From patchwork Thu May 11 21:28:05 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23844
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 99466C77B7F
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:28 +0000 (UTC)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com
 [209.85.210.182])
 by mx.groups.io with SMTP id smtpd.web10.8915.1683840503271107398
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:23 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=sGr6eaDF;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f182.google.com with SMTP id
 d2e1a72fcca58-6436dfa15b3so6157779b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840502;
 x=1686432502;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uxeDgBCYy5oAuQbd3QB29x0W3GOnDS4dKEwQUWamfx0=;
        b=sGr6eaDFSOStBHB7aGgQak1VfTOuwFVi3UnuNpNR3qb7kvBVf6JHRrhyNlF4p8laN7
         vWDqW+lmzDbLqFlMu3omlyn5weGH4w6T5MaVEzbyINQdeVSKOMh4fw6KO4Q52ap1E28D
         Z3u//1URvF8enW7Cm/1c4hU4j6K+LpTxxclUBu2+jPCJYovtwewLJmAWk1we3Oz/1KXC
         5m796Uz1KxBJfdXK6i+49G127DkVfWlUkMxfAPJg8DIoHw9esakuKVNUOM24DcwJGsN7
         Kv56UWDoeoLx33iM7Mqc5WWqhZjOROLOsps/eNliPM0ILY5izyGbB/+79zQ2Q82hbpvr
         mZsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840502; x=1686432502;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=uxeDgBCYy5oAuQbd3QB29x0W3GOnDS4dKEwQUWamfx0=;
        b=k3BRYvi5qLLOt82sZ3r/hYfIczSBcTw5ACdvpHFYwq6fqC+DElWgFCCiQzbXDqeLx4
         KI+4s8Z+x0DHbCDBPVCkjxmk/Z0K40Ct80sXO7vmtfOa5XK+noOHMBxbxzHBpFTzzMXs
         lk4VkJQPZtzcwYcFwT6LtxglNk7TTkxH1vqLWsahpTpaCODKNoYSkSaq3i/Majrlp3YX
         r1KcbyRz2qsxVUAIjXxcJLxdmnuKtlgW7Z3izrjwo764HNcBbxySyTN1pcvQd0/wXoG0
         owXYiIFALjqFf+B+dXJrs5aOqGWxRgUC0Nc1q4Bp3YQw/Ud8wjvAo+IgXys3sMQqhUhW
         smHQ==
X-Gm-Message-State: AC+VfDwALpG1THEXNz2pnREqZK1Qq9gAbvSLNr2TcZlfIKcFJ3bB1b2g
	ocX3WUzpdDjokcWN5ITEiiOeVCTmlfdaq2Md81o=
X-Google-Smtp-Source: 
 ACHHUZ5x42dXXACmjErY7t0CfvDUeKxFt/NmVAzMpFoRmlpEyscm01nGa9oRfFtyDRlFyKla0zv9Eg==
X-Received: by 2002:a05:6a00:23c3:b0:637:f1ae:d3e with SMTP id
 g3-20020a056a0023c300b00637f1ae0d3emr31106552pfc.25.1683840501806;
        Thu, 11 May 2023 14:28:21 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.20
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:21 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 1/7] go: Security fix for CVE-2023-24538
Date: Thu, 11 May 2023 11:28:05 -1000
Message-Id: 
 <c8a597b76505dab7649f4c9b18e1e14b0e3d57af.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181147

From: Shubham Kulkarni <skulkarni@mvista.com>

html/template: disallow actions in JS template literals

Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b

Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc          |   3 +
 .../go/go-1.14/CVE-2023-24538-1.patch         | 125 +++++++++++
 .../go/go-1.14/CVE-2023-24538-2.patch         | 196 +++++++++++++++++
 .../go/go-1.14/CVE-2023-24538-3.patch         | 208 ++++++++++++++++++
 4 files changed, 532 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 3b99b8fe7e..f734fe1ac8 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -58,6 +58,9 @@ SRC_URI += "\
     file://CVE-2020-29510.patch \
     file://CVE-2023-24537.patch \
     file://CVE-2023-24534.patch \
+    file://CVE-2023-24538-1.patch \
+    file://CVE-2023-24538-2.patch \
+    file://CVE-2023-24538-3.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
new file mode 100644
index 0000000000..eda26e5ff6
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
@@ -0,0 +1,125 @@
+From 8acd01094d9ee17f6e763a61e49a8a808b3a9ddb Mon Sep 17 00:00:00 2001
+From: Brad Fitzpatrick <bradfitz@golang.org>
+Date: Mon, 2 Aug 2021 14:55:51 -0700
+Subject: [PATCH 1/3] net/netip: add new IP address package
+
+Co-authored-by: Alex Willmer <alex@moreati.org.uk> (GitHub @moreati)
+Co-authored-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
+Co-authored-by: David Anderson <dave@natulte.net> (Tailscale CLA)
+Co-authored-by: David Crawshaw <crawshaw@tailscale.com> (Tailscale CLA)
+Co-authored-by: Dmytro Shynkevych <dmytro@tailscale.com> (Tailscale CLA)
+Co-authored-by: Elias Naur <mail@eliasnaur.com>
+Co-authored-by: Joe Tsai <joetsai@digital-static.net> (Tailscale CLA)
+Co-authored-by: Jonathan Yu <jawnsy@cpan.org> (GitHub @jawnsy)
+Co-authored-by: Josh Bleecher Snyder <josharian@gmail.com> (Tailscale CLA)
+Co-authored-by: Maisem Ali <maisem@tailscale.com> (Tailscale CLA)
+Co-authored-by: Manuel Mendez (Go AUTHORS mmendez534@...)
+Co-authored-by: Matt Layher <mdlayher@gmail.com>
+Co-authored-by: Noah Treuhaft <noah.treuhaft@gmail.com> (GitHub @nwt)
+Co-authored-by: Stefan Majer <stefan.majer@gmail.com>
+Co-authored-by: Terin Stock <terinjokes@gmail.com> (Cloudflare CLA)
+Co-authored-by: Tobias Klauser <tklauser@distanz.ch>
+
+Fixes #46518
+
+Change-Id: I0041f9e1115d61fa6e95fcf32b01d9faee708712
+Reviewed-on: https://go-review.googlesource.com/c/go/+/339309
+Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-by: Russ Cox <rsc@golang.org>
+Trust: Brad Fitzpatrick <bradfitz@golang.org>
+
+Dependency Patch #1
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/a59e33224e42d60a97fa720a45e1b74eb6aaa3d0]
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/internal/godebug/godebug.go      | 34 ++++++++++++++++++++++++++++++++++
+ src/internal/godebug/godebug_test.go | 34 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 68 insertions(+)
+ create mode 100644 src/internal/godebug/godebug.go
+ create mode 100644 src/internal/godebug/godebug_test.go
+
+diff --git a/src/internal/godebug/godebug.go b/src/internal/godebug/godebug.go
+new file mode 100644
+index 0000000..ac434e5
+--- /dev/null
++++ b/src/internal/godebug/godebug.go
+@@ -0,0 +1,34 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// Package godebug parses the GODEBUG environment variable.
++package godebug
++
++import "os"
++
++// Get returns the value for the provided GODEBUG key.
++func Get(key string) string {
++	return get(os.Getenv("GODEBUG"), key)
++}
++
++// get returns the value part of key=value in s (a GODEBUG value).
++func get(s, key string) string {
++	for i := 0; i < len(s)-len(key)-1; i++ {
++		if i > 0 && s[i-1] != ',' {
++			continue
++		}
++		afterKey := s[i+len(key):]
++		if afterKey[0] != '=' || s[i:i+len(key)] != key {
++			continue
++		}
++		val := afterKey[1:]
++		for i, b := range val {
++			if b == ',' {
++				return val[:i]
++			}
++		}
++		return val
++	}
++	return ""
++}
+diff --git a/src/internal/godebug/godebug_test.go b/src/internal/godebug/godebug_test.go
+new file mode 100644
+index 0000000..41b9117
+--- /dev/null
++++ b/src/internal/godebug/godebug_test.go
+@@ -0,0 +1,34 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package godebug
++
++import "testing"
++
++func TestGet(t *testing.T) {
++	tests := []struct {
++		godebug string
++		key     string
++		want    string
++	}{
++		{"", "", ""},
++		{"", "foo", ""},
++		{"foo=bar", "foo", "bar"},
++		{"foo=bar,after=x", "foo", "bar"},
++		{"before=x,foo=bar,after=x", "foo", "bar"},
++		{"before=x,foo=bar", "foo", "bar"},
++		{",,,foo=bar,,,", "foo", "bar"},
++		{"foodecoy=wrong,foo=bar", "foo", "bar"},
++		{"foo=", "foo", ""},
++		{"foo", "foo", ""},
++		{",foo", "foo", ""},
++		{"foo=bar,baz", "loooooooong", ""},
++	}
++	for _, tt := range tests {
++		got := get(tt.godebug, tt.key)
++		if got != tt.want {
++			t.Errorf("get(%q, %q) = %q; want %q", tt.godebug, tt.key, got, tt.want)
++		}
++	}
++}
+--
+2.7.4
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
new file mode 100644
index 0000000000..5036f2890b
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
@@ -0,0 +1,196 @@
+From 6fc21505614f36178df0dad7034b6b8e3f7588d5 Mon Sep 17 00:00:00 2001
+From: empijei <robclap8@gmail.com>
+Date: Fri, 27 Mar 2020 19:27:55 +0100
+Subject: [PATCH 2/3] html/template,text/template: switch to Unicode escapes
+ for JSON compatibility
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The existing implementation is not compatible with JSON
+escape as it uses hex escaping.
+Unicode escape, instead, is valid for both JSON and JS.
+This fix avoids creating a separate escaping context for
+scripts of type "application/ld+json" and it is more
+future-proof in case more JSON+JS contexts get added
+to the platform (e.g. import maps).
+
+Fixes #33671
+Fixes #37634
+
+Change-Id: Id6f6524b4abc52e81d9d744d46bbe5bf2e081543
+Reviewed-on: https://go-review.googlesource.com/c/go/+/226097
+Reviewed-by: Carl Johnson <me@carlmjohnson.net>
+Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
+Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+
+Dependency Patch #2
+
+Upstream-Status: Backport from https://github.com/golang/go/commit/d4d298040d072ddacea0e0d6b55fb148fff18070
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/html/template/js.go    | 70 +++++++++++++++++++++++++++-------------------
+ src/text/template/funcs.go |  8 +++---
+ 2 files changed, 46 insertions(+), 32 deletions(-)
+
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index 0e91458..ea9c183 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -163,7 +163,6 @@ func jsValEscaper(args ...interface{}) string {
+	}
+	// TODO: detect cycles before calling Marshal which loops infinitely on
+	// cyclic data. This may be an unacceptable DoS risk.
+-
+	b, err := json.Marshal(a)
+	if err != nil {
+		// Put a space before comment so that if it is flush against
+@@ -178,8 +177,8 @@ func jsValEscaper(args ...interface{}) string {
+	// TODO: maybe post-process output to prevent it from containing
+	// "<!--", "-->", "<![CDATA[", "]]>", or "</script"
+	// in case custom marshalers produce output containing those.
+-
+-	// TODO: Maybe abbreviate \u00ab to \xab to produce more compact output.
++	// Note: Do not use \x escaping to save bytes because it is not JSON compatible and this escaper
++	// supports ld+json content-type.
+	if len(b) == 0 {
+		// In, `x=y/{{.}}*z` a json.Marshaler that produces "" should
+		// not cause the output `x=y/*z`.
+@@ -260,6 +259,8 @@ func replace(s string, replacementTable []string) string {
+		r, w = utf8.DecodeRuneInString(s[i:])
+		var repl string
+		switch {
++		case int(r) < len(lowUnicodeReplacementTable):
++			repl = lowUnicodeReplacementTable[r]
+		case int(r) < len(replacementTable) && replacementTable[r] != "":
+			repl = replacementTable[r]
+		case r == '\u2028':
+@@ -283,67 +284,80 @@ func replace(s string, replacementTable []string) string {
+	return b.String()
+ }
+
++var lowUnicodeReplacementTable = []string{
++	0: `\u0000`, 1: `\u0001`, 2: `\u0002`, 3: `\u0003`, 4: `\u0004`, 5: `\u0005`, 6: `\u0006`,
++	'\a': `\u0007`,
++	'\b': `\u0008`,
++	'\t': `\t`,
++	'\n': `\n`,
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
++	'\f': `\f`,
++	'\r': `\r`,
++	0xe:  `\u000e`, 0xf: `\u000f`, 0x10: `\u0010`, 0x11: `\u0011`, 0x12: `\u0012`, 0x13: `\u0013`,
++	0x14: `\u0014`, 0x15: `\u0015`, 0x16: `\u0016`, 0x17: `\u0017`, 0x18: `\u0018`, 0x19: `\u0019`,
++	0x1a: `\u001a`, 0x1b: `\u001b`, 0x1c: `\u001c`, 0x1d: `\u001d`, 0x1e: `\u001e`, 0x1f: `\u001f`,
++}
++
+ var jsStrReplacementTable = []string{
+-	0:    `\0`,
++	0:    `\u0000`,
+	'\t': `\t`,
+	'\n': `\n`,
+-	'\v': `\x0b`, // "\v" == "v" on IE 6.
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
+	'\f': `\f`,
+	'\r': `\r`,
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+-	'"':  `\x22`,
+-	'&':  `\x26`,
+-	'\'': `\x27`,
+-	'+':  `\x2b`,
++	'"':  `\u0022`,
++	'&':  `\u0026`,
++	'\'': `\u0027`,
++	'+':  `\u002b`,
+	'/':  `\/`,
+-	'<':  `\x3c`,
+-	'>':  `\x3e`,
++	'<':  `\u003c`,
++	'>':  `\u003e`,
+	'\\': `\\`,
+ }
+
+ // jsStrNormReplacementTable is like jsStrReplacementTable but does not
+ // overencode existing escapes since this table has no entry for `\`.
+ var jsStrNormReplacementTable = []string{
+-	0:    `\0`,
++	0:    `\u0000`,
+	'\t': `\t`,
+	'\n': `\n`,
+-	'\v': `\x0b`, // "\v" == "v" on IE 6.
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
+	'\f': `\f`,
+	'\r': `\r`,
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+-	'"':  `\x22`,
+-	'&':  `\x26`,
+-	'\'': `\x27`,
+-	'+':  `\x2b`,
++	'"':  `\u0022`,
++	'&':  `\u0026`,
++	'\'': `\u0027`,
++	'+':  `\u002b`,
+	'/':  `\/`,
+-	'<':  `\x3c`,
+-	'>':  `\x3e`,
++	'<':  `\u003c`,
++	'>':  `\u003e`,
+ }
+-
+ var jsRegexpReplacementTable = []string{
+-	0:    `\0`,
++	0:    `\u0000`,
+	'\t': `\t`,
+	'\n': `\n`,
+-	'\v': `\x0b`, // "\v" == "v" on IE 6.
++	'\v': `\u000b`, // "\v" == "v" on IE 6.
+	'\f': `\f`,
+	'\r': `\r`,
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+-	'"':  `\x22`,
++	'"':  `\u0022`,
+	'$':  `\$`,
+-	'&':  `\x26`,
+-	'\'': `\x27`,
++	'&':  `\u0026`,
++	'\'': `\u0027`,
+	'(':  `\(`,
+	')':  `\)`,
+	'*':  `\*`,
+-	'+':  `\x2b`,
++	'+':  `\u002b`,
+	'-':  `\-`,
+	'.':  `\.`,
+	'/':  `\/`,
+-	'<':  `\x3c`,
+-	'>':  `\x3e`,
++	'<':  `\u003c`,
++	'>':  `\u003e`,
+	'?':  `\?`,
+	'[':  `\[`,
+	'\\': `\\`,
+diff --git a/src/text/template/funcs.go b/src/text/template/funcs.go
+index 46125bc..f3de9fb 100644
+--- a/src/text/template/funcs.go
++++ b/src/text/template/funcs.go
+@@ -640,10 +640,10 @@ var (
+	jsBackslash = []byte(`\\`)
+	jsApos      = []byte(`\'`)
+	jsQuot      = []byte(`\"`)
+-	jsLt        = []byte(`\x3C`)
+-	jsGt        = []byte(`\x3E`)
+-	jsAmp       = []byte(`\x26`)
+-	jsEq        = []byte(`\x3D`)
++	jsLt        = []byte(`\u003C`)
++	jsGt        = []byte(`\u003E`)
++	jsAmp       = []byte(`\u0026`)
++	jsEq        = []byte(`\u003D`)
+ )
+
+ // JSEscape writes to w the escaped JavaScript equivalent of the plain text data b.
+--
+2.7.4
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
new file mode 100644
index 0000000000..d5bb33e091
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
@@ -0,0 +1,208 @@
+From 16f4882984569f179d73967c9eee679bb9b098c5 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 20 Mar 2023 11:01:13 -0700
+Subject: [PATCH 3/3] html/template: disallow actions in JS template literals
+
+ECMAScript 6 introduced template literals[0][1] which are delimited with
+backticks. These need to be escaped in a similar fashion to the
+delimiters for other string literals. Additionally template literals can
+contain special syntax for string interpolation.
+
+There is no clear way to allow safe insertion of actions within JS
+template literals, as handling (JS) string interpolation inside of these
+literals is rather complex. As such we've chosen to simply disallow
+template actions within these template literals.
+
+A new error code is added for this parsing failure case, errJsTmplLit,
+but it is unexported as it is not backwards compatible with other minor
+release versions to introduce an API change in a minor release. We will
+export this code in the next major release.
+
+The previous behavior (with the cavet that backticks are now escaped
+properly) can be re-enabled with GODEBUG=jstmpllitinterp=1.
+
+This change subsumes CL471455.
+
+Thanks to Sohom Datta, Manipal Institute of Technology, for reporting
+this issue.
+
+Fixes CVE-2023-24538
+For #59234
+Fixes #59271
+
+[0] https://tc39.es/ecma262/multipage/ecmascript-language-expressions.html#sec-template-literals
+[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals
+
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802457
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802612
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Change-Id: Ic7f10595615f2b2740d9c85ad7ef40dc0e78c04c
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481987
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+
+Upstream-Status: Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/html/template/context.go      |  2 ++
+ src/html/template/error.go        | 13 +++++++++++++
+ src/html/template/escape.go       | 11 +++++++++++
+ src/html/template/js.go           |  2 ++
+ src/html/template/jsctx_string.go |  9 +++++++++
+ src/html/template/transition.go   |  7 ++++++-
+ 6 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/context.go b/src/html/template/context.go
+index f7d4849..0b65313 100644
+--- a/src/html/template/context.go
++++ b/src/html/template/context.go
+@@ -116,6 +116,8 @@ const (
+	stateJSDqStr
+	// stateJSSqStr occurs inside a JavaScript single quoted string.
+	stateJSSqStr
++	// stateJSBqStr occurs inside a JavaScript back quoted string.
++	stateJSBqStr
+	// stateJSRegexp occurs inside a JavaScript regexp literal.
+	stateJSRegexp
+	// stateJSBlockCmt occurs inside a JavaScript /* block comment */.
+diff --git a/src/html/template/error.go b/src/html/template/error.go
+index 0e52706..fd26b64 100644
+--- a/src/html/template/error.go
++++ b/src/html/template/error.go
+@@ -211,6 +211,19 @@ const (
+	//   pipeline occurs in an unquoted attribute value context, "html" is
+	//   disallowed. Avoid using "html" and "urlquery" entirely in new templates.
+	ErrPredefinedEscaper
++
++	// errJSTmplLit: "... appears in a JS template literal"
++	// Example:
++	//     <script>var tmpl = `{{.Interp}`</script>
++	// Discussion:
++	//   Package html/template does not support actions inside of JS template
++	//   literals.
++	//
++	// TODO(rolandshoemaker): we cannot add this as an exported error in a minor
++	// release, since it is backwards incompatible with the other minor
++	// releases. As such we need to leave it unexported, and then we'll add it
++	// in the next major release.
++	errJSTmplLit
+ )
+
+ func (e *Error) Error() string {
+diff --git a/src/html/template/escape.go b/src/html/template/escape.go
+index f12dafa..29ca5b3 100644
+--- a/src/html/template/escape.go
++++ b/src/html/template/escape.go
+@@ -8,6 +8,7 @@ import (
+	"bytes"
+	"fmt"
+	"html"
++	"internal/godebug"
+	"io"
+	"text/template"
+	"text/template/parse"
+@@ -203,6 +204,16 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context {
+		c.jsCtx = jsCtxDivOp
+	case stateJSDqStr, stateJSSqStr:
+		s = append(s, "_html_template_jsstrescaper")
++	case stateJSBqStr:
++		debugAllowActionJSTmpl := godebug.Get("jstmpllitinterp")
++		if debugAllowActionJSTmpl == "1" {
++			s = append(s, "_html_template_jsstrescaper")
++		} else {
++			return context{
++				state: stateError,
++				err:   errorf(errJSTmplLit, n, n.Line, "%s appears in a JS template literal", n),
++			}
++		}
+	case stateJSRegexp:
+		s = append(s, "_html_template_jsregexpescaper")
+	case stateCSS:
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index ea9c183..b888eaf 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -308,6 +308,7 @@ var jsStrReplacementTable = []string{
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+	'"':  `\u0022`,
++	'`':  `\u0060`,
+	'&':  `\u0026`,
+	'\'': `\u0027`,
+	'+':  `\u002b`,
+@@ -331,6 +332,7 @@ var jsStrNormReplacementTable = []string{
+	'"':  `\u0022`,
+	'&':  `\u0026`,
+	'\'': `\u0027`,
++	'`':  `\u0060`,
+	'+':  `\u002b`,
+	'/':  `\/`,
+	'<':  `\u003c`,
+diff --git a/src/html/template/jsctx_string.go b/src/html/template/jsctx_string.go
+index dd1d87e..2394893 100644
+--- a/src/html/template/jsctx_string.go
++++ b/src/html/template/jsctx_string.go
+@@ -4,6 +4,15 @@ package template
+
+ import "strconv"
+
++func _() {
++	// An "invalid array index" compiler error signifies that the constant values have changed.
++	// Re-run the stringer command to generate them again.
++	var x [1]struct{}
++	_ = x[jsCtxRegexp-0]
++	_ = x[jsCtxDivOp-1]
++	_ = x[jsCtxUnknown-2]
++}
++
+ const _jsCtx_name = "jsCtxRegexpjsCtxDivOpjsCtxUnknown"
+
+ var _jsCtx_index = [...]uint8{0, 11, 21, 33}
+diff --git a/src/html/template/transition.go b/src/html/template/transition.go
+index 06df679..92eb351 100644
+--- a/src/html/template/transition.go
++++ b/src/html/template/transition.go
+@@ -27,6 +27,7 @@ var transitionFunc = [...]func(context, []byte) (context, int){
+	stateJS:          tJS,
+	stateJSDqStr:     tJSDelimited,
+	stateJSSqStr:     tJSDelimited,
++	stateJSBqStr:     tJSDelimited,
+	stateJSRegexp:    tJSDelimited,
+	stateJSBlockCmt:  tBlockCmt,
+	stateJSLineCmt:   tLineCmt,
+@@ -262,7 +263,7 @@ func tURL(c context, s []byte) (context, int) {
+
+ // tJS is the context transition function for the JS state.
+ func tJS(c context, s []byte) (context, int) {
+-	i := bytes.IndexAny(s, `"'/`)
++	i := bytes.IndexAny(s, "\"`'/")
+	if i == -1 {
+		// Entire input is non string, comment, regexp tokens.
+		c.jsCtx = nextJSCtx(s, c.jsCtx)
+@@ -274,6 +275,8 @@ func tJS(c context, s []byte) (context, int) {
+		c.state, c.jsCtx = stateJSDqStr, jsCtxRegexp
+	case '\'':
+		c.state, c.jsCtx = stateJSSqStr, jsCtxRegexp
++	case '`':
++		c.state, c.jsCtx = stateJSBqStr, jsCtxRegexp
+	case '/':
+		switch {
+		case i+1 < len(s) && s[i+1] == '/':
+@@ -303,6 +306,8 @@ func tJSDelimited(c context, s []byte) (context, int) {
+	switch c.state {
+	case stateJSSqStr:
+		specials = `\'`
++	case stateJSBqStr:
++		specials = "`\\"
+	case stateJSRegexp:
+		specials = `\/[]`
+	}
+--
+2.7.4

