* [OE-core][dunfell 1/6] libxml: fix CVE-2021-3517 CVE-2021-3537
2021-06-08 14:42 [OE-core][dunfell 0/6] Patch review Steve Sakoman
@ 2021-06-08 14:42 ` Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 2/6] gnutls: fix CVE-2021-20231 CVE-2021-20232 Steve Sakoman
` (4 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxml/libxml2/CVE-2021-3517.patch | 53 +++++++++++++++++++
.../libxml/libxml2/CVE-2021-3537.patch | 50 +++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
3 files changed, 105 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3517.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3517.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3517.patch
new file mode 100644
index 0000000000..e88a8ae7c6
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3517.patch
@@ -0,0 +1,53 @@
+From bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 Mon Sep 17 00:00:00 2001
+From: Joel Hockey <joel.hockey@gmail.com>
+Date: Sun, 16 Aug 2020 17:19:35 -0700
+Subject: [PATCH] Validate UTF8 in xmlEncodeEntities
+
+Code is currently assuming UTF-8 without validating. Truncated UTF-8
+input can cause out-of-bounds array access.
+
+Adds further checks to partial fix in 50f06b3e.
+
+Fixes #178
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2]
+CVE: CVE-2021-3517
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ entities.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/entities.c b/entities.c
+index 37b99a56..1a8f86f0 100644
+--- a/entities.c
++++ b/entities.c
+@@ -704,11 +704,25 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
+ } else {
+ /*
+ * We assume we have UTF-8 input.
++ * It must match either:
++ * 110xxxxx 10xxxxxx
++ * 1110xxxx 10xxxxxx 10xxxxxx
++ * 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
++ * That is:
++ * cur[0] is 11xxxxxx
++ * cur[1] is 10xxxxxx
++ * cur[2] is 10xxxxxx if cur[0] is 111xxxxx
++ * cur[3] is 10xxxxxx if cur[0] is 1111xxxx
++ * cur[0] is not 11111xxx
+ */
+ char buf[11], *ptr;
+ int val = 0, l = 1;
+
+- if (*cur < 0xC0) {
++ if (((cur[0] & 0xC0) != 0xC0) ||
++ ((cur[1] & 0xC0) != 0x80) ||
++ (((cur[0] & 0xE0) == 0xE0) && ((cur[2] & 0xC0) != 0x80)) ||
++ (((cur[0] & 0xF0) == 0xF0) && ((cur[3] & 0xC0) != 0x80)) ||
++ (((cur[0] & 0xF8) == 0xF8))) {
+ xmlEntitiesErr(XML_CHECK_NOT_UTF8,
+ "xmlEncodeEntities: input not UTF-8");
+ if (doc != NULL)
+--
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
new file mode 100644
index 0000000000..9e64c2a36d
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
@@ -0,0 +1,50 @@
+From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 1 May 2021 16:53:33 +0200
+Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv
+
+Check return value of recursive calls to
+xmlParseElementChildrenContentDeclPriv and return immediately in case
+of errors. Otherwise, struct xmlElementContent could contain unexpected
+null pointers, leading to a null deref when post-validating documents
+which aren't well-formed and parsed in recovery mode.
+
+Fixes #243.
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61]
+CVE: CVE-2021-3537
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ parser.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index b42e6043..73c27edd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
+ SKIP_BLANKS;
+ cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
+ depth + 1);
++ if (cur == NULL)
++ return(NULL);
+ SKIP_BLANKS;
+ GROW;
+ } else {
+@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
+ SKIP_BLANKS;
+ last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
+ depth + 1);
++ if (last == NULL) {
++ if (ret != NULL)
++ xmlFreeDocElementContent(ctxt->myDoc, ret);
++ return(NULL);
++ }
+ SKIP_BLANKS;
+ } else {
+ elem = xmlParseName(ctxt);
+--
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index db660b9869..097613fb28 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -23,6 +23,8 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://CVE-2020-7595.patch \
file://CVE-2019-20388.patch \
file://CVE-2020-24977.patch \
+ file://CVE-2021-3517.patch \
+ file://CVE-2021-3537.patch \
"
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 2/6] gnutls: fix CVE-2021-20231 CVE-2021-20232
2021-06-08 14:42 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 1/6] libxml: fix CVE-2021-3517 CVE-2021-3537 Steve Sakoman
@ 2021-06-08 14:42 ` Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 3/6] linux-yocto/5.4: update to v5.4.120 Steve Sakoman
` (3 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gnutls/gnutls/CVE-2021-20231.patch | 67 +++++++++++++++++++
.../gnutls/gnutls/CVE-2021-20232.patch | 65 ++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.6.14.bb | 2 +
3 files changed, 134 insertions(+)
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
new file mode 100644
index 0000000000..6fe7a21e33
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
@@ -0,0 +1,67 @@
+From 15beb4b193b2714d88107e7dffca781798684e7e Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:32 +0100
+Subject: [PATCH] key_share: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+
+https://gitlab.com/gnutls/gnutls/-/commit/15beb4b193b2714d88107e7dffca781798684e7e
+Upstream-Status: Backport
+CVE: CVE-2021-CVE-2021-20231
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/ext/key_share.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
+index ab8abf8fe6..a8c4bb5cff 100644
+--- a/lib/ext/key_share.c
++++ b/lib/ext/key_share.c
+@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session,
+ {
+ unsigned i;
+ int ret;
+- unsigned char *lengthp;
+- unsigned int cur_length;
+ unsigned int generated = 0;
+ const gnutls_group_entry_st *group;
+ const version_entry_st *ver;
