* [hardknott][PATCH 01/28] ffmpeg: fix CVE-2020-20446
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 02/28] ffmpeg: fix CVE-2020-20453 Anuj Mittal
` (26 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Tony Tascioglu <tony.tascioglu@windriver.com>
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-20446
Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2020-20446.patch | 35 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
new file mode 100644
index 0000000000..4fe80cffa1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
@@ -0,0 +1,35 @@
+From 073bad2fcae5be78c11a1623a20319107dfae9f8 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Fri, 28 May 2021 20:18:25 +0200
+Subject: [PATCH 1/5] avcodec/aacpsy: Avoid floating point division by 0 of
+ norm_fac
+
+Fixes: Ticket7995
+Fixes: CVE-2020-20446
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2020-20446
+Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
+
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ libavcodec/aacpsy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c
+index fca692cb15..bd444fecdc 100644
+--- a/libavcodec/aacpsy.c
++++ b/libavcodec/aacpsy.c
+@@ -794,7 +794,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
+
+ if (pe < 1.15f * desired_pe) {
+ /* 6.6.1.3.6 "Final threshold modification by linearization" */
+- norm_fac = 1.0f / norm_fac;
++ norm_fac = norm_fac ? 1.0f / norm_fac : 0;
+ for (w = 0; w < wi->num_windows*16; w += 16) {
+ for (g = 0; g < num_bands; g++) {
+ AacPsyBand *band = &pch->band[w+g];
+--
+2.32.0
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 08be38ca50..b4fbebe414 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://mips64_cpu_detection.patch \
file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
+ file://fix-CVE-2020-20446.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 02/28] ffmpeg: fix CVE-2020-20453
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 01/28] ffmpeg: fix CVE-2020-20446 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 03/28] ffmpeg: fix CVE-2020-22015 Anuj Mittal
` (25 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Tony Tascioglu <tony.tascioglu@windriver.com>
avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-20453
Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2020-20453.patch | 42 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch
new file mode 100644
index 0000000000..4e430726b0
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch
@@ -0,0 +1,42 @@
+From 80f9cbee46757430af0769ec999ca702be652f7f Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Fri, 28 May 2021 21:37:26 +0200
+Subject: [PATCH 2/5] avcodec/aacenc: Avoid 0 lambda
+
+Fixes: Ticket8003
+Fixes: CVE-2020-20453
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2020-20453
+Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8]
+
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ libavcodec/aacenc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
+index db11e0ca29..9c6cb75be4 100644
+--- a/libavcodec/aacenc.c
++++ b/libavcodec/aacenc.c
+@@ -28,6 +28,7 @@
+ * TODOs:
+ * add sane pulse detection
+ ***********************************/
++#include <float.h>
+
+ #include "libavutil/libm.h"
+ #include "libavutil/thread.h"
+@@ -856,7 +857,7 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
+ /* Not so fast though */
+ ratio = sqrtf(ratio);
+ }
+- s->lambda = FFMIN(s->lambda * ratio, 65536.f);
++ s->lambda = av_clipf(s->lambda * ratio, FLT_MIN, 65536.f);
+
+ /* Keep iterating if we must reduce and lambda is in the sky */
+ if (ratio > 0.9f && ratio < 1.1f) {
+--
+2.32.0
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index b4fbebe414..3917ad9c2c 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://mips64_cpu_detection.patch \
file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
file://fix-CVE-2020-20446.patch \
+ file://fix-CVE-2020-20453.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 03/28] ffmpeg: fix CVE-2020-22015
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 01/28] ffmpeg: fix CVE-2020-20446 Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 02/28] ffmpeg: fix CVE-2020-20453 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 04/28] ffmpeg: fix CVE-2020-22021 Anuj Mittal
` (24 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Tony Tascioglu <tony.tascioglu@windriver.com>
avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-22015
Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2020-22015.patch | 44 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch
new file mode 100644
index 0000000000..1fdb31de7d
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch
@@ -0,0 +1,44 @@
+From dce5d2c2ee991f8cd96ab74d51a2d1a134a1a645 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 29 May 2021 09:22:27 +0200
+Subject: [PATCH 3/5] avformat/movenc: Check pal_size before use
+
+Fixes: assertion failure
+Fixes: out of array read
+Fixes: Ticket8190
+Fixes: CVE-2020-22015
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+
+CVE: CVE-2020-22015
+Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46]
+
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ libavformat/movenc.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/movenc.c b/libavformat/movenc.c
+index c34d86522a..9603704083 100644
+--- a/libavformat/movenc.c
++++ b/libavformat/movenc.c
+@@ -2094,11 +2094,13 @@ static int mov_write_video_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContex
+ avio_wb16(pb, 0x18); /* Reserved */
+
+ if (track->mode == MODE_MOV && track->par->format == AV_PIX_FMT_PAL8) {
+- int pal_size = 1 << track->par->bits_per_coded_sample;
+- int i;
++ int pal_size, i;
+ avio_wb16(pb, 0); /* Color table ID */
+ avio_wb32(pb, 0); /* Color table seed */
+ avio_wb16(pb, 0x8000); /* Color table flags */
++ if (track->par->bits_per_coded_sample < 0 || track->par->bits_per_coded_sample > 8)
++ return AVERROR(EINVAL);
++ pal_size = 1 << track->par->bits_per_coded_sample;
+ avio_wb16(pb, pal_size - 1); /* Color table size (zero-relative) */
+ for (i = 0; i < pal_size; i++) {
+ uint32_t rgb = track->palette[i];
+--
+2.32.0
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 3917ad9c2c..c9c82b0398 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -28,6 +28,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
file://fix-CVE-2020-20446.patch \
file://fix-CVE-2020-20453.patch \
+ file://fix-CVE-2020-22015.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 04/28] ffmpeg: fix CVE-2020-22021
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (2 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 03/28] ffmpeg: fix CVE-2020-22015 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 05/28] ffmpeg: fix CVE-2020-22019 and CVE-2020-22033 Anuj Mittal
` (23 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Tony Tascioglu <tony.tascioglu@windriver.com>
avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-22021
Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2020-22021.patch | 87 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 88 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch
new file mode 100644
index 0000000000..05cba736ff
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch
@@ -0,0 +1,87 @@
+From 384177ca945395c8cf0ebbddd4b8b1eae64e900f Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 29 May 2021 11:17:35 +0200
+Subject: [PATCH 4/5] avfilter/vf_yadif: Fix handing of tiny images
+
+Fixes: out of array access
+Fixes: Ticket8240
+Fixes: CVE-2020-22021
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2020-22021
+Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b]
+
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ libavfilter/vf_yadif.c | 32 ++++++++++++++++++--------------
+ 1 file changed, 18 insertions(+), 14 deletions(-)
+
+diff --git a/libavfilter/vf_yadif.c b/libavfilter/vf_yadif.c
+index 43dea67add..06fd24ecfa 100644
+--- a/libavfilter/vf_yadif.c
++++ b/libavfilter/vf_yadif.c
+@@ -123,20 +123,22 @@ static void filter_edges(void *dst1, void *prev1, void *cur1, void *next1,
+ uint8_t *next2 = parity ? cur : next;
+
+ const int edge = MAX_ALIGN - 1;
++ int offset = FFMAX(w - edge, 3);
+
+ /* Only edge pixels need to be processed here. A constant value of false
+ * for is_not_edge should let the compiler ignore the whole branch. */
+- FILTER(0, 3, 0)
++ FILTER(0, FFMIN(3, w), 0)
+
+- dst = (uint8_t*)dst1 + w - edge;
+- prev = (uint8_t*)prev1 + w - edge;
+- cur = (uint8_t*)cur1 + w - edge;
+- next = (uint8_t*)next1 + w - edge;