From patchwork Thu May 11 21:28:06 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23843
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B408DC7EE25
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:28 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web10.8916.1683840504546694170
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:24 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=VZjZs93c;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-643b7b8f8ceso4834683b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840504;
 x=1686432504;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wyrLcPucnBHBRaMkn04Nndgq/W3fTr7WwnbzQOFNfY8=;
        b=VZjZs93cKQA9mJBeOtUvXTcUBFNyXTWGnoBRv7DzraZLk4qndxCll/E23EEM7BbtVC
         6AUPVuQT36KHAP0KE6lqzkm28gDLoESNdXkue4ncTGXzU0DPIAlW+etUJ4GW8h9OhHE4
         Npdr9nmQCugqYL2JBZDhTOdzEzgwO2X80BBeHJtfualW7IMprcGaTIb/mbtBbZvyVI6z
         c+ELtBA7GEw+5lSc7LnfQLI7zUbYbWVumedd7JhmCJkm4jhcovw94NMK8gxL3SE7FaPj
         +LnYguIjRvoJ7p7S+IbjziEbsBdYSfi77GnRs50gG7giRvrrzoawn6veeJ1abWFa/dWA
         cTuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840504; x=1686432504;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wyrLcPucnBHBRaMkn04Nndgq/W3fTr7WwnbzQOFNfY8=;
        b=jJ5P8ibWft1t1Ke/j2unNIwL9XQ/NWZnbXQuRX0xZsLl0WxhAhcTzMM3BTNlq4lXDs
         nGI3vbN30+nKjxmNllmEzgr4Mlu0bcEGqda1uH9Oz5A+9n+K/Ha5Orz85OadTSrJDaL0
         0ngak+bSnasX88eoozOxHIVnr/irHFhCADWzNP69OGl6PvQvwMWoItTSU2aThuah7Io7
         hldmxQcIkFoKpSwlD5gAQSidOhHSUgCfDEVUD8RqeAHx9T2FcF5oxIZXoR3ERrJ8l4Sv
         Tdbc1dxScYMWtOTO6mbnRdg2UZujLOOXNT/nXJvUz/cfyaKscW8/AghLGG+sLfUs9H6I
         q57A==
X-Gm-Message-State: AC+VfDxMItb/y8rat1eb+gPk4BVjLK2W35x39AI07cBJYKNd8jvlSFbf
	7o0Dc79a43jBzJDeR/Ycp3NgCrpvrkW+yAJnoHY=
X-Google-Smtp-Source: 
 ACHHUZ6+rgYxQA7+XO1WlQWce/SBU3froX/dxEPAAbCge2/sXD5FJeVp+i0OfdZ6VUysbAmrZHNb3A==
X-Received: by 2002:aa7:88c8:0:b0:64a:2dd6:4f18 with SMTP id
 k8-20020aa788c8000000b0064a2dd64f18mr2918506pff.13.1683840503624;
        Thu, 11 May 2023 14:28:23 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.22
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:23 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 2/7] freetype: fix CVE-2023-2004 integer overflowin
 in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Date: Thu, 11 May 2023 11:28:06 -1000
Message-Id: 
 <24c87e674db9c1d4a8922c3af78a0004c061e70f.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181148

From: Vivek Kumbhar <vkumbhar@mvista.com>

Fix An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../freetype/freetype/CVE-2023-2004.patch     | 40 +++++++++++++++++++
 .../freetype/freetype_2.10.1.bb               |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch

diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
new file mode 100644
index 0000000000..800d77579e
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
@@ -0,0 +1,40 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+
+Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
+CVE: CVE-2023-2004
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 78d87dc..258d701 100644
+--- a/src/truetype/ttgxvar.c
++++ b/src/truetype/ttgxvar.c
+@@ -43,6 +43,7 @@
+ #include FT_INTERNAL_DEBUG_H
+ #include FT_CONFIG_CONFIG_H
+ #include FT_INTERNAL_STREAM_H
++#include <freetype/internal/ftcalc.h>
+ #include FT_INTERNAL_SFNT_H
+ #include FT_TRUETYPE_TAGS_H
+ #include FT_TRUETYPE_IDS_H
+@@ -1065,7 +1066,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+
+-    *avalue += delta;
++    *avalue = ADD_INT( *avalue, delta );
+
+   Exit:
+     return error;
+--
+2.17.1
diff --git a/meta/recipes-graphics/freetype/freetype_2.10.1.bb b/meta/recipes-graphics/freetype/freetype_2.10.1.bb
index 72001c529a..6af744b981 100644
--- a/meta/recipes-graphics/freetype/freetype_2.10.1.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.10.1.bb
@@ -18,6 +18,7 @@ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \
            file://CVE-2022-27404.patch \
            file://CVE-2022-27405.patch \
            file://CVE-2022-27406.patch \
+           file://CVE-2023-2004.patch \
           "
 SRC_URI[md5sum] = "bd42e75127f8431923679480efb5ba8f"
 SRC_URI[sha256sum] = "16dbfa488a21fe827dc27eaf708f42f7aa3bb997d745d31a19781628c36ba26f"

From patchwork Thu May 11 21:28:07 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23842
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B53C5C7EE2A
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:28 +0000 (UTC)
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
 by mx.groups.io with SMTP id smtpd.web11.8894.1683840506803282664
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=Va7fIsd+;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-64ab2a37812so368063b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840506;
 x=1686432506;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=m8vV9MkaTeJAXAbVaUpaWzznxG5o5jGtRLIk7kLvV70=;
        b=Va7fIsd+TzEUQFoSBu1b8u+IRe7WimKxQtynE8n2EdRiDU2PVZN+1aL3+7jDWjEqPy
         06sAUebQ5DFiEzAAqA1GGQ0EX2fGn+Ot9LOW85ofwBqUNmRStI7+IY+yPlXX6BaMmWIg
         WikjNXmoIEqj2iu1D4l7VEbniUg/oOiQM1CipBQu1IyGxf2wPW+MJvQxPyelEqRfHEHc
         3asfS4LTmVMOylTyYxKKXAVAHne82AhQ5wh4Ur+QYnZR24kAi8KZQUdDbaikWg0vWa/0
         y46yOaVkUdumZzYHdZvrvafRae27dLw2OoBTB36d4mRiRV/8IqQ9ES6OgY/9Y9rSXo59
         SPBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840506; x=1686432506;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=m8vV9MkaTeJAXAbVaUpaWzznxG5o5jGtRLIk7kLvV70=;
        b=l2Mn8NDDLBHc2fbQRiHxcpBPiFiYLhYddGjYv9jZPJu0DDnI1cj5gRFL7+hWhHE+fi
         sRyRTnCiemY0ie+E9SnyA1/5XjU+HDrtbGd3vqHcBoe5D1jVHhMCnukbKEazy1lhkKnk
         E9Ry5U0+oIz3zuWOz2ccRq44InFQ8KdlCcf/lvoPG9Wz0VIOsCcSG8nxzKKwd3xW6C/i
         gKo5xvc3RT+dq/G6py3eobtMSrJUhYcvCHA80Ik6A8bjtGAJqhgOlkRGFbjr5Wu4BQaV
         +EgcNd4g0DGMzpOTmHntdWhUsOWrL2UtBMDzRfMGjUQd88gr33OKfzB7CBhrOlCUEnyg
         xnzw==
X-Gm-Message-State: AC+VfDwp51zgG/gSNs1CmMp3KjSlvyJyRpHYWg1wYcEPTZxnbtJ69vo4
	NyEgDgKtFXrdOoSEc5mqMTxaQp7EPpY1ZtY2A5A=
X-Google-Smtp-Source: 
 ACHHUZ7eF+kzFmh/oiE8sr0iF0T/szEzs4NiCO7LxDLrCRBRgeNT8DVsr9ryFzXb1ZzAVdlLsy7qsA==
X-Received: by 2002:a05:6a20:6a27:b0:101:7703:3376 with SMTP id
 p39-20020a056a206a2700b0010177033376mr11443374pzk.4.1683840505458;
        Thu, 11 May 2023 14:28:25 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:25 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 3/7] libxml2: patch CVE-2023-28484 and
 CVE-2023-29469
Date: Thu, 11 May 2023 11:28:07 -1000
Message-Id: 
 <c0cfcd3945257efd40745e0ebb84495441acb590.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181149

From: Peter Marko <peter.marko@siemens.com>

Backports from:
* https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68
* https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libxml/libxml2/CVE-2023-28484.patch       | 79 +++++++++++++++++++
 .../libxml/libxml2/CVE-2023-29469.patch       | 42 ++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |  2 +
 3 files changed, 123 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
new file mode 100644
index 0000000000..907f2c4d47
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
@@ -0,0 +1,79 @@
+From e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+
+CVE: CVE-2023-28484
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ result/schemas/issue491_0_0.err |  1 +
+ test/schemas/issue491_0.xml     |  1 +
+ test/schemas/issue491_0.xsd     | 18 ++++++++++++++++++
+ xmlschemas.c                    |  2 +-
+ 4 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 result/schemas/issue491_0_0.err
+ create mode 100644 test/schemas/issue491_0.xml
+ create mode 100644 test/schemas/issue491_0.xsd
+
+diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
+new file mode 100644
+index 00000000..9b2bb969
+--- /dev/null
++++ b/result/schemas/issue491_0_0.err
+@@ -0,0 +1 @@
++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
+diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
+new file mode 100644
+index 00000000..e2b2fc2e
+--- /dev/null
++++ b/test/schemas/issue491_0.xml
+@@ -0,0 +1 @@
++<Child xmlns="http://www.test.com">5</Child>
+diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
+new file mode 100644
+index 00000000..81702649
+--- /dev/null
++++ b/test/schemas/issue491_0.xsd
+@@ -0,0 +1,18 @@
++<?xml version='1.0' encoding='UTF-8'?>
++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified">
++  <xs:complexType name="BaseType">
++    <xs:simpleContent>
++      <xs:extension base="xs:int" />
++    </xs:simpleContent>
++  </xs:complexType>
++  <xs:complexType name="ChildType">
++    <xs:complexContent>
++      <xs:extension base="BaseType">
++        <xs:sequence>
++          <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/>
++        </xs:sequence>
++      </xs:extension>
++    </xs:complexContent>
++  </xs:complexType>
++  <xs:element name="Child" type="ChildType" />
++</xs:schema>
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 6a353858..a4eaf591 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -18632,7 +18632,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+ 			"allowed to appear inside other model groups",
+ 			NULL, NULL);
+ 
+-		} else if (! dummySequence) {
++		} else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+ 		    xmlSchemaTreeItemPtr effectiveContent =
+ 			(xmlSchemaTreeItemPtr) type->subtypes;
+ 		    /*
+-- 
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
new file mode 100644
index 0000000000..1252668577
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
@@ -0,0 +1,42 @@
+From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
+ deterministic
+
+When hashing empty strings which aren't null-terminated,
+xmlDictComputeFastKey could produce inconsistent results. This could
+lead to various logic or memory errors, including double frees.
+
+For consistency the seed is also taken into account, but this shouldn't
+have an impact on security.
+
+Found by OSS-Fuzz.
+
+Fixes #510.
+
+CVE: CVE-2023-29469
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ dict.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dict.c b/dict.c
+index 86c3f6d7..d7fd1a06 100644
+--- a/dict.c
++++ b/dict.c
+@@ -451,7 +451,8 @@ static unsigned long
+ xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+     unsigned long value = seed;
+ 
+-    if (name == NULL) return(0);
++    if ((name == NULL) || (namelen <= 0))
++        return(value);
+     value = *name;
+     value <<= 5;
+     if (namelen > 10) {
+-- 
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 40e3434ead..034192d64e 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -36,6 +36,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
            file://CVE-2016-3709.patch \
            file://CVE-2022-40303.patch \
            file://CVE-2022-40304.patch \
+           file://CVE-2023-28484.patch \
+           file://CVE-2023-29469.patch \
            "
 
 SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"

From patchwork Thu May 11 21:28:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23840
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 98194C7EE24
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:28 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web10.8920.1683840508245907245
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:28 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=2Ldpi8y7;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-6439df6c268so5791638b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840507;
 x=1686432507;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=CkiqVJHXj4fthCS72tS/6hPIhrgbiuag3vC5cUSteU0=;
        b=2Ldpi8y7PAI5eJDRRcz60tRCOKubJDCKgLxXxtTgpe2rcOpIeF6lhh75WnoDgZ7L5h
         54siRaBL5s5PsKmlgLUeDnDYQRWcdOyhBtAMw/Z4nuTH9syWJt76VpIb/HLi7PG3pGjV
         jQYXZZa9BOrJRbLlAtoBYN5hocLGUDEmqiNBcPIuoWUQxTjKo4VwoYfpcPGcvrjuItE3
         K5CPOLquGL8s3YEzz0LJy+Q7JTnf5cVU01HhDZCIG9UB9mdiQdbVxtbZ8W6Y8YZki60o
         MvlMp/6iQOXK/PfMzd8PqnUP6TNeGp3FzwfeG+3R6y9ita06DDRqXvFIgKvjAP2u1DN1
         7nGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840507; x=1686432507;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CkiqVJHXj4fthCS72tS/6hPIhrgbiuag3vC5cUSteU0=;
        b=TL1nmqKwLPkDXTs/j8noZ5r0yXdeV5ZPiwqZoCdTfCsyZ6eKN5JUgNzfqRKTDPAgN/
         lg2tPMP0Yb/rlFNJRnvWuMJazIL6R+MViPDdlChww25sOyyj+NcFWa3T2jTClVaR0tui
         0nXbsnw83FCXk+9rvEHPUEOXgteAjdVSoD/KxZN+ER03g+oa017X8CebdUHvC+GcOQP/
         c6bfR6WbjQLPd5jlXMRTPB7SrDkr+CUGuuqqS+ueTnmE6huEiKy3PrEiKqX7K53475lh
         4+feDsCk6KCnyHTOgtZ0cek032jZphIwmFALMSl7maseeK5jqjIPmyNCHGBusWJZCa3a
         vHOQ==
X-Gm-Message-State: AC+VfDwk4ANh+GQ1PyuHdCoGhDsDtZpJxXV133zndu8TgjIY7v4kneI7
	qrFsjgJVmD7wnEGfyf/LLJp96WdGUdAvIfHD1Bw=
X-Google-Smtp-Source: 
 ACHHUZ4gkQKCywXm+bmhAhIzAsnaBHjeecqEYHpR6s/ZgX4yHTYeqGuh10aGuLkrSOUbUtOcQj3H+Q==
X-Received: by 2002:a05:6a20:7d86:b0:103:e3bc:5106 with SMTP id
 v6-20020a056a207d8600b00103e3bc5106mr4612884pzj.57.1683840507214;
        Thu, 11 May 2023 14:28:27 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:26 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 4/7] connman: Fix CVE-2023-28488 DoS in client.c
Date: Thu, 11 May 2023 11:28:08 -1000
Message-Id: 
 <47a9ae5592392bd10740e4571b06c8c739705058.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181150

From: Ashish Sharma <asharma@mvista.com>

Avoid overwriting the read packet length after the initial test. Thus
move all the length checks which depends on the total length first
and do not use the total lenght from the IP packet afterwards.

Fixes CVE-2023-28488

Reported by Polina Smirnova <moe.hwr@gmail.com>

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../connman/connman/CVE-2023-28488.patch      | 54 +++++++++++++++++++
 .../connman/connman_1.37.bb                   |  1 +
 2 files changed, 55 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch b/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
new file mode 100644
index 0000000000..ea1601cc04
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
@@ -0,0 +1,54 @@
+From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Tue, 11 Apr 2023 08:12:56 +0200
+Subject: gdhcp: Verify and sanitize packet length first
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/patch/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138]
+CVE: CVE-2023-28488
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ gdhcp/client.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index 7efa7e45..82017692 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes)
+ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ 				struct sockaddr_in *dst_addr)
+ {
+-	int bytes;
+ 	struct ip_udp_dhcp_packet packet;
+ 	uint16_t check;
++	int bytes, tot_len;
+ 
+ 	memset(&packet, 0, sizeof(packet));
+ 
+@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ 	if (bytes < 0)
+ 		return -1;
+ 
+-	if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
+-		return -1;
+-
+-	if (bytes < ntohs(packet.ip.tot_len))
++	tot_len = ntohs(packet.ip.tot_len);
++	if (bytes > tot_len) {
++		/* ignore any extra garbage bytes */
++		bytes = tot_len;
++	} else if (bytes < tot_len) {
+ 		/* packet is bigger than sizeof(packet), we did partial read */
+ 		return -1;
++	}
+ 
+-	/* ignore any extra garbage bytes */
+-	bytes = ntohs(packet.ip.tot_len);
++	if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
++		return -1;
+ 
+ 	if (!sanity_check(&packet, bytes))
+ 		return -1;
+-- 
+cgit 
+
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index 73d7f7527e..8062a094d3 100644
--- a/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -14,6 +14,7 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://CVE-2022-23098.patch \
             file://CVE-2022-32292.patch \
 	     file://CVE-2022-32293.patch \
+            file://CVE-2023-28488.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"

From patchwork Thu May 11 21:28:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23847
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88EF6C7EE25
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:38 +0000 (UTC)
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web10.8924.1683840511479994730
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:31 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=qlJo7f+X;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-6439bbc93b6so6337232b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840510;
 x=1686432510;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YO9K8zdFOTS8ObwHeycJp5JxGeDlrtkAqsgA7yxWHAk=;
        b=qlJo7f+X3iOZFSCCdwkRLLVUaw0gJow4mhCS8f89R7TECavCnxHqPnYPoOPnLcGENP
         PYq5vqasXmRYwOFaZuFW8+KDtAL7YQDa37Yod5EUajNwqw9+nAPivZMCsMVKVctf5AbV
         Y3nziVIT/KoJuhPvm+JOtXP6IefTH/ZehgN8wJrqxSXV/pXLdarfX5KGKQpZPbaJr8Nt
         GUxeky+ZLOmUI2qSEx37T0t5uu+ovpb0L6WK8wgMqcjRgLWIkq76xeQfYHiClkIYBQbc
         gmAIDbsc/zSIkpZR/SpMxgD9B9MAv+sCXGHPfHpVQJ3k0RmmEULLNdqMQVlzyZKQA/cr
         gWYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840510; x=1686432510;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YO9K8zdFOTS8ObwHeycJp5JxGeDlrtkAqsgA7yxWHAk=;
        b=Bm5/69TnQ33nJ6GogxUe10sP9CJTeWA9f9k/a+FJZ3urn8aGLPu+aiHqHCNWFkUUcy
         DhWuRapfOiAAJYc18LH1VwnS0CRpyo/ETthvi0Zoe9p1OMQXGyUTLYtSuAeJWaoVhE5O
         jIaFNcVWAxGwF9Kciooo9JDQEpaZC9LYgBVypZylUlKjtKROwRRzQkLb+FoCcZ4r6qs0
         fGkEZv1ODJHTliT36jy4wNJJ6ZQDX3Fzdj4EvdghKdq3ijbmE6I4zZXPNufcq8P0O8uW
         LZvMI9uOytP+rCuF0vbTNP7BwGTvrecG/xfqELHtkB2+LsEGS0cywgcqRpZTTxY3CYNE
         Sy2A==
X-Gm-Message-State: AC+VfDzAbt3bqHRc9czMOyz24qlGATMLcmDQiC+H6RsmyUgDcVIc/ctl
	2KPNTHxGvLVIU+DZxFSj713qvewSzyasC6etIjo=
X-Google-Smtp-Source: 
 ACHHUZ6TFG+4s4IWNPvEMLka8pSBKMccYg+Ul+zth2LVfoM5rCpOfA8KirAXx3ajhACHjdwTNDU4kA==
X-Received: by 2002:a05:6a00:1503:b0:643:96e:666b with SMTP id
 q3-20020a056a00150300b00643096e666bmr30756094pfu.34.1683840509100;
        Thu, 11 May 2023 14:28:29 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:28 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 5/7] linux-yocto: Exclude 294 CVEs already fixed
 upstream
Date: Thu, 11 May 2023 11:28:09 -1000
Message-Id: 
 <ec0f3e5869c596a308a164f93cb031e04034a8ed.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181151

From: Yoann Congal <yoann.congal@smile.fr>

Exclude CVEs that are fixed in current linux-yocto version v5.4.237.

To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].

[1]: https://salsa.debian.org/kernel-team/kernel-sec/-/commit/86d5040aee9275f9555458fcaf9cb43710dff398

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/cve-exclusion.inc | 1840 +++++++++++++++++++
 meta/recipes-kernel/linux/linux-yocto.inc   |    3 +
 2 files changed, 1843 insertions(+)
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc

diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc
new file mode 100644
index 0000000000..a18e603bc9
--- /dev/null
+++ b/meta/recipes-kernel/linux/cve-exclusion.inc
@@ -0,0 +1,1840 @@
+# Kernel CVE exclusion file
+
+# https://nvd.nist.gov/vuln/detail/CVE-2014-8171
+# Patched in kernel since v3.12 4942642080ea82d99ab5b653abb9a12b7ba31f4a
+CVE_CHECK_WHITELIST += "CVE-2014-8171"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2017-1000255
+# Patched in kernel since v4.14 265e60a170d0a0ecfc2d20490134ed2c48dd45ab
+CVE_CHECK_WHITELIST += "CVE-2017-1000255"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-5873
+# Patched in kernel since v4.11 073c516ff73557a8f7315066856c04b50383ac34
+CVE_CHECK_WHITELIST += "CVE-2018-5873"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10840
+# Patched in kernel since v4.18 8a2b307c21d4b290e3cbe33f768f194286d07c23
+CVE_CHECK_WHITELIST += "CVE-2018-10840"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10876
+# Patched in kernel since v4.18 8844618d8aa7a9973e7b527d038a2a589665002c
+CVE_CHECK_WHITELIST += "CVE-2018-10876"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10882
+# Patched in kernel since v4.18 c37e9e013469521d9adb932d17a1795c139b36db
+CVE_CHECK_WHITELIST += "CVE-2018-10882"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-10902
+# Patched in kernel since v4.18 39675f7a7c7e7702f7d5341f1e0d01db746543a0
+CVE_CHECK_WHITELIST += "CVE-2018-10902"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-14625
+# Patched in kernel since v4.20 834e772c8db0c6a275d75315d90aba4ebbb1e249
+CVE_CHECK_WHITELIST += "CVE-2018-14625"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-16880
+# Patched in kernel since v5.0 b46a0bf78ad7b150ef5910da83859f7f5a514ffd
+CVE_CHECK_WHITELIST += "CVE-2018-16880"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2018-16884
+# Patched in kernel since v5.0 d4b09acf924b84bae77cad090a9d108e70b43643
+CVE_CHECK_WHITELIST += "CVE-2018-16884"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2019-3819
+# Patched in kernel since v5.0 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035
+CVE_CHECK_WHITELIST += "CVE-2019-3819"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2019-20810
+# Patched in kernel since v5.6 9453264ef58638ce8976121ac44c07a3ef375983
+# Backported in version v5.4.48 6e688a315acf9c2b9b6e8c3e3b7a0c2720f72cba
+CVE_CHECK_WHITELIST += "CVE-2019-20810"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-1749
+# Patched in kernel since v5.5 6c8991f41546c3c472503dff1ea9daaddf9331c2
+# Backported in version v5.4.5 48d58ae9e87aaa11814364ddb52b3461f9abac57
+CVE_CHECK_WHITELIST += "CVE-2020-1749"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8428
+# Patched in kernel since v5.5 d0cb50185ae942b03c4327be322055d622dc79f6
+# Backported in version v5.4.16 454759886d0b463213fad0f1c733469e2c501ab9
+CVE_CHECK_WHITELIST += "CVE-2020-8428"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8647
+# Patched in kernel since v5.6 513dc792d6060d5ef572e43852683097a8420f56
+# Backported in version v5.4.25 5d230547476eea90b57ed9fda4bfe5307779abbb
+CVE_CHECK_WHITELIST += "CVE-2020-8647"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8649
+# Patched in kernel since v5.6 513dc792d6060d5ef572e43852683097a8420f56
+# Backported in version v5.4.25 5d230547476eea90b57ed9fda4bfe5307779abbb
+CVE_CHECK_WHITELIST += "CVE-2020-8649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-8992
+# Patched in kernel since v5.6 af133ade9a40794a37104ecbcc2827c0ea373a3c
+# Backported in version v5.4.21 94f0fe04da78adc214b51523499031664f9db408
+CVE_CHECK_WHITELIST += "CVE-2020-8992"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-9383
+# Patched in kernel since v5.6 2e90ca68b0d2f5548804f22f0dd61145516171e3
+# Backported in version v5.4.23 1eb78bc92c847f9e1c01a01b2773fc2fe7b134cf
+CVE_CHECK_WHITELIST += "CVE-2020-9383"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10690
+# Patched in kernel since v5.5 a33121e5487b424339636b25c35d3a180eaa5f5e
+# Backported in version v5.4.8 bfa2e0cd3dfda64fde43c3dca3aeba298d2fe7ad
+CVE_CHECK_WHITELIST += "CVE-2020-10690"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10711
+# Patched in kernel since v5.7 eead1c2ea2509fd754c6da893a94f0e69e83ebe4
+# Backported in version v5.4.42 debcbc56fdfc2847804d3d00d43f68f3074c5987
+CVE_CHECK_WHITELIST += "CVE-2020-10711"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10732
+# Patched in kernel since v5.7 1d605416fb7175e1adf094251466caa52093b413
+# Backported in version v5.4.44 a02c130efbbce91af1e9dd99a5a381dd43494e15
+CVE_CHECK_WHITELIST += "CVE-2020-10732"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10742
+# Patched in kernel since v3.16 91f79c43d1b54d7154b118860d81b39bad07dfff
+CVE_CHECK_WHITELIST += "CVE-2020-10742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10757
+# Patched in kernel since v5.8 5bfea2d9b17f1034a68147a8b03b9789af5700f9
+# Backported in version v5.4.45 df4988aa1c9618d9c612639e96002cd4e772def2
+CVE_CHECK_WHITELIST += "CVE-2020-10757"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10766
+# Patched in kernel since v5.8 dbbe2ad02e9df26e372f38cc3e70dab9222c832e
+# Backported in version v5.4.47 9d1dcba6dd48cf7c5801d8aee12852ca41110896
+CVE_CHECK_WHITELIST += "CVE-2020-10766"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10767
+# Patched in kernel since v5.8 21998a351512eba4ed5969006f0c55882d995ada
+# Backported in version v5.4.47 6d60d5462a91eb46fb88b016508edfa8ee0bc7c8
+CVE_CHECK_WHITELIST += "CVE-2020-10767"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10768
+# Patched in kernel since v5.8 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
+# Backported in version v5.4.47 e1545848ad5510e82eb75717c1f5757b984014cb
+CVE_CHECK_WHITELIST += "CVE-2020-10768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10781
+# Patched in kernel since v5.8 853eab68afc80f59f36bbdeb715e5c88c501e680
+# Backported in version v5.4.53 72648019cd52488716891c2cbb096ad1023ab83e
+CVE_CHECK_WHITELIST += "CVE-2020-10781"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-10942
+# Patched in kernel since v5.6 42d84c8490f9f0931786f1623191fcab397c3d64
+# Backported in version v5.4.24 f09fbb1175cffdbbb36b28e2ff7db96dcc90de08
+CVE_CHECK_WHITELIST += "CVE-2020-10942"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11494
+# Patched in kernel since v5.7 b9258a2cece4ec1f020715fe3554bc2e360f6264
+# Backported in version v5.4.32 fdb6a094ba41e985d9fb14ae2bfc180e3e983720
+CVE_CHECK_WHITELIST += "CVE-2020-11494"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11565
+# Patched in kernel since v5.7 aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
+# Backported in version v5.4.31 c3f87e03f90ff2901525cc99c0e3bfb6fcbfd184
+CVE_CHECK_WHITELIST += "CVE-2020-11565"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11608
+# Patched in kernel since v5.7 998912346c0da53a6dbb71fab3a138586b596b30
+# Backported in version v5.4.29 e4af1cf37b901839320e40515d9a60a1c8b51f3a
+CVE_CHECK_WHITELIST += "CVE-2020-11608"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11609
+# Patched in kernel since v5.7 485b06aadb933190f4bc44e006076bc27a23f205
+# Backported in version v5.4.29 4490085a9e2d2cde69e865e3691223ea9e94513b
+CVE_CHECK_WHITELIST += "CVE-2020-11609"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11668
+# Patched in kernel since v5.7 a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
+# Backported in version v5.4.29 e7cd85f398cd1ffe3ce707ce7e2ec0e4a5010475
+CVE_CHECK_WHITELIST += "CVE-2020-11668"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-11884
+# Patched in kernel since v5.7 316ec154810960052d4586b634156c54d0778f74
+# Backported in version v5.4.36 44d9eb0ebe8fd04f46b18d10a18b2c543b379a0c
+CVE_CHECK_WHITELIST += "CVE-2020-11884"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12464
+# Patched in kernel since v5.7 056ad39ee9253873522f6469c3364964a322912b
+# Backported in version v5.4.36 b48193a7c303272d357b27dd7d72cbf89f7b2d35
+CVE_CHECK_WHITELIST += "CVE-2020-12464"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12465
+# Patched in kernel since v5.6 b102f0c522cf668c8382c56a4f771b37d011cda2
+# Backported in version v5.4.26 02013734629bf57070525a3515509780092a63ab
+CVE_CHECK_WHITELIST += "CVE-2020-12465"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12653
+# Patched in kernel since v5.6 b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
+# Backported in version v5.4.20 3c822e1f31186767d6b7261c3c066f01907ecfca
+CVE_CHECK_WHITELIST += "CVE-2020-12653"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12654
+# Patched in kernel since v5.6 3a9b153c5591548612c3955c9600a98150c81875
+# Backported in version v5.4.20 c5b071e3f44d1125694ad4dcf1234fb9a78d0be6
+CVE_CHECK_WHITELIST += "CVE-2020-12654"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12655
+# Patched in kernel since v5.7 d0c7feaf87678371c2c09b3709400be416b2dc62
+# Backported in version v5.4.50 ffd40b7962d463daa531a8110e5b708bcb5c6da7
+CVE_CHECK_WHITELIST += "CVE-2020-12655"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12657
+# Patched in kernel since v5.7 2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9
+# Backported in version v5.4.33 b37de1b1e882fa3741d252333e5745eea444483b
+CVE_CHECK_WHITELIST += "CVE-2020-12657"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12659
+# Patched in kernel since v5.7 99e3a236dd43d06c65af0a2ef9cb44306aef6e02
+# Backported in version v5.4.35 25c9cdef57488578da21d99eb614b97ffcf6e59f
+CVE_CHECK_WHITELIST += "CVE-2020-12659"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12768
+# Patched in kernel since v5.6 d80b64ff297e40c2b6f7d7abc1b3eba70d22a068
+# Backported in version v5.4.43 ac46cea606d59be18a6afd4560c48bcca836c44c
+CVE_CHECK_WHITELIST += "CVE-2020-12768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12770
+# Patched in kernel since v5.7 83c6f2390040f188cc25b270b4befeb5628c1aee
+# Backported in version v5.4.42 2d6d0ce4de03832c8deedeb16c7af52868d7e99e
+CVE_CHECK_WHITELIST += "CVE-2020-12770"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12771
+# Patched in kernel since v5.8 be23e837333a914df3f24bf0b32e87b0331ab8d1
+# Backported in version v5.4.49 f651e94899ed08b1766bda30f410d33fdd3970ff
+CVE_CHECK_WHITELIST += "CVE-2020-12771"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12826
+# Patched in kernel since v5.7 d1e7fd6462ca9fc76650fbe6ca800e35b24267da
+# Backported in version v5.4.33 5f2d04139aa5ed04eab54b84e8a25bab87a2449c
+CVE_CHECK_WHITELIST += "CVE-2020-12826"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-12888
+# Patched in kernel since v5.8 abafbc551fddede3e0a08dee1dcde08fc0eb8476
+# Backported in version v5.4.64 8f747b0149c5a0c72626a87eb0dd2a5ec91f1a7d
+CVE_CHECK_WHITELIST += "CVE-2020-12888"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-13143
+# Patched in kernel since v5.7 15753588bcd4bbffae1cca33c8ced5722477fe1f
+# Backported in version v5.4.42 6bb054f006c3df224cc382f1ebd81b7276dcfb1c
+CVE_CHECK_WHITELIST += "CVE-2020-13143"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14314
+# Patched in kernel since v5.9 5872331b3d91820e14716632ebb56b1399b34fe1
+# Backported in version v5.4.61 ea54176e5821936d109bb45dc2c19bd53559e735
+CVE_CHECK_WHITELIST += "CVE-2020-14314"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14331
+# Patched in kernel since v5.9 ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d
+# Backported in version v5.4.58 8c3215a0426c404f4b7b02a1e0fdb0f7f4f1e6d3
+CVE_CHECK_WHITELIST += "CVE-2020-14331"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14351
+# Patched in kernel since v5.10 f91072ed1b7283b13ca57fcfbece5a3b92726143
+# Backported in version v5.4.78 c5cf5c7b585c7f48195892e44b76237010c0747a
+CVE_CHECK_WHITELIST += "CVE-2020-14351"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14381
+# Patched in kernel since v5.6 8019ad13ef7f64be44d4f892af9c840179009254
+# Backported in version v5.4.28 553d46b07dc4813e1d8e6a3b3d6eb8603b4dda74
+CVE_CHECK_WHITELIST += "CVE-2020-14381"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14385
+# Patched in kernel since v5.9 f4020438fab05364018c91f7e02ebdd192085933
+# Backported in version v5.4.64 da7a1676d6c19971758976a84e87f5b1009409e7
+CVE_CHECK_WHITELIST += "CVE-2020-14385"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-14390
+# Patched in kernel since v5.9 50145474f6ef4a9c19205b173da6264a644c7489
+# Backported in version v5.4.66 cf5a7ded53652c3d63d7243944c6a8ec1f0ef392
+CVE_CHECK_WHITELIST += "CVE-2020-14390"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15393
+# Patched in kernel since v5.8 28ebeb8db77035e058a510ce9bd17c2b9a009dba
+# Backported in version v5.4.51 3dca0a299ff43204a69c9a7a00ce2b3e7ab3088c
+CVE_CHECK_WHITELIST += "CVE-2020-15393"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15436
+# Patched in kernel since v5.8 2d3a8e2deddea6c89961c422ec0c5b851e648c14
+# Backported in version v5.4.49 b3dc33946a742256ad9d2ccac848c9e3c2aaafef
+CVE_CHECK_WHITELIST += "CVE-2020-15436"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15437
+# Patched in kernel since v5.8 f4c23a140d80ef5e6d3d1f8f57007649014b60fa
+# Backported in version v5.4.54 af811869db0698b587aa5418eab05c9f7e0bea3c
+CVE_CHECK_WHITELIST += "CVE-2020-15437"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-15780
+# Patched in kernel since v5.8 75b0cea7bf307f362057cc778efe89af4c615354
+# Backported in version v5.4.50 824d0b6225f3fa2992704478a8df520537cfcb56
+CVE_CHECK_WHITELIST += "CVE-2020-15780"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-16119
+# Patched in kernel since v5.15 d9ea761fdd197351890418acd462c51f241014a7
+# Backported in version v5.4.148 5ab04a4ffed02f66e8e6310ba8261a43d1572343
+# Backported in version v5.10.68 6c3cb65d561e76fd0398026c023e587fec70e188
+CVE_CHECK_WHITELIST += "CVE-2020-16119"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-16166
+# Patched in kernel since v5.8 f227e3ec3b5cad859ad15666874405e8c1bbc1d4
+# Backported in version v5.4.57 c15a77bdda2c4f8acaa3e436128630a81f904ae7
+CVE_CHECK_WHITELIST += "CVE-2020-16166"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-24394
+# Patched in kernel since v5.8 22cf8419f1319ff87ec759d0ebdff4cbafaee832
+# Backported in version v5.4.51 fe05e114d0fde7f644ac9ab5edfce3fa65650875
+CVE_CHECK_WHITELIST += "CVE-2020-24394"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25211
+# Patched in kernel since v5.9 1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
+# Backported in version v5.4.70 253052b636e98083b1ecc3e9b0cf6f151e1cb8c6
+CVE_CHECK_WHITELIST += "CVE-2020-25211"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25212
+# Patched in kernel since v5.9 b4487b93545214a9db8cbf32e86411677b0cca21
+# Backported in version v5.4.60 75cf7f895f563e14c82c1aeea0362dc155b5baf3
+CVE_CHECK_WHITELIST += "CVE-2020-25212"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25284
+# Patched in kernel since v5.9 f44d04e696feaf13d192d942c4f14ad2e117065a
+# Backported in version v5.4.66 ea3d3bf85669195247ad6a522f4e4209695edca2
+CVE_CHECK_WHITELIST += "CVE-2020-25284"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25285
+# Patched in kernel since v5.9 17743798d81238ab13050e8e2833699b54e15467
+# Backported in version v5.4.64 af7786b20c717ff13d9148161dad4b8e286bfd39
+CVE_CHECK_WHITELIST += "CVE-2020-25285"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25639
+# Patched in kernel since v5.12 eaba3b28401f50e22d64351caa8afe8d29509f27
+# Backported in version v5.4.102 0faef25462f886a77e0b397cca31d51163215332
+# Backported in version v5.10.20 e3fcff9f45aa82dacad26e5828598340d2742f47
+CVE_CHECK_WHITELIST += "CVE-2020-25639"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25641
+# Patched in kernel since v5.9 7e24969022cbd61ddc586f14824fc205661bb124
+# Backported in version v5.4.64 84c041c12442d233c9b3c593cbe9eb8a77875578
+CVE_CHECK_WHITELIST += "CVE-2020-25641"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25643
+# Patched in kernel since v5.9 66d42ed8b25b64eb63111a2b8582c5afc8bf1105
+# Backported in version v5.4.68 c3de9daa662617132744731f1b4eb7b5cd1270a8
+CVE_CHECK_WHITELIST += "CVE-2020-25643"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25645
+# Patched in kernel since v5.9 34beb21594519ce64a55a498c2fe7d567bc1ca20
+# Backported in version v5.4.68 745c24fd1d79b588a951d3c5beca43575907f881
+CVE_CHECK_WHITELIST += "CVE-2020-25645"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25656
+# Patched in kernel since v5.10 82e61c3909db51d91b9d3e2071557b6435018b80
+# Backported in version v5.4.75 87d398f348b8a2d5246d3670a93fb63d4fd9f62a
+CVE_CHECK_WHITELIST += "CVE-2020-25656"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25672
+# Patched in kernel since v5.12 7574fcdbdcb335763b6b322f6928dc0fd5730451
+# Backported in version v5.4.112 404daa4d62a364623b48349eb73a18579edf51ac
+# Backported in version v5.10.30 568ac94df580b1a65837dc299e8758635e7b1423
+CVE_CHECK_WHITELIST += "CVE-2020-25672"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25704
+# Patched in kernel since v5.10 7bdb157cdebbf95a1cd94ed2e01b338714075d00
+# Backported in version v5.4.76 b7f7474b392194530d1ec07203c8668e81b7fdb9
+CVE_CHECK_WHITELIST += "CVE-2020-25704"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-25705
+# Patched in kernel since v5.10 b38e7819cae946e2edf869e604af1e65a5d241c5
+# Backported in version v5.4.73 8df0ffe2f32c09b4627cbce5cd5faf8e98a6a71e
+CVE_CHECK_WHITELIST += "CVE-2020-25705"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-26088
+# Patched in kernel since v5.9 26896f01467a28651f7a536143fe5ac8449d4041
+# Backported in version v5.4.59 0b305f259ca9b85c48f9cb3159d034b7328ed225
+CVE_CHECK_WHITELIST += "CVE-2020-26088"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-26541
+# Patched in kernel since v5.13 56c5812623f95313f6a46fbf0beee7fa17c68bbf
+# Backported in version v5.4.129 e20b90e4f81bb04e2b180824caae585928e24ba9
+# Backported in version v5.10.47 45109066f686597116467a53eaf4330450702a96
+CVE_CHECK_WHITELIST += "CVE-2020-26541"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27170
+# Patched in kernel since v5.12 f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
+# Backported in version v5.4.107 ea8fb45eaac141b13f656a7056e4823845aa3b69
+# Backported in version v5.10.25 c4d37eea1c641a9319baf34253cc373abb39d3e1
+CVE_CHECK_WHITELIST += "CVE-2020-27170"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27171
+# Patched in kernel since v5.12 10d2bb2e6b1d8c4576c56a748f697dbeb8388899
+# Backported in version v5.4.107 2da0540739e43154b500a817d9c95d36c2f6a323
+# Backported in version v5.10.25 ac1b87a18c1ffbe3d093000b762121b5aae0a3f9
+CVE_CHECK_WHITELIST += "CVE-2020-27171"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27675
+# Patched in kernel since v5.10 073d0552ead5bfc7a3a9c01de590e924f11b5dd2
+# Backported in version v5.4.75 a01379671d67d34f254cc81f42cf854aa628f3a3
+CVE_CHECK_WHITELIST += "CVE-2020-27675"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27777
+# Patched in kernel since v5.10 bd59380c5ba4147dcbaad3e582b55ccfd120b764
+# Backported in version v5.4.75 240baebeda09e1e010fff58acc9183992f41f638
+CVE_CHECK_WHITELIST += "CVE-2020-27777"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_CHECK_WHITELIST += "CVE-2020-27784"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27830
+# Patched in kernel since v5.10 f0992098cadb4c9c6a00703b66cafe604e178fea
+# Backported in version v5.4.83 b0d4fa10bfcc3051e9426b6286fb2d80bad04d74
+CVE_CHECK_WHITELIST += "CVE-2020-27830"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28097
+# Patched in kernel since v5.9 973c096f6a85e5b5f2a295126ba6928d9a6afd45
+# Backported in version v5.4.66 087b6cb17df5834d395ab72da3f937380470ba15
+CVE_CHECK_WHITELIST += "CVE-2020-28097"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28374
+# Patched in kernel since v5.11 2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
+# Backported in version v5.4.89 485e21729b1e1235e6075318225c09e76b376e81
+# Backported in version v5.10.7 6f1e88527c1869de08632efa2cc796e0131850dc
+CVE_CHECK_WHITELIST += "CVE-2020-28374"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28915
+# Patched in kernel since v5.9 5af08640795b2b9a940c9266c0260455377ae262
+# Backported in version v5.4.71 1b2fcd82c0ca23f6fa01298c0d7b59eb4efbaf48
+CVE_CHECK_WHITELIST += "CVE-2020-28915"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28941
+# Patched in kernel since v5.10 d4122754442799187d5d537a9c039a49a67e57f1
+# Backported in version v5.4.80 3b78db264675e47ad3cf9c1e809e85d02fe1de90
+CVE_CHECK_WHITELIST += "CVE-2020-28941"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-28974
+# Patched in kernel since v5.10 3c4e0dff2095c579b142d5a0693257f1c58b4804
+# Backported in version v5.4.76 642181fe3567419d84d2457b58f262c37467f525
+CVE_CHECK_WHITELIST += "CVE-2020-28974"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29368
+# Patched in kernel since v5.8 c444eb564fb16645c172d550359cb3d75fe8a040
+# Backported in version v5.4.48 a88d8aaf9b8b5e0af163a235a3baa9fdcb7d430a
+CVE_CHECK_WHITELIST += "CVE-2020-29368"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29369
+# Patched in kernel since v5.8 246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c
+# Backported in version v5.4.54 549bfc14270681cd776c6d9b78fe544cbd21673a
+CVE_CHECK_WHITELIST += "CVE-2020-29369"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29370
+# Patched in kernel since v5.6 fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8
+# Backported in version v5.4.27 ae119b7e12472517bc35c1c003d5abf26653674a
+CVE_CHECK_WHITELIST += "CVE-2020-29370"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29371
+# Patched in kernel since v5.9 bcf85fcedfdd17911982a3e3564fcfec7b01eebd
+# Backported in version v5.4.61 19a77c937a1914bdd655366e79a2a1b7d675f554
+CVE_CHECK_WHITELIST += "CVE-2020-29371"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29373
+# Patched in kernel since v5.6 ff002b30181d30cdfbca316dadd099c3ca0d739c
+# Backported in version v5.4.24 cac68d12c531aa3010509a5a55a5dfd18dedaa80
+CVE_CHECK_WHITELIST += "CVE-2020-29373"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29374
+# Patched in kernel since v5.8 17839856fd588f4ab6b789f482ed3ffd7c403e1f
+# Backported in version v5.4.47 1027dc04f557328eb7b7b7eea48698377a959157
+CVE_CHECK_WHITELIST += "CVE-2020-29374"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-29660
+# Patched in kernel since v5.10 c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
+# Backported in version v5.4.83 35ee9ac513280f46eeb1196bac82ed5320380412
+CVE_CHECK_WHITELIST += "CVE-2020-29660"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-35508
+# Patched in kernel since v5.10 b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
+# Backported in version v5.4.76 beeb658cfd3544ceca894375c36b6572e4ae7a5f
+CVE_CHECK_WHITELIST += "CVE-2020-35508"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36158
+# Patched in kernel since v5.11 5c455c5ab332773464d02ba17015acdca198f03d
+# Backported in version v5.4.88 0a49aaf4df2936bca119ee38fe5a570a7024efdc
+# Backported in version v5.10.6 94cc73b27a2599e4c88b7b2d6fd190107c58e480
+CVE_CHECK_WHITELIST += "CVE-2020-36158"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36311
+# Patched in kernel since v5.9 7be74942f184fdfba34ddd19a0d995deb34d4a03
+# Backported in version v5.4.131 abbd42939db646f7210e1473e9cb17c6bc6f184c
+CVE_CHECK_WHITELIST += "CVE-2020-36311"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36312
+# Patched in kernel since v5.9 f65886606c2d3b562716de030706dfe1bea4ed5e
+# Backported in version v5.4.66 41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d
+CVE_CHECK_WHITELIST += "CVE-2020-36312"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36322
+# Patched in kernel since v5.11 5d069dbe8aaf2a197142558b6fb2978189ba3454
+# Backported in version v5.4.88 732251cabeb3bfd917d453a42274d769d6883fc4
+# Backported in version v5.10.6 36cf9ae54b0ead0daab7701a994de3dcd9ef605d
+CVE_CHECK_WHITELIST += "CVE-2020-36322"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36386
+# Patched in kernel since v5.9 51c19bf3d5cfaa66571e4b88ba2a6f6295311101
+# Backported in version v5.4.58 c26eaaf547b785ae98fa08607b599c7df0da51bc
+CVE_CHECK_WHITELIST += "CVE-2020-36386"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36516
+# Patched in kernel since v5.17 23f57406b82de51809d5812afd96f210f8b627f3
+# Backported in version v5.4.176 1f748455a8f0e984dc91fc09e6dfe99f0e58cfbe
+# Backported in version v5.10.96 b26fed25e67bc09f28f998569ed14022e07b174b
+# Backported in version v5.15.19 dee686cbfdd13ca022f20be344a14f595a93f303
+CVE_CHECK_WHITELIST += "CVE-2020-36516"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36557
+# Patched in kernel since v5.7 ca4463bf8438b403596edd0ec961ca0d4fbe0220
+# Backported in version v5.4.30 acf0e94019310a9e1c4b6807c208f49a25f74573
+CVE_CHECK_WHITELIST += "CVE-2020-36557"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-36558
+# Patched in kernel since v5.6 6cd1ed50efd88261298577cd92a14f2768eddeeb
+# Backported in version v5.4.23 897d5aaf3397e64a56274f2176d9e1b13adcb92e
+CVE_CHECK_WHITELIST += "CVE-2020-36558"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3178
+# Patched in kernel since v5.11 51b2ee7d006a736a9126e8111d1f24e4fd0afaa6
+# Backported in version v5.4.92 4aef760c28e8bd1860a27fd78067b4ea77124987
+# Backported in version v5.10.10 fdcaa4af5e70e2d984c9620a09e9dade067f2620
+CVE_CHECK_WHITELIST += "CVE-2021-3178"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3348
+# Patched in kernel since v5.11 b98e762e3d71e893b221f871825dc64694cfb258
+# Backported in version v5.4.95 587c6b75d7fdd366ad7dc615471006ce73c03a51
+# Backported in version v5.10.13 41f6f4a3143506ea1499cda2f14a16a2f82118a8
+CVE_CHECK_WHITELIST += "CVE-2021-3348"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3483
+# Patched in kernel since v5.12 829933ef05a951c8ff140e814656d73e74915faf
+# Backported in version v5.4.110 5ecfad1efbc31ab913f16ed60f0efff301aebfca
+# Backported in version v5.10.28 c04adcc819d3bdd85a5dc2523687707b89724df7
+CVE_CHECK_WHITELIST += "CVE-2021-3483"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3506
+# Patched in kernel since v5.13 b862676e371715456c9dade7990c8004996d0d9e
+# Backported in version v5.4.118 27a130638406815eba083c632ee083f0c5e688c2
+# Backported in version v5.10.36 9aa4602237d535b83c579eb752e8fc1c3e7e7055
+CVE_CHECK_WHITELIST += "CVE-2021-3506"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3564
+# Patched in kernel since v5.13 6a137caec23aeb9e036cdfd8a46dd8a366460e5d
+# Backported in version v5.4.125 8d3d0ac73a4a1d31e3d4f7c068312aba78470166
+# Backported in version v5.10.43 3795007c8dfc8bca176529bfeceb17c6f4ef7e44
+CVE_CHECK_WHITELIST += "CVE-2021-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3573
+# Patched in kernel since v5.13 e305509e678b3a4af2b3cfd410f409f7cdaabb52
+# Backported in version v5.4.125 b6f97555c71f78288682bc967121572f10715c89
+# Backported in version v5.10.43 74caf718cc7422a957aac381c73d798c0a999a65
+CVE_CHECK_WHITELIST += "CVE-2021-3573"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3609
+# Patched in kernel since v5.14 d5f9023fa61ee8b94f37a93f08e94b136cf1e463
+# Backported in version v5.4.132 70a9116b9e5ccd5332d3a60b359fb5902d268fd0
+# Backported in version v5.10.50 b52e0cf0bfc1ede495de36aec86f6013efa18f60
+CVE_CHECK_WHITELIST += "CVE-2021-3609"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3612
+# Patched in kernel since v5.14 f8f84af5da9ee04ef1d271528656dac42a090d00
+# Backported in version v5.4.132 0f382fa359ca1cb717ce27407538eb579b29a99f
+# Backported in version v5.10.50 b4c35e9e8061b2386da1aa0d708e991204e76c45
+CVE_CHECK_WHITELIST += "CVE-2021-3612"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3635
+# Patched in kernel since v5.5 335178d5429c4cee61b58f4ac80688f556630818
+# Backported in version v5.4.14 8f4dc50b5c12e159ac846fdc00702c547fdf2e95
+CVE_CHECK_WHITELIST += "CVE-2021-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3640
+# Patched in kernel since v5.16 99c23da0eed4fd20cae8243f2b51e10e66aa0951
+# Backported in version v5.4.160 d416020f1a9cc5f903ae66649b2c56d9ad5256ab
+# Backported in version v5.10.80 4dfba42604f08a505f1a1efc69ec5207ea6243de
+# Backported in version v5.15.3 b990c219c4c9d4993ef65ea9db73d9497e70f697
+CVE_CHECK_WHITELIST += "CVE-2021-3640"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3653
+# Patched in kernel since v5.14 0f923e07124df069ba68d8bb12324398f4b6b709
+# Backported in version v5.4.142 7c1c96ffb658fbfe66c5ebed6bcb5909837bc267
+# Backported in version v5.10.60 c0883f693187c646c0972d73e525523f9486c2e3
+CVE_CHECK_WHITELIST += "CVE-2021-3653"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3679
+# Patched in kernel since v5.14 67f0d6d9883c13174669f88adac4f0ee656cc16a
+# Backported in version v5.4.136 f899f24d34d964593b16122a774c192a78e2ca56
+# Backported in version v5.10.54 757bdba8026be19b4f447487695cd0349a648d9e
+CVE_CHECK_WHITELIST += "CVE-2021-3679"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3732
+# Patched in kernel since v5.14 427215d85e8d1476da1a86b8d67aceb485eb3631
+# Backported in version v5.4.141 812f39ed5b0b7f34868736de3055c92c7c4cf459
+# Backported in version v5.10.59 6a002d48a66076524f67098132538bef17e8445e
+CVE_CHECK_WHITELIST += "CVE-2021-3732"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3739
+# Patched in kernel since v5.15 e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
+# Backported in version v5.4.144 d7f7eca72ecc08f0bb6897fda2290293fca63068
+# Backported in version v5.10.62 c43add24dffdbac269d5610465ced70cfc1bad9e
+CVE_CHECK_WHITELIST += "CVE-2021-3739"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3744
+# Patched in kernel since v5.15 505d9dcb0f7ddf9d075e729523a33d38642ae680
+# Backported in version v5.4.151 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae
+# Backported in version v5.10.71 17ccc64e4fa5d3673528474bfeda814d95dc600a
+CVE_CHECK_WHITELIST += "CVE-2021-3744"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3752
+# Patched in kernel since v5.16 1bff51ea59a9afb67d2dd78518ab0582a54a472c
+# Backported in version v5.4.160 67bd269a84ce29dfc543c1683a2553b4169f9a55
+# Backported in version v5.10.80 c10465f6d6208db2e45a6dac1db312b9589b2583
+# Backported in version v5.15.3 7e22e4db95b04f09adcce18c75d27cbca8f53b99
+CVE_CHECK_WHITELIST += "CVE-2021-3752"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3753
+# Patched in kernel since v5.15 2287a51ba822384834dafc1c798453375d1107c7
+# Backported in version v5.4.144 f4418015201bdca0cd4e28b363d88096206e4ad0
+# Backported in version v5.10.62 60d69cb4e60de0067e5d8aecacd86dfe92a5384a
+CVE_CHECK_WHITELIST += "CVE-2021-3753"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_WHITELIST += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3764
+# Patched in kernel since v5.15 505d9dcb0f7ddf9d075e729523a33d38642ae680
+# Backported in version v5.4.151 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae
+# Backported in version v5.10.71 17ccc64e4fa5d3673528474bfeda814d95dc600a
+CVE_CHECK_WHITELIST += "CVE-2021-3764"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3923
+# Patched in kernel since v5.16 b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd
+# Backported in version v5.4.171 5eb5d9c6591d7e58f32088ef848503a4a947fc46
+# Backported in version v5.10.91 beeb0fdedae802a7fb606e955a81a56a2e3bbac1
+# Backported in version v5.15.14 e1e354771812b12f0b4c433bbaf916f87cd0f6c7
+CVE_CHECK_WHITELIST += "CVE-2021-3923"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4002
+# Patched in kernel since v5.16 a4a118f2eead1d6c49e00765de89878288d4b890
+# Backported in version v5.4.162 201340ca4eb748c52062c5e938826ddfbe313088
+# Backported in version v5.10.82 40bc831ab5f630431010d1ff867390b07418a7ee
+# Backported in version v5.15.5 556d59293a2a94863797a7a50890992aa5e8db16
+CVE_CHECK_WHITELIST += "CVE-2021-4002"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4083
+# Patched in kernel since v5.16 054aa8d439b9185d4f5eb9a90282d1ce74772969
+# Backported in version v5.4.164 03d4462ba3bc8f830d9807e3c3fde54fad06e2e2
+# Backported in version v5.10.84 4baba6ba56eb91a735a027f783cc4b9276b48d5b
+# Backported in version v5.15.7 6fe4eadd54da3040cf6f6579ae157ae1395dc0f8
+CVE_CHECK_WHITELIST += "CVE-2021-4083"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4135
+# Patched in kernel since v5.16 481221775d53d6215a6e5e9ce1cce6d2b4ab9a46
+# Backported in version v5.4.168 699e794c12a3cd79045ff135bc87a53b97024e43
+# Backported in version v5.10.88 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8
+# Backported in version v5.15.11 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0
+CVE_CHECK_WHITELIST += "CVE-2021-4135"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4149
+# Patched in kernel since v5.15 19ea40dddf1833db868533958ca066f368862211
+# Backported in version v5.4.155 005a07c9acd6cf8a40555884f0650dfd4ec23fbe
+# Backported in version v5.10.75 206868a5b6c14adc4098dd3210a2f7510d97a670
+CVE_CHECK_WHITELIST += "CVE-2021-4149"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4155
+# Patched in kernel since v5.16 983d8e60f50806f90534cc5373d0ce867e5aaf79
+# Backported in version v5.4.171 102af6edfd3a372db6e229177762a91f552e5f5e
+# Backported in version v5.10.91 16d8568378f9ee2d1e69216d39961aa72710209f
+# Backported in version v5.15.14 b0e72ba9e520b95346e68800afff0db65e766ca8
+CVE_CHECK_WHITELIST += "CVE-2021-4155"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4159
+# Patched in kernel since v5.7 294f2fc6da27620a506e6c050241655459ccd6bd
+# Backported in version v5.4.210 7c1134c7da997523e2834dd516e2ddc51920699a
+CVE_CHECK_WHITELIST += "CVE-2021-4159"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4203
+# Patched in kernel since v5.15 35306eb23814444bd4021f8a1c3047d3cb0c8b2b
+# Backported in version v5.4.151 0fcfaa8ed9d1dcbe377b202a1b3cdfd4e566114c
+# Backported in version v5.10.71 3db53827a0e9130d9e2cbe3c3b5bca601caa4c74
+CVE_CHECK_WHITELIST += "CVE-2021-4203"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-20265
+# Patched in kernel since v4.5 fa0dc04df259ba2df3ce1920e9690c7842f8fa4b
+CVE_CHECK_WHITELIST += "CVE-2021-20265"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-20292
+# Patched in kernel since v5.9 5de5b6ecf97a021f29403aa272cb4e03318ef586
+# Backported in version v5.4.59 c6d2ddf1a30d524106265ad2c48b907cd7a083d4
+CVE_CHECK_WHITELIST += "CVE-2021-20292"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-20321
+# Patched in kernel since v5.15 a295aef603e109a47af355477326bd41151765b6
+# Backported in version v5.4.153 fab338f33c25c4816ca0b2d83a04a0097c2c4aaf
+# Backported in version v5.10.73 9763ffd4da217adfcbdcd519e9f434dfa3952fc3
+CVE_CHECK_WHITELIST += "CVE-2021-20321"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-23133
+# Patched in kernel since v5.13 34e5b01186858b36c4d7c87e1a025071e8e2401f
+# Backported in version v5.4.119 3fe9ee040fb7332e2b4cc04c85561eced0a7f227
+# Backported in version v5.10.37 42f1b8653f85924743ea5b57b051a4e1f05b5e43
+CVE_CHECK_WHITELIST += "CVE-2021-23133"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-23134
+# Patched in kernel since v5.13 c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
+# Backported in version v5.4.119 e32352070bcac22be6ed8ab635debc280bb65b8c
+# Backported in version v5.10.37 6b7021ed36dabf29e56842e3408781cd3b82ef6e
+CVE_CHECK_WHITELIST += "CVE-2021-23134"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-27363
+# Patched in kernel since v5.12 688e8128b7a92df982709a4137ea4588d16f24aa
+# Backported in version v5.4.103 ca3afdd0377379f5031f376aec4b0c1b0285b556
+# Backported in version v5.10.21 c71edc5d2480774ec2fec62bb84064aed6d582bd
+CVE_CHECK_WHITELIST += "CVE-2021-27363"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-27364
+# Patched in kernel since v5.12 688e8128b7a92df982709a4137ea4588d16f24aa
+# Backported in version v5.4.103 ca3afdd0377379f5031f376aec4b0c1b0285b556
+# Backported in version v5.10.21 c71edc5d2480774ec2fec62bb84064aed6d582bd
+CVE_CHECK_WHITELIST += "CVE-2021-27364"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28714
+# Patched in kernel since v5.16 6032046ec4b70176d247a71836186d47b25d1684
+# Backported in version v5.4.168 8bfcd0385211044627f93d170991da1ae5937245
+# Backported in version v5.10.88 525875c410df5d876b9615c44885ca7640aed6f2
+# Backported in version v5.15.11 88449dbe6203c3a91cf1c39ea3032ad61a297bd7
+CVE_CHECK_WHITELIST += "CVE-2021-28714"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28715
+# Patched in kernel since v5.16 be81992f9086b230623ae3ebbc85ecee4d00a3d3
+# Backported in version v5.4.168 0d99b3c6bd39a0a023e972d8f912fd47698bbbb8
+# Backported in version v5.10.88 88f20cccbeec9a5e83621df5cc2453b5081454dc
+# Backported in version v5.15.11 bd926d189210cd1d5b4e618e45898053be6b4b3b
+CVE_CHECK_WHITELIST += "CVE-2021-28715"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28950
+# Patched in kernel since v5.12 775c5033a0d164622d9d10dd0f0a5531639ed3ed
+# Backported in version v5.4.107 187ae04636531065cdb4d0f15deac1fe0e812104
+# Backported in version v5.10.25 d955f13ea2120269319d6133d0dd82b66d1eeca3
+CVE_CHECK_WHITELIST += "CVE-2021-28950"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28964
+# Patched in kernel since v5.12 dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
+# Backported in version v5.4.108 5b3b99525c4f18e543f6ef17ef97c29f5694e8b4
+# Backported in version v5.10.26 38ffe9eaeb7cce383525439f0948f9eb74632e1d
+CVE_CHECK_WHITELIST += "CVE-2021-28964"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28971
+# Patched in kernel since v5.12 d88d05a9e0b6d9356e97129d4ff9942d765f46ea
+# Backported in version v5.4.108 da326ba3b84aae8ac0513aa4725a49843f2f871e
+# Backported in version v5.10.26 514ea597be8e4b6a787bc34da111c44944fbf5a5
+CVE_CHECK_WHITELIST += "CVE-2021-28971"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-28972
+# Patched in kernel since v5.12 cc7a0bb058b85ea03db87169c60c7cfdd5d34678
+# Backported in version v5.4.108 51a2b19b554c8c75ee2d253b87240309cd81f1fc
+# Backported in version v5.10.26 be1f58e58f7644ab33f1413685c84173766408d3
+CVE_CHECK_WHITELIST += "CVE-2021-28972"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29265
+# Patched in kernel since v5.12 9380afd6df70e24eacbdbde33afc6a3950965d22
+# Backported in version v5.4.106 8698133003cfb67e0f04dd044c954198e421b152
+# Backported in version v5.10.24 ab5c3186686aa87c741381d10a948817f1deb9b2
+CVE_CHECK_WHITELIST += "CVE-2021-29265"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29647
+# Patched in kernel since v5.12 50535249f624d0072cd885bcdce4e4b6fb770160
+# Backported in version v5.4.109 ae23957bd1fb3184a9935bd99c5ad2351a59d7c8
+# Backported in version v5.10.27 fce6fb90218935f7319265459484b3762c80d0a8
+CVE_CHECK_WHITELIST += "CVE-2021-29647"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-29650
+# Patched in kernel since v5.12 175e476b8cdf2a4de7432583b49c871345e4f8a1
+# Backported in version v5.4.109 19a5fb4ceada903e692de96b8aa8494179abbf0b
+# Backported in version v5.10.27 3fdebc2d8e7965f946a3d716ffdd482e66c1f46c
+CVE_CHECK_WHITELIST += "CVE-2021-29650"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-30002
+# Patched in kernel since v5.12 fb18802a338b36f675a388fc03d2aa504a0d0899
+# Backported in version v5.4.103 027ddd67f68583a178a9bd65220611e9f978f014
+# Backported in version v5.10.21 5400770e31e8b80efc25b4c1d619361255174d11
+CVE_CHECK_WHITELIST += "CVE-2021-30002"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-31916
+# Patched in kernel since v5.12 4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
+# Backported in version v5.4.109 e6587d142d0214eb466f9978e25f0575c19b1ea0
+# Backported in version v5.10.27 921aae17bb0f02181fa05cf5580ebc855fdbd74d
+CVE_CHECK_WHITELIST += "CVE-2021-31916"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-32399
+# Patched in kernel since v5.13 e2cb6b891ad2b8caa9131e3be70f45243df82a80
+# Backported in version v5.4.119 eeec325c9944b4427f482018d00b737220c31fd9
+# Backported in version v5.10.37 2d84ef4e6569a818f912d93d5345c21542807ac7
+CVE_CHECK_WHITELIST += "CVE-2021-32399"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-33656
+# Patched in kernel since v5.12 ff2047fb755d4415ec3c70ac799889371151796d
+# Backported in version v5.4.202 c87e851b23e5cb2ba90a3049ef38340ed7d5746f
+# Backported in version v5.10.127 3acb7dc242ca25eb258493b513ef2f4b0f2a9ad1
+CVE_CHECK_WHITELIST += "CVE-2021-33656"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-34693
+# Patched in kernel since v5.13 5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
+# Backported in version v5.4.128 c297559a2a2a6b6f0de61ed333a978a118b0e660
+# Backported in version v5.10.46 acb755be1f7adb204dcedc4d3b204ef098628623
+CVE_CHECK_WHITELIST += "CVE-2021-34693"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-35039
+# Patched in kernel since v5.13 0c18f29aae7ce3dadd26d8ee3505d07cc982df75
+# Backported in version v5.4.129 e2dc07ca4e0148d75963e14d2b78afc12426a487
+# Backported in version v5.10.47 3051f230f19feb02dfe5b36794f8c883b576e184
+CVE_CHECK_WHITELIST += "CVE-2021-35039"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-37159
+# Patched in kernel since v5.14 a6ecfb39ba9d7316057cea823b196b734f6b18ca
+# Backported in version v5.4.151 fe57d53dd91d7823f1ceef5ea8e9458a4aeb47fa
+# Backported in version v5.10.54 115e4f5b64ae8d9dd933167cafe2070aaac45849
+CVE_CHECK_WHITELIST += "CVE-2021-37159"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38160
+# Patched in kernel since v5.14 d00d8da5869a2608e97cfede094dfc5e11462a46
+# Backported in version v5.4.134 52bd1bce8624acb861fa96b7c8fc2e75422dc8f7
+# Backported in version v5.10.52 f6ec306b93dc600a0ab3bb2693568ef1cc5f7f7a
+CVE_CHECK_WHITELIST += "CVE-2021-38160"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38198
+# Patched in kernel since v5.13 b1bd5cba3306691c771d558e94baa73e8b0b96b7
+# Backported in version v5.4.141 d28adaabbbf4a6949d0f6f71daca6744979174e2
+# Backported in version v5.10.44 6b6ff4d1f349cb35a7c7d2057819af1b14f80437
+CVE_CHECK_WHITELIST += "CVE-2021-38198"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38199
+# Patched in kernel since v5.14 dd99e9f98fbf423ff6d365b37a98e8879170f17c
+# Backported in version v5.4.134 81e03fe5bf8f5f66b8a62429fb4832b11ec6b272
+# Backported in version v5.10.52 ff4023d0194263a0827c954f623c314978cf7ddd
+CVE_CHECK_WHITELIST += "CVE-2021-38199"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38204
+# Patched in kernel since v5.14 b5fdf5c6e6bee35837e160c00ac89327bdad031b
+# Backported in version v5.4.136 863d071dbcd54dacf47192a1365faec46b7a68ca
+# Backported in version v5.10.54 7af54a4e221e5619a87714567e2258445dc35435
+CVE_CHECK_WHITELIST += "CVE-2021-38204"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38205
+# Patched in kernel since v5.14 d0d62baa7f505bd4c59cd169692ff07ec49dde37
+# Backported in version v5.4.141 38b8485b72cbe4521fd2e0b8770e3d78f9b89e60
+# Backported in version v5.10.59 25cff25ec60690247db8138cd1af8b867df2c489
+CVE_CHECK_WHITELIST += "CVE-2021-38205"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38207
+# Patched in kernel since v5.13 c364df2489b8ef2f5e3159b1dff1ff1fdb16040d
+# Backported in version v5.4.128 b6c0ab11c88fb016bfc85fa4f6f878f5f4263646
+# Backported in version v5.10.46 cfe403f209b11fad123a882100f0822a52a7630f
+CVE_CHECK_WHITELIST += "CVE-2021-38207"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38208
+# Patched in kernel since v5.13 4ac06a1e013cf5fdd963317ffd3b968560f33bba
+# Backported in version v5.4.125 5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70
+# Backported in version v5.10.43 48ee0db61c8299022ec88c79ad137f290196cac2
+CVE_CHECK_WHITELIST += "CVE-2021-38208"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-38209
+# Patched in kernel since v5.13 2671fa4dc0109d3fb581bc3078fdf17b5d9080f6
+# Backported in version v5.4.120 baea536cf51f8180ab993e374cb134b5edad25e2
+# Backported in version v5.10.35 d3598eb3915cc0c0d8cab42f4a6258ff44c4033e
+CVE_CHECK_WHITELIST += "CVE-2021-38209"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-40490
+# Patched in kernel since v5.15 a54c4613dac1500b40e4ab55199f7c51f028e848
+# Backported in version v5.4.145 9b3849ba667af99ee99a7853a021a7786851b9fd
+# Backported in version v5.10.63 09a379549620f122de3aa4e65df9329976e4cdf5
+CVE_CHECK_WHITELIST += "CVE-2021-40490"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-41864
+# Patched in kernel since v5.15 30e29a9a2bc6a4888335a6ede968b75cd329657a
+# Backported in version v5.4.153 b14f28126c51533bb329379f65de5b0dd689b13a
+# Backported in version v5.10.73 064faa8e8a9b50f5010c5aa5740e06d477677a89
+CVE_CHECK_WHITELIST += "CVE-2021-41864"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-42008
+# Patched in kernel since v5.14 19d1532a187669ce86d5a2696eb7275310070793
+# Backported in version v5.4.143 a73b9aa142691c2ae313980a8734997a78f74b22
+# Backported in version v5.10.61 85e0518f181a0ff060f5543d2655fb841a83d653
+CVE_CHECK_WHITELIST += "CVE-2021-42008"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-42252
+# Patched in kernel since v5.15 b49a0e69a7b1a68c8d3f64097d06dabb770fec96
+# Backported in version v5.4.148 2712f29c44f18db826c7e093915a727b6f3a20e4
+# Backported in version v5.10.67 3fdf2feb6cbe76c6867224ed8527b356e805352c
+CVE_CHECK_WHITELIST += "CVE-2021-42252"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-42739
+# Patched in kernel since v5.16 35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
+# Backported in version v5.4.158 2461f38384d50dd966e1db44fe165b1896f5df5a
+# Backported in version v5.10.78 d7fc85f6104259541ec136199d3bf7c8a736613d
+# Backported in version v5.15.1 cb667140875a3b1db92e4c50b4617a7cbf84659b
+CVE_CHECK_WHITELIST += "CVE-2021-42739"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-43389
+# Patched in kernel since v5.15 1f3e2e97c003f80c4b087092b225c8787ff91e4d
+# Backported in version v5.4.156 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54
+# Backported in version v5.10.76 7f221ccbee4ec662e2292d490a43ce6c314c4594
+CVE_CHECK_WHITELIST += "CVE-2021-43389"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-43975
+# Patched in kernel since v5.16 b922f622592af76b57cbc566eaeccda0b31a3496
+# Backported in version v5.4.164 89d15a2e40d7edaaa16da2763b349dd7b056cc09
+# Backported in version v5.10.84 2c514d25003ac89bb7716bb4402918ccb141f8f5
+# Backported in version v5.15.7 cec49b6dfdb0b9fefd0f17c32014223f73ee2605
+CVE_CHECK_WHITELIST += "CVE-2021-43975"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-43976
+# Patched in kernel since v5.17 04d80663f67ccef893061b49ec8a42ff7045ae84
+# Backported in version v5.4.174 ae56c5524a750fd8cf32565cb3902ce5baaeb4e6
+# Backported in version v5.10.94 6036500fdf77caaca9333003f78d25a3d61c4e40
+# Backported in version v5.15.17 b2762757f4e484f8a164546f93aca82568d87649
+CVE_CHECK_WHITELIST += "CVE-2021-43976"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-44733
+# Patched in kernel since v5.16 dfd0743f1d9ea76931510ed150334d571fbab49d
+# Backported in version v5.4.170 940e68e57ab69248fabba5889e615305789db8a7
+# Backported in version v5.10.89 c05d8f66ec3470e5212c4d08c46d6cb5738d600d
+# Backported in version v5.15.12 492eb7afe858d60408b2da09adc78540c4d16543
+CVE_CHECK_WHITELIST += "CVE-2021-44733"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45095
+# Patched in kernel since v5.16 bcd0f93353326954817a4f9fa55ec57fb38acbb0
+# Backported in version v5.4.171 2a6a811a45fde5acb805ead4d1e942be3875b302
+# Backported in version v5.10.91 4f260ea5537db35d2eeec9bca78a74713078a544
+# Backported in version v5.15.14 9ca97a693aa8b86e8424f0047198ea3ab997d50f
+CVE_CHECK_WHITELIST += "CVE-2021-45095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45480
+# Patched in kernel since v5.16 5f9562ebe710c307adc5f666bf1a2162ee7977c0
+# Backported in version v5.4.168 166f0adf7e7525c87595ceadb21a91e2a9519a1e
+# Backported in version v5.10.88 74dc97dfb276542f12746d706abef63364d816bb
+# Backported in version v5.15.11 68014890e4382ff9192e1357be39b7d0455665fa
+CVE_CHECK_WHITELIST += "CVE-2021-45480"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45485
+# Patched in kernel since v5.14 62f20e068ccc50d6ab66fdb72ba90da2b9418c99
+# Backported in version v5.4.133 ccde03a6a0fbdc3c0ba81930e629b8b14974cce4
+# Backported in version v5.10.51 8f939b79579715b195dc3ad36669707fce6853ee
+CVE_CHECK_WHITELIST += "CVE-2021-45485"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45486
+# Patched in kernel since v5.13 aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
+# Backported in version v5.4.119 fee81285bd09ec2080ce2cbb5063aad0e58eb272
+# Backported in version v5.10.37 a273c27d7255fc527023edeb528386d1b64bedf5
+CVE_CHECK_WHITELIST += "CVE-2021-45486"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-45868
+# Patched in kernel since v5.16 9bf3d20331295b1ecb81f4ed9ef358c51699a050
+# Backported in version v5.4.160 10b808307d37d09b132fc086002bc1aa9910d315
+# Backported in version v5.10.80 ceeb0a8a8716a1c72af3fa4d4f98c3aced32b037
+# Backported in version v5.15.3 332db0909293f3f4d853ee2ea695272c75082d87
+CVE_CHECK_WHITELIST += "CVE-2021-45868"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0322
+# Patched in kernel since v5.15 a2d859e3fc97e79d907761550dbc03ff1b36479c
+# Backported in version v5.4.155 d88774539539dcbf825a25e61234f110513f5963
+# Backported in version v5.10.75 d84a69ac410f6228873d05d35120f6bdddab7fc3
+CVE_CHECK_WHITELIST += "CVE-2022-0322"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0330
+# Patched in kernel since v5.17 7938d61591d33394a21bdd7797a245b65428f44c
+# Backported in version v5.4.175 1b5553c79d52f17e735cd924ff2178a2409e6d0b
+# Backported in version v5.10.95 6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88
+# Backported in version v5.15.18 8a17a077e7e9ecce25c95dbdb27843d2d6c2f0f7
+CVE_CHECK_WHITELIST += "CVE-2022-0330"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0487
+# Patched in kernel since v5.17 bd2db32e7c3e35bd4d9b8bbff689434a50893546
+# Backported in version v5.4.179 3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
+# Backported in version v5.10.100 be93028d306dac9f5b59ebebd9ec7abcfc69c156
+# Backported in version v5.15.23 af0e6c49438b1596e4be8a267d218a0c88a42323
+CVE_CHECK_WHITELIST += "CVE-2022-0487"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0492
+# Patched in kernel since v5.17 24f6008564183aa120d07c03d9289519c2fe02af
+# Backported in version v5.4.177 0e8283cbe4996ae046cd680b3ed598a8f2b0d5d8
+# Backported in version v5.10.97 1fc3444cda9a78c65b769e3fa93455e09ff7a0d3
+# Backported in version v5.15.20 4b1c32bfaa02255a5df602b41587174004996477
+CVE_CHECK_WHITELIST += "CVE-2022-0492"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0494
+# Patched in kernel since v5.17 cc8f7fe1f5eab010191aa4570f27641876fa1267
+# Backported in version v5.4.193 c7337efd1d11acb6f84c68ffee57d3f312e87b24
+# Backported in version v5.10.115 a439819f4797f0846c7cffa9475f44aef23c541f
+# Backported in version v5.15.27 a1ba98731518b811ff90009505c1aebf6e400bc2
+CVE_CHECK_WHITELIST += "CVE-2022-0494"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0812
+# Patched in kernel since v5.8 912288442cb2f431bf3c8cb097a5de83bc6dbac1
+# Backported in version v5.4.53 c8a4452da9f4b09c28d904f70247b097d4c14932
+CVE_CHECK_WHITELIST += "CVE-2022-0812"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0850
+# Patched in kernel since v5.14 ce3aba43599f0b50adbebff133df8d08a3d5fffe
+# Backported in version v5.4.132 ed628b2531196cc76d7c9b730abe4020cad26b0b
+# Backported in version v5.10.50 ea5466f1a77720217a25a859b5a58b618aaba544
+CVE_CHECK_WHITELIST += "CVE-2022-0850"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0854
+# Patched in kernel since v5.18 901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544
+# Backported in version v5.4.196 b2f140a9f980806f572d672e1780acea66b9a25c
+# Backported in version v5.10.118 f3f2247ac31cb71d1f05f56536df5946c6652f4a
+# Backported in version v5.15.33 7007c894631cf43041dcfa0da7142bbaa7eb673c
+CVE_CHECK_WHITELIST += "CVE-2022-0854"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1011
+# Patched in kernel since v5.17 0c4bcfdecb1ac0967619ee7ff44871d93c08c909
+# Backported in version v5.4.185 a9174077febfb1608ec3361622bf5f91e2668d7f
+# Backported in version v5.10.106 ab5595b45f732212b3b1974041b43a257153edb7
+# Backported in version v5.15.29 ca62747b38f59d4e75967ebf63c992de8852ca1b
+CVE_CHECK_WHITELIST += "CVE-2022-1011"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1016
+# Patched in kernel since v5.18 4c905f6740a365464e91467aa50916555b28213d
+# Backported in version v5.4.188 06f0ff82c70241a766a811ae1acf07d6e2734dcb
+# Backported in version v5.10.109 2c74374c2e88c7b7992bf808d9f9391f7452f9d9
+# Backported in version v5.15.32 fafb904156fbb8f1dd34970cd5223e00b47c33be
+CVE_CHECK_WHITELIST += "CVE-2022-1016"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1055
+# Patched in kernel since v5.17 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
+# Backported in version v5.4.177 b1d17e920dfcd4b56fa2edced5710c191f7e50b5
+# Backported in version v5.10.97 e7be56926397cf9d992be8913f74a76152f8f08d
+# Backported in version v5.15.20 f36cacd6c933183c1a8827d5987cf2cfc0a44c76
+CVE_CHECK_WHITELIST += "CVE-2022-1055"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1195
+# Patched in kernel since v5.16 b2f37aead1b82a770c48b5d583f35ec22aabb61e
+# Backported in version v5.4.169 a5c6a13e9056d87805ba3042c208fbd4164ad22b
+# Backported in version v5.10.89 7dd52af1eb5798f590d9d9e1c56ed8f5744ee0ca
+# Backported in version v5.15.12 03d00f7f1815ec00dab5035851b3de83afd054a8
+CVE_CHECK_WHITELIST += "CVE-2022-1195"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1198
+# Patched in kernel since v5.17 efe4186e6a1b54bf38b9e05450d43b0da1fd7739
+# Backported in version v5.4.189 28c8fd84bea13cbf238d7b19d392de2fcc31331c
+# Backported in version v5.10.110 f67a1400788f550d201c71aeaf56706afe57f0da
+# Backported in version v5.15.33 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1
+CVE_CHECK_WHITELIST += "CVE-2022-1198"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1199
+# Patched in kernel since v5.17 71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac
+# Backported in version v5.4.185 0a64aea5fe023cf1e4973676b11f49038b1f045b
+# Backported in version v5.10.106 e2201ef32f933944ee02e59205adb566bafcdf91
+# Backported in version v5.15.29 46ad629e58ce3a88c924ff3c5a7e9129b0df5659
+CVE_CHECK_WHITELIST += "CVE-2022-1199"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1353
+# Patched in kernel since v5.17 9a564bccb78a76740ea9d75a259942df8143d02c
+# Backported in version v5.4.189 ef388db2fe351230ff7194b37d507784bef659ec
+# Backported in version v5.10.110 8d3f4ad43054619379ccc697cfcbdb2c266800d8
+# Backported in version v5.15.33 d06ee4572fd916fbb34d16dc81eb37d1dff83446
+CVE_CHECK_WHITELIST += "CVE-2022-1353"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1419
+# Patched in kernel since v5.6 4b848f20eda5974020f043ca14bacf7a7e634fc8
+# Backported in version v5.4.21 3ea7f138cec139be98f8bb9fc1a6b432003f834e
+CVE_CHECK_WHITELIST += "CVE-2022-1419"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_WHITELIST += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1734
+# Patched in kernel since v5.18 d270453a0d9ec10bb8a802a142fb1b3601a83098
+# Backported in version v5.4.193 33d3e76fc7a7037f402246c824d750542e2eb37f
+# Backported in version v5.10.115 1961c5a688edb53fe3bc25cbda57f47adf12563c
+# Backported in version v5.15.39 b8f2b836e7d0a553b886654e8b3925a85862d2eb
+CVE_CHECK_WHITELIST += "CVE-2022-1734"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
+# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
+# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
+# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
+# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
+# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
+CVE_CHECK_WHITELIST += "CVE-2022-2196"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2318
+# Patched in kernel since v5.19 9cc02ede696272c5271a401e4f27c262359bc2f6
+# Backported in version v5.4.204 bb91556d2af066f8ca2e7fd8e334d652e731ee29
+# Backported in version v5.10.129 8f74cb27c2b4872fd14bf046201fa7b36a46885e
+# Backported in version v5.15.53 659d39545260100628d8a30020d09fb6bf63b915
+CVE_CHECK_WHITELIST += "CVE-2022-2318"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2380
+# Patched in kernel since v5.18 bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8
+# Backported in version v5.4.189 478154be3a8c21ff106310bb1037b1fc9d81dc62
+# Backported in version v5.10.110 72af8810922eb143ed4f116db246789ead2d8543
+# Backported in version v5.15.33 46cdbff26c88fd75dccbf28df1d07cbe18007eac
+CVE_CHECK_WHITELIST += "CVE-2022-2380"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2503
+# Patched in kernel since v5.19 4caae58406f8ceb741603eee460d79bacca9b1b5
+# Backported in version v5.4.197 fd2f7e9984850a0162bfb6948b98ffac9fb5fa58
+# Backported in version v5.10.120 8df42bcd364cc3b41105215d841792aea787b133
+# Backported in version v5.15.45 69712b170237ec5979f168149cd31e851a465853
+CVE_CHECK_WHITELIST += "CVE-2022-2503"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Patched in kernel since v6.0 e8d5dfd1d8747b56077d02664a8838c71ced948e
+# Backported in version v5.4.215 d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2
+# Backported in version v5.10.146 9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d
+# Backported in version v5.15.71 dc33ffbc361e2579a8f31b8724ef85d4117440e4
+# Backported in version v5.19.12 510ea9eae5ee45f4e443023556532bda99387351
+CVE_CHECK_WHITELIST += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2873
+# Patched in kernel since v6.2 39244cc754829bf707dccd12e2ce37510f5b1f8d
+# Backported in version v5.4.229 cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
+# Backported in version v5.10.163 9ac541a0898e8ec187a3fa7024b9701cffae6bf2
+# Backported in version v5.15.86 96c12fd0ec74641295e1c3c34dea3dce1b6c3422
+# Backported in version v6.1.2 233348a04becf133283f0076e20b317302de21d9
+CVE_CHECK_WHITELIST += "CVE-2022-2873"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3028
+# Patched in kernel since v6.0 ba953a9d89a00c078b85f4b190bc1dde66fe16b5
+# Backported in version v5.4.212 8ee27a4f0f1ad36d430221842767880df6494147
+# Backported in version v5.10.140 c5c4d4c9806dadac7bc82f9c29ef4e1b78894775
+# Backported in version v5.15.64 103bd319c0fc90f1cb013c3a508615e6df8af823
+# Backported in version v5.19.6 6901885656c029c976498290b52f67f2c251e6a0
+CVE_CHECK_WHITELIST += "CVE-2022-3028"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3105
+# Patched in kernel since v5.16 7694a7de22c53a312ea98960fcafc6ec62046531
+# Backported in version v5.4.171 7646a340b25bb68cfb6d2e087a608802346d0f7b
+# Backported in version v5.10.91 16e5cad6eca1e506c38c39dc256298643fa1852a
+# Backported in version v5.15.14 0ea8bb0811ba0ec22903cbb48ff2cd872382e8d4
+CVE_CHECK_WHITELIST += "CVE-2022-3105"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3107
+# Patched in kernel since v5.17 886e44c9298a6b428ae046e2fa092ca52e822e6a
+# Backported in version v5.4.187 b01e2df5fbf68719dfb8e766c1ca6089234144c2
+# Backported in version v5.10.108 9b763ceda6f8963cc99df5772540c54ba46ba37c
+# Backported in version v5.15.31 ab0ab176183191cffc69fe9dd8ac6c8db23f60d3
+CVE_CHECK_WHITELIST += "CVE-2022-3107"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3111
+# Patched in kernel since v5.18 6dee930f6f6776d1e5a7edf542c6863b47d9f078
+# Backported in version v5.4.189 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa
+# Backported in version v5.10.110 48d23ef90116c8c702bfa4cad93744e4e5588d7d
+# Backported in version v5.15.33 4124966fbd95eeecca26d52433f393e2b9649a33
+CVE_CHECK_WHITELIST += "CVE-2022-3111"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3115
+# Patched in kernel since v5.19 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33
+# Backported in version v5.4.198 fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f
+# Backported in version v5.10.121 b4c7dd0037e6aeecad9b947b30f0d9eaeda11762
+# Backported in version v5.15.46 4cb37f715f601cee5b026c6f9091a466266b5ba5
+CVE_CHECK_WHITELIST += "CVE-2022-3115"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3202
+# Patched in kernel since v5.18 a53046291020ec41e09181396c1e829287b48d47
+# Backported in version v5.4.189 e19c3149a80e4fc8df298d6546640e01601f3758
+# Backported in version v5.10.111 b9c5ac0a15f24d63b20f899072fa6dd8c93af136
+# Backported in version v5.15.34 d925b7e78b62805fcc5440d1521181c82b6f03cb
+CVE_CHECK_WHITELIST += "CVE-2022-3202"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3303
+# Patched in kernel since v6.0 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d
+# Backported in version v5.4.215 4051324a6dafd7053c74c475e80b3ba10ae672b0
+# Backported in version v5.10.148 fce793a056c604b41a298317cf704dae255f1b36
+# Backported in version v5.15.68 8015ef9e8a0ee5cecfd0cb6805834d007ab26f86
+# Backported in version v5.19.9 723ac5ab2891b6c10dd6cc78ef5456af593490eb
+CVE_CHECK_WHITELIST += "CVE-2022-3303"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
+# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
+# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
+# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
+# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
+CVE_CHECK_WHITELIST += "CVE-2022-3424"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_WHITELIST += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3521
+# Patched in kernel since v6.1 ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
+# Backported in version v5.4.225 ad39d09190a545d0f05ae0a82900eee96c5facea
+# Backported in version v5.10.156 7deb7a9d33e4941c5ff190108146d3a56bf69e9d
+# Backported in version v5.15.80 27d706b0d394a907ff8c4f83ffef9d3e5817fa84
+CVE_CHECK_WHITELIST += "CVE-2022-3521"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3545
+# Patched in kernel since v6.0 02e1a114fdb71e59ee6770294166c30d437bf86a
+# Backported in version v5.4.228 3c837460f920a63165961d2b88b425703f59affb
+# Backported in version v5.10.160 eb6313c12955c58c3d3d40f086c22e44ca1c9a1b
+# Backported in version v5.15.84 9d933af8fef33c32799b9f2d3ff6bf58a63d7f24
+CVE_CHECK_WHITELIST += "CVE-2022-3545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.4.224 4cd094fd5d872862ca278e15b9b51b07e915ef3f
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_WHITELIST += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3586
+# Patched in kernel since v6.0 9efd23297cca530bb35e1848665805d3fcdd7889
+# Backported in version v5.4.213 279c7668e354fa151d5fd2e8c42b5153a1de3135
+# Backported in version v5.10.143 2ee85ac1b29dbd2ebd2d8e5ac1dd5793235d516b
+# Backported in version v5.15.68 1a889da60afc017050e1f517b3b976b462846668
+# Backported in version v5.19.9 8f796f36f5ba839c11eb4685150ebeed496c546f
+CVE_CHECK_WHITELIST += "CVE-2022-3586"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3594
+# Patched in kernel since v6.1 93e2be344a7db169b7119de21ac1bf253b8c6907
+# Backported in version v5.4.220 61fd56b0a1a3e923aced4455071177778dd59e88
+# Backported in version v5.10.150 484400d433ca1903a87268c55f019e932297538a
+# Backported in version v5.15.75 b3179865cf7e892b26eedab3d6c54b4747c774a2
+# Backported in version v5.19.17 2e896abccf99fef76691d8e1019bd44105a12e1f
+CVE_CHECK_WHITELIST += "CVE-2022-3594"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_WHITELIST += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_WHITELIST += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_WHITELIST += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_WHITELIST += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_WHITELIST += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_WHITELIST += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_WHITELIST += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3707
+# Patched in kernel since v6.2 4a61648af68f5ba4884f0e3b494ee1cabc4b6620
+# Backported in version v5.4.233 787ef0db014085df8691e5aeb58ab0bb081e5ff0
+# Backported in version v5.10.170 3d743415c6fb092167df6c23e9c7e9f6df7db625
+# Backported in version v5.15.96 0d3d5099a50badadad6837edda00e42149b2f657
+# Backported in version v6.1.5 1022519da69d99d455c58ca181a6c499c562c70e
+CVE_CHECK_WHITELIST += "CVE-2022-3707"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4095
+# Patched in kernel since v6.0 e230a4455ac3e9b112f0367d1b8e255e141afae0
+# Backported in version v5.4.213 d0aac7146e96bf39e79c65087d21dfa02ef8db38
+# Backported in version v5.10.142 19e3f69d19801940abc2ac37c169882769ed9770
+# Backported in version v5.15.66 dc02aaf950015850e7589696521c7fca767cea77
+# Backported in version v5.19.8 b1727def850904e4b8ba384043775672841663a1
+CVE_CHECK_WHITELIST += "CVE-2022-4095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4139
+# Patched in kernel since v6.1 04aa64375f48a5d430b5550d9271f8428883e550
+# Backported in version v5.4.226 3659e33c1e4f8cfc62c6c15aca5d797010c277a4
+# Backported in version v5.10.157 86f0082fb9470904b15546726417f28077088fee
+# Backported in version v5.15.81 ee2d04f23bbb16208045c3de545c6127aaa1ed0e
+CVE_CHECK_WHITELIST += "CVE-2022-4139"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Patched in kernel since v6.2 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_WHITELIST += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4662
+# Patched in kernel since v6.0 9c6d778800b921bde3bff3cff5003d1650f942d1
+# Backported in version v5.4.213 df1875084898b15cbc42f712e93d7f113ae6271b
+# Backported in version v5.10.142 abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8
+# Backported in version v5.15.66 c548b99e1c37db6f7df86ecfe9a1f895d6c5966e
+# Backported in version v5.19.8 d5eb850b3e8836197a38475840725260b9783e94
+CVE_CHECK_WHITELIST += "CVE-2022-4662"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-24448
+# Patched in kernel since v5.17 ac795161c93699d600db16c1a8cc23a65a1eceaf
+# Backported in version v5.4.176 0dfacee40021dcc0a9aa991edd965addc04b9370
+# Backported in version v5.10.96 ce8c552b88ca25d775ecd0a0fbef4e0e03de9ed2
+# Backported in version v5.15.19 4c36ca387af4a9b5d775e46a6cb9dc2d151bf057
+CVE_CHECK_WHITELIST += "CVE-2022-24448"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-24959
+# Patched in kernel since v5.17 29eb31542787e1019208a2e1047bb7c76c069536
+# Backported in version v5.4.176 7afc09c8915b0735203ebcb8d766d7db37b794c0
+# Backported in version v5.10.96 729e54636b3ebefb77796702a5b1f1ed5586895e
+# Backported in version v5.15.19 0690c3943ed0fa76654e600eca38cde6a13c87ac
+CVE_CHECK_WHITELIST += "CVE-2022-24959"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-25258
+# Patched in kernel since v5.17 75e5b4849b81e19e9efe1654b30d7f3151c33c2c
+# Backported in version v5.4.180 38fd68f55a7ef57fb9cc3102ac65d1ac474a1a18
+# Backported in version v5.10.101 22ec1004728548598f4f5b4a079a7873409eacfd
+# Backported in version v5.15.24 3e33e5c67cb9ebd2b791b9a9fb2b71daacebd8d4
+CVE_CHECK_WHITELIST += "CVE-2022-25258"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-25375
+# Patched in kernel since v5.17 38ea1eac7d88072bbffb630e2b3db83ca649b826
+# Backported in version v5.4.180 c9e952871ae47af784b4aef0a77db02e557074d6
+# Backported in version v5.10.101 fb4ff0f96de37c44236598e8b53fe43b1df36bf3
+# Backported in version v5.15.24 2da3b0ab54fb7f4d7c5a82757246d0ee33a47197
+CVE_CHECK_WHITELIST += "CVE-2022-25375"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-25636
+# Patched in kernel since v5.17 b1a5983f56e371046dcf164f90bfaf704d2b89f6
+# Backported in version v5.4.182 49c011a44edd14adb555dbcbaf757f52b1f2f748
+# Backported in version v5.10.103 68f19845f580a1d3ac1ef40e95b0250804e046bb
+# Backported in version v5.15.26 6c5d780469d6c3590729940e2be8a3bd66ea4814
+CVE_CHECK_WHITELIST += "CVE-2022-25636"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_WHITELIST += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26490
+# Patched in kernel since v5.17 4fbcc1a4cb20fe26ad0225679c536c80f1648221
+# Backported in version v5.4.188 0aef7184630b599493a0dcad4eec6d42b3e68e91
+# Backported in version v5.10.109 25c23fe40e6e1ef8e6d503c52b4f518b2e520ab7
+# Backported in version v5.15.32 a34c47b1ab07153a047476de83581dc822287f39
+CVE_CHECK_WHITELIST += "CVE-2022-26490"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26966
+# Patched in kernel since v5.17 e9da0b56fe27206b49f39805f7dcda8a89379062
+# Backported in version v5.4.182 b95d71abeb7d31d4d51cd836d80f99fd783fd6d5
+# Backported in version v5.10.103 4f5f5411f0c14ac0b61d5e6a77d996dd3d5b5fd3
+# Backported in version v5.15.26 9f2d614779906f3d8ad4fb882c5b3e5ad6150bbe
+CVE_CHECK_WHITELIST += "CVE-2022-26966"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-27223
+# Patched in kernel since v5.17 7f14c7227f342d9932f9b918893c8814f86d2a0d
+# Backported in version v5.4.182 6b23eda989236fd75b4a9893cc816cd690c29dfc
+# Backported in version v5.10.103 bfa8ffbaaaaf9752f66bc7cabcef2de715e7621f
+# Backported in version v5.15.26 2c775ad1fd5e014b35e483da2aab8400933fb09d
+CVE_CHECK_WHITELIST += "CVE-2022-27223"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-27666
+# Patched in kernel since v5.17 ebe48d368e97d007bfeb76fcb065d6cfc4c96645
+# Backported in version v5.4.188 fee4dfbda68ba10f3bbcf51c861d6aa32f08f9e4
+# Backported in version v5.10.108 9248694dac20eda06e22d8503364dc9d03df4e2f
+# Backported in version v5.15.29 4aaabbffc3b0658ce80eebdde9bafa20a3f932e0
+CVE_CHECK_WHITELIST += "CVE-2022-27666"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28356
+# Patched in kernel since v5.18 764f4eb6846f5475f1244767d24d25dd86528a4a
+# Backported in version v5.4.188 572f9a0d3f3feb8bd3422e88ad71882bc034b3ff
+# Backported in version v5.10.109 571df3393f523b59cba87e2f3e80a3a624030f9c
+# Backported in version v5.15.32 e9072996108387ab19b497f5b557c93f98d96b0b
+CVE_CHECK_WHITELIST += "CVE-2022-28356"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28388
+# Patched in kernel since v5.18 3d3925ff6433f98992685a9679613a2cc97f3ce2
+# Backported in version v5.4.191 660784e7194ac2953aebe874c1f75f2441ba3d19
+# Backported in version v5.10.110 5318cdf4fd834856ce71238b064f35386f9ef528
+# Backported in version v5.15.33 f2ce5238904f539648aaf56c5ee49e5eaf44d8fc
+CVE_CHECK_WHITELIST += "CVE-2022-28388"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28389
+# Patched in kernel since v5.18 04c9b00ba83594a29813d6b1fb8fdc93a3915174
+# Backported in version v5.4.189 2dfe9422d528630e2ce0d454147230cce113f814
+# Backported in version v5.10.110 0801a51d79389282c1271e623613b2e1886e071e
+# Backported in version v5.15.33 37f07ad24866c6c1423b37b131c9a42414bcf8a1
+CVE_CHECK_WHITELIST += "CVE-2022-28389"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28390
+# Patched in kernel since v5.18 c70222752228a62135cee3409dccefd494a24646
+# Backported in version v5.4.189 e27caad38b59b5b00b9c5228d04c13111229deec
+# Backported in version v5.10.110 b417f9c50586588754b2b0453a1f99520cf7c0e8
+# Backported in version v5.15.33 459b19f42fd5e031e743dfa119f44aba0b62ff97
+CVE_CHECK_WHITELIST += "CVE-2022-28390"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-28893
+# Patched in kernel since v5.18 f00432063db1a0db484e85193eccc6845435b80e
+# Backported in version v5.4.196 2f8f6c393b11b5da059b1fc10a69fc2f2b6c446a
+# Backported in version v5.10.117 e68b60ae29de10c7bd7636e227164a8dbe305a82
+# Backported in version v5.15.41 54f6834b283d9b4d070b0639d9ef5e1d156fe7b0
+CVE_CHECK_WHITELIST += "CVE-2022-28893"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32250
+# Patched in kernel since v5.19 520778042ccca019f3ffa136dd0ca565c486cedd
+# Backported in version v5.4.198 f36736fbd48491a8d85cd22f4740d542c5a1546e
+# Backported in version v5.10.120 ea62d169b6e731e0b54abda1d692406f6bc6a696
+# Backported in version v5.15.45 f692bcffd1f2ce5488d24fbcb8eab5f351abf79d
+CVE_CHECK_WHITELIST += "CVE-2022-32250"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32296
+# Patched in kernel since v5.18 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
+# Backported in version v5.4.201 c26e1addf15763ae404f4bbf131719a724e768ab
+# Backported in version v5.10.125 9429b75bc271b6f29e50dbb0ee0751800ff87dd9
+# Backported in version v5.15.41 952a238d779eea4ecb2f8deb5004c8f56be79bc9
+CVE_CHECK_WHITELIST += "CVE-2022-32296"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32981
+# Patched in kernel since v5.19 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9
+# Backported in version v5.4.198 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b
+# Backported in version v5.10.122 3be74fc0afbeadc2aff8dc69f3bf9716fbe66486
+# Backported in version v5.15.47 2a0165d278973e30f2282c15c52d91788749d2d4
+CVE_CHECK_WHITELIST += "CVE-2022-32981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_WHITELIST += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_WHITELIST += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_WHITELIST += "CVE-2022-33742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33744
+# Patched in kernel since v5.19 b75cd218274e01d026dc5240e86fdeb44bbed0c8
+# Backported in version v5.4.204 5c03cad51b84fb26ccea7fd99130d8ec47949cfc
+# Backported in version v5.10.129 43c8d33ce353091f15312cb6de3531517d7bba90
+# Backported in version v5.15.53 9f83c8f6ab14bbf4311b70bf1b7290d131059101
+CVE_CHECK_WHITELIST += "CVE-2022-33744"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33981
+# Patched in kernel since v5.18 233087ca063686964a53c829d547c7571e3f67bf
+# Backported in version v5.4.192 7dea5913000c6a2974a00d9af8e7ffb54e47eac1
+# Backported in version v5.10.114 54c028cfc49624bfc27a571b94edecc79bbaaab4
+# Backported in version v5.15.37 e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3
+CVE_CHECK_WHITELIST += "CVE-2022-33981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36123
+# Patched in kernel since v5.19 38fa5479b41376dc9d7f57e71c83514285a25ca0
+# Backported in version v5.4.207 a3c7c1a726a4c6b63b85e8c183f207543fd75e1b
+# Backported in version v5.10.132 136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87
+# Backported in version v5.15.56 26bb7afc027ce6ac8ab6747babec674d55689ff0
+CVE_CHECK_WHITELIST += "CVE-2022-36123"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36280
+# Patched in kernel since v6.2 4cf949c7fafe21e085a4ee386bb2dade9067316e
+# Backported in version v5.4.229 94b283341f9f3f0ed56a360533766377a01540e0
+# Backported in version v5.10.163 439cbbc1519547f9a7b483f0de33b556ebfec901
+# Backported in version v5.15.87 6948e570f54f2044dd4da444b10471373a047eeb
+# Backported in version v6.1.4 622d527decaac0eb65512acada935a0fdc1d0202
+CVE_CHECK_WHITELIST += "CVE-2022-36280"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36879
+# Patched in kernel since v5.19 f85daf0e725358be78dfd208dea5fd665d8cb901
+# Backported in version v5.4.208 f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20
+# Backported in version v5.10.134 47b696dd654450cdec3103a833e5bf29c4b83bfa
+# Backported in version v5.15.58 c8e32bca0676ac663266a3b16562cb017300adcd
+CVE_CHECK_WHITELIST += "CVE-2022-36879"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36946
+# Patched in kernel since v5.19 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
+# Backported in version v5.4.209 52be29e8b6455788a4d0f501bd87aa679ca3ba3c
+# Backported in version v5.10.135 440dccd80f627e0e11ceb0429e4cdab61857d17e
+# Backported in version v5.15.59 91c11008aab0282957b8b8ccb0707d90e74cc3b9
+CVE_CHECK_WHITELIST += "CVE-2022-36946"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39188
+# Patched in kernel since v5.19 b67fbebd4cf980aecbcc750e1462128bffe8ae15
+# Backported in version v5.4.212 c9c5501e815132530d741ec9fdd22657f91656bc
+# Backported in version v5.10.141 895428ee124ad70b9763259308354877b725c31d
+# Backported in version v5.15.65 3ffb97fce282df03723995f5eed6a559d008078e
+CVE_CHECK_WHITELIST += "CVE-2022-39188"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39842
+# Patched in kernel since v5.19 a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
+# Backported in version v5.4.215 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9
+# Backported in version v5.10.145 06e194e1130c98f82d46beb40cdbc88a0d4fd6de
+# Backported in version v5.15.70 ab5140c6ddd7473509e12f468948de91138b124e
+CVE_CHECK_WHITELIST += "CVE-2022-39842"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40307
+# Patched in kernel since v6.0 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
+# Backported in version v5.4.213 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997
+# Backported in version v5.10.143 918d9c4a4bdf5205f2fb3f64dddfb56c9a1d01d6
+# Backported in version v5.15.68 dd291e070be0eca8807476b022bda00c891d9066
+# Backported in version v5.19.9 d46815a8f26ca6db2336106a148265239f73b0af
+CVE_CHECK_WHITELIST += "CVE-2022-40307"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40768
+# Patched in kernel since v6.1 6022f210461fef67e6e676fd8544ca02d1bcfa7a
+# Backported in version v5.4.218 20a5bde605979af270f94b9151f753ec2caf8b05
+# Backported in version v5.10.148 36b33c63515a93246487691046d18dd37a9f589b
+# Backported in version v5.15.74 76efb4897bc38b2f16176bae27ae801037ebf49a
+# Backported in version v5.19.16 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86
+CVE_CHECK_WHITELIST += "CVE-2022-40768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41218
+# Patched in kernel since v6.2 fd3d91ab1c6ab0628fe642dd570b56302c30a792
+# Backported in version v5.4.229 a29d6213098816ed4574824b6adae94fb1c0457d
+# Backported in version v5.10.163 3df07728abde249e2d3f47cf22f134cb4d4f5fb1
+# Backported in version v5.15.87 8b45a3b19a2e909e830d09a90a7e1ec8601927d9
+# Backported in version v6.1.4 530ca64b44625f7d39eb1d5efb6f9ff21da991e2
+CVE_CHECK_WHITELIST += "CVE-2022-41218"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41222
+# Patched in kernel since v5.14 97113eb39fa7972722ff490b947d8af023e1f6a2
+# Backported in version v5.4.211 79e522101cf40735f1936a10312e17f937b8dcad
+# Backported in version v5.10.137 2613baa3ab2153cc45b175c58700d93f72ef36c4
+CVE_CHECK_WHITELIST += "CVE-2022-41222"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41849
+# Patched in kernel since v6.1 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c
+# Backported in version v5.4.220 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c
+# Backported in version v5.10.150 e50472949604f385e09ce3fa4e74dce9f44fb19b
+# Backported in version v5.15.75 2b0897e33682a332167b7d355eec28693b62119e
+# Backported in version v5.19.17 02c871d44090c851b07770176f88c6f5564808a1
+CVE_CHECK_WHITELIST += "CVE-2022-41849"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41850
+# Patched in kernel since v6.1 cacdb14b1c8d3804a3a7d31773bc7569837b71a4
+# Backported in version v5.4.220 e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd
+# Backported in version v5.10.150 dbcca76435a606a352c794956e6df62eedd3a353
+# Backported in version v5.15.75 c61786dc727d1850336d12c85a032c9a36ae396d
+# Backported in version v5.19.17 2d38886ae0365463cdba3db669170eef1e3d55c0
+CVE_CHECK_WHITELIST += "CVE-2022-41850"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41858
+# Patched in kernel since v5.18 ec4eb8a86ade4d22633e1da2a7d85a846b7d1798
+# Backported in version v5.4.190 d05cd68ed8460cb158cc62c41ffe39fe0ca16169
+# Backported in version v5.10.112 ca24c5e8f0ac3d43ec0cff29e1c861be73aff165
+# Backported in version v5.15.35 efb020924a71391fc12e6f204eaf25694cc116a1
+CVE_CHECK_WHITELIST += "CVE-2022-41858"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42328
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_WHITELIST += "CVE-2022-42328"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42329
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_WHITELIST += "CVE-2022-42329"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42703
+# Patched in kernel since v6.0 2555283eb40df89945557273121e9393ef9b542b
+# Backported in version v5.4.212 2fe3eee48899a890310177d54537d5b8e255eb31
+# Backported in version v5.10.141 98f401d36396134c0c86e9e3bd00b6b6b028b521
+# Backported in version v5.15.65 c18a209b56e37b2a60414f714bd70b084ef25835
+# Backported in version v5.19.7 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c
+CVE_CHECK_WHITELIST += "CVE-2022-42703"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42721
+# Patched in kernel since v6.1 bcca852027e5878aec911a347407ecc88d6fff7f
+# Backported in version v5.4.218 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc
+# Backported in version v5.10.148 b0e5c5deb7880be5b8a459d584e13e1f9879d307
+# Backported in version v5.15.74 0a8ee682e4f992eccce226b012bba600bb2251e2
+# Backported in version v5.19.16 1d73c990e9bafc2754b1ced71345f73f5beb1781
+CVE_CHECK_WHITELIST += "CVE-2022-42721"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+CVE_CHECK_WHITELIST += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47929
+# Patched in kernel since v6.2 96398560f26aa07e8f2969d73c8197e6a6d10407
+# Backported in version v5.4.229 9b83ec63d0de7b1f379daa1571e128bc7b9570f8
+# Backported in version v5.10.163 9f7bc28a6b8afc2274e25650511555e93f45470f
+# Backported in version v5.15.88 04941c1d5bb59d64165e09813de2947bdf6f4f28
+# Backported in version v6.1.6 e8988e878af693ac13b0fa80ba2e72d22d68f2dd
+CVE_CHECK_WHITELIST += "CVE-2022-47929"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_WHITELIST += "CVE-2023-0394"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0458
+# Patched in kernel since v6.2 739790605705ddcf18f21782b9c99ad7d53a8c11
+# Backported in version v5.4.230 96b02125dd68d77e28a29488e6f370a5eac7fb1c
+# Backported in version v5.10.165 9f8e45720e0e7edb661d0082422f662ed243d8d8
+# Backported in version v5.15.90 f01aefe374d32c4bb1e5fd1e9f931cf77fca621a
+# Backported in version v6.1.8 91185568c99d60534bacf38439846103962d1e2c
+CVE_CHECK_WHITELIST += "CVE-2023-0458"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
+# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+CVE_CHECK_WHITELIST += "CVE-2023-0461"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Patched in kernel since v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version v5.4.231 89e7fe3999e057c91f157b6ba663264f4cdfcb55
+# Backported in version v5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version v5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version v6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_CHECK_WHITELIST += "CVE-2023-1073"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel since v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version v5.4.231 a7585028ac0a5836f39139c11594d79ede97d975
+# Backported in version v5.10.166 6ef652f35dcfaa1ab2b2cf6c1694718595148eee
+# Backported in version v5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version v6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_CHECK_WHITELIST += "CVE-2023-1074"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel since v6.3 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version v5.4.235 084cd75643b61fb924f70cba98a71dea14942938
+# Backported in version v5.10.173 80a1751730b302d8ab63a084b2fa52c820ad0273
+# Backported in version v5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version v6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+# Backported in version v6.2.3 1099004ae1664703ec573fc4c61ffb24144bcb63
+CVE_CHECK_WHITELIST += "CVE-2023-1077"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel since v6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version v5.4.232 ba38eacade35dd2316d77b37494e6e0c01bab595
+# Backported in version v5.10.168 c53f34ec3fbf3e9f67574118a6bb35ae1146f7ca
+# Backported in version v5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version v6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_CHECK_WHITELIST += "CVE-2023-1078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_CHECK_WHITELIST += "CVE-2023-1079"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1095
+# Patched in kernel since v6.0 580077855a40741cf511766129702d97ff02f4d9
+# Backported in version v5.4.211 a452bc3deb23bf93f8a13d3e24611b7ef39645dc
+# Backported in version v5.10.137 80977126bc20309f7f7bae6d8621356b393e8b41
+# Backported in version v5.15.61 8a2df34b5bf652566f2889d9fa321f3b398547ef
+# Backported in version v5.19.2 109539c9ba8497aad2948af4f09077f6a65059fe
+CVE_CHECK_WHITELIST += "CVE-2023-1095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
+# Patched in kernel since v6.3 29b0589a865b6f66d141d79b2dd1373e4e50fe17
+# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
+# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
+# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
+# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
+# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
+CVE_CHECK_WHITELIST += "CVE-2023-1118"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1382
+# Patched in kernel since v6.1 a7b42969d63f47320853a802efd879fbdc4e010e
+# Backported in version v5.4.226 59f9aad22fd743572bdafa37d3e1dd5dc5658e26
+# Backported in version v5.10.157 4058e3b74ab3eabe0835cee9a0c6deda79e8a295
+# Backported in version v5.15.81 33fb115a76ae6683e34f76f7e07f6f0734b2525f
+CVE_CHECK_WHITELIST += "CVE-2023-1382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1390
+# Patched in kernel since v5.11 b77413446408fdd256599daf00d5be72b5f3e7c6
+# Backported in version v5.4.92 56e8947bcf814d195eb4954b4821868803d3dd67
+# Backported in version v5.10.10 60b8b4e6310b7dfc551ba68e8639eeaf70a0b2dd
+CVE_CHECK_WHITELIST += "CVE-2023-1390"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_CHECK_WHITELIST += "CVE-2023-1513"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+CVE_CHECK_WHITELIST += "CVE-2023-1829"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1838
+# Patched in kernel since v5.18 fb4554c2232e44d595920f4d5c66cf8f7d13f9bc
+# Backported in version v5.4.196 3a12b2c413b20c17832ec51cb836a0b713b916ac
+# Backported in version v5.10.118 ec0d801d1a44d9259377142c6218885ecd685e41
+# Backported in version v5.15.42 42d8a6dc45fc6619b8def1a70b7bd0800bcc4574
+CVE_CHECK_WHITELIST += "CVE-2023-1838"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1998
+# Patched in kernel since v6.3 6921ed9049bc7457f66c1596c5b78aec0dae4a9d
+# Backported in version v5.4.235 34c1b60e7a80404056c03936dd9c2438da2789d4
+# Backported in version v5.10.173 abfed855f05863d292de2d0ebab4656791bab9c8
+# Backported in version v5.15.99 e7f1ddebd9f5b12de40bc37db9243957678f1448
+# Backported in version v6.1.16 08d87c87d6461d16827c9b88d84c48c26b6c994a
+# Backported in version v6.2.3 ead3c8e54d28fa1d5454b1f8a21b96b4a969b1cb
+CVE_CHECK_WHITELIST += "CVE-2023-1998"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2008
+# Patched in kernel since v5.19 05b252cccb2e5c3f56119d25de684b4f810ba40a
+# Backported in version v5.4.202 c7bdaad9cbfe17c83e4f56c7bb7a2d87d944f0fb
+# Backported in version v5.10.127 20119c1e0fff89542ff3272ace87e04cf6ee6bea
+# Backported in version v5.15.51 5b45535865d62633e3816ee30eb8d3213038dc17
+CVE_CHECK_WHITELIST += "CVE-2023-2008"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2162
+# Patched in kernel since v6.2 f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3
+# Backported in version v5.4.232 d4d765f4761f9e3a2d62992f825aeee593bcb6b9
+# Backported in version v5.10.168 9758ffe1c07b86aefd7ca8e40d9a461293427ca0
+# Backported in version v5.15.93 0aaabdb900c7415caa2006ef580322f7eac5f6b6
+# Backported in version v6.1.11 61e43ebfd243bcbad11be26bd921723027b77441
+CVE_CHECK_WHITELIST += "CVE-2023-2162"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2166
+# Patched in kernel since v6.1 0acc442309a0a1b01bcdaa135e56e6398a49439c
+# Backported in version v5.4.227 3982652957e8d79ac32efcb725450580650a8644
+# Backported in version v5.10.159 c42221efb1159d6a3c89e96685ee38acdce86b6f
+# Backported in version v5.15.83 c142cba37de29f740a3852f01f59876af8ae462a
+CVE_CHECK_WHITELIST += "CVE-2023-2166"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2177
+# Patched in kernel since v5.19 181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d
+# Backported in version v5.4.209 8d6dab81ee3d0309c09987ff76164a25486c43e0
+# Backported in version v5.10.135 6f3505588d66b27220f07d0cab18da380fae2e2d
+# Backported in version v5.15.59 e796e1fe20ecaf6da419ef6a5841ba181bba7a0c
+CVE_CHECK_WHITELIST += "CVE-2023-2177"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23006
+# Patched in kernel since v5.16 6b8b42585886c59a008015083282aae434349094
+# Backported in version v5.4.170 db484d35a9482d21a7f36da4dfc7a68aa2e9e1d6
+# Backported in version v5.10.90 4cd1da02f0c39606e3378c9255f17d6f85d106c7
+# Backported in version v5.15.13 4595dffccfa5b9360162c72cc0f6a33477d871cf
+CVE_CHECK_WHITELIST += "CVE-2023-23006"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23454
+# Patched in kernel since v6.2 caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
+# Backported in version v5.4.229 6b17b84634f932f4787f04578f5d030874b9ff32
+# Backported in version v5.10.163 b2c917e510e5ddbc7896329c87d20036c8b82952
+# Backported in version v5.15.87 04dc4003e5df33fb38d3dd85568b763910c479d4
+# Backported in version v6.1.5 dc46e39b727fddc5aacc0272ef83ee872d51be16
+CVE_CHECK_WHITELIST += "CVE-2023-23454"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23455
+# Patched in kernel since v6.2 a2965c7be0522eaa18808684b7b82b248515511b
+# Backported in version v5.4.229 63e469cb54a87df53edcfd85bb5bcdd84327ae4a
+# Backported in version v5.10.163 5f65f48516bfeebaab1ccc52c8fad698ddf21282
+# Backported in version v5.15.87 f02327a4877a06cbc8277e22d4834cb189565187
+# Backported in version v6.1.5 85655c63877aeafdc23226510ea268a9fa0af807
+CVE_CHECK_WHITELIST += "CVE-2023-23455"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23559
+# Patched in kernel since v6.2 b870e73a56c4cccbec33224233eaf295839f228c
+# Backported in version v5.4.231 9042a9a3f29c942387e6d6036551d90c9ae6ce4f
+# Backported in version v5.10.166 802fd7623e9ed19ee809b503e93fccc1e3f37bd6
+# Backported in version v5.15.91 8cbf932c5c40b0c20597fa623c308d5bde0848b5
+# Backported in version v6.1.9 7794efa358bca8b8a2a80070c6e088a74945f018
+CVE_CHECK_WHITELIST += "CVE-2023-23559"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-25012
+# Patched in kernel since v6.3 76ca8da989c7d97a7f76c75d475fe95a584439d7
+# Backported in version v5.4.235 25e14bf0c894f9003247e3475372f33d9be1e424
+# Backported in version v5.10.173 fddde36316da8acb45a3cca2e5fda102f5215877
+# Backported in version v5.15.99 0fd9998052926ed24cfb30ab1a294cfeda4d0a8f
+# Backported in version v6.1.16 f2bf592ebd5077661e00aa11e12e054c4c8f6dd0
+# Backported in version v6.2.3 90289e71514e9533a9c44d694e2b492be9ed2b77
+CVE_CHECK_WHITELIST += "CVE-2023-25012"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-26545
+# Patched in kernel since v6.2 fda6c89fe3d9aca073495a664e1d5aea28cd4377
+# Backported in version v5.4.232 df099e65564aa47478eb1cacf81ba69024fb5c69
+# Backported in version v5.10.169 7ff0fdba82298d1f456c685e24930da89703c0fb
+# Backported in version v5.15.95 59a74da8da75bdfb464cbdb399e87ba4f7500e96
+# Backported in version v6.1.13 c376227845eef8f2e62e2c29c3cf2140d35dd8e8
+CVE_CHECK_WHITELIST += "CVE-2023-26545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28327
+# Patched in kernel since v6.1 b3abe42e94900bdd045c472f9c9be620ba5ce553
+# Backported in version v5.4.227 c66d78aee55dab72c92020ebfbebc464d4f5dd2a
+# Backported in version v5.10.159 575a6266f63dbb3b8eb1da03671451f0d81b8034
+# Backported in version v5.15.83 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91
+CVE_CHECK_WHITELIST += "CVE-2023-28327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28328
+# Patched in kernel since v6.2 0ed554fd769a19ea8464bb83e9ac201002ef74ad
+# Backported in version v5.4.229 8b256d23361c51aa4b7fdb71176c1ca50966fb39
+# Backported in version v5.10.163 559891d430e3f3a178040c4371ed419edbfa7d65
+# Backported in version v5.15.86 210fcf64be4db82c0e190e74b5111e4eef661a7a
+# Backported in version v6.1.2 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70
+CVE_CHECK_WHITELIST += "CVE-2023-28328"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28772
+# Patched in kernel since v5.14 d3b16034a24a112bb83aeb669ac5b9b01f744bb7
+# Backported in version v5.4.133 33ab9138a13e379cf1c4ccd76b97ae2ee8c5421b
+# Backported in version v5.10.51 f9fb4986f4d81182f938d16beb4f983fe71212aa
+CVE_CHECK_WHITELIST += "CVE-2023-28772"
diff --git a/meta/recipes-kernel/linux/linux-yocto.inc b/meta/recipes-kernel/linux/linux-yocto.inc
index 0a4d528aab..2978c2fb90 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -56,3 +56,6 @@ do_install_append(){
 
 # enable kernel-sample for oeqa/runtime/cases's ksample.py test
 KERNEL_FEATURES_append_qemuall=" features/kernel-sample/kernel-sample.scc"
+
+# CVE exclusion
+include recipes-kernel/linux/cve-exclusion.inc

From patchwork Thu May 11 21:28:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23845
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7692EC77B7F
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:38 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web10.8925.1683840511809461615
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:31 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=35P0dXPt;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-64384c6797eso7427391b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840511;
 x=1686432511;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WInWRzO/L07qH8jaWkky5Aq0zD9A5N7d6N3BRjsggK0=;
        b=35P0dXPtZxSMp+psqkibowbv73ehIGXkMx52RN36ECRp2HfSJ+BDU9+A+md4bAJaZJ
         MaKeXtMXcv+odUT4wonmRud7A7mOiPuSaXMEkvQ4gs7NNU0ZUgWWkvBTwSLJN/CG4VWE
         zWI9SDJ78Fmrh1qcDEIv9tryFuKrzYAM315l6BX+QcTLOB6DG/tIeYvNHcvmEmrM4wry
         wGHk0FaqeOo7Ce+1Oxi2XXf3RWe5k1YhZ2OdlRHSLT4no8bjBYtKtq6orJchenpTzTDi
         spkSrqdw4IEaH5ii0iZsO9NqjPSiaaA9sja5nL/Bw/MGfXEPzFa3IFTuKW72BlJ4+h3l
         941w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840511; x=1686432511;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=WInWRzO/L07qH8jaWkky5Aq0zD9A5N7d6N3BRjsggK0=;
        b=AAHjc1IVMC7MMSvMVgKMTRLzgbvpVX53pFTyamY6MghzP0gjD2jMe5omfsUGnXzu3n
         niGaOC7wEqvbJRzNVoxBJlaLR3YWkCoHlpgVlAJZ6QzPabHlkkFfOs1vLDAZKKQ7B8b4
         gY76NbE/0+O7cAQaJyQYP3cbIZ9tA9x1X6xLjQYHo7qD2WB5FaNb8RbE400WEMe2cuVQ
         T/AK+LFB+8ZJIduHp8woPqw3zVDqS2ZeiGEk/PfsA52E+Q/rLDdQd/iDGSygBNNkYWzy
         k82GRP41W6aDmglZQ+nPKchSBgXmyzQ/hi2qz+Okt1skZUMWGnwmKt9lEEnY/OPDenxu
         Dtzw==
X-Gm-Message-State: AC+VfDy+5o0Oncskrj4bb9owbz7JLEPXjrfNMithZ25qka2+WmGiTafe
	SgqYbQtd9aHvSAIptpvDsZ7Rvm7kuVwEmdHbddY=
X-Google-Smtp-Source: 
 ACHHUZ7xhTgbEAeiPA9ACw2UH+6wvzGRRmpNhVuyuKUJAC5SeL2zeFVRQlCtacAqMM2gv2kUeqx4PA==
X-Received: by 2002:a05:6a00:801:b0:648:d20c:37dd with SMTP id
 m1-20020a056a00080100b00648d20c37ddmr7476068pfk.18.1683840510976;
        Thu, 11 May 2023 14:28:30 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:30 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 6/7] libbsd: Add correct license for all packages
Date: Thu, 11 May 2023 11:28:10 -1000
Message-Id: 
 <187f1588240a0eb5cc753c2114fd6c0cef66e14f.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181152

From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

BSD-4-Clause is only applicable to the {PN}-doc package as when I
check for the source code I find below files which only uses the
license BSD-4-Clause

~/sources/libbsd$ grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort
COPYING
man/arc4random.3bsd
man/getprogname.3bsd
man/tree.3bsd

~/sources/libbsd$ grep -rnB6 "BSD-4"
COPYING-9-Files:
COPYING-10- man/arc4random.3bsd
COPYING-11- man/tree.3bsd
COPYING-12-Copyright:
COPYING-13- Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
COPYING-14- All rights reserved.
COPYING:15:License: BSD-4-clause-Niels-Provos

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/libbsd/libbsd_0.10.0.bb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta/recipes-support/libbsd/libbsd_0.10.0.bb b/meta/recipes-support/libbsd/libbsd_0.10.0.bb
index 5b32b9af41..58925738cb 100644
--- a/meta/recipes-support/libbsd/libbsd_0.10.0.bb
+++ b/meta/recipes-support/libbsd/libbsd_0.10.0.bb
@@ -29,6 +29,12 @@ HOMEPAGE = "https://libbsd.freedesktop.org/wiki/"
 # License: public-domain-Colin-Plumb
 LICENSE = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
 LICENSE_${PN} = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dbg = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dev = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-doc = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
+LICENSE:${PN}-locale = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-src = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-staticdev = "BSD-3-Clause & ISC & PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=2120be0173469a06ed185b688e0e1ae0"
 SECTION = "libs"
 

From patchwork Thu May 11 21:28:11 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23846
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7696AC7EE24
	for <webhook@archiver.kernel.org>; Thu, 11 May 2023 21:28:38 +0000 (UTC)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by mx.groups.io with SMTP id smtpd.web10.8926.1683840514458969697
 for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:34 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=LgS1yllI;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f176.google.com with SMTP id
 d2e1a72fcca58-6439e6f5a33so5427919b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 11 May 2023 14:28:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683840513;
 x=1686432513;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jvWusLfMZ2vLGUsGFKoj7rEkVNpMh48fjVR/eJPOW6Q=;
        b=LgS1yllIYsA0zofFd9VaJo91MAc9VppuGIMF31GgfKpoGNyISc6u0E36RGW39I3JQW
         R4ajGl/qPlJOboVeNpnVksl/1UljX4IkHXI3lnC9Fbve69Wx7ciQV85oR8p4h5AQmpFi
         AuxpDsg0Czc3gupH2Nw72OCEBoNxZdxbSn6JBxDhvkhr+X8vE0hBqq2S3nOH1boMk3cE
         evWJdR02ZYWOVcSTEkrL14UCtmzDd/V4Whi44GJJD4tr6D5nrZp+AHDNgjxg+G2DICHy
         kF/NekLyiOlh48yh05hIN5krouTog35mXr4zfxQUgIoq3vjztin5E3uDaDxjI0OlMbtn
         pqEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683840513; x=1686432513;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jvWusLfMZ2vLGUsGFKoj7rEkVNpMh48fjVR/eJPOW6Q=;
        b=cOU75knMKvAs1/4KL1T/R2DRPybIMNEyhmjU53j/lImuWwyKORiK71J/W6QdFLhJUr
         dlKlCTRitn3fta+zCRAHkqlsuGou37ps9LUOE+towkzHF1iTjxMYWvy00l/iXc/AOv+C
         KShCovtlKjZUgOVUvLwVXRjEk57hlkyKgwJ1VYS14toGm1u52TadGIsZ2gasGLAQJHge
         SXWopJBQJKa861ZMiVY9rwCiPm32gB9YOlG9cDk/270IneNsF1AmrRjUoD81OT18/LZK
         kM9j0s2/LxtQ4W39PAfp0LLUqlhXT+ODIVbTA03Lwy8y6b6khsn9v4E5YxknEh6d06sW
         PSlA==
X-Gm-Message-State: AC+VfDzDlMdXjShhDxRzyOGiOFEZRd/oLVmomAzHMLVLpwkPcIhvoJkd
	DLheSaFTtHKpZvHMpooeo8csPiM5OsB2YrFz/b8=
X-Google-Smtp-Source: 
 ACHHUZ5tzhXMYWu3VfHAqdPDrLYkeTS+L+B7vWX8wPZCt+jmhFc13nIZqNBSOePxD8PEayqP+CUpFA==
X-Received: by 2002:a05:6a00:2d06:b0:645:1fc7:881e with SMTP id
 fa6-20020a056a002d0600b006451fc7881emr24125851pfb.22.1683840513380;
        Thu, 11 May 2023 14:28:33 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 e5-20020aa78c45000000b00640defda6d2sm5671981pfd.207.2023.05.11.14.28.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 May 2023 14:28:32 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 7/7] run-postinsts: Set dependency for ldconfig to
 avoid boot issues
Date: Thu, 11 May 2023 11:28:11 -1000
Message-Id: 
 <1bc254e7969f3d5470bacf9ad9f065d38b7b7fde.1683840390.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683840390.git.steve@sakoman.com>
References: <cover.1683840390.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 11 May 2023 21:28:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181153

From: Arturo Buzarra <arturo.buzarra@digi.com>

If a package with a postsints script requires ldconfig, the package class adds
a ldconfig postinst fragment to initialize it before. Systemd has its own
ldconfig.service to initialize it and sometimes if both services are running
at the same time in the first boot, the first one will work, but the second
one will fail with the following error:

    ldconfig[141]: /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: No such file or directory

This commit adds a ordering dependency between them to make sure that only one
service is running at the same time.

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e9d812e127dc6743f52f4881e509e8e2e833afe)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../run-postinsts/run-postinsts/run-postinsts.service           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
index 7f72f3388a..b6b81d5c1a 100644
--- a/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
+++ b/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Run pending postinsts
 DefaultDependencies=no
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service
 Before=sysinit.target
 
 [Service]