From patchwork Thu Aug 17 02:49:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29016 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7307FC05052 for ; Thu, 17 Aug 2023 02:50:06 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.178853.1692240597558940525 for ; Wed, 16 Aug 2023 19:49:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=E6kj1icH; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1bc73a2b0easo48968035ad.0 for ; Wed, 16 Aug 2023 19:49:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240597; x=1692845397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ILfjGHRzECKUmpjehzvJZszivPvNODk/wuOagqQwZII=; b=E6kj1icHPxz5XNo9QFRzZlufH/bX8N3Qi8JXd9G8Be2SCJ9WIcYoi2ziKCpbtNO5kz jy2UGuI+21FbZprAq/t272qQmWEff80YwTcmDjDFAW1fGQUPse4sg2gpzEDh8RoKQYeA M60sftzek7mf0Ls1/R61ePRKgEnDPqtsN97ieEK0Y0glpFNOPDDI+4+uqskUxB4PihCc 8Cpfay1PC2i9Uxo0PXznpusil8MeVCn6wN2Dob3dolEyjzTYanVBr6eCAAyx5Gigw16n Ikay0tBDOCTEq0dN3SRSWNZR4COZmVYPwHARyVYGbMH+OBC4qhkZXqay1O3ZScknRhB3 OqSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240597; x=1692845397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ILfjGHRzECKUmpjehzvJZszivPvNODk/wuOagqQwZII=; b=gh250R0AIkw4dIArG0a5Aczw/aQ17GOgfP5AUStP/xrW4pd5xkWF6XSENwBl8HBvXI Uhn9v974RLkpVtqJzvoY85hx0lbc4cQH7VLEoAQVdgwtvPnzA6pNAkGpPEwaui/QJrzI wK7fHb7CuAl0ltzdElAhxZy2oMRuSl8cjDA2apTq2bkXBsXvFY4uE3wz5JOebFxluoRT 4LOsbHgo+WjTUw25aixOWDgbptyWGFIUlGYqSfRC9UAAixOUa0SwIQPBQ3lxfPeIv02g f6NXjYOwIro8er07EuHHxldfs1AVBnThclPDUINmj3tnc+9K0RTTicmkzs24y8f0nxwO mBPg== X-Gm-Message-State: AOJu0YxM9Se9p1kz3W8EE55DegCJLXn2UI8zAi0yzFEphxOi0DDefT8O svQ2BaTYD7NYqVlyQq4R2W1pZxZO95dLGUfiF0g= X-Google-Smtp-Source: AGHT+IFuMbrzHJ6DynAL30k/TldqS0Vb0cXh3S56L3vmr1muvf2aBbf4N7Jf4CI+GE1YC0Yvim+35Q== X-Received: by 2002:a17:903:18e:b0:1bd:ae7f:3671 with SMTP id z14-20020a170903018e00b001bdae7f3671mr3993003plg.63.1692240596475; Wed, 16 Aug 2023 19:49:56 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.49.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:49:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/16] python3-certifi: fix CVE-2023-37920 Date: Wed, 16 Aug 2023 16:49:33 -1000 Message-Id: <98abbe3394638c6ce795b34247a9e49120e4ffba.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186266 From: Narpat Mali Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. References: https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 Signed-off-by: Narpat Mali Signed-off-by: Steve Sakoman --- .../python3-certifi/CVE-2023-37920.patch | 301 ++++++++++++++++++ .../python/python3-certifi_2021.10.8.bb | 4 +- 2 files changed, 304 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch diff --git a/meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch b/meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch new file mode 100644 index 0000000000..62187ec469 --- /dev/null +++ b/meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch @@ -0,0 +1,301 @@ +From 2dfddd74a75e4a1fa9bb901ba31a96e13b98a4e2 Mon Sep 17 00:00:00 2001 +From: Narpat Mali +Date: Wed, 2 Aug 2023 16:05:04 +0000 +Subject: [PATCH] Certifi is a curated collection of Root Certificates for + validating the trustworthiness of SSL certificates while verifying the + identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes + "e-Tugra" root certificates. e-Tugra's root certificates were subject to an + investigation prompted by reporting of security issues in their systems. + Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root + store. + +CVE: CVE-2023-37920 + +Upstream-Status: Backport [https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909] + +Signed-off-by: Narpat Mali +--- + certifi/cacert.pem | 257 ++++++++++++++++++++++++++++++++------------- + 1 file changed, 185 insertions(+), 72 deletions(-) + +diff --git a/certifi/cacert.pem b/certifi/cacert.pem +index 6bae3e4..1bec256 100644 +--- a/certifi/cacert.pem ++++ b/certifi/cacert.pem +@@ -879,34 +879,6 @@ uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 + XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= + -----END CERTIFICATE----- + +-# Issuer: CN=Hongkong Post Root CA 1 O=Hongkong Post +-# Subject: CN=Hongkong Post Root CA 1 O=Hongkong Post +-# Label: "Hongkong Post Root CA 1" +-# Serial: 1000 +-# MD5 Fingerprint: a8:0d:6f:39:78:b9:43:6d:77:42:6d:98:5a:cc:23:ca +-# SHA1 Fingerprint: d6:da:a8:20:8d:09:d2:15:4d:24:b5:2f:cb:34:6e:b2:58:b2:8a:58 +-# SHA256 Fingerprint: f9:e6:7d:33:6c:51:00:2a:c0:54:c6:32:02:2d:66:dd:a2:e7:e3:ff:f1:0a:d0:61:ed:31:d8:bb:b4:10:cf:b2 +------BEGIN CERTIFICATE----- +-MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +-FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +-Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +-A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +-b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +-AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +-jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +-PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +-ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +-nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +-q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +-MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +-mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +-7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +-oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +-EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +-fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +-AmvZWg== +------END CERTIFICATE----- +- + # Issuer: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. + # Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. + # Label: "SecureSign RootCA11" +@@ -1836,50 +1808,6 @@ HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx + SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= + -----END CERTIFICATE----- + +-# Issuer: CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi +-# Subject: CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi +-# Label: "E-Tugra Certification Authority" +-# Serial: 7667447206703254355 +-# MD5 Fingerprint: b8:a1:03:63:b0:bd:21:71:70:8a:6f:13:3a:bb:79:49 +-# SHA1 Fingerprint: 51:c6:e7:08:49:06:6e:f3:92:d4:5c:a0:0d:6d:a3:62:8f:c3:52:39 +-# SHA256 Fingerprint: b0:bf:d5:2b:b0:d7:d9:bd:92:bf:5d:4d:c1:3d:a2:55:c0:2c:54:2f:37:83:65:ea:89:39:11:f5:5e:55:f2:3c +------BEGIN CERTIFICATE----- +-MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +-BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +-aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +-BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +-Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +-MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +-BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +-em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +-ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +-B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +-D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +-Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +-q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +-k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +-fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +-dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +-ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +-zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +-rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +-U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +-Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +-XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +-Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +-HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +-GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +-77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 +-+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +-vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +-FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +-yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +-AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +-y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +-NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +------END CERTIFICATE----- +- + # Issuer: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center + # Subject: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center + # Label: "T-TeleSec GlobalRoot Class 2" +@@ -4179,3 +4107,188 @@ AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw + SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN + nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps + -----END CERTIFICATE----- ++ ++# Issuer: CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited ++# Subject: CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited ++# Label: "Sectigo Public Server Authentication Root E46" ++# Serial: 88989738453351742415770396670917916916 ++# MD5 Fingerprint: 28:23:f8:b2:98:5c:37:16:3b:3e:46:13:4e:b0:b3:01 ++# SHA1 Fingerprint: ec:8a:39:6c:40:f0:2e:bc:42:75:d4:9f:ab:1c:1a:5b:67:be:d2:9a ++# SHA256 Fingerprint: c9:0f:26:f0:fb:1b:40:18:b2:22:27:51:9b:5c:a2:b5:3e:2c:a5:b3:be:5c:f1:8e:fe:1b:ef:47:38:0c:53:83 ++-----BEGIN CERTIFICATE----- ++MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw ++CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T ++ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN ++MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG ++A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT ++ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA ++IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC ++WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ ++6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B ++Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa ++qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q ++4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== ++-----END CERTIFICATE----- ++ ++# Issuer: CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited ++# Subject: CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited ++# Label: "Sectigo Public Server Authentication Root R46" ++# Serial: 156256931880233212765902055439220583700 ++# MD5 Fingerprint: 32:10:09:52:00:d5:7e:6c:43:df:15:c0:b1:16:93:e5 ++# SHA1 Fingerprint: ad:98:f9:f3:e4:7d:75:3b:65:d4:82:b3:a4:52:17:bb:6e:f5:e4:38 ++# SHA256 Fingerprint: 7b:b6:47:a6:2a:ee:ac:88:bf:25:7a:a5:22:d0:1f:fe:a3:95:e0:ab:45:c7:3f:93:f6:56:54:ec:38:f2:5a:06 ++-----BEGIN CERTIFICATE----- ++MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf ++MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD ++Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw ++HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY ++MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp ++YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB ++AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa ++ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz ++SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf ++iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X ++ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 ++IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS ++VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE ++SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu +++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt ++8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L ++HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt ++zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P ++AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c ++mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ ++YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 ++gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA ++Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB ++JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX ++DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui ++TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 ++dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 ++LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp ++0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY ++QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL ++-----END CERTIFICATE----- ++ ++# Issuer: CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation ++# Subject: CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation ++# Label: "SSL.com TLS RSA Root CA 2022" ++# Serial: 148535279242832292258835760425842727825 ++# MD5 Fingerprint: d8:4e:c6:59:30:d8:fe:a0:d6:7a:5a:2c:2c:69:78:da ++# SHA1 Fingerprint: ec:2c:83:40:72:af:26:95:10:ff:0e:f2:03:ee:31:70:f6:78:9d:ca ++# SHA256 Fingerprint: 8f:af:7d:2e:2c:b4:70:9b:b8:e0:b3:36:66:bf:75:a5:dd:45:b5:de:48:0f:8e:a8:d4:bf:e6:be:bc:17:f2:ed ++-----BEGIN CERTIFICATE----- ++MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO ++MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD ++DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX ++DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw ++b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC ++AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP ++L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY ++t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins ++S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 ++PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO ++L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 ++R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w ++dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS +++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS ++d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG ++AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f ++gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j ++BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z ++NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt ++hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM ++QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf ++R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ ++DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW ++P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy ++lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq ++bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w ++AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q ++r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji ++Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU ++98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= ++-----END CERTIFICATE----- ++ ++# Issuer: CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation ++# Subject: CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation ++# Label: "SSL.com TLS ECC Root CA 2022" ++# Serial: 26605119622390491762507526719404364228 ++# MD5 Fingerprint: 99:d7:5c:f1:51:36:cc:e9:ce:d9:19:2e:77:71:56:c5 ++# SHA1 Fingerprint: 9f:5f:d9:1a:54:6d:f5:0c:71:f0:ee:7a:bd:17:49:98:84:73:e2:39 ++# SHA256 Fingerprint: c3:2f:fd:9f:46:f9:36:d1:6c:36:73:99:09:59:43:4b:9a:d6:0a:af:bb:9e:7c:f3:36:54:f1:44:cc:1b:a1:43 ++-----BEGIN CERTIFICATE----- ++MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw ++CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT ++U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 ++MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh ++dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG ++ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm ++acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN ++SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME ++GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW ++uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp ++15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN ++b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== ++-----END CERTIFICATE----- ++ ++# Issuer: CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos ++# Subject: CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos ++# Label: "Atos TrustedRoot Root CA ECC TLS 2021" ++# Serial: 81873346711060652204712539181482831616 ++# MD5 Fingerprint: 16:9f:ad:f1:70:ad:79:d6:ed:29:b4:d1:c5:79:70:a8 ++# SHA1 Fingerprint: 9e:bc:75:10:42:b3:02:f3:81:f4:f7:30:62:d4:8f:c3:a7:51:b2:dd ++# SHA256 Fingerprint: b2:fa:e5:3e:14:cc:d7:ab:92:12:06:47:01:ae:27:9c:1d:89:88:fa:cb:77:5f:a8:a0:08:91:4e:66:39:88:a8 ++-----BEGIN CERTIFICATE----- ++MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w ++LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w ++CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 ++MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF ++Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI ++zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X ++tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 ++AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 ++KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD ++aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu ++CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo ++9H1/IISpQuQo ++-----END CERTIFICATE----- ++ ++# Issuer: CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos ++# Subject: CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos ++# Label: "Atos TrustedRoot Root CA RSA TLS 2021" ++# Serial: 111436099570196163832749341232207667876 ++# MD5 Fingerprint: d4:d3:46:b8:9a:c0:9c:76:5d:9e:3a:c3:b9:99:31:d2 ++# SHA1 Fingerprint: 18:52:3b:0d:06:37:e4:d6:3a:df:23:e4:98:fb:5b:16:fb:86:74:48 ++# SHA256 Fingerprint: 81:a9:08:8e:a5:9f:b3:64:c5:48:a6:f8:55:59:09:9b:6f:04:05:ef:bf:18:e5:32:4e:c9:f4:57:ba:00:11:2f ++-----BEGIN CERTIFICATE----- ++MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM ++MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx ++MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 ++MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD ++QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN ++BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z ++4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv ++Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ ++kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs ++GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln ++nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh ++3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD ++0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy ++geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 ++ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB ++c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI ++pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU ++dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB ++DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS ++4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs ++o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ ++qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw ++xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM ++rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 ++AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR ++0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY ++o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 ++dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE ++oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== ++-----END CERTIFICATE----- +-- +2.40.0 diff --git a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb index 57bd59ba44..eb1574adf6 100644 --- a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb +++ b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb @@ -7,7 +7,9 @@ HOMEPAGE = " http://certifi.io/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8" -SRC_URI += "file://CVE-2022-23491.patch" +SRC_URI += "file://CVE-2022-23491.patch \ + file://CVE-2023-37920.patch \ + " SRC_URI[sha256sum] = "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872" From patchwork Thu Aug 17 02:49:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29017 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F128C2FC14 for ; Thu, 17 Aug 2023 02:50:06 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.178854.1692240599359443900 for ; Wed, 16 Aug 2023 19:49:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=4Orse8CI; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1bee82fad0fso14247155ad.2 for ; Wed, 16 Aug 2023 19:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240598; x=1692845398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zWQXAls2H+iH8KEeC5kwK3FS4PI5FAiA/R5EcLhVbtw=; b=4Orse8CIef+ta+3hOh4yj3miGe6qzfFwQXjPq+stBNlC296mAq9cJk9nDl6l+jaghH hRVhbcUnjVMlNTCuLbDx1Fyf8RVwCDQCEB+MhCoYKFSfPxM4fPkK6v+UsOEsBpTInzqo jfgLXfWisvvGaIAqRzh2eUdvy09kC3R6ir8Sn0Qe0rIq2uAPhgE0/NOw8uFQr+tK6SYx Al2q5mcuY21P0Uzl9660oblfF6Y0sUCxvZ+cclVmdJMp1jEvae7DrYMw19d5DeJ070rv l8qeIrqrYItiGqgQ7fa7YaCrRD+YIVppdm3X8qFRaipmBCrmwfxDSuYNbWJDLnlkTtgr a7DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240598; x=1692845398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zWQXAls2H+iH8KEeC5kwK3FS4PI5FAiA/R5EcLhVbtw=; b=E4k6mm3Z0uLaAb1NkSZMfTJXHp27sfZAXzEASLn2W7BHoVuNoOqaJKV5jqJeSWOc4S aZi0SAEZ1jlm3pnAV50Ewiie4s8yWoe+Tol3Rf7LhL5/wS9t3mMy+LGbwBjnAX6uZoJu hrtcYAVmxM2hKUc3gf7Va0NGSzr82fNFB7iWBx8QOKdpF7Bk6hwVhC1IO5lVsNPHastE 3Kj1KlMpoFqg2dg9vDri4O7De3n49u08kS3py1ligxlN5uVdMFXmf/RWub/pSoJf2guG XxbPPpzJE4P9PnTUSLZ0AJMoF8DsvNL41wdKukAWk46QVpBtp2Bh8pPQZfx23H3wvvxB wdlQ== X-Gm-Message-State: AOJu0YyhDm1TxjIrJWGs+j+micztQI9GIya7MQja/mrPP/XitK6Wwg1P nCAGF+z93GmPBrLftduoFRT4fozCBpdd47kmuRY= X-Google-Smtp-Source: AGHT+IER3QC2khDG2VF9bZXsSgvoIHunF9HQE809aMCz0rlIkqjG1TgTgRM128NC/NGvAr/8LTdSjQ== X-Received: by 2002:a17:902:e841:b0:1bb:7b0a:374 with SMTP id t1-20020a170902e84100b001bb7b0a0374mr4432967plg.4.1692240598380; Wed, 16 Aug 2023 19:49:58 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.49.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:49:58 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/16] qemu: fix CVE-2020-14394 Date: Wed, 16 Aug 2023 16:49:34 -1000 Message-Id: <057f4f77ac2e83f99c916dceb4cbbcc8de448ad4.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186267 From: Yogita Urade QEMU: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c Reference: https://gitlab.com/qemu-project/qemu/-/issues/646 Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-14394.patch | 79 +++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 96a1cc93a5..8182342f92 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -97,6 +97,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-3301.patch \ file://CVE-2023-3255.patch \ file://CVE-2023-2861.patch \ + file://CVE-2020-14394.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch new file mode 100644 index 0000000000..aff91a7355 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch @@ -0,0 +1,79 @@ +From effaf5a240e03020f4ae953e10b764622c3e87cc Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Tue, 8 Aug 2023 10:44:51 +0000 +Subject: [PATCH] hw/usb/hcd-xhci: Fix unbounded loop in + xhci_ring_chain_length() (CVE-2020-14394) + +The loop condition in xhci_ring_chain_length() is under control of +the guest, and additionally the code does not check for failed DMA +transfers (e.g. if reaching the end of the RAM), so the loop there +could run for a very long time or even forever. Fix it by checking +the return value of dma_memory_read() and by introducing a maximum +loop length. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646 +Message-Id: <20220804131300.96368-1-thuth@redhat.com> +Reviewed-by: Mauro Matteo Cascella +Acked-by: Gerd Hoffmann +Signed-off-by: Thomas Huth + +CVE: CVE-2020-14394 + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/effaf5a240e03020f4ae953e10b764622c3e87cc] + +Signed-off-by: Yogita Urade +--- + hw/usb/hcd-xhci.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c +index 14bdb8967..c63a36dcc 100644 +--- a/hw/usb/hcd-xhci.c ++++ b/hw/usb/hcd-xhci.c +@@ -21,6 +21,7 @@ + + #include "qemu/osdep.h" + #include "qemu/timer.h" ++#include "qemu/log.h" + #include "qemu/module.h" + #include "qemu/queue.h" + #include "migration/vmstate.h" +@@ -725,10 +726,14 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + bool control_td_set = 0; + uint32_t link_cnt = 0; + +- while (1) { ++ do { + TRBType type; +- dma_memory_read(xhci->as, dequeue, &trb, TRB_SIZE, +- MEMTXATTRS_UNSPECIFIED); ++ if (dma_memory_read(xhci->as, dequeue, &trb, TRB_SIZE, ++ MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { ++ qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", ++ __func__); ++ return -1; ++ } + le64_to_cpus(&trb.parameter); + le32_to_cpus(&trb.status); + le32_to_cpus(&trb.control); +@@ -762,7 +767,17 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + if (!control_td_set && !(trb.control & TRB_TR_CH)) { + return length; + } +- } ++ ++ /* ++ * According to the xHCI spec, Transfer Ring segments should have ++ * a maximum size of 64 kB (see chapter "6 Data Structures") ++ */ ++ } while (length < TRB_LINK_LIMIT * 65536 / TRB_SIZE); ++ ++ qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum tranfer ring size!\n", ++ __func__); ++ ++ return -1; + } + + static void xhci_er_reset(XHCIState *xhci, int v) +-- +2.35.5 From patchwork Thu Aug 17 02:49:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F168C2FC18 for ; Thu, 17 Aug 2023 02:50:06 +0000 (UTC) Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) by mx.groups.io with SMTP id smtpd.web10.178857.1692240602500245705 for ; Wed, 16 Aug 2023 19:50:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=e11f0mji; spf=softfail (domain: sakoman.com, ip: 209.85.161.45, mailfrom: steve@sakoman.com) Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-56ce936f7c0so5084740eaf.3 for ; Wed, 16 Aug 2023 19:50:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240601; x=1692845401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2K6cVNx8FC6ljxQatskzEJOFE1r0ruH6RVrE2R2/7Cs=; b=e11f0mjiG2WogKi/jXOrFuwpJDK0ErhL2/CnPlGyRhOmG7xgybcPYYN5iYD5Z7y7MQ L9PKgihOi7/womRz53EIbjsujE1NCDTaxf9fO/Zz4Vv87mRoLGutdTOrnjQPa8hibUIm tQCycZ3xwfnwqOtMqC3U4hMVG93jsZMScS5kK+AG9SN4kaUHclB727YDupREgYmnGaAY fdvken4TzWjfwYCWmtUmnGAY4HGC4yIAgldvUJfZ2bRvxQoC35at1eKf0rEtA25VN+5W HkLJU0kh+3BAEfzZzDWWzB3bQLyEoB19q/wOSUJ3v+g8SGohqzR5iKv8k52NcykKo2w+ R8Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240601; x=1692845401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2K6cVNx8FC6ljxQatskzEJOFE1r0ruH6RVrE2R2/7Cs=; b=MXP+krCBheClJm9zVC265bsTqJrKb1BMpDIhiacl8lMd+xwGVNphXKqgq5ENs5cTSz vNTlb/oHsWEATwL4yEQtFmymXbCPGrEh+eOXME86ZZGCn9ey9CaukEeHvmiGKkIjB/dj pJ5jC3YhQaInd4i+D2K9HaFXNGwWjAbCdo/08cv8TgNQ6y6T6MtwRx2TBveJtHmG5WIn soJQE151lLmWHsTbWD9S+MVyFYpmUcX7ZLiJkuxFmWQS3SkAjA5yhwGiikOO2t6zrUAY cmlLd4fhnPY3zXmDg1biMBWYfhRyGvG8tcaGsCLRjS2D/7JzjKORTG48hShSLbT1lxT7 yLtA== X-Gm-Message-State: AOJu0Yzrmspe3LkByXyR1o6PiFLcgcH2r5l0ZImVfjnJHXYE/0Z70cBd soWitPCzOfbv+zvdMV5szMnLLR4wHcZtp8Xn3P8= X-Google-Smtp-Source: AGHT+IFgAxTPj8Muse+otB8NlW2pb3BUS7hcv4mRRp/h0SrW1aju4ECXUqLUMnXXC+Wq3yRj2BviNw== X-Received: by 2002:a05:6870:a1a3:b0:1bb:9de5:badb with SMTP id a35-20020a056870a1a300b001bb9de5badbmr4341800oaf.19.1692240600620; Wed, 16 Aug 2023 19:50:00 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.49.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:00 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/16] qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Date: Wed, 16 Aug 2023 16:49:35 -1000 Message-Id: <42859fe600e5dddba3c51fa8d1e680721b73e5dc.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186268 From: Vivek Kumbhar Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-3354.patch | 87 +++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 8182342f92..3347a99e19 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -98,6 +98,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-3255.patch \ file://CVE-2023-2861.patch \ file://CVE-2020-14394.patch \ + file://CVE-2023-3354.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch new file mode 100644 index 0000000000..250716fcfc --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch @@ -0,0 +1,87 @@ +From 10be627d2b5ec2d6b3dce045144aa739eef678b4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 20 Jun 2023 09:45:34 +0100 +Subject: [PATCH] io: remove io watch if TLS channel is closed during handshake +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The TLS handshake make take some time to complete, during which time an +I/O watch might be registered with the main loop. If the owner of the +I/O channel invokes qio_channel_close() while the handshake is waiting +to continue the I/O watch must be removed. Failing to remove it will +later trigger the completion callback which the owner is not expecting +to receive. In the case of the VNC server, this results in a SEGV as +vnc_disconnect_start() tries to shutdown a client connection that is +already gone / NULL. + +CVE-2023-3354 +Reported-by: jiangyegen +Signed-off-by: Daniel P. Berrangé + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4] +CVE: CVE-2023-3354 +Signed-off-by: Vivek Kumbhar +--- + include/io/channel-tls.h | 1 + + io/channel-tls.c | 18 ++++++++++++------ + 2 files changed, 13 insertions(+), 6 deletions(-) + +diff --git a/include/io/channel-tls.h b/include/io/channel-tls.h +index 5672479e9..26c67f17e 100644 +--- a/include/io/channel-tls.h ++++ b/include/io/channel-tls.h +@@ -48,6 +48,7 @@ struct QIOChannelTLS { + QIOChannel *master; + QCryptoTLSSession *session; + QIOChannelShutdown shutdown; ++ guint hs_ioc_tag; + }; + + /** +diff --git a/io/channel-tls.c b/io/channel-tls.c +index 2ae1b92fc..34476e6b7 100644 +--- a/io/channel-tls.c ++++ b/io/channel-tls.c +@@ -195,12 +195,13 @@ static void qio_channel_tls_handshake_task(QIOChannelTLS *ioc, + } + + trace_qio_channel_tls_handshake_pending(ioc, status); +- qio_channel_add_watch_full(ioc->master, +- condition, +- qio_channel_tls_handshake_io, +- data, +- NULL, +- context); ++ ioc->hs_ioc_tag = ++ qio_channel_add_watch_full(ioc->master, ++ condition, ++ qio_channel_tls_handshake_io, ++ data, ++ NULL, ++ context); + } + } + +@@ -215,6 +216,7 @@ static gboolean qio_channel_tls_handshake_io(QIOChannel *ioc, + QIOChannelTLS *tioc = QIO_CHANNEL_TLS( + qio_task_get_source(task)); + ++ tioc->hs_ioc_tag = 0; + g_free(data); + qio_channel_tls_handshake_task(tioc, task, context); + +@@ -373,6 +375,10 @@ static int qio_channel_tls_close(QIOChannel *ioc, + { + QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc); + ++ if (tioc->hs_ioc_tag) { ++ g_clear_handle_id(&tioc->hs_ioc_tag, g_source_remove); ++ } ++ + return qio_channel_close(tioc->master, errp); + } + +-- +2.25.1 + From patchwork Thu Aug 17 02:49:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29015 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71D77C41513 for ; Thu, 17 Aug 2023 02:50:06 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web10.178859.1692240603352778176 for ; Wed, 16 Aug 2023 19:50:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=jliy247X; spf=softfail (domain: sakoman.com, ip: 209.85.215.175, mailfrom: steve@sakoman.com) Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-517ab9a4a13so5456329a12.1 for ; Wed, 16 Aug 2023 19:50:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240602; x=1692845402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MXmay85hv23fjg1eELql8g0TsWTGzcx0glnBVzlNBtM=; b=jliy247X9uEUjyoUW6p1g8q1PeP4P1repn52X2zRQqb8MR0sbJN/ZFO2VV7nlG2IFX bWaQuPe/wU6TK++/xXOX8hAwFRJoyZVH0f4zGhKbQVmDGpx0IgScL7xmIMJpuz6+fb2z CYQhFGL2MUHwB9EIODHyN1hPaEU7uxYkdGNj6VegpRHl+/zwKUUiaBRSJZwSXVSSLmsF 5TE/QW+NwV9lVf3nUGJtGDmBfV/E8hhtF9njwsjR1RJdwPAFfWrqPHzYIH+gMjetlZE9 9Ku1FqjH7Jiv/VOsjSxJEXN38XeX6KvwVbBgpfzK/hX7Ib/NEwWzb5cJgMVQVGCkUF3V 645g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240602; x=1692845402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MXmay85hv23fjg1eELql8g0TsWTGzcx0glnBVzlNBtM=; b=P3+vP4sn7APJynZdHhtRd7a5wMosWR/RD7jx65CysUZ80/RCInjTOYRtQ3gJcfq5tO NeY40u0YNiE6dDTUBdz9KrHXeJoPdHHvqHCYZlrpGsSopziS6jEdypIBfeFcWzAE6H98 Ch+D+rMJ3DZKzavqgvRr4wkNtz/ShKUnXVnIIKI37bItpbM5NpMm07frD8HxCwWmlvJK iF2ymHQgbKZg6dYpXyrjP0+0zYqtyyUMVKLNCdIHcjRR/o5C865QDGXECCph/EYhQwdq 3XnZjTkSgs01/3HK9IHOHIGWFrTl525GnaM1r3CVlMGw8Huh3TQ0/oWKPlQK6CcIlch9 bC1g== X-Gm-Message-State: AOJu0YxT1AyBYgUbUVZh0wOONZr2VjGXynNG202VWrmuLviANOD0XTOG A2QOvdOnQcEQTgQoFBO9xL4wPzpzeyIELCOo+tU= X-Google-Smtp-Source: AGHT+IHlAGMWbCeSqOoZv6MjRFsjJZ3G++CACRpnDyPo6cPW7yFHa/G+o33PcuKkyw2Bw1LikdZtsg== X-Received: by 2002:a05:6a20:918f:b0:135:26ad:132 with SMTP id v15-20020a056a20918f00b0013526ad0132mr5118257pzd.7.1692240602391; Wed, 16 Aug 2023 19:50:02 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:02 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/16] ghostscript: fix CVE-2023-38559 Date: Wed, 16 Aug 2023 16:49:36 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186269 From: Archana Polampalli A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-38559 Upstream patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2023-38559.patch | 32 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch new file mode 100644 index 0000000000..2b2b85fa27 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch @@ -0,0 +1,32 @@ +From 34b0eec257c3a597e0515946f17fb973a33a7b5b Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 17 Jul 2023 14:06:37 +0100 +Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from + devices/gdevpcx.c + +Bounds check the buffer, before dereferencing the pointer. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f] + +CVE: CVE-2023-38559 + +Signed-off-by: Archana Polampalli +--- + base/gdevdevn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gdevdevn.c b/base/gdevdevn.c +index f679127..66c771b 100644 +--- a/base/gdevdevn.c ++++ b/base/gdevdevn.c +@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file + byte data = *from; + + from += step; +- if (data != *from || from == end) { ++ if (from >= end || data != *from) { + if (data >= 0xc0) + gp_fputc(0xc1, file); + } else { +-- +2.40.0 diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 48508fd6a2..ad0b008cab 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -37,6 +37,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://cve-2023-28879.patch \ file://CVE-2023-36664-0001.patch \ file://CVE-2023-36664-0002.patch \ + file://CVE-2023-38559.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Thu Aug 17 02:49:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29018 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70B9FC2FC0F for ; Thu, 17 Aug 2023 02:50:06 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web11.178663.1692240605477422283 for ; Wed, 16 Aug 2023 19:50:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=byAKinW7; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1bf11b1c7d0so1485685ad.0 for ; Wed, 16 Aug 2023 19:50:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240604; x=1692845404; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WWO98MMXMiVxZie3TeHydyAZK5aU9np6T5nbJLW/dzg=; b=byAKinW7mpzKO9h5kDJU4mDgjo6K/tRNeGtndXlxXAFR/iRxmK9e2AoydpndMhIyp5 VWcxThxSLL6ZhIqFR4XTXahy8ZkuMrxUXJmey3mabGowT2P2UW7Rv6krSVTA3euCn3pj WZg6jhbRNFPfSaZJrmrFd5Z/EuC2400CaHaA8je5tZ42CiEyWvAysRypEJb1StHHvEA1 XSWmTL9I5Vnc7VZLaiBGqyLbDdEIF7o6Z8hLUFBRi+Ze6vaOWcWhHf9VTgV7C1tUANJB +MJiMum4FMDfhLppgeTB3wLQ9ldWC+/CVGWEXApPeqVHiXKlKP1iD5QMOOqM3rohKlI3 OJZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240604; x=1692845404; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WWO98MMXMiVxZie3TeHydyAZK5aU9np6T5nbJLW/dzg=; b=E5zfzauc6K6YYUm3SFl2xtThIsS0ghZMu6KNiwaSrfqGCjUE6dAclsKtZL+J4e7NM0 3G7RKFQxpr3+S+4hd9PEtVlDhS8foixsvf1fvVoj6pCFqRXQuYcGKfaoieImDZHJ1d7Z lzkkoHpq4MhKZoqUI8cY3OsKVwbMfpDxRHJQbSfqQUj6zA6HM/ezDwQQ4e/w/HlcHjVT 6IezoDKC684lznhDjMyTPvXQcppv/80nUujVnc57jBEGRA/xBfK9Tr3KiA+6EXA0koQi 8C67ZaIPX5RrNQ67TP0QGgUBnqQS/FCfWvQ2dCXR5GyJmvuXc0ehmmRdFF7s3IKuMZOf XkFQ== X-Gm-Message-State: AOJu0Yw6kjvHeV0yU/oAqP0C9uxZ2dJ3dHQd/9jIh8Q3w7Pzq5c6PycY zWuAghiwDvvZhcVVaScZK0LIQS8g0AeQYA47Jh4= X-Google-Smtp-Source: AGHT+IGOJr/WmKCXeCu8DHCyghtOektmzJGgmNBa5bpAv3kQMed/YSpVBL81Qdb4wMenYN7dnFHnbQ== X-Received: by 2002:a17:902:eccd:b0:1bc:210d:6365 with SMTP id a13-20020a170902eccd00b001bc210d6365mr1652996plh.2.1692240604400; Wed, 16 Aug 2023 19:50:04 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:04 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/16] procps: patch CVE-2023-4016 Date: Wed, 16 Aug 2023 16:49:37 -1000 Message-Id: <71d0683d625c09d4db5e0473a0b15a266aa787f4.