++ dst = (uint8_t*)dst1 + offset;
++ prev = (uint8_t*)prev1 + offset;
++ cur = (uint8_t*)cur1 + offset;
++ next = (uint8_t*)next1 + offset;
+ prev2 = (uint8_t*)(parity ? prev : cur);
+ next2 = (uint8_t*)(parity ? cur : next);
+
+- FILTER(w - edge, w - 3, 1)
+- FILTER(w - 3, w, 0)
++ FILTER(offset, w - 3, 1)
++ offset = FFMAX(offset, w - 3);
++ FILTER(offset, w, 0)
+ }
+
+
+@@ -170,21 +172,23 @@ static void filter_edges_16bit(void *dst1, void *prev1, void *cur1, void *next1,
+ uint16_t *next2 = parity ? cur : next;
+
+ const int edge = MAX_ALIGN / 2 - 1;
++ int offset = FFMAX(w - edge, 3);
+
+ mrefs /= 2;
+ prefs /= 2;
+
+- FILTER(0, 3, 0)
++ FILTER(0, FFMIN(3, w), 0)
+
+- dst = (uint16_t*)dst1 + w - edge;
+- prev = (uint16_t*)prev1 + w - edge;
+- cur = (uint16_t*)cur1 + w - edge;
+- next = (uint16_t*)next1 + w - edge;
++ dst = (uint16_t*)dst1 + offset;
++ prev = (uint16_t*)prev1 + offset;
++ cur = (uint16_t*)cur1 + offset;
++ next = (uint16_t*)next1 + offset;
+ prev2 = (uint16_t*)(parity ? prev : cur);
+ next2 = (uint16_t*)(parity ? cur : next);
+
+- FILTER(w - edge, w - 3, 1)
+- FILTER(w - 3, w, 0)
++ FILTER(offset, w - 3, 1)
++ offset = FFMAX(offset, w - 3);
++ FILTER(offset, w, 0)
+ }
+
+ static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
+--
+2.32.0
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index c9c82b0398..e68589d4c3 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-20446.patch \
file://fix-CVE-2020-20453.patch \
file://fix-CVE-2020-22015.patch \
+ file://fix-CVE-2020-22021.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 05/28] ffmpeg: fix CVE-2020-22019 and CVE-2020-22033
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (3 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 04/28] ffmpeg: fix CVE-2020-22021 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 06/28] go: upgrade 1.16.5 -> 1.16.7 Anuj Mittal
` (22 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Tony Tascioglu <tony.tascioglu@windriver.com>
avfilter/vf_vmafmotion: Check dimensions
Fixes: out of array access
Fixes: Ticket8241
Fixes: Ticket8246
Fixes: CVE-2020-22019
Fixes: CVE-2020-22033
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-22033
CVE: CVE-2020-22019
Upstream-Status: Backport [82ad1b76751bcfad5005440db48c46a4de5d6f02]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../fix-CVE-2020-22033-CVE-2020-22019.patch | 39 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch
new file mode 100644
index 0000000000..e98ddaaede
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch
@@ -0,0 +1,39 @@
+From 2f3bf456fa641edf154a99c4586d7bf52c02a495 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 29 May 2021 09:58:31 +0200
+Subject: [PATCH 5/5] avfilter/vf_vmafmotion: Check dimensions
+
+Fixes: out of array access
+Fixes: Ticket8241
+Fixes: Ticket8246
+Fixes: CVE-2020-22019
+Fixes: CVE-2020-22033
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2020-22033
+CVE: CVE-2020-22019
+Upstream-Status: Backport [82ad1b76751bcfad5005440db48c46a4de5d6f02]
+
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ libavfilter/vf_vmafmotion.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libavfilter/vf_vmafmotion.c b/libavfilter/vf_vmafmotion.c
+index 88d0b35095..0730147e7d 100644
+--- a/libavfilter/vf_vmafmotion.c
++++ b/libavfilter/vf_vmafmotion.c
+@@ -238,6 +238,9 @@ int ff_vmafmotion_init(VMAFMotionData *s,
+ int i;
+ const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt);
+
++ if (w < 3 || h < 3)
++ return AVERROR(EINVAL);
++
+ s->width = w;
+ s->height = h;
+ s->stride = FFALIGN(w * sizeof(uint16_t), 32);
+--
+2.32.0
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index e68589d4c3..0a49493abd 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-20453.patch \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
+ file://fix-CVE-2020-22033-CVE-2020-22019.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 06/28] go: upgrade 1.16.5 -> 1.16.7
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (4 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 05/28] ffmpeg: fix CVE-2020-22019 and CVE-2020-22033 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 07/28] linux-firmware: add more Qualcomm firmware packages Anuj Mittal
` (21 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/go/{go-1.16.5.inc => go-1.16.7.inc} | 4 ++--
...{go-binary-native_1.16.5.bb => go-binary-native_1.16.7.bb} | 4 ++--
...o-cross-canadian_1.16.5.bb => go-cross-canadian_1.16.7.bb} | 0
.../go/{go-cross_1.16.5.bb => go-cross_1.16.7.bb} | 0
.../go/{go-crosssdk_1.16.5.bb => go-crosssdk_1.16.7.bb} | 0
.../go/{go-native_1.16.5.bb => go-native_1.16.7.bb} | 0
.../go/{go-runtime_1.16.5.bb => go-runtime_1.16.7.bb} | 0
meta/recipes-devtools/go/{go_1.16.5.bb => go_1.16.7.bb} | 0
8 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.16.5.inc => go-1.16.7.inc} (89%)
rename meta/recipes-devtools/go/{go-binary-native_1.16.5.bb => go-binary-native_1.16.7.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.16.5.bb => go-cross-canadian_1.16.7.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.16.5.bb => go-cross_1.16.7.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.16.5.bb => go-crosssdk_1.16.7.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.16.5.bb => go-native_1.16.7.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.16.5.bb => go-runtime_1.16.7.bb} (100%)
rename meta/recipes-devtools/go/{go_1.16.5.bb => go_1.16.7.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.16.5.inc b/meta/recipes-devtools/go/go-1.16.7.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.16.5.inc
rename to meta/recipes-devtools/go/go-1.16.7.inc
index b693315917..ed2d94671b 100644
--- a/meta/recipes-devtools/go/go-1.16.5.inc
+++ b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.16"
-PV = "1.16.5"
+PV = "1.16.7"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -18,4 +18,4 @@ SRC_URI += "\
file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \
"
-SRC_URI[main.sha256sum] = "7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80"
+SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.5.bb b/meta/recipes-devtools/go/go-binary-native_1.16.7.bb
similarity index 83%
rename from meta/recipes-devtools/go/go-binary-native_1.16.5.bb
rename to meta/recipes-devtools/go/go-binary-native_1.16.7.bb
index b3e2b6a60e..cb54c2868e 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.16.5.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.16.7.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
PROVIDES = "go-native"
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "b12c23023b68de22f74c0524f10b753e7b08b1504cb7e417eccebdd3fae49061"
-SRC_URI[go_linux_arm64.sha256sum] = "d5446b46ef6f36fdffa852f73dfbbe78c1ddf010b99fa4964944b9ae8b4d6799"
+SRC_URI[go_linux_amd64.sha256sum] = "7fe7a73f55ba3e2285da36f8b085e5c0159e9564ef5f63ee0ed6b818ade8ef04"
+SRC_URI[go_linux_arm64.sha256sum] = "63d6b53ecbd2b05c1f0e9903c92042663f2f68afdbb67f4d0d12700156869bac"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.5.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.16.5.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.16.5.bb b/meta/recipes-devtools/go/go-cross_1.16.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.16.5.bb
rename to meta/recipes-devtools/go/go-cross_1.16.7.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.5.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.16.5.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.16.7.bb
diff --git a/meta/recipes-devtools/go/go-native_1.16.5.bb b/meta/recipes-devtools/go/go-native_1.16.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-native_1.16.5.bb
rename to meta/recipes-devtools/go/go-native_1.16.7.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.16.5.bb b/meta/recipes-devtools/go/go-runtime_1.16.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.16.5.bb
rename to meta/recipes-devtools/go/go-runtime_1.16.7.bb
diff --git a/meta/recipes-devtools/go/go_1.16.5.bb b/meta/recipes-devtools/go/go_1.16.7.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.16.5.bb
rename to meta/recipes-devtools/go/go_1.16.7.bb
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 07/28] linux-firmware: add more Qualcomm firmware packages
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (5 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 06/28] go: upgrade 1.16.5 -> 1.16.7 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 08/28] sstate.bbclass: fix error handling when sstate mirrors is ro Anuj Mittal