+
+ /* this extension is only being sent on client side */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
++ unsigned int length_pos;
++
+ ver = _gnutls_version_max(session);
+ if (unlikely(ver == NULL || ver->key_shares == 0))
+ return 0;
+@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session,
+ if (!have_creds_for_tls13(session))
+ return 0;
+
+- /* write the total length later */
+- lengthp = &extdata->data[extdata->length];
++ length_pos = extdata->length;
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+- cur_length = extdata->length;
+-
+ if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
+ group = get_group(session);
+ if (unlikely(group == NULL))
+@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session,
+ }
+
+ /* copy actual length */
+- _gnutls_write_uint16(extdata->length - cur_length, lengthp);
++ _gnutls_write_uint16(extdata->length - length_pos - 2,
++ &extdata->data[length_pos]);
+
+ } else { /* server */
+ ver = get_version(session);
+--
+GitLab
+
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
new file mode 100644
index 0000000000..e13917cddb
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
@@ -0,0 +1,65 @@
+From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:50 +0100
+Subject: [PATCH] pre_shared_key: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+
+https://gitlab.com/gnutls/gnutls/-/commit/75a937d97f4fefc6f9b08e3791f151445f551cb3
+Upstream-Status: Backport
+CVE: CVE-2021-CVE-2021-20232
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ lib/ext/pre_shared_key.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
+index a042c6488e..380bf39ed5 100644
+--- a/lib/ext/pre_shared_key.c
++++ b/lib/ext/pre_shared_key.c
+@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
+ size_t spos;
+ gnutls_datum_t username = {NULL, 0};
+ gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
+- gnutls_datum_t client_hello;
++ unsigned client_hello_len;
+ unsigned next_idx;
+ const mac_entry_st *prf_res = NULL;
+ const mac_entry_st *prf_psk = NULL;
+@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session,
+ assert(extdata->length >= sizeof(mbuffer_st));
+ assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
+ ext_offset -= sizeof(mbuffer_st);
+- client_hello.data = extdata->data+sizeof(mbuffer_st);
+- client_hello.size = extdata->length-sizeof(mbuffer_st);
++ client_hello_len = extdata->length-sizeof(mbuffer_st);
+
+ next_idx = 0;
+
+@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session,
+ }
+
+ if (prf_res && rkey.size > 0) {
++ gnutls_datum_t client_hello;
++
++ client_hello.data = extdata->data+sizeof(mbuffer_st);
++ client_hello.size = client_hello_len;
++
+ ret = compute_psk_binder(session, prf_res,
+ binders_len, binders_pos,
+ ext_offset, &rkey, &client_hello, 1,
+@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session,
+ }
+
+ if (prf_psk && user_key.size > 0 && info) {
++ gnutls_datum_t client_hello;
++
++ client_hello.data = extdata->data+sizeof(mbuffer_st);
++ client_hello.size = client_hello_len;
++
+ ret = compute_psk_binder(session, prf_psk,
+ binders_len, binders_pos,
+ ext_offset, &user_key, &client_hello, 0,
+--
+GitLab
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
index 903bb5503a..0c68da7c54 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
@@ -23,6 +23,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://arm_eabi.patch \
file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \
file://CVE-2020-24659.patch \
+ file://CVE-2021-20231.patch \
+ file://CVE-2021-20232.patch \
"
SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 3/6] linux-yocto/5.4: update to v5.4.120
2021-06-08 14:42 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 1/6] libxml: fix CVE-2021-3517 CVE-2021-3537 Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 2/6] gnutls: fix CVE-2021-20231 CVE-2021-20232 Steve Sakoman
@ 2021-06-08 14:42 ` Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 4/6] linux-yocto/5.4: update to v5.4.123 Steve Sakoman
` (2 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
e05d387ba736 Linux 5.4.120
7f4ac21468b0 ASoC: rsnd: check all BUSIF status when error
7f6a9044ff24 nvme: do not try to reconfigure APST when the controller is not live
aa9d659856b1 clk: exynos7: Mark aclk_fsys1_200 as critical
baea536cf51f netfilter: conntrack: Make global sysctls readonly in non-init netns
fb80624f39d3 kobject_uevent: remove warning in init_uevent_argv()
658e8982f0eb usb: typec: tcpm: Fix error while calculating PPS out values
718f1c1fdf78 ARM: 9027/1: head.S: explicitly map DT even if it lives in the first physical section
3c63b72ffba0 ARM: 9020/1: mm: use correct section size macro to describe the FDT virtual address
b05a28f47582 ARM: 9012/1: move device tree mapping out of linear region
69e44f71319b ARM: 9011/1: centralize phys-to-virt conversion of DT/ATAGS address
bb4f8ead473a f2fs: fix error handling in f2fs_end_enable_verity()
7a474350d8de thermal/core/fair share: Lock the thermal zone while looping over instances
2c44110300b8 MIPS: Avoid handcoded DIVU in `__div64_32' altogether
2759b770b53e MIPS: Avoid DIVU in `__div64_32' is result would be zero
02b120493a9c MIPS: Reinstate platform `__div64_32' handler
64508ebf9391 FDDI: defxx: Make MMIO the configuration default except for EISA
ecdf893c5aef mm: fix struct page layout on 32-bit systems
187598fd82cb KVM: x86: Cancel pvclock_gtod_work on module removal
cdaae487e85b cdc-wdm: untangle a circular dependency between callback and softint
b1de23dbeca7 iio: tsl2583: Fix division by a zero lux_val
8229f1d40501 iio: gyro: mpu3050: Fix reported temperature value
2496ead8b1b1 xhci: Add reset resume quirk for AMD xhci controller.
