From patchwork Wed Oct 25 02:29:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32900 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5E2DC07545 for ; Wed, 25 Oct 2023 02:29:44 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web11.35672.1698200979322306659 for ; Tue, 24 Oct 2023 19:29:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RA3t6iIV; spf=softfail (domain: sakoman.com, ip: 209.85.216.53, mailfrom: steve@sakoman.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-27cfb84432aso3597289a91.2 for ; Tue, 24 Oct 2023 19:29:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698200978; x=1698805778; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UIiAMD4T6PfH/yzAX8fLIh4tyVAKYf3yu7BxCVFnP9o=; b=RA3t6iIVjdbcqTxZNXWtQoc/6ip4vmUutl9FOwMaR8pENRnjKs1v/CEDYZ864Upm3I jXho5oBTdEUrLVkGZjjvfwerFfZgK50r8vOou9ESFc2qGYUL3InzGvDahwE9tZ8bmNZr D3EAu18ug9p2uqAQCepAf6wJoybPTw7b3zcD9I3S8ocvzLaTYjnOUFkYKe870DupSckc yCCcUYviaWzPVLRQHckZcOEIbAa7RQaZ5wiVFay1WhvEhTjcQFZaEQTGpISXkiDA2zJy 8iQC/r07F7ZniPfXhOM7B2s2j/x1gYN4Qw77e15lumpa59pGXWdGM1XiV76krlmAJEAw VRwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698200978; x=1698805778; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UIiAMD4T6PfH/yzAX8fLIh4tyVAKYf3yu7BxCVFnP9o=; b=F+A3AGk7mdUxxOO1Ipo1opyntj2RyRsuk0Vv5+OzNf54SCqV7/J9a/uZ0rAVfIDGaR L+gTupGPe/u9AeqwJqniFnN453fULdrPncgT1pwurpHt83WKze3VwbNXm2j+2uOq8Arq ESz7/PcVehw4yRE3Vs9OfTu2+cdcDLZR9kYg42l73UTDouWelpd5l+oMOpK2ugFT/3KL 5QioGjZq7PJYCVYXQQ38Ra0KBk1mNofzww6B8bTjARPGRwC17Um1WjEgRLaHtVe3xcV3 v81Q9/+8FN0l+EznlwqWwpOs+G/KG4X1kDDpJA+r7GTA60NJNegfSjYL2DEhwol5eGEJ 9QGg== X-Gm-Message-State: AOJu0YzCd9+2dskg0fx8FHjcCRp/0jJ+dR0/uf/GgROOwAlKS4zSP79A VO1JcoLbJ5CzsXBZ+NeptLsD3HxEzx4HIDNx8wU= X-Google-Smtp-Source: AGHT+IHHjZFP/gyABwc6aPIkILeWf435GYY0GStePq9yQVO2FCYIGTQh7NBKt/D/KgTdho5NIJZ+JQ== X-Received: by 2002:a17:90a:5b11:b0:27d:1571:f683 with SMTP id o17-20020a17090a5b1100b0027d1571f683mr10472943pji.44.1698200978249; Tue, 24 Oct 2023 19:29:38 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id x2-20020a17090a388200b0027d0d4d4128sm8538615pjb.25.2023.10.24.19.29.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 19:29:37 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 1/6] binutils: Backport fix CVE-2023-25588 Date: Tue, 24 Oct 2023 16:29:24 -1000 Message-Id: <6ffbb78f63e5adaadfaa9f5d5e9871ce3cfe7abf.1698200772.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Oct 2023 02:29:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189661 From: Ashish Sharma Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1] CVE: CVE-2023-25588 Signed-off-by: Ashish Sharma Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.34.inc | 1 + .../binutils/binutils/CVE-2023-25588.patch | 146 ++++++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 713e428a3e..a9a2bf332f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -53,5 +53,6 @@ SRC_URI = "\ file://CVE-2020-16593.patch \ file://0001-CVE-2021-45078.patch \ file://CVE-2022-38533.patch \ + file://CVE-2023-25588.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch b/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch new file mode 100644 index 0000000000..065d8e47f0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch @@ -0,0 +1,146 @@ +From d12f8998d2d086f0a6606589e5aedb7147e6f2f1 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Fri, 14 Oct 2022 10:30:21 +1030 +Subject: [PATCH] PR29677, Field `the_bfd` of `asymbol` is uninitialised + +Besides not initialising the_bfd of synthetic symbols, counting +symbols when sizing didn't match symbols created if there were any +dynsyms named "". We don't want synthetic symbols without names +anyway, so get rid of them. Also, simplify and correct sanity checks. + + PR 29677 + * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite. +--- +Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1] +CVE: CVE-2023-25588 +Signed-off-by: Ashish Sharma + + bfd/mach-o.c | 72 ++++++++++++++++++++++------------------------------ + 1 file changed, 31 insertions(+), 41 deletions(-) + +diff --git a/bfd/mach-o.c b/bfd/mach-o.c +index acb35e7f0c6..5279343768c 100644 +--- a/bfd/mach-o.c ++++ b/bfd/mach-o.c +@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, + bfd_mach_o_symtab_command *symtab = mdata->symtab; + asymbol *s; + char * s_start; +- char * s_end; + unsigned long count, i, j, n; + size_t size; + char *names; +- char *nul_name; + const char stub [] = "$stub"; + + *ret = NULL; +@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, + /* We need to allocate a bfd symbol for every indirect symbol and to + allocate the memory for its name. */ + count = dysymtab->nindirectsyms; +- size = count * sizeof (asymbol) + 1; +- ++ size = 0; + for (j = 0; j < count; j++) + { +- const char * strng; + unsigned int isym = dysymtab->indirect_syms[j]; ++ const char *str; + + /* Some indirect symbols are anonymous. */ +- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name)) +- /* PR 17512: file: f5b8eeba. */ +- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub); ++ if (isym < symtab->nsyms ++ && (str = symtab->symbols[isym].symbol.name) != NULL) ++ { ++ /* PR 17512: file: f5b8eeba. */ ++ size += strnlen (str, symtab->strsize - (str - symtab->strtab)); ++ size += sizeof (stub); ++ } + } + +- s_start = bfd_malloc (size); ++ s_start = bfd_malloc (size + count * sizeof (asymbol)); + s = *ret = (asymbol *) s_start; + if (s == NULL) + return -1; + names = (char *) (s + count); +- nul_name = names; +- *names++ = 0; +- s_end = s_start + size; + + n = 0; + for (i = 0; i < mdata->nsects; i++) +@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, + entry_size = bfd_mach_o_section_get_entry_size (abfd, sec); + + /* PR 17512: file: 08e15eec. */ +- if (first >= count || last >= count || first > last) ++ if (first >= count || last > count || first > last) + goto fail; + + for (j = first; j < last; j++) + { + unsigned int isym = dysymtab->indirect_syms[j]; +- +- /* PR 17512: file: 04d64d9b. */ +- if (((char *) s) + sizeof (* s) > s_end) +- goto fail; +- +- s->flags = BSF_GLOBAL | BSF_SYNTHETIC; +- s->section = sec->bfdsection; +- s->value = addr - sec->addr; +- s->udata.p = NULL; ++ const char *str; ++ size_t len; + + if (isym < symtab->nsyms +- && symtab->symbols[isym].symbol.name) ++ && (str = symtab->symbols[isym].symbol.name) != NULL) + { +- const char *sym = symtab->symbols[isym].symbol.name; +- size_t len; +- +- s->name = names; +- len = strlen (sym); +- /* PR 17512: file: 47dfd4d2. */ +- if (names + len >= s_end) ++ /* PR 17512: file: 04d64d9b. */ ++ if (n >= count) + goto fail; +- memcpy (names, sym, len); +- names += len; +- /* PR 17512: file: 18f340a4. */ +- if (names + sizeof (stub) >= s_end) ++ len = strnlen (str, symtab->strsize - (str - symtab->strtab)); ++ /* PR 17512: file: 47dfd4d2, 18f340a4. */ ++ if (size < len + sizeof (stub)) + goto fail; +- memcpy (names, stub, sizeof (stub)); +- names += sizeof (stub); ++ memcpy (names, str, len); ++ memcpy (names + len, stub, sizeof (stub)); ++ s->name = names; ++ names += len + sizeof (stub); ++ size -= len + sizeof (stub); ++ s->the_bfd = symtab->symbols[isym].symbol.the_bfd; ++ s->flags = BSF_GLOBAL | BSF_SYNTHETIC; ++ s->section = sec->bfdsection; ++ s->value = addr - sec->addr; ++ s->udata.p = NULL; ++ s++; ++ n++; + } +- else +- s->name = nul_name; +- + addr += entry_size; +- s++; +- n++; + } + break; + default: +-- +2.39.3 + From patchwork Wed Oct 25 02:29:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32904 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0836C25B6D for ; Wed, 25 Oct 2023 02:29:44 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.web11.35674.1698200981261781306 for ; Tue, 24 Oct 2023 19:29:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=XDlsv7d+; spf=softfail (domain: sakoman.com, ip: 209.85.216.46, mailfrom: steve@sakoman.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-27dc1e4d8b6so4446067a91.0 for ; Tue, 24 Oct 2023 19:29:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698200980; x=1698805780; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qcqcfvnkdrksrDwIpLDiO7efY006gnbxkbka3WYMKBM=; b=XDlsv7d+8SZEhdKFsrzPjsJ6OL9pIieklt6mXLDlDUZip/QjYulxrnSixcEUSKHqoF EYnEqOttiLCX+kFphcMa8z2sZpVGpLgjK/m4C2fioMDcRYnNozuMAaYvB1bPNeXIpwDa 8Oq6sTo1auev6T6W3GW4ufD2BVsDBbKsjeu7q1jAWqLMwcTJ2RD0Al4hVu43xDKQMCrQ ZpTjgzyABvZNHCZff83Bk2BzGgB6/fnRuBwIuNWSXfTbG0f/b7bbHjPsqw907aEB5C44 OQZSt7BStFjn7Gi57k6VsxMqoWpzweSiNiUu2a0miUygjnQzBOgy/KTUX5+rqpWSkiJR kyAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698200980; x=1698805780; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qcqcfvnkdrksrDwIpLDiO7efY006gnbxkbka3WYMKBM=; b=YSNZL0chAo5zBVQABeaSyHkLAq00toZBpboeWt0sfuMl4pjqpYGeLS/Zjv7yuDxvdE dEc7ZiQYVUkk7JQD0beNafBCBExnAdpByVrdtZSXw5jonJow0JZiWRnsAASZ58wmitwh 8lxp5+LKO8gTRkRjcy2UCKp+e8v/CYvQptKR7hJ8yJVn+p/Ji3th+ynVeu8WNWcoTXcq 9+Y2V/k85WMExYACYhqqW/6mZccOErOQMoN5sKTnhTfspk9389Aqfkxc17jItDlBnN52 g17sZETGp57ofTNCpl8lHTpJkn+UT0z1DR6dCGzURS1KTyGolVMKAdbkD9ldGRbPNp+p jhBw== X-Gm-Message-State: AOJu0YxhROmsFznisIrBV/WdQOXfocFvdosndgVZSQtmRogrsL4A5kIo 9L9nNsQkiBR3RA1oM8Yl6OvRJzt+wjuQlJYZBa0= X-Google-Smtp-Source: AGHT+IEh5J3gKmmSFbEU8Rpghs8YW8YGnBg1Yo6RuYzTqWQbPpIAcL0HJ6WVYQyqf1TZNBCG+1jo0Q== X-Received: by 2002:a17:90a:41:b0:27d:d9d:c54d with SMTP id 1-20020a17090a004100b0027d0d9dc54dmr13041810pjb.34.1698200979980; Tue, 24 Oct 2023 19:29:39 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id x2-20020a17090a388200b0027d0d4d4128sm8538615pjb.25.2023.10.24.19.29.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 19:29:39 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 2/6] vim: Upgrade 9.0.2009 -> 9.0.2048 Date: Tue, 24 Oct 2023 16:29:25 -1000 Message-Id: <35fc341402f38619922dcfc4dc9e58b00be26259.1698200772.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Oct 2023 02:29:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189662 From: Siddharth Doshi This includes CVE fix for CVE-2023-5535. Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 51247cbe0a..d8e88af22e 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".2009" -SRCREV = "54844857fd6933fa4f6678e47610c4b9c9f7a091" +PV .= ".2048" +SRCREV = "982ef16059bd163a77271107020defde0740bbd6" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" From patchwork Wed Oct 25 02:29:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32902 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC9DBC25B6E for ; Wed, 25 Oct 2023 02:29:44 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web11.35675.1698200982501990570 for ; Tue, 24 Oct 2023 19:29:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=yJ19g366; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-27d5fe999caso3583881a91.1 for ; Tue, 24 Oct 2023 19:29:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698200981; x=1698805781; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iHIeZBmggbq509dJ3ca0T4YzDE8vj/KQM3n7y+vRfAk=; b=yJ19g366aOrn8Q77jdAmawon6IlE0+oDf5PEDuDGSnABK203SNLcOriv9k+jt3oPaX A4vdqnLrXBmE7Zp18w0RMSarl+C5iNUp3ai7Q14vPLX/sacLoUSWFKrlY0deo4RKlrq1 NdLVee6MSA/9s4zJfw3xq+AqU6NFDCoouyCvGHXpiV9YqzjqYlW4wVepQB32x9hh04/f hoS2ecI+cNu0rcmJXEdg9u86Tyub73a/1CXTYQnPJb0tW/wEBbuctnrpZvJSUg16shj6 iyRSQgGw6V6zDgJ3bx+hI/jGNQTz1sxweGcyU54Ikxd4FpQeKwnSJ9BFyec6e3aqCauA jkEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698200981; x=1698805781; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iHIeZBmggbq509dJ3ca0T4YzDE8vj/KQM3n7y+vRfAk=; b=tmqBL1DCqtWO8S/v/2P7uhwzjed4GUsbss2+P2gewCNTzcNa2WK7tLvNBxWwMTN5P9 538iULvl0I5lEadYaiuluvTHUKdv9anW/6y8pJWQJRQJSnoHn1ldbrQ9kEhThWP/fT5x VVG4FFPCLd4aqkGZ8+rQN7WrbDB8n6TkGdvojrIx+4cve9Xo1sNn3tarqt0tW9xc5US0 2WePbLWMC6TmU5lAyF9OUiJmYACD8jq4EsjTnNRawogVfUAU4ohiO9/5/dARj0iFU6yu jUDMfkFy5H9O5sCgIjTNUtTInhAYOJbP7XZ2s1W1GlpqjdskxiY9cFZ3hxZ9O2kIjTUJ ePTw== X-Gm-Message-State: AOJu0YyISYfA6qSVMODKu7ObHvfrAx5vvBat0lsmW9+jzi8X3vFgE0b0 x9fZBd2XCIOfc/JxqqD90INSCxELdQhAhuGTYBg= X-Google-Smtp-Source: AGHT+IE5TsUGX43AUSA2vOHRN5ZeVMMBlnbCitKes5QPVzzRpGA+Gl6YKurlC60DbIooyWmZBrPdvg== X-Received: by 2002:a17:90a:4ca6:b0:27d:661f:59ac with SMTP id k35-20020a17090a4ca600b0027d661f59acmr11869862pjh.38.1698200981524; Tue, 24 Oct 2023 19:29:41 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id x2-20020a17090a388200b0027d0d4d4128sm8538615pjb.25.2023.10.24.19.29.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 19:29:41 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 3/6] linux-firmware: upgrade 20230625 -> 20230804 Date: Tue, 24 Oct 2023 16:29:26 -1000 Message-Id: <42d08fdcd3c95dbef795bb74f0ff5db8ff1b0a19.1698200772.