` (20 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Add firmware packages for the recent Qualcomm SoCs:
- linux-firmware-qcom-adreno-a650, linux-firmware-qcom-adreno-a660,
containing firmware for Adreno A630 and A650 GPUs
- linux-firmware-qcom-sm8250-audio, linux-firmware-sm8250-compute,
containing firmware for audio and comute DSPs on SM8250 (QRB5165)
- linux-firmware-qcom-vpu-1.0, linux-firmware-qcom-vpu-2.0 containing
firmware for newer Venus video encoder/decoder
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31057a9d41a452bdb9e94b4160220f675332ef70)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux-firmware/linux-firmware_20210511.bb | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
index 26091fba70..513932984e 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
@@ -303,8 +303,11 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-qat ${PN}-qat-license \
${PN}-qcom-license \
${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
- ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 ${PN}-qcom-adreno-a630 \
+ ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
+ ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \
+ ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
+ ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
${PN}-lt9611uxc ${PN}-lontium-license \
${PN}-whence-license \
@@ -952,22 +955,34 @@ FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
+FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
+FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
+FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
+FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
+FILES_${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*"
+FILES_${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*"
RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sm8250-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sm8250-compute = "${PN}-qcom-license"
FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 08/28] sstate.bbclass: fix error handling when sstate mirrors is ro
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (6 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 07/28] linux-firmware: add more Qualcomm firmware packages Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 09/28] pixman: re-disable iwmmxt Anuj Mittal
` (19 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
The commit dd555537fc35c5f934af09d601d70772eb5955ae
'sstate.bbclass: fix errors about read-only sstate mirrors'
adds an additional exception handler to silently mask read
only rootfs errors thrown during the touch.
The exception handler checks the error type with the python module errno
but this module needs to be imported as it don't exist.
Example of the error:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:sstate_task_postfunc(d)
0003:
File: '/home/builder/src/base/poky/meta/classes/sstate.bbclass', lineno: 778, function: sstate_task_postfunc
0774:
0775: omask = os.umask(0o002)
0776: if omask != 0o002:
0777: bb.note("Using umask 0o002 (not %0o) for sstate packaging" % omask)
*** 0778: sstate_package(shared_state, d)
0779: os.umask(omask)
0780:
0781: sstateinst = d.getVar("SSTATE_INSTDIR")
0782: d.setVar('SSTATE_FIXMEDIR', shared_state['fixmedir'])
File: '/home/builder/src/base/poky/meta/classes/sstate.bbclass', lineno: 708, function: sstate_package
0704: except PermissionError:
0705: pass
0706: except OSError as e:
0707: # Handle read-only file systems gracefully
*** 0708: if e.errno != errno.EROFS:
0709: raise e
0710:
0711: return
0712:
Exception: NameError: name 'errno' is not defined
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 15f30ad144fbe25e9a5e71bc7e42e746d2039992)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/sstate.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 5c7a98839f..4bf087b4e8 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -705,6 +705,7 @@ def sstate_package(ss, d):
pass
except OSError as e:
# Handle read-only file systems gracefully
+ import errno
if e.errno != errno.EROFS:
raise e
@@ -1152,6 +1153,7 @@ python sstate_eventhandler() {
pass
except OSError as e:
# Handle read-only file systems gracefully
+ import errno
if e.errno != errno.EROFS:
raise e
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 09/28] pixman: re-disable iwmmxt
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (7 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 08/28] sstate.bbclass: fix error handling when sstate mirrors is ro Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 10/28] kmod: use nonarch_base_libdir for depmod.d and modprobe.d Anuj Mittal
` (18 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Patrick Williams <patrick@stwcx.xyz>
Commit dd9c3d042aa5c2ae0fd80b558ec7e9c793ff36f0 dropped the iwmmxt
disable as part of the meson conversion and said: "we can add this
back again if it fails." It does.
| cc1: warning: switch '-mcpu=arm1176jz-s' conflicts with switch '-march=iwmmxt2'
| FAILED: pixman/libpixman-1.so.0.40.0
| lto1: fatal error: target specific builtin not available
| compilation terminated.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia1278d18543493a3f9eace6c2dd2f84701b9c2b1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit afa713033a7fc9b7c4ac3d703ea9218b4d775def)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
index 5a3bb22ec3..00dd68006f 100644
--- a/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
+++ b/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
@@ -31,5 +31,7 @@ EXTRA_OEMESON = "-Dgtk=disabled -Dlibpng=disabled"
# ld: pixman/libpixman-mmx.a(pixman-mmx.c.o):
# linking mips:loongson_2f module with previous mips:isa64 modules
EXTRA_OEMESON += "-Dloongson-mmi=disabled"
+# disable iwmmxt due to compile fails on most arm platforms.
+EXTRA_OEMESON += "-Diwmmxt=disabled"
BBCLASSEXTEND = "native nativesdk"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 10/28] kmod: use nonarch_base_libdir for depmod.d and modprobe.d
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (8 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 09/28] pixman: re-disable iwmmxt Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 11/28] oeqa/runtime/cases: make date.DateTest.test_date more reliable Anuj Mittal
` (17 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Anton Blanchard <anton@ozlabs.org>
These should always be in /lib, regardless of the configuration.
Signed-off-by: Anton Blanchard <anton@ozlabs.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63877226c09a674d3794fdc171adf12fe604a3c9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/kmod/kmod_git.bb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-kernel/kmod/kmod_git.bb b/meta/recipes-kernel/kmod/kmod_git.bb
index 4f2b037f2f..f6fe049d92 100644
--- a/meta/recipes-kernel/kmod/kmod_git.bb
+++ b/meta/recipes-kernel/kmod/kmod_git.bb
@@ -24,13 +24,13 @@ do_install_append () {
lnr ${D}${base_bindir}/kmod ${D}${base_sbindir}/${tool}
done
# configuration directories
- install -dm755 ${D}${base_libdir}/depmod.d
- install -dm755 ${D}${base_libdir}/modprobe.d
+ install -dm755 ${D}${nonarch_base_libdir}/depmod.d
+ install -dm755 ${D}${nonarch_base_libdir}/modprobe.d
install -dm755 ${D}${sysconfdir}/depmod.d
install -dm755 ${D}${sysconfdir}/modprobe.d
# install depmod.d file for search/ dir
- install -Dm644 "${WORKDIR}/depmod-search.conf" "${D}${base_libdir}/depmod.d/search.conf"
+ install -Dm644 "${WORKDIR}/depmod-search.conf" "${D}${nonarch_base_libdir}/depmod.d/search.conf"
}
do_compile_prepend() {
@@ -57,6 +57,6 @@ ALTERNATIVE_LINK_NAME[depmod] = "${base_sbindir}/depmod"
PACKAGES =+ "libkmod"
FILES_libkmod = "${base_libdir}/libkmod*${SOLIBS} ${libdir}/libkmod*${SOLIBS}"
-FILES_${PN} += "${base_libdir}/depmod.d ${base_libdir}/modprobe.d"
+FILES_${PN} += "${nonarch_base_libdir}/depmod.d ${nonarch_base_libdir}/modprobe.d"
BBCLASSEXTEND = "nativesdk"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 11/28] oeqa/runtime/cases: make date.DateTest.test_date more reliable
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (9 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 10/28] kmod: use nonarch_base_libdir for depmod.d and modprobe.d Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 12/28] terminal.bbclass: force bash for devshell Anuj Mittal
` (16 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
The test uses the broken out time and can only handle about 59s of delay,
use a UNIX timestamp to allow for up to a 300s delay.