de72d8769bcf xhci: Do not use GFP_KERNEL in (potentially) atomic context
941328f7bda6 usb: dwc3: gadget: Return success always for kick transfer in ep queue
7f15d999dd61 usb: core: hub: fix race condition about TRSMRCY of resume
8f536512db87 usb: dwc2: Fix gadget DMA unmap direction
36399169e6a0 usb: xhci: Increase timeout for HC halt
68b5f65eaa6a usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
04904d90a71a usb: dwc3: omap: improve extcon initialization
f78e2c36609b iomap: fix sub-page uptodate handling
3c1db90ae0d0 blk-mq: Swap two calls in blk_mq_exit_queue()
1c4962df9388 nbd: Fix NULL pointer in flush_workqueue
0b6b4b90b74c kyber: fix out of bounds access when preempted
dafd4c0b5e83 ACPI: scan: Fix a memory leak in an error handling path
1648505d1353 hwmon: (occ) Fix poll rate limiting
fa1547f6e4fb usb: fotg210-hcd: Fix an error message
57f99e92e2f7 iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
2b94c23eaf5e drm/i915: Avoid div-by-zero on gen2
a9b2ac3f6ad1 drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
f77aa56ad989 mm/hugetlb: fix F_SEAL_FUTURE_WRITE
b3f1731c6d7f userfaultfd: release page in error path to avoid BUG_ON
1b8d4206a48c squashfs: fix divide error in calculate_skip()
c451a6bafb5f hfsplus: prevent corruption in shrinking truncate
0b4eb172cc12 powerpc/64s: Fix crashes when toggling entry flush barrier
379ea3a4e34b powerpc/64s: Fix crashes when toggling stf barrier
9cca6cc73bb9 ARC: mm: PAE: use 40-bit physical page mask
e242c138ae01 ARC: entry: fix off-by-one error in syscall number validation
9c1d454726fc i40e: Fix PHY type identifiers for 2.5G and 5G adapters
7e7b538a9af5 i40e: fix the restart auto-negotiation after FEC modified
d718c15a2bf9 i40e: Fix use-after-free in i40e_client_subtask()
c77e2ef18167 netfilter: nftables: avoid overflows in nft_hash_buckets()
a8cfa7aff11d kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
043ebbccdde6 sched/fair: Fix unfairness caused by missing load decay
687f523c134b sched: Fix out-of-bound access in uclamp
51d3e462ea91 can: m_can: m_can_tx_work_queue(): fix tx_skb race condition
c8e3c76cc8c5 netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
ca74d0dbaffa smc: disallow TCP_ULP in smc_setsockopt()
2f9f92e2ecec net: fix nla_strcmp to handle more then one trailing null character
6aeba28d1213 ksm: fix potential missing rmap_item for stable_node
dde73137ce9c mm/migrate.c: fix potential indeterminate pte entry in migrate_vma_insert_page()
262943265d97 mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
3ddbd4beadfa khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
1816d1b3272a drm/radeon: Avoid power table parsing memory leaks
8e0b76725c38 drm/radeon: Fix off-by-one power_state index heap overwrite
9e3cbdc52318 netfilter: xt_SECMARK: add new revision to fix structure layout
7a0a9f5cf8b5 sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
f7f6f0777409 ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
a04c2a398dc9 sunrpc: Fix misplaced barrier in call_decode
b8168792c3fb RISC-V: Fix error code returned by riscv_hartid_to_cpuid()
b1b31948c0af sctp: do asoc update earlier in sctp_sf_do_dupcook_a
2e99f6871493 net: hns3: disable phy loopback setting in hclge_mac_start_phy
954ea8a0cfe1 net: hns3: use netif_tx_disable to stop the transmit queue
c073c2b27285 net: hns3: fix for vxlan gpe tx checksum bug
56e680c09002 net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet()
282d8a6a5546 net: hns3: initialize the message content in hclge_get_link_mode()
ccffcc9f3574 net: hns3: fix incorrect configuration for igu_egu_hw_err
3dd2cd64466e rtc: ds1307: Fix wday settings for rx8130
2ad8af2b70e9 ceph: fix inode leak on getattr error in __fh_to_dentry
b37609ad2277 rtc: fsl-ftm-alarm: add MODULE_TABLE()
7d1ada9e1096 NFSv4.2 fix handling of sr_eof in SEEK's reply
89862bd77e9c pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
ff4d21fb2261 PCI: endpoint: Fix missing destroy_workqueue()
bdbee0d84520 NFS: Deal correctly with attribute generation counter overflow
7e16709fc540 NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
20f9516b8372 rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
3ed8832aeaa9 ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
0454a3dc8747 PCI: Release OF node in pci_scan_device()'s error path
364e8bb8b425 PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
e150f825ca29 f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
f49f00dbe3d0 thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params()
f599960166a0 ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
44d96d2dc054 ia64: module: fix symbolizer crash on fdescr
8b88f16d9d30 bnxt_en: Add PCI IDs for Hyper-V VF devices.
