* [OE-core][langdale 00/27] Patch review
@ 2023-03-09 22:57 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 01/27] tiff: fix multiple CVEs Steve Sakoman
` (26 more replies)
0 siblings, 27 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for langdale and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5023
The following changes since commit b995ea45773211bd7bdd60eabcc9bbffda6beb5c:
build-appliance-image: Update to langdale head revision (2023-03-06 15:17:13 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/langdale-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/langdale-nut
Alexander Kanavin (1):
devtool: ignore patch-fuzz errors when extracting source
Bhabu Bindu (1):
qemu: Fix CVE-2022-4144
Bruce Ashfield (3):
linux-yocto/5.15: update to v5.15.94
linux-yocto/5.15: update to v5.15.96
linux-yocto-rt/5.15: update to -rt59
Carlos Alberto Lopez Perez (1):
mesa-demos: packageconfig weston should have a dependency on
wayland-protocols
Chee Yang Lee (1):
tiff: fix multiple CVEs
Dmitry Baryshkov (1):
ffmpeg: fix build failure when vulkan is enabled
Geoffrey GIRY (1):
cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
Hitendra Prajapati (1):
libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Khem Raj (2):
libcomps: Fix callback function prototype for PyCOMPS_hash
rpm: Fix hdr_hash function prototype
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Pavel Zhukov (1):
u-boot: Map arm64 into map for u-boot dts installation
Peter Marko (1):
systemd: add group sgx to udev package
Richard Purdie (3):
binutils: Fix nativesdk ld.so search
oeqa/selftest/prservice: Improve debug output for failure
staging: Separate out different multiconfig manifests
Ross Burton (2):
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
Siddharth Doshi (1):
epiphany: Security fix for CVE-2023-26081
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Wang Mingyu (4):
iso-codes: upgrade 4.12.0 -> 4.13.0
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
meta-selftest/files/static-group | 1 +
meta/classes-global/staging.bbclass | 3 +
meta/classes-recipe/kernel.bbclass | 2 +-
.../distro/include/cve-extra-exclusions.inc | 296 +++++++++
meta/lib/oeqa/sdk/cases/buildepoxy.py | 2 +-
meta/lib/oeqa/selftest/cases/prservice.py | 2 +-
meta/recipes-bsp/u-boot/u-boot.inc | 4 +-
.../libxml/libxml2/CVE-2022-40303.patch | 624 ++++++++++++++++++
.../libxml/libxml2/CVE-2022-40304.patch | 106 +++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
meta/recipes-core/systemd/systemd_251.8.bb | 2 +-
...dk-Search-for-alternative-ld.so.conf.patch | 2 +-
...hash_t-instead-of-long-in-PyCOMPS_ha.patch | 66 ++
.../libcomps/libcomps_0.1.19.bb | 1 +
meta/recipes-devtools/lua/lua_5.4.4.bb | 3 +
.../meson/meson/meson-wrapper | 17 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-4144.patch | 99 +++
...y_hash_t-instead-of-long-in-hdr_hash.patch | 35 +
meta/recipes-devtools/rpm/rpm_4.18.0.bb | 1 +
meta/recipes-devtools/vala/vala.inc | 5 +-
meta/recipes-extended/shadow/shadow_4.12.3.bb | 3 +
meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 +
.../epiphany/files/CVE-2023-26081.patch | 90 +++
.../recipes-graphics/mesa/mesa-demos_8.5.0.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 -
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto.inc | 1 -
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch | 34 +
.../recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb | 1 +
.../libtiff/files/CVE-2022-48281.patch | 26 +
.../CVE-2023-0800_0801_0802_0803_0804.patch | 128 ++++
meta/recipes-multimedia/libtiff/tiff_4.4.0.bb | 2 +
...so-codes_4.12.0.bb => iso-codes_4.13.0.bb} | 2 +-
...ttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} | 2 +-
meta/recipes-support/vim/vim.inc | 2 +-
scripts/lib/devtool/standard.py | 1 +
39 files changed, 1566 insertions(+), 43 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
create mode 100644 meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
create mode 100644 meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
rename meta/recipes-support/iso-codes/{iso-codes_4.12.0.bb => iso-codes_4.13.0.bb} (94%)
rename meta/recipes-support/libmicrohttpd/{libmicrohttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} (90%)
--
2.34.1
^ permalink raw reply [flat|nested] 34+ messages in thread
* [OE-core][langdale 01/27] tiff: fix multiple CVEs
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 02/27] libxml2: Fix CVE-2022-40303 && CVE-2022-40304 Steve Sakoman
` (25 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
import patch from debian to fix
CVE-2022-48281
http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz
import patch from fedora to fix
CVE-2023-0800
CVE-2023-0801
CVE-2023-0802
CVE-2023-0803
CVE-2023-0804
https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/files/CVE-2022-48281.patch | 26 ++++
.../CVE-2023-0800_0801_0802_0803_0804.patch | 128 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.4.0.bb | 2 +
3 files changed, 156 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
new file mode 100644
index 0000000000..4f8dc35251
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
@@ -0,0 +1,26 @@
+From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sat, 21 Jan 2023 15:58:10 +0000
+Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
+
+
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz]
+CVE: CVE-2022-48281
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: tiff-4.2.0/tools/tiffcrop.c
+===================================================================
+--- tiff-4.2.0.orig/tools/tiffcrop.c
++++ tiff-4.2.0/tools/tiffcrop.c
+@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data
+ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+- prev_cropsize = seg_buffs[0].size;
++ prev_cropsize = seg_buffs[1].size;
+ if (prev_cropsize < cropsize)
+ {
+ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
new file mode 100644
index 0000000000..8372bc35f2
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
@@ -0,0 +1,128 @@
+From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sun, 5 Feb 2023 15:53:15 +0000
+Subject: [PATCH] tiffcrop: added check for assumption on composite images
+ (fixes #496)
+
+tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action.
+
+Closes #496, #497, #498, #500, #501.
+
+Upstream-Status: Backport [import from fedora https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440 ]
+CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 66 insertions(+), 2 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 84e26ac6..480b927c 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -5329,18 +5329,39 @@
+
+ crop->regionlist[i].buffsize = buffsize;
+ crop->bufftotal += buffsize;
++ /* For composite images with more than one region, the
++ * combined_length or combined_width always needs to be equal,
++ * respectively.
++ * Otherwise, even the first section/region copy
++ * action might cause buffer overrun. */
+ if (crop->img_mode == COMPOSITE_IMAGES)
+ {
+ switch (crop->edge_ref)
+ {
+ case EDGE_LEFT:
+ case EDGE_RIGHT:
++ if (i > 0 && zlength != crop->combined_length)
++ {
++ TIFFError(
++ "computeInputPixelOffsets",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (-1);
++ }
+ crop->combined_length = zlength;
+ crop->combined_width += zwidth;
+ break;
+ case EDGE_BOTTOM:
+ case EDGE_TOP: /* width from left, length from top */
+ default:
++ if (i > 0 && zwidth != crop->combined_width)
++ {
++ TIFFError("computeInputPixelOffsets",
++ "Only equal width regions can be "
++ "combined for -E "
++ "top or bottom");
++ return (-1);
++ }
+ crop->combined_width = zwidth;
+ crop->combined_length += zlength;
+ break;
+@@ -6546,6 +6567,46 @@
+ crop->combined_width = 0;
+ crop->combined_length = 0;
+
++ /* If there is more than one region, check beforehand whether all the width
++ * and length values of the regions are the same, respectively. */
++ switch (crop->edge_ref)
++ {
++ default:
++ case EDGE_TOP:
++ case EDGE_BOTTOM:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_width0 =
++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1;
++ uint32_t crop_width1 =
++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++ if (crop_width0 != crop_width1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal width regions can be combined for -E "
++ "top or bottom");
++ return (1);
++ }
++ }
++ break;
++ case EDGE_LEFT:
++ case EDGE_RIGHT:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_length0 =
++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1;
++ uint32_t crop_length1 =
++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
++ if (crop_length0 != crop_length1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (1);
++ }
++ }
++ }
++
+ for (i = 0; i < crop->selections; i++)
+ {
+ /* rows, columns, width, length are expressed in pixels */
+@@ -6570,7 +6631,8 @@
+ default:
+ case EDGE_TOP:
+ case EDGE_BOTTOM:
+- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width))
++ if ((crop->selections > i + 1) &&
++ (crop_width != crop->regionlist[i + 1].width))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal width regions can be combined for -E top or bottom");
+@@ -6651,7 +6713,8 @@
+ break;
+ case EDGE_LEFT: /* splice the pieces of each row together, side by side */
+ case EDGE_RIGHT:
+- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length))
++ if ((crop->selections > i + 1) &&
++ (crop_length != crop->regionlist[i + 1].length))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal length regions can be combined for -E left or right");
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
index 831014bff1..3b42dbe4a5 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
@@ -17,6 +17,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://0001-tiffcrop-S-option-Make-decision-simpler.patch \
file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \
file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
+ file://CVE-2022-48281.patch \
+ file://CVE-2023-0800_0801_0802_0803_0804.patch \
"
SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 02/27] libxml2: Fix CVE-2022-40303 && CVE-2022-40304
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 01/27] tiff: fix multiple CVEs Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 03/27] qemu: Fix CVE-2022-4144 Steve Sakoman
` (24 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 && https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
(From OE-Core rev: b46d0b7a599ee5d3009cca302ad5322d64eb94b9)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxml/libxml2/CVE-2022-40303.patch | 624 ++++++++++++++++++
.../libxml/libxml2/CVE-2022-40304.patch | 106 +++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
3 files changed, 732 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
new file mode 100644
index 0000000000..346ec37a9f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
@@ -0,0 +1,624 @@
+From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 25 Aug 2022 17:43:08 +0200
+Subject: [PATCH] CVE-2022-40303
+
+Fix integer overflows with XML_PARSE_HUGE
+
+Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
+to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
+XML_MAX_HUGE_LENGTH (1 billion bytes).
+
+Move some the length checks to the end of the respective loop to make
+them strict.
+
+xmlParseEntityValue didn't have a length limitation at all. But without
+XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
+
+Thanks to Maddie Stone working with Google Project Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0]
+CVE: CVE-2022-40303
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ parser.c | 233 +++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 121 insertions(+), 112 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1bc3713..0f76577 100644
+--- a/parser.c
++++ b/parser.c
+@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt);
+ * *
+ ************************************************************************/
+
++#define XML_MAX_HUGE_LENGTH 1000000000
++
+ #define XML_PARSER_BIG_ENTITY 1000
+ #define XML_PARSER_LOT_ENTITY 5000
+
+@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
+ errmsg = "Malformed declaration expecting version";
+ break;
+ case XML_ERR_NAME_TOO_LONG:
+- errmsg = "Name too long use XML_PARSE_HUGE option";
++ errmsg = "Name too long";
+ break;
+ #if 0
+ case:
+@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNameComplex++;
+@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3346,7 +3352,10 @@ const xmlChar *
+ xmlParseName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ GROW;
+
+@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
+ in++;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ size_t startPosition = 0;
+
+ #ifdef DEBUG
+@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */
+ (xmlIsNameChar(ctxt, c) && (c != ':'))) {
+ if (count++ > XML_PARSER_CHUNK_SIZE) {
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- return(NULL);
+- }
+ count = 0;
+ GROW;
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ if (c == 0) {
+@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3467,7 +3473,10 @@ static const xmlChar *
+ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in, *e;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNCName++;
+@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ goto complex;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ const xmlChar *cur = *str;
+ int len = 0, l;
+ int c;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseStringName++;
+@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ COPY_BUF(l,buffer,len,c);
+ cur += l;
+ c = CUR_SCHAR(cur, l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ *str = cur;
+ return(buffer);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNmToken++;
+@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((max > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ COPY_BUF(l,buffer,len,c);
+ NEXTL(l);
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ return(buffer);
+@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ }
+ if (len == 0)
+ return(NULL);
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+ return(NULL);
+ }
+@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int c, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlChar stop;
+ xmlChar *ret = NULL;
+ const xmlChar *cur = NULL;
+@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ GROW;
+ c = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
++ "entity value too long\n");
++ goto error;
++ }
+ }
+ buf[len] = 0;
+ if (ctxt->instate == XML_PARSER_EOF)
+@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ xmlChar *rep = NULL;
+ size_t len = 0;
+ size_t buf_size = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int c, l, in_space = 0;
+ xmlChar *current = NULL;
+ xmlEntityPtr ent;
+@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ while (((NXT(0) != limit) && /* checked */
+ (IS_CHAR(c)) && (c != '<')) &&
+ (ctxt->instate != XML_PARSER_EOF)) {
+- /*
+- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE
+- * special option is given
+- */
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+ if (c == '&') {
+ in_space = 0;
+ if (NXT(1) == '#') {
+@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ }
+ GROW;
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
++ "AttValue length too long\n");
++ goto mem_error;
++ }
+ }
+ if (ctxt->instate == XML_PARSER_EOF)
+ goto error;
+@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ } else
+ NEXT;
+
+- /*
+- * There we potentially risk an overflow, don't allow attribute value of
+- * length more than INT_MAX it is a very reasonable assumption !