[YOCTO #14463]
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b705e9373acd4119da75af4eb96ec92cc964aa86)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/lib/oeqa/runtime/cases/date.py | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/date.py b/meta/lib/oeqa/runtime/cases/date.py
index e14322911d..bd6537400e 100644
--- a/meta/lib/oeqa/runtime/cases/date.py
+++ b/meta/lib/oeqa/runtime/cases/date.py
@@ -28,14 +28,13 @@ class DateTest(OERuntimeTestCase):
self.assertEqual(status, 0, msg=msg)
oldDate = output
- sampleDate = '"2016-08-09 10:00:00"'
- (status, output) = self.target.run("date -s %s" % sampleDate)
+ sampleTimestamp = 1488800000
+ (status, output) = self.target.run("date -s @%d" % sampleTimestamp)
self.assertEqual(status, 0, msg='Date set failed, output: %s' % output)
- (status, output) = self.target.run("date -R")
- p = re.match('Tue, 09 Aug 2016 10:00:.. \+0000', output)
+ (status, output) = self.target.run('date +"%s"')
msg = 'The date was not set correctly, output: %s' % output
- self.assertTrue(p, msg=msg)
+ self.assertTrue(int(output) - sampleTimestamp < 300, msg=msg)
(status, output) = self.target.run('date -s "%s"' % oldDate)
msg = 'Failed to reset date, output: %s' % output
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 12/28] terminal.bbclass: force bash for devshell
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (10 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 11/28] oeqa/runtime/cases: make date.DateTest.test_date more reliable Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 13/28] tar: ignore node-tar CVEs Anuj Mittal
` (15 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Joe Slater <joe.slater@windriver.com>
Since shell_trap_code in build.py sets /bin/sh as the interpreter
we will die a silent death if our environment contains things like
"export -f bodilyfunction" and /bin/sh is really /bin/dash.
Fixes this for the case of devshell.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23d296b3567aa31bad7b2a8558d4bd3e4505843b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/terminal.bbclass | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/classes/terminal.bbclass b/meta/classes/terminal.bbclass
index 6059ae95e0..a564ee7494 100644
--- a/meta/classes/terminal.bbclass
+++ b/meta/classes/terminal.bbclass
@@ -26,6 +26,9 @@ def emit_terminal_func(command, envdata, d):
bb.utils.mkdirhier(os.path.dirname(runfile))
with open(runfile, 'w') as script:
+ # Override the shell shell_trap_code specifies.
+ # If our shell is bash, we might well face silent death.
+ script.write("#!/bin/bash\n")
script.write(bb.build.shell_trap_code())
bb.data.emit_func(cmd_func, script, envdata)
script.write(cmd_func)
@@ -37,7 +40,7 @@ def emit_terminal_func(command, envdata, d):
def oe_terminal(command, title, d):
import oe.data
import oe.terminal
-
+
envdata = bb.data.init()
for v in os.environ:
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 13/28] tar: ignore node-tar CVEs
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (11 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 12/28] terminal.bbclass: force bash for devshell Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 14/28] linux-yocto/5.10: update to v5.10.55 Anuj Mittal
` (14 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
These two CVEs are specific to the Node package node-tar.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bc7216e8148d0dee7b56e6851da6615e93647a0a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-extended/tar/tar_1.34.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb
index af04919c41..66c11cbfea 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -61,3 +61,6 @@ PROVIDES_append_class-native = " tar-replacement-native"
NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}"
BBCLASSEXTEND = "native nativesdk"
+
+# These are both specific to the NPM package node-tar
+CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 14/28] linux-yocto/5.10: update to v5.10.55
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (12 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 13/28] tar: ignore node-tar CVEs Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 15/28] linux-yocto/5.4: update to v5.4.137 Anuj Mittal
` (13 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
11fe69a17195 Linux 5.10.55
984e93b8e207 ipv6: ip6_finish_output2: set sk into newly allocated nskb
a74054ca7553 ARM: dts: versatile: Fix up interrupt controller node names
3510b9b41c70 iomap: remove the length variable in iomap_seek_hole
8659186e72d0 iomap: remove the length variable in iomap_seek_data
65039407489c cifs: fix the out of range assignment to bit fields in parse_server_interfaces
fe5fe0b1c8b9 firmware: arm_scmi: Fix range check for the maximum number of pending messages
8f8e5475a369 firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
d01328fef6af hfs: add lock nesting notation to hfs_find_init
06b3d9923fa0 hfs: fix high memory mapping in hfs_bnode_read
680b2917e60e hfs: add missing clean-up in hfs_fill_super
5c3d753b872a drm/ttm: add a check against null pointer dereference
2323690eb058 ipv6: allocate enough headroom in ip6_finish_output2()
86cb49e7314e rcu-tasks: Don't delete holdouts within trc_wait_for_one_reader()
55ddab2bfd70 rcu-tasks: Don't delete holdouts within trc_inspect_reader()
4d972881f8d8 sctp: move 198 addresses from unusable to private scope
915226f31fd4 net: annotate data race around sk_ll_usec
92289f58f01d net/802/garp: fix memleak in garp_request_join()
5d93810761b4 net/802/mrp: fix memleak in mrp_request_join()
df34f888628e cgroup1: fix leaked context root causing sporadic NULL deref in LTP
dcd00801f3d9 workqueue: fix UAF in pwq_unbound_release_workfn()
93c5951e0ce1 af_unix: fix garbage collect vs MSG_PEEK
dee8119eaa9e KVM: x86: determine if an exception has an error code only when injecting it.
6f5d7a45f58d io_uring: fix link timeout refs
475312897ea6 tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include
08277b9dde63 Linux 5.10.54
c9f8e17990e0 skbuff: Fix build with SKB extensions disabled
ba28765d338a xhci: add xhci_get_virt_ep() helper
624290f368af sfc: ensure correct number of XDP queues
1df4fe5a8871 drm/i915/gvt: Clear d3_entered on elsp cmd submission.
c938e65768e0 usb: ehci: Prevent missed ehci interrupts with edge-triggered MSI
25af91a806d2 perf inject: Close inject.output on exit
fb35426d123e Documentation: Fix intiramfs script name
570341f10ecc skbuff: Release nfct refcount on napi stolen or re-used skbs
31828ffdab19 bonding: fix build issue
c9d97b7bb897 PCI: Mark AMD Navi14 GPU ATS as broken
f7ee361182e0 net: dsa: mv88e6xxx: enable SerDes PCS register dump via ethtool -d on Topaz
30f1d4d03641 net: dsa: mv88e6xxx: enable SerDes RX stats for Topaz
fc31b5be1383 drm/amdgpu: update golden setting for sienna_cichlid
69a603aa170e drm: Return -ENOTTY for non-drm ioctls
2831eeb7bc3d driver core: Prevent warning when removing a device link from unregistered consumer
0e759383236a nds32: fix up stack guard gap
7497f4c91da3 misc: eeprom: at24: Always append device id even if label property is set.