98e1d0fe20ed net: ethernet: mtk_eth_soc: fix RX VLAN offload
5da6affd9c7e iavf: remove duplicate free resources calls
40d1cb16a578 powerpc/iommu: Annotate nested lock for lockdep
d26436a3b913 qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
9184f2608e89 wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
78a004cdfd2d wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
cd06b0786056 drm/amd/display: fixed divide by zero kernel crash during dsc enablement
eed7287db3a9 powerpc/pseries: Stop calling printk in rtas_stop_self()
63a42044b9a1 samples/bpf: Fix broken tracex1 due to kprobe argument change
9f6e107aab14 net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule
3aa4e4d7ccf4 ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
061868e90062 ASoC: rt286: Generalize support for ALC3263 codec
56a6218e97db powerpc/smp: Set numa node before updating mask
dfa2a8d2d8a7 flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target()
5f24807c3cba sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
9fc2c9579415 ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume
f59db26081c0 kconfig: nconf: stop endless search loops
c262de1777e4 selftests: Set CC to clang in lib.mk if LLVM is set
2b9ad1fd9dd2 drm/amd/display: Force vsync flip when reconfiguring MPCC
10ed519fa825 iommu/amd: Remove performance counter pre-initialization test
82f6753ac96b Revert "iommu/amd: Fix performance counter initialization"
ae33b2f845fd ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
d61f2d938135 cuse: prevent clone
7dac356a65db mt76: mt76x0: disable GTK offloading
48be573a04f1 pinctrl: samsung: use 'int' for register masks in Exynos
f88e0fbeff0f mac80211: clear the beacon's CRC after channel switch
fadf3660a24f i2c: Add I2C_AQ_NO_REP_START adapter quirk
7ffafbf2537d ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
98ebeb87b2cf ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
fae341909d6c Bluetooth: check for zapped sk before connecting
29e498ff183a net: bridge: when suppression is enabled exclude RARP packets
a3893726745f Bluetooth: initialize skb_queue_head at l2cap_chan_create()
ca0dec6564e6 Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
1ac09b2bdc99 ALSA: bebob: enable to deliver MIDI messages for multiple ports
e2f577188581 ALSA: rme9652: don't disable if not enabled
a6f2224be419 ALSA: hdspm: don't disable if not enabled
4ea252600a7d ALSA: hdsp: don't disable if not enabled
7900cdfbc1dd i2c: bail out early when RDWR parameters are wrong
3c0432417fa3 ASoC: rsnd: core: Check convert rate in rsnd_hw_params
e3564792359d net: stmmac: Set FIFO sizes for ipq806x
ac740f06bf53 ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
aee46e847d19 tipc: convert dest node's address to network order
ccef53a27a24 fs: dlm: fix debugfs dump
6c799f6c7427 PM: runtime: Fix unpaired parent child_count for force_resume
18cb19eab713 KVM: x86/mmu: Remove the defunct update_pte() paging hook
e888d623a420 tpm, tpm_tis: Reserve locality in tpm_tis_resume()
a0fd39a09e31 tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt()
0a60d4be38f0 tpm: fix error return code in tpm2_get_cc_attrs_tbl()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d5da1fa69df93d85b7eebbe8d60108eed4e4e6a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 2d9a6f50ad..62124af43b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "62f2f19316f63910f27760e24314d02814a8a90e"
-SRCREV_meta ?= "9e2546ab8d63f70ba458eb159d29ce6736ffd3e4"
+SRCREV_machine ?= "5c7a781b20543c57a49ffc6fabac59cb769bd895"
+SRCREV_meta ?= "76aa6f85d62f7fc05c4b3e371fafe74290fc2238"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.119"
+LINUX_VERSION ?= "5.4.120"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 26a7da085a..9045dade6e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.119"
+LINUX_VERSION ?= "5.4.120"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "de992e88dcfe547cc08bfc1a371b0fc0c0892a31"
-SRCREV_machine ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_meta ?= "9e2546ab8d63f70ba458eb159d29ce6736ffd3e4"
+SRCREV_machine_qemuarm ?= "0e1e637fa02afed13331ed27345233fb3969134b"
+SRCREV_machine ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_meta ?= "76aa6f85d62f7fc05c4b3e371fafe74290fc2238"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 66a5a49b29..bf2e8944c6 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "715f9e60c9426156cb73904e65d39daea51288ca"
-SRCREV_machine_qemuarm64 ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_machine_qemumips ?= "bd95d2d0a38cf539f34d84740262c4d3aef1833f"
