From patchwork Fri Jan 21 14:50:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2773 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8A17C433EF for ; Fri, 21 Jan 2022 14:51:12 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:12 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=GL64gbTh; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776671; x=1674312671; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=Y68fqiHd8cGo5XkypwK43sW4M/C7f2YPNyhLt6EFxsk=; b=GL64gbThF1DuBTz26CU9hqdFRLHUuKbAgsrUjA3fBMtfsRZ4/3lI3R6t W4iGGdP2dAIAV6UwNPxSTsNsgJzfrvu51ArPe/7NlupxVxYwz09x7NkU3 qEzZUh0g4fE80lIsEmxPYtL4RTLzPxXgb8UfSdAmrBwtYRr6FgVm0ALTj kSO6KR3m2zmiB58dIQtfMrHLBpGbMW8iUBn3hTFLFTbE34O1AZtOSBX6N Qs9CoxPXroUv8q7uQt3LZK1MVSKJnUtl94Si+3UUhvIfT5R+AYHQFfO6v HpkxyAIDO891Ug/Bk1H/fq0R27rJaDpfF0s85aM3XIR4R3ErP5N6TAQej A==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886017" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886017" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:11 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336612" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:10 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 01/15] go: upgrade 1.16.10 -> 1.16.13 Date: Fri, 21 Jan 2022 22:50:49 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160832 From: Sakib Sajal Release 1.16.13 includes fixes for CVE-2021-44716 and CVE-2021-44717. Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal --- meta/recipes-devtools/go/{go-1.16.10.inc => go-1.16.13.inc} | 4 ++-- ...o-binary-native_1.16.10.bb => go-binary-native_1.16.13.bb} | 4 ++-- ...cross-canadian_1.16.10.bb => go-cross-canadian_1.16.13.bb} | 0 .../go/{go-cross_1.16.10.bb => go-cross_1.16.13.bb} | 0 .../go/{go-crosssdk_1.16.10.bb => go-crosssdk_1.16.13.bb} | 0 .../go/{go-native_1.16.10.bb => go-native_1.16.13.bb} | 0 .../go/{go-runtime_1.16.10.bb => go-runtime_1.16.13.bb} | 0 meta/recipes-devtools/go/{go_1.16.10.bb => go_1.16.13.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.16.10.inc => go-1.16.13.inc} (91%) rename meta/recipes-devtools/go/{go-binary-native_1.16.10.bb => go-binary-native_1.16.13.bb} (83%) rename meta/recipes-devtools/go/{go-cross-canadian_1.16.10.bb => go-cross-canadian_1.16.13.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.16.10.bb => go-cross_1.16.13.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.16.10.bb => go-crosssdk_1.16.13.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.16.10.bb => go-native_1.16.13.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.16.10.bb => go-runtime_1.16.13.bb} (100%) rename meta/recipes-devtools/go/{go_1.16.10.bb => go_1.16.13.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.16.10.inc b/meta/recipes-devtools/go/go-1.16.13.inc similarity index 91% rename from meta/recipes-devtools/go/go-1.16.10.inc rename to meta/recipes-devtools/go/go-1.16.13.inc index 08c85b275b..8675afc3bb 100644 --- a/meta/recipes-devtools/go/go-1.16.10.inc +++ b/meta/recipes-devtools/go/go-1.16.13.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.10" +PV = "1.16.13" FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -18,7 +18,7 @@ SRC_URI += "\ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \ " -SRC_URI[main.sha256sum] = "a905472011585e403d00d2a41de7ced29b8884309d73482a307f689fd0f320b5" +SRC_URI[main.sha256sum] = "b0926654eaeb01ef43816638f42d7b1681f2d3f41b9559f07735522b7afad41a" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.10.bb b/meta/recipes-devtools/go/go-binary-native_1.16.13.bb similarity index 83% rename from meta/recipes-devtools/go/go-binary-native_1.16.10.bb rename to meta/recipes-devtools/go/go-binary-native_1.16.13.bb index 4866c9f847..6e498a17be 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.16.10.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.16.13.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "414cd18ce1d193769b9e97d2401ad718755ab47816e13b2a1cde203d263b55cf" -SRC_URI[go_linux_arm64.sha256sum] = "bfe1d4b82626c742b4690a832ca59a21e3d702161556f3c0ed26dffb368927e9" +SRC_URI[go_linux_amd64.sha256sum] = "275fc03c90c13b0bbff13125a43f1f7a9f9c00a0d5a9f2d5b16dbc2fa2c6e12a" +SRC_URI[go_linux_arm64.sha256sum] = "3dd8e14837105cbfedf7124c7f8c524ce492748c370036c7316ef99e18d116d7" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.10.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.16.10.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb diff --git a/meta/recipes-devtools/go/go-cross_1.16.10.bb b/meta/recipes-devtools/go/go-cross_1.16.13.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.16.10.bb rename to meta/recipes-devtools/go/go-cross_1.16.13.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.10.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.13.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.16.10.bb rename to meta/recipes-devtools/go/go-crosssdk_1.16.13.bb diff --git a/meta/recipes-devtools/go/go-native_1.16.10.bb b/meta/recipes-devtools/go/go-native_1.16.13.bb similarity index 100% rename from meta/recipes-devtools/go/go-native_1.16.10.bb rename to meta/recipes-devtools/go/go-native_1.16.13.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.16.10.bb b/meta/recipes-devtools/go/go-runtime_1.16.13.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.16.10.bb rename to meta/recipes-devtools/go/go-runtime_1.16.13.bb diff --git a/meta/recipes-devtools/go/go_1.16.10.bb b/meta/recipes-devtools/go/go_1.16.13.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.16.10.bb rename to meta/recipes-devtools/go/go_1.16.13.bb From patchwork Fri Jan 21 14:50:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA6F8C433FE for ; Fri, 21 Jan 2022 14:51:15 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:13 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Ysgh9hPp; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776673; x=1674312673; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=SKjO06aPzbUU5RkdokaexV1Orz3+vTw6+pyNwUuEJiM=; b=Ysgh9hPpbHo2R5LveV1fKJCLTR3xz/5FZCj6fy7LaGZ8TmW46qaQbjyg 08rB37FGVOl7NuK1Irc5LHwbqZWfH9bfodnlwUoFjzrsD0hYn66m1Ee5+ kCmvk5yllJlToltqGtgpohOHRja8zb3/qYfFzdbiJeU6tzrILyXZV/MAO ///5HKuIs2z+uxBHNyvHQB4D9vkOAB6BpemhIBwAqIKkBUBWHbw90dPGA zrrmNztdXO1vwUCc6iMPynPNdWkalrW85fNWj/9JOYC5X8uvifW+2djEx uT+tSsWe6GMWzcGyJ0H2Bag9I9XTXCtU6Dlx5HTsv4OdB4Qydl1GfaAk0 A==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886027" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886027" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:12 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336639" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:11 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 02/15] libsndfile1: fix CVE-2021-4156 Date: Fri, 21 Jan 2022 22:50:50 +0800 Message-Id: <64d9f9ab59a00bed946bd89896263ff74f3af0e5.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160833 From: Changqing Li Signed-off-by: Changqing Li Signed-off-by: Anuj Mittal --- .../libsndfile1/CVE-2021-4156.patch | 32 +++++++++++++++++++ .../libsndfile/libsndfile1_1.0.28.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch new file mode 100644 index 0000000000..b0ff1a0885 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch @@ -0,0 +1,32 @@ +From 5adbc377cd90aa40f0cd56ae325ca70065a8aa19 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 13 Jan 2022 16:45:59 +0800 +Subject: [PATCH] flac: Fix improper buffer reusing + +CVE: CVE-2021-4156.patch +Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/issues/731] + +Signed-off-by: Changqing Li +--- + src/flac.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/flac.c b/src/flac.c +index 0be82ac..6548bba 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len) + /* Decode some more. */ + while (pflac->pos < pflac->len) + { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0) ++ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ; ++ /* Current frame is busted, so NULL the pointer. */ ++ pflac->frame = NULL ; + break ; ++ } + state = FLAC__stream_decoder_get_state (pflac->fsd) ; + if (state >= FLAC__STREAM_DECODER_END_OF_STREAM) + { psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ; +-- +2.17.1 + diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 044881a859..8eb007884e 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ file://CVE-2017-12562.patch \ file://CVE-2018-19758.patch \ file://CVE-2019-3832.patch \ + file://CVE-2021-4156.patch \ " SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" From patchwork Fri Jan 21 14:50:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2774 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4A33C433F5 for ; Fri, 21 Jan 2022 14:51:15 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:14 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Isik2Rir; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776674; x=1674312674; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=gg1Z3M4c1S4T0vB9jt9L0SRVjSjJ8rSrvohU202E08A=; b=Isik2Rirb7GO/759dA6pe1ZOaBfEX4xupdLGcSSOHLINRKCFgae8VC61 WqO0NMiFUM9YjiZ3cH+KBqofbQdWesMjZ6G5w+maPCvIL1mRkDZ9Pq1b4 VJx9RsY3lbE1XaHYNoJ+n/r5llc0SHEa2497HxaooxQi/ri7eez3KINvY k1SfRUo3GThmfi+F1NdaVLT+jFkn4CzSIl1+14tid8IQjmYRgmoDf8TAD 7tONbIlJntkcBp3rHQNvCFySAUdhW4DG4Z+7HuLZOBiqchdyh06bXkY0b t8IkFgTfw0/HeFCV5chJOnntsQOlweRsBvkyfgIj7vSyaKKFf3QK4a8EU A==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886035" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886035" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:14 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336657" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:13 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 03/15] arch-armv8-5a.inc: Add tune include for armv8.5a Date: Fri, 21 Jan 2022 22:50:51 +0800 Message-Id: <8cd6d67c08b275f81a5467aeba1192bce957f604.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160834 From: Kevin Hao This adds support for the armv8.5a architecture and the crypto extension. (From OE-Core rev: 0cb1a6d9cb4c32526d79dad93c8053b3793053f8) Signed-off-by: Kevin Hao Signed-off-by: Richard Purdie [Kevin: Convert to the old style override syntax] Signed-off-by: Kevin Hao Signed-off-by: Anuj Mittal --- .../machine/include/arm/arch-armv8-5a.inc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 meta/conf/machine/include/arm/arch-armv8-5a.inc diff --git a/meta/conf/machine/include/arm/arch-armv8-5a.inc b/meta/conf/machine/include/arm/arch-armv8-5a.inc new file mode 100644 index 0000000000..44c3b5bd22 --- /dev/null +++ b/meta/conf/machine/include/arm/arch-armv8-5a.inc @@ -0,0 +1,19 @@ +DEFAULTTUNE ?