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186270 From: Peter Marko Backport patch from upstream master. There were three changes needed to apply the patch: * move NEWS change to start of the file * change file location from src/ps/ to ps/ * change xmalloc/xcmalloc to malloc/cmalloc The x*malloc functions were introduced in commit in future version. https://gitlab.com/procps-ng/procps/-/commit/584028dbe513127ef68c55aa631480454bcc26bf They call the original function plus additionally throw error when out of memory. https://gitlab.com/procps-ng/procps/-/blob/v4.0.3/local/xalloc.h?ref_type=tags So this replacement is correct in context of our version. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../procps/procps/CVE-2023-4016.patch | 85 +++++++++++++++++++ meta/recipes-extended/procps/procps_3.3.17.bb | 1 + 2 files changed, 86 insertions(+) create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch diff --git a/meta/recipes-extended/procps/procps/CVE-2023-4016.patch b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch new file mode 100644 index 0000000000..c530b1cfea --- /dev/null +++ b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch @@ -0,0 +1,85 @@ +From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001 +From: Craig Small +Date: Thu, 10 Aug 2023 21:18:38 +1000 +Subject: [PATCH] ps: Fix possible buffer overflow in -C option + +ps allocates memory using malloc(length of arg * len of struct). +In certain strange circumstances, the arg length could be very large +and the multiplecation will overflow, allocating a small amount of +memory. + +Subsequent strncpy() will then write into unallocated memory. +The fix is to use calloc. It's slower but this is a one-time +allocation. Other malloc(x * y) calls have also been replaced +by calloc(x, y) + +References: + https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 + https://nvd.nist.gov/vuln/detail/CVE-2023-4016 + https://gitlab.com/procps-ng/procps/-/issues/297 + https://bugs.debian.org/1042887 + +Signed-off-by: Craig Small + +CVE: CVE-2023-4016 +Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413] + +Signed-off-by: Peter Marko + +--- + NEWS | 1 + + ps/parser.c | 8 ++++---- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/NEWS b/NEWS +index b9509734..64fa3da8 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,5 @@ ++ * ps: Fix buffer overflow in -C option CVE-2023-4016 Debian #1042887, issue #297 ++ + procps-ng-3.3.17 + --------------- + * library: Incremented to 8:3:0 +diff --git a/ps/parser.c b/ps/parser.c +index 248aa741..15873dfa 100644 +--- a/ps/parser.c ++++ b/ps/parser.c +@@ -184,7 +184,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + const char *err; /* error code that could or did happen */ + /*** prepare to operate ***/ + node = malloc(sizeof(selection_node)); +- node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */ + node->n = 0; + buf = strdup(arg); + /*** sanity check and count items ***/ +@@ -205,6 +204,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + } while (*++walk); + if(need_item) goto parse_error; + node->n = items; ++ node->u = calloc(items, sizeof(sel_union)); + /*** actually parse the list ***/ + walk = buf; + while(items--){ +@@ -1031,15 +1031,15 @@ static const char *parse_trailing_pids(void){ + thisarg = ps_argc - 1; /* we must be at the end now */ + + pidnode = malloc(sizeof(selection_node)); +- pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ pidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */ + pidnode->n = 0; + + grpnode = malloc(sizeof(selection_node)); +- grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ grpnode->u = calloc(i,sizeof(sel_union)); /* waste is insignificant */ + grpnode->n = 0; + + sidnode = malloc(sizeof(selection_node)); +- sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ sidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */ + sidnode->n = 0; + + while(i--){ +-- +GitLab + diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb index 0f5575c9ab..897f28f187 100644 --- a/meta/recipes-extended/procps/procps_3.3.17.bb +++ b/meta/recipes-extended/procps/procps_3.3.17.bb @@ -16,6 +16,7 @@ SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ file://0001-w.c-correct-musl-builds.patch \ file://0002-proc-escape.c-add-missing-include.patch \ + file://CVE-2023-4016.patch \ " SRCREV = "19a508ea121c0c4ac6d0224575a036de745eaaf8" From patchwork Thu Aug 17 02:49:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61784C05052 for ; Thu, 17 Aug 2023 02:50:16 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web11.178665.1692240607374227394 for ; Wed, 16 Aug 2023 19:50:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=wdjIqxTW; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1bb84194bf3so46608195ad.3 for ; Wed, 16 Aug 2023 19:50:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240606; x=1692845406; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uvUmtJ91nBy5++lbX17ITYLm38x53gKCYOVxwH2RwAQ=; b=wdjIqxTWkPnoaZ0PHaAUnJdDVbuN0XGvlkcjwX/bZ+69lJPSzegqBELOJenb2BlQQ8 vLqP8uKavcNRGJnNlAo8ViQlcGHeJZeQ2muN3JiQsFV3JSSu2vTksdUAFMAKnvLyZ7JO aZdemmq7uNDi7sKc2JL0aHRvqvWrZD9xTlq5ZabbNN/2uo+EXVH7zYe92ADwVD2rO10/ Xx3uKM87bXyqb/JaoS54kW91onuJlPCA+l6UzQ0PU5/g8rdZnQZrrZKhHI2RFAEV/e0/ FnUj63q8LYqec3Z2wCI9R6NFzETMSTUJwBccfZF9MMOiVSBujXP37s11F58UXRD9RGzH /6uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240606; x=1692845406; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uvUmtJ91nBy5++lbX17ITYLm38x53gKCYOVxwH2RwAQ=; b=iBDITyWh2cbVyX7ft1qLcv9zCbf/QM4unkCcr9sTknsduGnjRHh2z++7yZaqntNWEB RpKdXxlgJR76O63MRsTN1FkuoTvio23r0+F4GlejqA7aHshVcgYASNpSxhljiPSqAxOb CIqUL5WM/xny6DMN52P4fiqT0wnv23gvDaPdFanX4Ce0F38PaUyqxZKtNZHh4flf0muL /Mmwi4wt0kzPcuQelV9Wo2vPHb/MowDGWZu566ZeYnk6vKsAfs3oekO1DCRov78HIIJe rpmgFlFkCJcPyGrd5nlsv/qp4wQ8Mh1CorQrm6Pet+ScgY+o19ClKpJHLN77CMbuw9Vv DFMw== X-Gm-Message-State: AOJu0YyKBKXR5geVEX2x1uiixPifcVL8foYA8JPP1hrk6EybB9ub0u+V yXUZyxRi3SBAMh3KX5tRynyd4JlUehj4raXA7X4= X-Google-Smtp-Source: AGHT+IEniFY+6+OL9dydQA3Q/GKrcmNLpVuVOMlwuDKzPII5Yia91eckJNT1hsi9fsCQ5g0cyP6TmA== X-Received: by 2002:a17:902:eccc:b0:1b8:9044:b8ae with SMTP id a12-20020a170902eccc00b001b89044b8aemr4227387plh.11.1692240606454; Wed, 16 Aug 2023 19:50:06 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/16] qemu: fix CVE-2023-3180 Date: Wed, 16 Aug 2023 16:49:38 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186271 From: Archana Polampalli A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. References: https://nvd.nist.gov/vuln/detail/CVE-2023-3180 Upstream patches: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-3180.patch | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 3347a99e19..d77c376bb6 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -99,6 +99,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2023-2861.patch \ file://CVE-2020-14394.patch \ file://CVE-2023-3354.patch \ + file://CVE-2023-3180.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch new file mode 100644 index 0000000000..30080924c8 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch @@ -0,0 +1,50 @@ +From 49f1e02bac166821c712534aaa775f50e1afe17f Mon Sep 17 00:00:00 2001 +From: zhenwei pi +Date: Thu, 3 Aug 2023 10:43:13 +0800 +Subject: [PATCH] virtio-crypto: verify src&dst buffer length for sym request + +For symmetric algorithms, the length of ciphertext must be as same +as the plaintext. +The missing verification of the src_len and the dst_len in +virtio_crypto_sym_op_helper() may lead buffer overflow/divulged. + +This patch is originally written by Yiming Tao for QEMU-SECURITY, +resend it(a few changes of error message) in qemu-devel. + +Fixes: CVE-2023-3180 +Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler") +Cc: Gonglei +Cc: Mauro Matteo Cascella +Cc: Yiming Tao +Signed-off-by: zhenwei pi +Message-Id: <20230803024314.29962-2-pizhenwei@bytedance.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 9d38a8434721a6479fe03fb5afb150ca793d3980) +Signed-off-by: Michael Tokarev + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f] +CVE: CVE-2023-3180 +Signed-off-by: Archana Polampalli +--- + hw/virtio/virtio-crypto.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index a1d122b9aa..ccaa704530 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -635,6 +635,11 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + return NULL; + } + ++ if (unlikely(src_len != dst_len)) { ++ virtio_error(vdev, "sym request src len is different from dst len"); ++ return NULL; ++ } ++ + max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; + if (unlikely(max_len > vcrypto->conf.max_size)) { + virtio_error(vdev, "virtio-crypto too big length"); +-- +2.40.0 From patchwork Thu Aug 17 02:49:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29022 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72B56C2FC15 for ; Thu, 17 Aug 2023 02:50:16 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.178865.1692240609309693702 for ; Wed, 16 Aug 2023 19:50:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=YdzREfNp; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-6887059f121so1740694b3a.3 for ; Wed, 16 Aug 2023 19:50:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240608; x=1692845408; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=s+XcN4KmwBf3b4p2BJ4cRFQ1LFu403AUAPxwX7n+cAc=; b=YdzREfNpobGJ9zcvg8PIiJ5SnSJ02Lk/LUxe/3MFaGpykImckDmNl6sJ9OoBDiX8Qj Rtn9yE8XaKyIQo9Qlgid6oddVdVn3JeIxRU0wq50IF0iT3sGGovoSh/ifSNo2xAmQrOP vLMz3UWOwKkO0HoabC/HC+iRCKDZXXNsPQSGPICpvCqmm2HgnreJIYUxiUBjyIOCCWBF VhkjhVFlg0NlbRm+nX/fSuGJEQ1UtOUEbU1BHKp2wVFvm79m5/Bb68qYC405c6cMWuay WHZVrZ4Ukp2jZZ18el/SwSZ18dU6xNWQUo/9oBErXOjgG4jEuzOMMM/pdnb+ioiD3Db3 UNyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240608; x=1692845408; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s+XcN4KmwBf3b4p2BJ4cRFQ1LFu403AUAPxwX7n+cAc=; b=djMfYGpP+25V5HHelwfER1UhFIxs42trj+gNttMksWDfDWXGsFriJaZ0Xj1CZtmaJB NAndL87o5Bo8/EwJgHLUXmw3N5vKDlbxbnY25r8erIo8I4GM6dlYjBbb6SLrVZfIeLic yy4U7WyrFBIDxxtRuC/c4zCgwNOWGoGDt6ozTOt+av3y1CN1PBdL6bVjtrD8Ub+rCszW QY6X2Lh8mQIH0P5JC9h3jADMPXv8Axehy3lDAfgVqculrUpS+/Fjbexb/bsqbpFZf7CL jx4CCo7iOwp2rXF4fN2rCvijEgNO0tlT0YSnXt3JZ7YN6m6L3DWTVRKvXke2Of73yEUU wLyg== X-Gm-Message-State: AOJu0YzeaEiQFC8E/JznQy8vnX75jyjoFoBO20Tkz+ijtLFzRwYAYSxt Q83rSmcBKPiS/vA5VLXS7k+DhpWmPWHgb06PEy0= X-Google-Smtp-Source: AGHT+IHif43H/grsRkN+yBCPOr7F7JZ0RhYKAEFD6YAGZdf/KeBUgWJuHdqJaImqOujZ/QNzGwpC+g== X-Received: by 2002:a05:6a20:1011:b0:12f:fcbb:3e53 with SMTP id gs17-20020a056a20101100b0012ffcbb3e53mr3535350pzc.28.1692240608306; Wed, 16 Aug 2023 19:50:08 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/16] curl: Backport fix CVE-2023-32001 Date: Wed, 16 Aug 2023 16:49:39 -1000 Message-Id: <10df7553d1107438408f680ac28a2daf87d4163e.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186272 From: Ashish Sharma Signed-off-by: Ashish Sharma Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2023-32001.patch | 39 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch new file mode 100644 index 0000000000..7ea3073755 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-32001.patch @@ -0,0 +1,39 @@ +From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 +From: SaltyMilk +Date: Mon, 10 Jul 2023 21:43:28 +0200 +Subject: [PATCH] fopen: optimize + +Closes #11419 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde] +CVE: CVE-2023-32001 +Signed-off-by: Ashish Sharma + + + lib/fopen.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index c9c9e3d6e73a2..b6e3cadddef65 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + int fd = -1; + *tempname = NULL; + +- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { +- /* a non-regular file, fallback to direct fopen() */ +- *fh = fopen(filename, FOPEN_WRITETEXT); +- if(*fh) +- return CURLE_OK; ++ *fh = fopen(filename, FOPEN_WRITETEXT); ++ if(!*fh) + goto fail; +- } ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++ return CURLE_OK; ++ fclose(*fh); ++ *fh = NULL; + + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); + if(result) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 7f18ef7ee6..af52ecad13 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -51,6 +51,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2023-28321.patch \ file://CVE-2023-28322-1.patch \ file://CVE-2023-28322-2.patch \ + file://CVE-2023-32001.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Aug 17 02:49:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73A63C2FC0F for ; Thu, 17 Aug 2023 02:50:16 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.178666.1692240611760799808 for ; Wed, 16 Aug 2023 19:50:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=3clQMoCZ; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1bc7b25c699so46288555ad.1 for ; Wed, 16 Aug 2023 19:50:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240611; x=1692845411; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=T11I4JY7aA98FmxyT+MMBsIj0R+suzzlg5nQxMT8W4c=; b=3clQMoCZEj7I5Yc1Uj1Xl3EXKRBIBfp2GIYAsnweQ4JgMHcQxeAjnlcJn/r4EHls2J 1ihl8oj9rKSdAGGvrKAncJt70b0SVPtbc1lFbXrxrReMCrL05nQsxme2Q1FjIi8+UITb 83Ns9SfXUs4EY0Ay5442SiG8Rqu/UCZwVliOtN9ZVUcxqhW8HNq3wyYh3qCx47myKHNI M1/C2uva6R98a3dMdpR7GYnhvtj0LE/zqxPAs27Hmohriq0RHCDBARJZ8Z0BljGmouQh 9tnt2Fv3cgoxw+IgDuH8vn2WFVlCS+NQJlYU+nX/I1SAITocscBgQEZtIUjcvZT1Qfcz 04Yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240611; x=1692845411; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T11I4JY7aA98FmxyT+MMBsIj0R+suzzlg5nQxMT8W4c=; b=XLyK+ijMnyeJxtA1zlTICqVceDMp02wg3YYGm99hfW940xwdGDzUlvknm5ZnoUJUsh 34fAtMHOuosyNDXLtEv2tyA3zeXGV5tjq92pnGcw1B8SGXYOjxWxYgGSdbifDb5k2TWV sUYYGjjslI6NrGomufEPphxiaOK8uryPKaAI9yOf1CJIsa8fqQ2DiOLrrC81urLQFAse 8opuUcPTLdN49f/EQ597IZLyfXO5aRs5Qsyp3zAiUj9AtpjXGCkASzdudtYuQbMbIbQY IHaflmrHJrsbP+CevlEIhN0U7YAZJFX3Fwc3YElTX+syF3Ehr2YcaHlSDry7jWL+/COM 5grA== X-Gm-Message-State: AOJu0Yy4lTQfofifZBD0dSq0u4n4D93HtHFKTG46bH4X9YerMXYBvxda 8hr29Dggldivu6YZsHEoZS1s1rjIA3ij8RTkw5Y= X-Google-Smtp-Source: AGHT+IEBhxphWX9Mx25GMeJOjNVVp5JD4CXhd5J8GueREW2Oe+H4jzIkQojZtoGR/y/mIaXOBU+caQ== X-Received: by 2002:a17:902:da85:b0:1bb:b91b:2b3c with SMTP id j5-20020a170902da8500b001bbb91b2b3cmr4825606plx.34.1692240610441; Wed, 16 Aug 2023 19:50:10 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:10 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/16] dmidecode: fixup for CVE-2023-30630 Date: Wed, 16 Aug 2023 16:49:40 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186273 From: Adrian Freihofer The previous CVE-2023-30630_1.patch picked only the patch "dmidecode: Write the whole dump file at once" d8cfbc808f. But there was a refactoring which does not allow to cherry-pick it fast forward. Resolving this conflict was not correctly done. The patch was: + u32 len; + u8 *table; ... - if (!(opt.flags & FLAG_QUIET)) - pr_comment("Writing %d bytes to %s.", crafted[0x05], - opt.dumpfile); - write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1); + dmi_table_dump(crafted, crafted[0x05], table, len); It looks like the variables len and table have been added without initialization. Now this problem is solved by applying the previous refactoring as well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are rebased without changes. Signed-off-by: Adrian Freihofer Signed-off-by: Steve Sakoman --- .../dmidecode/CVE-2023-30630_1a.patch | 236 ++++++++++++++++++ ...-30630_1.patch => CVE-2023-30630_1b.patch} | 126 ++++------ .../dmidecode/CVE-2023-30630_2.patch | 11 +- .../dmidecode/CVE-2023-30630_3.patch | 60 ++--- .../dmidecode/CVE-2023-30630_4.patch | 149 +++++------ .../dmidecode/dmidecode_3.3.bb | 3 +- 6 files changed, 394 insertions(+), 191 deletions(-) create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch rename meta/recipes-devtools/dmidecode/dmidecode/{CVE-2023-30630_1.patch => CVE-2023-30630_1b.patch} (63%) diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch new file mode 100644 index 0000000000..bf93fbc13c --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch @@ -0,0 +1,236 @@ +From ee6db10dd70b8fdc7a93cffd7cf5bc7a28f9d3d7 Mon Sep 17 00:00:00 2001 +From: Jean Delvare +Date: Mon, 20 Feb 2023 14:53:21 +0100 +Subject: [PATCH 1/5] dmidecode: Split table fetching from decoding + +Clean up function dmi_table so that it does only one thing: +* dmi_table() is renamed to dmi_table_get(). It now retrieves the + DMI table, but does not process it any longer. +* Decoding or dumping the table is now done in smbios3_decode(), + smbios_decode() and legacy_decode(). +No functional change. + +A side effect of this change is that writing the header and body of +dump files is now done in a single location. This is required to +further consolidate the writing of dump files. + +Signed-off-by: Jean Delvare +Reviewed-by: Jerry Hoemann + +CVE: CVE-2023-30630 + +Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=39b2dd7b6ab719b920e96ed832cfb4bdd664e808] + +Signed-off-by: Adrian Freihofer +--- + dmidecode.c | 86 ++++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 62 insertions(+), 24 deletions(-) + +diff --git a/dmidecode.c b/dmidecode.c +index cd2b5c9..b082c03 100644 +--- a/dmidecode.c ++++ b/dmidecode.c +@@ -5247,8 +5247,9 @@ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags) + } + } + +-static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, +- u32 flags) ++/* Allocates a buffer for the table, must be freed by the caller */ ++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver, ++ const char *devmem, u32 flags) + { + u8 *buf; + +@@ -5267,7 +5268,7 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, + { + if (num) + pr_info("%u structures occupying %u bytes.", +- num, len); ++ num, *len); + if (!(opt.flags & FLAG_FROM_DUMP)) + pr_info("Table at 0x%08llX.", + (unsigned long long)base); +@@ -5285,19 +5286,19 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, + * would be the result of the kernel truncating the table on + * parse error. + */ +- size_t size = len; ++ size_t size = *len; + buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base, + &size, devmem); +- if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len) ++ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len) + { + fprintf(stderr, "Wrong DMI structures length: %u bytes " + "announced, only %lu bytes available.