-SRCREV_machine_qemuppc ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_machine_qemuriscv64 ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_machine_qemux86 ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_machine_qemux86-64 ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_machine_qemumips64 ?= "45be3768458cb4186ee2761de2a414e323bd6fe0"
-SRCREV_machine ?= "8997f663001be812a7670488ac8698eb916d9d50"
-SRCREV_meta ?= "9e2546ab8d63f70ba458eb159d29ce6736ffd3e4"
+SRCREV_machine_qemuarm ?= "56b22a7df23bba68edae26b7edd742f298703f54"
+SRCREV_machine_qemuarm64 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_machine_qemumips ?= "58a596a8a9547627afb002264cf2f2084c9856ac"
+SRCREV_machine_qemuppc ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_machine_qemuriscv64 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_machine_qemux86 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_machine_qemux86-64 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_machine_qemumips64 ?= "f24f74364767d24f7b1a4967c162af693897ee51"
+SRCREV_machine ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
+SRCREV_meta ?= "76aa6f85d62f7fc05c4b3e371fafe74290fc2238"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.119"
+LINUX_VERSION ?= "5.4.120"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 4/6] linux-yocto/5.4: update to v5.4.123
2021-06-08 14:42 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (2 preceding siblings ...)
2021-06-08 14:42 ` [OE-core][dunfell 3/6] linux-yocto/5.4: update to v5.4.120 Steve Sakoman
@ 2021-06-08 14:42 ` Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 5/6] kernel-fitimage: Don't use unit addresses on FIT Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 6/6] kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
103f1dbea1ae Linux 5.4.123
af2a4426baf7 NFC: nci: fix memory leak in nci_allocate_device
45aef101ca44 perf unwind: Set userdata for all __report_module() paths
2960df32bb72 perf unwind: Fix separate debug info files when using elfutils' libdw's unwinder
f3d9f09b10e3 usb: dwc3: gadget: Enable suspend events
3173c7c80785 bpf: No need to simulate speculative domain for immediates
2b3cc41d500a bpf: Fix mask direction swap upon off reg sign change
2768f9962231 bpf: Wrap aux data inside bpf_sanitize_info container
67154cff6258 Linux 5.4.122
f97257cde764 Bluetooth: SMP: Fail if remote and local public keys are identical
46b4a9c68572 video: hgafb: correctly handle card detect failure during probe
3c18dc7de2bc nvmet: use new ana_log_size instead the old one
a6f5ef8c1717 Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS
d3d648163a03 ext4: fix error handling in ext4_end_enable_verity()
829203752441 nvme-multipath: fix double initialization of ANA state
2dea1e9ae5cf tty: vt: always invoke vc->vc_sw->con_resize callback
cf52b24b172e vt: Fix character height handling with VT_RESIZEX
971b3fb5b9a6 vgacon: Record video mode changes with VT_RESIZEX
f0c9d29f232a video: hgafb: fix potential NULL pointer dereference
44fe392e1adc qlcnic: Add null check after calling netdev_alloc_skb
4914c67f1a62 leds: lp5523: check return value of lp5xx_read and jump to cleanup code
171b3c1afaeb ics932s401: fix broken handling of errors when word reading fails
d14cd329d83b net: rtlwifi: properly check for alloc_workqueue() failure
533ac32a80c0 scsi: ufs: handle cleanup correctly on devm_reset_control_get error
9e38cf9c3070 net: stmicro: handle clk_prepare() failure during init
9d59d4364dfb ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
8f2efd687d19 Revert "niu: fix missing checks of niu_pci_eeprom_read"
04a064b36576 Revert "qlcnic: Avoid potential NULL pointer dereference"
6d53d54ff5be Revert "rtlwifi: fix a potential NULL pointer dereference"
7fb963895513 Revert "media: rcar_drif: fix a memory disclosure"
6f2e5eb82557 cdrom: gdrom: initialize global variable at init time
283cd246bcc1 cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
7e230e5ed8fd Revert "gdrom: fix a memory leak bug"
6ef6f8cd1d34 Revert "scsi: ufs: fix a missing check of devm_reset_control_get"
9c24899f1fae Revert "ecryptfs: replace BUG_ON with error handling code"
a1f0e2bb4975 Revert "video: imsttfb: fix potential NULL pointer dereferences"
bd2a12549fc2 Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
5c463887edb3 Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
1cb9f88cde8c Revert "net: stmicro: fix a missing check of clk_prepare"
6f2a72774f38 Revert "video: hgafb: fix potential NULL pointer dereference"
3471a221f308 dm snapshot: fix crash with transient storage and zero chunk size