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Oct 2023 02:29:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189663 From: Meenali Gupta License-Update: additional firmwares upgrade include fix for CVE-2023-20569 CVE-2022-40982 CVE-2023-20593 Changelog: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/ References: https://nvd.nist.gov/vuln/detail/CVE-2023-20569 https://nvd.nist.gov/vuln/detail/CVE-2022-40982 https://nvd.nist.gov/vuln/detail/CVE-2023-20593 Signed-off-by: Meenali Gupta Signed-off-by: Steve Sakoman (cherry picked from commit d3f1448246c9711f4f23f2e12c664e0ba3ae3f02) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20230625.bb => linux-firmware_20230804.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb index 7fe7e51240..507a003224 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "57bf874056926f12aec2405d3fc390d9" +WHENCE_CHKSUM = "41f9a48bf27971b126a36f9344594dcd" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d" +SRC_URI[sha256sum] = "88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688" inherit allarch From patchwork Wed Oct 25 02:29:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32903 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D43FC25B6F for ; Wed, 25 Oct 2023 02:29:45 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web10.165470.1698200983947442356 for ; Tue, 24 Oct 2023 19:29:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=jfvhG45o; spf=softfail (domain: sakoman.com, ip: 209.85.216.53, mailfrom: steve@sakoman.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-27d3c886671so4517419a91.3 for ; Tue, 24 Oct 2023 19:29:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698200983; x=1698805783; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4cpfLymLVzyGgNxX4vxTBoNY6rRHH5XQQwCD7Ms1ZMM=; b=jfvhG45oexy8eo1ZCNgOejKeyIPNg6PJD8ccneu5mIgmYQLAj7EG+AhWpEw7nQLlyX hGFkIh2KducAHZme90439VBRIbf3BxouOGvE4LL/aD8SwK1s3tpg7/+dX9ZIv1ZuOhSR Qxre44r7YjjgjtV8rp+wp097taVM0ucVfp9EdO0xMQqTi55JU/kb9Z3xHnLD/5pwJrEB c1ut8yq8PmzlRuZd0A7p9hjjUuaByHoEqi/GQ4wX4CzrvYNTId/z9QzjIabkXs7QIyGP QkGX+AllB5UrQqFuRlGrtxnsz9Pk0QqggogJwui6xb48n+0UF80ChfDMFP6U15bt/hfv SInw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698200983; x=1698805783; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4cpfLymLVzyGgNxX4vxTBoNY6rRHH5XQQwCD7Ms1ZMM=; b=Yv3L26By8P9dpWV9OLZpwvz3CSV2f/NUl3NYsbiLyNq5jjQptD+PU0jwtB/qVrsyzb lYbOmJ3y0AKX48llyE4cBSTb+uEOoTjjc2imGimt1x013J64dkwlikpj6FcOkwHIjwhW 5qPTSZ4gfFMrHv5yXa7/uaAdbqvvidAhzM0HdKbSXoCrTcJ7vPNIVmpJFeIQyK3m4fct pqxgjf/2uIsMHEMUIv73luW1MipclOGTz5DZ0IBE/QTaIdc5sHhBtOQm8XDAzhnM9LZX 8ghcBNudPCW6F67454/80gBLwI0l27aOfSMT0J1Pr7/5kmOcSDQvZNK6+OkteBR5Iwiu BfUg== X-Gm-Message-State: AOJu0YwEYeLTLFNAk5/4EkCj3LG18f4Vnj9FHdfqIB+kvXd4XyxvM+at zgE1hMAzo4b4kWRFRXvDQvaNfpLFjH3y4XAbiNc= X-Google-Smtp-Source: AGHT+IEdHTueKBAO2tTpFf2W6Hyqf3vQUqcCP0tr9+dTtJiKfb7ZHeqb/xpXySMveTg9zbiDi3n81Q== X-Received: by 2002:a17:90a:aa8d:b0:27e:22b:dce5 with SMTP id l13-20020a17090aaa8d00b0027e022bdce5mr13569720pjq.27.1698200983037; Tue, 24 Oct 2023 19:29:43 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id x2-20020a17090a388200b0027d0d4d4128sm8538615pjb.25.2023.10.24.19.29.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 19:29:42 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 4/6] resulttool/report: Avoid divide by zero Date: Tue, 24 Oct 2023 16:29:27 -1000 Message-Id: <33d3374a7149ad1afe86d86c0dc2a948f70e26bd.1698200772.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Oct 2023 02:29:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189664 From: Richard Purdie Avoid a divide by zero traceback if unfortunate test counts are encountered. Signed-off-by: Richard Purdie (cherry picked from commit c5aeea53dfacb53dedb8445cb3523dc3a8cb6dca) Signed-off-by: Steve Sakoman --- scripts/lib/resulttool/report.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/lib/resulttool/report.py b/scripts/lib/resulttool/report.py index f0ca50ebe2..a349510ab8 100644 --- a/scripts/lib/resulttool/report.py +++ b/scripts/lib/resulttool/report.py @@ -176,7 +176,10 @@ class ResultsTextReport(object): vals['sort'] = line['testseries'] + "_" + line['result_id'] vals['failed_testcases'] = line['failed_testcases'] for k in cols: - vals[k] = "%d (%s%%)" % (line[k], format(line[k] / total_tested * 100, '.0f')) + if total_tested: + vals[k] = "%d (%s%%)" % (line[k], format(line[k] / total_tested * 100, '.0f')) + else: + vals[k] = "0 (0%)" for k in maxlen: if k in vals and len(vals[k]) > maxlen[k]: maxlen[k] = len(vals[k]) From patchwork Wed Oct 25 02:29:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32905 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB92CC07545 for ; Wed, 25 Oct 2023 02:29:54 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web11.35677.1698200985472130460 for ; Tue, 24 Oct 2023 19:29:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=odnhAmSv; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-27d113508bfso4423933a91.3 for ; Tue, 24 Oct 2023 19:29:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698200984; x=1698805784; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=60p2pYIzbxBgB/yQarqbtVc20WhfQZy2+AgU/lpb3Og=; b=odnhAmSv6CP8/YIMnFzFgwDujssHCUocGRNmfhwImK2cA2SQcEJ8CHHnjQ3C8bNsv0 EL4MCKeQ1Fllf5KcDvt7dI15rlmobdgh1tDz2kF8eiTJugiCkBMW2KIkHspvTiKunfXO 49CA1fbGgCpJ8Uy41+WSO58H7n45+u/dTR6YfFYpk9QaBPFPdvEIXp4P1peP3KJdlCQV 7lMn0dPK4vpYY3vq0cW9r1rdBJSpMmif2nrITY7fDCmLTkCI6rBe1w1HajADcvl+nsEH vmFGn5Rm0Kx+OLDp8GYiANLw/55kwUrNVS/EPhUQLKizw5kwSd4XMhjyM1KRbJUj2xRj Gdjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698200984; x=1698805784; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=60p2pYIzbxBgB/yQarqbtVc20WhfQZy2+AgU/lpb3Og=; b=tvTUGJOUXADHYb+cCZOlh9/PChYvE99sIo9sUZjbOG8e9c78yDrysiDTR6t1N3gzzo 5W8OanDJM/CWKseAluz+Gmzi30nBcjJxq0HclWT9CL4s1Atz7kDWPwWmzMD1G1X3tgdG 25lEAQPFTz5VjELLAFxLurxzIAHtt70EZ+fCditUVtF5S5QEGOQrloQGz8Oj1QpAEX7o RbrAvS+tNImJAxwUZb8dK18uCgi2TG3dtFPSoZxb0H+/c2AmQ0j33U3lc/3hdmMPFGFy USrNd5IlwsooURmgUd8Wmy7GS+U82WiCxf04zJRXUN4EQKSn90tTuZQxa3vByEj0Q5d6 JE0Q== X-Gm-Message-State: AOJu0Yxkae1Na9/VE8cyeUrZntbOcX3ryS/J+OMWUNvPhpSmStEVy2Ni +xTBfHXgOdlz6vyJn3DELwuOV5BAvVhz74ZPIsA= X-Google-Smtp-Source: AGHT+IFZuBQ3/Kfz+RhopZ13qymSfOM825uWm5tTRvnWcStgEr0XIAfZvqSfyMIOg9xpzMBoG9qW9w== X-Received: by 2002:a17:90a:2ec5:b0:27d:97e5:f3fa with SMTP id h5-20020a17090a2ec500b0027d97e5f3famr14066348pjs.29.1698200984616; Tue, 24 Oct 2023 19:29:44 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id x2-20020a17090a388200b0027d0d4d4128sm8538615pjb.25.2023.10.24.19.29.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 19:29:44 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 5/6] patch.py: Use shlex instead of deprecated pipe Date: Tue, 24 Oct 2023 16:29:28 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Oct 2023 02:29:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189665 The pipe library is deprecated in Python 3.11 and will be removed in Python 3.13. pipe.quote is just an import of shlex.quote anyway. Clean up imports while we're at it. Signed-off-by: Ola x Nilsson Signed-off-by: Luca Ceresoli (cherry picked from commit 5f33c7b99a991c380d1813da8248ba5470ca4d4e) Signed-off-by: Steve Sakoman --- meta/lib/oe/patch.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py index 7cd8436da5..feb6ee7082 100644 --- a/meta/lib/oe/patch.py +++ b/meta/lib/oe/patch.py @@ -2,6 +2,9 @@ # SPDX-License-Identifier: GPL-2.0-only # +import os +import shlex +import subprocess import oe.path import oe.types @@ -24,7 +27,6 @@ class CmdError(bb.BBHandledException): def runcmd(args, dir = None): - import pipes import subprocess if dir: @@ -35,7 +37,7 @@ def runcmd(args, dir = None): # print("cwd: %s -> %s" % (olddir, dir)) try: - args = [ pipes.quote(str(arg)) for arg in args ] + args = [ shlex.quote(str(arg)) for arg in args ] cmd = " ".join(args) # print("cmd: %s" % cmd) (exitstatus, output) = subprocess.getstatusoutput(cmd) From patchwork Wed Oct 25 02:29:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32906 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E40AEC25B48 for ; Wed, 25 Oct 2023 02:29:54 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web10.165471.1698200987385220404 for ; Tue, 24 Oct 2023 19:29:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=sLt9Hl7B; spf=softfail (domain: sakoman.com, ip: 209.85.215.173, mailfrom: steve@sakoman.com) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-5859a7d6556so4088389a12.0 for ; Tue, 24 Oct 2023 19:29:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698200986; x=1698805786; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nHRN8BDQ1+JCMASQrxenQxIe+Yw3YocGqoXCw4Wd0Y8=; b=sLt9Hl7BZbL631ypdh5cZRG0BDqbhZeJ5xsv7G9Oy7FU80MRzzrsO6Rz+5PhcYsA6B azpqy1c76PKiUkrntI9j1CUbuy2VLyB0RcgTKLUSly1a+jvppnZPIGr3VNmUNTVhIwKv +OTp+fQ/pFPSbVK7a6VAWpgRxfaDWXrY7PROZp2+qt3X8Z9YZmgy0i53mh1Pz9oEiI7x 6WpZsQQvuNRinhTKcIyVeIUH7HygC2KNG3Iup6RZe0zyV7Umgi5W0I6DFvinmGEHSgpm LMXV+2LSI6HQRzZQWMd3h3sHtrfJxbYBtW61+KDKTST3CKClNHHIQir3foRjTVY0EKRA aSzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698200986; x=1698805786; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nHRN8BDQ1+JCMASQrxenQxIe+Yw3YocGqoXCw4Wd0Y8=; b=HwjfmQogutDGCV9AKlzhkIxTet/sGw3KSBLYg9A/bzR3WCr1AuU6+CTuic+EDF0zbB UILWNzGYppdj4b6DtW8XPs35rE0BVXXo0mx8zfGR4kd4CbAwcv6w6U5vVzFU4clqVOE9 aDW7axDi4/OaQ2RwGTdP5WFz5hIXz9EUmJEeXr+Ss/G+TqetIy4HI4wq/yBRn0Ax9wC0 5Gd9co76lU/gek2JK9XdoLOhNmoLg09H9ustnPD29TTel3b7REqC1UhZjb4UNMtqh195 HHb3uiu9rfqD5CdfzpwkQ9TUPQofRDZTCAjmk59faWtkyExAjYMyTtFr7Ces+ldFmk4w uRgQ== X-Gm-Message-State: AOJu0YzDN3REfcmaO/MApvf77JBpx0KrlysTKcbCtqKXYAWn2f2J4iVL I4uTPYDdZmA4nMe8JqIVGGcaGH0DNzBCugvR2h8= X-Google-Smtp-Source: AGHT+IH3XR6c77enenWSEvh013UrbiIne5GHUtyT5FyelGvy2Z+7cldMFNxETjW2wHT7CWzwfpz0BA== X-Received: by 2002:a17:90a:a38d:b0:27d:3a34:2194 with SMTP id x13-20020a17090aa38d00b0027d3a342194mr13431890pjp.14.1698200986238; Tue, 24 Oct 2023 19:29:46 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id x2-20020a17090a388200b0027d0d4d4128sm8538615pjb.25.2023.10.24.19.29.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 19:29:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 6/6] cve-exclusion_5.4.inc: update for 5.4.257 Date: Tue, 24 Oct 2023 16:29:29 -1000 Message-Id: <0f75737a408aef19937ee023a5e6b3e881cbd99b.1698200772.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Oct 2023 02:29:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189666 Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_5.4.inc | 207 +++++++++++++++--- 1 file changed, 179 insertions(+), 28 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc index 28e66d6f4f..4c17b701df 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-08-25 15:56:12.313882 for version 5.4.251 +# Generated at 2023-10-24 06:03:05.289306 for version 5.4.257 python check_kernel_cve_status_version() { - this_version = "5.4.251" + this_version = "5.4.257" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4832,6 +4832,9 @@ CVE_CHECK_WHITELIST += "CVE-2020-27194" # cpe-stable-backport: Backported in 5.4.23 CVE_CHECK_WHITELIST += "CVE-2020-2732" +# cpe-stable-backport: Backported in 5.4.25 +CVE_CHECK_WHITELIST += "CVE-2020-27418" + # cpe-stable-backport: Backported in 5.4.75 CVE_CHECK_WHITELIST += "CVE-2020-27673" @@ -4966,6 +4969,9 @@ CVE_CHECK_WHITELIST += "CVE-2020-36558" # cpe-stable-backport: Backported in 5.4.86 CVE_CHECK_WHITELIST += "CVE-2020-36694" +# cpe-stable-backport: Backported in 5.4.62 +CVE_CHECK_WHITELIST += "CVE-2020-36766" + # cpe-stable-backport: Backported in 5.4.143 CVE_CHECK_WHITELIST += "CVE-2020-3702" @@ -6408,7 +6414,8 @@ CVE_CHECK_WHITELIST += "CVE-2022-40768" # cpe-stable-backport: Backported in 5.4.213 CVE_CHECK_WHITELIST += "CVE-2022-4095" -# CVE-2022-40982 has no known resolution +# cpe-stable-backport: Backported in 5.4.252 +CVE_CHECK_WHITELIST += "CVE-2022-40982" # cpe-stable-backport: Backported in 5.4.229 CVE_CHECK_WHITELIST += "CVE-2022-41218" @@ -6489,9 +6496,9 @@ CVE_CHECK_WHITELIST += "CVE-2022-4382" # fixed-version: only affects 5.11rc1 onwards CVE_CHECK_WHITELIST += "CVE-2022-43945" -# CVE-2022-44032 has no known resolution +# CVE-2022-44032 needs backporting (fixed from 6.4rc1) -# CVE-2022-44033 has no known resolution +# CVE-2022-44033 needs backporting (fixed from 6.4rc1) # CVE-2022-44034 has no known resolution @@ -6504,14 +6511,17 @@ CVE_CHECK_WHITELIST += "CVE-2022-45869" # CVE-2022-45885 has no known resolution -# CVE-2022-45886 has no known resolution +# cpe-stable-backport: Backported in 5.4.246 +CVE_CHECK_WHITELIST += "CVE-2022-45886" -# CVE-2022-45887 has no known resolution +# cpe-stable-backport: Backported in 5.4.246 +CVE_CHECK_WHITELIST += "CVE-2022-45887" # fixed-version: only affects 5.14rc1 onwards CVE_CHECK_WHITELIST += "CVE-2022-45888" -# CVE-2022-45919 has no known resolution +# cpe-stable-backport: Backported in 5.4.246 +CVE_CHECK_WHITELIST += "CVE-2022-45919" # cpe-stable-backport: Backported in 5.4.229 CVE_CHECK_WHITELIST += "CVE-2022-45934" @@ -6586,7 +6596,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-0047" # fixed-version: only affects 6.0rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-0122" -# CVE-2023-0160 has no known resolution +# cpe-stable-backport: Backported in 5.4.243 +CVE_CHECK_WHITELIST += "CVE-2023-0160" # fixed-version: only affects 5.5rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-0179" @@ -6661,12 +6672,14 @@ CVE_CHECK_WHITELIST += "CVE-2023-1192" # CVE-2023-1193 has no known resolution -# CVE-2023-1194 has no known resolution +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-1194" # fixed-version: only affects 5.16rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-1195" -# CVE-2023-1206 needs backporting (fixed from 6.5rc4) +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-1206" # CVE-2023-1249 needs backporting (fixed from 5.18rc1) @@ -6695,7 +6708,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-1513" # fixed-version: only affects 5.19rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-1583" -# CVE-2023-1611 needs backporting (fixed from 6.3rc5) +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-1611" # cpe-stable-backport: Backported in 5.4.189 CVE_CHECK_WHITELIST += "CVE-2023-1637" @@ -6744,9 +6758,10 @@ CVE_CHECK_WHITELIST += "CVE-2023-2008" # fixed-version: only affects 5.12rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-2019" -# CVE-2023-20569 has no known resolution +# cpe-stable-backport: Backported in 5.4.252 +CVE_CHECK_WHITELIST += "CVE-2023-20569" -# CVE-2023-20588 has no known resolution +# CVE-2023-20588 needs backporting (fixed from 6.5rc6) # cpe-stable-backport: Backported in 5.4.250 CVE_CHECK_WHITELIST += "CVE-2023-20593" @@ -6772,7 +6787,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-2124" # fixed-version: only affects 5.16rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-21255" -# CVE-2023-21264 needs backporting (fixed from 6.4rc5) +# fixed-version: only affects 5.17rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-21264" # CVE-2023-21400 has no known resolution @@ -6866,6 +6882,9 @@ CVE_CHECK_WHITELIST += "CVE-2023-25012" # cpe-stable-backport: Backported in 5.4.242 CVE_CHECK_WHITELIST += "CVE-2023-2513" +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-25775" + # fixed-version: only affects 6.3rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-2598" @@ -6918,7 +6937,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-2898" # cpe-stable-backport: Backported in 5.4.235 CVE_CHECK_WHITELIST += "CVE-2023-2985" -# CVE-2023-3006 needs backporting (fixed from 6.1rc1) +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-3006" # Skipping CVE-2023-3022, no affected_versions @@ -6940,11 +6960,11 @@ CVE_CHECK_WHITELIST += "CVE-2023-3106" # CVE-2023-31082 has no known resolution -# CVE-2023-31083 has no known resolution +# CVE-2023-31083 needs backporting (fixed from 6.6rc1) # CVE-2023-31084 needs backporting (fixed from 6.4rc3) -# CVE-2023-31085 has no known resolution +# CVE-2023-31085 needs backporting (fixed from 5.4.258) # cpe-stable-backport: Backported in 5.4.247 CVE_CHECK_WHITELIST += "CVE-2023-3111" @@ -7017,7 +7037,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-3317" # cpe-stable-backport: Backported in 5.4.240 CVE_CHECK_WHITELIST += "CVE-2023-33203" -# CVE-2023-33250 has no known resolution +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-33250" # CVE-2023-33288 needs backporting (fixed from 6.3rc4) @@ -7055,7 +7076,10 @@ CVE_CHECK_WHITELIST += "CVE-2023-34255" # cpe-stable-backport: Backported in 5.4.243 CVE_CHECK_WHITELIST += "CVE-2023-34256" -# CVE-2023-34319 has no known resolution +# fixed-version: only affects 6.1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-34319" + +# CVE-2023-34324 needs backporting (fixed from 5.4.258) # fixed-version: only affects 5.15rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-3439" @@ -7094,21 +7118,28 @@ CVE_CHECK_WHITELIST += "CVE-2023-3609" # fixed-version: only affects 5.9rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-3610" -# CVE-2023-3611 needs backporting (fixed from 6.5rc2) +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-3611" # CVE-2023-3640 has no known resolution -# CVE-2023-37453 has no known resolution +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-37453" # CVE-2023-37454 has no known resolution -# CVE-2023-3772 has no known resolution +# cpe-stable-backport: Backported in 5.4.255 +CVE_CHECK_WHITELIST += "CVE-2023-3772" -# CVE-2023-3773 has no known resolution +# fixed-version: only affects 5.17rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-3773" # cpe-stable-backport: Backported in 5.4.251 CVE_CHECK_WHITELIST += "CVE-2023-3776" +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-3777" + # cpe-stable-backport: Backported in 5.4.224 CVE_CHECK_WHITELIST += "CVE-2023-3812" @@ -7139,12 +7170,44 @@ CVE_CHECK_WHITELIST += "CVE-2023-38432" # cpe-stable-backport: Backported in 5.4.251 CVE_CHECK_WHITELIST += "CVE-2023-3863" +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-3865" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-3866" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-3867" + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-39189" + +# CVE-2023-39191 needs backporting (fixed from 6.3rc1) + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-39192" + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-39193" + +# cpe-stable-backport: Backported in 5.4.255 +CVE_CHECK_WHITELIST += "CVE-2023-39194" + # fixed-version: only affects 5.6rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-4004" # CVE-2023-4010 has no known resolution -# CVE-2023-4128 needs backporting (fixed from 6.5rc5) +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4015" + +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-40283" + +# CVE-2023-40791 needs backporting (fixed from 6.5rc6) + +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-4128" # cpe-stable-backport: Backported in 5.4.251 CVE_CHECK_WHITELIST += "CVE-2023-4132" @@ -7156,9 +7219,97 @@ CVE_CHECK_WHITELIST += "CVE-2023-4132" # fixed-version: only affects 5.9rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-4147" -# CVE-2023-4155 has no known resolution +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4155" + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4194" + +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-4206" + +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-4207" -# CVE-2023-4194 needs backporting (fixed from 6.5rc5) +# cpe-stable-backport: Backported in 5.4.253 +CVE_CHECK_WHITELIST += "CVE-2023-4208" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4244" -# CVE-2023-4273 needs backporting (fixed from 6.5rc5) +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4273" + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-42752" + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-42753" + +# CVE-2023-42754 needs backporting (fixed from 5.4.258) + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-42755" + +# fixed-version: only affects 6.4rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2023-42756" + +# cpe-stable-backport: Backported in 5.4.198 +CVE_CHECK_WHITELIST += "CVE-2023-4385" + +# cpe-stable-backport: Backported in 5.4.196 +CVE_CHECK_WHITELIST += "CVE-2023-4387" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4389" + +# fixed-version: only affects 5.16rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4394" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-44466" + +# cpe-stable-backport: Backported in 5.4.196 +CVE_CHECK_WHITELIST += "CVE-2023-4459" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4563" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4569" + +# cpe-stable-backport: Backported in 5.4.235 +CVE_CHECK_WHITELIST += "CVE-2023-45862" + +# CVE-2023-45863 needs backporting (fixed from 6.3rc1) + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-45871" + +# CVE-2023-45898 needs backporting (fixed from 6.6rc1) + +# CVE-2023-4610 has no known resolution + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-4611" + +# CVE-2023-4622 needs backporting (fixed from 6.5rc1) + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-4623" + +# CVE-2023-4732 needs backporting (fixed from 5.14rc1) + +# CVE-2023-4881 needs backporting (fixed from 6.6rc1) + +# cpe-stable-backport: Backported in 5.4.257 +CVE_CHECK_WHITELIST += "CVE-2023-4921" + +# CVE-2023-5158 has no known resolution + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-5197" + +# fixed-version: only affects 6.1rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-5345"