= "armv8-5a" + +TUNEVALID[armv8-5a] = "Enable instructions for ARMv8.5-a" +TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'armv8-5a', ' -march=armv8.5-a', '', d)}" +# TUNE crypto will be handled by arch-armv8a.inc below +MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'armv8-5a', 'armv8-5a:', '', d)}" + +require conf/machine/include/arm/arch-armv8a.inc + +# Little Endian base configs +AVAILTUNES += "armv8-5a armv8-5a-crypto" +ARMPKGARCH_tune-armv8-5a ?= "armv8-5a" +ARMPKGARCH_tune-armv8-5a-crypto ?= "armv8-5a" +TUNE_FEATURES_tune-armv8-5a = "aarch64 armv8-5a" +TUNE_FEATURES_tune-armv8-5a-crypto = "${TUNE_FEATURES_tune-armv8-5a} crypto" +PACKAGE_EXTRA_ARCHS_tune-armv8-5a = "${PACKAGE_EXTRA_ARCHS_tune-armv8a} armv8-5a" +PACKAGE_EXTRA_ARCHS_tune-armv8-5a-crypto = "${PACKAGE_EXTRA_ARCHS_tune-armv8-5a} armv8-5a-crypto" +BASE_LIB_tune-armv8-5a = "lib64" +BASE_LIB_tune-armv8-5a-crypto = "lib64" From patchwork Fri Jan 21 14:50:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2776 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE152C4332F for ; Fri, 21 Jan 2022 14:51:17 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:17 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=fZlA0Erd; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776676; x=1674312676; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=kE60vFa/vfEsIRKtXR1qL7pbYANgluz/+xrsMphzJdE=; b=fZlA0ErddDiso7EP2Kfwm+7u+t8HUz85D5Atq/GUVF7HB7N90H/zWaCg ceRkW3ghJCebLMvIfcQ5zJ2VFQUMR2w/xrEDeF3BY+WtMpe4VHLPf7WrE Qf6tyvY4tj4ZpUwaukYdCcSW7tqlX0DrVA7Sg4gjorTcMDKSo77Gh7A3I fIgma+JzlDhXjOQCfdlTzCiEJL6J09dLi6tXyzL2ovLAZBArFqIq5bpjd Fn6DOWW/tyfIRpdKbnjjJ0SzQ6dDmtjbTeDyhV0t9GjChmgxalqP7dbGn dB4Lp2dYPB9x+x9Qzo1d7MXLm5tV6d2zH+x2+Y40TnKdAotB32th01ZIg Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886042" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886042" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:16 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336677" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:14 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 04/15] armv9a/tune: Add the support for the Neoverse N2 core Date: Fri, 21 Jan 2022 22:50:52 +0800 Message-Id: <3ceee568313ea7cd3afe33df8119319644e12fa4.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160835 From: Kevin Hao This adds the support for the Neoverse N2 core, even though the Neoverse N2 core implements the Arm v9.0-A architecture, but the support of it in GCC is based on the Arm v8.5-A architecture. Please see the commit 50d9db203bc3 ("aarch64: Add support for Neoverse N2 CPU") in GCC for more detail. (From OE-Core rev: 37597397f03b6b0082a702147dc536ff8b2fa7a3) Signed-off-by: Kevin Hao Signed-off-by: Richard Purdie [Kevin: Convert to the old style override syntax] Signed-off-by: Kevin Hao Signed-off-by: Anuj Mittal --- .../include/arm/armv9a/tune-neoversen2.inc | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc diff --git a/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc b/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc new file mode 100644 index 0000000000..dedabcf46e --- /dev/null +++ b/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc @@ -0,0 +1,22 @@ +# +# Tune Settings for Neoverse-N2 +# +DEFAULTTUNE ?= "neoversen2" + +TUNEVALID[neoversen2] = "Enable Neoverse-N2 specific processor optimizations" +TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'neoversen2', ' -mcpu=neoverse-n2', '', d)}" + +# Even though the Neoverse N2 core implemnts the Arm v9.0-A architecture, +# but the support of it in GCC is based on the Arm v8.5-A architecture. +require conf/machine/include/arm/arch-armv8-5a.inc + +# Little Endian base configs +AVAILTUNES += "neoversen2 neoversen2-crypto" +ARMPKGARCH_tune-neoversen2 = "neoversen2" +ARMPKGARCH_tune-neoversen2-crypto = "neoversen2-crypto" +TUNE_FEATURES_tune-neoversen2 = "${TUNE_FEATURES_tune-armv8-5a} neoversen2" +TUNE_FEATURES_tune-neoversen2-crypto = "${TUNE_FEATURES_tune-neoversen2} crypto" +PACKAGE_EXTRA_ARCHS_tune-neoversen2 = "${PACKAGE_EXTRA_ARCHS_tune-armv8-5a} neoversen2" +PACKAGE_EXTRA_ARCHS_tune-neoversen2-crypto = "${PACKAGE_EXTRA_ARCHS_tune-armv8-5a-crypto} neoversen2 neoversen2-crypto" +BASE_LIB_tune-neoversen2 = "lib64" +BASE_LIB_tune-neoversen2-crypto = "lib64" From patchwork Fri Jan 21 14:50:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2778 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BADE4C433EF for ; Fri, 21 Jan 2022 14:51:19 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:19 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=d377HHQu; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776678; x=1674312678; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=NCX68SwwBpAGsEVEOJ/KtjQeL3HjnsXTUzcAk6z63n8=; b=d377HHQuKoE+2XQFbgZJBJIY8HO1CZWuypK9ZbN/vlOrwT2J1el66Chd IWs7k2Mezqc9Sg4qXuQxSM6MfRHr1ljw9zSVAdxsYtsz7T2v3N1bkwQiX I3sqxLBYPNkh1+R4ws7zM0DYv6xBXpDkgM6Pc8FES0Nxjyd3JVCBtDvAK MDk978W9kG6U6lXiOVz/oaLMsBtByo0b0lJRZhxDunD+tlGjq7pI4YfJO CZA/jZUEz1xyJ3LFu8PW/P1VzcOlHwY2h8wVO0BvA3vVuyG+r4LFbvt32 LoWsKtl2tMLN5gKXx28oBU4FW7MnMyc2TDmlPhLkFgeSvikNW0jcuWyhL A==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886053" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886053" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:18 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336689" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:16 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 05/15] curl: Backport CVE fixes Date: Fri, 21 Jan 2022 22:50:53 +0800 Message-Id: <705718cfe243e05e0975bad3b822666363ef55df.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160836 From: Robert Joslyn Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945, CVE-2021-22946, and CVE-2021-22947. * https://curl.se/docs/CVE-2021-22922.html * https://curl.se/docs/CVE-2021-22923.html * https://curl.se/docs/CVE-2021-22945.html * https://curl.se/docs/CVE-2021-22946.html * https://curl.se/docs/CVE-2021-22947.html 22922 and 22923 were fixed by upstream by simply removing metalink support in newer versions. These are mitigated in older versions by disabling metalink support, which was already done by the recipe, so whitelist these CVEs. 22945, 22946, and 22947 are backported with only trivial patch fuzz modifications. Signed-off-by: Robert Joslyn Signed-off-by: Anuj Mittal --- .../curl/curl/CVE-2021-22945.patch | 35 ++ .../curl/curl/CVE-2021-22946.patch | 333 ++++++++++++++++ .../curl/curl/CVE-2021-22947.patch | 357 ++++++++++++++++++ meta/recipes-support/curl/curl_7.75.0.bb | 8 + 4 files changed, 733 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22945.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22946.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22947.patch diff --git a/meta/recipes-support/curl/curl/CVE-2021-22945.patch b/meta/recipes-support/curl/curl/CVE-2021-22945.patch new file mode 100644 index 0000000000..44c42632ed --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22945.patch @@ -0,0 +1,35 @@ +From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001 +From: z2_ on hackerone <> +Date: Tue, 24 Aug 2021 09:50:33 +0200 +Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds + +CVE-2021-22945 + +Bug: https://curl.se/docs/CVE-2021-22945.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49] + +Signed-off-by: Robert Joslyn + +--- + lib/mqtt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/mqtt.c b/lib/mqtt.c +index f077e6c3d..fcd40b41e 100644 +--- a/lib/mqtt.c ++++ b/lib/mqtt.c +@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, + mq->sendleftovers = sendleftovers; + mq->nsend = nsend; + } ++ else { ++ mq->sendleftovers = NULL; ++ mq->nsend = 0; ++ } + return result; + } + +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl/CVE-2021-22946.patch b/meta/recipes-support/curl/curl/CVE-2021-22946.patch new file mode 100644 index 0000000000..1cb95f0ea7 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22946.patch @@ -0,0 +1,333 @@ +From 7c6e072216001fb1280d1868adfdcb54e3372ce7 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat +Date: Wed, 8 Sep 2021 11:56:22 +0200 +Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd + +In imap and pop3, check if TLS is required even when capabilities +request has failed. + +In ftp, ignore preauthentication (230 status of server greeting) if TLS +is required. + +Bug: https://curl.se/docs/CVE-2021-22946.html + +CVE-2021-22946 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca] + +Signed-off-by: Robert Joslyn + +--- + lib/ftp.c | 9 ++++--- + lib/imap.c | 24 ++++++++---------- + lib/pop3.c | 33 +++++++++++------------- + tests/data/Makefile.inc | 2 ++ + tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ + tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ + 7 files changed, 195 insertions(+), 36 deletions(-) + create mode 100644 tests/data/test984 + create mode 100644 tests/data/test985 + create mode 100644 tests/data/test986 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 3818a9e..8b3fe1d 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2665,9 +2665,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + /* we have now received a full FTP server response */ + switch(ftpc->state) { + case FTP_WAIT220: +- if(ftpcode == 230) +- /* 230 User logged in - already! */ +- return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ if(ftpcode == 230) { ++ /* 230 User logged in - already! Take as 220 if TLS required. */ ++ if(data->set.use_ssl <= CURLUSESSL_TRY || ++ conn->bits.ftp_use_control_ssl) ++ return ftp_state_user_resp(data, ftpcode, ftpc->state); ++ } + else if(ftpcode != 220) { + failf(data, "Got a %03d ftp-server response when 220 was expected", + ftpcode); +diff --git a/lib/imap.c b/lib/imap.c +index 2d80699..b056208 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -933,22 +933,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, + line += wordlen; + } + } +- else if(imapcode == IMAP_RESP_OK) { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(imapc->tls_supported) +- /* Switch to TLS connection now */ +- result = imap_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = imap_perform_authentication(data, conn); +- else { +- failf(data, "STARTTLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } ++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { ++ /* PREAUTH is not compatible with STARTTLS. */ ++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { ++ /* Switch to TLS connection now */ ++ result = imap_perform_starttls(data, conn); + } +- else ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) + result = imap_perform_authentication(data, conn); ++ else { ++ failf(data, "STARTTLS not available."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + else + result = imap_perform_authentication(data, conn); +diff --git a/lib/pop3.c b/lib/pop3.c +index 0ed3d3e..018fda1 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -738,28 +738,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, + } + } + } +- else if(pop3code == '+') { +- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { +- /* We don't have a SSL/TLS connection yet, but SSL is requested */ +- if(pop3c->tls_supported) +- /* Switch to TLS connection now */ +- result = pop3_perform_starttls(data, conn); +- else if(data->set.use_ssl == CURLUSESSL_TRY) +- /* Fallback and carry on with authentication */ +- result = pop3_perform_authentication(data, conn); +- else { +- failf(data, "STLS not supported."); +- result = CURLE_USE_SSL_FAILED; +- } +- } +- else +- result = pop3_perform_authentication(data, conn); +- } + else { + /* Clear text is supported when CAPA isn't recognised */ +- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; ++ if(pop3code != '+') ++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; + +- result = pop3_perform_authentication(data, conn); ++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) ++ result = pop3_perform_authentication(data, conn); ++ else if(pop3code == '+' && pop3c->tls_supported) ++ /* Switch to TLS connection now */ ++ result = pop3_perform_starttls(data, conn); ++ else if(data->set.use_ssl <= CURLUSESSL_TRY) ++ /* Fallback and carry on with authentication */ ++ result = pop3_perform_authentication(data, conn); ++ else { ++ failf(data, "STLS not supported."); ++ result = CURLE_USE_SSL_FAILED; ++ } + } + + return result; +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index e08cfc7..e6e2551 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -115,6 +115,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ + test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + \ ++test984 test985 test986 \ ++\ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ + test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ +diff --git a/tests/data/test984 b/tests/data/test984 +new file mode 100644 +index 0000000..e573f23 +--- /dev/null ++++ b/tests/data/test984 +@@ -0,0 +1,56 @@ ++ ++ ++ ++IMAP ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++REPLY CAPABILITY A001 BAD Not implemented ++ ++ ++ ++# ++# Client-side ++ ++ ++SSL ++ ++ ++imap ++ ++ ++IMAP require STARTTLS with failing capabilities ++ ++ ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd ++ ++ ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# 64 is CURLE_USE_SSL_FAILED ++ ++64 ++ ++ ++A001 CAPABILITY ++ ++ ++ +diff --git a/tests/data/test985 b/tests/data/test985 +new file mode 100644 +index 0000000..d0db4aa +--- /dev/null ++++ b/tests/data/test985 +@@ -0,0 +1,54 @@ ++ ++ ++ ++POP3 ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++REPLY CAPA -ERR Not implemented ++ ++ ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++ ++ ++ ++# ++# Client-side ++ ++ ++SSL ++ ++ ++pop3 ++ ++ ++POP3 require STARTTLS with failing capabilities ++ ++ ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# 64 is CURLE_USE_SSL_FAILED ++ ++64 ++ ++ ++CAPA ++ ++ ++ +diff --git a/tests/data/test986 b/tests/data/test986 +new file mode 100644 +index 0000000..a709437 +--- /dev/null ++++ b/tests/data/test986 +@@ -0,0 +1,53 @@ ++ ++ ++ ++FTP ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++REPLY welcome 230 Welcome ++REPLY AUTH 500 unknown command ++ ++ ++ ++# Client-side ++ ++ ++SSL ++ ++ ++ftp ++ ++ ++FTP require STARTTLS while preauthenticated ++ ++ ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++ ++ ++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret ++ ++ ++ ++# Verify data after the test has been "shot" ++ ++# 64 is CURLE_USE_SSL_FAILED ++ ++64 ++ ++ ++AUTH SSL ++AUTH TLS ++ ++ ++ +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl/CVE-2021-22947.patch b/meta/recipes-support/curl/curl/CVE-2021-22947.patch new file mode 100644 index 0000000000..9bd9890d72 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22947.patch @@ -0,0 +1,357 @@ +From f3f2d2554d09ca0e13039e4915b83faaa55961c4 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat +Date: Tue, 7 Sep 2021 13:26:42 +0200 +Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response + + pipelining + +If a server pipelines future responses within the STARTTLS response, the +former are preserved in the pingpong cache across TLS negotiation and +used as responses to the encrypted commands. + +This fix detects pipelined STARTTLS responses and rejects them with an +error. + +CVE-2021-22947 + +Bug: https://curl.se/docs/CVE-2021-22947.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68] + +Signed-off-by: Robert Joslyn + +--- + lib/ftp.c | 3 +++ + lib/imap.c | 4 +++ + lib/pop3.c | 4 +++ + lib/smtp.c | 4 +++ + tests/data/Makefile.inc | 2 +- + tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ + tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ + tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ + tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ + 9 files changed, 236 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test980 + create mode 100644 tests/data/test981 + create mode 100644 tests/data/test982 + create mode 100644 tests/data/test983 + +diff --git a/lib/ftp.c b/lib/ftp.c +index 8b3fe1d..a55566a 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -2727,6 +2727,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, + case FTP_AUTH: + /* we have gotten the response to a previous AUTH command */ + ++ if(pp->cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ ++ + /* RFC2228 (page 5) says: + * + * If the server is willing to accept the named security mechanism, +diff --git a/lib/imap.c b/lib/imap.c +index b056208..9230f17 100644 +--- a/lib/imap.c ++++ b/lib/imap.c +@@ -962,6 +962,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, + + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.imapc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(imapcode != IMAP_RESP_OK) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/pop3.c b/lib/pop3.c +index 018fda1..4f953f7 100644 +--- a/lib/pop3.c ++++ b/lib/pop3.c +@@ -769,6 +769,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.pop3c.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(pop3code != '+') { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied"); +diff --git a/lib/smtp.c b/lib/smtp.c +index 1fc8800..51445f6 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -832,6 +832,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, + CURLcode result = CURLE_OK; + (void)instate; /* no use for this yet */ + ++ /* Pipelining in response is forbidden. */ ++ if(data->conn->proto.smtpc.pp.cache_size) ++ return CURLE_WEIRD_SERVER_REPLY; ++ + if(smtpcode != 220) { + if(data->set.use_ssl != CURLUSESSL_TRY) { + failf(data, "STARTTLS denied, code %d", smtpcode); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index e6e2551..22d7a0b 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -115,7 +115,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ + test954 test955 test956 test957 test958 test959 test960 test961 test962 \ + test963 test964 test965 test966 test967 test968 test969 test970 test971 \ + \ +-test984 test985 test986 \ ++test980 test981 test982 test983 test984 test985 test986 \ + \ + test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ + test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ +diff --git a/tests/data/test980 b/tests/data/test980 +new file mode 100644 +index 0000000..97567f8 +--- /dev/null ++++ b/tests/data/test980 +@@ -0,0 +1,52 @@ ++ ++ ++ ++SMTP ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++CAPA STARTTLS ++AUTH PLAIN ++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted ++REPLY AUTH 535 5.7.8 Authentication credentials invalid ++ ++ ++ ++# ++# Client-side ++ ++ ++SSL ++ ++ ++smtp ++ ++ ++SMTP STARTTLS pipelined server response ++ ++ ++mail body ++ ++ ++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# 8 is CURLE_WEIRD_SERVER_REPLY ++ ++8 ++ ++ ++EHLO %TESTNUMBER ++STARTTLS ++ ++ ++ +diff --git a/tests/data/test981 b/tests/data/test981 +new file mode 100644 +index 0000000..2b98ce4 +--- /dev/null ++++ b/tests/data/test981 +@@ -0,0 +1,59 @@ ++ ++ ++ ++IMAP ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++CAPA STARTTLS ++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted ++REPLY LOGIN A003 BAD Authentication credentials invalid ++ ++ ++ ++# ++# Client-side ++ ++ ++SSL ++ ++ ++imap ++ ++ ++IMAP STARTTLS pipelined server response ++ ++ ++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl ++ ++ ++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) ++From: Fred Foobar ++Subject: afternoon meeting ++To: joe@example.com ++Message-Id: ++MIME-Version: 1.0 ++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII ++ ++Hello Joe, do you think we can meet at 3:30 tomorrow? ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# 8 is CURLE_WEIRD_SERVER_REPLY ++ ++8 ++ ++ ++A001 CAPABILITY ++A002 STARTTLS ++ ++ ++ +diff --git a/tests/data/test982 b/tests/data/test982 +new file mode 100644 +index 0000000..9e07cc0 +--- /dev/null ++++ b/tests/data/test982 +@@ -0,0 +1,57 @@ ++ ++ ++ ++POP3 ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++CAPA STLS USER ++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated ++REPLY PASS -ERR Authentication credentials invalid ++ ++ ++From: me@somewhere ++To: fake@nowhere ++ ++body ++ ++-- ++ yours sincerely ++ ++ ++ ++# ++# Client-side ++ ++ ++SSL ++ ++ ++pop3 ++ ++ ++POP3 STARTTLS pipelined server response ++ ++ ++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# 8 is CURLE_WEIRD_SERVER_REPLY ++ ++8 ++ ++ ++CAPA ++STLS ++ ++ ++ +diff --git a/tests/data/test983 b/tests/data/test983 +new file mode 100644 +index 0000000..300ec45 +--- /dev/null ++++ b/tests/data/test983 +@@ -0,0 +1,52 @@ ++ ++ ++ ++FTP ++STARTTLS ++ ++ ++ ++# ++# Server-side ++ ++ ++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete ++REPLY PASS 530 Login incorrect ++ ++ ++ ++# Client-side ++ ++ ++SSL ++ ++ ++ftp ++ ++ ++FTP STARTTLS pipelined server response ++ ++ ++data ++ to ++ see ++that FTPS ++works ++ so does it? ++ ++ ++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP ++ ++ ++ ++# Verify data after the test has been "shot" ++ ++# 8 is CURLE_WEIRD_SERVER_REPLY ++ ++8 ++ ++ ++AUTH SSL ++ ++ ++ +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl_7.75.0.bb b/meta/recipes-support/curl/curl_7.75.0.bb index d64e5e1f79..accede604c 100644 --- a/meta/recipes-support/curl/curl_7.75.0.bb +++ b/meta/recipes-support/curl/curl_7.75.0.bb @@ -21,6 +21,9 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2021-22901.patch \ file://CVE-2021-22924.patch \ file://CVE-2021-22926.patch \ + file://CVE-2021-22945.patch \ + file://CVE-2021-22946.patch \ + file://CVE-2021-22947.patch \ " SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026" @@ -28,6 +31,10 @@ SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb3 # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" +# These only apply when using --with-libmetalink, but --without-libmetalink is +# set below. +CVE_CHECK_WHITELIST += "CVE-2021-22922 CVE-2021-22923" + inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" @@ -65,6 +72,7 @@ PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threade PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" +# Keep --without-libmetalink to mitigate CVE-2021-22922 and CVE-2021-22923 EXTRA_OECONF = " \ --disable-libcurl-option \ --disable-ntlm-wb \ From patchwork Fri Jan 21 14:50:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B546EC433FE for ; Fri, 21 Jan 2022 14:51:20 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:20 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=eYBWgVDG; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776680; x=1674312680; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=6+205rq7ZN0gsNdmpk2H0OyY92PggDXCZYSqVRzdoiE=; b=eYBWgVDG7rxwh36e8S/Z73fg7cvfbgACXyf2Q5CsWUP3C5NyrrIfA7FW hSBCNUHVsVzhhwA43SfUJ24HwLRansFqwa82VK+IrMQqvNJomYujPc90w IboHCG7B45e4geVPJVRVJkrkx/7+LqARgdXhaSi1Owyh/+DifFG9D16bl LLxUChrJaS6+R96nZlVjYVsBidyNm32Byq5yO4sAqzN7l3NbSKdEwAFlV G+3vOhi/v3IpQ+uCcvdNjCjUHWdAEz4zIFJrrCEINbQWiHkL+fJUnJWFF r0mvmUqwDbci3BJMYdhX02yf8plAN5RomEGTlbRFUq2acqjivRRi6TrIH Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886057" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886057" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:20 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336716" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:18 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 06/15] scripts: Update to use exec_module() instead of load_module() Date: Fri, 21 Jan 2022 22:50:54 +0800 Message-Id: <85194f3264551adfffd168dd55e7f2a77f517a55.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160837 From: Richard Purdie This is deprecated in python 3.12 and Fedora 35 is throwing warnings so move to the new functions. Signed-off-by: Richard Purdie (cherry picked from commit 655cd3f614d736416eab0d708b7c49674bf5c977) Signed-off-by: Anuj Mittal --- scripts/lib/scriptutils.py | 7 +++++-- scripts/lib/wic/pluginbase.py | 8 ++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/lib/scriptutils.py b/scripts/lib/scriptutils.py index 3164171eb2..47a08194d0 100644 --- a/scripts/lib/scriptutils.py +++ b/scripts/lib/scriptutils.py @@ -18,7 +18,8 @@ import sys import tempfile import threading import importlib -from importlib import machinery +import importlib.machinery +import importlib.util class KeepAliveStreamHandler(logging.StreamHandler): def __init__(self, keepalive=True, **kwargs): @@ -82,7 +83,9 @@ def load_plugins(logger, plugins, pluginpath): logger.debug('Loading plugin %s' % name) spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] ) if spec: - return spec.loader.load_module() + mod = importlib.util.module_from_spec(spec) + spec.loader.exec_module(mod) + return mod def plugin_name(filename): return os.path.splitext(os.path.basename(filename))[0] diff --git a/scripts/lib/wic/pluginbase.py b/scripts/lib/wic/pluginbase.py index d9b4e57747..b64568339b 100644 --- a/scripts/lib/wic/pluginbase.py +++ b/scripts/lib/wic/pluginbase.py @@ -9,9 +9,11 @@ __all__ = ['ImagerPlugin', 'SourcePlugin'] import os import logging +import types from collections import defaultdict -from importlib.machinery import SourceFileLoader +import importlib +import importlib.util from wic import WicError from wic.misc import get_bitbake_var @@ -54,7 +56,9 @@ class PluginMgr: mname = fname[:-3] mpath = os.path.join(ppath, fname) logger.debug("loading plugin module %s", mpath) - SourceFileLoader(mname, mpath).load_module() + spec = importlib.util.spec_from_file_location(mname, mpath) + module = importlib.util.module_from_spec(spec) + spec.loader.exec_module(module) return PLUGINS.get(ptype) From patchwork Fri Jan 21 14:50:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6B0CC433F5 for ; Fri, 21 Jan 2022 14:51:23 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:22 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=fKuRjXsg; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776682; x=1674312682; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=w0LdF/yjadfV/InyPVnUaQP9twmMPG8MPEbWCLwoMpo=; b=fKuRjXsgazsTXfRQWsu6ACMP0+ULYOy2U77PY8ZNqC5ugc4YyqNyxmKz EOKLFysrwjsF9jfhxxYMxqt6/4BIak38P/nLW7BDS5ZmdEx9ReevTKN16 7NloLQrJFMJivJmy8HOMcYuZvv8P7GfO/vnwVnGDcdQW1r7pkBosC7K9f K30/A+WywTFxE0n5myt+sQSvE7c2MLWIuOzO1H48sWpyWKDKsUvtgbXLT qxNRMu3JtlJdAw9hN2ZCo1i7m8dV+QlOgXtg5pu0kRlwvO9mi5e6FduT8 hAsqMRvd0dJ+CpiWvWQXjG+TuFgfq0uN6Wzpi496tYkl9Sf8KQfVnmWY6 Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886065" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886065" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:22 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336735" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:20 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 07/15] selftest: reproducible: Set maximum report size Date: Fri, 21 Jan 2022 22:50:55 +0800 Message-Id: <12c4da7e9986ae8a6207bcc3a4aa787579d7b863.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160838 From: Joshua Watt Diffoscope can end up running for a very long time if there are a lot of changes. To put a limit on how long it can run, cap the maximum report size at 250 MB by default. Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie (cherry picked from commit 52d5f76f54eac384f9480dffe96df089d9ee8f33) Signed-off-by: Anuj Mittal --- meta/lib/oeqa/selftest/cases/reproducible.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py index a62757399b..546dc91120 100644 --- a/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/meta/lib/oeqa/selftest/cases/reproducible.py @@ -114,8 +114,9 @@ def compare_file(reference, test, diffutils_sysroot): result.status = SAME return result -def run_diffoscope(a_dir, b_dir, html_dir, **kwargs): - return runCmd(['diffoscope', '--no-default-limits', '--exclude-directory-metadata', 'yes', '--html-dir', html_dir, a_dir, b_dir], +def run_diffoscope(a_dir, b_dir, html_dir, max_report_size=0, **kwargs): + return runCmd(['diffoscope', '--no-default-limits', '--max-report-size', str(max_report_size), + '--exclude-directory-metadata', 'yes', '--html-dir', html_dir, a_dir, b_dir], **kwargs) class DiffoscopeTests(OESelftestTestCase): @@ -145,6 +146,9 @@ class ReproducibleTests(OESelftestTestCase): package_classes = ['deb', 'ipk', 'rpm'] + # Maximum report size, in bytes + max_report_size = 250 * 1024 * 1024 + # targets are the things we want to test the reproducibility of targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world'] # sstate targets are things to pull from sstate to potentially cut build/debugging time @@ -321,7 +325,7 @@ class ReproducibleTests(OESelftestTestCase): # Copy jquery to improve the diffoscope output usability self.copy_file(os.path.join(jquery_sysroot, 'usr/share/javascript/jquery/jquery.min.js'), os.path.join(package_html_dir, 'jquery.js')) - run_diffoscope('reproducibleA', 'reproducibleB', package_html_dir, + run_diffoscope('reproducibleA', 'reproducibleB', package_html_dir, max_report_size=self.max_report_size, native_sysroot=diffoscope_sysroot, ignore_status=True, cwd=package_dir) if fails: From patchwork Fri Jan 21 14:50:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2780 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5DF7C433EF for ; Fri, 21 Jan 2022 14:51:24 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:24 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=NGANSm02; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776684; x=1674312684; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=C8wwKzWcnfLQkXKMOgARaA1/3Q0PApKpOV+WltHXrOs=; b=NGANSm02TRTTNiQxND8xbapvzhmJ2pMhXwJNQIDnNGRlPNOvueIESybu yLlsSWE4MJqA5JTGnJOYyJ5r3B7QlB0GIA1/P5Tidecjhi2MNfAdnGMBp 4NRyqAwczUeSzaEeH68C9iRUOaoWH+DvD9CPdYc1Om4Yd74I+owSsLrpm 3vGn9aUFQdXjcZVDACJCIXkvbDqg8UC/EebinNIyoDYnmLQqxfAbpTqVq 3wcIOYPpoYXj3o9SP9te5ynnFr7Ifje50TtyonmtoTT73UzbmcJpVo7ih tsD+Aj3ve9RFOgmwkHkSSUwkTR38BGkzvx/UluyDZpb9W1lMztWxYjGNK g==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886069" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886069" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:23 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336749" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:22 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 08/15] xserver-xorg: whitelist two CVEs Date: Fri, 21 Jan 2022 22:50:56 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160839 From: Ross Burton CVE-2011-4613 is specific to Debian/Ubuntu. CVE-2020-25697 is a non-trivial attack that may not actually be feasible considering the default behaviour for clients is to exit if the connection is lost. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit afa2e6c31a79f75ff4113d53f618bbb349cd6c17) Signed-off-by: Anuj Mittal --- meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 497515a04a..d83cb94317 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -18,6 +18,14 @@ XORG_PN = "xorg-server" SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" CVE_PRODUCT = "xorg-server x_server" +# This is specific to Debian's xserver-wrapper.c +CVE_CHECK_WHITELIST += "CVE-2011-4613" +# As per upstream, exploiting this flaw is non-trivial and it requires exact +# timing on the behalf of the attacker. Many graphical applications exit if their +# connection to the X server is lost, so a typical desktop session is either +# impossible or difficult to exploit. There is currently no upstream patch +# available for this flaw. +CVE_CHECK_WHITELIST += "CVE-2020-25697" S = "${WORKDIR}/${XORG_PN}-${PV}" From patchwork Fri Jan 21 14:50:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7041C433F5 for ; Fri, 21 Jan 2022 14:51:26 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:26 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=ayzBljdf; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776686; x=1674312686; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=nEsjXF1nxqdSz1f7DhA1VBghKKRZx8ubLQPs+JJcyA4=; b=ayzBljdf78s71l/GtPCAxw5lg/VKdSitfR3XcRH9k2+xhbpNXjv4S6Cf 03MU9ZXf6b0seB5KFSPtnddm92WeO7IiJxqpbog426xg/GVTJz3z82Ykq u2TViEAGS6Vfaxj3cgpCC+JN4/NcpsxbHdovMGdrYfEJ+Zya+C5S6B3E1 skKvlGWtyVwnAIc+HV3U1JFy7eUnDIuBFtBg47b03Tqw/Ahg4e7cfH1OB MXPn8YGNXh68YJWcVng9Z/jXJXUv8m5JNW7s1PxdbhqcwJE38PovAATQ/ G6GYKRURY4I51ZqnfXzeUrZoScPP4jWZHW9tXOFvR39+dn7ELJyyhMZs+ Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886079" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886079" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:26 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336763" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:24 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 09/15] populate_sdk_base: remove unneeded dirs such as /dev Date: Fri, 21 Jan 2022 22:50:57 +0800 Message-Id: <0211ccb94ecc13ed0f4d3f351baf4f9a39f2ccea.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160840 From: Chen Qi We met a problem that core-image-tiny-initramfs's SDK cannot be installed. The error message is like below. tar: ./sysroots/core2-64-poky-linux/dev/console: Cannot mknod: Operation not permitted In fact, the '/dev' direcotry is not needed by SDK. So remove it. This patches uses a variable, SDK_PRUNE_SYSROOT_DIRS, to hold useless dir entries so that it could be extended. For example, '/usr/bin' could be added if wanted. (From OE-Core rev: 9154f71c7267e9731156c1dfd57397103e9e6a2b) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/classes/populate_sdk_base.bbclass | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index 2d33611ddd..76757a3a9d 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -90,6 +90,8 @@ SDK_HOST_MANIFEST = "${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.host.manifest" SDK_EXT_TARGET_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.target.manifest" SDK_EXT_HOST_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.host.manifest" +SDK_PRUNE_SYSROOT_DIRS ?= "/dev" + python write_target_sdk_manifest () { from oe.sdk import sdk_list_installed_packages from oe.utils import format_pkg_list @@ -101,6 +103,12 @@ python write_target_sdk_manifest () { output.write(format_pkg_list(pkgs, 'ver')) } +sdk_prune_dirs () { + for d in ${SDK_PRUNE_SYSROOT_DIRS}; do + rm -rf ${SDK_OUTPUT}${SDKTARGETSYSROOT}$d + done +} + python write_sdk_test_data() { from oe.data import export2json testdata = "%s/%s.testdata.json" % (d.getVar('SDKDEPLOYDIR'), d.getVar('TOOLCHAIN_OUTPUTNAME')) @@ -120,8 +128,9 @@ python write_host_sdk_manifest () { } POPULATE_SDK_POST_TARGET_COMMAND_append = " write_sdk_test_data ; " -POPULATE_SDK_POST_TARGET_COMMAND_append_task-populate-sdk = " write_target_sdk_manifest ; " +POPULATE_SDK_POST_TARGET_COMMAND_append_task-populate-sdk = " write_target_sdk_manifest; sdk_prune_dirs; " POPULATE_SDK_POST_HOST_COMMAND_append_task-populate-sdk = " write_host_sdk_manifest; " + SDK_PACKAGING_COMMAND = "${@'${SDK_PACKAGING_FUNC};' if '${SDK_PACKAGING_FUNC}' else ''}" SDK_POSTPROCESS_COMMAND = " create_sdk_files; check_sdk_sysroots; archive_sdk; ${SDK_PACKAGING_COMMAND} " From patchwork Fri Jan 21 14:50:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2782 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC1C6C433FE for ; Fri, 21 Jan 2022 14:51:28 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:27 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=d4w2GHsY; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776687; x=1674312687; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=4Itlwp6ImyrulrOKDDPq+jIHHTrcY/oQhDQ/Q7gLdWY=; b=d4w2GHsYInq76dOarLC52vKSA2rF3PJ/ZvAg6CsC5r18fGcDb7xmRVxR EvZIxMtcSPGUR04C8IXFXF/shyLno/jz2DJGVSce02eqXCWg21vVFi4/w At2j1gLzBIx7wUx2bTy2AemKCCTwxMc1s+O7MJwSQtnovUyINssIVU+U1 V9vKn8Vb7fPK0Ku+PqTxwaed1mrSwTV9RnfBrK0LdelAnpstZz48Wa4w0 G2VAxkuUz38vHocRg7cXGhK/klKOtUuIq/dG5pisycJoiMmdgzAVfCc0q wPMaO45QAz6DNuZEv3mK+xJ2/6zC5hFQ06Rg1WrNSxBVSppRcwFRNdXEV g==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886086" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886086" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:27 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336775" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:26 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 10/15] linux-yocto/5.10: update to v5.10.89 Date: Fri, 21 Jan 2022 22:50:58 +0800 Message-Id: <628720b0c6b72e5c18e5be1da0eca144cc7f2f75.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160841 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: eb967e323f7f Linux 5.10.89 52ad5da8e316 phonet/pep: refuse to enable an unbound pipe 7dd52af1eb57 hamradio: improve the incomplete fix to avoid NPD 450121075a6a hamradio: defer ax25 kfree after unregister_netdev 8e34d07dd4d9 ax25: NPD bug when detaching AX25 device 50f78486f90b hwmon: (lm90) Do not report 'busy' status bit as alarm ec1d222d37ea hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 441d3873664d pinctrl: mediatek: fix global-out-of-bounds issue 9c75a9657bdc ASoC: rt5682: fix the wrong jack type detected 94caab5af19a ASoC: tas2770: Fix setting of high sample rates c7282790c782 Input: goodix - add id->model mapping for the "9111" model 3bb3bf50d69f Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312 ee6f34215c5d mm: mempolicy: fix THP allocations escaping mempolicy restrictions 8008fc1d0be1 KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state d91ed251fd70 usb: gadget: u_ether: fix race in setting MAC address in setup phase 6697f29bf56b ceph: fix up non-directory creation in SGID directories fffb6581a23a f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() ad338d825e3f tee: optee: Fix incorrect page free bug 1f2070767401 mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() ac61b9c6c054 mac80211: fix locking in ieee80211_start_ap error path 89876d10830d ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling c3253d3a38bc mmc: mmci: stm32: clear DLYB_CR after sending tuning command 0d66b395210c mmc: core: Disable card detect during shutdown c8e366a01c20 mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands 4af79153617b mmc: sdhci-tegra: Fix switch to HS400ES mode 9a7ec7979785 gpio: dln2: Fix interrupts when replugging the device f5b02912e2dd pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines 28626e76baf5 KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU 7a37f2e37069 platform/x86: intel_pmc_core: fix memleak on registration failure b57afd124046 x86/pkey: Fix undefined behaviour with PKRU_WD_BIT c05d8f66ec34 tee: handle lookup of shm with reference count 0 0ffb9f83e4f6 parisc: Fix mask used to select futex spinlock 5deeb9ad598b parisc: Correct completer in lws start 8b745616ba8f ipmi: fix initialization when workqueue allocation fails 1f6ab847461c ipmi: ssif: initialize ssif_info->client early a5192f31160c ipmi: bail out if init_srcu_struct fails bc674f1b2119 Input: atmel_mxt_ts - fix double free in mxt_read_info_block 30140e252fdb ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s 2b4c020b70cc ALSA: hda/realtek: Fix quirk for Clevo NJ51CU 7470780f3b0c ALSA: hda/realtek: Add new alc285-hp-amp-init model 4cb7dc2e3074 ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 69e492161c7b ALSA: drivers: opl3: Fix incorrect use of vp->state a96c08e0b41e ALSA: jack: Check the return value of kstrdup() 51c7b2a7b86a hwmon: (lm90) Drop critical attribute support for MAX6654 2464738d0ee4 hwmon: (lm90) Introduce flag indicating extended temperature support 196df56c3dc8 hwmon: (lm90) Add basic support for TI TMP461 fa2e149260bf hwmon: (lm90) Fix usage of CONFIG2 register in detect function ba696b470839 pinctrl: bcm2835: Change init order for gpio hogs 676c572439e5 Input: elantech - fix stack out of bound access in elantech_change_report_id() 2792fde84cce sfc: falcon: Check null pointer of rx_queue->page_ring d70b4001ef74 sfc: Check null pointer of rx_queue->page_ring 75c962f02a4f net: ks8851: Check for error irq 9db0f8d395fd drivers: net: smc911x: Check for error irq ca2a15053b07 fjes: Check for error irq c6d2754006c1 bonding: fix ad_actor_system option setting to default 6809da518514 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module 61e6b82e7b6c igb: fix deadlock caused by taking RTNL in RPM resume path e00eace2325c net: skip virtio_net_hdr_set_proto if protocol already set ed05e4dcfba6 net: accept UFOv6 packages in virtio_net_hdr_to_skb 56b0bbba782b qlcnic: potential dereference null pointer of rx_queue->page_ring 78e49d77e517 net: marvell: prestera: fix incorrect return of port_find 861b4413e41d ARM: dts: imx6qdl-wandboard: Fix Ethernet support d79f5e0d458b netfilter: fix regression in looped (broad|multi)cast's MAC handling 579cefef7c42 RDMA/hns: Replace kfree() with kvfree() 7cf6466e00a7 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() cd9c90682b2f ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() 580ecf86e772 spi: change clk_disable_unprepare to clk_unprepare 93a957bbf46c arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode ef2dce43257d HID: potential dereference of null pointer 3110bc5862d2 HID: holtek: fix mouse probing 0875873b2a97 ext4: check for inconsistent extents between index and leaf block 76366c024f56 ext4: check for out-of-order index extents in ext4_valid_extent_entries() 1d4b1c4e8bbd ext4: prevent partial update of the extent blocks f69a47fcbb9c net: usb: lan78xx: add Allied Telesis AT29M2-AF 8c0059a25cb1 arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd b16b124a42e0 arm64: vdso32: drop -no-integrated-as flag 856f88f27bbc Linux 5.10.88 88f20cccbeec xen/netback: don't queue unlimited number of packages 525875c410df xen/netback: fix rx queue stall detection 8fa3a370cc2a xen/console: harden hvc_xen against event channel storms d31b3379179d xen/netfront: harden netfront against event channel storms 8ac3b6ee7c9f xen/blkfront: harden blkfront against event channel storms 76ec7fe2d866 Revert "xsk: Do not sleep in poll() when need_wakeup set" e24fc8983025 bus: ti-sysc: Fix variable set but not used warning for reinit_modules 70692b06208c rcu: Mark accesses to rcu_state.n_force_qs a9078e791426 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() bdb854f134b9 scsi: scsi_debug: Fix type in min_t to avoid stack OOB aa1f912712a1 scsi: scsi_debug: Don't call kcalloc() if size arg is zero 6859985a2fbd ovl: fix warning in ovl_create_real() 5fd7d62daa24 fuse: annotate lock in fuse_reverse_inval_entry() b99bdf127af9 media: mxl111sf: change mutex_init() location 0413f7a1a533 xsk: Do not sleep in poll() when need_wakeup set 6b8d8ecdd980 ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name 8affa1b68db6 Input: touchscreen - avoid bitwise vs logical OR warning aec5897b277b drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE c1d519263ded libata: if T_LENGTH is zero, dma direction should be DMA_NONE a9f2c6af5a60 timekeeping: Really make sure wall_to_monotonic isn't positive 6471ebcd6f15 serial: 8250_fintek: Fix garbled text for console a7c80674538f iocost: Fix divide-by-zero on donation from low hweight cgroup bcebb8eb1948 zonefs: add MODULE_ALIAS_FS 1c414ff63b2d btrfs: fix double free of anon_dev after failure to create subvolume 005d9292b5b2 btrfs: fix memory leak in __add_inode_ref() cd98cb5216a0 USB: serial: option: add Telit FN990 compositions 5c93584d9a2f USB: serial: cp210x: fix CP2105 GPIO registration 8f207f12630b usb: xhci: Extend support for runtime power management for AMD's Yellow carp. e5949933f313 PCI/MSI: Mask MSI-X vectors only on success f8aa09186c30 PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error d17c5a389768 usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe 2b2edc8fc5a8 USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) fd623e16b2ff tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous 9439fabfc349 KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES 5fe305c6d485 Revert "usb: early: convert to readl_poll_timeout_atomic()" 2b54f485f2c1 USB: gadget: bRequestType is a bitfield, not a enum 151ffac3ac27 powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n fcf9194d366c bpf, selftests: Fix racing issue in btf_skc_cls_ingress test 6f46c59e60b6 sit: do not call ipip6_dev_free() from sit_init_net() 6e1011cd183f net: systemport: Add global locking for descriptor lifecycle d1765f984c99 net/smc: Prevent smc_release() from long blocking 337bb7bf7c31 net: Fix double 0x prefix print in SKB dump 734a3f310605 sfc_ef100: potential dereference of null pointer 7da349f07e45 net/packet: rx_owner_map depends on pg_vec 1a34fb9e2bf3 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc d3e1f54508f1 ixgbe: set X550 MDIO speed before talking to PHY 48e01e388182 ixgbe: Document how to enable NBASE-T support 776ed8b36697 igc: Fix typo in i225 LTR functions 74a16e062b23 igbvf: fix double free in `igbvf_probe` ddac50d04f34 igb: Fix removal of unicast MAC filters of VFs 12c1938870dc soc/tegra: fuse: Fix bitwise vs. logical OR warning 451f1eded7f5 mptcp: clear 'kern' flag from fallback sockets 222cebd995cd drm/amd/pm: fix a potential gpu_metrics_table memory leak 74dc97dfb276 rds: memory leak in __rds_conn_create() 67f4362ae286 flow_offload: return EOPNOTSUPP for the unsupported mpls action type 03fd6ca05601 mac80211: fix lookup when adding AddBA extension element bef59d6a83d3 mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock 96bc86cac0a9 drm/ast: potential dereference of null pointer cac0fd4b9bd3 selftest/net/forwarding: declare NETIFS p9 p10 81fbdd45652d net/sched: sch_ets: don't remove idle classes from the round-robin list be32c8a78887 dmaengine: st_fdma: fix MODULE_ALIAS dfff1d5e85ff selftests: Fix IPv6 address bind tests 08896ecfffc3 selftests: Fix raw socket bind tests with VRF 5ba4dfb8b8a1 selftests: Add duplicate config only for MD5 VRF tests 12512bc8f25b net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg 3a4f6dba1eb9 inet_diag: fix kernel-infoleak for UDP sockets 20ad1ef02f9a sch_cake: do not call cake_destroy() from cake_init() 1208b445a497 s390/kexec_file: fix error handling when applying relocations c058c544e73a selftests: net: Correct ping6 expected rc from 2 to 1 9983425c203b virtio/vsock: fix the transport to work with VMADDR_CID_ANY 94a01e6fb2d8 soc: imx: Register SoC device only on i.MX boards cc426a91d384 clk: Don't parent clks until the parent is fully registered 429bb01e4dda ARM: socfpga: dts: fix qspi node compatible 7b4cc168d9ca ceph: initialize pathlen variable in reconnect_caps_cb e0f06c32afb2 ceph: fix duplicate increment of opened_inodes metric 640e28d618e8 tee: amdtee: fix an IS_ERR() vs NULL bug eed897a22230 mac80211: track only QoS data frames for admission control 24983f750881 arm64: dts: rockchip: fix audio-supply for Rock Pi 4 49bd597719bf arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply 9fcdbbf3964d arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply ba866840b240 arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge 3516bc149223 arm64: dts: imx8mp-evk: Improve the Ethernet PHY description 06294e7e341a arm64: dts: imx8m: correct assigned clocks for FEC 4cc6badff97f audit: improve robustness of the audit queue handling 0e21e6cd5eeb dm btree remove: fix use after free in rebalance_children() f5187a9d52ae recordmcount.pl: look for jgnop instruction as well as bcrl on s390 51f6302f81d2 vdpa: check that offsets are within bounds e3a1ab5aea4c virtio_ring: Fix querying of maximum DMA mapping size for virtio device 0612679e48d0 bpf, selftests: Add test case trying to taint map value pointer 279e0bf80d95 bpf: Make 32->64 bounds propagation slightly more robust e2aad0b5f2cb bpf: Fix signed bounds propagation after mov32 f0f484714f35 firmware: arm_scpi: Fix string overflow in SCPI genpd driver 7fd214fc7f2e mac80211: validate extended element ID is present 0bb50470f1e0 mac80211: send ADDBA requests using the tid/queue of the aggregation session 29bb131dbbb5 mac80211: mark TX-during-stop for TX in in_reconfig 15640e40e3bb mac80211: fix regression in SSN handling of addba tx 49b7e496928e KVM: downgrade two BUG_ONs to WARN_ON_ONCE 8d0f56c2ed71 KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 8710dca273bada79536e84ad3c206bd1b40aab97) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 6a1f48bbb0..3a346195c9 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "d6b1cc83a5315388b060eaa6195f1ce77103c3d1" -SRCREV_meta ?= "1ab943530f4016a9ee7bd8fc3d10acf702c23c44" +SRCREV_machine ?= "301346d30bcaccedc71da8d5f78bd262063d4ba7" +SRCREV_meta ?= "38b4f2e3bc974717352e8bc5491664e47542d237" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.87" +LINUX_VERSION ?= "5.10.89" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 38c01b78b2..3c70d6c2ea 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.87" +LINUX_VERSION ?= "5.10.89" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "a46d018920762d81e283ecc80cf156fe226712ed" -SRCREV_machine ?= "e36ccf7356af83243e55f6ca491049462f7feab7" -SRCREV_meta ?= "1ab943530f4016a9ee7bd8fc3d10acf702c23c44" +SRCREV_machine_qemuarm ?= "913d41ebe409dfd03c49fafd1923f8663df2a4ff" +SRCREV_machine ?= "5575e67330fb6d979ed1cd2e9e64400b4c21b595" +SRCREV_meta ?= "38b4f2e3bc974717352e8bc5491664e47542d237" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index d877c1e6b5..fc7071c6fc 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "c5c39f3ba284421eceeb9b084da1508167b37abe" -SRCREV_machine_qemuarm64 ?= "fab21fdf95a62d013b98eb91adc0d9cfc69f700b" -SRCREV_machine_qemumips ?= "ef1d4a1e93c209637022c9337131394a6f3679ae" -SRCREV_machine_qemuppc ?= "8009be617e2fd4c34c80892776d79f463d436fc0" -SRCREV_machine_qemuriscv64 ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0" -SRCREV_machine_qemuriscv32 ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0" -SRCREV_machine_qemux86 ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0" -SRCREV_machine_qemux86-64 ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0" -SRCREV_machine_qemumips64 ?= "2f42ab7aac37cd61f47231301b3f1e232807e0e6" -SRCREV_machine ?= "4f2bb635ea267e71f112fd11323c1d3a2f2b85d0" -SRCREV_meta ?= "1ab943530f4016a9ee7bd8fc3d10acf702c23c44" +SRCREV_machine_qemuarm ?= "b0dfabc86c3b6e1fb2ddb153664961e107bedfa9" +SRCREV_machine_qemuarm64 ?= "fea23aa594ce16a15564f991e14868dd255674cf" +SRCREV_machine_qemumips ?= "0ec16d85647a337f392ae358db3dcc200d958938" +SRCREV_machine_qemuppc ?= "a6a07d8acd8991883464bd3034beabb9ee23f11a" +SRCREV_machine_qemuriscv64 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" +SRCREV_machine_qemuriscv32 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" +SRCREV_machine_qemux86 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" +SRCREV_machine_qemux86-64 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" +SRCREV_machine_qemumips64 ?= "29cb56446b0b66b7a15d2577773e69c4e813bfd7" +SRCREV_machine ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" +SRCREV_meta ?= "38b4f2e3bc974717352e8bc5491664e47542d237" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.87" +LINUX_VERSION ?= "5.10.89" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Fri Jan 21 14:50:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF369C433EF for ; Fri, 21 Jan 2022 14:51:30 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:30 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=i9aMJszQ; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776690; x=1674312690; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=LzLAwoG4X6YhG9qwW8Nx0+eSaOqe/woDIwmG26RFEfw=; b=i9aMJszQFbZW5L7P/0f59dAw8nCmTs2fWLiSLu7sXj5jcm1U1iHiNdqA hlkkSWqLqeLWNrikPYJJYVhnN6Kw2VP2OM2vJ/KDvJJtUZEo0/WW4Qq4X py4VVYeiapC1qeYN6FW2FwNdw0w95iEqJtvjbx2KxdoUz1WK2/jWYgNRV 0Se2ZZ67asbksCF4dGmFCRvZYPLvT6N5vKjye6sWeqSvCrlyQ+U9Z0wDg IMgKFl+ssRd22Pez9tw1RDS9DCsj67LgsswyPzIDel2Wkt0iEqKns+S1y afm4smMLJhDfJxuY/7rPv7XE+dazPH3+Zx57wRe3WCeH09ddSvnkOLoEG w==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886098" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886098" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:29 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336788" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:27 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 11/15] linux-yocto/5.10/cfg: add kcov feature fragment Date: Fri, 21 Jan 2022 22:50:59 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160842 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto: 41721be8a03 cfg/debug: add kcov kernel configs Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 6a11ed0910a9ed231bc3c4a9ee532358014ce535) Signed-off-by: Anuj Mittal --- meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 3a346195c9..0a31714524 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -12,7 +12,7 @@ python () { } SRCREV_machine ?= "301346d30bcaccedc71da8d5f78bd262063d4ba7" -SRCREV_meta ?= "38b4f2e3bc974717352e8bc5491664e47542d237" +SRCREV_meta ?= "fdabd97ceceb2e3e74a132332c875f68b47b755b" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 3c70d6c2ea..bad6f10905 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine_qemuarm ?= "913d41ebe409dfd03c49fafd1923f8663df2a4ff" SRCREV_machine ?= "5575e67330fb6d979ed1cd2e9e64400b4c21b595" -SRCREV_meta ?= "38b4f2e3bc974717352e8bc5491664e47542d237" +SRCREV_meta ?= "fdabd97ceceb2e3e74a132332c875f68b47b755b" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index fc7071c6fc..20e7f68f8f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -23,7 +23,7 @@ SRCREV_machine_qemux86 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" SRCREV_machine_qemux86-64 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" SRCREV_machine_qemumips64 ?= "29cb56446b0b66b7a15d2577773e69c4e813bfd7" SRCREV_machine ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" -SRCREV_meta ?= "38b4f2e3bc974717352e8bc5491664e47542d237" +SRCREV_meta ?= "fdabd97ceceb2e3e74a132332c875f68b47b755b" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" From patchwork Fri Jan 21 14:51:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB7D1C4332F for ; Fri, 21 Jan 2022 14:51:31 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:31 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Ys4Kstcw; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776691; x=1674312691; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=di7qudiFLwjWy8/qT7FeHGQ0i0eKM9WpvLlSKMIW7m8=; b=Ys4KstcwDzYG/tRnj6dPTRCoyVJOH688MFhme0JkwA6NLvYOTjc/74jE rgkJN1JSxtfampxEWDqmzsSAaQMybNJNC7OjrCwK0B0FReLC6nqGOMBkc oq8kGJUi/zmfYCVf5o5EGhT+gZ/7t3LwKnlEoHHNwj53i/7hvlFyJOhJV ljwroy9KbbLeNGjOXm+hdbCItLpsvMUg6KlFi7JqBtT/eke1U/Cwxg21Q dSfVG1EcmIUaXqECJFw803RmIb8rdlIY49neS04Rw+hnrxDjrt/El1+wG 3j450YP3Nq75aKiu7zOR+6iSjLBsNA0BY4IsJiUdKznDXTwTlUkWt8L+X g==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886101" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886101" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:31 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336836" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:30 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 12/15] linux-yocto/5.10: update to v5.10.90 Date: Fri, 21 Jan 2022 22:51:00 +0800 Message-Id: <21e36f6fcf85c34dc0884ddf86bb104df25429f6.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160843 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: d3e491a20d15 Linux 5.10.90 8c15bfb36a44 bpf: Add kconfig knob for disabling unpriv bpf by default d8a5b1377bf6 perf script: Fix CPU filtering of a script's switch events 2386e81a1d27 net: fix use-after-free in tw_timer_handler 34087cf96046 Input: spaceball - fix parsing of movement data packets 9f329d0d6c91 Input: appletouch - initialize work before device registration 2a4f551dec1a scsi: vmw_pvscsi: Set residual data length conditionally 1cb8444f3114 binder: fix async_free_space accounting for empty parcels a6e26251dd3a usb: mtu3: set interval of FS intr and isoc endpoint 3b6efe0b7ba0 usb: mtu3: fix list_head check warning f10b01c48f85 usb: mtu3: add memory barrier before set GPD's HWO 1c4ace3e6b85 usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. 1933fe8ce712 xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. b8553330a077 drm/amdgpu: add support for IP discovery gc_info table v2 28863ffe21ff drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled a0f3ac399ef5 uapi: fix linux/nfc.h userspace compilation errors 818c9e0a04df nfc: uapi: use kernel size_t to fix user-space builds 8d31cbab4c29 i2c: validate user data in compat ioctl 51c94d8fbd09 fsl/fman: Fix missing put_device() call in fman_port_probe 920932b20e0c net/ncsi: check for error return from call to nla_put_u32 610af55f9fbe selftests/net: udpgso_bench_tx: fix dst ip argument 78503589b1e0 net/mlx5e: Fix wrong features assignment in case of error 61146008087a ionic: Initialize the 'lif->dbid_inuse' bitmap b7c9a1427b32 igc: Fix TX timestamp support for non-MSI-X platforms e8a5988a85c7 net/smc: fix kernel panic caused by race of smc_sock 97c87c1db9ff net/smc: don't send CDC/LLC message if link not ready 99f19566b1c4 net/smc: improved fix wait on already cleared link e553265ea564 NFC: st21nfca: Fix memory leak in device probe and remove 8d70dc0eecf0 net: lantiq_xrx200: fix statistics of received bytes 7ef89bd1e8f1 net: ag71xx: Fix a potential double free in error handling paths 40d36186913b net: usb: pegasus: Do not drop long Ethernet frames a67becdaa8ad net/smc: fix using of uninitialized completions 769d14abd35e sctp: use call_rcu to free endpoint 13c1bf43b674 selftests: Calculate udpgso segment count without header adjustment abe74fb43378 udp: using datalen to cap ipv6 udp max gso segments 5e6ad649e927 net/mlx5e: Fix ICOSQ recovery flow for XSK 73665165b64a net/mlx5e: Wrap the tx reporter dump callback to extract the sq 4cd1da02f0c3 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources fcb32eb3d04d scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() 4833ad4908a1 selinux: initialize proto variable in selinux_ip_postroute_compat() ec941a2277a1 recordmcount.pl: fix typo in s390 mcount regex a0e82d5ef992 memblock: fix memblock_phys_alloc() section mismatch error 7da855e93964 platform/x86: apple-gmux: use resource_size() with res d01e9ce1af61 parisc: Clear stale IIR value on instruction access rights trap 0643d9175dc6 tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() e2048a1f9186 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok(). 210c7c6908f3 Input: i8042 - enable deferred probe quirk for ASUS UM325UA bb672eff7447 Input: i8042 - add deferred probe support Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit ada52c924b8033939a448d8cedfc4e587bfdbc46) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 0a31714524..90ec900c2b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "301346d30bcaccedc71da8d5f78bd262063d4ba7" -SRCREV_meta ?= "fdabd97ceceb2e3e74a132332c875f68b47b755b" +SRCREV_machine ?= "e137d5d92c05530840f2e191ec471f8f0ea2d62e" +SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.89" +LINUX_VERSION ?= "5.10.90" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index bad6f10905..9af2e622ac 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.89" +LINUX_VERSION ?= "5.10.90" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "913d41ebe409dfd03c49fafd1923f8663df2a4ff" -SRCREV_machine ?= "5575e67330fb6d979ed1cd2e9e64400b4c21b595" -SRCREV_meta ?= "fdabd97ceceb2e3e74a132332c875f68b47b755b" +SRCREV_machine_qemuarm ?= "c0774ebd6bc1c7541deb4f9a649a1a6bfa42853f" +SRCREV_machine ?= "ab201bf6e3f9d187c7c26a0ec6537fadb41de918" +SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 20e7f68f8f..5d84c46254 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "b0dfabc86c3b6e1fb2ddb153664961e107bedfa9" -SRCREV_machine_qemuarm64 ?= "fea23aa594ce16a15564f991e14868dd255674cf" -SRCREV_machine_qemumips ?= "0ec16d85647a337f392ae358db3dcc200d958938" -SRCREV_machine_qemuppc ?= "a6a07d8acd8991883464bd3034beabb9ee23f11a" -SRCREV_machine_qemuriscv64 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" -SRCREV_machine_qemuriscv32 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" -SRCREV_machine_qemux86 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" -SRCREV_machine_qemux86-64 ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" -SRCREV_machine_qemumips64 ?= "29cb56446b0b66b7a15d2577773e69c4e813bfd7" -SRCREV_machine ?= "d59202c85b0f96b7a928ec594021a38e80c35a46" -SRCREV_meta ?= "fdabd97ceceb2e3e74a132332c875f68b47b755b" +SRCREV_machine_qemuarm ?= "d9597fe71e155c5a96452d23694188d6d4091673" +SRCREV_machine_qemuarm64 ?= "210fcd9ee603afb731beaa5833e7e3f1d1918786" +SRCREV_machine_qemumips ?= "8688d3707cea38bd7ed115a12005079c2215f77d" +SRCREV_machine_qemuppc ?= "933b47667b7549bb36a809cca90bc372a7182620" +SRCREV_machine_qemuriscv64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" +SRCREV_machine_qemuriscv32 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" +SRCREV_machine_qemux86 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" +SRCREV_machine_qemux86-64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" +SRCREV_machine_qemumips64 ?= "25fcfe4f5c4be9bbb67498f09b2dd088f8bb6dfd" +SRCREV_machine ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" +SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.89" +LINUX_VERSION ?= "5.10.90" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Fri Jan 21 14:51:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD95DC433F5 for ; Fri, 21 Jan 2022 14:51:33 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:33 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Dv7OKZCz; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776693; x=1674312693; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=3PeIPOER9eu4sTD3SbQZW0dxjPj3NbCbgvWRXkMNCuM=; b=Dv7OKZCzyyhXkFGD4SOY8Rx0Gp5nxTqnEskUuZjCJ2KvSmB94CXtHcXn 8wTOkF/iBZSwoLaxdDTCKlFyIj4goOF8ezCH5yCFHHEez+isYav/LzYaD xOuJGkpq+hc9XJuuIEXc1qFd5cbm6Un7dQwSOnWgsD7N6TJ6ClHixhbNM b1PfD6CtNGp44Mg2QTPXU2zXGhHk0Xtuw+olSmzW7RCDZc39JrKwikQYH L7M7tPp8mx7YaXwPttyGlE9e99J/yAotOguMFe3j6Fi1irBhbDcrhb8ZT mD+Oo28T8ApL2W2KCPufN55nZFEVlC2beJC5KgJurPoEFas+CcusWrd0E w==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886111" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886111" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:33 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336872" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:31 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 13/15] linux-yocto/5.10: amdgpu: updates for CVE-2021-42327 Date: Fri, 21 Jan 2022 22:51:01 +0800 Message-Id: <174ec220a36dea9ec161f436d9010dc8aebc5cab.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160844 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.10: fd84b99a8ccb drm/amd/display: Don't allow partial copy_from_user 024f4ff63d55 drm/amdgpu: Fix even more out of bound writes from debugfs Signed-off-by: Paul Gortmaker Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit f5488466ea1b332a0bfc0d27dcc5378edd842d16) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 4 ++-- .../linux/linux-yocto-tiny_5.10.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 90ec900c2b..41047bac04 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,8 +11,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "e137d5d92c05530840f2e191ec471f8f0ea2d62e" -SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5" +SRCREV_machine ?= "fbed4064df813f01c1a862548f28b2050ee9b09e" +SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 9af2e622ac..5ae12b1953 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "c0774ebd6bc1c7541deb4f9a649a1a6bfa42853f" -SRCREV_machine ?= "ab201bf6e3f9d187c7c26a0ec6537fadb41de918" -SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5" +SRCREV_machine_qemuarm ?= "ca2928bf9b108b45a8ecfe6c76ae9d66b9527f0c" +SRCREV_machine ?= "5d7922b2755129e1066944a25675a4f9bdbbe706" +SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 5d84c46254..2b1d7bbff9 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "d9597fe71e155c5a96452d23694188d6d4091673" -SRCREV_machine_qemuarm64 ?= "210fcd9ee603afb731beaa5833e7e3f1d1918786" -SRCREV_machine_qemumips ?= "8688d3707cea38bd7ed115a12005079c2215f77d" -SRCREV_machine_qemuppc ?= "933b47667b7549bb36a809cca90bc372a7182620" -SRCREV_machine_qemuriscv64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" -SRCREV_machine_qemuriscv32 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" -SRCREV_machine_qemux86 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" -SRCREV_machine_qemux86-64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" -SRCREV_machine_qemumips64 ?= "25fcfe4f5c4be9bbb67498f09b2dd088f8bb6dfd" -SRCREV_machine ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55" -SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5" +SRCREV_machine_qemuarm ?= "dbf49e7b0801b1b92994f7bc3c6bba943340e273" +SRCREV_machine_qemuarm64 ?= "0b092f0c4e3471ef22aef0343477519b0ba8b533" +SRCREV_machine_qemumips ?= "1806335706c3549985836385bb400c1d80819d73" +SRCREV_machine_qemuppc ?= "270ee670f95ad200c7c32bf8a8ffbf6ed43d7964" +SRCREV_machine_qemuriscv64 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" +SRCREV_machine_qemuriscv32 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" +SRCREV_machine_qemux86 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" +SRCREV_machine_qemux86-64 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" +SRCREV_machine_qemumips64 ?= "ea456bce3f1ed65b1ab00a0cf8cf551b5967aec3" +SRCREV_machine ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" +SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" From patchwork Fri Jan 21 14:51:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2786 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDAC8C433F5 for ; Fri, 21 Jan 2022 14:51:35 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:35 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Jc1y5Jng; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776695; x=1674312695; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=upIdhj8SKLUYDOHrMM8Dk0Qcsi29W90uIdXZqZMMZLM=; b=Jc1y5JngTK6x5MFmK645HAio4/LeoXZwssrWwn9Wa7IA3sFkOcAqvKVS zSDAhgr7ZzA5w5XKUueBAsRruZYyP0Hndj3ZbMAN0knGDK2eI8O0ByNip vzIG868XMldEsk/vqRjSHgtZ6c3guxCxZpOvFO1K3O7xqrrgXip0Hi81S qdtHk3Y1wENdJ8UZT2fISESQuXSbPrEBKBrVIjxpmt9Df5Lj6fgpsGlLq ZassJhS6ThgR3r0U1nywu/GtkSPNnBxuNyT655WxMS91kC/bQGxtsAAL6 iFkCzgVzLtVbn0jkr+P0qMR2/4pcHtJAFqnDwc4PqNEnbRoDYC5rAZeqp w==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886118" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886118" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:34 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336894" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:33 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 14/15] linux-yocto/5.10: update to v5.10.91 Date: Fri, 21 Jan 2022 22:51:02 +0800 Message-Id: <48b0ab78f968d48887ab8ff8267782a200cbff19.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160845 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: df395c763ba0 Linux 5.10.91 674071c9eb26 Input: zinitix - make sure the IRQ is allocated before it gets enabled ef81f7d406c2 ARM: dts: gpio-ranges property is now required f63fa1a0d4df ipv6: raw: check passed optlen before reading cf07884e6bec drm/amd/display: Added power down for DCN10 10b9ccd0674d mISDN: change function names to avoid conflicts dd8a09cfbb99 atlantic: Fix buff_ring OOB in aq_ring_rx_clean c2f4bb251eb4 net: udp: fix alignment problem in udp4_seq_show() f82b48d1d86b ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate 8c87a83ef891 scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() b798b677f94d usb: mtu3: fix interval value for intr and isoc 498d77fc5e38 ipv6: Do cleanup if attribute validation fails in multipath route 72b0d14a0a88 ipv6: Continue processing multipath route even if gateway attribute is invalid 5a7d650bb181 power: bq25890: Enable continuous conversion for ADC at charging 4f260ea5537d phonet: refcount leak in pep_sock_accep 61952934608c rndis_host: support Hytera digital radios 62cbde77d9c1 power: reset: ltc2952: Fix use of floating point literals 998d157e3b2a power: supply: core: Break capacity loop 16d8568378f9 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate aa606b82cdfb net: ena: Fix error handling when calculating max IO queues number e7f5480978fd net: ena: Fix undefined state when tx request id is out of bounds 2de3d961f8e7 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 4c34d5fd8c96 batman-adv: mcast: don't send link-local multicast to mcast routers f403b5f96e9a lwtunnel: Validate RTA_ENCAP_TYPE attribute length 48d5adb08d60 ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route 173bfa2782fa ipv6: Check attribute length for RTA_GATEWAY in multipath route 914420a2a6c5 ipv4: Check attribute length for RTA_FLOW in multipath route a8fe915be6c2 ipv4: Check attribute length for RTA_GATEWAY in multipath route 786a335fef18 ftrace/samples: Add missing prototypes direct functions c859c4de0bd7 i40e: Fix incorrect netdev's real number of RX/TX queues d0ad64438fb5 i40e: Fix for displaying message regarding NVM version 32845aa60203 i40e: fix use-after-free in i40e_sync_filters_subtask() f7edb6b9438b sfc: The RX page_ring is optional 2b3f34da0d79 mac80211: initialize variable have_higher_than_11mbit 16e5cad6eca1 RDMA/uverbs: Check for null return of kmalloc_array a7c2cae997db netrom: fix copying in user data in nr_setsockopt beeb0fdedae8 RDMA/core: Don't infoleak GRH fields 3ca132e6b065 iavf: Fix limit of total number of queues to active queues of VF 396e3016905d i40e: Fix to not show opcode msg on unsuccessful VF MAC change 7f13d14e563c ieee802154: atusb: fix uninit value in atusb_set_extended_addr 7db1e245cb71 tracing: Tag trace_percpu_buffer as a percpu pointer 760c6a625506 tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() c1e2da4b3f72 selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() 384111e12367 f2fs: quota: fix potential deadlock Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 13b53d922df1a53913fbe7a0dfbf2adaedfe5dfd) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 41047bac04..ca7d5dd97c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "fbed4064df813f01c1a862548f28b2050ee9b09e" -SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e" +SRCREV_machine ?= "85c14e209f1ab7cee673735c4561e656b4e65217" +SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.90" +LINUX_VERSION ?= "5.10.91" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 5ae12b1953..dbfeea6c82 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.90" +LINUX_VERSION ?= "5.10.91" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "ca2928bf9b108b45a8ecfe6c76ae9d66b9527f0c" -SRCREV_machine ?= "5d7922b2755129e1066944a25675a4f9bdbbe706" -SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e" +SRCREV_machine_qemuarm ?= "2227ab16358ca3193f03d0cd8509092076aeffbb" +SRCREV_machine ?= "b3fdab7a9f3c11a61565cead0445883a61081583" +SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 2b1d7bbff9..82dfb0f903 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "dbf49e7b0801b1b92994f7bc3c6bba943340e273" -SRCREV_machine_qemuarm64 ?= "0b092f0c4e3471ef22aef0343477519b0ba8b533" -SRCREV_machine_qemumips ?= "1806335706c3549985836385bb400c1d80819d73" -SRCREV_machine_qemuppc ?= "270ee670f95ad200c7c32bf8a8ffbf6ed43d7964" -SRCREV_machine_qemuriscv64 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" -SRCREV_machine_qemuriscv32 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" -SRCREV_machine_qemux86 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" -SRCREV_machine_qemux86-64 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" -SRCREV_machine_qemumips64 ?= "ea456bce3f1ed65b1ab00a0cf8cf551b5967aec3" -SRCREV_machine ?= "fd84b99a8ccbfae11300c3a72183616bc0560870" -SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e" +SRCREV_machine_qemuarm ?= "fb570663823bd492e4c8d4339be825bda4210dc6" +SRCREV_machine_qemuarm64 ?= "5a52b700c1693a95b8efa54cb65bec7807a75cd2" +SRCREV_machine_qemumips ?= "8eb8a801f5f4764c362aefd5e97e704755cf740b" +SRCREV_machine_qemuppc ?= "21b014e385a6b54a2fd7d667a1b556c69cda77de" +SRCREV_machine_qemuriscv64 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" +SRCREV_machine_qemuriscv32 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" +SRCREV_machine_qemux86 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" +SRCREV_machine_qemux86-64 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" +SRCREV_machine_qemumips64 ?= "5468343e50389dba73b5d441289d5094bd0dc9f0" +SRCREV_machine ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" +SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.90" +LINUX_VERSION ?= "5.10.91" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Fri Jan 21 14:51:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 2787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCCFEC433EF for ; Fri, 21 Jan 2022 14:51:37 +0000 (UTC) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.12868.1642776670242435373 for ; Fri, 21 Jan 2022 06:51:36 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=meNy93Vk; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642776696; x=1674312696; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=ccI8l1qVTI2iHbLImV+Ck6cTi0c2/V8g1acgKuP6CaA=; b=meNy93Vkdjx2pKviUDsbL0rKKKoW7kP8eYr4D2/PE+IM6X3R1s7qF7zL Tz1xFPNbdqxhtTnhLVUt1k3BuVJtpYeTZ3IEURQMW8nrLOpTrRkR5MxyS B/Sv4kmz3aMdnJc0rhhrLa8HNwe5rTXy2YWWTj/VUF7GQYiKnt3KSvgAH IiF1WzrjmtAlSo42nYhlLNtF7VwUs635NUwzzn9bgDg65Pw+GbP7kWTka wsNmo4u9b3K6d9DHiYPyQpFnasRB/OTKZPYkou6ADX43obq5dgxsGYhKh p2enan+Tx7YRub2+M2za4EuSkTbE++OCpVUZz+eL2fTJD/SH3paRrTtym A==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245886125" X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="245886125" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:36 -0800 X-IronPort-AV: E=Sophos;i="5.88,304,1635231600"; d="scan'208";a="623336923" Received: from gordonyx-mobl.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.131.118]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2022 06:51:35 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 15/15] cve-check: add lockfile to task Date: Fri, 21 Jan 2022 22:51:03 +0800 Message-Id: <155c238d340fdc82420ba9f367cb23014c78b705.1642736951.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 21 Jan 2022 14:51:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/160846 From: Konrad Weihmann this should prevent running into the very rare error sqlite3.OperationalError: attempt to write a readonly database As highlighted by https://www.sqlite.org/faq.html#q5 it is likely that the adapter won't allow use multiple exec calls at the same time. So it's best to prevent multiple accesses at a time, by reusing the already in place CVE_CHECK_DB_FILE_LOCK YOCTO #14110 Signed-off-by: Konrad Weihmann Signed-off-by: Richard Purdie (cherry picked from commit 677f5741bd265be49d4a5bb933b3e8d8c4eec653) Signed-off-by: Anuj Mittal --- meta/classes/cve-check.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 4fa1a64f85..3add826fca 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -110,6 +110,7 @@ python do_cve_check () { } addtask cve_check before do_build after do_fetch +do_cve_check[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" do_cve_check[depends] = "cve-update-db-native:do_fetch" do_cve_check[nostamp] = "1"