198ee66478b3 xen-pciback: reconfigure also from backend watch handler
f1d3c63c3f12 mmc: sdhci-pci-gli: increase 1.8V regulator wait
d9e9ec363560 drm/amdgpu: update sdma golden setting for Navi12
e3be683d5e4e drm/amdgpu: update gc golden setting for Navi12
1f0495355b60 drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang
c11d59e5edba Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference"
d55df42ef369 rapidio: handle create_workqueue() failure
9f2a613e4b0b Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails"
cdd91637d4ef uio_hv_generic: Fix a memory leak in error handling paths
b0fc59e62bf9 ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx
c4e7ed4fa1b1 ALSA: hda/realtek: Add fixup for HP OMEN laptop
2331f2592879 ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA
1c783bfa7f8d ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
be1f7f30b66b ALSA: hda/realtek: reset eapd coeff to default value for alc287
b2297d1b9511 ALSA: firewire-lib: fix check for the size of isochronous packet payload
f95aabb6aed4 Revert "ALSA: sb8: add a check for request_region"
2ed8227ebd84 ALSA: hda: fixup headset for ASUS GU502 laptop
7ef36d303592 ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
844faf4a9675 ALSA: usb-audio: Validate MS endpoint descriptors
c7456fc35dc8 ALSA: firewire-lib: fix calculation for size of IR context payload
7981c124e34d ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
f72b96ff7935 ALSA: line6: Fix racy initialization of LINE6 MIDI
048840df6de8 ALSA: intel8x0: Don't update period unless prepared
a67a88f9e667 ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
34413f21acea cifs: fix memory leak in smb2_copychunk_range
20197d327560 btrfs: avoid RCU stalls while running delayed iputs
845c2b9d99b6 locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
439ce949ee90 nvmet: seset ns->file when open fails
670d34d54320 ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
88128a5054f1 RDMA/uverbs: Fix a NULL vs IS_ERR() bug
6fa78a6b9a3b platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
6e90ff540a7b platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
66abc4ef6a8b RDMA/core: Don't access cm_id after its destruction
73e25a2d51bb RDMA/mlx5: Recover from fatal event in dual port mode
8d8b8016e0af scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
07865459eb62 scsi: ufs: core: Increase the usable queue depth
a62225d951d7 RDMA/rxe: Clear all QP fields if creation failed
257f132342ea RDMA/siw: Release xarray entry
a19bb4c0566c RDMA/siw: Properly check send and receive CQ pointers
a03676848886 openrisc: Fix a memory leak
50fd584fbbb3 firmware: arm_scpi: Prevent the ternary sign expansion bug
b239a0365b93 Linux 5.4.121
b63a8e5b4a25 scripts: switch explicitly to Python 3
2cbb484788fe tweewide: Fix most Shebang lines
252495806968 KVM: arm64: Initialize VCPU mdcr_el2 before loading it
50e5c93ca647 ipv6: remove extra dev_hold() for fallback tunnels
b811a8a72366 ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
f5ddecb6a195 sit: proper dev_{hold|put} in ndo_[un]init methods
cca2a2b340a9 ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
084a1858e256 net: stmmac: Do not enable RX FIFO overflow interrupts
94600a8300c7 lib: stackdepot: turn depot_lock spinlock to raw_spinlock
5233f4465e22 block: reexpand iov_iter after read/write
48744773d63e ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
0ce1a72ac9b0 gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
b3252a87a811 drm/amd/display: Fix two cursor duplication when using overlay
6cc777c6acbb bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit
c5946eb52b73 scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found
e39a105abbe5 ceph: fix fscache invalidation
13bc6bda6a1e scsi: lpfc: Fix illegal memory access on Abort IOCBs
e69c7c149199 riscv: Workaround mcount name prior to clang-13
cd3ab0ac0a54 scripts/recordmcount.pl: Fix RISC-V regex for clang
cfa65174402f ARM: 9075/1: kernel: Fix interrupted SMC calls
a5923afb6149 um: Disable CONFIG_GCOV with MODULES
2fe3fbcc53b8 um: Mark all kernel symbols as local
cec4c3810ba3 Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
29da2bab24e9 Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
bbd7ba95bb06 ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
64f8e9526e31 ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
41dd2ede9536 dmaengine: dw-edma: Fix crash on loading/unloading driver
b003a4923628 PCI: thunder: Fix compile testing
a05fb4ac72fb virtio_net: Do not pull payload in skb->head
0d08bbce231b xsk: Simplify detection of empty and full rings