+- */
+- if (len >= INT_MAX) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+-
+ if (attlen != NULL) *attlen = (int) len;
+ return(buf);
+
+@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int cur, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar stop;
+ int state = ctxt->instate;
+ int count = 0;
+@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
+- xmlFree(buf);
+- ctxt->instate = (xmlParserInputState) state;
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
++ xmlFree(buf);
++ ctxt->instate = (xmlParserInputState) state;
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = (xmlParserInputState) state;
+@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar cur;
+ xmlChar stop;
+ int count = 0;
+@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 1 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
+- xmlFree(buf);
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR;
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
++ xmlFree(buf);
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ if (cur != stop) {
+@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ int r, rl;
+ int cur, l;
+ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int inputid;
+
+ inputid = ctxt->input->id;
+@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ if ((r == '-') && (q == '-')) {
+ xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL);
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+- "Comment too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ if (len + 5 >= size) {
+ xmlChar *new_buf;
+ size_t new_size;
+@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
++ "Comment too big found", NULL);
++ xmlFree (buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ if (cur == 0) {
+@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t size = XML_PARSER_BUFFER_SIZE;
+ size_t len = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlParserInputState state;
+ const xmlChar *in;
+ size_t nbchar = 0;
+@@ -4966,8 +4983,7 @@ get_more:
+ buf[len] = 0;
+ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment too big found", NULL);
+ xmlFree (buf);
+@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t len = 0;
+ size_t size = XML_PARSER_BUFFER_SIZE;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int cur, l;
+ const xmlChar *target;
+ xmlParserInputState state;
+@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ return;
+ }
+ count = 0;
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ }
+ COPY_BUF(l,buf,len,cur);
+ NEXTL(l);
+@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
++ "PI %s too big found", target);
++ xmlFree(buf);
++ ctxt->instate = state;
++ return;
++ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ buf[len] = 0;
+ if (cur != '?') {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ const xmlChar *in = NULL, *start, *end, *last;
+ xmlChar *ret = NULL;
+ int line, col;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ GROW;
+ in = (xmlChar *) CUR_PTR;
+@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ start = in;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ if ((*in++ == 0x20) && (*in == 0x20)) break;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ last = last + delta;
+ }
+ end = ctxt->input->end;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+ }
+ }
+ }
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ col++;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ }
+ }
+ last = in;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ int s, sl;
+ int cur, l;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ /* Check 2.6.0 was NXT(0) not RAW */
+ if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) {
+@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
+- "CData section too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
+ if (tmp == NULL) {
+ xmlFree(buf);
+@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ }
+ NEXTL(l);
+ cur = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
++ "CData section too big found\n");
++ xmlFree(buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = XML_PARSER_CONTENT;
+--
+2.25.1
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
new file mode 100644
index 0000000000..b24be03315
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
@@ -0,0 +1,106 @@
+From cde95d801abc9405ca821ad814c7730333328d96 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 31 Aug 2022 22:11:25 +0200
+Subject: [PATCH] CVE-2022-40304
+
+Fix dict corruption caused by entity reference cycles
+
+When an entity reference cycle is detected, the entity content is
+cleared by setting its first byte to zero. But the entity content might
+be allocated from a dict. In this case, the dict entry becomes corrupted
+leading to all kinds of logic errors, including memory errors like
+double-frees.
+
+Stop storing entity content, orig, ExternalID and SystemID in a dict.
+These values are unlikely to occur multiple times in a document, so they
+shouldn't have been stored in a dict in the first place.
+
+Thanks to Ned Williamson and Nathan Wachholz working with Google Project
+Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b]
+CVE: CVE-2022-40304
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ entities.c | 55 ++++++++++++++++--------------------------------------
+ 1 file changed, 16 insertions(+), 39 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 1a8f86f..ec1b9a7 100644
+--- a/entities.c
++++ b/entities.c
+@@ -112,36 +112,19 @@ xmlFreeEntity(xmlEntityPtr entity)
+ if ((entity->children) && (entity->owner == 1) &&
+ (entity == (xmlEntityPtr) entity->children->parent))
+ xmlFreeNodeList(entity->children);
+- if (dict != NULL) {
+- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name)))
+- xmlFree((char *) entity->name);
+- if ((entity->ExternalID != NULL) &&
+- (!xmlDictOwns(dict, entity->ExternalID)))
+- xmlFree((char *) entity->ExternalID);
+- if ((entity->SystemID != NULL) &&
+- (!xmlDictOwns(dict, entity->SystemID)))
+- xmlFree((char *) entity->SystemID);
+- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI)))
+- xmlFree((char *) entity->URI);
+- if ((entity->content != NULL)
+- && (!xmlDictOwns(dict, entity->content)))
+- xmlFree((char *) entity->content);
+- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig)))
+- xmlFree((char *) entity->orig);
+- } else {
+- if (entity->name != NULL)
+- xmlFree((char *) entity->name);
+- if (entity->ExternalID != NULL)
+- xmlFree((char *) entity->ExternalID);
+- if (entity->SystemID != NULL)
+- xmlFree((char *) entity->SystemID);
+- if (entity->URI != NULL)
+- xmlFree((char *) entity->URI);
+- if (entity->content != NULL)
+- xmlFree((char *) entity->content);
+- if (entity->orig != NULL)
+- xmlFree((char *) entity->orig);
+- }
++ if ((entity->name != NULL) &&
++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name))))
++ xmlFree((char *) entity->name);
++ if (entity->ExternalID != NULL)
++ xmlFree((char *) entity->ExternalID);
++ if (entity->SystemID != NULL)
++ xmlFree((char *) entity->SystemID);
++ if (entity->URI != NULL)
++ xmlFree((char *) entity->URI);
++ if (entity->content != NULL)
++ xmlFree((char *) entity->content);
++ if (entity->orig != NULL)
++ xmlFree((char *) entity->orig);
+ xmlFree(entity);
+ }
+
+@@ -177,18 +160,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type,
+ ret->SystemID = xmlStrdup(SystemID);
+ } else {
+ ret->name = xmlDictLookup(dict, name, -1);
+- if (ExternalID != NULL)
+- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1);
+- if (SystemID != NULL)
+- ret->SystemID = xmlDictLookup(dict, SystemID, -1);
++ ret->ExternalID = xmlStrdup(ExternalID);
++ ret->SystemID = xmlStrdup(SystemID);
+ }
+ if (content != NULL) {
+ ret->length = xmlStrlen(content);
+- if ((dict != NULL) && (ret->length < 5))
+- ret->content = (xmlChar *)
+- xmlDictLookup(dict, content, ret->length);
+- else
+- ret->content = xmlStrndup(content, ret->length);
++ ret->content = xmlStrndup(content, ret->length);
+ } else {
+ ret->length = 0;
+ ret->content = NULL;
+--
+2.25.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 5d236e70fa..947f5b18f5 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -23,6 +23,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
file://remove-fuzz-from-ptests.patch \
file://libxml-m4-use-pkgconfig.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
+ file://CVE-2022-40303.patch \
+ file://CVE-2022-40304.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 03/27] qemu: Fix CVE-2022-4144
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 01/27] tiff: fix multiple CVEs Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 02/27] libxml2: Fix CVE-2022-40303 && CVE-2022-40304 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 04/27] epiphany: Security fix for CVE-2023-26081 Steve Sakoman
` (23 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Bhabu Bindu <bindudaniel1996@gmail.com>
Add patch to fix CVE-2022-4144
Link: https://security-tracker.debian.org/tracker/CVE-2022-4144
(From OE-Core rev: 4cb3874abf4fdeb04337a48a14c765ba9b2269d4)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-4144.patch | 99 +++++++++++++++++++
2 files changed, 100 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 0b24540bf9..f3237971ce 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -30,6 +30,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0001-net-tulip-Restrict-DMA-engine-to-memories.patch \
file://arm-cpreg-fix.patch \
file://CVE-2022-3165.patch \
+ file://CVE-2022-4144.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
new file mode 100644
index 0000000000..96052a19e8
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
@@ -0,0 +1,99 @@
+From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Mon, 28 Nov 2022 21:27:40 +0100
+Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt
+ (CVE-2022-4144)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Have qxl_get_check_slot_offset() return false if the requested
+buffer size does not fit within the slot memory region.
+
+Similarly qxl_phys2virt() now returns NULL in such case, and
+qxl_dirty_one_surface() aborts.
+
+This avoids buffer overrun in the host pointer returned by
+memory_region_get_ram_ptr().
+
+Fixes: CVE-2022-4144 (out-of-bounds read)
+Reported-by: Wenxu Yin (@awxylitol)
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
+
+CVE: CVE-2022-4144
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622]
+Comments: Deleted patch hunk in qxl.h,as it contains change
+in comments which is not present in current version of qemu
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20221128202741.4945-5-philmd@linaro.org>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ hw/display/qxl.c | 27 +++++++++++++++++++++++----
+ 1 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/qxl.c b/hw/display/qxl.c
+index 231d733250..0b21626aad 100644
+--- a/hw/display/qxl.c
++++ b/hw/display/qxl.c
+@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d)
+
+ /* can be also called from spice server thread context */
+ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+- uint32_t *s, uint64_t *o)
++ uint32_t *s, uint64_t *o,
++ size_t size_requested)
+ {
+ uint64_t phys = le64_to_cpu(pqxl);
+ uint32_t slot = (phys >> (64 - 8)) & 0xff;
+ uint64_t offset = phys & 0xffffffffffff;
++ uint64_t size_available;
+
+ if (slot >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
+@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ slot, offset, qxl->guest_slots[slot].size);
+ return false;
+ }
++ size_available = memory_region_size(qxl->guest_slots[slot].mr);
++ if (qxl->guest_slots[slot].offset + offset >= size_available) {
++ qxl_set_guest_bug(qxl,
++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n",
++ slot, qxl->guest_slots[slot].offset + offset,
++ size_available);
++ return false;
++ }
++ size_available -= qxl->guest_slots[slot].offset + offset;
++ if (size_requested > size_available) {
++ qxl_set_guest_bug(qxl,
++ "slot %d offset %"PRIu64" size %zu: "
++ "overrun by %"PRIu64" bytes\n",
++ slot, offset, size_requested,
++ size_requested - size_available);
++ return false;
++ }
+
+ *s = slot;
+ *o = offset;
+@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
+ offset = le64_to_cpu(pqxl) & 0xffffffffffff;
+ return (void *)(intptr_t)offset;
+ case MEMSLOT_GROUP_GUEST:
+- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
+ return NULL;
+ }
+ ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
+@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ uint32_t slot;
+ bool rc;
+
+- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
+- assert(rc == true);
+ size = (uint64_t)height * abs(stride);
++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size);
++ assert(rc == true);
+ trace_qxl_surfaces_dirty(qxl->id, offset, size);
+ qxl_set_dirty(qxl->guest_slots[slot].mr,
+ qxl->guest_slots[slot].offset + offset,
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 04/27] epiphany: Security fix for CVE-2023-26081
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 03/27] qemu: Fix CVE-2022-4144 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 05/27] shadow: ignore CVE-2016-15024 Steve Sakoman
` (22 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Siddharth Doshi <sdoshi@mvista.com>
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 +
.../epiphany/files/CVE-2023-26081.patch | 90 +++++++++++++++++++
2 files changed, 91 insertions(+)
create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
diff --git a/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/meta/recipes-gnome/epiphany/epiphany_42.4.bb
index 9efd2800da..98923a3bdc 100644
--- a/meta/recipes-gnome/epiphany/epiphany_42.4.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_42.4.bb
@@ -27,6 +27,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN
file://0002-help-meson.build-disable-the-use-of-yelp.patch \
file://migrator.patch \
file://distributor.patch \
+ file://CVE-2023-26081.patch \
"
SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860"
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
new file mode 100644
index 0000000000..af1e20bd8f
--- /dev/null
+++ b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
@@ -0,0 +1,90 @@
+From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 3 Feb 2023 13:07:15 -0600
+Subject: [PATCH] Don't autofill passwords in sandboxed contexts
+
+If using the sandbox CSP or iframe tag, the web content is supposed to
+be not trusted by the main resource origin. Therefore, we'd better
+disable the password manager entirely so the untrusted web content
+cannot exfiltrate passwords.
+
+https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
+CVE: CVE-2023-26081
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ .../resources/js/ephy.js | 26 +++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js
+index 38b806f..44d1792 100644
+--- a/embed/web-process-extension/resources/js/ephy.js
++++ b/embed/web-process-extension/resources/js/ephy.js
+@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function()
+ }
+ };
+
++Ephy.isSandboxedWebContent = function()
++{
++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
++ return self.origin === null || self.origin === 'null';
++};
++
+ Ephy.PasswordManager = class PasswordManager
+ {
+ constructor(pageID, frameID)
+@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ query(origin, targetOrigin, username, usernameField, passwordField)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`);
+
+ return new Promise((resolver, reject) => {
+@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ save(origin, targetOrigin, username, password, usernameField, passwordField, isNew)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerSave.postMessage({
+@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager
+ // FIXME: Why is pageID a parameter here?
+ requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
+@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ queryUsernames(origin)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Requesting usernames for origin=${origin}`);
+
+ return new Promise((resolver, reject) => {
+--
+2.35.5
+
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 05/27] shadow: ignore CVE-2016-15024
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 04/27] epiphany: Security fix for CVE-2023-26081 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs Steve Sakoman
` (21 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2331e98abb09cbcd56625d65c4e5d258dc29dd04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/shadow/shadow_4.12.3.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/shadow/shadow_4.12.3.bb b/meta/recipes-extended/shadow/shadow_4.12.3.bb
index 40b11345c9..d1a3fd5593 100644
--- a/meta/recipes-extended/shadow/shadow_4.12.3.bb
+++ b/meta/recipes-extended/shadow/shadow_4.12.3.bb
@@ -9,3 +9,6 @@ BBCLASSEXTEND = "native nativesdk"
# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
CVE_CHECK_IGNORE += "CVE-2013-4235"
+
+# This is an issue for a different shadow
+CVE_CHECK_IGNORE += "CVE-2016-15024"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 05/27] shadow: ignore CVE-2016-15024 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-10 8:23 ` Geoffrey GIRY
2023-03-09 22:57 ` [OE-core][langdale 07/27] linux-yocto/5.15: update to v5.15.94 Steve Sakoman
` (20 subsequent siblings)
26 siblings, 1 reply; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Geoffrey GIRY <geoffrey.giry@smile.fr>
Multiple CVE are patched in kernel but appears as active because the NVD
database is not up to date.
CVE are ignored if and only if all versions of kernel used by master are patched.