\n", +- len, (unsigned long)size); ++ *len, (unsigned long)size); + } +- len = size; ++ *len = size; + } + else +- buf = mem_chunk(base, len, devmem); ++ buf = mem_chunk(base, *len, devmem); + + if (buf == NULL) + { +@@ -5307,15 +5308,9 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, + fprintf(stderr, + "Try compiling dmidecode with -DUSE_MMAP.\n"); + #endif +- return; + } + +- if (opt.flags & FLAG_DUMP_BIN) +- dmi_table_dump(buf, len); +- else +- dmi_table_decode(buf, len, num, ver >> 8, flags); +- +- free(buf); ++ return buf; + } + + +@@ -5350,8 +5345,9 @@ static void overwrite_smbios3_address(u8 *buf) + + static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) + { +- u32 ver; ++ u32 ver, len; + u64 offset; ++ u8 *table; + + /* Don't let checksum run beyond the buffer */ + if (buf[0x06] > 0x20) +@@ -5377,8 +5373,12 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) + return 0; + } + +- dmi_table(((off_t)offset.h << 32) | offset.l, +- DWORD(buf + 0x0C), 0, ver, devmem, flags | FLAG_STOP_AT_EOT); ++ /* Maximum length, may get trimmed */ ++ len = DWORD(buf + 0x0C); ++ table = dmi_table_get(((off_t)offset.h << 32) | offset.l, &len, 0, ver, ++ devmem, flags | FLAG_STOP_AT_EOT); ++ if (table == NULL) ++ return 1; + + if (opt.flags & FLAG_DUMP_BIN) + { +@@ -5387,18 +5387,28 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) + memcpy(crafted, buf, 32); + overwrite_smbios3_address(crafted); + ++ dmi_table_dump(table, len); + if (!(opt.flags & FLAG_QUIET)) + pr_comment("Writing %d bytes to %s.", crafted[0x06], + opt.dumpfile); + write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1); + } ++ else ++ { ++ dmi_table_decode(table, len, 0, ver >> 8, ++ flags | FLAG_STOP_AT_EOT); ++ } ++ ++ free(table); + + return 1; + } + + static int smbios_decode(u8 *buf, const char *devmem, u32 flags) + { +- u16 ver; ++ u16 ver, num; ++ u32 len; ++ u8 *table; + + /* Don't let checksum run beyond the buffer */ + if (buf[0x05] > 0x20) +@@ -5438,8 +5448,13 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags) + pr_info("SMBIOS %u.%u present.", + ver >> 8, ver & 0xFF); + +- dmi_table(DWORD(buf + 0x18), WORD(buf + 0x16), WORD(buf + 0x1C), +- ver << 8, devmem, flags); ++ /* Maximum length, may get trimmed */ ++ len = WORD(buf + 0x16); ++ num = WORD(buf + 0x1C); ++ table = dmi_table_get(DWORD(buf + 0x18), &len, num, ver << 8, ++ devmem, flags); ++ if (table == NULL) ++ return 1; + + if (opt.flags & FLAG_DUMP_BIN) + { +@@ -5448,27 +5463,43 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags) + memcpy(crafted, buf, 32); + overwrite_dmi_address(crafted + 0x10); + ++ dmi_table_dump(table, len); + if (!(opt.flags & FLAG_QUIET)) + pr_comment("Writing %d bytes to %s.", crafted[0x05], + opt.dumpfile); + write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1); + } ++ else ++ { ++ dmi_table_decode(table, len, num, ver, flags); ++ } ++ ++ free(table); + + return 1; + } + + static int legacy_decode(u8 *buf, const char *devmem, u32 flags) + { ++ u16 ver, num; ++ u32 len; ++ u8 *table; ++ + if (!checksum(buf, 0x0F)) + return 0; + ++ ver = ((buf[0x0E] & 0xF0) << 4) + (buf[0x0E] & 0x0F); + if (!(opt.flags & FLAG_QUIET)) + pr_info("Legacy DMI %u.%u present.", + buf[0x0E] >> 4, buf[0x0E] & 0x0F); + +- dmi_table(DWORD(buf + 0x08), WORD(buf + 0x06), WORD(buf + 0x0C), +- ((buf[0x0E] & 0xF0) << 12) + ((buf[0x0E] & 0x0F) << 8), +- devmem, flags); ++ /* Maximum length, may get trimmed */ ++ len = WORD(buf + 0x06); ++ num = WORD(buf + 0x0C); ++ table = dmi_table_get(DWORD(buf + 0x08), &len, num, ver << 8, ++ devmem, flags); ++ if (table == NULL) ++ return 1; + + if (opt.flags & FLAG_DUMP_BIN) + { +@@ -5477,11 +5508,18 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags) + memcpy(crafted, buf, 16); + overwrite_dmi_address(crafted); + ++ dmi_table_dump(table, len); + if (!(opt.flags & FLAG_QUIET)) + pr_comment("Writing %d bytes to %s.", 0x0F, + opt.dumpfile); + write_dump(0, 0x0F, crafted, opt.dumpfile, 1); + } ++ else ++ { ++ dmi_table_decode(table, len, num, ver, flags); ++ } ++ ++ free(table); + + return 1; + } +-- +2.41.0 + diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch similarity index 63% rename from meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch rename to meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch index 53480d6299..e03bda05e4 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch @@ -1,7 +1,7 @@ -From d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001 +From d362549bce92ac22860cda8cad4532c1a3fe6928 Mon Sep 17 00:00:00 2001 From: Jean Delvare -Date: Tue, 27 Jun 2023 09:40:23 +0000 -Subject: [PATCH] dmidecode: Write the whole dump file at once +Date: Mon, 20 Feb 2023 14:53:25 +0100 +Subject: [PATCH 2/5] dmidecode: Write the whole dump file at once When option --dump-bin is used, write the whole dump file at once, instead of opening and closing the file separately for the table @@ -19,25 +19,23 @@ Reviewed-by: Jerry Hoemann CVE: CVE-2023-30630 -Reference: https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808 +Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206] -Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206] - -Signed-off-by: Yogita Urade +Signed-off-by: Adrian Freihofer --- - dmidecode.c | 79 +++++++++++++++++++++++++++++++++++++++-------------- - util.c | 40 --------------------------- + dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++-------------- + util.c | 40 ------------------------------- util.h | 1 - - 3 files changed, 58 insertions(+), 62 deletions(-) + 3 files changed, 51 insertions(+), 59 deletions(-) diff --git a/dmidecode.c b/dmidecode.c -index 9aeff91..5477309 100644 +index b082c03..a80a140 100644 --- a/dmidecode.c +++ b/dmidecode.c -@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver - } +@@ -5130,11 +5130,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver + } } - + -static void dmi_table_dump(const u8 *buf, u32 len) +static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table, + u32 table_len) @@ -68,7 +66,7 @@ index 9aeff91..5477309 100644 + goto err_close; + } + - if (!(opt.flags & FLAG_QUIET)) + if (!(opt.flags & FLAG_QUIET)) - pr_comment("Writing %d bytes to %s.", len, opt.dumpfile); - write_dump(32, len, buf, opt.dumpfile, 0); + pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile); @@ -92,94 +90,55 @@ index 9aeff91..5477309 100644 + fclose(f); + return -1; } - + static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags) -@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, - return; - } - -- if (opt.flags & FLAG_DUMP_BIN) -- dmi_table_dump(buf, len); -- else -- dmi_table_decode(buf, len, num, ver >> 8, flags); -- - free(buf); - } - -@@ -5688,8 +5728,9 @@ static void overwrite_smbios3_address(u8 *buf) - - static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) - { -- u32 ver; -+ u32 ver, len; - u64 offset; -+ u8 *table; - - /* Don't let checksum run beyond the buffer */ - if (buf[0x06] > 0x20) -@@ -5725,10 +5766,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) - memcpy(crafted, buf, 32); - overwrite_smbios3_address(crafted); - +@@ -5387,11 +5432,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) + memcpy(crafted, buf, 32); + overwrite_smbios3_address(crafted); + +- dmi_table_dump(table, len); - if (!(opt.flags & FLAG_QUIET)) - pr_comment("Writing %d bytes to %s.", crafted[0x06], - opt.dumpfile); - write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1); + dmi_table_dump(crafted, crafted[0x06], table, len); - } - - return 1; -@@ -5737,6 +5775,8 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) - static int smbios_decode(u8 *buf, const char *devmem, u32 flags) - { - u16 ver; -+ u32 len; -+ u8 *table; - - /* Don't let checksum run beyond the buffer */ - if (buf[0x05] > 0x20) -@@ -5786,10 +5826,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags) - memcpy(crafted, buf, 32); - overwrite_dmi_address(crafted + 0x10); - + } + else + { +@@ -5463,11 +5504,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags) + memcpy(crafted, buf, 32); + overwrite_dmi_address(crafted + 0x10); + +- dmi_table_dump(table, len); - if (!(opt.flags & FLAG_QUIET)) - pr_comment("Writing %d bytes to %s.", crafted[0x05], - opt.dumpfile); - write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1); + dmi_table_dump(crafted, crafted[0x05], table, len); - } - - return 1; -@@ -5797,6 +5834,9 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags) - - static int legacy_decode(u8 *buf, const char *devmem, u32 flags) - { -+ u32 len; -+ u8 *table; -+ - if (!checksum(buf, 0x0F)) - return 0; - -@@ -5815,10 +5855,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags) - memcpy(crafted, buf, 16); - overwrite_dmi_address(crafted); - + } + else + { +@@ -5508,11 +5545,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags) + memcpy(crafted, buf, 16); + overwrite_dmi_address(crafted); + +- dmi_table_dump(table, len); - if (!(opt.flags & FLAG_QUIET)) - pr_comment("Writing %d bytes to %s.", 0x0F, - opt.dumpfile); - write_dump(0, 0x0F, crafted, opt.dumpfile, 1); + dmi_table_dump(crafted, 0x0F, table, len); - } - - return 1; + } + else + { diff --git a/util.c b/util.c index 04aaadd..1547096 100644 --- a/util.c +++ b/util.c @@ -259,46 +259,6 @@ out: - return p; + return p; } - + -int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add) -{ - FILE *f; @@ -233,5 +192,6 @@ index 3094cf8..ef24eb9 100644 void *mem_chunk(off_t base, size_t len, const char *devmem); -int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add); u64 u64_range(u64 start, u64 end); --- -2.35.5 +-- +2.41.0 + diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch index 9f53a205ac..37167a9c4f 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch @@ -1,7 +1,8 @@ -From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001 +From 2d26f187c734635d072d24ea401255b84f03f4c4 Mon Sep 17 00:00:00 2001 From: Jean Delvare Date: Tue, 27 Jun 2023 10:03:53 +0000 -Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file +Subject: [PATCH 3/5] dmidecode: Do not let --dump-bin overwrite an existing + file Make sure that the file passed to option --dump-bin does not already exist. In practice, it is rather unlikely that an honest user would @@ -17,14 +18,13 @@ Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2] Signed-off-by: Yogita Urade - --- dmidecode.c | 14 ++++++++++++-- man/dmidecode.8 | 3 ++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/dmidecode.c b/dmidecode.c -index ae461de..6446040 100644 +index a80a140..32a77cc 100644 --- a/dmidecode.c +++ b/dmidecode.c @@ -60,6 +60,7 @@ @@ -78,3 +78,6 @@ index 64dc7e7..d5b7f01 100644 .TP .BR " " " " "--from-dump FILE" Read the DMI data from a binary file previously generated using +-- +2.41.0 + diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch index 01d0d1f867..181092a3fd 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch @@ -1,7 +1,8 @@ -From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001 +From ac881f801b92b57fd8daac65fb16fff6d84fd366 Mon Sep 17 00:00:00 2001 From: Jean Delvare Date: Tue, 27 Jun 2023 10:25:50 +0000 -Subject: [PATCH] Consistently use read_file() when reading from a dump file +Subject: [PATCH 4/5] Consistently use read_file() when reading from a dump + file Use read_file() instead of mem_chunk() to read the entry point from a dump file. This is faster, and consistent with how we then read the @@ -27,26 +28,26 @@ Signed-off-by: Yogita Urade 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/dmidecode.c b/dmidecode.c -index 98f9692..b4dbc9d 100644 +index 32a77cc..9a691e0 100644 --- a/dmidecode.c +++ b/dmidecode.c -@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[]) - pr_comment("dmidecode %s", VERSION); - - /* Read from dump if so instructed */ +@@ -5693,17 +5693,25 @@ int main(int argc, char * const argv[]) + pr_comment("dmidecode %s", VERSION); + + /* Read from dump if so instructed */ + size = 0x20; - if (opt.flags & FLAG_FROM_DUMP) - { - if (!(opt.flags & FLAG_QUIET)) - pr_info("Reading SMBIOS/DMI data from file %s.", - opt.dumpfile); + if (opt.flags & FLAG_FROM_DUMP) + { + if (!(opt.flags & FLAG_QUIET)) + pr_info("Reading SMBIOS/DMI data from file %s.", + opt.dumpfile); - if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL) + if ((buf = read_file(0, &size, opt.dumpfile)) == NULL) - { - ret = 1; - goto exit_free; - } - + { + ret = 1; + goto exit_free; + } + + /* Truncated entry point can't be processed */ + if (size < 0x20) + { @@ -54,16 +55,17 @@ index 98f9692..b4dbc9d 100644 + goto done; + } + - if (memcmp(buf, "_SM3_", 5) == 0) - { - if (smbios3_decode(buf, opt.dumpfile, 0)) -@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[]) - * contain one of several types of entry points, so read enough for - * the largest one, then determine what type it contains. - */ + if (memcmp(buf, "_SM3_", 5) == 0) + { + if (smbios3_decode(buf, opt.dumpfile, 0)) +@@ -5727,7 +5735,6 @@ int main(int argc, char * const argv[]) + * contain one of several types of entry points, so read enough for + * the largest one, then determine what type it contains. + */ - size = 0x20; - if (!(opt.flags & FLAG_NO_SYSFS) - && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL) - { --- -2.40.0 + if (!(opt.flags & FLAG_NO_SYSFS) + && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL) + { +-- +2.41.0 + diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch index 5fa72b4f9b..b7d7f4ff96 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch @@ -1,7 +1,7 @@ -From 2b83c4b898f8325313162f588765411e8e3e5561 Mon Sep 17 00:00:00 2001 +From 2fb126eef436389a2dc48d4225b4a9888b0625a8 Mon Sep 17 00:00:00 2001 From: Jean Delvare Date: Tue, 27 Jun 2023 10:58:11 +0000 -Subject: [PATCH] Don't read beyond sysfs entry point buffer +Subject: [PATCH 5/5] Don't read beyond sysfs entry point buffer Functions smbios_decode() and smbios3_decode() include a check against buffer overrun. This check assumes that the buffer length is @@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/dmidecode.c b/dmidecode.c -index b4dbc9d..870d94e 100644 +index 9a691e0..e725801 100644 --- a/dmidecode.c +++ b/dmidecode.c -@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf) - buf[0x17] = 0; +@@ -5398,14 +5398,14 @@ static void overwrite_smbios3_address(u8 *buf) + buf[0x17] = 0; } - + -static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) +static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags) { - u32 ver, len; - u64 offset; - u8 *table; - - /* Don't let checksum run beyond the buffer */ + u32 ver, len; + u64 offset; + u8 *table; + + /* Don't let checksum run beyond the buffer */ - if (buf[0x06] > 0x20) + if (buf[0x06] > buf_len) - { - fprintf(stderr, - "Entry point length too large (%u bytes, expected %u).\n", -@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) - return 1; + { + fprintf(stderr, + "Entry point length too large (%u bytes, expected %u).\n", +@@ -5455,14 +5455,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) + return 1; } - + -static int smbios_decode(u8 *buf, const char *devmem, u32 flags) +static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags) { - u16 ver; - u32 len; - u8 *table; - - /* Don't let checksum run beyond the buffer */ + u16 ver, num; + u32 len; + u8 *table; + + /* Don't let checksum run beyond the buffer */ - if (buf[0x05] > 0x20) + if (buf[0x05] > buf_len) - { - fprintf(stderr, - "Entry point length too large (%u bytes, expected %u).\n", -@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[]) - - if (memcmp(buf, "_SM3_", 5) == 0) - { + { + fprintf(stderr, + "Entry point length too large (%u bytes, expected %u).\n", +@@ -5714,12 +5714,12 @@ int main(int argc, char * const argv[]) + + if (memcmp(buf, "_SM3_", 5) == 0) + { - if (smbios3_decode(buf, opt.dumpfile, 0)) + if (smbios3_decode(buf, size, opt.dumpfile, 0)) - found++; - } - else if (memcmp(buf, "_SM_", 4) == 0) - { + found++; + } + else if (memcmp(buf, "_SM_", 4) == 0) + { - if (smbios_decode(buf, opt.dumpfile, 0)) + if (smbios_decode(buf, size, opt.dumpfile, 0)) - found++; - } - else if (memcmp(buf, "_DMI_", 5) == 0) -@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[]) - pr_info("Getting SMBIOS data from sysfs."); - if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0) - { + found++; + } + else if (memcmp(buf, "_DMI_", 5) == 0) +@@ -5742,12 +5742,12 @@ int main(int argc, char * const argv[]) + pr_info("Getting SMBIOS data from sysfs."); + if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0) + { - if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) + if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) - found++; - } - else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0) - { + found++; + } + else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0) + { - if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) + if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) - found++; - } - else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0) -@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[]) - - if (memcmp(buf, "_SM3_", 5) == 0) - { + found++; + } + else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0) +@@ -5784,12 +5784,12 @@ int main(int argc, char * const argv[]) + + if (memcmp(buf, "_SM3_", 5) == 0) + { - if (smbios3_decode(buf, opt.devmem, 0)) + if (smbios3_decode(buf, 0x20, opt.devmem, 0)) - found++; - } - else if (memcmp(buf, "_SM_", 4) == 0) - { + found++; + } + else if (memcmp(buf, "_SM_", 4) == 0) + { - if (smbios_decode(buf, opt.devmem, 0)) + if (smbios_decode(buf, 0x20, opt.devmem, 0)) - found++; - } - goto done; -@@ -6114,7 +6114,7 @@ memory_scan: - { - if (memcmp(buf + fp, "_SM3_", 5) == 0) - { + found++; + } + goto done; +@@ -5810,7 +5810,7 @@ memory_scan: + { + if (memcmp(buf + fp, "_SM3_", 5) == 0) + { - if (smbios3_decode(buf + fp, opt.devmem, 0)) + if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0)) - { - found++; - goto done; -@@ -6127,7 +6127,7 @@ memory_scan: - { - if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0) - { + { + found++; + goto done; +@@ -5823,7 +5823,7 @@ memory_scan: + { + if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0) + { - if (smbios_decode(buf + fp, opt.devmem, 0)) + if (smbios_decode(buf + fp, 0x20, opt.devmem, 0)) - { - found++; - goto done; --- -2.35.5 + { + found++; + goto done; +-- +2.41.0 + diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb index b99c2ea99d..c0f6b45313 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb +++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb @@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \ file://0001-Committing-changes-from-do_unpack_extra.patch \ - file://CVE-2023-30630_1.patch \ + file://CVE-2023-30630_1a.patch \ + file://CVE-2023-30630_1b.patch \ file://CVE-2023-30630_2.patch \ file://CVE-2023-30630_3.patch \ file://CVE-2023-30630_4.patch \ From patchwork Thu Aug 17 02:49:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72734C2FC14 for ; Thu, 17 Aug 2023 02:50:16 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web10.178867.1692240613343842162 for ; Wed, 16 Aug 2023 19:50:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=zTpGRJrv; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1bda9207132so58102675ad.0 for ; Wed, 16 Aug 2023 19:50:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240612; x=1692845412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iJ9VdrsQt0qYJHOkpKocyt8OrLI4aRw4OvMqAnS5ebU=; b=zTpGRJrvfw9x9PObE49Ws4Fzj0owXuzfb3XP61Zt+6ekeOK5PxHqsSt1XcCDA4GORb mQBB/+Tb5QgPMNrgu+kFE7Kq5UFBSp/73IRvV4WHm7qw4ySLPqXoiyy9UCYeTC3E4W80 snJkA071s733FHFrH1YrNKowForGlrZzMXqJ1IAIyVLUh9ePlNDcJz0TQqG6ijtPSSY9 ifM/Sxz4AcyIXvcOQRsB/esb3o4a4VMUNo17HHlgr05yJixv/HDUDvxxByQNbtoosRZn ff996vBqB10zRszewwd7qD4r4xBNb3dxB8RaCPIlD6DyMkaEn8Ok3YueL+4mUYkvDVLv 48LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240612; x=1692845412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iJ9VdrsQt0qYJHOkpKocyt8OrLI4aRw4OvMqAnS5ebU=; b=LEJzn94wfUrne5zE4BKyn28wXPVK5H4lk6Q8RQDCG72mu3t+8FjFLrJAg9J9oQ0UdB pjiHd12vxvhG7c34DRceem2qJEBHdDHLOPtTQSFa63VkWd8ZESFsITW3Bs2MllY8eF6g iCPO6MWDALRraU+TRD1DeD80GBKsgqcnktri5lzEWdiHiPONgNEHVpcrMZNlqWNiZD8A rD6E6JhErOpLCVCJl/lQgRAV0AZT65h4zq2wOuGI00El/WEtaiU2bYJMJxS1Exa8Ii8x nnso2F0upVla9XvrMdnGxKe94jJdJWOir5WWdAfhh6WGgkvhGlqajGyrjvW94ZjVkHKZ R8aw== X-Gm-Message-State: AOJu0YyK5wmj6wWugBoERIIdrTNVddcg7+pI699SrHngACFufPUKlVMo vBIcPmdZ6S7txwIBQ5jXD98k56g6FO1tMr+5Tjg= X-Google-Smtp-Source: AGHT+IFhPAxUnvK9TaNJnbjhrSfhw7iaMeAFUGcebtvIxZUl8Dd7ALXMXnKLcgHhE/CAiI0tHds9wQ== X-Received: by 2002:a17:903:2796:b0:1b8:8223:8bdd with SMTP id jw22-20020a170903279600b001b882238bddmr3826166plb.59.1692240612322; Wed, 16 Aug 2023 19:50:12 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/16] linux-yocto/5.10: update to v5.10.186 Date: Wed, 16 Aug 2023 16:49:41 -1000 Message-Id: <591afa6b33a409df5fcd92d66069f39495bc526f.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186274 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 381518b4a916 Linux 5.10.186 29917a20be43 bpf/btf: Accept function names that contain dots 8b7454dd984a netfilter: nf_tables: hold mutex on netns pre_exit path 9e8d927cfa56 netfilter: nf_tables: validate registers coming from userspace. f19a4818a92a netfilter: nftables: statify nft_parse_register() 42997367cb67 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle 5a257f355366 x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys d8efc77f23c8 drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl 485fe165084b drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl 0b0fdc43b2ab drm/exynos: vidi: fix a wrong error return 32134e7a0f21 ARM: dts: Fix erroneous ADS touchscreen polarities 79cf5657be38 s390/purgatory: disable branch profiling a819de62ec2b ASoC: nau8824: Add quirk to active-high jack-detect fa08753c2d04 ASoC: simple-card: Add missing of_node_put() in case of error 9138ed7e2b43 spi: lpspi: disable lpspi module irq in DMA mode 97b6c4c1d1a8 s390/cio: unregister device when the only path is gone fe949c1662c9 Input: soc_button_array - add invalid acpi_index DMI quirk handling eaf1fa945206 usb: gadget: udc: fix NULL dereference in remove() 7d1a0733a55e nfcsim.c: Fix error checking for debugfs_create_dir dc357c0787e8 media: cec: core: don't set last_initiator if tx in progress c13573032b7b arm64: Add missing Set/Way CMO encodings 49a2b18f4972 HID: wacom: Add error check to wacom_parse_and_register() 2b43198de03f scsi: target: iscsi: Prevent login threads from racing between each other 75aa3f255c88 gpiolib: Fix GPIO chip IRQ initialization restriction 304802e5b038 gpio: Allow per-parent interrupt data bc75968b494a sch_netem: acquire qdisc lock in netem_change() caddeadd0d03 Revert "net: phy: dp83867: perform soft reset and retain established link" 5702afa2c331 netfilter: nfnetlink_osf: fix module autoload 3d5c09c782a3 netfilter: nf_tables: disallow element updates of bound anonymous sets 2a90da8e0dd5 netfilter: nft_set_pipapo: .walk does not deal with generations 792bfe26a655 be2net: Extend xmit workaround to BE3 chip cebb5cee0984 net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch 7a1ae0000509 ipvs: align inner_mac_header for encapsulation f2547bc71663 mmc: usdhi60rol0: fix deferred probing 4a99e35c5a62 mmc: sh_mmcif: fix deferred probing c2278de1382b mmc: sdhci-acpi: fix deferred probing f6e176ef894a mmc: owl: fix deferred probing f29d0ab0e6bd mmc: omap_hsmmc: fix deferred probing 65d9318e3d56 mmc: omap: fix deferred probing 9ad3c21fb66d mmc: mvsdio: fix deferred probing 9b0417fd402f mmc: mtk-sd: fix deferred probing ced13bc50ef0 net: qca_spi: Avoid high load if QCA7000 is not available b1b9c81e29d2 xfrm: Linearize the skb after offloading if needed. 31cd0d4a4470 selftests: net: fcnal-test: check if FIPS mode is enabled 2af75a36af8d selftests: net: vrf-xfrm-tests: change authentication and encryption algos 07fbbddae5af xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets 562800447f8b bpf: Fix verifier id tracking of scalars on spill 3b0a96db670b bpf: track immediate values written to stack by BPF_ST instruction bff7824db681 xfrm: Ensure policies always checked on XFRM-I input path 01af67ed83d0 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c cdaa6e1105c0 xfrm: Treat already-verified secpath entries as optional 47be2931c4e5 ieee802154: hwsim: Fix possible memory leaks 051d6421337b memfd: check for non-NULL file_seals in memfd_create() syscall 1ac6e9ee8428 sysctl: move some boundary constants from sysctl.c to sysctl_vals e1aa3fe3e282 mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% ad10dd211370 x86/mm: Avoid using set_pgd() outside of real PGD pages 4de2093674f2 nilfs2: prevent general protection fault in nilfs_clear_dirty_page() 3845c38417bd io_uring/net: disable partial retries for recvmsg with cmsg 826ee9fa3647 io_uring/net: clear msg_controllen on partial sendmsg retry 5fdea4468f57 io_uring/net: save msghdr->msg_control for retries 5a7101d8faab writeback: fix dereferencing NULL mapping->host on writeback_page_template f00cd687c2cd regmap: spi-avmm: Fix regmap_bus max_raw_write bc35f93e4bd7 regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK 5938470f9c80 ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN 2e454015ca27 mmc: mmci: stm32: fix max busy timeout calculation 1be288fd3b0d mmc: meson-gx: remove redundant mmc_request_done() call from irq context 1b97630cd9a9 mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 63608437a83d cgroup: Do not corrupt task iteration when rebinding subsystem 988d06f5eb32 PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic 8f2d5ebdfef7 PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev 8b7484676994 Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" 79ceb758e3db PCI: hv: Fix a race condition bug in hv_pci_query_relations() 8b8c9812c048 Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs b435298349ab nilfs2: fix buffer corruption due to concurrent device reads 524a2c0bcf99 selftests: mptcp: join: skip check if MIB counter not supported e508d9cef887 selftests: mptcp: pm nl: remove hardcoded default limits 4c4ca42418a5 selftests: mptcp: lib: skip if not below kernel version 6d20cfbc578d selftests: mptcp: lib: skip if missing symbol 3cc7935d3221 tick/common: Align tick period during sched_timer setup db4ab0c97a4d tracing: Add tracing_reset_all_online_cpus_unlocked() function 9ced73049016 net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs b1b42fff8ae1 drm/amd/display: fix the system hang while disable PSR Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 7976b96a61..6d8effd6e2 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "46fb028ad9413cfa8d47a6dc8bf9a57d9d5edf8b" -SRCREV_meta ?= "c1168e10ecf30b123a341ca500966eebf3fe2cc2" +SRCREV_machine ?= "4a1803ede76bf613f627954d55abc14bc3ce33a2" +SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.185" +LINUX_VERSION ?= "5.10.186" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 85dac1d874..8a013a3862 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.185" +LINUX_VERSION ?= "5.10.186" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine:qemuarm ?= "6e0299be775387485e22edcd57ac6099c08f4356" -SRCREV_machine ?= "772cf990473f73ebf34c1a1ef4f06eb3e297c4db" -SRCREV_meta ?= "c1168e10ecf30b123a341ca500966eebf3fe2cc2" +SRCREV_machine:qemuarm ?= "be5fe90e1270855b9cc67ae6312fe04fa4d19693" +SRCREV_machine ?= "1d287024a6dd075a6dc4027679fea5df640cebd6" +SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 2c7a3e2597..2ccedd8c45 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,23 +13,23 @@ KBRANCH:qemux86 ?= "v5.10/standard/base" KBRANCH:qemux86-64 ?= "v5.10/standard/base" KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "08e7e91e009a1d738962de06f48f9704075d3a56" -SRCREV_machine:qemuarm64 ?= "f23a4523287d5199b67a135e5d1cf3680fe58a3a" -SRCREV_machine:qemumips ?= "82bae5b9d4316474df162ca7e5a2dff35c4ede39" -SRCREV_machine:qemuppc ?= "8b5027212160436c9d466b80e0c385f265acfbdb" -SRCREV_machine:qemuriscv64 ?= "dafc025b033585311d1693255c80b60b690b0e54" -SRCREV_machine:qemuriscv32 ?= "dafc025b033585311d1693255c80b60b690b0e54" -SRCREV_machine:qemux86 ?= "dafc025b033585311d1693255c80b60b690b0e54" -SRCREV_machine:qemux86-64 ?= "dafc025b033585311d1693255c80b60b690b0e54" -SRCREV_machine:qemumips64 ?= "ee18c4343db52d5846a0f332cd6df26a6f72dd45" -SRCREV_machine ?= "dafc025b033585311d1693255c80b60b690b0e54" -SRCREV_meta ?= "c1168e10ecf30b123a341ca500966eebf3fe2cc2" +SRCREV_machine:qemuarm ?= "f9df75cf799c8ac43b932476c7ad6b4b4fba33de" +SRCREV_machine:qemuarm64 ?= "404cf5c05b3fc82b4d8395fcc5abe4b26407665a" +SRCREV_machine:qemumips ?= "9d39a0ab63dfaa32be0ddd02b61acd2fe1a2b156" +SRCREV_machine:qemuppc ?= "e55cd861f7167730eb17a5c82891fad17c515b64" +SRCREV_machine:qemuriscv64 ?= "cfcf13659ada4eee41e11484404de999ce571196" +SRCREV_machine:qemuriscv32 ?= "cfcf13659ada4eee41e11484404de999ce571196" +SRCREV_machine:qemux86 ?= "cfcf13659ada4eee41e11484404de999ce571196" +SRCREV_machine:qemux86-64 ?= "cfcf13659ada4eee41e11484404de999ce571196" +SRCREV_machine:qemumips64 ?= "7d139a5b0b4abc1a7104845c5c9f2523dce0d589" +SRCREV_machine ?= "cfcf13659ada4eee41e11484404de999ce571196" +SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.185" +LINUX_VERSION ?= "5.10.186" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Aug 17 02:49:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29020 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6276DC41513 for ; Thu, 17 Aug 2023 02:50:16 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.178868.1692240615289641687 for ; Wed, 16 Aug 2023 19:50:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=buXvB/II; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1bf0b24d925so4420275ad.3 for ; Wed, 16 Aug 2023 19:50:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240614; x=1692845414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nsI23q8wiZaIOoOPJkBOj3jr3hHyQfT6VYkcggKZJ9s=; b=buXvB/IIkmHS9SPjBefmpjrBlL8ZVgh2YKwid7Kky1DHw3vCRPz8fmzt+bzSi/8hXP IamO2wrKDQSCTnDc54tEp15In8amE583hPmpWVtIYHaxLjWKVjZi7isObfPJ5049xK0K WeLSeZHPsBLxaq6rVvftQlQ+Ps5AMvFbcwtK7tIjjKsiS2Qhu2ZeQ0+mT57Hcoxd4UWw YZIAU+6jYNOdYt9l0gr6VbXTaZD1FvZ+o0tE14bDlAnk22g3372238xp5+T56UsmrW1F x5pjsmZ9l8TVXNPJT2uFDCyvLDnLiDuDbOThAqqcScmHPB0AmQdH/P39szpLyBgU2MZU w25Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240614; x=1692845414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nsI23q8wiZaIOoOPJkBOj3jr3hHyQfT6VYkcggKZJ9s=; b=jJ6/6Pn1iVx5mde311/ExK8b0rNW3RIdU0edS7KEl316RRcNZFFR98m0BQ/YH4fCXI azqKLUEkQHCegTLlNszoCEbCz1tFmL/l53rRuCjb533Uuue3v2SALBkmujaT3an4vd52 MW306CllVB52s7oVJu+zdze4qCmNZWh7rNQkurL/N/8vqZY7u49LgYvdubRfDsBmO0wZ c74CdjK1mpAXx9F1wz7h6bY6u9mD3HSMuOzFazhWPiuc4kJmnaMoeXzKqeKo07o0JIFg 4+EU0zuI2+zv1GhMY0+IXQtVfOlkXkyOAnS2V4wKRnAG0JmBMons8cK4vI9hRVGu/EyG Nasg== X-Gm-Message-State: AOJu0YxROpeSczJoX3OUDj4XFjjkYJlCtRY0ulNgO3He+axsR+Cdf9oh 8yClgAiDKsMgoilPbYyk4PxNrDtj3HUEBp7ReIU= X-Google-Smtp-Source: AGHT+IFNnVs3XlX5115lSGPmiCTBp4H5r8Bv0ZAULN7SdYNlNO1vLTg3YNiQZoFmdYvgfXdmQNeuRQ== X-Received: by 2002:a17:903:25cf:b0:1bd:bba1:be7b with SMTP id jc15-20020a17090325cf00b001bdbba1be7bmr3290283plb.39.1692240614360; Wed, 16 Aug 2023 19:50:14 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:14 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/16] linux-yocto/5.10: update to v5.10.187 Date: Wed, 16 Aug 2023 16:49:42 -1000 Message-Id: <50f8192a95315db169beb38d36d5d0a974f3ac4d.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186275 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 140d69b4e41d Linux 5.10.187 93df00f9d48d x86/cpu/amd: Add a Zenbleed fix 191b8f9b0e37 x86/cpu/amd: Move the errata checking functionality up 113ce5ed59fc x86/microcode/AMD: Load late on both threads too Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 6d8effd6e2..5feaa9811a 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "4a1803ede76bf613f627954d55abc14bc3ce33a2" -SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1" +SRCREV_machine ?= "0a7d0eaa4e53eede45702dde31a3580e4cce0034" +SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.186" +LINUX_VERSION ?= "5.10.187" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 8a013a3862..1e401e2499 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.186" +LINUX_VERSION ?= "5.10.187" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine:qemuarm ?= "be5fe90e1270855b9cc67ae6312fe04fa4d19693" -SRCREV_machine ?= "1d287024a6dd075a6dc4027679fea5df640cebd6" -SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1" +SRCREV_machine:qemuarm ?= "54fe699b2a16739a9fb3905d3a6c6ff7475214ea" +SRCREV_machine ?= "2fe6f9bdf89df6d468f7e2c7fc070993a11f029a" +SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 2ccedd8c45..93eff2bd58 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,23 +13,23 @@ KBRANCH:qemux86 ?= "v5.10/standard/base" KBRANCH:qemux86-64 ?= "v5.10/standard/base" KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "f9df75cf799c8ac43b932476c7ad6b4b4fba33de" -SRCREV_machine:qemuarm64 ?= "404cf5c05b3fc82b4d8395fcc5abe4b26407665a" -SRCREV_machine:qemumips ?= "9d39a0ab63dfaa32be0ddd02b61acd2fe1a2b156" -SRCREV_machine:qemuppc ?= "e55cd861f7167730eb17a5c82891fad17c515b64" -SRCREV_machine:qemuriscv64 ?= "cfcf13659ada4eee41e11484404de999ce571196" -SRCREV_machine:qemuriscv32 ?= "cfcf13659ada4eee41e11484404de999ce571196" -SRCREV_machine:qemux86 ?= "cfcf13659ada4eee41e11484404de999ce571196" -SRCREV_machine:qemux86-64 ?= "cfcf13659ada4eee41e11484404de999ce571196" -SRCREV_machine:qemumips64 ?= "7d139a5b0b4abc1a7104845c5c9f2523dce0d589" -SRCREV_machine ?= "cfcf13659ada4eee41e11484404de999ce571196" -SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1" +SRCREV_machine:qemuarm ?= "ca4bf25fb041f115ee9144acf175266e7d2c5495" +SRCREV_machine:qemuarm64 ?= "7ef1d2f467aa45b98241421262e607ec080e0921" +SRCREV_machine:qemumips ?= "f275b4829346d60d1cb600d4b8195eb6812361fd" +SRCREV_machine:qemuppc ?= "af1960c76a2c940eee2e7b4c20e07c248b030b02" +SRCREV_machine:qemuriscv64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" +SRCREV_machine:qemuriscv32 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" +SRCREV_machine:qemux86 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" +SRCREV_machine:qemux86-64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" +SRCREV_machine:qemumips64 ?= "2f630e9e4b3c809cf48d8e252477845c405195cc" +SRCREV_machine ?= "c4d95d557212e22763382fd345d8c7efc92f825f" +SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.186" +LINUX_VERSION ?= "5.10.187" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Aug 17 02:49:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 737A2C2FC18 for ; Thu, 17 Aug 2023 02:50:26 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.178869.1692240617818244311 for ; Wed, 16 Aug 2023 19:50:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=KDPdAxDr; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-688779ffcfdso1601722b3a.1 for ; Wed, 16 Aug 2023 19:50:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240617; x=1692845417; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5GUS/6ZOxnciI8MjQZlGF4zRwFklvgVqQzbq+9bXF0Y=; b=KDPdAxDrfwg2ilHnPAkVacoml+II8Vfi7IWzFoRPzDc6QqRFIjNWDbOYEf3mi7RncN LUBq2dC4mq4YnC4tdacjkpwRAXx0yypb5V+kz1cNRgx1kvYJ51N692wadbg3iu3QCktP nqsY2wNJ8rJYeK0AtIRb5Zv73zz9XsPkpkucqM5MNlrdea9pyNk17vCp7pndTLZOu2Hq s//W4newP3zvA2QK5a2nuOLxUWQ/Guh2IeFrRE6VYwNWvCjhjN6SfOy65qC1Zrj/q+Al A6EhLRj/UXlLkZnkAkG5YPlnacDTEBjxkQaqu7ax2qI2YEeSAofijwyXDuUMFdLRF/df U8DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240617; x=1692845417; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5GUS/6ZOxnciI8MjQZlGF4zRwFklvgVqQzbq+9bXF0Y=; b=bByrv23YEZOO4+/n8n1hKlK087nUH9PyW3ueT1LjB2gV7E4rGlzeqyHEeHCFQX10IK 8zoWvhY8C6taCKSPMY5yqHPtG2aq0Fg4pwJgU6tRIejronuuvU4WX0eTb04vS5U4zAmS IMJcgKHOStnf4mxqzbwcaKU86vs2ulpfWLwz67nwJemeiBBtmXmbEhEHHG/aKVdqlIsl lx2hA2q2FS9N0szcoPJJ3mANvECgCq+Dw3eqeK/H9c8TQJmB8SpptXGUCFkbm1phQbZ5 awG3basp/GtPjpa619mIe9aGOS2WWKlqF0L0vqzcu9IQ2I1q/UA+SS2UnDQ6MJVgOHFW HGaA== X-Gm-Message-State: AOJu0YzQGELzsehjzo0wNUHQ+e4RBbcysjt070PbwFizW6C401AiiRBR YA+QH6vVRO/KE4okidYZGdUBPCXGaYKPJkte4qI= X-Google-Smtp-Source: AGHT+IF9HXj98rRuSPIdNE8BA7HTqa+MdleEwTOW0g0FyynRnFJl3Nl7qaAipSxsBzwaGFkNjyowhw== X-Received: by 2002:a05:6a21:6da0:b0:129:3bb4:77f1 with SMTP id wl32-20020a056a216da000b001293bb477f1mr4719288pzb.0.1692240616333; Wed, 16 Aug 2023 19:50:16 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:16 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/16] linux-yocto/5.10: update to v5.10.188 Date: Wed, 16 Aug 2023 16:49:43 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186276 From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 3602dbc57b55 Linux 5.10.188 edce5fba78cc ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() 115b19f89353 ftrace: Store the order of pages allocated in ftrace_page 1a1e793e021d tracing: Fix memory leak of iter->temp when reading trace_pipe 43e786aa51b8 tracing/histograms: Return an error if we fail to add histogram to hist_vars list e3da59f42820 net: phy: prevent stale pointer dereference in phy_init() e0ac63e194f4 tcp: annotate data-races around fastopenq.max_qlen d01afbfc2f7d tcp: annotate data-races around icsk->icsk_user_timeout 3cf0a0f11d39 tcp: annotate data-races around tp->notsent_lowat 9c786d5faf3a tcp: annotate data-races around rskq_defer_accept f891375eba6e tcp: annotate data-races around tp->linger2 9168bd8f54c5 tcp: annotate data-races around icsk->icsk_syn_retries 7b0084918c5f tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. cf6c06ac7487 net: Introduce net.ipv4.tcp_migrate_req. a5c30a518764 tcp: annotate data-races around tp->keepalive_probes 93715448f116 tcp: annotate data-races around tp->keepalive_intvl 7b52a78a91fd tcp: annotate data-races around tp->keepalive_time 1d4f2c4be136 tcp: annotate data-races around tp->tcp_tx_delay 30e5460d69e6 netfilter: nf_tables: skip bound chain on rule flush 94c10c0fa51b netfilter: nf_tables: skip bound chain in netns release path 3a91099ecd59 netfilter: nft_set_pipapo: fix improper element removal 9c2df17e3cfc netfilter: nf_tables: can't schedule in nft_chain_validate 533193a23914 netfilter: nf_tables: fix spurious set element insertion failure a6f1988780a7 llc: Don't drop packet from non-root netns. 49e435ca02c7 fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe bc9d4d432f78 Revert "tcp: avoid the lookup process failing to get sk in ehash table" d06fc7b39199 net:ipv6: check return value of pskb_trim() 1a478ad1297a net: ipv4: Use kfree_sensitive instead of kfree 937105d2b0bf tcp: annotate data-races around tcp_rsk(req)->ts_recent 41b00238699a octeontx2-pf: Dont allocate BPIDs for LBK interfaces 5bc78ba88905 security: keys: Modify mismatched function name b92defe4e8ee iavf: Fix out-of-bounds when setting channels on remove a4635f190f33 iavf: Fix use-after-free in free_netdev b37bc3b07eab bridge: Add extack warning when enabling STP in netns. f6d311b95394 net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() 54aa4c03861e pinctrl: amd: Use amd_pinconf_set() for all config options 7041605e8594 fbdev: imxfb: warn about invalid left/right margin 6e88cc510f27 spi: bcm63xx: fix max prepend length 994c2ceb70ea igb: Fix igb_down hung on surprise removal a956c3af70fa wifi: iwlwifi: mvm: avoid baid size integer overflow 85cf0d5f45cb wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() 2864cc9a1fd1 devlink: report devlink_port_type_warn source device b6d9a4062c94 bpf: Address KCSAN report on bpf_lru_list 532f8bac6041 wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range 6b0c79aa3307 sched/fair: Don't balance task to its current running CPU 32020fc2a837 arm64: mm: fix VA-range sanity check c71d6934c6ac arm64: set __exception_irq_entry with __irq_entry as a default 71e3f2354072 ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) 776a72f612a8 ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 e090f70ae4cc ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A ae51eb90bcca btrfs: add xxhash to fast checksum implementations 322377cc909d posix-timers: Ensure timer ID search-loop limit is valid 634daf6b2c81 md/raid10: prevent soft lockup while flush writes b02939413e5c md: fix data corruption for raid456 when reshape restart while grow up 4a2c62c8d67c nbd: Add the maximum limit of allocated index in nbd_dev_add 5f84a34b646f debugobjects: Recheck debug_objects_enabled before reporting 5d5aa5b64887 ext4: correct inline offset when handling xattrs in inode body 48aa53937584 ASoC: fsl_sai: Disable bit clock with transmitter 5f2a12f64347 drm/client: Fix memory leak in drm_client_modeset_probe 105275879a80 drm/client: Fix memory leak in drm_client_target_cloned cf254b4f68e4 can: bcm: Fix UAF in bcm_proc_show() 3e412b6e2b57 regmap: Account for register length in SMBus I/O limits 8b3dd8d23fa0 regmap: Drop initial version of maximum transfer length fixes 4935761daa33 selftests: tc: add 'ct' action kconfig dep 1ab5aa1846a5 selftests: tc: set timeout to 15 minutes dad97c205af2 fuse: revalidate: don't invalidate if interrupted d2c667cc1831 btrfs: fix warning when putting transaction with qgroups enabled after abort 4410f4a938ae perf probe: Add test for regression introduced by switch to die_get_decl_file() 0a6b0ca58685 keys: Fix linking a duplicate key to a keyring's assoc_array a26208e184ae ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx ce2a7e7b504c ALSA: hda/realtek - remove 3k pull low procedure f09c0ac142c5 drm/atomic: Fix potential use-after-free in nonblocking commits 9a085fa9b7d6 RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests 73e72a5380a2 net/sched: sch_qfq: reintroduce lmax bound check for MTU 0b1ce92fabdb scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue 5addd62586a9 scsi: qla2xxx: Pointer may be dereferenced e8de73238d5d scsi: qla2xxx: Correct the index of array 921d68446255 scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() 2bea9c1c9831 scsi: qla2xxx: Fix potential NULL pointer dereference eecb8a491c82 scsi: qla2xxx: Fix buffer overrun bcd773969a87 scsi: qla2xxx: Array index may go out of bound a9fe97fb7b4e scsi: qla2xxx: Wait for io return on terminate rport 6ea2a408d3e3 tracing/probes: Fix not to count error code to total length 7060e5aac6dc tracing: Fix null pointer dereference in tracing_err_log_open() 81fb8a58d4ec xtensa: ISS: fix call to split_if_spec 5e68f1f3a20f ring-buffer: Fix deadloop issue on reading trace_pipe 1e760b2d18bf net: ena: fix shift-out-of-bounds in exponential backoff 1f2a8f083575 samples: ftrace: Save required argument registers in sample trampolines 1576f0df7b4d tracing/histograms: Add histograms to hist_vars if they have referenced variables 07edd294b16a s390/decompressor: fix misaligned symbol build error 5f4a1111ad04 Revert "8250: add support for ASIX devices with a FIFO bug" 7f2f0e6ec561 meson saradc: fix clock divider mask length 790e4e82c57d xhci: Show ZHAOXIN xHCI root hub speed correctly c52e04c58ded xhci: Fix TRB prefetch issue of ZHAOXIN hosts b56a07c2a550 xhci: Fix resume issue of some ZHAOXIN hosts 8e807eadf0b9 ceph: don't let check_caps skip sending responses for revoke msgs c04ed61ebf01 firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() 1962717c4649 tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk a49e5a05121c tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error 08673739ed85 serial: atmel: don't enable IRQs prematurely 4016d36fec63 drm/amd/display: Correct `DMUB_FW_VERSION` macro d89bd2ecd39b drm/rockchip: vop: Leave vblank enabled in self-refresh b9ec9372a47a drm/atomic: Allow vblank-enabled + self-refresh "disable" 23d5004ee7aa fs: dlm: return positive pid value for F_GETLK 5e9aff5b10c2 md/raid0: add discard support for the 'original' layout 8e3c7776405a misc: pci_endpoint_test: Re-init completion for every test cdf9a7e2cdc7 misc: pci_endpoint_test: Free IRQs before removing the device 8c90c466e38e PCI: rockchip: Set address alignment for endpoint mode f1986416cfb4 PCI: rockchip: Use u32 variable to access 32-bit registers 36eb13031227 PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core c417a4c7de1d PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked ddda61419af3 PCI: rockchip: Write PCI Device ID to correct register bec3e0f7f272 PCI: rockchip: Assert PCI Configuration Enable bit after probe 48e11e7c81b9 PCI: qcom: Disable write access to read only registers for IP v2.3.3 aca71b004a66 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 d3bab5de91c6 PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold 5a89a5cc817e hwrng: imx-rngc - fix the timeout for init and self check 47b7eaae08e8 jfs: jfs_dmap: Validate db_l2nbperpage while mounting 84293af5455b ext4: only update i_reserved_data_blocks on successful block allocation 0a5d12e7107e ext4: fix wrong unit use in ext4_mb_new_blocks 514220246aa8 ext4: get block from bh in ext4_free_blocks for fast commit replay d054422eb609 ext4: fix wrong unit use in ext4_mb_clear_bb be99faf0c4db ext4: Fix reusing stale buffer heads from last failed mounting 8fbe951d6546 MIPS: Loongson: Fix cpu_probe_loongson() again 8c723eef989b erofs: fix compact 4B support for 16k block size 3bd4d316b1a8 misc: fastrpc: Create fastrpc scalar with correct buffer count 3d1d037f2749 powerpc: Fail build if using recordmcount with binutils v2.37 fe1ae1fb507a net: bcmgenet: Ensure MDIO unregistration has clocks enabled 21d5d3eb36bf mtd: rawnand: meson: fix unaligned DMA buffers handling 9ff7fcb3a2ed tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation 59490249c2c0 pinctrl: amd: Only use special debounce behavior for GPIO 0 4f77a87ce919 pinctrl: amd: Detect internal GPIO0 debounce handling 3674b9c056ad pinctrl: amd: Fix mistake in handling clearing pins at startup b39ef5b52f10 f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() f4ff37981235 nvme-pci: fix DMA direction of unmapping integrity data 8359ee85fd6d net/sched: sch_qfq: account for stab overhead in qfq_enqueue 5bef780e06d2 net/sched: sch_qfq: refactor parsing of netlink parameters 1d7ae38daac7 net/sched: make psched_mtu() RTNL-less safe d5ca61b7642b netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() 9b69cdb6e534 net/sched: flower: Ensure both minimum and maximum ports are specified 934c85b8ecd1 wifi: airo: avoid uninitialized warning in airo_get_rate() 4511499138ae erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF bbc500ff3f2c riscv, bpf: Fix inconsistent JIT image generation a976adc3bca4 bpf, riscv: Support riscv jit to provide bpf_line_info eb3d1d84f3d6 riscv: bpf: Avoid breaking W^X 7c616437981f riscv: bpf: Move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core 83579a626169 igc: Fix inserting of empty frame for launchtime c48e8ee81ad3 igc: Fix launchtime before start of cycle cdf5b9af92da platform/x86: wmi: Break possible infinite loop when parsing GUID 7157ee0de522 platform/x86: wmi: move variables 4bb2bb69bd9a platform/x86: wmi: use guid_t and guid_equal() 88dfb592d2c1 platform/x86: wmi: remove unnecessary argument 2ad31ce40e81 ipv6/addrconf: fix a potential refcount underflow for idev 8271145523a5 NTB: ntb_tool: Add check for devm_kcalloc 41c6d8ff71cd NTB: ntb_transport: fix possible memory leak while device_register() fails 03cfa0653406 ntb: intel: Fix error handling in intel_ntb_pci_driver_init() 23e09f0a868f NTB: amd: Fix error handling in amd_ntb_pci_driver_init() 0bb2683b0cde ntb: idt: Fix error handling in idt_pci_driver_init() 3e8fed805cf3 udp6: fix udp6_ehashfn() typo d30ddd7ff15d icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). bc3ab5d2ab69 net: prevent skb corruption on frag list segmentation cddd04f34124 net: bgmac: postpone turning IRQs off to avoid SoC hangs f8cc4fd99a32 ionic: remove WARN_ON to prevent panic_on_warn 9085429821b4 gve: Set default duplex configuration to full 80e0e8d5f543 net/sched: cls_fw: Fix improper refcount update leads to use-after-free d341f246123e net: mvneta: fix txq_map in case of txq_number==1 c175603d84d3 scsi: qla2xxx: Fix error code in qla2x00_start_sp() b687b7836157 igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings 30c281a77fb1 net/mlx5e: Check for NOT_READY flag state after locking de6e6b07974c net/mlx5e: fix double free in mlx5e_destroy_flow_table 3d4bba694aed igc: Remove delay during TX ring configuration 2a587b71c532 drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags 547ab8ea86c1 drm/panel: simple: Add connector_type for innolux_at043tn24 13c353dc5c2e workqueue: clean up WORK_* constant types, clarify masking fc359e5b45da net: lan743x: Don't sleep in atomic context dc4a25fa7565 io_uring: add reschedule point to handle_tw_list() 297883bbcab1 io_uring: Use io_schedule* in cqring wait bb2f7e4bfe81 block/partition: fix signedness issue for Amiga partitions 4f91de9a81bd rcu-tasks: Simplify trc_read_check_handler() atomic operations 3a64cd01cdd6 rcu-tasks: Mark ->trc_reader_special.b.need_qs data races 058f077d09ba rcu-tasks: Mark ->trc_reader_nesting data races 83be9fd7843c tty: serial: fsl_lpuart: add earlycon for imx8ulp platform 999f3b6104ed wireguard: netlink: send staged packets when setting initial private key 1b7107040596 wireguard: queueing: use saner cpu selection wrapping ea213922249c netfilter: nf_tables: prevent OOB access in nft_byteorder_eval 4ae2e501331a netfilter: nf_tables: do not ignore genmask when looking up chain by id 8289d422f5e4 netfilter: conntrack: Avoid nf_ct_helper_hash uses after free be6478f5cce6 netfilter: nf_tables: fix scheduling-while-atomic splat a07e415be383 netfilter: nf_tables: unbind non-anonymous set if rule construction fails a136b7942ad2 netfilter: nf_tables: drop map element references from preparation phase 21cf0d66ef88 netfilter: nftables: rename set element data activation/deactivation functions 237f37f7b9f0 netfilter: nf_tables: reject unbound chain set before commit phase 0205dd16edeb netfilter: nf_tables: reject unbound anonymous set before commit phase 34d09fe49f59 netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain d53c295c1f43 netfilter: nf_tables: fix chain binding transaction logic 8180fc2fadd4 netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE e546e6ebb19d netfilter: nf_tables: add rescheduling points during loop detection walks 3f51f1157f67 netfilter: nf_tables: use net_generic infra for transaction data 01248dd65155 sh: pgtable-3level: Fix cast to pointer from integer of different size 87410743b548 block: add overflow checks for Amiga partition support f0aec6c403a0 selftests/bpf: Add verifier test for PTR_TO_MEM spill 88bffb61bc03 tpm, tpm_tis: Claim locality in interrupt handler 5bf73af8b382 fanotify: disallow mount/sb marks on kernel internal pseudo fs 5cb46b80ecda fs: no need to check source 66a0647cdc56 leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename 5d6fbb624576 ARM: orion5x: fix d2net gpio initialization 9b0f7940e212 ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path 1dac8584be0c ASoC: mediatek: mt8173: Fix irq error path 6819bb0b8552 btrfs: fix race when deleting quota root from the dirty cow roots list a3fbd156bd2c btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile 59efb8671105 fs: Lock moved directories c5b5e72df13d fs: Establish locking order for unrelated directories 4b03f503b730 Revert "f2fs: fix potential corruption when moving a directory" 2b563acd2dfa ext4: Remove ext4 locking of moved directory 5e7d18a52c88 fs: avoid empty option when generating legacy mount string 988a5d791156 jffs2: reduce stack usage in jffs2_build_xattr_subsystem() 5fada3751137 shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs 79bef379d55a autofs: use flexible array in ioctl structure 8bf91a8d4871 integrity: Fix possible multiple allocation in integrity_inode_get() 9658a03f80b2 um: Use HOST_DIR for mrproper a4405f6ee033 bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent db9439cef0b5 bcache: Remove unnecessary NULL point check in node allocations bcb295778afd bcache: fixup btree_cache_wait list damage dc3287206a32 mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used. 191628e2d96a mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS 02c8c2b5f680 mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M 6f9708e5c110 mmc: core: disable TRIM on Kingston EMMC04G-M627 28e649dc9947 io_uring: wait interruptibly for request completions on exit 8482ac2e5a26 NFSD: add encoding of op_recall flag for write delegation 8d36cb6d1aed i2c: qup: Add missing unwind goto in qup_i2c_probe() e41a8e461561 ALSA: jack: Fix mutex call in snd_jack_report() e71714ad24d8 i2c: xiic: Don't try to handle more interrupt events after error b6eefa7a27a6 i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() 023bd9dc410c apparmor: fix missing error check for rhashtable_insert_fast d1c946552af2 sh: dma: Fix DMA channel offset calculation 37750131d2a5 s390/qeth: Fix vipa deletion 9f5548e4214d net: dsa: tag_sja1105: fix MAC DA patching from meta frames 2758fb81bbc9 pptp: Fix fib lookup calls. 0b08ff091f31 net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX 2434a6715f59 xsk: Honor SO_BINDTODEVICE on bind b785ba0acc82 tcp: annotate data races in __tcp_oow_rate_limited() 73f512bedfd4 net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode 9a9d468fdcca powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y f970b05c9b76 octeontx2-af: Fix mapping for NIX block from CGX connection 5ded9e8aa53e f2fs: fix error path handling in truncate_dnode() 358145cc3797 mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 32b9c8f7892c spi: bcm-qspi: return error if neither hif_mspi nor mspi is available 1f3643f9cfca net: dsa: vsc73xx: fix MTU configuration c377451012ce Add MODULE_FIRMWARE() for FIRMWARE_TG357766. 6d2243ab783b sctp: fix potential deadlock on &net->sctp.addr_wq_lock 620993d5ee5b media: cec: i2c: ch7322: also select REGMAP f733a7bfe8f8 rtc: st-lpc: Release some resources in st_rtc_probe() in case of error aa70e5dd7268 pwm: sysfs: Do not apply state to already disabled PWMs 8a0413be8a1e pwm: imx-tpm: force 'real_period' to be zero in suspend e4845cdea71e phy: tegra: xusb: check return value of devm_kzalloc() 442e1a98bd02 mfd: stmpe: Only disable the regulators if they are enabled 724448d6021d KVM: s390: vsie: fix the length of APCB bitmap c5e2f6f2bb66 mfd: stmfx: Nullify stmfx->vdd in case of error 30ead8b9bf0d mfd: stmfx: Fix error path in stmfx_chip_init 4d2405147385 test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation 5b31ac1d6d88 serial: 8250_omap: Use force_suspend and resume for system suspend 8e00ae25a371 Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection" a81e1f22e17f mfd: intel-lpss: Add missing check for platform_get_resource 1dc07edc01d2 usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() 7ade555ac58d usb: common: usb-conn-gpio: Set last role to unknown before initial detection 0e9e127835c8 usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() a6171452085b usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() 96898fb476d1 KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes 4e8e838fce5e media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() b754ea60e690 media: venus: helpers: Fix ALIGN() of non power of two 02b22660231d mfd: rt5033: Drop rt5033-battery sub-device e52019c09535 coresight: Fix loss of connection info when a module is unloaded 018eddcb6bef kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR a59f64a83516 serial: 8250: lock port for UART_IER access in omap8250_irq() 8d65d0a2bfd5 serial: 8250: lock port for stop_rx() in omap8250_irq() d66ddb61fa23 usb: hide unused usbfs_notify_suspend/resume functions 56901de56335 usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() 6538e5d9f7eb extcon: Fix kernel doc of property capability fields to avoid warnings dac7d7efcb54 extcon: Fix kernel doc of property fields to avoid warnings 2788a3553f74 usb: gadget: u_serial: Add null pointer check in gserial_suspend 74f8606ddfa4 usb: dwc3: qcom: Fix potential memory leak bdce16c1e650 clk: qcom: ipq6018: fix networking resets ee3f494cfc3e clk: qcom: reset: support resetting multiple bits 35fd1a213fa4 clk: qcom: reset: Allow specifying custom reset delay d87ef4e857b7 media: usb: siano: Fix warning due to null work_func_t function pointer 300388887cbb media: videodev2.h: Fix struct v4l2_input tuner index comment 5f3f4aa673a0 media: usb: Check az6007_read() return value 32809afb6063 clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks bb81ca33ace3 serial: 8250: omap: Fix freeing of resources on failed register ed68e8e22ee1 sh: j2: Use ioremap() to translate device tree address into kernel memory a7890637b3b9 w1: fix loop in w1_fini() a27aeae714cd w1: w1_therm: fix locking behavior in convert_t cd5ec3ee52ce SUNRPC: Fix UAF in svc_tcp_listen_data_ready() e4a9b3333e67 block: change all __u32 annotations to __be32 in affs_hardblocks.h 54da6c4c143f block: fix signed int overflow in Amiga partition support b6a107c52073 phy: tegra: xusb: Clear the driver reference in usb-phy dev fac7be49f1e6 usb: dwc3: gadget: Propagate core init errors to UDC during pullup 8b0a55b59244 USB: serial: option: add LARA-R6 01B PIDs 810e401b34c4 io_uring: ensure IOPOLL locks around deferred work cd5837564ff5 hwrng: st - keep clock enabled while hwrng is registered 557e528255d5 dax: Introduce alloc_dev_dax_id() 94a85474f5e3 dax: Fix dax_mapping_release() use after free 7c9f5a14d93b NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION bab0bf567797 ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard cb0cdca5c979 modpost: fix off by one in is_executable_section() f0350516b9d2 crypto: marvell/cesa - Fix type mismatch warning b54069445591 modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} 88978ef7fdef modpost: fix section mismatch message for R_ARM_ABS32 31195ee328e9 crypto: nx - fix build warnings when DEBUG_FS is not enabled 77471e4912d3 hwrng: virtio - Fix race on data_avail and actual data e8f51401d642 hwrng: virtio - always add a pending request ffc5ce9c272f hwrng: virtio - don't waste entropy d13ea82bfe15 hwrng: virtio - don't wait on cleanup 5f23dae018c6 hwrng: virtio - add an internal buffer aba192bb31df powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary 7afd0de0cc14 powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo 7289ca7a5170 mm: rename p4d_page_vaddr to p4d_pgtable and make it return pud_t * bfad11018806 mm: rename pud_page_vaddr to pud_pgtable and make it return pmd_t * 07c19c0ad4b0 powerpc/powernv/sriov: perform null check on iov before dereferencing iov f3c7b95c9991 pinctrl: at91-pio4: check return value of devm_kasprintf() b7a38fc3f384 perf dwarf-aux: Fix off-by-one in die_get_varname() 75a3cb1e2317 perf script: Fix allocation of evsel->priv related to per-event dump files 647c6d35ccfe perf script: Fixup 'struct evsel_script' method prefix 958acb479ef2 kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures 5533f0eb0a29 pinctrl: cherryview: Return correct value if pin in push-pull mode 4b63caf86eda perf bench: Add missing setlocale() call to allow usage of %'d style formatting 345ee8521655 perf bench: Use unbuffered output when pipe/tee'ing to a file f0d2310f6b46 PCI: Add pci_clear_master() stub for non-CONFIG_PCI b65fe59b2d62 PCI: ftpci100: Release the clock resources cb389e8edf64 PCI: pciehp: Cancel bringup sequence if card is not present b9895a4c95f3 scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() 7badf4d6f49a PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free d27238fc83b9 pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors ac64019e4d4b scsi: qedf: Fix NULL dereference in error handling 8e9907e9219f PCI: cadence: Fix Gen2 Link Retraining process 07be8e60f27f ASoC: imx-audmix: check return value of devm_kasprintf() 714ba10a6dd1 ovl: update of dentry revalidate flags after copy up 47f4d875aa54 drivers: meson: secure-pwrc: always enable DMA domain 5f149d053898 clk: ti: clkctrl: check return value of kasprintf() fd9324fa4d81 clk: keystone: sci-clk: check return value of kasprintf() 0b754f9cfd66 clk: si5341: free unused memory on probe failure dc8d0178d506 clk: si5341: check return value of {devm_}kasprintf() dc3eef648055 clk: si5341: return error if one synth clock registration fails 040113980081 clk: si5341: Add sysfs properties to allow checking/resetting device faults fc813d05739e clk: si5341: Allow different output VDD_SEL values f64fcd3acf1f clk: cdce925: check return value of kasprintf() 866d4340c6c9 clk: vc5: check memory returned by kasprintf() c67a55f7cc8d drm/msm/dp: Free resources after unregistering them c3b63584d8c2 drm/msm/dpu: do not enable color-management if DSPPs are not available f923a582217b ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer 404e9f741acf clk: tegra: tegra124-emc: Fix potential memory leak cb047c13bbf9 clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() 294321349bd3 clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe e749bc5a9054 RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context 9341501e2f7a RDMA/bnxt_re: wraparound mbox producer index 968e27fd037e amdgpu: validate offset_in_bo of drm_amdgpu_gem_va e070120e6d68 drm/radeon: fix possible division-by-zero errors a77b80825bf1 drm/amdkfd: Fix potential deallocation of previously deallocated memory. 245aa7c0233e ARM: dts: BCM5301X: fix duplex-full => full-duplex 7e2edb84fe7c hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 580e9b987b89 hwmon: (adm1275) Allow setting sample averaging a3c5d148b78b hwmon: (adm1275) enable adm1272 temperature reporting 4610efa404be hwmon: (gsc-hwmon) fix fan pwm temperature scaling 6e12311dcedd ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx badeb7fe2450 ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2 17cd31487dc3 arm64: dts: ti: k3-j7200: Fix physical address of pin ce6e0434e502 fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() 34e1e2f3cf5a arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 6817914c67b7 ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier 220f86cc19dc RDMA/hns: Fix hns_roce_table_get return value 9196f44239cf RDMA/hns: Clean the hardware related code for HEM aa495b927f9c RDMA/hns: Use refcount_t APIs for HEM de1049dd18bd RDMA/hns: Fix coding style issues cc1b04b699e6 RDMA: Remove uverbs_ex_cmd_mask values that are linked to functions 7dcb9ea3ee4b IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate 6cf8f3d690bb IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors 2d38866a99ba IB/hfi1: Use bitmap_zalloc() when applicable 42b6865bf58c soc/fsl/qe: fix usb.c build errors 9c14d1406662 ARM: dts: meson8: correct uart_B and uart_C clock references 684a2f180e46 ASoC: es8316: Do not set rate constraints for unsupported MCLKs d883e16c7f35 ASoC: es8316: Increment max value for ALC Capture Target Volume control 105af71974ea memory: brcmstb_dpfe: fix testing array offset after use ddc74d6ea3dc ARM: dts: stm32: Shorten the AV96 HDMI sound card name 392ee3cc995d arm64: dts: qcom: apq8096: fix fixed regulator name property c85a076215a9 ARM: omap2: fix missing tick_broadcast() prototype aec18da74194 ARM: ep93xx: fix missing-prototype warnings b574cd7e4dfc drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H 02d8b008ffee arm64: dts: qcom: msm8996: correct camss unit address 6d103b1cc133 arm64: dts: qcom: msm8994: correct SPMI unit address 160ac75a5a82 arm64: dts: qcom: msm8916: correct camss unit address e8b131d21638 ARM: dts: gta04: Move model property out of pinctrl node b0b180a712ee RDMA/bnxt_re: Fix to remove an unnecessary log 446092f136d3 RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid b54b26ac50a2 RDMA/bnxt_re: Use unique names while registering interrupts 11bd3882c3a6 RDMA/bnxt_re: Fix to remove unnecessary return labels 7080ef46ad3d RDMA/bnxt_re: Disable/kill tasklet only if it is enabled 2a9895df8088 arm64: dts: microchip: sparx5: do not use PSCI on reference boards 726fdf47c148 bus: ti-sysc: Fix dispc quirk masking bool variables 8ee24ddf45f0 ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards 617a4da09d77 drm/panel: sharp-ls043t1le01: adjust mode settings 3c87c98225be drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` 39305592dc97 Input: adxl34x - do not hardcode interrupt trigger type e629efc6d602 ARM: dts: meson8b: correct uart_B and uart_C clock references bd46ade71497 ARM: dts: BCM5301X: Drop "clock-names" from the SPI node 20ecae1af578 drm/vram-helper: fix function names in vram helper doc 46a34e145955 drm/bridge: tc358768: fix THS_TRAILCNT computation f2f7d0a4a22a drm/bridge: tc358768: fix TXTAGOCNT computation 8e47328fe089 drm/bridge: tc358768: fix THS_ZEROCNT computation 6b9450723bab drm/bridge: tc358768: fix TCLK_TRAILCNT computation 33abcfbb17b0 drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation 43b2d11ccffb drm/bridge: tc358768: fix TCLK_ZEROCNT computation 46b741718989 drm/bridge: tc358768: fix PLL target frequency 825b00c68589 drm/bridge: tc358768: fix PLL parameters computation 1b4f23fdf27f drm/bridge: tc358768: always enable HS video mode 4e0fd4f54bea Input: drv260x - sleep between polling GO bit 2780d5844855 drm/amd/display: Explicitly specify update type per plane info change b2213fc60b83 radeon: avoid double free in ci_dpm_init() 472a615e66b9 netlink: Add __sock_i_ino() for __netlink_diag_dump(). d10b38036977 ipvlan: Fix return value of ipvlan_queue_xmit() 5215c0096839 netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 9bdcda7abaf2 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one 36e07e8acfb9 lib/ts_bm: reset initial match offset for every block of text 96f2c6f272ec net: nfc: Fix use-after-free caused by nfc_llcp_find_local a3a1550c4d2e nfc: llcp: simplify llcp_sock_connect() error paths cb1aa7cc562c sfc: fix crash when reading stats while NIC is resetting 6ccfec84f025 net: axienet: Move reset before 64-bit DMA detection bccc7ace12e6 gtp: Fix use-after-free in __gtp_encap_destroy(). 4d9cd4b330d8 selftests: rtnetlink: remove netdevsim device after ipsec offload test 44db85c6e1a1 netlink: do not hard code device address lenth in fdb dumps cde7b90e0539 netlink: fix potential deadlock in netlink_set_err() 0c9e48428f6b net: stmmac: fix double serdes powerdown 1ba91ffa1a0e igc: Fix race condition in PTP tx code 660d4e73efb0 wifi: ath9k: convert msecs to jiffies where needed 150ca0768b50 wifi: cfg80211: rewrite merging of inherited elements 4e321c18ef92 wifi: iwlwifi: pull from TXQs with softirqs disabled 2715617c2aad rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO 581401cd3cf9 wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() 6b22c2c649a1 memstick r592: make memstick_debug_get_tpc_name() static 6cb477e7226b kexec: fix a memory leak in crash_shrink_memory() fdb07728d8ff watchdog/perf: more properly prevent false positives with turbo modes ac23d7f41426 watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config 22da8363e35f wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown b2aeb97fd470 wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled 1044187e7249 wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes c10c6ea9b3a2 wifi: ray_cs: Fix an error handling path in ray_probe() 8825991838fc wifi: ray_cs: Drop useless status variable in parse_addr() a66e3fd3801a wifi: ray_cs: Utilize strnlen() in parse_addr() 18d71562f70d wifi: wl3501_cs: Fix an error handling path in wl3501_probe() b6f793de619b wl3501_cs: use eth_hw_addr_set() cbd44a9e1cf1 net: create netdev->dev_addr assignment helpers 13cf0e3894d1 wl3501_cs: Fix misspelling and provide missing documentation 5512db9bd404 wifi: atmel: Fix an error handling path in atmel_probe() 86ebbcbdc7b1 wifi: orinoco: Fix an error handling path in orinoco_cs_probe() fb7d78feb55a wifi: orinoco: Fix an error handling path in spectrum_cs_probe() 8782dc2504da regulator: core: Streamline debugfs operations 92bcd8494126 regulator: core: Fix more error checking for debugfs_create_dir() 78f390aa0eb5 bpftool: JIT limited misreported as negative value on aarch64 107e849f3c6a nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() 0be9de2ea01e nfc: constify several pointers to u8, char and sk_buff ef7fe1b5c4fb libbpf: fix offsetof() and container_of() to work with CO-RE b190ced50a5e sctp: add bpf_bypass_getsockopt proto callback 08f61a349135 bpf: Remove extra lock_sock for TCP_ZEROCOPY_RECEIVE c62e2ac02e28 wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() 3ae910a375b6 wifi: wilc1000: fix for absent RSN capabilities WFA testcase 795ef550307c spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG bd3e880dce27 samples/bpf: Fix buffer overflow in tcp_basertt 250efb4d3f5b wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx 0f3f41b47533 wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation cbd0f41a5362 igc: Enable and fix RX hash usage by netstack a14cb307267b pstore/ram: Add check for kstrdup 628709a05708 ima: Fix build warnings 16ec59c03ad2 evm: Complete description of evm_inode_setattr() cba85e1cb79f x86/mm: Fix __swp_entry_to_pte() for Xen PV guests 365f546de584 perf/ibs: Fix interface via core pmu events 604d6a5ff718 rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale d414e24d1509 rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup() ecc5e6dbc269 rcuscale: Move shutdown from wait_event() to wait_event_idle() b62c816bdb5e rcuscale: Always log error message 8cd9917c13a7 rcuscale: Console output claims too few grace periods 456f783b83f8 thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() bacc49b2d561 cpufreq: intel_pstate: Fix energy_performance_preference for passive a8bfe527556b ARM: 9303/1: kprobes: avoid missing-declaration warnings a50b75c13d37 powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 23f6efd22644 perf/arm-cmn: Fix DTC reset b69868d50df4 PM: domains: fix integer overflow issues in genpd_parse_state() ebdff0986513 clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe a2f83a4c7cb5 tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode(). f1be1ed32daa posix-timers: Prevent RT livelock in itimer_delete() b315d57da456 irqchip/jcore-aic: Fix missing allocation of IRQ descriptors 495cee0e1417 irqchip/jcore-aic: Kill use of irq_create_strict_mappings() 9d1cccdad080 md/raid10: fix io loss while replacement replace rdev 2990e2ece18d md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request b1d8f38310bc md/raid10: fix wrong setting of max_corr_read_errors b3a0bc4a01fa md/raid10: fix overflow of md/safe_mode_delay 39fa14e824ac md/raid10: check slab-out-of-bounds in md_bitmap_get_counter 8563b58a4360 blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost 3db97cc79b82 x86/resctrl: Only show tasks' pid in current pid namespace 1a82005f3f63 fs: pipe: reveal missing function protoypes f70407e8e027 nubus: Partially revert proc_create_single_data() conversion 0336c8f07223 drm/amdgpu: Validate VM ioctl flags. c484b65f93e0 scripts/tags.sh: Resolve gtags empty index generation 649104c834ba Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe" 02a4c4e225f4 HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651. 9598a647ecc8 HID: wacom: Use ktime_t rather than int when dealing with timestamps 2bf70b88cc35 fbdev: imsttfb: Fix use after free bug in imsttfb_probe 5b813734a0d2 video: imsttfb: check for ioremap() failures 02fbf62df99f can: isotp: isotp_sendmsg(): fix return error fix on TX path 8667f7113107 x86/smp: Use dedicated cache-line for mwait_play_dead() 1d0fe3fb5d4b media: atomisp: fix "variable dereferenced before check 'asd'" Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 5feaa9811a..5b59ebac16 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "0a7d0eaa4e53eede45702dde31a3580e4cce0034" -SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d" +SRCREV_machine ?= "40d51460c17be51e4ebcdcc54a8ee8c86707c56c" +SRCREV_meta ?= "9b0d4e338b1bbdd683347cf9365bacfec2169035" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.187" +LINUX_VERSION ?= "5.10.188" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 1e401e2499..3a58a1a659 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.187" +LINUX_VERSION ?= "5.10.188" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine:qemuarm ?= "54fe699b2a16739a9fb3905d3a6c6ff7475214ea" -SRCREV_machine ?= "2fe6f9bdf89df6d468f7e2c7fc070993a11f029a" -SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d" +SRCREV_machine:qemuarm ?= "41daa5d20567419e303d0b684fd3c3c859446d24" +SRCREV_machine ?= "085bed8577aa6435339ff83339e38dfd9e7994a6" +SRCREV_meta ?= "9b0d4e338b1bbdd683347cf9365bacfec2169035" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 93eff2bd58..6807a6b2d8 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,23 +13,23 @@ KBRANCH:qemux86 ?= "v5.10/standard/base" KBRANCH:qemux86-64 ?= "v5.10/standard/base" KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "ca4bf25fb041f115ee9144acf175266e7d2c5495" -SRCREV_machine:qemuarm64 ?= "7ef1d2f467aa45b98241421262e607ec080e0921" -SRCREV_machine:qemumips ?= "f275b4829346d60d1cb600d4b8195eb6812361fd" -SRCREV_machine:qemuppc ?= "af1960c76a2c940eee2e7b4c20e07c248b030b02" -SRCREV_machine:qemuriscv64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" -SRCREV_machine:qemuriscv32 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" -SRCREV_machine:qemux86 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" -SRCREV_machine:qemux86-64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f" -SRCREV_machine:qemumips64 ?= "2f630e9e4b3c809cf48d8e252477845c405195cc" -SRCREV_machine ?= "c4d95d557212e22763382fd345d8c7efc92f825f" -SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d" +SRCREV_machine:qemuarm ?= "66536572b0fe35ac0e5158d69d12641281ab93ef" +SRCREV_machine:qemuarm64 ?= "00d0178dae976305eaecc7fc119da63930bcf07f" +SRCREV_machine:qemumips ?= "8cc44bb4c536028438decbb5abf2d8b731898ec0" +SRCREV_machine:qemuppc ?= "1f2a193c7f82e2f2c7eefc2fa35dce5b96cc3ba9" +SRCREV_machine:qemuriscv64 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c" +SRCREV_machine:qemuriscv32 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c" +SRCREV_machine:qemux86 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c" +SRCREV_machine:qemux86-64 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c" +SRCREV_machine:qemumips64 ?= "2fe172b06a5b6d8840c0c0226a1501b627b9e703" +SRCREV_machine ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c" +SRCREV_meta ?= "9b0d4e338b1bbdd683347cf9365bacfec2169035" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.187" +LINUX_VERSION ?= "5.10.188" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Aug 17 02:49:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29027 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 712D1C2FC14 for ; Thu, 17 Aug 2023 02:50:26 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.178871.1692240618979775695 for ; Wed, 16 Aug 2023 19:50:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=ImdtkzaR; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1bbff6b2679so47775485ad.1 for ; Wed, 16 Aug 2023 19:50:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240618; x=1692845418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HMpexHpfzxTry30ar6ne/TkIaOzYupZ6yuK1eoqGbvU=; b=ImdtkzaRGmD4RTN3+Bc+6/lSX4MVHBfrYQRapbr+/wolglhbadhmasVMzZAKKczO57 fOBEfgyWS6YkV5ozh8257fw9RGkmaub7HEGyIlHfeIvP9zUyVFqbWQMHYRTmVEXVkOMK JoY5PM+hBmCVGTXdwW5MDlfTd6P8Ww/6NmZEdWft9pW3SZOXs2B2Hv7JTHrCkEvr5CKO MRpe+SrILwE3ckPCFSQ+FN0NGzIQ8hT/ec7KQ4jvrowJB19LQLzRi5Oo7B50rBtSDTR7 b4YFyGuHIULeJui5avChEt44A4wGi44jxJ8DxI5XlyxG0XDk+Zrtc4K6a0UCOQAJ0PbK Ictg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240618; x=1692845418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HMpexHpfzxTry30ar6ne/TkIaOzYupZ6yuK1eoqGbvU=; b=SV5JkNx/+iFUm+ZvRIQGO4Ja6l3G3WEuTtERtdQBRr8B4QNUSWYGxzegLWpEAqUYVg A0JGrpsVyjSUSHNq1SIV6vi5m+PN6p5TD5m0PbHd3UnTocZlMuu0FCSCSKV+XgVdzlR7 jDL917XMX0cYbRuXpmMdMTTfN+s+BbK7vox9etG1/Hd7KHFgBR7XUDNVuE/Ns8q3/Iuq qLAKtefsuIRhXfajRu+bAtp3z23EJ3pdC5W8bGlWnkR9VMY2xmu1n1PRuD61vrk9fvVq swzOWZSG4qyhN+MsT9X9tLylRQBaFfRRHRBj6eEI0ir2Suao3orLA1X6QhJV2zJ7LkKe OnTA== X-Gm-Message-State: AOJu0YwCZNzpGTEjbiotYP0iyoyxeA5TjD50PEWtl/v8lf1q9bvkSNsr aMD3wu1VBWviifCrdKpQPbvcT+0Ms9qDHwP6GgY= X-Google-Smtp-Source: AGHT+IEPcDOlFP0qsRBLkYP7KG3JLZN+FXOqKqwzJ5cAMhjSjDMI6aEt9u3zu38VqL+/gYAN11Si7w== X-Received: by 2002:a17:903:428c:b0:1b9:e591:db38 with SMTP id ju12-20020a170903428c00b001b9e591db38mr3372025plb.8.1692240618135; Wed, 16 Aug 2023 19:50:18 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/16] linux-firmware: Fix mediatek mt7601u firmware path Date: Wed, 16 Aug 2023 16:49:44 -1000 Message-Id: <8f041ef841e03996768fb7e0a96a4a4d066eb796.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186277 From: Marek Vasut The following linux-firmware commit moved the mt7601u firmware blob into a mediatek/ subdirectory, update the path accordingly. 8451c2b1 ("mt76xx: Move the old Mediatek WiFi firmware to mediatek") (From OE-Core rev: 6fa5c4967a7e70192e9233c92534f27ec3e394c8) Fixes: 64603f602d ("linux-firmware: upgrade 20230404 -> 20230515") Signed-off-by: Marek Vasut Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb index 3470131294..d304b75c5f 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb @@ -417,7 +417,7 @@ LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" FILES:${PN}-mt7601u = " \ - ${nonarch_base_libdir}/firmware/mt7601u.bin \ + ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \ " RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license" From patchwork Thu Aug 17 02:49:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29028 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73363C2FC0F for ; Thu, 17 Aug 2023 02:50:26 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web10.178872.1692240620878145835 for ; Wed, 16 Aug 2023 19:50:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=0b/oWzrX; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1bf1935f6c2so303915ad.1 for ; Wed, 16 Aug 2023 19:50:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240620; x=1692845420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=omK6XyEFiySa5gphkQSO8qk5UCXr3Gnbh1P/x/5UCAk=; b=0b/oWzrX+KRtXDI4Chfnxxdn8h5GpUFeXVo4xRG6Hby8z+i6s7dRLsdQ0yVY/Kgss1 nXSs1gxXfJwdKxscidVDSyVn+7AOuSB8siGYdjsQtmM9rNf0KxSZzkTCADBEkFPKot9m oIzucRyTkCZwBI7f+OvfMRu1G9vw7GzxNJPutO7DAyI86NALkZpd6CqlhL0IB7HDHiYk MHQudsk4VZ+i61bIif712b0nMN6SG8YldgfnfC65Vr9uD4kmKV4DW2HvIU+tt9Fg4+Ag TxdyZA0BvGnPtFGBoqNuZfNUUSZbL/hNTgeRKmIIjQcbknoyuSVH+JG3B0D6lBQ13WUt 2xBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240620; x=1692845420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=omK6XyEFiySa5gphkQSO8qk5UCXr3Gnbh1P/x/5UCAk=; b=NF4LA7k1WVZI5emsT4AD7f3xYZ0NS8NP+xSf4RHyyA7K9rxFzTl/mmtqI2HzXoMWLP haIZD/S8ahosNSlt6zVivE9HUd449ljpildS0pvWPSQarRClDNk/Kjbz+pbFo/7fTyiQ Snb0h2jv06M3tNPPkgkPcgq2sX9dKz7BowmqT4WRuTaBqmw1PBk/cW/vMJUye04qjqee XDtj2kJt+ROYtHF5EvL8SbcYRHxjigCRn9djBffHOryBjCWXIbSXpXmW0sCx0jObv7Yv LZGY/z5VJbK0olJb0oPPyM65KREy0kPU+Lcf6Xz0deq87xctbxVAN/dZ167niW/qyc5T P7iw== X-Gm-Message-State: AOJu0Yw/0MfeHnxPWBX4MNTkvcm+KJN/c7SxzEmA3fxOCSMmmI4wzWjk oSw+KCGGqa0OWxR4YIrlOjS2tbUexjzST4DK2nw= X-Google-Smtp-Source: AGHT+IGhZ6zs8JwueMQaee+kgNRWP2kjKtalgjc4+RmZYUr+Dmfh1KZLUEgwc+c0/mGi3gz2qGV9Dg== X-Received: by 2002:a17:902:ec90:b0:1b8:6245:1235 with SMTP id x16-20020a170902ec9000b001b862451235mr1730943plg.13.1692240619994; Wed, 16 Aug 2023 19:50:19 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/16] npm.bbclass: avoid DeprecationWarning with new python Date: Wed, 16 Aug 2023 16:49:45 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186278 From: Martin Jansa meta/classes-recipe/npm.bbclass:85: DeprecationWarning: invalid escape sequence '\.' '--transform', 's,^\./,package/,', Signed-off-by: Martin Jansa Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/classes/npm.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass index 8379c7b988..45e6b4fac7 100644 --- a/meta/classes/npm.bbclass +++ b/meta/classes/npm.bbclass @@ -82,7 +82,7 @@ def npm_pack(env, srcdir, workdir): subprocess.run(['tar', 'czf', tarball, '--exclude', './node-modules', '--exclude-vcs', - '--transform', 's,^\./,package/,', + '--transform', r's,^\./,package/,', '--mtime', '1985-10-26T08:15:00.000Z', '.'], check = True, cwd = srcdir) From patchwork Thu Aug 17 02:49:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64116C41513 for ; Thu, 17 Aug 2023 02:50:26 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web11.178672.1692240622718312595 for ; Wed, 16 Aug 2023 19:50:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=L+NGGKEm; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1bdb7b0c8afso35694025ad.3 for ; Wed, 16 Aug 2023 19:50:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240622; x=1692845422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Yj/6B5frgtvZWhCe/vEf6XI2gmm+OWKJtU5Y+27Cngs=; b=L+NGGKEmYu0g2I3WWOXiLKI/KS2dA/ODvJ5PCRcZqh5cSd65NTQSR3kH0DgJj8hefV 3+cLI7d9W8wVJtP64GhgpdQV4OJi5ngHMyz+mbvtUhzzLJzmCJxqPnEwAX+UnOX6zZIR PcKYtWC8tgYJbHnxDMtRKHtzEFbV3UajbxNNdhTW90W/pydmb0tQrFAYd75HkCKCM6NV nCAHxdCh4bnyaAczlHQJcTzC2qWftv+gcLtN2TbW2e7dFhBz4NQk7wAwtlYsCc80LJjy IYm5A2JPTEfigj0ej4LM00rSDo+q40FrgYVMLCVEcQj0KrinJxJrxo7Sn0sIJ4ZLJtcw 0gCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240622; x=1692845422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Yj/6B5frgtvZWhCe/vEf6XI2gmm+OWKJtU5Y+27Cngs=; b=Z51FTVnQNHqOfPmRIBeSg8ksaNc3f/1f7haMma83ieQ4HRZqKdwWWOOFFv7BIpBlFO /CDq+fek06JscZ3xRDZx6+04icNccs0BBhofS4Wi4P3UWgXX0NNbQF2FBvKHCl5MF/e2 2wPeFyRK0KWNoZckwGrCr/mq0wJR8X3Wm/yScnZl2UBK0pZ9B90c/tdAzII5hwaMht9g sSMl6CcPRZ+LALGAT8wH+l0jhiKQ9L7Ws2eJzHEmO62jBf1wWSow8GFYIc4eM2xpaYl1 CwdJoBZiMK3poBZBz6xAmmU8MJluTdnFfkhXQV8qOig3PAfPezo9XjFPljKctLZPjDVK KkCQ== X-Gm-Message-State: AOJu0Yz8C4f/KXjNZSEbU5ikikddTeRtLx3MTD57+yFbzu9ZkYiDPG17 hZRFX64qlrF7Fhbg5UYRewOVbs/wBqgoGOxtnGs= X-Google-Smtp-Source: AGHT+IErQXqOxBXAg4F8WaBAYAm+WyNEosOzoXx/8XtI98wXJ3xf+b6yPQ6CMVRRxnEnoOThSiRDKg== X-Received: by 2002:a17:902:c94d:b0:1b3:d4ae:7e21 with SMTP id i13-20020a170902c94d00b001b3d4ae7e21mr3729422pla.63.1692240621889; Wed, 16 Aug 2023 19:50:21 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/16] scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2 Date: Wed, 16 Aug 2023 16:49:46 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186279 From: Pavel Zhukov bzip2 is in HOSTTOOLS already and used in few other places already. This fixes bin_package class for RPM packages without adding bunzip2 to HOSTTOOLS. Signed-off-by: Pavel Zhukov Signed-off-by: Luca Ceresoli (cherry picked from commit eb3ec7469fff857c819332371ad1d586f43c79c3) Signed-off-by: Steve Sakoman --- scripts/rpm2cpio.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh index 7cd771bbe7..2034373fe4 100755 --- a/scripts/rpm2cpio.sh +++ b/scripts/rpm2cpio.sh @@ -47,7 +47,7 @@ calcsize $(($offset + (8 - ($sigsize % 8)) % 8)) hdrsize=$rsize case "$(_dd $offset bs=3 count=1)" in - "$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a' + "$(printf '\102\132')"*) _dd $offset | bzip2 -d ;; # '\x42\x5a' "$(printf '\037\213')"*) _dd $offset | gunzip ;; # '\x1f\x8b' "$(printf '\375\067')"*) _dd $offset | xzcat ;; # '\xfd\x37' "$(printf '\135\000')"*) _dd $offset | unlzma ;; # '\x5d\x00' From patchwork Thu Aug 17 02:49:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 640E5C05052 for ; Thu, 17 Aug 2023 02:50:26 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.178875.1692240624761936230 for ; Wed, 16 Aug 2023 19:50:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=Gvgg8EJ6; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-686bc261111so5201348b3a.3 for ; Wed, 16 Aug 2023 19:50:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240624; x=1692845424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uwwFMPeS8VZ06Jrs//ZUTZdOPTKRZh93wUTnuISWKuY=; b=Gvgg8EJ6+VoGT3fWUE3NclaxTzLk1xOenpnSdxQh7pCvQmz91TVbICLFaeLG97Amv4 r4Gntj4good9ZhlcQobyTHUWnbgtyKGDA/VnhA95tyGxDRXpoH6PGagIX5mtGXCHZpIh DlBI7BGQKYEMsk7fx6pfCzRydNO9WnluiuL1alfgUZ9UvEFoViiJtD2PB/oJ4JZ9DFyJ +9J0n+ZF0Bi2z83FtyPG/SAuGJUMZRqW9oGwIpcUdPAuw4VUwLeoUGx5p/VE8fhUGsEJ 5LqPZDqGtgHKLm6cAlm3wuERgtUOKpKdXi5SVYQ3cl8LzZmSFEt0iKaxy05tXfLnla3o sS+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240624; x=1692845424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uwwFMPeS8VZ06Jrs//ZUTZdOPTKRZh93wUTnuISWKuY=; b=YsIM9DrLiKviSAe1twb3gRcofzSO9ANjsI5a/5iDKkR9QdvswZsgnYqMGSlgDPlOiz e6tLjK72BdfFa5Y3XG2aqCVqeBlbSRlYhlDDCDTNjXPVrfExvuJJDcJnYAslxvY+iTh3 HMEioWkH67UvhtfDTI2IjFIiAYi4J9rLiqP3LzuEapRCWqpK3zkd+ApMjwT7F/GiOfP4 mPsehfnXqp4c439crnDT/Vl+t6P7isg9S9P2PFwt0+SoVdu0bIoM7vBNf1u9c4GPzgF7 Miyg6sm1OCNNX7b3AnOzRKOSD8ZNNryeBNyWTcz2+8FuKNQzRONzPPZGXi1tFai+kAA5 qFIQ== X-Gm-Message-State: AOJu0Ywbv6C2B9MB3UczlG1qvFfHmLbuYFc6q3RUmj6AJG+OKALOH+BR rn5mnutVyw/poez6lBilbLtDkog7PoFqLInttPI= X-Google-Smtp-Source: AGHT+IGkktIzJWD9IWZf6FwbwNI3nSFeK1B+41QWmFvgLiYh45MmijfDSneJSRVuZt1E7QROqtNeJw== X-Received: by 2002:a05:6a20:144d:b0:126:f64b:6689 with SMTP id a13-20020a056a20144d00b00126f64b6689mr4670889pzi.12.1692240623877; Wed, 16 Aug 2023 19:50:23 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/16] rpm2cpio.sh: update to the last 4.x version Date: Wed, 16 Aug 2023 16:49:47 -1000 Message-Id: <9c0d66e693aa7ab8b3f2a3c68764e4ab6159c085.1692239433.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186280 From: Alberto Planas openSUSE RPMs are compressing the RPM payload using zstd, that correspond to the magic ID 0x28, 0xb5, 0x2f. This patch update the script to the last version from the rpm project, and add support to this compression format, and extract the cpio payload using the "unzstd" binary. Signed-off-by: Alberto Planas Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 3aba44a75dd565b192f7328f2a0150a313de3cc1) Signed-off-by: Steve Sakoman --- scripts/rpm2cpio.sh | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh index 2034373fe4..8199b43784 100755 --- a/scripts/rpm2cpio.sh +++ b/scripts/rpm2cpio.sh @@ -7,7 +7,7 @@ fatal() { } pkg="$1" -[ -n "$pkg" -a -e "$pkg" ] || +[ -n "$pkg" ] && [ -e "$pkg" ] || fatal "No package supplied" _dd() { @@ -16,14 +16,23 @@ _dd() { } calcsize() { + + case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in + "$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8' + *) fatal "File doesn't look like rpm: $pkg" ;; + esac + offset=$(($1 + 8)) local i b b0 b1 b2 b3 b4 b5 b6 b7 i=0 while [ $i -lt 8 ]; do - b=$(_dd $(($offset + $i)) bs=1 count=1; echo X) - b=${b%X} + # add . to not loose \n + # strip \0 as it gets dropped with warning otherwise + b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)" + b=${b%.} # strip . again + [ -z "$b" ] && b="0" || b="$(exec printf '%u\n' "'$b")" @@ -35,7 +44,7 @@ calcsize() { offset=$(($offset + $rsize)) } -case "$(_dd 0 bs=8 count=1)" in +case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in "$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb' *) fatal "File doesn't look like rpm: $pkg" ;; esac @@ -46,10 +55,11 @@ sigsize=$rsize calcsize $(($offset + (8 - ($sigsize % 8)) % 8)) hdrsize=$rsize -case "$(_dd $offset bs=3 count=1)" in - "$(printf '\102\132')"*) _dd $offset | bzip2 -d ;; # '\x42\x5a' - "$(printf '\037\213')"*) _dd $offset | gunzip ;; # '\x1f\x8b' - "$(printf '\375\067')"*) _dd $offset | xzcat ;; # '\xfd\x37' - "$(printf '\135\000')"*) _dd $offset | unlzma ;; # '\x5d\x00' - *) fatal "Unrecognized rpm file: $pkg" ;; +case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in + "$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a' + "$(printf '\037\213')") _dd $offset | gunzip ;; # '\x1f\x8b' + "$(printf '\375\067')") _dd $offset | xzcat ;; # '\xfd\x37' + "$(printf '\135')") _dd $offset | unlzma ;; # '\x5d\x00' + "$(printf '\050\265')") _dd $offset | unzstd ;; # '\x28\xb5' + *) fatal "Unrecognized payload compression format in rpm file: $pkg" ;; esac From patchwork Thu Aug 17 02:49:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 29030 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D32DC05052 for ; Thu, 17 Aug 2023 02:50:36 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.178878.1692240626426906396 for ; Wed, 16 Aug 2023 19:50:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208 header.b=Msz+q/DC; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1bc6535027aso61081215ad.2 for ; Wed, 16 Aug 2023 19:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1692240625; x=1692845425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FeilMslX91QWPJpBLmlKli7SvyCOklSQTB0dW5UTQmY=; b=Msz+q/DC1OW6qbUn1kLnqCQJntk5UKxsuo0hwRJb7ykAYkkrGP0SwgzRm3iW6J5bS4 YEexS34k4dY/zCreSGd9YpLjFSH5tD595CZgqDnMhIb24KFg5aPeqiWN+3/JrFLLWPCb 1ts+Ge8NKm9lm3toQckYT3JUfUwcM912ekkbKBPltnSJUPMRLJBHRTugQ+wwE7bj7xvS SoGgRlLK1k9BhufkSTqjtE8TaIDGO/WWFzMsggboku5yCZDYDP4tOl3St6KoTCBaBEQe 76LZx04LDsv3hlMLBwAQghDNNM2wMaRGSMdbECdnZ8MKX3qzE30lv3En0NeQD7OalJnE xDxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692240625; x=1692845425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FeilMslX91QWPJpBLmlKli7SvyCOklSQTB0dW5UTQmY=; b=YHKeLOoTILNF/LKBfgVAgJLXbgB0TZnkBExCt7XaPn1vyx3M/ZjDA+tQZHtwApxikU qo2RrvqPD5SxJazcFWZ9Yf6LVbR2R6Av6SzrOrX4NQkg5QVS056zz4y/bOQmSAAViTkc +qZn6kwVeyWWfzw+h8GQ6VltCVCS3XTbmhocoPc0LXa2eQX16njAbKkpjaIxOn+W4pB3 /KMPFceVRcZNItnOgpg9XsUPfSoX7+Z1NQ1yf66adUBcAWOiCJ3HBtqGSKUCGe2UnKEU WWz6tSeWKWaSYhVkdzdnoSlcWlMIsLDWOgcIHIpd8A8Kx3bkG/dpuYnT36q718XoyZoE 7cDQ== X-Gm-Message-State: AOJu0YyvxaBsSXstGLONfe5u+4YJ68V9E65LbFil1RVl8iwO5gytrEHA +pnCoRzh6G4jhvhtr/iLKmAIeVI3igjorwqd53w= X-Google-Smtp-Source: AGHT+IHdVQRlAUDS/0Jvm0tKQLHdOYfyRVFIHTBORR1KR9/B8Do91HbHEQhCT449UI89NSXHdv92eQ== X-Received: by 2002:a17:903:228a:b0:1bb:3498:9caa with SMTP id b10-20020a170903228a00b001bb34989caamr4727532plh.58.1692240625630; Wed, 16 Aug 2023 19:50:25 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id o5-20020a170902d4c500b001bb9bc8d232sm13827594plg.61.2023.08.16.19.50.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Aug 2023 19:50:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/16] libxcrypt: update PV to match SRCREV Date: Wed, 16 Aug 2023 16:49:48 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Aug 2023 02:50:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186281 From: Alexander Kanavin When SRCREV was updated, only libxcrypt-compat was renamed to match, but not libxcrypt proper. Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit 98c89359532778a894f50ddea1cc6ab922d6e562) Signed-off-by: Steve Sakoman --- .../libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} (100%) diff --git a/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb b/meta/recipes-core/libxcrypt/libxcrypt_4.4.33.bb similarity index 100% rename from meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb rename to meta/recipes-core/libxcrypt/libxcrypt_4.4.33.bb