323deebaa2d0 pinctrl: ingenic: Improve unreachable code generation
e57e2dd9bbdd isdn: capi: fix mismatched prototypes
7958cdd64cdf cxgb4: Fix the -Wmisleading-indentation warning
acb4faa5f577 usb: sl811-hcd: improve misleading indentation
eabb93e34425 kgdb: fix gcc-11 warning on indentation
b806b41bf55d x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 881ed7938f84ba89b9bb20ce8e45ef9d85e80cb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 62124af43b..3643e6af46 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "5c7a781b20543c57a49ffc6fabac59cb769bd895"
-SRCREV_meta ?= "76aa6f85d62f7fc05c4b3e371fafe74290fc2238"
+SRCREV_machine ?= "c279b45a44858da788a13f23130ed06663e77c57"
+SRCREV_meta ?= "aa019cb8e4af653d6e136f1b8720884b97ddde49"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.120"
+LINUX_VERSION ?= "5.4.123"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 9045dade6e..cf8e81e0f3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.120"
+LINUX_VERSION ?= "5.4.123"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "0e1e637fa02afed13331ed27345233fb3969134b"
-SRCREV_machine ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_meta ?= "76aa6f85d62f7fc05c4b3e371fafe74290fc2238"
+SRCREV_machine_qemuarm ?= "445028ae9ec9a904122bb5c60995def98d2b1ddc"
+SRCREV_machine ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_meta ?= "aa019cb8e4af653d6e136f1b8720884b97ddde49"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index bf2e8944c6..7282fbcd6e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "56b22a7df23bba68edae26b7edd742f298703f54"
-SRCREV_machine_qemuarm64 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_machine_qemumips ?= "58a596a8a9547627afb002264cf2f2084c9856ac"
-SRCREV_machine_qemuppc ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_machine_qemuriscv64 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_machine_qemux86 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_machine_qemux86-64 ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_machine_qemumips64 ?= "f24f74364767d24f7b1a4967c162af693897ee51"
-SRCREV_machine ?= "0695891aff8c530c4a4ded7f17d6a262a15a0043"
-SRCREV_meta ?= "76aa6f85d62f7fc05c4b3e371fafe74290fc2238"
+SRCREV_machine_qemuarm ?= "c292705386cfec860dad5e1dee74f22407fb7f94"
+SRCREV_machine_qemuarm64 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_machine_qemumips ?= "d4c949dc0b88dba72f9f94a18fd994aa8482ff8e"
+SRCREV_machine_qemuppc ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_machine_qemuriscv64 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_machine_qemux86 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_machine_qemux86-64 ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_machine_qemumips64 ?= "417e8e4e101314f02439a88c78d4cf2ab98df209"
+SRCREV_machine ?= "edc1395a32f99faaebc6b48769c4bd02a8b074be"
+SRCREV_meta ?= "aa019cb8e4af653d6e136f1b8720884b97ddde49"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.120"
+LINUX_VERSION ?= "5.4.123"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 5/6] kernel-fitimage: Don't use unit addresses on FIT
2021-06-08 14:42 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (3 preceding siblings ...)
2021-06-08 14:42 ` [OE-core][dunfell 4/6] linux-yocto/5.4: update to v5.4.123 Steve Sakoman
@ 2021-06-08 14:42 ` Steve Sakoman
2021-06-08 14:42 ` [OE-core][dunfell 6/6] kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
From: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Das U-Boot 2021.4-rc1 has the following commit:
commit 3f04db891a353f4b127ed57279279f851c6b4917
Author: Simon Glass <sjg@chromium.org>
Date: Mon Feb 15 17:08:12 2021 -0700
image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for
this and disallow it.
CVE-2021-27138
Adjust the kernel-fitimage.bbclass accordingly to not use unit
addresses. This changte is required before we can bump U-Boot to 2021.4.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Backport for Dunfell]
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel-fitimage.bbclass | 32 ++++++++++++++--------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index b4d8ff8309..5f5e9dd444 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -124,7 +124,7 @@ fitimage_emit_section_kernel() {
fi
cat << EOF >> ${1}
- kernel@${2} {
+ kernel-${2} {
description = "Linux kernel";
data = /incbin/("${3}");
type = "kernel";
@@ -133,7 +133,7 @@ fitimage_emit_section_kernel() {
compression = "${4}";
load = <${UBOOT_LOADADDRESS}>;
entry = <${ENTRYPOINT}>;
- hash@1 {
+ hash-1 {
algo = "${kernel_csum}";
};
};