8571daace5a6 rbd: always kick acquire on "acquired" and "released" notifications
2f3731de5e69 rbd: don't hold lock_rwsem while running_list is being drained
92291fa2d144 hugetlbfs: fix mount mode command line processing
1a25c5738d0c memblock: make for_each_mem_range() traverse MEMBLOCK_HOTPLUG regions
0b591c020d28 userfaultfd: do not untag user pointers
fca5343b4892 io_uring: remove double poll entry on arm failure
9eef9029151c io_uring: explicitly count entries for poll reqs
1077e2b15283 selftest: use mmap instead of posix_memalign to allocate memory
6e81e2c38a38 posix-cpu-timers: Fix rearm racing against process tick
3efec3b4b16f bus: mhi: core: Validate channel ID when processing command completions
b3f3a58a86c4 ixgbe: Fix packet corruption due to missing DMA sync
e991457afdcb media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
755971dc7ee8 btrfs: check for missing device in btrfs_trim_fs
552b053f1a53 tracing: Synthetic event field_pos is an index not a boolean
757bdba8026b tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
a5e1aff58943 tracing/histogram: Rename "cpu" to "common_cpu"
0edad8b9f65d tracepoints: Update static_call before tp_funcs when adding a tracepoint
4ed4074c6c6c firmware/efi: Tell memblock about EFI iomem reservations
647e26b03ee9 usb: typec: stusb160x: register role switch before interrupt registration
a206167bd638 usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
f2c04f6b21ef usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode.
7073acb51a3b usb: gadget: Fix Unbalanced pm_runtime_enable in tegra_xudc_probe
1bf7371b9004 USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
45c87a94336f USB: serial: cp210x: fix comments for GE CS1000
f528521c1574 USB: serial: option: add support for u-blox LARA-R6 family
311fd7f7f186 usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
7af54a4e221e usb: max-3421: Prevent corruption of freed memory
69da81a96442 USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
e6343aab3ee7 usb: hub: Fix link power management max exit latency (MEL) calculations
8f087b4cf1a3 usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
709137c85327 KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
c1fbdf0f3c26 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
e3eb672c169d xhci: Fix lost USB 2 remote wake
02e2e96ba56c usb: xhci: avoid renesas_usb_fw.mem when it's unusable
9e9cf23b77d4 Revert "usb: renesas-xhci: Fix handling of unknown ROM state"
ebaa67086fae ALSA: pcm: Fix mmap capability check
431e31105579 ALSA: pcm: Call substream ack() method upon compat mmap commit
3c9afa23f3fc ALSA: hdmi: Expose all pins on MSI MS-7C94 board
253759df8082 ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine
2b3cdf581993 ALSA: sb: Fix potential ABBA deadlock in CSP driver
5858c8a46421 ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
2de518548de1 ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
37a88b41dc29 s390/boot: fix use of expolines in the DMA code
d1ab96288061 s390/ftrace: fix ftrace_update_ftrace_func implementation
3b4009b49634 mmc: core: Don't allocate IDA for OF aliases
fc6ac92cfcab proc: Avoid mixing integer types in mem_rw()
76f7eae7ec80 cifs: fix fallocate when trying to allocate a hole.
c26372b8a8c3 cifs: only write 64kb at a time when fallocating a small region of a file
b91e5b63470d drm/panel: raspberrypi-touchscreen: Prevent double-free
9e0373945ed6 net: sched: cls_api: Fix the the wrong parameter
c8ebf135c199 net: dsa: sja1105: make VID 4095 a bridge VLAN too
164294d09c47 tcp: disable TFO blackhole logic by default
8eb225873246 sctp: update active_key for asoc when old key is being replaced
ef799bd8ff5a nvme: set the PRACT bit when using Write Zeroes with T10 PI
7850f03ed814 r8169: Avoid duplicate sysfs entry creation error
0f5dc3971473 afs: Fix tracepoint string placement with built-in AFS
711057846aa7 Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
8985dc2cabd6 nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
fb28b1592098 ceph: don't WARN if we're still opening a session to an MDS
ce8fafb68051 ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
071729150be9 net/sched: act_skbmod: Skip non-Ethernet packets
ee36bb471389 spi: spi-bcm2835: Fix deadlock
432738c9740c net: hns3: fix rx VLAN offload state inconsistent issue
3e903e0b578b net: hns3: fix possible mismatches resp of mailbox
f4305375f031 ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID
41a839437a07 net/tcp_fastopen: fix data races around tfo_active_disable_stamp
ba3336397677 net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
320dcbdec4c6 bnxt_en: Check abort error state in bnxt_half_open_nic()
134a0536f0a4 bnxt_en: Validate vlan protocol ID on RX packets
4f7da0f97beb bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task()
927370485e98 bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
ab830c3bae19 bnxt_en: don't disable an already disabled PCI device
26463689445d ACPI: Kconfig: Fix table override from built-in initrd
113ce8c5043a spi: cadence: Correct initialisation of runtime PM again
3ea448b62b49 scsi: target: Fix protect handling in WRITE SAME(32)
b82a1a26aaee scsi: iscsi: Fix iface sysfs attr detection
6811744bd0ef netrom: Decrease sock refcount when sock timers expire
096a8dca8ca5 sctp: trim optlen when it's a huge value in sctp_setsockopt
8e9662fde6d6 net: sched: fix memory leak in tcindex_partial_destroy_work
e14ef1095387 KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
fcbad8e18d31 KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
30b830215158 net: decnet: Fix sleeping inside in af_decnet
d402c60da0fd efi/tpm: Differentiate missing and invalid final event log table.
898376690310 dma-mapping: handle vmalloc addresses in dma_common_{mmap,get_sgtable}
115e4f5b64ae usb: hso: fix error handling code of hso_create_net_device
1582a02fecff net: fix uninit-value in caif_seqpkt_sendmsg
2fc8048265ce bpftool: Check malloc return value in mount_bpffs_for_pin
3b5b0afd8d97 bpf, sockmap, udp: sk_prot needs inuse_idx set for proc stats
c260442431b4 bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
715f378f4290 bpf, sockmap: Fix potential memory leak on unlikely error case
e3a9548ae538 s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
9264bebe9ef9 liquidio: Fix unintentional sign extension issue on left shift of u16
0ff2ea9d8fa3 timers: Fix get_next_timer_interrupt() with no timers pending
ca9ba1de8f09 xdp, net: Fix use-after-free in bpf_xdp_link_release
39f1735c8107 bpf: Fix tail_call_reachable rejection for interpreter when jit failed
2b4046e64f7d bpf, test: fix NULL pointer dereference on invalid expected_attach_type
3dba72d1fc01 ASoC: rt5631: Fix regcache sync errors on resume
2435dcfd16ac spi: mediatek: fix fifo rx mode
a9a85bfedd83 regulator: hi6421: Fix getting wrong drvdata
5cdc986aad95 regulator: hi6421: Use correct variable type for regmap api val argument
23811b75fdb8 spi: stm32: fixes pm_runtime calls in probe/remove
844ab04b62a5 spi: imx: add a check for speed_hz before calculating the clock
3b6c430d1248 ASoC: wm_adsp: Correct wm_coeff_tlv_get handling
57efe4f82a76 perf sched: Fix record failure when CONFIG_SCHEDSTATS is not set
61f2e1e79578 perf data: Close all files in close_dir()
7c91e0ce2601 perf probe-file: Delete namelist in del_events() on the error path
a6c32317cd3d perf lzma: Close lzma stream on exit
2ae8f40a8fdf perf script: Fix memory 'threads' and 'cpus' leaks on exit
51077d315a46 perf report: Free generated help strings for sort option
2bfa3c53ea8a perf env: Fix memory leak of cpu_pmu_caps
a2f0da3af614 perf test maps__merge_in: Fix memory leak of maps
b7bfd8aeb956 perf dso: Fix memory leak in dso__new_map()
c9c101da3e83 perf test event_update: Fix memory leak of evlist
b768db7f8070 perf test session_topology: Delete session->evlist
b8892d16a928 perf env: Fix sibling_dies memory leak
306411a8bf75 perf probe: Fix dso->nsinfo refcounting
f21987d7bb58 perf map: Fix dso->nsinfo refcounting
7337ff2093e0 perf inject: Fix dso->nsinfo refcounting
a87d42ae7f5d KVM: x86/pmu: Clear anythread deprecated bit when 0xa leaf is unsupported on the SVM
b990585f9b7a nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
0fa11e1a20c7 mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join
3714e0bb0dcf cxgb4: fix IRQ free race during driver unload
d92337bf54f2 pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped
f1edbcc47f46 selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect
906bbb18db78 selftests: icmp_redirect: remove from checking for IPv6 route get
bb737eceb9a4 stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
79ec7b5b2f4f ipv6: fix 'disable_policy' for fwd packets
35eaefb44ed7 bonding: fix incorrect return value of bond_ipsec_offload_ok()
13626bad63e8 bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()
56ccdf868ab6 bonding: Add struct bond_ipesc to manage SA
b3bd1f5e5037 bonding: disallow setting nested bonding + ipsec offload
43511a6a164a bonding: fix suspicious RCU usage in bond_ipsec_del_sa()
6ca0e55a1310 ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops
ba7bfcdff1ad bonding: fix null dereference in bond_ipsec_add_sa()
3ae639af3626 bonding: fix suspicious RCU usage in bond_ipsec_add_sa()
4a31baf55f6a net: add kcov handle to skb extensions
78e4baff950d gve: Fix an error handling path in 'gve_probe()'
813449fb85f6 igb: Fix position of assignment to *ring
44171801d39c igb: Check if num of q_vectors is smaller than max before array access
cb9292445d23 iavf: Fix an error handling path in 'iavf_probe()'
a6756d637b40 e1000e: Fix an error handling path in 'e1000_probe()'
dea695a2ee23 fm10k: Fix an error handling path in 'fm10k_probe()'
a099192fe7e1 igb: Fix an error handling path in 'igb_probe()'
db4c32c1b926 igc: Fix an error handling path in 'igc_probe()'
7bc9fb1f8019 ixgbe: Fix an error handling path in 'ixgbe_probe()'
02d1af0bee65 igc: change default return of igc_read_phy_reg()
f153664d8e70 igb: Fix use-after-free error during reset
e15f629036ba igc: Fix use-after-free error during reset
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9a56f6566208517e458e5279992abe9664c4ae67)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 6 ++---
.../linux/linux-yocto-tiny_5.10.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index d365d91ce3..a06b9f717f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "969fef49cbbc8639e9622e6a0655337fbfcc7627"
-SRCREV_meta ?= "3f38ad49cf38519dc4492a3f802b743fde7b467e"
+SRCREV_machine ?= "a40806f61a2749b78c03eb0e0c9394246e632a99"
+SRCREV_meta ?= "0c461183d295a8e45096b9af71e07e06da7da13c"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.53"
+LINUX_VERSION ?= "5.10.55"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 580d71d2ac..615c3b0f00 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.53"
+LINUX_VERSION ?= "5.10.55"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "d5a79da206965b27043f558739b28a434efca75c"
-SRCREV_machine ?= "f44b5bb716fdb6f804383fa087c9fdb54584cd5b"
-SRCREV_meta ?= "3f38ad49cf38519dc4492a3f802b743fde7b467e"
+SRCREV_machine_qemuarm ?= "ecb67002c7688875f76a424c87308eea5b2709f5"
+SRCREV_machine ?= "be59a3f77944fe82deaab2c3d61e76292cf04afb"
+SRCREV_meta ?= "0c461183d295a8e45096b9af71e07e06da7da13c"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 362b3ac2cb..c5b60e0242 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base"
KBRANCH_qemux86-64 ?= "v5.10/standard/base"
KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "c74da440f36f7073b1e99f42cb363031bb0c38ca"
-SRCREV_machine_qemuarm64 ?= "e4e52d0a19fba26538218d78c70e54319ae00ca3"
-SRCREV_machine_qemumips ?= "60118f08d49cd825d17f11b078d5848eb5bb7e6d"
-SRCREV_machine_qemuppc ?= "eb3d2abf3d5aab1814d53767193770c282552774"
-SRCREV_machine_qemuriscv64 ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
-SRCREV_machine_qemuriscv32 ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
-SRCREV_machine_qemux86 ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
-SRCREV_machine_qemux86-64 ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
-SRCREV_machine_qemumips64 ?= "643c332e487cfa1557d14050d6e1148d1c5d75da"
-SRCREV_machine ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
-SRCREV_meta ?= "3f38ad49cf38519dc4492a3f802b743fde7b467e"
+SRCREV_machine_qemuarm ?= "159ecaed431c9b022eaa42e164603a998f458831"
+SRCREV_machine_qemuarm64 ?= "374000778a234761cdf27d9c5822efdd97626e6f"
+SRCREV_machine_qemumips ?= "b0216d371845ea01c5b6255f4a9eb6518f26a2cb"
+SRCREV_machine_qemuppc ?= "007217c338a8e496c110f86004b8268d10e94cdd"
+SRCREV_machine_qemuriscv64 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
+SRCREV_machine_qemuriscv32 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
+SRCREV_machine_qemux86 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
+SRCREV_machine_qemux86-64 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
+SRCREV_machine_qemumips64 ?= "a7f0d6ea0ddad123475e25725dadba0ed7888623"
+SRCREV_machine ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
+SRCREV_meta ?= "0c461183d295a8e45096b9af71e07e06da7da13c"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.53"
+LINUX_VERSION ?= "5.10.55"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 15/28] linux-yocto/5.4: update to v5.4.137
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (13 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 14/28] linux-yocto/5.10: update to v5.10.55 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 16/28] linux-yocto/5.4: update to v5.4.139 Anuj Mittal
` (12 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
5b1de8e15f0f Linux 5.4.137
ebb1b38be0c9 ipv6: ip6_finish_output2: set sk into newly allocated nskb
6c04123962f0 ARM: dts: versatile: Fix up interrupt controller node names
befa900533a9 iomap: remove the length variable in iomap_seek_hole
83fb41b2f6e4 iomap: remove the length variable in iomap_seek_data
302e1acd4c26 cifs: fix the out of range assignment to bit fields in parse_server_interfaces
02a470e3c64a firmware: arm_scmi: Fix range check for the maximum number of pending messages
289dd584319f firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
e3acb292f092 hfs: add lock nesting notation to hfs_find_init
af1178296d77 hfs: fix high memory mapping in hfs_bnode_read
89136a47e2e7 hfs: add missing clean-up in hfs_fill_super
ded37d03440d ipv6: allocate enough headroom in ip6_finish_output2()
f65b7f377cca sctp: move 198 addresses from unusable to private scope
c8d32973ee6a net: annotate data race around sk_ll_usec
c23b9a5610f9 net/802/garp: fix memleak in garp_request_join()
88c4cae3ed25 net/802/mrp: fix memleak in mrp_request_join()
eef99860c677 cgroup1: fix leaked context root causing sporadic NULL deref in LTP
7f0365b4daaa workqueue: fix UAF in pwq_unbound_release_workfn()
85abe0d47fe6 af_unix: fix garbage collect vs MSG_PEEK
af45f3527aa0 KVM: x86: determine if an exception has an error code only when injecting it.
828cab3c8c23 tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include
525c5513b60d selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
253dccefb5cb Linux 5.4.136
587f86b7a2a0 xhci: add xhci_get_virt_ep() helper
f9d0c35556cd perf inject: Close inject.output on exit
a9c103fa91e4 PCI: Mark AMD Navi14 GPU ATS as broken
11561d2f7b9d btrfs: compression: don't try to compress if we don't have enough pages
4980301e1c1f iio: accel: bma180: Fix BMA25x bandwidth register values
d04f2582c47e iio: accel: bma180: Use explicit member assignment
4e0afa88954b net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
2a4865d1547e net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
7d8c06b8d2d2 drm: Return -ENOTTY for non-drm ioctls
b5d7bebd96a3 nds32: fix up stack guard gap
ba378b796088 rbd: always kick acquire on "acquired" and "released" notifications
13066d6628f0 rbd: don't hold lock_rwsem while running_list is being drained
b12ead825f6c hugetlbfs: fix mount mode command line processing
60dbbd76f110 userfaultfd: do not untag user pointers
540eee8cbb3d selftest: use mmap instead of posix_memalign to allocate memory
e706ac3fc82e ixgbe: Fix packet corruption due to missing DMA sync
e617fa62f6cf media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
77713fb336ca btrfs: check for missing device in btrfs_trim_fs
f899f24d34d9 tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
59a9f75fb2b6 tracing/histogram: Rename "cpu" to "common_cpu"
379d8da3353e firmware/efi: Tell memblock about EFI iomem reservations
281a94362bbe usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
167079fbfaa7 USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
811c4cdf2917 USB: serial: cp210x: fix comments for GE CS1000
f54ee7e16d0d USB: serial: option: add support for u-blox LARA-R6 family
e28d28eb9be6 usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
863d071dbcd5 usb: max-3421: Prevent corruption of freed memory
e4077a90e600 USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
da6f6769ee0f usb: hub: Fix link power management max exit latency (MEL) calculations
fea6b53e631a usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
962ce043ef92 KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
2b9ffddd70b4 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
c968f563ccde xhci: Fix lost USB 2 remote wake
a660ecde5c55 ALSA: hdmi: Expose all pins on MSI MS-7C94 board
f73696354d59 ALSA: sb: Fix potential ABBA deadlock in CSP driver
7aa2dfbc6bd0 ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
46d62c3fe2ab ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
f1754f96ab41 s390/boot: fix use of expolines in the DMA code
8eb521d19248 s390/ftrace: fix ftrace_update_ftrace_func implementation
268132b070d9 Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
f323809e3108 proc: Avoid mixing integer types in mem_rw()
b71a75209f6a drm/panel: raspberrypi-touchscreen: Prevent double-free
2e6ab87f8e63 net: sched: cls_api: Fix the the wrong parameter
b60461696a0b sctp: update active_key for asoc when old key is being replaced
9fa89c2caee2 nvme: set the PRACT bit when using Write Zeroes with T10 PI
c50141b3d769 r8169: Avoid duplicate sysfs entry creation error
f726817d6b42 afs: Fix tracepoint string placement with built-in AFS
b22c9e433bb7 Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
69a49e7b5baf nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
830251361425 ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
a88414fb1117 net/sched: act_skbmod: Skip non-Ethernet packets
c278b954ccc7 net: hns3: fix rx VLAN offload state inconsistent issue
006ed6f4d00b net/tcp_fastopen: fix data races around tfo_active_disable_stamp
3942ba235693 net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
f11f12decd55 bnxt_en: Check abort error state in bnxt_half_open_nic()
16ce6cb78690 bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task()
c993e7aadc50 bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
6ee8e6be3067 bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence.
35637acc9810 spi: cadence: Correct initialisation of runtime PM again
2f2150bf41c1 scsi: target: Fix protect handling in WRITE SAME(32)
a6cb717f8534 scsi: iscsi: Fix iface sysfs attr detection
25df44e90ff5 netrom: Decrease sock refcount when sock timers expire
8d7924ce85ba net: sched: fix memory leak in tcindex_partial_destroy_work
f38527f18905 KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
b85dadd4347b KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
b3224bd31861 net: decnet: Fix sleeping inside in af_decnet
bd2b3b13aa2a efi/tpm: Differentiate missing and invalid final event log table.
9413c0abb57f net: fix uninit-value in caif_seqpkt_sendmsg
6d56299ff911 bpftool: Check malloc return value in mount_bpffs_for_pin
edec10098675 bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
58259e8b6e85 s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
cc876a5618bc liquidio: Fix unintentional sign extension issue on left shift of u16
42fe8f433b31 ASoC: rt5631: Fix regcache sync errors on resume
d99aaf07365f spi: mediatek: fix fifo rx mode
08cdda8d8972 regulator: hi6421: Fix getting wrong drvdata
b25be6bf6419 regulator: hi6421: Use correct variable type for regmap api val argument
a1ade24cccb5 spi: stm32: fixes pm_runtime calls in probe/remove
40e203ce74eb spi: stm32: Use dma_request_chan() instead dma_request_slave_channel()
24b78097a837 spi: imx: add a check for speed_hz before calculating the clock
52cff6123aa0 perf data: Close all files in close_dir()
0f63857d1099 perf probe-file: Delete namelist in del_events() on the error path
8b92ea243bbf perf lzma: Close lzma stream on exit
51351c6d5a18 perf script: Fix memory 'threads' and 'cpus' leaks on exit
d2bfc3eda914 perf dso: Fix memory leak in dso__new_map()
05804a7d223d perf test event_update: Fix memory leak of evlist
d257f3abdc71 perf test session_topology: Delete session->evlist
89d1762a4a21 perf env: Fix sibling_dies memory leak
fd335143befb perf probe: Fix dso->nsinfo refcounting
6513dee46f80 perf map: Fix dso->nsinfo refcounting
ff9fc81fa884 nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
d029df83c61a cxgb4: fix IRQ free race during driver unload
ae9b64434441 pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped
a37ca2a076ec selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect
05364a2794fb selftests: icmp_redirect: remove from checking for IPv6 route get
7f4848229e91 ipv6: fix 'disable_policy' for fwd packets
c67fb96f5431 gve: Fix an error handling path in 'gve_probe()'
e33da4eeaa35 igb: Fix position of assignment to *ring
7dd897773618 igb: Check if num of q_vectors is smaller than max before array access
d3d7cceee841 iavf: Fix an error handling path in 'iavf_probe()'
7a13a8a8a5fb e1000e: Fix an error handling path in 'e1000_probe()'
9fc381db7583 fm10k: Fix an error handling path in 'fm10k_probe()'
5d6a04927b08 igb: Fix an error handling path in 'igb_probe()'
cddd53237de8 igc: Fix an error handling path in 'igc_probe()'
47f69d8828e7 igc: Prefer to use the pci_release_mem_regions method
83b2d55a512a ixgbe: Fix an error handling path in 'ixgbe_probe()'
ba4fbb68fcfe igc: change default return of igc_read_phy_reg()
88e0720133d4 igb: Fix use-after-free error during reset
a9508e0edfe3 igc: Fix use-after-free error during reset
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d308f120891e23c34fa8ae38a7e87aa3810518ae)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 0b5afd83cf..d8a02f567f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "f4e30367bf1e579ff497fc9e7a16010c879048dc"
-SRCREV_meta ?= "231d3a07e10680c7c89ea101cd803b0684482b11"
+SRCREV_machine ?= "c2634e34da0641aafe30fd3fb924386dd62f4941"
+SRCREV_meta ?= "cfd547115bc4d65c29f0f4313bd950976f41ebd8"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.135"