Also ignore CVEs with wrong CPE (applied to kernel but actually are for
another package)
Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92770a08c04a6c1eb351231d937b16e76558f013)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 296 ++++++++++++++++++
1 file changed, 296 insertions(+)
--git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 8b5f8d49b8..a281a8ac65 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-108
CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887"
# 2020
CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
+# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_CHECK_IGNORE += "CVE-2020-27784"
+
# 2021
CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
+CVE_CHECK_IGNORE += "CVE-2021-3669"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_IGNORE += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
+CVE_CHECK_IGNORE += "CVE-2021-4218"
+
# 2022
CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
@@ -90,6 +115,277 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE
CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
CVE-2022-29582 CVE-2022-29968"
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
+CVE_CHECK_IGNORE += "CVE-2022-0480"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
+# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
+# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
+# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
+CVE_CHECK_IGNORE += "CVE-2022-1184"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_IGNORE += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
+# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
+# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
+# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
+# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
+CVE_CHECK_IGNORE += "CVE-2022-2308"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
+CVE_CHECK_IGNORE += "CVE-2022-2327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
+# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
+# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
+# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
+# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
+# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
+CVE_CHECK_IGNORE += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
+# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
+# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
+CVE_CHECK_IGNORE += "CVE-2022-2785"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
+# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
+# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
+# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
+CVE_CHECK_IGNORE += "CVE-2022-3176"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
+# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
+# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
+# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_IGNORE += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
+# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
+# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
+# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
+CVE_CHECK_IGNORE += "CVE-2022-3526"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
+# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
+# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
+# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
+# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
+# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
+CVE_CHECK_IGNORE += "CVE-2022-3534"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_IGNORE += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
+# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
+# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
+# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
+CVE_CHECK_IGNORE += "CVE-2022-3619"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_IGNORE += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_IGNORE += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
+# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
+# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
+CVE_CHECK_IGNORE += "CVE-2022-3624"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
+# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
+# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
+# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
+# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
+# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
+# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
+CVE_CHECK_IGNORE += "CVE-2022-3625"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_IGNORE += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
+# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
+# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
+# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
+CVE_CHECK_IGNORE += "CVE-2022-3630"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_IGNORE += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_IGNORE += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
+# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
+# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
+CVE_CHECK_IGNORE += "CVE-2022-3636"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
+# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
+# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
+# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
+# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
+# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
+# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
+# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
+# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
+CVE_CHECK_IGNORE += "CVE-2022-3640"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_IGNORE += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_IGNORE += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
+# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_IGNORE += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_IGNORE += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_IGNORE += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_IGNORE += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_IGNORE += "CVE-2022-33742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+CVE_CHECK_IGNORE += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
+# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
+# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
+# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
+CVE_CHECK_IGNORE += "CVE-2022-42896"
+
+
+# 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
+# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
+# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
+CVE_CHECK_IGNORE += "CVE-2023-0266"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_IGNORE += "CVE-2023-0394"
+
+# Wrong CPE in NVD database
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
+# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
+CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 07/27] linux-yocto/5.15: update to v5.15.94
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 08/27] linux-yocto/5.15: update to v5.15.96 Steve Sakoman
` (19 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
e2c1a934fd8e Linux 5.15.94
17170acdc7c8 Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
5122e0e44363 KVM: x86: Mitigate the cross-thread return address predictions bug
8f12dcab90e8 x86/speculation: Identify processors vulnerable to SMT RSB predictions
e63c434de8b6 drm/i915: Fix VBT DSI DVO port handling
fc88c6838183 drm/i915: Initialize the obj flags for shmem objects
2e557c8ca2c5 drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
3af734f3eac6 Fix page corruption caused by racy check in __free_pages
c94ce5ea68dc arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
b796c02df37e arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive
5d9b771f53c1 arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
ac39dce11912 rtmutex: Ensure that the top waiter is always woken up
86f7e4239336 powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch
2907cf3f2ec7 riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
beb1cefa3ccd ceph: flush cap releases when the session is flushed
86733ab23933 clk: ingenic: jz4760: Update M/N/OD calculation algorithm
239e927eb2ea usb: typec: altmodes/displayport: Fix probe pin assign check
48aecce116e4 usb: core: add quirk for Alcor Link AK9563 smartcard reader
a8178bb1c776 btrfs: free device in btrfs_close_devices for a single device filesystem
8d13f2c3e2ba mptcp: be careful on subflow status propagation on errors
25141fb41191 net: USB: Fix wrong-direction WARNING in plusb.c
d1fba1e096ff cifs: Fix use-after-free in rdata->read_into_pages()
1b83e7e174d8 pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
f5f025b703e2 spi: dw: Fix wrong FIFO level setting for long xfers
71668706fbe7 pinctrl: single: fix potential NULL dereference
a2a1065739e9 pinctrl: aspeed: Fix confusing types in return value
99450163bcf6 pinctrl: mediatek: Fix the drive register definition of some Pins
9f0d2c268488 ASoC: topology: Return -ENOMEM on memory allocation failure
1a52ef89e369 riscv: stacktrace: Fix missing the first frame
5fb815433450 ALSA: pci: lx6464es: fix a debug loop
105ea562f6cf selftests: forwarding: lib: quote the sysctl values
528e3f3a4b53 rds: rds_rm_zerocopy_callback() use list_first_entry()
48d6d8f2f609 igc: Add ndo_tx_timeout support
62ff7dd961ab net/mlx5: Serialize module cleanup with reload and remove
95d2394f84f1 net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
ab7f3f6a9d9b net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
193528646ed2 net/mlx5e: IPoIB, Show unknown speed instead of error
7c6e8eb617c1 net/mlx5: Bridge, fix ageing of peer FDB entries
49ece61a078f net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
31172267bab0 net/mlx5e: Introduce the mlx5e_flush_rq function
e4e4e93d31b3 net/mlx5e: Move repeating clear_bit in mlx5e_rx_reporter_err_rq_cqe_recover
3f18b9ed8c83 net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol 802.1Q"
6acb5d853b41 net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware
ca834a017851 ice: Do not use WQ_MEM_RECLAIM flag for workqueue
70d48c7992ca uapi: add missing ip/ipv6 header dependencies for linux/stddef.h
3cec44036f48 ionic: clean interrupt before enabling queue to avoid credit race
fad12afe877a net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
d23385a200e6 bonding: fix error checking in bond_debug_reregister()
11006d9d083f net: phylink: move phy_device_free() to correctly release phy device
fb022d7b1c79 xfrm: fix bug with DSCP copy to v6 from v4 tunnel
6fe1ad42afa8 RDMA/usnic: use iommu_map_atomic() under spin_lock()
8f5fe1cd8e6a RDMA/irdma: Fix potential NULL-ptr-dereference
1b4ef90cbcfa IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
5dc688fae6b7 xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
9bae58d58b6b IB/hfi1: Restore allocated resources on failed copyout
558b1fa01cdc xfrm: compat: change expression for switch in xfrm_xlate64
238b38e89fff can: j1939: do not wait 250 ms if the same addr was already claimed
d859184b60d4 of/address: Return an error when no valid dma-ranges are found
70f37b3118de tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw
df017495039a ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9
ca9d54220345 ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
706b6d86a6f8 ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
731fc29de6a2 ALSA: hda/realtek: Add Positivo N14KP6-TG
b93805980714 btrfs: zlib: zero-initialize zlib workspace
e65faa7e39a2 btrfs: limit device extents to the device size
2e4dd07fda7a migrate: hugetlb: check for hugetlb shared PMD in node migration
072e7412e857 mm/migration: return errno when isolate_huge_page failed
85d7786c66b6 Linux 5.15.93
6e2fac197de2 bpf: Skip invalid kfunc call in backtrack_insn
46c9088cabd4 gfs2: Always check inode size of inline inodes
8eb2e58a92e0 gfs2: Cosmetic gfs2_dinode_{in,out} cleanup
e4991910f150 wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
97ccfffcc061 f2fs: fix to do sanity check on i_extra_isize in is_alive()
64fa364ad324 fbdev: smscufx: fix error handling code in ufx_usb_probe
a77141a06367 ovl: Use "buf" flexible array for memcpy() destination
1692fedd0f66 fs/ntfs3: Validate attribute data and valid sizes
a5b9cb72769b powerpc/imc-pmu: Revert nest_init_lock to being a mutex
3691f43a0959 iio:adc:twl6030: Enable measurement of VAC
8c84f50390b2 bpf: Do not reject when the stack read size is different from the tracked scalar size
14b6198abbd5 bpf: Fix incorrect state pruning for <8B spill/fill
575a9f6fefd9 phy: qcom-qmp-combo: fix runtime suspend
e58df87394be phy: qcom-qmp-combo: fix broken power on
368ea32e0ad0 phy: qcom-qmp-usb: fix memleak on probe deferral
2f27d3811a41 phy: qcom-qmp-combo: fix memleak on probe deferral
0cb10ddab7df phy: qcom-qmp-combo: disable runtime PM on unbind
0ef5ffe11682 serial: 8250_dma: Fix DMA Rx rearm race
e30328f599b9 serial: 8250_dma: Fix DMA Rx completion race
a5a171f61a04 nvmem: core: fix cell removal on error
6d9fa3ff6548 nvmem: core: remove nvmem_config wp_gpio
adf80e072c95 nvmem: core: initialise nvmem->id early
e3ebc3e23bd9 drm/i915: Fix potential bit_17 double-free
997bed0f3cde Squashfs: fix handling and sanity checking of xattr_ids count
7a0cfaf9d457 highmem: round down the address passed to kunmap_flush_on_unmap()
5dbe1ebd5647 mm/swapfile: add cond_resched() in get_swap_pages()
daf82418045f fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
afd32b683154 x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses
066ecbf1a53e kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
481bf49f58bb usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
fdf40e582442 mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
6c300351c55d riscv: disable generation of unwind tables
a5c275add96b parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
a964decd1307 parisc: Fix return code of pdc_iodc_print()
488eaf0625d9 nvmem: qcom-spmi-sdam: fix module autoloading
8569beb66fe6 iio: imu: fxos8700: fix MAGN sensor scale and unit
8aa5cdcfaf6a iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
4112ba1ad5ca iio: imu: fxos8700: fix failed initialization ODR mode assignment
abf7b2ba51f5 iio: imu: fxos8700: fix incorrect ODR mode readback
412757741c22 iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
34909532b12e iio: imu: fxos8700: fix map label of channel type to MAGN sensor
8346eb4987e5 iio: imu: fxos8700: fix IMU data bits returned to user space
7567cdf3ce21 iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
6969852220af iio: imu: fxos8700: fix ACCEL measurement range selection
cdacfb220556 iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
9988063dcefd iio: adc: berlin2-adc: Add missing of_node_put() in error path
c691a5c0fd03 iio: hid: fix the retval in gyro_3d_capture_sample
ef80a34699cd iio: hid: fix the retval in accel_3d_capture_sample
c4eae85c73be efi: Accept version 2 of memory attributes table
710db8206351 ALSA: hda/realtek: Add Acer Predator PH315-54
3fbddf86d924 watchdog: diag288_wdt: fix __diag288() inline assembly
700dd5bc72d3 watchdog: diag288_wdt: do not use stack buffers for hardware data
21bc51e29e66 net: qrtr: free memory on error path in radix_tree_insert()
dccbd062d716 fbcon: Check font dimension limits
5d7500d99164 Input: i8042 - add Clevo PCX0DX to i8042 quirk table
fc9e27f3ba08 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
9ba1188a719a usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
fe86480e903f usb: dwc3: qcom: enable vbus override when in OTG dr-mode
a412fe7baf40 iio: adc: stm32-dfsdm: fill module aliases
994465939830 drm/amd/display: Fix timing not changning when freesync video is enabled
a3967128bc65 net/x25: Fix to not accept on connected socket
396ea318e7fa platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
1577524633c7 platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table
540cea9f9b6d i2c: rk3x: fix a bunch of kernel-doc warnings
0aaabdb900c7 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
17b738590b97 scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
8cd0499f9c33 perf/x86/intel: Add Emerald Rapids
709351537096 scsi: target: core: Fix warning on RT kernels
b7960f54362b i2c: mxs: suppress probe-deferral error message
b9b87fc34b7f i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
d8fc0b5fb3e8 efi: fix potential NULL deref in efi_mem_reserve_persistent
f423c2efd51d net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
798502864789 virtio-net: Keep stop() to follow mirror sequence of open()
5d884f9e80ff selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking
63aa63af3a1e selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
d41a3f9cc242 selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
5af98283e554 selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
89e0701e03c5 ata: libata: Fix sata_down_spd_limit() when no link speed is reported
9ab896775f98 can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
02d77d98e020 igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp()
04a735582095 riscv: kprobe: Fixup kernel panic when probing an illegal position
206c367b6a2e ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address
90178bc0f28f ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local address
dfe2f0ea3851 net: phy: meson-gxl: Add generic dummy stubs for MMD register access
b7398efe24a9 squashfs: harden sanity check in squashfs_read_xattr_id_table
89a69216f170 netfilter: br_netfilter: disable sabotage_in hook after first suppression
cdb444e73fdc drm/i915/adlp: Fix typo for reference clock
960f20d8582e drm/i915/guc: Fix locking when searching for a hung request
c27e0eac568a netrom: Fix use-after-free caused by accept on already connected socket
511c922c5bf6 block, bfq: fix uaf for bfqq in bic_set_bfqq()
a62c129dcbfa block, bfq: replace 0/1 with false/true in bic apis
37a744a068c9 block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"
2cd1e9c013ec net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
18c18c2110ea sfc: correctly advertise tunneled IPv6 segmentation
878b06f60a08 dpaa2-eth: execute xdp_do_flush() before napi_complete_done()
3b5774cd6b94 dpaa_eth: execute xdp_do_flush() before napi_complete_done()
5a7040a649c8 virtio-net: execute xdp_do_flush() before napi_complete_done()
94add5b27290 qede: execute xdp_do_flush() before napi_complete_done()
a273f8e3ab90 ice: Prevent set_channel from changing queues while RDMA active
b432e183c26e fix "direction" argument of iov_iter_kvec()
d8b8306e963e fix iov_iter_bvec() "direction" argument
389c7c0ef9cc READ is "data destination", not source...
7a3649bf5bef WRITE is "data source", not destination...
83cc6a7bb75c vhost/net: Clear the pending messages when the backend is removed
7c7d344bc386 scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT"
4b199dc09416 drm/vc4: hdmi: make CEC adapter name unique
dc1f8ab25a17 arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
c681d7a4ed3d bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
34ad5d8885f5 bpf: Fix to preserve reg parent/live fields when copying range info
7b86f9ab5692 bpf: Support <8-byte scalar spill and refill
1b9256c96220 ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
b7abeb691637 bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
cfcc2390dbc5 ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
b4b204565a45 ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
1f1e7635c54d ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
41d323c352ac ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
6a9990e1d92b ASoC: Intel: bytcht_es8316: move comment to the right place
ffcdf354555b ASoC: Intel: boards: fix spelling in comments
bd0b17ab1b76 bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
5f4543c9382a firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
e515b9902f5f Linux 5.15.92
c7caf669b89d net: mctp: purge receive queues on sk destruction
046de74f9af9 net: fix NULL pointer in skb_segment_list
7ab3376703ce selftests: Provide local define of __cpuid_count()
e92e311ced6f selftests/vm: remove ARRAY_SIZE define from individual tests
c9e52db90031 tools: fix ARRAY_SIZE defines in tools and selftests hdrs
c1aa0dd52db4 Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
02e61196c578 ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems
79dd676b445f extcon: usbc-tusb320: fix kernel-doc warning
c2bd60ef20de ext4: fix bad checksum after online resize
4cd1e18bc04a cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
43acd767bd90 dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
a54c5ad007ea HID: playstation: sanity check DualSense calibration data.
6d7686cc11b7 blk-cgroup: fix missing pd_online_fn() while activating policy
2144859229c1 erofs/zmap.c: Fix incorrect offset calculation
0dfef5031335 bpf: Skip task with pid=1 in send_signal_common()
e8bb772f745e firmware: arm_scmi: Clear stale xfer->hdr.status
80cb9f1a76aa arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI
162fad24d2e1 arm64: dts: freescale: Fix pca954x i2c-mux node names
82ad105e1a55 ARM: dts: vf610: Fix pca9548 i2c-mux node names
5aee5f33e03a ARM: dts: imx: Fix pca9547 i2c-mux node name
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f5deb914ba17c131c4880da8d9a1184c2d2a3ef6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 8d299ca059..62cf6c2023 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "0567deb52d2f2c3cd3046f56ca3fb97a151cf6ec"
-SRCREV_meta ?= "8df0d345ef202197eef82942933161213d4d1846"
+SRCREV_machine ?= "0e479ee9b51bb384ce793fe55b05e8c2c3d3041a"
+SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.91"
+LINUX_VERSION ?= "5.15.94"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 400ef75cc2..d91dc0bea8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.91"
+LINUX_VERSION ?= "5.15.94"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "01c387906b52214892aaea0664b3b4ead35fe484"
-SRCREV_meta ?= "8df0d345ef202197eef82942933161213d4d1846"
+SRCREV_machine ?= "8c906f7637d74bde62e074f6d8be8e6bd180cd47"
+SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 60c088b9fe..033e7b0e24 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "9c525056e4d5c3852fff6058bd7f6a648a3b645e"
-SRCREV_machine:qemuarm64 ?= "30e3bff02675a3d10bd04c51f52f4a6b17b94d01"
-SRCREV_machine:qemumips ?= "0dda96ab67034ee0f1db18c04fed33d2a4e2fec1"
-SRCREV_machine:qemuppc ?= "43c8d401cf8092c19e47935c5667dacf754885d4"
-SRCREV_machine:qemuriscv64 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemuriscv32 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemux86 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemux86-64 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemumips64 ?= "26e3543c62c04852896adc70584b1eaa59f15fad"
-SRCREV_machine ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_meta ?= "8df0d345ef202197eef82942933161213d4d1846"
+SRCREV_machine:qemuarm ?= "56893626121030f0602bc416f300ca54e1135d8e"
+SRCREV_machine:qemuarm64 ?= "c5b37eefe0c4c0956d87d8469556ca295b55cab4"
+SRCREV_machine:qemumips ?= "1d8fd6769259a16d49aaf8d9c3eecd970343249e"
+SRCREV_machine:qemuppc ?= "6e2e7b94716f4547f6e5cfd47dc430f84f4b70a7"
+SRCREV_machine:qemuriscv64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemuriscv32 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemux86 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemux86-64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemumips64 ?= "27458775da7568a4844f438c7f1cd9fbf20a55f6"
+SRCREV_machine ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "9cf4111cdf9420fa99792ae16c8de23242bb2e0b"
+SRCREV_machine:class-devupstream ?= "e2c1a934fd8e4288e7a32f4088ceaccf469eb74c"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.91"
+LINUX_VERSION ?= "5.15.94"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 08/27] linux-yocto/5.15: update to v5.15.96
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 07/27] linux-yocto/5.15: update to v5.15.94 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 09/27] linux-yocto-rt/5.15: update to -rt59 Steve Sakoman
` (18 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
d383d0f28eca Linux 5.15.96
49ce63694cae bpf: add missing header file include
80569627ce46 Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs"
0c168d7f36d5 lib/Kconfig.debug: Allow BTF + DWARF5 with pahole 1.21+
6ba3de5a8a02 lib/Kconfig.debug: Use CONFIG_PAHOLE_VERSION
0f59e08070ba scripts/pahole-flags.sh: Use pahole-version.sh
3597fd5f9217 kbuild: Add CONFIG_PAHOLE_VERSION
c98077f7598a ext4: Fix function prototype mismatch for ext4_feat_ktype
43cb0369c84a audit: update the mailing list in MAINTAINERS
b5ef61edb1e5 wifi: mwifiex: Add missing compatible string for SD8787
a24eb3f99063 nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
d518ca02542f binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
367d0456c792 binder: Address corner cases in deferred copy and fixup
b345b2200288 binder: fix pointer cast warning
c194fc351fec binder: defer copies of pre-patched txn data
d107b4352284 binder: read pre-translated fds from sender buffer
41d8b591d70a uaccess: Add speculation barrier to copy_from_user()
0d3d5099a50b drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
d835f9c4ede2 powerpc/64s/radix: Fix RWX mapping with relocated kernel
87b3e4f845a2 powerpc/64s/radix: Fix crash with unaligned relocated kernel
0b0e9b5adc8e powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary
b6fff8fa4f5b powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
e7f5e3b60c30 powerpc: use generic version of arch_is_kernel_initmem_freed()
fc58616b198b powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
62302ac5777a can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
6b539a7dbb49 KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
78c1d35ed66c KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
676248836577 KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
5456f0d53b4a random: always mix cycle counter in add_latent_entropy()
d2edb20b003e clk: mxl: syscon_node_to_regmap() returns error pointers
04d31929df12 powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
8ae31d36516b clk: mxl: Fix a clk entry by adding relevant flags
a0583edea4fd clk: mxl: Add option to override gate clks
ef1219115128 clk: mxl: Remove redundant spinlocks
e5580a805472 clk: mxl: Switch from direct readl/writel based IO to regmap based IO
20ea32ad9c99 drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
28985cd17ac7 wifi: rtl8xxxu: gen2: Turn on the rate control
d04d19cf0ead drm/etnaviv: don't truncate physical page address
60b502b3ffea Linux 5.15.95
3f94c70333f6 platform/x86/amd: pmc: add CONFIG_SERIO dependency
1c202909c8b0 net: sched: sch: Fix off by one in htb_activate_prios()
180a1632b6c7 ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
68c2db8ef56d alarmtimer: Prevent starvation by small intervals and SIG_IGN
35351e3060d6 kvm: initialize all of the kvm_debugregs structure before sending it to userspace
1cbb51d83f56 net/sched: tcindex: search key must be 16 bits
cd9569062d8e i40e: Add checking for null for nlmsg_find_attr()
290e7084926c net/sched: act_ctinfo: use percpu stats
22d0cb47047a flow_offload: fill flags to action structure
d53360d443be drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
8174915c7bf3 drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
43dd56f7bfcb mm/filemap: fix page end in filemap_get_read_batch
a158782b56b0 nilfs2: fix underflow in second superblock position calculations
13bc7dd5b365 ipv6: Fix tcp socket connection with DSCP.
f3326fa5e480 ipv6: Fix datagram socket connection with DSCP.
9c35c81fd6f0 ixgbe: add double of VLAN header when computing the max MTU
59a74da8da75 net: mpls: fix stale pointer if allocation fails during device rename
bf8b820ea0ca net: stmmac: Restrict warning on disabling DMA store and fwd mode
269520bee744 bnxt_en: Fix mqprio and XDP ring checking logic
0428aabbcc15 net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
1563e998a938 net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
338f826d3afe net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
59e30d2bd309 dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
becf55394f6a net/sched: tcindex: update imperfect hash filters respecting rcu
3d5f95be49c5 sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
fa56f164455e net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk
2603a5ca6223 net: bgmac: fix BCM5358 support by setting correct flags
a5e4f2b284dc i40e: add double of VLAN header when computing the max MTU
1f23ca5dba6c ixgbe: allow to increase MTU to 3K with XDP enabled
65d07ae69bd3 revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
50267cf35ba0 net: Fix unwanted sign extension in netdev_stats_to_stats64()
3775c95ffbc6 Revert "mm: Always release pages to the buddy allocator in memblock_free_late()."
57081f83849c selftest/lkdtm: Skip stack-entropy test if lkdtm is not available
9197daee9eb6 of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem
8b29a1866f64 hugetlb: check for undefined shift on 32 bit architectures
cca2b3feb701 sched/psi: Fix use-after-free in ep_remove_wait_queue()
c5f2151afb2a ALSA: hda/realtek - fixed wrong gpio assigned
1a3f8c85cd2a ALSA: hda/conexant: add a new hda codec SN6180
ecad2fafd424 mmc: mmc_spi: fix error handling in mmc_spi_probe()
1e06cf04239e mmc: sdio: fix possible resource leaks in some error paths
732e3b293ca3 mmc: jz4740: Work around bug on JZ4760(B)
fdaf88531cfd tcp: Fix listen() regression in 5.15.88.
9a1d92cbeac3 netfilter: nft_tproxy: restrict to prerouting hook
3fc9dc0340e0 platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN
c2cb2c71da50 platform/x86: amd-pmc: Correct usage of SMU version
2dcf115681d4 platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled
32e3a6c4a756 platform/x86: amd-pmc: Export Idlemask values based on the APU
1723efa4c375 drm/amd/display: Fail atomic_check early on normalize_zpos error
178993157e8c aio: fix mremap after fork null-deref
3cfc5e84ac6f mptcp: do not wait for bare sockets' timeout
e0e93c8599c5 xfs: don't leak btree cursor when insrec fails after a split
294c022a070a xfs: purge dquots after inode walk fails during quotacheck
96f0651a264b xfs: assert in xfs_btree_del_cursor should take into account error
88ccad17784a xfs: don't assert fail on perag references on teardown
ddf1e0fd43b2 xfs: avoid unnecessary runtime sibling pointer endian conversions
5f0e21a4a885 xfs: validate v5 feature fields
ea0ce7c13610 xfs: set XFS_FEAT_NLINK correctly
0cc9f9cc8d91 xfs: detect self referencing btree sibling pointers
4e96f5ace9ac xfs: fix potential log item leak
8abef857eb91 xfs: zero inode fork buffer at allocation
63b8e4cc31fd nvmem: core: fix return value
eac1ad2f5e21 nvmem: core: fix registration vs use race
8f9c4b2a3b13 nvmem: core: fix cleanup after dev_set_name()
14eea6449473 nvmem: core: add error handling for dev_set_name
36a5ae5cf90a platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
f1cb549bcd0b drm/amd/display: Properly handle additional cases where DCN is not supported
5ca46a04a5c3 nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
9ed522143f95 s390/decompressor: specify __decompress() buf len to avoid overflow
99875ea9b5b4 net: sched: sch: Bounds check priority
5027084bc097 drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED
4fdc19e4fa23 net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
6769cd8a7488 net/rose: Fix to not accept on connected socket
2ddb9fa56665 tools/virtio: fix the vringh test for virtio ring changes
a35c241065ee ASoC: cs42l56: fix DT probe
f312367f5246 bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
e909f5f2aa55 ALSA: hda: Do not unset preset when cleaning up codec
5541d35f5d03 selftests/bpf: Verify copy_register_state() preserves parent/live fields
7814e28c4183 ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
d15ab7320892 ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
06f2a84d626a ACPI / x86: Add support for LPS0 callback handler
14a2de5c16f3 riscv: kprobe: Fixup misaligned load text
b5d5f1ad057e kprobes: treewide: Cleanup the error messages for kprobes
2a6853c0ea03 mptcp: fix locking for in-kernel listener creation
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 020944ef921ae2b6923b139bad5f7a79217dace1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 62cf6c2023..caa5e5197f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "0e479ee9b51bb384ce793fe55b05e8c2c3d3041a"
-SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
+SRCREV_machine ?= "c69881f9ba51496f0930cd39bd67f9dfb8d3a612"
+SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.94"
+LINUX_VERSION ?= "5.15.96"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index d91dc0bea8..34ffaa5132 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.94"
+LINUX_VERSION ?= "5.15.96"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "8c906f7637d74bde62e074f6d8be8e6bd180cd47"
-SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
+SRCREV_machine ?= "9c8ee16005f204f7f48d6699822dd5e89b01d4a5"
+SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 033e7b0e24..55580357d2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "56893626121030f0602bc416f300ca54e1135d8e"
-SRCREV_machine:qemuarm64 ?= "c5b37eefe0c4c0956d87d8469556ca295b55cab4"
-SRCREV_machine:qemumips ?= "1d8fd6769259a16d49aaf8d9c3eecd970343249e"
-SRCREV_machine:qemuppc ?= "6e2e7b94716f4547f6e5cfd47dc430f84f4b70a7"
-SRCREV_machine:qemuriscv64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemuriscv32 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemux86 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemux86-64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemumips64 ?= "27458775da7568a4844f438c7f1cd9fbf20a55f6"
-SRCREV_machine ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
+SRCREV_machine:qemuarm ?= "5479084dba4fbe0e3db2a97b0ae00ff7651fb90b"
+SRCREV_machine:qemuarm64 ?= "91bfb4191c2f19b98b0c724676a69ca9d61bb696"
+SRCREV_machine:qemumips ?= "8be1d8e09c4b174ab4ef0fbd67263f9563967818"
+SRCREV_machine:qemuppc ?= "6de606ff8d3eeba9f003557ebb37c94a2d0e6bc1"
+SRCREV_machine:qemuriscv64 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemuriscv32 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemux86 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemux86-64 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemumips64 ?= "d2d2e93f5cea91969185ec1cc05d6833cd7e1412"
+SRCREV_machine ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "e2c1a934fd8e4288e7a32f4088ceaccf469eb74c"
+SRCREV_machine:class-devupstream ?= "d383d0f28ecac0f3375bdfb9a0c4bfac979f6f8f"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.94"
+LINUX_VERSION ?= "5.15.96"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 09/27] linux-yocto-rt/5.15: update to -rt59
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 08/27] linux-yocto/5.15: update to v5.15.96 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 10/27] iso-codes: upgrade 4.12.0 -> 4.13.0 Steve Sakoman
` (17 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/5.15:
4d335265c101 'Linux 5.15.94-rt59'
c3b4464f5d2b 'Linux 5.15.93-rt58'
c67bd325f576 'Linux 5.15.92-rt57'
48e551ae0f55 'Linux 5.15.86-rt56'
977a63a270ad 'Linux 5.15.85-rt55'
adaa1d9e19a5 'Linux 5.15.79-rt54'
ff3c61c5ead1 'Linux 5.15.76-rt53'
e17260e8d340 'Linux 5.15.73-rt52'
c83f436b7981 'Linux 5.15.71-rt51'
e01c9e3ba82d 'Linux 5.15.70-rt50'
debedeb4264e mm/memcg: Only perform the debug checks on !PREEMPT_RT
1ef2cd0b8676 mm/memcg: Add a comment regarding the release `obj'.
f8d153e08d42 mm/memcg: Add missing counter index which are not update in interrupt.
11624404f67a mm/memcg: Disable migration instead of preemption in drain_all_stock().
0a1f4de6ed4f mm/memcg: Protect memcg_stock with a local_lock_t
3f15202f27da mm/memcg: Opencode the inner part of obj_cgroup_uncharge_pages() in drain_obj_stock()
40dbbd2f9773 mm/memcg: Protect per-CPU counter by disabling preemption on PREEMPT_RT where needed.
6269831106f5 mm/memcg: Disable threshold event handlers on PREEMPT_RT
8da0e71b7b7d mm/memcg: Revert ("mm/memcg: optimize user context object stock access")
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f318c27fdc4ac276743bd37c466e3fc7296bcfd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index caa5e5197f..0f557ba2c5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,7 +11,7 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "c69881f9ba51496f0930cd39bd67f9dfb8d3a612"
+SRCREV_machine ?= "4d335265c1010cdf45dc0169b1b79638323a5109"
SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 10/27] iso-codes: upgrade 4.12.0 -> 4.13.0
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 09/27] linux-yocto-rt/5.15: update to -rt59 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 11/27] libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Steve Sakoman
` (16 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Added
=========
- ISO 3166-1: Add missing common names for Laos, Iran, and Syria.
Fixes #32
Changed
===========
- Translation updates for ISO 3166-1
- Kazakh from Debian BTS. Closes: #1025423
- Catalan from Debian BTS. Closes: #1026972
- Translation updates for ISO 3166-2
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 639-3
- Translation updates for ISO 639-5
- Translation updates for ISO 4217
- Translation updates for ISO 15924
Fixed
==========
- ISO 3166-3: Fix withdrawal dates of AN, CS and YU. Fixes #28
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f2c8b9c9a97ba5ec9c5da94da84ebe216650d6cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../iso-codes/{iso-codes_4.12.0.bb => iso-codes_4.13.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/iso-codes/{iso-codes_4.12.0.bb => iso-codes_4.13.0.bb} (94%)
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
similarity index 94%
rename from meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
rename to meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
index ea7c43cdae..f3ead5e8c1 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "5e4dddbd1f8902ab0252ccbb19b783cc0359505a"
+SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
# are inhibited by allarch
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 11/27] libmicrohttpd: upgrade 0.9.75 -> 0.9.76
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 10/27] iso-codes: upgrade 4.12.0 -> 4.13.0 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 12/27] binutils: Fix nativesdk ld.so search Steve Sakoman
` (15 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
============
Fix potential DoS vector in MHD_PostProcessor.
Releasing GNU libmicrohttpd 0.9.76 hotfix.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f5b5c77d797ce09e2322ad744f0e4fa3ffd50f19)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{libmicrohttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libmicrohttpd/{libmicrohttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} (90%)
diff --git a/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb b/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
similarity index 90%
rename from meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
rename to meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
index 043fed367c..7bd66f63cf 100644
--- a/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
+++ b/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
@@ -7,7 +7,7 @@ SECTION = "net"
DEPENDS = "file"
SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb"
+SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c"
inherit autotools lib_package pkgconfig gettext
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 12/27] binutils: Fix nativesdk ld.so search
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (10 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 11/27] libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source Steve Sakoman
` (14 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...3-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
index 4fe5520010..9c825df5ab 100644
--- a/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
+++ b/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
@@ -65,7 +65,7 @@ index bfa0d54753a..0d61a3209ec 100644
info.path = NULL;
info.len = info.alloc = 0;
- tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf",
-+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf",
++ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
(const char *) NULL);
if (!ldelf_parse_ld_so_conf (&info, tmppath))
{
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (11 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 12/27] binutils: Fix nativesdk ld.so search Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 23:15 ` Richard Purdie
2023-03-09 22:57 ` [OE-core][langdale 14/27] u-boot: Map arm64 into map for u-boot dts installation Steve Sakoman
` (13 subsequent siblings)
26 siblings, 1 reply; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
So that patch fuzz issues can actually be fixed,
as extracting source with 'devtool modify' is the first step
for that.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7067abd31d9dd4b98ec70c1c7effbe2904797cd1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/devtool/standard.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index d64e18e179..0339d12763 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -567,6 +567,7 @@ def _extract_source(srctree, keep_temp, devbranch, sync, config, basepath, works
logger.debug('writing append file %s' % appendfile)
with open(appendfile, 'a') as f:
f.write('###--- _extract_source\n')
+ f.write('ERROR_QA:remove = "patch-fuzz"\n')
f.write('DEVTOOL_TEMPDIR = "%s"\n' % tempdir)
f.write('DEVTOOL_DEVBRANCH = "%s"\n' % devbranch)
if not is_kernel_yocto:
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 14/27] u-boot: Map arm64 into map for u-boot dts installation
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (12 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 15/27] oeqa/selftest/prservice: Improve debug output for failure Steve Sakoman
` (12 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Pavel Zhukov <pavel@zhukoff.net>
While arm64 is a valid UBOOT_ARCH (according to mkimage -A) u-boot
keeps arm64 specific dts under 'arch/arm' directory.
As the result the recipe tries to install arch/arm64 (if UBOOT_DTB
was specified) and fails with [1]. Remapping "arm64" to "arm" to fix this
issue.
[1]
| install: cannot stat '.../u-boot/1_2023.01-r0/build/arch/arm64/dts/u-boot.dtb': No such file or directory
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ca99403d5f320c6d7ae59b107f3b3bf183b4089)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-bsp/u-boot/u-boot.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 5705e5835b..4a8d93f70a 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -32,7 +32,7 @@ do_savedefconfig() {
}
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-
+UBOOT_ARCH_DIR = "${@'arm' if d.getVar('UBOOT_ARCH').startswith('arm') else d.getVar('UBOOT_ARCH')}"
do_compile () {
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then
sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk
@@ -336,7 +336,7 @@ do_deploy () {
if [ -n "${UBOOT_DTB}" ]
then
- install -m 644 ${B}/arch/${UBOOT_ARCH}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
+ install -m 644 ${B}/arch/${UBOOT_ARCH_DIR}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
fi
}
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 15/27] oeqa/selftest/prservice: Improve debug output for failure
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (13 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 14/27] u-boot: Map arm64 into map for u-boot dts installation Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 16/27] ffmpeg: fix build failure when vulkan is enabled Steve Sakoman
` (11 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We keep seeing this failure on the autobuilder but the output amounts
to "False is not True". Improve the debug message on the chance it may
make the issue clearer.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d03f4cf19c2cc96e9d942252a451521dfec42ebc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/prservice.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/prservice.py b/meta/lib/oeqa/selftest/cases/prservice.py
index cb95503c2c..9fe3b80a31 100644
--- a/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/meta/lib/oeqa/selftest/cases/prservice.py
@@ -77,7 +77,7 @@ class BitbakePrTests(OESelftestTestCase):
exported_db_path = os.path.join(self.builddir, 'export.inc')
export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True)
self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output)
- self.assertTrue(os.path.exists(exported_db_path))
+ self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output))
if replace_current_db:
current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3')
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 16/27] ffmpeg: fix build failure when vulkan is enabled
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (14 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 15/27] oeqa/selftest/prservice: Improve debug output for failure Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 17/27] systemd: add group sgx to udev package Steve Sakoman
` (10 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
The patch fixes the following errors observed when building ffmpeg in
vulkan-enabled distros:
| src/libavutil/hwcontext_vulkan.c:363:7: error: 'VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME' undeclared here (not in a function); did you mean 'VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME'?
| 363 | { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME
| src/libavutil/hwcontext_vulkan.c:364:7: error: 'VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME' undeclared here (not in a function); did you mean 'VK_EXT_VIDEO_ENCODE_H265_EXTENSION_NAME'?
| 364 | { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | VK_EXT_VIDEO_ENCODE_H265_EXTENSION_NAME
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b16c8696be9d56edb5ff77210abfff9a784fad89)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch | 34 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
new file mode 100644
index 0000000000..95bd608a27
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
@@ -0,0 +1,34 @@
+From: Lynne <dev@lynne.ee>
+Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100)
+Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list
+X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690
+
+hwcontext_vulkan: remove optional encode/decode extensions from the list
+
+They're not currently used, so they don't need to be there.
+Vulkan stabilized the decode extensions less than a week ago, and their
+name prefixes were changed from EXT to KHR. It's a bit too soon to be
+depending on it, so rather than bumping, just remove these for now.
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690]
+---
+
+diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c
+index f1db1c7291..2a9b5f4aac 100644
+--- a/libavutil/hwcontext_vulkan.c
++++ b/libavutil/hwcontext_vulkan.c
+@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = {
+ { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY },
+ { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM },
+ #endif
+-
+- /* Video encoding/decoding */
+- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+ };
+
+ /* Converts return values to strings */
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
index 7970740254..2ab34166df 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
@@ -25,6 +25,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
+ file://ffmpeg-fix-vulkan.patch \
"
SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 17/27] systemd: add group sgx to udev package
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (15 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 16/27] ffmpeg: fix build failure when vulkan is enabled Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 18/27] vim: add missing pkgconfig inherit Steve Sakoman
` (9 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
>From NEWS for v250:
* Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
now also owned by the system group "sgx".
>From NEWS for v248:
* Intel SGX enclave device nodes (which expose a security feature of
newer Intel CPUs) will now be owned by a new system group "sgx".
Fixes following journal error entry during startup:
/lib/udev/rules.d/50-udev-default.rules:43 Unknown group 'sgx', ignoring
This is seen already on kirkstone.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bab455cd9b1b82e778f8523a767eb281edf6689e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta-selftest/files/static-group | 1 +
meta/recipes-core/systemd/systemd_251.8.bb | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
index b13dde3218..cbec6f1377 100644
--- a/meta-selftest/files/static-group
+++ b/meta-selftest/files/static-group
@@ -24,3 +24,4 @@ weston-launch:x:524:
weston:x:525:
wayland:x:526:
render:x:527:
+sgx:x:528:
diff --git a/meta/recipes-core/systemd/systemd_251.8.bb b/meta/recipes-core/systemd/systemd_251.8.bb
index 8f2fb90455..3c87e71485 100644
--- a/meta/recipes-core/systemd/systemd_251.8.bb
+++ b/meta/recipes-core/systemd/systemd_251.8.bb
@@ -401,7 +401,7 @@ USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
"
GROUPADD_PARAM:${PN} = "-r systemd-journal;"
-GROUPADD_PARAM:udev = "-r render"
+GROUPADD_PARAM:udev = "-r render;-r sgx;"
GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 18/27] vim: add missing pkgconfig inherit
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (16 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 17/27] systemd: add group sgx to udev package Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 19/27] mesa-demos: packageconfig weston should have a dependency on wayland-protocols Steve Sakoman
` (8 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Vim uses pkgconfig to find dependencies but it wasn't present, so it
silently doesn't enable features like GTK+ UI.
[ YOCTO #15044 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70900616298f5e70732a34e7406e585e323479ed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index fcb5cf6334..da586a5699 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -33,7 +33,7 @@ S = "${WORKDIR}/git"
VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}"
-inherit autotools-brokensep update-alternatives mime-xdg
+inherit autotools-brokensep update-alternatives mime-xdg pkgconfig
CLEANBROKEN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 19/27] mesa-demos: packageconfig weston should have a dependency on wayland-protocols
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (17 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 18/27] vim: add missing pkgconfig inherit Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 20/27] libcomps: Fix callback function prototype for PyCOMPS_hash Steve Sakoman
` (7 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Carlos Alberto Lopez Perez <clopez@igalia.com>
wayland-protocols is a required depency of mesa-demos when the 'wayland'
packageconfig option is enabled. Usually this doesn't lead to a build
failure because mesa itself depends on wayland-protocols, but when using
other graphics drivers this can cause the following build falure:
| ../mesa-demos-8.5.0/meson.build:69:2: ERROR: Dependency "wayland-protocols" not found, tried pkgconfig
| ERROR: meson failed
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 89615b56899eed7b5c6ad731e2168d99a30fba6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb b/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
index 6e9b95e1e2..12f41d75a5 100644
--- a/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
+++ b/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
@@ -30,7 +30,7 @@ PACKAGECONFIG[gles1] = "-Dgles1=enabled,-Dgles1=disabled,virtual/libgles1"
PACKAGECONFIG[gles2] = "-Dgles2=enabled,-Dgles2=disabled,virtual/libgles2"
PACKAGECONFIG[glut] = "-Dwith-glut=${STAGING_EXECPREFIXDIR},,freeglut"
PACKAGECONFIG[osmesa] = "-Dosmesa=enabled,-Dosmesa=disabled,"
-PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native"
+PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native wayland-protocols"
PACKAGECONFIG[x11] = "-Dx11=enabled,-Dx11=disabled,virtual/libx11 libglu"
do_install:append() {
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 20/27] libcomps: Fix callback function prototype for PyCOMPS_hash
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (18 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 19/27] mesa-demos: packageconfig weston should have a dependency on wayland-protocols Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 21/27] rpm: Fix hdr_hash function prototype Steve Sakoman
` (6 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5e1f6fd8a93e38ec3ee1271ab319ea2d125c442b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...hash_t-instead-of-long-in-PyCOMPS_ha.patch | 66 +++++++++++++++++++
.../libcomps/libcomps_0.1.19.bb | 1 +
2 files changed, 67 insertions(+)
create mode 100644 meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
diff --git a/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch b/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
new file mode 100644
index 0000000000..dd9ebc8af4
--- /dev/null
+++ b/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
@@ -0,0 +1,66 @@
+From 26a9647c832de15248ee649e5b77075521f3d4f0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Mar 2023 08:37:35 -0800
+Subject: [PATCH] libcomps: Use Py_hash_t instead of long in PyCOMPS_hash()
+
+This function is used as a hashfunc callback in
+_typeobject defined python3.11/cpython/object.h
+compilers detect the protype mismatch for function pointers
+with clang16+
+
+Fixes
+libcomps/src/python/src/pycomps_sequence.c:667:5: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (*)(PyObject *)' (aka 'long (*)(struct _object *)') [-Wincompatible-function-pointer-types]
+ &PyCOMPS_hash, /*tp_hash */
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/libcomps/pull/101]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libcomps/src/python/src/pycomps_hash.c | 4 ++--
+ libcomps/src/python/src/pycomps_hash.h | 2 +-
+ libcomps/src/python/src/pycomps_utils.h | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libcomps/src/python/src/pycomps_hash.c b/libcomps/src/python/src/pycomps_hash.c
+index 474afd5..4577769 100644
+--- a/libcomps/src/python/src/pycomps_hash.c
++++ b/libcomps/src/python/src/pycomps_hash.c
+@@ -20,9 +20,9 @@
+ #include "pycomps_hash.h"
+ #include "pycomps_utils.h"
+
+-long PyCOMPS_hash(PyObject *self) {
++Py_hash_t PyCOMPS_hash(PyObject *self) {
+ char *cstr = NULL;
+- long crc;
++ Py_hash_t crc;
+
+ cstr = comps_object_tostr(((PyCompsObject*)self)->c_obj);
+ crc = crc32(0, cstr, strlen(cstr));
+diff --git a/libcomps/src/python/src/pycomps_hash.h b/libcomps/src/python/src/pycomps_hash.h
+index b664cae..54e08d9 100644
+--- a/libcomps/src/python/src/pycomps_hash.h
++++ b/libcomps/src/python/src/pycomps_hash.h
+@@ -26,6 +26,6 @@
+ #include "pycomps_utils.h"
+
+
+-long PyCOMPS_hash(PyObject *self);
++Py_hash_t PyCOMPS_hash(PyObject *self);
+
+ #endif
+diff --git a/libcomps/src/python/src/pycomps_utils.h b/libcomps/src/python/src/pycomps_utils.h
+index ba9bc2f..b34e4dc 100644
+--- a/libcomps/src/python/src/pycomps_utils.h
++++ b/libcomps/src/python/src/pycomps_utils.h
+@@ -137,7 +137,7 @@ COMPS_Object* __pycomps_bytes_in(PyObject *pobj);
+ PyObject* __pycomps_str_out(COMPS_Object *obj);
+ PyObject *str_to_unicode(void* str);
+
+-long PyCOMPS_hash(PyObject *self);
++Py_hash_t PyCOMPS_hash(PyObject *self);
+
+ PyObject* PyCOMPSSeq_extra_get(PyObject *self, PyObject *key);
+
+--
+2.39.2
+
diff --git a/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb b/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
index fa1fbc8f0d..f8063d9400 100644
--- a/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
+++ b/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
@@ -5,6 +5,7 @@ LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \
+ file://0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch \
file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 21/27] rpm: Fix hdr_hash function prototype
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (19 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 20/27] libcomps: Fix callback function prototype for PyCOMPS_hash Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 22/27] meson: Fix wrapper handling of implicit setup command Steve Sakoman
` (5 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 0e812b4c22ac077f2defd6842f82b5c993db24c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...y_hash_t-instead-of-long-in-hdr_hash.patch | 35 +++++++++++++++++++
meta/recipes-devtools/rpm/rpm_4.18.0.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
diff --git a/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch b/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
new file mode 100644
index 0000000000..d0e637191a
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
@@ -0,0 +1,35 @@
+From 6ef189c45b763aedac5ef57ed6a5fc125fa95b41 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Mar 2023 09:54:48 -0800
+Subject: [PATCH] python: Use Py_hash_t instead of long in hdr_hash
+
+Fixes
+python/header-py.c:744:2: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (PyObject *)' (aka 'long (struct _object *)') [-Wincompatible-function-pointer-types]
+| hdr_hash, /* tp_hash */
+| ^~~~~~~~
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2409]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ python/header-py.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/python/header-py.c b/python/header-py.c
+index 0aed0c9267..c15503f359 100644
+--- a/python/header-py.c
++++ b/python/header-py.c
+@@ -316,9 +316,9 @@ static PyObject * hdr_dsOfHeader(PyObject * s)
+ "(Oi)", s, RPMTAG_NEVR);
+ }
+
+-static long hdr_hash(PyObject * h)
++static Py_hash_t hdr_hash(PyObject * h)
+ {
+- return (long) h;
++ return (Py_hash_t) h;
+ }
+
+ static PyObject * hdr_reduce(hdrObject *s)
+--
+2.39.2
+
diff --git a/meta/recipes-devtools/rpm/rpm_4.18.0.bb b/meta/recipes-devtools/rpm/rpm_4.18.0.bb
index 5f3986d8a3..db83a8c099 100644
--- a/meta/recipes-devtools/rpm/rpm_4.18.0.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.18.0.bb
@@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc
file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \
file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
file://fifofix.patch \
+ file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \
"
PE = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 22/27] meson: Fix wrapper handling of implicit setup command
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (20 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 21/27] rpm: Fix hdr_hash function prototype Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 23/27] oeqa/sdk: Improve Meson test Steve Sakoman
` (4 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
From an SDK, running a meson setup build without an explicit setup
command can result in a native build when a cross build is expected.
The problem is in meson-wrapper where it tries to detect whether a
setup command is being used. The logic looks through all arguments for
a command, and the first argument it finds that doesn't start with a -
is treated as the command. This doesn't work for an implicit setup
command if any option with a space-separated argument exists. In this
case, the argument is incorrectly selected as the command, causing the
setup command options for the cross build to be excluded from the
command line, and thus a native build.
Improve the logic by just looking at the first argument. If it is
a known comand, then record it. Otherwise just assume it is the
implicit setup command.
Note that this fix does not address the possibility of a new meson
command. Two new echo statements are included to help the user in case
of trouble:
```
~/git/weston-imx$ meson --warnlevel 3 --prefix=/usr -Ddoc=false -Dbackend-drm-screencast-vaapi=false -Dcolor-management-lcms=false -Dpipewire=false -Dbackend-x11=false -Dxwayland=true -Dsimple-clients=all -Dbackend-wayland=false -Dbackend-default=drm -Dbackend-rdp=false -Dtest-junit-xml=false -Dlauncher-libseat=false -Dimage-jpeg=false -Dimage-webp=false -Drenderer-g2d=true build
meson-wrapper: Implicit setup command assumed
meson-wrapper: Running meson with setup options: " --cross-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/aarch64-poky-linux-meson.cross --native-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/meson.native "
The Meson build system
Version: 0.63.3
```
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9338bd66a3c9ab5cb781f2ee588306c5b31a3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/meson/meson/meson-wrapper | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/meta/recipes-devtools/meson/meson/meson-wrapper b/meta/recipes-devtools/meson/meson/meson-wrapper
index fca64a5692..7455985297 100755
--- a/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -13,20 +13,19 @@ fi
# config is already in meson.cross.
unset CC CXX CPP LD AR NM STRIP
-for arg in "$@"; do
- case "$arg" in
- -*) continue ;;
- *) SUBCMD="$arg"; break ;;
- esac
-done
+case "$1" in
+setup|configure|dist|install|introspect|init|test|wrap|subprojects|rewrite|compile|devenv|env2mfile|help) MESON_CMD="$1" ;;
+*) echo meson-wrapper: Implicit setup command assumed; MESON_CMD=setup ;;
+esac
-if [ "$SUBCMD" = "setup" ] || [ -d "$SUBCMD" ]; then
- MESON_SUB_OPTS=" \
+if [ "$MESON_CMD" = "setup" ]; then
+ MESON_SETUP_OPTS=" \
--cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \
--native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \
"
+ echo meson-wrapper: Running meson with setup options: \"$MESON_SETUP_OPTS\"
fi
exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
"$@" \
- $MESON_SUB_OPTS
+ $MESON_SETUP_OPTS
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 23/27] oeqa/sdk: Improve Meson test
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (21 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 22/27] meson: Fix wrapper handling of implicit setup command Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 24/27] linux: inherit pkgconfig in kernel.bbclass Steve Sakoman
` (3 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
The meson wrapper setup command detection is broken in the case of an
implicit setup command with an option with a space-separated argument,
but the test was not detecting it since the case was not covered.
Add the option `--warnlevel 1` to the meson command line to cover this
case.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 54e9ee8a0c6c9fc89cbb743f0e4fc18607d503cf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/sdk/cases/buildepoxy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py
index ee515be188..147ee3e0ee 100644
--- a/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -35,7 +35,7 @@ class EpoxyTest(OESDKTestCase):
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
- log = self._run("meson -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
+ log = self._run("meson --warnlevel 1 -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
# Check that Meson thinks we're doing a cross build and not a native
self.assertIn("Build type: cross build", log)
self._run("ninja -C {build} -v".format(**dirs))
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 24/27] linux: inherit pkgconfig in kernel.bbclass
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (22 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 23/27] oeqa/sdk: Improve Meson test Steve Sakoman
@ 2023-03-09 22:57 ` Steve Sakoman
2023-03-09 22:58 ` [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests Steve Sakoman
` (2 subsequent siblings)
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:57 UTC (permalink / raw)
To: openembedded-core
From: Ming Liu <liu.ming50@gmail.com>
pkgconfig is being required to find dependencies for building kernel
native tools, move "inherit pkgconfig" to kernel.bbclass so BSP kernel
recipes can also benefit from it.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8a84bd98e3fbc16c782f83064801e469d086911e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/kernel.bbclass | 2 +-
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 --
meta/recipes-kernel/linux/linux-yocto.inc | 1 -
3 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass
index 274d748d99..01f866f0a6 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -660,7 +660,7 @@ do_savedefconfig() {
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-inherit cml1
+inherit cml1 pkgconfig
# Need LD, HOSTLDFLAGS and more for config operations
KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index b1b57beac3..f01931ddec 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -10,8 +10,6 @@
inherit kernel
require recipes-kernel/linux/linux-yocto.inc
-# for ncurses tests
-inherit pkgconfig
# provide this .inc to set specific revisions
include recipes-kernel/linux/linux-yocto-dev-revisions.inc
diff --git a/meta/recipes-kernel/linux/linux-yocto.inc b/meta/recipes-kernel/linux/linux-yocto.inc
index 091003ed82..9bca0e7124 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -47,7 +47,6 @@ LINUX_VERSION_EXTENSION ??= "-yocto-${LINUX_KERNEL_TYPE}"
# Pick up shared functions
inherit kernel
inherit kernel-yocto
-inherit pkgconfig
B = "${WORKDIR}/linux-${PACKAGE_ARCH}-${LINUX_KERNEL_TYPE}-build"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (23 preceding siblings ...)
2023-03-09 22:57 ` [OE-core][langdale 24/27] linux: inherit pkgconfig in kernel.bbclass Steve Sakoman
@ 2023-03-09 22:58 ` Steve Sakoman
2023-03-09 23:15 ` Richard Purdie
2023-03-09 22:58 ` [OE-core][langdale 26/27] lua: Fix install conflict when enable multilib Steve Sakoman
2023-03-09 22:58 ` [OE-core][langdale 27/27] vala: " Steve Sakoman
26 siblings, 1 reply; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:58 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
"""
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
"""
and then inspecting the lib32* manifest files under recipe-sysroot-native shows
them referencing lib32-recipe-sysroot instead of recipe-sysroot as used by
gcc-cross-canadian recipes.
To fix this separate out the manifest by multilib. It is caching mechanism to
optimise disk usage so this doesn't break anything, just separated out some files.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 891d3faa3ed3d1cc231da58e5fa1325f05d5ade5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-global/staging.bbclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/classes-global/staging.bbclass b/meta/classes-global/staging.bbclass
index 5a1f43de78..e6d0d1d55c 100644
--- a/meta/classes-global/staging.bbclass
+++ b/meta/classes-global/staging.bbclass
@@ -275,6 +275,9 @@ python extend_recipe_sysroot() {
pn = d.getVar("PN")
stagingdir = d.getVar("STAGING_DIR")
sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
+ mlprefix = d.getVar("MLPREFIX")
+ if mlprefix:
+ sharedmanifests = sharedmanifests + "/" + mlprefix
recipesysroot = d.getVar("RECIPE_SYSROOT")
recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 26/27] lua: Fix install conflict when enable multilib.
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (24 preceding siblings ...)
2023-03-09 22:58 ` [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests Steve Sakoman
@ 2023-03-09 22:58 ` Steve Sakoman
2023-03-09 22:58 ` [OE-core][langdale 27/27] vala: " Steve Sakoman
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:58 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Error: Transaction test error:
file /usr/include/luaconf.h conflicts between attempted installs of lua-dev-5.4.4-r0.aarch64 and lib32-lua-dev-5.4.4-r0.armv7ahf_neon
The differences between the two files are as follows:
@@ -219,7 +219,7 @@
#define LUA_ROOT "/usr/"
#define LUA_LDIR LUA_ROOT "share/lua/" LUA_VDIR "/"
-#define LUA_CDIR LUA_ROOT "lib64/lua/" LUA_VDIR "/"
+#define LUA_CDIR LUA_ROOT "lib/lua/" LUA_VDIR "/"
#if !defined(LUA_PATH_DEFAULT)
#define LUA_PATH_DEFAULT \
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b58d86f9902a7eb7a821a3e36ba298c082c0f1f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/lua/lua_5.4.4.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.4.bb
index 0b2e754b31..a39d888ec2 100644
--- a/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/meta/recipes-devtools/lua/lua_5.4.4.bb
@@ -57,3 +57,6 @@ do_install_ptest () {
}
BBCLASSEXTEND = "native nativesdk"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}-dev:${includedir}/luaconf.h"
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][langdale 27/27] vala: Fix install conflict when enable multilib.
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
` (25 preceding siblings ...)
2023-03-09 22:58 ` [OE-core][langdale 26/27] lua: Fix install conflict when enable multilib Steve Sakoman
@ 2023-03-09 22:58 ` Steve Sakoman
26 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-09 22:58 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Error: Transaction test error:
file /usr/bin/vala-gen-introspect-0.56 conflicts between attempted installs of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
file /usr/bin/vapigen-wrapper conflicts between attempted installs
of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
The differences of vala-gen-introspect-0.56 are as follows:
@@ -2,7 +2,7 @@
prefix=/usr
exec_prefix=/usr
-libdir=/usr/lib64
+libdir=/usr/lib
pkglibdir=${libdir}/vala-0.56
if [ $# -ne 2 ]
The wrapper isn't used on target so we can simply delete it.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3cf894b8a9c4fa14fcc7c7445e85e9ae3192b398)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/vala/vala.inc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/vala/vala.inc b/meta/recipes-devtools/vala/vala.inc
index d3daee37dc..162e99bb03 100644
--- a/meta/recipes-devtools/vala/vala.inc
+++ b/meta/recipes-devtools/vala/vala.inc
@@ -50,6 +50,9 @@ do_install:append:class-target() {
# vapi files.
SYSROOT_DIRS += "${bindir_crossscripts}"
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}:${bindir}/vala-gen-introspect-0.56"
+
SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess"
vapigen_sysroot_preprocess() {
# Tweak the vapigen name in the vapigen pkgconfig file, so that it picks
@@ -64,5 +67,5 @@ SSTATE_SCAN_FILES += "vapigen-wrapper"
PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess"
vala_package_preprocess () {
- sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir_crossscripts}/vapigen-wrapper
+ rm -rf ${PKGD}${bindir_crossscripts}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* Re: [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source
2023-03-09 22:57 ` [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source Steve Sakoman
@ 2023-03-09 23:15 ` Richard Purdie
2023-03-10 2:40 ` Steve Sakoman
0 siblings, 1 reply; 34+ messages in thread
From: Richard Purdie @ 2023-03-09 23:15 UTC (permalink / raw)
To: Steve Sakoman, openembedded-core
On Thu, 2023-03-09 at 12:57 -1000, Steve Sakoman wrote:
> From: Alexander Kanavin <alex.kanavin@gmail.com>
>
> So that patch fuzz issues can actually be fixed,
> as extracting source with 'devtool modify' is the first step
> for that.
>
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 7067abd31d9dd4b98ec70c1c7effbe2904797cd1)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> scripts/lib/devtool/standard.py | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
> index d64e18e179..0339d12763 100644
> --- a/scripts/lib/devtool/standard.py
> +++ b/scripts/lib/devtool/standard.py
> @@ -567,6 +567,7 @@ def _extract_source(srctree, keep_temp, devbranch, sync, config, basepath, works
> logger.debug('writing append file %s' % appendfile)
> with open(appendfile, 'a') as f:
> f.write('###--- _extract_source\n')
> + f.write('ERROR_QA:remove = "patch-fuzz"\n')
> f.write('DEVTOOL_TEMPDIR = "%s"\n' % tempdir)
> f.write('DEVTOOL_DEVBRANCH = "%s"\n' % devbranch)
> if not is_kernel_yocto:
Whilst this is harmless, I'm not sure langdale has the patch-fuzz QA
test enabled as an error?
Cheers,
Richard
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests
2023-03-09 22:58 ` [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests Steve Sakoman
@ 2023-03-09 23:15 ` Richard Purdie
2023-03-10 2:37 ` Steve Sakoman
0 siblings, 1 reply; 34+ messages in thread
From: Richard Purdie @ 2023-03-09 23:15 UTC (permalink / raw)
To: Steve Sakoman, openembedded-core
On Thu, 2023-03-09 at 12:58 -1000, Steve Sakoman wrote:
> From: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> """
> require conf/multilib.conf
> MACHINE = "qemuarm64"
> MULTILIBS = "multilib:lib32"
> DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
>
> bitbake gcc-cross-canadian-arm
> """
>
> and then inspecting the lib32* manifest files under recipe-sysroot-native shows
> them referencing lib32-recipe-sysroot instead of recipe-sysroot as used by
> gcc-cross-canadian recipes.
>
> To fix this separate out the manifest by multilib. It is caching mechanism to
> optimise disk usage so this doesn't break anything, just separated out some files.
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> (cherry picked from commit 891d3faa3ed3d1cc231da58e5fa1325f05d5ade5)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/classes-global/staging.bbclass | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/classes-global/staging.bbclass b/meta/classes-global/staging.bbclass
> index 5a1f43de78..e6d0d1d55c 100644
> --- a/meta/classes-global/staging.bbclass
> +++ b/meta/classes-global/staging.bbclass
> @@ -275,6 +275,9 @@ python extend_recipe_sysroot() {
> pn = d.getVar("PN")
> stagingdir = d.getVar("STAGING_DIR")
> sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
> + mlprefix = d.getVar("MLPREFIX")
> + if mlprefix:
> + sharedmanifests = sharedmanifests + "/" + mlprefix
> recipesysroot = d.getVar("RECIPE_SYSROOT")
> recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
>
The "real" fix merged today so this should probably wait to go with
that.
Cheers,
Richard
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests
2023-03-09 23:15 ` Richard Purdie
@ 2023-03-10 2:37 ` Steve Sakoman
0 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-10 2:37 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core
On Thu, Mar 9, 2023 at 1:15 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Thu, 2023-03-09 at 12:58 -1000, Steve Sakoman wrote:
> > From: Richard Purdie <richard.purdie@linuxfoundation.org>
> >
> > """
> > require conf/multilib.conf
> > MACHINE = "qemuarm64"
> > MULTILIBS = "multilib:lib32"
> > DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
> >
> > bitbake gcc-cross-canadian-arm
> > """
> >
> > and then inspecting the lib32* manifest files under recipe-sysroot-native shows
> > them referencing lib32-recipe-sysroot instead of recipe-sysroot as used by
> > gcc-cross-canadian recipes.
> >
> > To fix this separate out the manifest by multilib. It is caching mechanism to
> > optimise disk usage so this doesn't break anything, just separated out some files.
> >
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> > (cherry picked from commit 891d3faa3ed3d1cc231da58e5fa1325f05d5ade5)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> > meta/classes-global/staging.bbclass | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/meta/classes-global/staging.bbclass b/meta/classes-global/staging.bbclass
> > index 5a1f43de78..e6d0d1d55c 100644
> > --- a/meta/classes-global/staging.bbclass
> > +++ b/meta/classes-global/staging.bbclass
> > @@ -275,6 +275,9 @@ python extend_recipe_sysroot() {
> > pn = d.getVar("PN")
> > stagingdir = d.getVar("STAGING_DIR")
> > sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
> > + mlprefix = d.getVar("MLPREFIX")
> > + if mlprefix:
> > + sharedmanifests = sharedmanifests + "/" + mlprefix
> > recipesysroot = d.getVar("RECIPE_SYSROOT")
> > recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
> >
>
> The "real" fix merged today so this should probably wait to go with
> that.
Thanks for reviewing, I'll hold this back for the next patch set.
Steve
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source
2023-03-09 23:15 ` Richard Purdie
@ 2023-03-10 2:40 ` Steve Sakoman
0 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-10 2:40 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core
On Thu, Mar 9, 2023 at 1:15 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Thu, 2023-03-09 at 12:57 -1000, Steve Sakoman wrote:
> > From: Alexander Kanavin <alex.kanavin@gmail.com>
> >
> > So that patch fuzz issues can actually be fixed,
> > as extracting source with 'devtool modify' is the first step
> > for that.
> >
> > Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit 7067abd31d9dd4b98ec70c1c7effbe2904797cd1)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> > scripts/lib/devtool/standard.py | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
> > index d64e18e179..0339d12763 100644
> > --- a/scripts/lib/devtool/standard.py
> > +++ b/scripts/lib/devtool/standard.py
> > @@ -567,6 +567,7 @@ def _extract_source(srctree, keep_temp, devbranch, sync, config, basepath, works
> > logger.debug('writing append file %s' % appendfile)
> > with open(appendfile, 'a') as f:
> > f.write('###--- _extract_source\n')
> > + f.write('ERROR_QA:remove = "patch-fuzz"\n')
> > f.write('DEVTOOL_TEMPDIR = "%s"\n' % tempdir)
> > f.write('DEVTOOL_DEVBRANCH = "%s"\n' % devbranch)
> > if not is_kernel_yocto:
>
> Whilst this is harmless, I'm not sure langdale has the patch-fuzz QA
> test enabled as an error?
Sigh, yes I meant to check this and forgot :-(
I didn't take https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a,
so no need for this patch.
Thanks for reviewing!
Steve
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
2023-03-09 22:57 ` [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs Steve Sakoman
@ 2023-03-10 8:23 ` Geoffrey GIRY
2023-03-10 14:19 ` Steve Sakoman
0 siblings, 1 reply; 34+ messages in thread
From: Geoffrey GIRY @ 2023-03-10 8:23 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
Le jeu. 9 mars 2023 à 23:58, Steve Sakoman <steve@sakoman.com> a écrit :
>
> From: Geoffrey GIRY <geoffrey.giry@smile.fr>
>
> Multiple CVE are patched in kernel but appears as active because the NVD
> database is not up to date.
>
> CVE are ignored if and only if all versions of kernel used by master are patched.
>
> Also ignore CVEs with wrong CPE (applied to kernel but actually are for
> another package)
>
> Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
> Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 92770a08c04a6c1eb351231d937b16e76558f013)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> .../distro/include/cve-extra-exclusions.inc | 296 ++++++++++++++++++
> 1 file changed, 296 insertions(+)
>
> diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
> index 8b5f8d49b8..a281a8ac65 100644
> --- a/meta/conf/distro/include/cve-extra-exclusions.inc
> +++ b/meta/conf/distro/include/cve-extra-exclusions.inc
> @@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-108
> CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887"
> # 2020
> CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
> +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
> +# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
> +# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
> +CVE_CHECK_IGNORE += "CVE-2020-27784"
> +
> # 2021
> CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
> CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
> +CVE_CHECK_IGNORE += "CVE-2021-3669"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
> +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
> +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
> +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
> +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
> +CVE_CHECK_IGNORE += "CVE-2021-3759"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
> +CVE_CHECK_IGNORE += "CVE-2021-4218"
> +
> # 2022
> CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
> CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
> @@ -90,6 +115,277 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE
> CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
> CVE-2022-29582 CVE-2022-29968"
>
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
> +CVE_CHECK_IGNORE += "CVE-2022-0480"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
> +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
> +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
> +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
> +CVE_CHECK_IGNORE += "CVE-2022-1184"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
> +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
> +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
> +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
> +CVE_CHECK_IGNORE += "CVE-2022-1462"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
> +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
> +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
> +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
> +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
> +CVE_CHECK_IGNORE += "CVE-2022-2308"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
> +CVE_CHECK_IGNORE += "CVE-2022-2327"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
> +# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
> +# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
> +# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
> +# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
> +# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
> +# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
> +CVE_CHECK_IGNORE += "CVE-2022-2663"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
> +# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
> +# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
> +# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
> +CVE_CHECK_IGNORE += "CVE-2022-2785"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
> +# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
> +# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
> +# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
> +CVE_CHECK_IGNORE += "CVE-2022-3176"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
> +# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
> +# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
> +# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
> +# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
> +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
> +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
> +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
> +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
> +CVE_CHECK_IGNORE += "CVE-2022-3435"
The patch has not been backported for v5.19.17 used by langdale.
We can not ignore this CVE.
It is also the case for some other CVE, I can propose a patch specific
for each LTS.
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
> +# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
> +# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
> +# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
> +CVE_CHECK_IGNORE += "CVE-2022-3526"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
> +# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
> +# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
> +# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
> +# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
> +# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
> +CVE_CHECK_IGNORE += "CVE-2022-3534"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
> +# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
> +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
> +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
> +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
> +CVE_CHECK_IGNORE += "CVE-2022-3564"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
> +# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
> +# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
> +# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
> +CVE_CHECK_IGNORE += "CVE-2022-3619"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
> +# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
> +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
> +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
> +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
> +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
> +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
> +CVE_CHECK_IGNORE += "CVE-2022-3621"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
> +# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
> +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
> +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
> +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
> +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
> +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
> +CVE_CHECK_IGNORE += "CVE-2022-3623"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
> +# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
> +# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
> +CVE_CHECK_IGNORE += "CVE-2022-3624"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
> +# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
> +# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
> +# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
> +# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
> +# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
> +# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
> +CVE_CHECK_IGNORE += "CVE-2022-3625"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
> +# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
> +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
> +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
> +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
> +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
> +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
> +CVE_CHECK_IGNORE += "CVE-2022-3629"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
> +# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
> +# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
> +# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
> +CVE_CHECK_IGNORE += "CVE-2022-3630"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
> +# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
> +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
> +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
> +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
> +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
> +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
> +CVE_CHECK_IGNORE += "CVE-2022-3633"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
> +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
> +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
> +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
> +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
> +CVE_CHECK_IGNORE += "CVE-2022-3635"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
> +# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
> +# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
> +CVE_CHECK_IGNORE += "CVE-2022-3636"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
> +# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
> +# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
> +# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
> +# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
> +# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
> +# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
> +# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
> +# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
> +CVE_CHECK_IGNORE += "CVE-2022-3640"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
> +# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
> +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
> +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
> +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
> +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
> +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
> +CVE_CHECK_IGNORE += "CVE-2022-3646"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
> +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
> +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
> +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
> +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
> +CVE_CHECK_IGNORE += "CVE-2022-3649"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
> +# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
> +# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
> +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
> +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
> +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
> +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
> +CVE_CHECK_IGNORE += "CVE-2022-4382"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
> +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
> +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
> +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
> +CVE_CHECK_IGNORE += "CVE-2022-26365"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
> +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
> +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
> +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
> +CVE_CHECK_IGNORE += "CVE-2022-33740"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
> +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
> +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
> +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
> +CVE_CHECK_IGNORE += "CVE-2022-33741"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
> +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
> +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
> +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
> +CVE_CHECK_IGNORE += "CVE-2022-33742"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
> +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
> +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
> +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
> +CVE_CHECK_IGNORE += "CVE-2022-42895"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
> +# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
> +# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
> +# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
> +CVE_CHECK_IGNORE += "CVE-2022-42896"
> +
> +
> +# 2023
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
> +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> +# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
> +# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
> +# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
> +CVE_CHECK_IGNORE += "CVE-2023-0266"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
> +# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
> +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
> +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
> +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
> +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
> +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
> +CVE_CHECK_IGNORE += "CVE-2023-0394"
> +
> +# Wrong CPE in NVD database
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
> +# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
> +CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
>
> # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
> # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#178279): https://lists.openembedded.org/g/openembedded-core/message/178279
> Mute This Topic: https://lists.openembedded.org/mt/97508355/7494741
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [geoffrey.giry@smile.fr]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Regards
Geoffrey GIRY
SMILE ECS - R&D Engineer
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
2023-03-10 8:23 ` Geoffrey GIRY
@ 2023-03-10 14:19 ` Steve Sakoman
0 siblings, 0 replies; 34+ messages in thread
From: Steve Sakoman @ 2023-03-10 14:19 UTC (permalink / raw)
To: Geoffrey GIRY; +Cc: openembedded-core
On Thu, Mar 9, 2023 at 10:24 PM Geoffrey GIRY <geoffrey.giry@smile.fr> wrote:
>
> Le jeu. 9 mars 2023 à 23:58, Steve Sakoman <steve@sakoman.com> a écrit :
> >
> > From: Geoffrey GIRY <geoffrey.giry@smile.fr>
> >
> > Multiple CVE are patched in kernel but appears as active because the NVD
> > database is not up to date.
> >
> > CVE are ignored if and only if all versions of kernel used by master are patched.
> >
> > Also ignore CVEs with wrong CPE (applied to kernel but actually are for
> > another package)
> >
> > Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
> > Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit 92770a08c04a6c1eb351231d937b16e76558f013)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> > .../distro/include/cve-extra-exclusions.inc | 296 ++++++++++++++++++
> > 1 file changed, 296 insertions(+)
> >
> > diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
> > index 8b5f8d49b8..a281a8ac65 100644
> > --- a/meta/conf/distro/include/cve-extra-exclusions.inc
> > +++ b/meta/conf/distro/include/cve-extra-exclusions.inc
> > @@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-108
> > CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887"
> > # 2020
> > CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
> > +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
> > +# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
> > +# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
> > +CVE_CHECK_IGNORE += "CVE-2020-27784"
> > +
> > # 2021
> > CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
> > CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
> > +CVE_CHECK_IGNORE += "CVE-2021-3669"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
> > +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
> > +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
> > +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
> > +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
> > +CVE_CHECK_IGNORE += "CVE-2021-3759"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
> > +CVE_CHECK_IGNORE += "CVE-2021-4218"
> > +
> > # 2022
> > CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
> > CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
> > @@ -90,6 +115,277 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE
> > CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
> > CVE-2022-29582 CVE-2022-29968"
> >
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
> > +CVE_CHECK_IGNORE += "CVE-2022-0480"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
> > +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
> > +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
> > +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
> > +CVE_CHECK_IGNORE += "CVE-2022-1184"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
> > +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
> > +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
> > +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
> > +CVE_CHECK_IGNORE += "CVE-2022-1462"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
> > +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
> > +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
> > +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
> > +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
> > +CVE_CHECK_IGNORE += "CVE-2022-2308"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
> > +CVE_CHECK_IGNORE += "CVE-2022-2327"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
> > +# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
> > +# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
> > +# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
> > +# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
> > +# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
> > +# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
> > +CVE_CHECK_IGNORE += "CVE-2022-2663"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
> > +# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
> > +# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
> > +# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
> > +CVE_CHECK_IGNORE += "CVE-2022-2785"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
> > +# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
> > +# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
> > +# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
> > +CVE_CHECK_IGNORE += "CVE-2022-3176"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
> > +# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
> > +# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
> > +# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
> > +# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
> > +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
> > +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
> > +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
> > +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
> > +CVE_CHECK_IGNORE += "CVE-2022-3435"
>
> The patch has not been backported for v5.19.17 used by langdale.
> We can not ignore this CVE.
However it is backported to the 5.15.96 version, which is also in
langdale! So it depends on which kernel version you build as to
whether it should be ignored or not :-)
I mentioned during the project bug triage meeting yesterday that I was
quite concerned about backporting this patch for exactly this reason!
A blanket exclusion which doesn't take into account the recipe version
being built can give false results.
It makes more sense to me to make these exclusions recipe specific (at
least in the stable branches)
Would love to hear more opinions on this matter, but for now I will
not take this patch.
> It is also the case for some other CVE, I can propose a patch specific
> for each LTS.
That would be much appreciated! Let's see how the discussion goes on
the above issue.
Steve
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
> > +# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
> > +# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
> > +# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
> > +CVE_CHECK_IGNORE += "CVE-2022-3526"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
> > +# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
> > +# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
> > +# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
> > +# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
> > +# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
> > +CVE_CHECK_IGNORE += "CVE-2022-3534"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
> > +# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
> > +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
> > +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
> > +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
> > +CVE_CHECK_IGNORE += "CVE-2022-3564"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
> > +# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
> > +# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
> > +# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
> > +CVE_CHECK_IGNORE += "CVE-2022-3619"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
> > +# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
> > +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
> > +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
> > +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
> > +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
> > +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
> > +CVE_CHECK_IGNORE += "CVE-2022-3621"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
> > +# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
> > +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
> > +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
> > +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
> > +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
> > +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
> > +CVE_CHECK_IGNORE += "CVE-2022-3623"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
> > +# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
> > +# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
> > +CVE_CHECK_IGNORE += "CVE-2022-3624"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
> > +# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
> > +# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
> > +# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
> > +# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
> > +# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
> > +# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
> > +CVE_CHECK_IGNORE += "CVE-2022-3625"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
> > +# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
> > +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
> > +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
> > +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
> > +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
> > +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
> > +CVE_CHECK_IGNORE += "CVE-2022-3629"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
> > +# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
> > +# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
> > +# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
> > +CVE_CHECK_IGNORE += "CVE-2022-3630"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
> > +# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
> > +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
> > +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
> > +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
> > +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
> > +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
> > +CVE_CHECK_IGNORE += "CVE-2022-3633"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
> > +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
> > +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
> > +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
> > +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
> > +CVE_CHECK_IGNORE += "CVE-2022-3635"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
> > +# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
> > +# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
> > +CVE_CHECK_IGNORE += "CVE-2022-3636"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
> > +# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
> > +# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
> > +# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
> > +# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
> > +# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
> > +# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
> > +# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
> > +# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
> > +CVE_CHECK_IGNORE += "CVE-2022-3640"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
> > +# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
> > +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
> > +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
> > +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
> > +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
> > +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
> > +CVE_CHECK_IGNORE += "CVE-2022-3646"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
> > +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
> > +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
> > +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
> > +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
> > +CVE_CHECK_IGNORE += "CVE-2022-3649"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
> > +# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
> > +# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
> > +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
> > +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
> > +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
> > +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
> > +CVE_CHECK_IGNORE += "CVE-2022-4382"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
> > +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
> > +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
> > +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
> > +CVE_CHECK_IGNORE += "CVE-2022-26365"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
> > +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
> > +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
> > +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
> > +CVE_CHECK_IGNORE += "CVE-2022-33740"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
> > +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
> > +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
> > +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
> > +CVE_CHECK_IGNORE += "CVE-2022-33741"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
> > +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
> > +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
> > +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
> > +CVE_CHECK_IGNORE += "CVE-2022-33742"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
> > +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
> > +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
> > +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
> > +CVE_CHECK_IGNORE += "CVE-2022-42895"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
> > +# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
> > +# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
> > +# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
> > +CVE_CHECK_IGNORE += "CVE-2022-42896"
> > +
> > +
> > +# 2023
> > +# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
> > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
> > +# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
> > +# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
> > +# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
> > +CVE_CHECK_IGNORE += "CVE-2023-0266"
> > +
> > +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
> > +# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
> > +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
> > +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
> > +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
> > +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
> > +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
> > +CVE_CHECK_IGNORE += "CVE-2023-0394"
> > +
> > +# Wrong CPE in NVD database
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
> > +# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
> > +# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
> > +CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
> >
> > # qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
> > # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
> > --
> > 2.34.1
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#178279): https://lists.openembedded.org/g/openembedded-core/message/178279
> > Mute This Topic: https://lists.openembedded.org/mt/97508355/7494741
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [geoffrey.giry@smile.fr]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
> Regards
> Geoffrey GIRY
> SMILE ECS - R&D Engineer
^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2023-03-10 14:20 UTC | newest]
Thread overview: 34+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-09 22:57 [OE-core][langdale 00/27] Patch review Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 01/27] tiff: fix multiple CVEs Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 02/27] libxml2: Fix CVE-2022-40303 && CVE-2022-40304 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 03/27] qemu: Fix CVE-2022-4144 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 04/27] epiphany: Security fix for CVE-2023-26081 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 05/27] shadow: ignore CVE-2016-15024 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs Steve Sakoman
2023-03-10 8:23 ` Geoffrey GIRY
2023-03-10 14:19 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 07/27] linux-yocto/5.15: update to v5.15.94 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 08/27] linux-yocto/5.15: update to v5.15.96 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 09/27] linux-yocto-rt/5.15: update to -rt59 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 10/27] iso-codes: upgrade 4.12.0 -> 4.13.0 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 11/27] libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 12/27] binutils: Fix nativesdk ld.so search Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 13/27] devtool: ignore patch-fuzz errors when extracting source Steve Sakoman
2023-03-09 23:15 ` Richard Purdie
2023-03-10 2:40 ` Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 14/27] u-boot: Map arm64 into map for u-boot dts installation Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 15/27] oeqa/selftest/prservice: Improve debug output for failure Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 16/27] ffmpeg: fix build failure when vulkan is enabled Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 17/27] systemd: add group sgx to udev package Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 18/27] vim: add missing pkgconfig inherit Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 19/27] mesa-demos: packageconfig weston should have a dependency on wayland-protocols Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 20/27] libcomps: Fix callback function prototype for PyCOMPS_hash Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 21/27] rpm: Fix hdr_hash function prototype Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 22/27] meson: Fix wrapper handling of implicit setup command Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 23/27] oeqa/sdk: Improve Meson test Steve Sakoman
2023-03-09 22:57 ` [OE-core][langdale 24/27] linux: inherit pkgconfig in kernel.bbclass Steve Sakoman
2023-03-09 22:58 ` [OE-core][langdale 25/27] staging: Separate out different multiconfig manifests Steve Sakoman
2023-03-09 23:15 ` Richard Purdie
2023-03-10 2:37 ` Steve Sakoman
2023-03-09 22:58 ` [OE-core][langdale 26/27] lua: Fix install conflict when enable multilib Steve Sakoman
2023-03-09 22:58 ` [OE-core][langdale 27/27] vala: " Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.