@@ -160,14 +160,14 @@ fitimage_emit_section_dtb() {
dtb_loadline="load = <${UBOOT_DTB_LOADADDRESS}>;"
fi
cat << EOF >> ${1}
- fdt@${2} {
+ fdt-${2} {
description = "Flattened Device Tree blob";
data = /incbin/("${3}");
type = "flat_dt";
arch = "${UBOOT_ARCH}";
compression = "none";
${dtb_loadline}
- hash@1 {
+ hash-1 {
algo = "${dtb_csum}";
};
};
@@ -185,7 +185,7 @@ fitimage_emit_section_setup() {
setup_csum="${FIT_HASH_ALG}"
cat << EOF >> ${1}
- setup@${2} {
+ setup-${2} {
description = "Linux setup.bin";
data = /incbin/("${3}");
type = "x86_setup";
@@ -194,7 +194,7 @@ fitimage_emit_section_setup() {
compression = "none";
load = <0x00090000>;
entry = <0x00090000>;
- hash@1 {
+ hash-1 {
algo = "${setup_csum}";
};
};
@@ -221,7 +221,7 @@ fitimage_emit_section_ramdisk() {
fi
cat << EOF >> ${1}
- ramdisk@${2} {
+ ramdisk-${2} {
description = "${INITRAMFS_IMAGE}";
data = /incbin/("${3}");
type = "ramdisk";
@@ -230,7 +230,7 @@ fitimage_emit_section_ramdisk() {
compression = "none";
${ramdisk_loadline}
${ramdisk_entryline}
- hash@1 {
+ hash-1 {
algo = "${ramdisk_csum}";
};
};
@@ -266,39 +266,39 @@ fitimage_emit_section_config() {
if [ -n "${2}" ]; then
conf_desc="Linux kernel"
sep=", "
- kernel_line="kernel = \"kernel@${2}\";"
+ kernel_line="kernel = \"kernel-${2}\";"
fi
if [ -n "${3}" ]; then
conf_desc="${conf_desc}${sep}FDT blob"
sep=", "
- fdt_line="fdt = \"fdt@${3}\";"
+ fdt_line="fdt = \"fdt-${3}\";"
fi
if [ -n "${4}" ]; then
conf_desc="${conf_desc}${sep}ramdisk"
sep=", "
- ramdisk_line="ramdisk = \"ramdisk@${4}\";"
+ ramdisk_line="ramdisk = \"ramdisk-${4}\";"
fi
if [ -n "${5}" ]; then
conf_desc="${conf_desc}${sep}setup"
- setup_line="setup = \"setup@${5}\";"
+ setup_line="setup = \"setup-${5}\";"
fi
if [ "${6}" = "1" ]; then
- default_line="default = \"conf@${3}\";"
+ default_line="default = \"conf-${3}\";"
fi
cat << EOF >> ${1}
${default_line}
- conf@${3} {
+ conf-${3} {
description = "${6} ${conf_desc}";
${kernel_line}
${fdt_line}
${ramdisk_line}
${setup_line}
- hash@1 {
+ hash-1 {
algo = "${conf_csum}";
};
EOF
@@ -330,7 +330,7 @@ EOF
sign_line="${sign_line};"
cat << EOF >> ${1}
- signature@1 {
+ signature-1 {
algo = "${conf_csum},${conf_sign_algo}";
key-name-hint = "${conf_sign_keyname}";
${sign_line}
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 6/6] kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags
2021-06-08 14:42 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (4 preceding siblings ...)
2021-06-08 14:42 ` [OE-core][dunfell 5/6] kernel-fitimage: Don't use unit addresses on FIT Steve Sakoman
@ 2021-06-08 14:42 ` Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Currently DTC_FLAGS kernel makefile parameter can be specified directly on the
command line by adding it to KERNEL_EXTRA_ARGS. However, this prevents
scripts/Makefile.lib logic from appending flags that silence dtc warnings (all
assignments done from within a makefile, to a variable specified on the command
line, are ignored).
Because of this, the do_compile log is cluttered with dtc warnings that should
only be printed when compiling with W="123":
...
/soc: node has a reg or ranges property, but no unit name
/soc/gpu: missing or empty reg/ranges property
/soc/firmware/gpio: missing or empty reg/ranges property
...
To fix this, introduce the dedicated KERNEL_DTC_FLAGS variable to hold
dtc flags and export DTC_FLAGS in the environment before generating the dtbs
(make allows "+=" operations on variables that come from the environment, so
the warnings are silenced properly).
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 063b5de86624a42b0aa784db6dddc7552a6dee7f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel-devicetree.bbclass | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/meta/classes/kernel-devicetree.bbclass b/meta/classes/kernel-devicetree.bbclass
index 81dda8003f..d4f8864200 100644
--- a/meta/classes/kernel-devicetree.bbclass
+++ b/meta/classes/kernel-devicetree.bbclass
@@ -9,6 +9,9 @@ FILES_${KERNEL_PACKAGE_NAME}-image-zimage-bundle = "/${KERNEL_IMAGEDEST}/zImage-
# Generate kernel+devicetree bundle
KERNEL_DEVICETREE_BUNDLE ?= "0"
+# dtc flags passed via DTC_FLAGS env variable
+KERNEL_DTC_FLAGS ?= ""
+
normalize_dtb () {
dtb="$1"
if echo $dtb | grep -q '/dts/'; then
@@ -50,6 +53,10 @@ do_configure_append() {
}
do_compile_append() {
+ if [ -n "${KERNEL_DTC_FLAGS}" ]; then
+ export DTC_FLAGS="${KERNEL_DTC_FLAGS}"
+ fi
+
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
oe_runmake $dtb CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS}
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread