef29d8f rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
8716657b1b4b media: uvcvideo: fix division by zero at stream start
70ae85ca124e KVM: s390: Clarify SIGP orders versus STOP/RESTART
9b45f2007ea3 perf: Protect perf_guest_cbs with RCU
bd2aed0464ae vfs: fs_context: fix up param length parsing in legacy_parse_param
c2f067d4ad4a orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
5d6af67307e8 devtmpfs regression fix: reconfigure on each mount
c117b116e6b3 kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
(From OE-Core rev: ef0ad77daccaef02d99c75833c78664fea887680)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake. The variable CMAKE_LDFLAGS_FLAGS is spelled incorrectly, cmake expects
CMAKE_SHARED_LINKER_FLAGS, CMAKE_STATIC_LINKER_FLAGS, CMAKE_EXE_LINKER_FLAGS and
CMAKE_MODULE_LINKER_FLAGS to be set instead. As cmake already correctly initializes
these from environment there is no need to specify the linker flags in the toolchain
file at all. So this just removes the variable, as its value was also set wrong.
(From OE-Core rev: cf17fc284bcffe1d5b0797c733bcc2eb293a5d8f)
Signed-off-by: Martin Beeger <martin.beeger@online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52e59a5b37f55905ee693a99f9ffc34ed41b4283)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpmbuild can start processing random memory when processing the value
provided by XZ_THREADS, and unintentionally disable encoding for a
file descriptor that in fact requires encoding to be enabled in order
for lzwrite() to actually create an rpm.
*** Fdopen(0x7f2030002b30,w6T16.xzdio) | fdio 23 fp (nil)
==> lzopen_internal("w6T16", 23, 1)
==> lzopen_internal set encoding
==> lzopen_internal clear encoding
==> Fdopen(0x7f2030002b30,"w6T16.xzdio") returns fd 0x7f2030002b30 | xzdio 0x7f2030004e30 fp 23 | fdio -1 fp (nil)
==> lzwrite(0x7f2030004e30, 0x7f20789d8070, 6) encoding 0
==> Fwrite(0x7f2030002b30,0x7f20789d8070,6) rc -1 | xzdio 0x7f2030004e30 fp 23 | fdio -1 fp (nil)
error: create archive failed: cpio: write
When the encoding bit gets cleared on the LZFILE* struct, lzwrite() then
rightfully complains when it detects !lzfile->encoding, which then gets
bubbled up as a write failure when we go to create the archive.
This fix is available in the rpm 4.17-release.
(From OE-Core rev: b093005d31467d89b00af621f86eb5cac7f845af)
Signed-off-by: Kyle Russell <bkylerussell@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Create directory of the CVE_CHECK_MANIFEST variable before copy to it,
so that the variable can use an arbitrary directory name.
(From OE-Core rev: ee05539fc6fadff7f14c8609641021fc497cbd8e)
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9829c16301bf2dce39fa046401a984f112fa0322)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 26daab8a30661b64d2ee3de030e472da5160b387)
Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02]
(From OE-Core rev: be665a2279795c522cb3e3e700ea747efd885f95)
(From OE-Core rev: 9793eac0988f10ec2e4cbe0e4fc494ff4dd29585)
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 823d25f5218836fb4298482366fbc5d05d822907)
Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.
(From OE-Core rev: d54d7e7b43da621be8e6fcca34feb7b3d49b8160)
(From OE-Core rev: bf57c164501c0a60279d069aa8130fb622db8273)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7695d11dd09b1e9e87d6741135d0b28e82672f0a)
Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementations of SAE in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side channel attacks as a result
of cache access patterns. NOTE: this issue exists because of an
incomplete fix for CVE-2019-9494.
Backport patches from:
https://w1.fi/security/2022-1/
CVE: CVE-2022-23303 CVE-2022-23304
(From OE-Core rev: 13ae7a3f4bbe7abafae3136190cf43d226271413)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based
buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or
RDLENGTH (for A or AAAA).
Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
CVE: CVE-2021-33833
(From OE-Core rev: 8eb4fdd19fe4b275c26c49120b364cd24ec151d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in the DNS proxy in Connman through 1.40.
The TCP server reply implementation has an infinite loop if no
data is received.
Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
CVE: CVE-2022-23098
(From OE-Core rev: af56acf66b4196c961a20ec59faa580cc3e3ee23)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in the DNS proxy in Connman through 1.40.
The TCP server reply implementation lacks a check for the presence
of sufficient Header Data, leading to an out-of-bounds read (CVE-2022-23096)
An issue was discovered in the DNS proxy in Connman through 1.40.
forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds
read (CVE-2022-23097)
Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
CVE: CVE-2022-23096 CVE-2022-23097
(From OE-Core rev: b8d925c1443c84500df74958aa2f75113b992453)
Signed-off-by: Steve Sakoman
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the
doProlog function.
Backport patch from:
https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1
CVE: CVE-2021-23990
(From OE-Core rev: 6a0c9607656970c669ff12cdafd39f4fb7082f6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 88c0290520c9e4982d25c20e783bd91eec016b52)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Country Local Matrix (CLM) blob brcmfmac4373-sdio.clm_blob was not
included with the files for the linux-firmware-bcm4373 package
but instead packaged with linux-firmware.
(From OE-Core rev: 4b748155e668bb67c90d43de5e083c092d2f5b1c)
Signed-off-by: Rudolf J Streif <rudolf.streif@ibeeto.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 18ba64d4a12e7275381cf34fe72b757accbb1544)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 9e8b2bc55792932e23d3b053b393b7ff88bffd6b)
(From OE-Core rev: 8f374ea044d5c3d2ea81917b3480149ca036674c)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recipe is just a single data file from shadow, but as we can't
easily tell what license that specific file is under just copy the full
license statement.
(From OE-Core rev: f0e2f3b1f855ea6e184bd1d8d796279fedcbfa33)
(From OE-Core rev: b4bd6c8a400a52fcd7b7e580cfee5b48f5756d1a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 65e3b23e1b266653fd30c90222e953f7e37fba0c)
(From OE-Core rev: a3a2044ae72fc73f64ea124465ec654e8c590eee)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 91cd1ef01a3f3883c04bac67af2672ec60e20fb8)
(From OE-Core rev: 12d4f5f2453fa314e2b374bee8fe86bdc99f837c)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 966fb77981e4fed0ab7998439940b1e05dd0ee43)
(From OE-Core rev: a7fe869c49bdc2e9a2b69b763779a642dc0c6e35)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code in question is licensed under the BSD-3-Clause license, so
including the generic "BSD" license is unnecessary.
(From OE-Core rev: c39fc075ce3fd5b53c2a2fccb43500ee0a12f39d)
(From OE-Core rev: e62c10d3560cd11441dbf648e19e3ed6269fa60d)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The lsof LICENSE is superficially BSD-like, but it isn't BSD. Now that
we have the full SPDX license set in oe-core, use Spencer-94.
(From OE-Core rev: 5c1d61d1d4dfacb643a366285c0392e6a31087ed)
(From OE-Core rev: 5ccd9b18c406517c8b7f25ac6e258f11d42556c9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required to correct lsof licensing
Previously added in master (along with many others), trimmed to
just Spencer-94 for dunfell
(From OE-Core rev: e2f9092c37395f4e3ee9d0777e28c83cce6007ee)
(From OE-Core rev: 5d5fdfa94c9e7b258a19fad8400b0ec93a47b0a4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This continues where commit 676757f "sstate: fix touching files inside
pseudo" and commit 29fc8599 "sstate: another fix for touching files
inside pseudo" left off.
The previous changes switched from trying to check if the sstate file is
writable before touching it, to always touching the sstate file and
ignoring any errors. However, if the sstate file is actually a symbolic
link that links to nothing, this would actually result in an empty
sstate file being created. And this in turn leads to that future
setscene tasks will fail when they try to unpack the empty file.
Change the code so that if an sstate file linking to nothing already
exists, it is overwritten with the new sstate file. Also change it so
that the temporary file that is used is always removed, even if ln
fails to link the sstate file to it.
Change-Id: I3800f98d0f2a0dd076352df85fad7c81460e733d
(From OE-Core rev: f3cd092bf9f66d8d73075e5b777d89d8598691dd)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DW_AT_specification tags.
Backport binutils upstream patch fixing sporadic link errors in c++ code.
This triggers at least on arm32 and aarch64 with qt5 based applications.
The ChangeLog part of the patch as well as space change is omitted.
Binutils bug report for this problem is here:
https://sourceware.org/bugzilla/show_bug.cgi?id=26520
(From OE-Core rev: 4aa6f775cd6c20c7296a2aab25ff462d581499d0)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add patches to fix CVE-2021-3995 and CVE-2021-3996
Also, add support include-strutils-cleanup-strto-functions.patch to
solve compilation error where `ul_strtou64` function not found which is
used in CVE-2021-3995.patch
(From OE-Core rev: c8c29e8927474f32343b1f6d47595df95f743cd2)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: f79b134c1ad77d7f508f443c1d155c898620087f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer
for configurations with a nonzero XML_CONTEXT_BYTES.
Backport patch from:
https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40
CVE: CVE-2022-23852
(From OE-Core rev: 37b618d44ebd965ba17bb61ddf6428cdaea876e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).
To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949
(From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a grub issue with incorrect values from an usb device. From the official
description from NVD [1]:
During USB device initialization, descriptors are read with very little
bounds checking and assumes the USB device is providing sane values.
If properly exploited, an attacker could trigger memory corruption leading
to arbitrary code execution allowing a bypass of the Secure Boot mechanism.
This patch is a part of a bigger security collection for grub [2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-25647
[2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: a339dee50be98931613e5525ccd2a623bcae7fd1)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix grub issue with module dereferencing. From the official description
from NVD [1]:
The rmmod implementation allows the unloading of a module used as
a dependency without checking if any other dependent module is still
loaded leading to a use-after-free scenario. This could allow
arbitrary code to be executed or a bypass of Secure Boot protections.
This patch is a part of a bigger security collection for grub [2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-25632
[2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
(From OE-Core rev: d61b9588e5691ef390cfc0f03dc6cb0d142f36de)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add patches to fix CVE-2021-3997.
Add additional below mentioned patches which are
required to fix CVE:
1. rm-rf-optionally-fsync-after-removing-directory-tree.patch
2. rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch
Link: http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz
(From OE-Core rev: b7f79fbf23488b954987dfc4aa867e42bdce7fee)
Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes the following fixes:
3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
e5c8da9826 <shlib-compat.h>: Support compat_symbol_reference for _ISOMAC
412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
547b63bf6d socket: Add the __sockaddr_un_set function
b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to stack-protector"
95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector
e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524)
094618d401 x86_64: Remove unneeded static PIE check for undefined weak diagnostic
Also add CVE-2022-23218 and CVE-2022-23219 to ignore list since they are fixed
by the above changes.
(From OE-Core rev: dc1aa22cf7287f574e32920cf9fdd4342d171ed1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: f3be01483b01c88f8c4ba24ca73ccf1bcc33665c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4efdcc1090 ("weston: Use systemd notify,") has non-trivial to
backport dependencies without which it cannot work, revert backport.
In oe-core dunfell, weston is still started using /usr/bin/weston-start
script in meta/recipes-graphics/wayland/weston-init/weston@.service .
Since 76ed534267 ("weston-init: Use weston-launch when starting weston
as the first windowing system"), the weston-start script starts weston
using weston-launch executable in case $DISPLAY is not set, i.e. when
weston is started as the primary compositor.
When weston is started via weston-launch, the notification to systemd
is not delivered, and weston service fails to start with the following:
"
weston@root.service: start operation timed out. Terminating.
"
The weston systemd service has been reworked considerably since oe-core
dunfell in commit c21fa5a291 ("weston-init: Redefine weston service and
add socket activation option"), which replaced the use of weston-start
in weston@.service with plain weston, and has been further improved in
commit dd83fb40f7 ("weston-init: Stop running weston as root") . The
commit reverted here, oe-core/master commit c8aa0222ce ("weston: wrapper
for weston modules argument"), landed only with the two aforementioned
reworks already in place, therefore the commit could have never been
tested with weston started via weston-launch executable and the timeout
at delivering systemd notification could not have happened in master.
Both c21fa5a291 ("weston-init: Redefine weston service and add socket
activation option") and dd83fb40f7 ("weston-init: Stop running weston
as root") are large feature patches and thus unsuitable for stable
backports, hence this revert seems to be the least problematic way.
(From OE-Core rev: dabd41819563ec63fc5bd5fd0f4af64230e58130)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Joshua Watt <JPEWhacker@gmail.com>
Cc: Pavel Zhukov <pavel.zhukov@huawei.com>
Cc: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This was being provided by other pieces of the dependency chain but is
specifically required by configure and could fail if those pieces come
from sstate. Fix such builds by adding the missing dependency.
(From OE-Core rev: 32dd9e93c8a49c07d28c8bf240145c9e48864de7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba2587beb2a3fb0ef9139f846e161542d2c5c4ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 5.16 kernel introduced mandatory schema checking on any dtb file
built through the kernel.
That funcionality is provided via python3-dt-schema.
The dependencies to enable that functionality is not small, and may
not always be desired (in particular on architectures that do not
support dtbs, or in development cycles). It may also be useful for
allowing a non-conformant dts to be compiled.
This commit introduces a set of wrapper scripts that when added
as a depenency to the kernel, can pass both the validation testing
and validation steps of a dts.
(From OE-Core rev: 010477bc44a90b1f0dea82fbb824c9c9038edc80)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backported from oe-core commit 2566563ad49d.
Signed-off-by: Paul Barker <paul.barker@sancloud.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
b7f70762d158 Linux 5.4.172
f415409551b0 staging: greybus: fix stack size warning with UBSAN
65c2e7176f77 drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
86ded7a6cf40 staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
a459686f986c media: Revert "media: uvcvideo: Set unique vdev name based in type"
7e07bedae159 random: fix crash on multiple early calls to add_bootloader_randomness()
517ab153f503 random: fix data race on crng init time
90ceecdaa062 random: fix data race on crng_node_pool
a4fa4377c91b can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
e90a7524b5c8 can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
9e9241d3345a drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
ada3805f1423 mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
d08a0a88db88 veth: Do not record rx queue hint in veth_xmit
a6722b497401 mmc: sdhci-pci: Add PCI ID for Intel ADL
1199f0928488 USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
43aac50196f3 USB: core: Fix bug in resuming hub's handling of wakeup requests
ed5c2683b67b Bluetooth: bfusb: fix division by zero in send path
784e873af3dc Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
ad07b60837b2 workqueue: Fix unbind_workers() VS wq_worker_running() race
(From OE-Core rev: 78d418fca20f997141d06d9c53194ec4e675860d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
0a4ce4977bbe Linux 5.4.171
0101f118529d mISDN: change function names to avoid conflicts
34821931e18e atlantic: Fix buff_ring OOB in aq_ring_rx_clean
44065cc11797 net: udp: fix alignment problem in udp4_seq_show()
0ad45baead37 ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
8b36aa5af4da scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
6a3ffcc9ffd0 usb: mtu3: fix interval value for intr and isoc
f0e57098243c ipv6: Do cleanup if attribute validation fails in multipath route
c94999cfbbbe ipv6: Continue processing multipath route even if gateway attribute is invalid
2a6a811a45fd phonet: refcount leak in pep_sock_accep
db0c834abbc1 rndis_host: support Hytera digital radios
72eb522ae6f1 power: reset: ltc2952: Fix use of floating point literals
159eaafee69b power: supply: core: Break capacity loop
102af6edfd3a xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
10f2c336929d net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
c0db2e1e60c6 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
bcbfc7780047 batman-adv: mcast: don't send link-local multicast to mcast routers
76936ddb4913 lwtunnel: Validate RTA_ENCAP_TYPE attribute length
2ebd777513d9 ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
a02d2be7eb48 ipv6: Check attribute length for RTA_GATEWAY in multipath route
34224e936a9d ipv4: Check attribute length for RTA_FLOW in multipath route
125d91f07233 ipv4: Check attribute length for RTA_GATEWAY in multipath route
1f46721836ee i40e: Fix incorrect netdev's real number of RX/TX queues
f98acd3b4dcf i40e: Fix for displaying message regarding NVM version
c340d45148c4 i40e: fix use-after-free in i40e_sync_filters_subtask()
38fbb1561d66 mac80211: initialize variable have_higher_than_11mbit
7646a340b25b RDMA/uverbs: Check for null return of kmalloc_array
5eb5d9c6591d RDMA/core: Don't infoleak GRH fields
415fc3f59595 iavf: Fix limit of total number of queues to active queues of VF
23ebe9cfda5e ieee802154: atusb: fix uninit value in atusb_set_extended_addr
aa171d748a36 tracing: Tag trace_percpu_buffer as a percpu pointer
db50ad6eec87 tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
cbbed1338d76 selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
6904679c8400 Input: touchscreen - Fix backport of a02dcde595f7cbd240ccd64de96034ad91cffc40
6e80d2ee44c6 f2fs: quota: fix potential deadlock
(From OE-Core rev: 69453657a67e356f31e998ca539d24d2ad86ddb9)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
047dedaa38ce Linux 5.4.170
2c3920c58e03 perf script: Fix CPU filtering of a script's switch events
fe5838c22b98 net: fix use-after-free in tw_timer_handler
46556c4ecd63 Input: spaceball - fix parsing of movement data packets
975774ea7528 Input: appletouch - initialize work before device registration
436f6d0005d6 scsi: vmw_pvscsi: Set residual data length conditionally
103b16a8c51f binder: fix async_free_space accounting for empty parcels
98cde4dd5ec8 usb: mtu3: set interval of FS intr and isoc endpoint
585e2b244dda usb: mtu3: fix list_head check warning
50434eb6098f usb: mtu3: add memory barrier before set GPD's HWO
240fc586e83d usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
20d80640fa61 xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
b364fcef9615 uapi: fix linux/nfc.h userspace compilation errors
245c5e43cd25 nfc: uapi: use kernel size_t to fix user-space builds
9e4a3f47eff4 i2c: validate user data in compat ioctl
a7d3a1c6d9d9 fsl/fman: Fix missing put_device() call in fman_port_probe
2dc95e936414 net/ncsi: check for error return from call to nla_put_u32
ef01d63140f5 selftests/net: udpgso_bench_tx: fix dst ip argument
20f6896787c5 net/mlx5e: Fix wrong features assignment in case of error
b85f87d30dba ionic: Initialize the 'lif->dbid_inuse' bitmap
1cd4063dbc91 NFC: st21nfca: Fix memory leak in device probe and remove
44cd64aa1c43 net: lantiq_xrx200: fix statistics of received bytes
3477f4b67ee4 net: usb: pegasus: Do not drop long Ethernet frames
831de271452b sctp: use call_rcu to free endpoint
3218d6bd6195 selftests: Calculate udpgso segment count without header adjustment
0a2e9f6a8f33 udp: using datalen to cap ipv6 udp max gso segments
db484d35a948 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
cc926b8f4d39 scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
44937652afdb selinux: initialize proto variable in selinux_ip_postroute_compat()
b536e357e73c recordmcount.pl: fix typo in s390 mcount regex
8d86b486e0de memblock: fix memblock_phys_alloc() section mismatch error
4606bfdaeb16 platform/x86: apple-gmux: use resource_size() with res
930d4986a432 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
7978ddae240b Input: i8042 - enable deferred probe quirk for ASUS UM325UA
f93d5dca7d84 Input: i8042 - add deferred probe support
940e68e57ab6 tee: handle lookup of shm with reference count 0
4b38b12092b4 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
(From OE-Core rev: 411adf3dbe122b42acc7810bc3034874fc36f473)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
4ca2eaf1d477 Linux 5.4.169
48c76fc53582 phonet/pep: refuse to enable an unbound pipe
a5c6a13e9056 hamradio: improve the incomplete fix to avoid NPD
ef5f7bfa19e3 hamradio: defer ax25 kfree after unregister_netdev
df8f79bcc2e4 ax25: NPD bug when detaching AX25 device
0333eaf38500 hwmon: (lm90) Do not report 'busy' status bit as alarm
bf260ff4a42f hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
f373298e1bf0 pinctrl: mediatek: fix global-out-of-bounds issue
bf04afb6137f mm: mempolicy: fix THP allocations escaping mempolicy restrictions
f5db6bc93494 KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
06c13e039d92 usb: gadget: u_ether: fix race in setting MAC address in setup phase
b0406b5ef4e2 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
806142c805ca tee: optee: Fix incorrect page free bug
5478b90270a3 ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
1c3d4122bec6 mmc: core: Disable card detect during shutdown
e9db8fc6c7af mmc: sdhci-tegra: Fix switch to HS400ES mode
d9031ce0b071 pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
c7b2e5850ba6 x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
ddc1d49e10a7 parisc: Correct completer in lws start
8467c8cb94a4 ipmi: fix initialization when workqueue allocation fails
8efd6a3391f7 ipmi: ssif: initialize ssif_info->client early
cd24bafefc17 ipmi: bail out if init_srcu_struct fails
5525d80dc9dd Input: atmel_mxt_ts - fix double free in mxt_read_info_block
737a98d91b07 ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
8df036befbc3 ALSA: drivers: opl3: Fix incorrect use of vp->state
fdaf41977d77 ALSA: jack: Check the return value of kstrdup()
44c743f63dd3 hwmon: (lm90) Drop critical attribute support for MAX6654
4615c9740575 hwmon: (lm90) Introduce flag indicating extended temperature support
c2242478f28d hwmon: (lm90) Add basic support for TI TMP461
d939660eff62 hwmon: (lm90) Add max6654 support to lm90 driver
055ca98d48ba hwmon: (lm90) Fix usage of CONFIG2 register in detect function
a7f95328c6f0 Input: elantech - fix stack out of bound access in elantech_change_report_id()
e12dcd4aa7f4 sfc: falcon: Check null pointer of rx_queue->page_ring
c11a41e26985 drivers: net: smc911x: Check for error irq
5d556b1437e1 fjes: Check for error irq
d7024080db82 bonding: fix ad_actor_system option setting to default
992649b8b168 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
2460d96c19a8 net: skip virtio_net_hdr_set_proto if protocol already set
621d5536b452 net: accept UFOv6 packages in virtio_net_hdr_to_skb
0b01c51c4f47 qlcnic: potential dereference null pointer of rx_queue->page_ring
685fc8d22489 netfilter: fix regression in looped (broad|multi)cast's MAC handling
79dcbd817615 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
78874bca4f27 spi: change clk_disable_unprepare to clk_unprepare
0c0ac2547c87 arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
6fa4e2992717 HID: holtek: fix mouse probing
2712816c10b3 serial: 8250_fintek: Fix garbled text for console
51c925a9bccc net: usb: lan78xx: add Allied Telesis AT29M2-AF
8f843cf57202 Linux 5.4.168
0d99b3c6bd39 xen/netback: don't queue unlimited number of packages
8bfcd0385211 xen/netback: fix rx queue stall detection
560e64413b4a xen/console: harden hvc_xen against event channel storms
3e68d099f09c xen/netfront: harden netfront against event channel storms
4ed9f5c511ce xen/blkfront: harden blkfront against event channel storms
192fe5739571 Revert "xsk: Do not sleep in poll() when need_wakeup set"
e281b7199236 net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info
96a1550a2b43 mac80211: fix regression in SSN handling of addba tx
66aba15a144a rcu: Mark accesses to rcu_state.n_force_qs
b847ecff8507 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
f9f300a92297 ovl: fix warning in ovl_create_real()
ba2a9d8f8ef1 fuse: annotate lock in fuse_reverse_inval_entry()
96f182c9f48b media: mxl111sf: change mutex_init() location
095ad3969b62 xsk: Do not sleep in poll() when need_wakeup set
29e9fdf7b681 ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
f6e9e7be9b80 Input: touchscreen - avoid bitwise vs logical OR warning
3d45573dfb6e mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
a19cf6844b50 mac80211: validate extended element ID is present
e070c0c990d7 drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
c9ee8144e409 libata: if T_LENGTH is zero, dma direction should be DMA_NONE
62889094939c timekeeping: Really make sure wall_to_monotonic isn't positive
241d36219aaa USB: serial: option: add Telit FN990 compositions
d2bb4378e2bb USB: serial: cp210x: fix CP2105 GPIO registration
bae7f0808202 usb: xhci: Extend support for runtime power management for AMD's Yellow carp.
3dc6b5f2a4d5 PCI/MSI: Mask MSI-X vectors only on success
c520e7cf82ac PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
ed31692a9758 USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
aae3448b78d9 USB: gadget: bRequestType is a bitfield, not a enum
ad0ed314d616 sit: do not call ipip6_dev_free() from sit_init_net()
c675256a7f13 net: systemport: Add global locking for descriptor lifecycle
2bf888fa4a5c net/smc: Prevent smc_release() from long blocking
56a6ffea18c2 net: Fix double 0x prefix print in SKB dump
027a13973dad net/packet: rx_owner_map depends on pg_vec
699e794c12a3 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
a97e7dd4b713 ixgbe: set X550 MDIO speed before talking to PHY
8addba6cab94 igbvf: fix double free in `igbvf_probe`
36844e250a2e igb: Fix removal of unicast MAC filters of VFs
bca4a53ea72c soc/tegra: fuse: Fix bitwise vs. logical OR warning
166f0adf7e75 rds: memory leak in __rds_conn_create()
9cb405ee5334 flow_offload: return EOPNOTSUPP for the unsupported mpls action type
066a637d1ce7 net: sched: lock action when translating it to flow_action infra
e7660f9535ad mac80211: fix lookup when adding AddBA extension element
f363af7c7045 mac80211: accept aggregation sessions on 6 GHz
1e6526148149 mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
ceb30f48d817 mac80211: agg-tx: refactor sending addba
eeaf9c0609e0 selftest/net/forwarding: declare NETIFS p9 p10
2252220d9ebb dmaengine: st_fdma: fix MODULE_ALIAS
18203fe17643 selftests: Fix IPv6 address bind tests
b46f0afa74e7 selftests: Fix raw socket bind tests with VRF
7b5596e53125 inet_diag: fix kernel-infoleak for UDP sockets
2c589cf07bd5 inet_diag: use jiffies_delta_to_msecs()
0d80462fbdca sch_cake: do not call cake_destroy() from cake_init()
2fba53ccfb1b s390/kexec_file: fix error handling when applying relocations
b380bf012d2b selftests: net: Correct ping6 expected rc from 2 to 1
ec5c00be7836 clk: Don't parent clks until the parent is fully registered
f83ed203c822 ARM: socfpga: dts: fix qspi node compatible
46b9e29db201 mac80211: track only QoS data frames for admission control
a6f18191c6c1 arm64: dts: rockchip: fix audio-supply for Rock Pi 4
86f2789e3c15 arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
4bb01424330d arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge
e0759696de68 nfsd: fix use-after-free due to delegation race
7243aa71509a iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
0d3277eabd54 audit: improve robustness of the audit queue handling
501ecd90efdc dm btree remove: fix use after free in rebalance_children()
b25e213522f6 recordmcount.pl: look for jgnop instruction as well as bcrl on s390
c0954f1010ad virtio_ring: Fix querying of maximum DMA mapping size for virtio device
802a1a850156 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
33f0dfab3187 mac80211: send ADDBA requests using the tid/queue of the aggregation session
873e664a83ef mac80211: mark TX-during-stop for TX in in_reconfig
ff3e3fdc737a KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
(From OE-Core rev: 6d0630b930113c9d778874b2d77a567275085218)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2020-23903.
CVE: CVE-2020-23903
(From OE-Core rev: 6afe9d7d0381b593c0b1e434c48008c7fa62750c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b8f56e5e9eef32c1e01742f913e205d93548de1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an
integer overflow exists for m_groupSize.
Backport patch from:
https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b
CVE: CVE-2021-46143
(From OE-Core rev: 41a65d27e4ecdc11977e2944d8af2f51c48f32ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
places in the storeAtts function in xmlparse.c can lead to realloc
misbehavior (e.g., allocating too few bytes, or only freeing memory).
Backport patch from:
https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea
CVE: CVE-2021-45960
(From OE-Core rev: 22fe1dea3164a5cd4d5636376f3671641ada1da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xmlparse.c has multiple integer overflows. The involved functions are:
- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)
Backport patch from:
https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
(From OE-Core rev: 3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inconsistency detected by ld.so: dl-tls.c: 493: _dl_allocate_tls_init: Assertion `listp->slotinfo[cnt].gen <= _rtld_local._dl_tls_generation' failed!
caused by dlopen (in _dl_add_to_slotinfo and in dl_open_worker) doing
listp->slotinfo[idx].gen = GL(dl_tls_generation) + 1;
//...
if (any_tls && __builtin_expect (++GL(dl_tls_generation) == 0, 0))
while pthread_create (in _dl_allocate_tls_init) concurrently doing
assert (listp->slotinfo[cnt].gen <= GL(dl_tls_generation));
Backported below patch that can fix the following bugs with a lock
that prevents DTV setup running concurrently with dlopen or dlclose.
Bug 19329: https://sourceware.org/bugzilla/show_bug.cgi?id=19329
Bug 27111: https://sourceware.org/bugzilla/show_bug.cgi?id=27111
Patch: 0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=1387ad6225c2222f027790e3f460e31aa5dd2c54
It requires a supporting patch
0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=c0669ae1a629e16b536bf11cdd0865e0dbcf4bee
After adding the above fix there is a number of racy read accesses
to globals that will be changed to relaxed MO atomics in follow-up
patch given below.
This fixes the regressions and avoids cluttering the main part
of the fix.
0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=f4f8f4d4e0f92488431b268c8cd9555730b9afe9
Backported the below patch to add the test to check the added fix.
0033-elf-Add-test-case-for-BZ-19329.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=9d0e30329c23b5ad736fda3f174208c25970dbce
Previously modids were never resused for a
different module, but after dlopen failure all gaps are reused
not just the ones caused by the unfinished dlopened.
The code has to handle reused modids already which seems to
work, however the data races at thread creation and tls access
(see bug 19329 and bug 27111) may be more severe if slots are
reused. Fixing the races are not simpler if reuse is disallowed
and reuse has other benefits so upstream added fix
https://sourceware.org/git/?p=glibc.git;a=commit;h=572bd547d57a39b6cf0ea072545dc4048921f4c3
for the following bug.
Bug 27135: https://sourceware.org/bugzilla/show_bug.cgi?id=27135
But in glibc upstream the commit 572bd547d57a was reverted as the
issue with 572bd547d57a patch was the DTV entry only updated on
dl_open_worker() with the update_tls_slotinfo() call after all
dependencies are being processed by _dl_map_object_deps(). However
_dl_map_object_deps() itself might call _dl_next_tls_modid(),
and since the _dl_tls_dtv_slotinfo_list::map was not yet set the
entry can be wrongly reused.
So added below patch to fix Bug 27135.
0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=ba33937be210da5d07f7f01709323743f66011ce
Not all TLS access related data races got fixed by adding
0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch,
there are additional races at lazy tlsdesc relocations.
Bug 27137: https://sourceware.org/bugzilla/show_bug.cgi?id=27137
Backported below patches to fix this issue.
0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=8f7e09f4dbdb5c815a18b8285fbc5d5d7bc17d86
0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=ddcacd91cc10ff92d6201eda87047d029c14158d
The fix 0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch
for bug 19329 caused a regression such that pthread_create can
deadlock when concurrent ctors from dlopen are waiting for it
to finish.
Bug 28357: https://sourceware.org/bugzilla/show_bug.cgi?id=28357
Backported below patch to fix this issue.
0037-Avoid-deadlock-between-pthread_create-and-ctors.patch
Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=024a7640ab9ecea80e527f4e4d7f7a1868e952c5
(From OE-Core rev: 01f256bc72fb45c80b6a6c77506bc4c375965a3a)
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New systemd has changed the phrasing when skipping things,
with unfortunate use of 'failed':
[ 1.623667] systemd[1]: Journal Audit Socket was skipped because of a failed condition check (ConditionSecurity=audit).
[ 1.688258] systemd[1]: Load Kernel Modules was skipped because all trigger condition checks failed.
(From OE-Core rev: da0d96eefd5d7e784b24cad0e41b9df05443034d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 743d09665a4ef743b1fa9ac382a713556dfce1a1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2011-4613 is specific to Debian/Ubuntu.
CVE-2020-25697 is a non-trivial attack that may not actually be feasible
considering the default behaviour for clients is to exit if the
connection is lost.
(From OE-Core rev: c477e35d01e7b8443b680f6456ac92a15fbfeaa2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit afa2e6c31a79f75ff4113d53f618bbb349cd6c17)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upstream pointed out we were using an old url for HOMEPAGE. Update it to the
current url.
(From OE-Core rev: 022750aaa128189f23063b741bf8396a527713d7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3a7e2ba247efe72154c263d1d680aaf3da5b609)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some of the CVEs have x_server as the product name.
(From OE-Core rev: 183a62e7de1ded1f271d8ba4d1b149a85159f4bd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d5d63cf8605515bb659b6b732683d7fe6540728)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this should prevent running into the very rare error
sqlite3.OperationalError: attempt to write a readonly database
As highlighted by https://www.sqlite.org/faq.html#q5
it is likely that the adapter won't allow use multiple exec calls
at the same time.
So it's best to prevent multiple accesses at a time, by reusing
the already in place CVE_CHECK_DB_FILE_LOCK
YOCTO #14110
(From OE-Core rev: 3c69e4eb08701516150c78cf8b48f3e90d197b2b)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 677f5741bd265be49d4a5bb933b3e8d8c4eec653)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