+LINUX_VERSION ?= "5.4.137"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index d7911cd54e..dd2a9cbcc0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.135"
+LINUX_VERSION ?= "5.4.137"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "fa414639057bbad7acd21a1a70a3847f9be469c0"
-SRCREV_machine ?= "c81f0e376b1fce7a1198eec7b286966d98eae44d"
-SRCREV_meta ?= "231d3a07e10680c7c89ea101cd803b0684482b11"
+SRCREV_machine_qemuarm ?= "a51fc55766d4ae07f7b67adc4c9d3b07a1d1d475"
+SRCREV_machine ?= "4c6ef497d892e3b5846a60fdd6f2a6df7177f570"
+SRCREV_meta ?= "cfd547115bc4d65c29f0f4313bd950976f41ebd8"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 4ac84e8ca3..841c2ae811 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "f367cbe6d0c21c65257c66a4c9b1845fd43285f8"
-SRCREV_machine_qemuarm64 ?= "8dcb7ee83e58da8bf51ed8b72165e1ed35beb928"
-SRCREV_machine_qemumips ?= "3d4c6263bfdf95960894b75c76aa450d240e3e8e"
-SRCREV_machine_qemuppc ?= "125a824c8d14c49b640bc0d6e040d495177caa10"
-SRCREV_machine_qemuriscv64 ?= "997c04e7a40084a53bc3d45490949584364697bd"
-SRCREV_machine_qemux86 ?= "997c04e7a40084a53bc3d45490949584364697bd"
-SRCREV_machine_qemux86-64 ?= "997c04e7a40084a53bc3d45490949584364697bd"
-SRCREV_machine_qemumips64 ?= "7082f58984404a5aad90bca1dac4e27773fff26e"
-SRCREV_machine ?= "997c04e7a40084a53bc3d45490949584364697bd"
-SRCREV_meta ?= "231d3a07e10680c7c89ea101cd803b0684482b11"
+SRCREV_machine_qemuarm ?= "88d3d4ec2c23ed165ee11dd9fc48ac77fee480ba"
+SRCREV_machine_qemuarm64 ?= "7cad0ac3beb6fc0a1f84dc079d0e6a68fedb3df4"
+SRCREV_machine_qemumips ?= "d8b1cb081cbfa6a7157561d61ce383bc661208d8"
+SRCREV_machine_qemuppc ?= "528a4de381c0a22e9eeebe899e159ed8d4fccff3"
+SRCREV_machine_qemuriscv64 ?= "90d297d951740cd13553072fb00afbf39045d38a"
+SRCREV_machine_qemux86 ?= "90d297d951740cd13553072fb00afbf39045d38a"
+SRCREV_machine_qemux86-64 ?= "90d297d951740cd13553072fb00afbf39045d38a"
+SRCREV_machine_qemumips64 ?= "29b36c7b1c51b5322cba165dd11b435ad9439adf"
+SRCREV_machine ?= "90d297d951740cd13553072fb00afbf39045d38a"
+SRCREV_meta ?= "cfd547115bc4d65c29f0f4313bd950976f41ebd8"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.135"
+LINUX_VERSION ?= "5.4.137"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 16/28] linux-yocto/5.4: update to v5.4.139
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (14 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 15/28] linux-yocto/5.4: update to v5.4.137 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 17/28] linux-yocto/5.10: update to v5.10.57 Anuj Mittal
` (11 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
e350cd02e293 Linux 5.4.139
03ff8a4f9db6 spi: mediatek: Fix fifo transfer
a0f66ddf05c2 bpf, selftests: Adjust few selftest outcomes wrt unreachable code
d3796e8f6b3d bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones
8dec99abcd74 bpf: Test_verifier, add alu32 bounds tracking tests
fd568de5806f bpf: Fix leakage under speculation on mispredicted branches
d2f790327f83 bpf: Do not mark insn as seen under speculative path verification
283d742988f6 bpf: Inherit expanded/patched seen count from old aux data
a0a9546aaec3 Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
76f5314d7859 firmware: arm_scmi: Add delayed response status check
1b38f70bbc7c firmware: arm_scmi: Ensure drivers provide a probe function
44f522298c94 Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
38f54217b423 ACPI: fix NULL pointer dereference
0ea2f55babb7 nvme: fix nvme_setup_command metadata trace event
b508b652d4f3 net: Fix zero-copy head len calculation.
bf692e7ef657 qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
6bc48348eca7 r8152: Fix potential PM refcount imbalance
a57c75ff0700 ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
e2cccb839a18 spi: stm32h7: fix full duplex irq handler handling
b72f2d9e91e1 regulator: rt5033: Fix n_voltages settings for BUCK and LDO
86f2a3e9aae9 btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction
b7f0fa2192c5 btrfs: fix race causing unnecessary inode logging during link and rename
cb006da62a9e btrfs: do not commit logs and transactions during link and rename operations
174c27d0f9ef btrfs: delete duplicated words + other fixes in comments
7b90d57b09fa Linux 5.4.138
7eef18c0479b can: j1939: j1939_session_deactivate(): clarify lifetime of session object
18b536de3b97 i40e: Add additional info to PHY type error
d21eb931109a Revert "perf map: Fix dso->nsinfo refcounting"
16447b2f5c66 powerpc/pseries: Fix regression while building external modules
265883d1d839 PCI: mvebu: Setup BAR0 in order to fix MSI
21734a31c9a0 can: hi311x: fix a signedness bug in hi3110_cmd()
f4fa45b0f91e sis900: Fix missing pci_disable_device() in probe and remove
dff00ce44891 tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
e0310bbeaaa2 sctp: fix return value check in __sctp_rcv_asconf_lookup
408614108abd net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
ac4983230616 net/mlx5: Fix flow table chaining
527feae56fe6 net: llc: fix skb_over_panic
ede4c93860e6 mlx4: Fix missing error code in mlx4_load_one()
acb97d4b2d0e net: Set true network header for ECN decapsulation
851946a68136 tipc: fix sleeping in tipc accept routine
194b71d28b26 i40e: Fix log TC creation failure when max num of queues is exceeded
834af62212c7 i40e: Fix queue-to-TC mapping on Tx
74aea4b7159a i40e: Fix firmware LLDP agent related warning
b2ab34e862eb i40e: Fix logic of disabling queues
519582e44e6a netfilter: nft_nat: allow to specify layer 4 protocol NAT only
3a7a4cee7bec netfilter: conntrack: adjust stop timestamp to real expiry value
1c043783403c cfg80211: Fix possible memory leak in function cfg80211_bss_update
6cf2abea1018 nfc: nfcsim: fix use after free during module unload
6b313d0ffa71 NIU: fix incorrect error return, missed in previous revert
c4663c162778 HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT
e9e2ce00aeda can: esd_usb2: fix memory leak
43726620b2f6 can: ems_usb: fix memory leak
819867389276 can: usb_8dev: fix memory leak
a051dbd17b5b can: mcba_usb_start(): add missing urb->transfer_dma initialization
793581441b5c can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
c621638d0e6d can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms
a24d87b429a9 ocfs2: issue zeroout to EOF blocks
eaaa4284e288 ocfs2: fix zero out valid data
9bd1092148b5 KVM: add missing compat KVM_CLEAR_DIRTY_LOG
7a94dfe5e2a0 x86/kvm: fix vcpu-id indexed array sizes
2dc291582cce Revert "ACPI: resources: Add checks for ACPI IRQ override"
a8eec6979734 btrfs: mark compressed range uptodate only if all bio succeed
57429c1ec770 btrfs: fix rw device counting in __btrfs_free_extra_devids
61f2cbc792eb x86/asm: Ensure asm/proto.h can be included stand-alone
99372c38a948 net_sched: check error pointer in tcf_dump_walker()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d5455d9e201e324b7cf7bb19381bfebb0e892312)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index d8a02f567f..e810132d02 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "c2634e34da0641aafe30fd3fb924386dd62f4941"
-SRCREV_meta ?= "cfd547115bc4d65c29f0f4313bd950976f41ebd8"
+SRCREV_machine ?= "0ad6f2204daf35fb25df5e9b52383507df813bb4"
+SRCREV_meta ?= "98ba88191b7c489bc0d83b6c87a31b2330fcd886"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.137"
+LINUX_VERSION ?= "5.4.139"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index dd2a9cbcc0..c734ce8db5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.137"
+LINUX_VERSION ?= "5.4.139"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "a51fc55766d4ae07f7b67adc4c9d3b07a1d1d475"
-SRCREV_machine ?= "4c6ef497d892e3b5846a60fdd6f2a6df7177f570"
-SRCREV_meta ?= "cfd547115bc4d65c29f0f4313bd950976f41ebd8"
+SRCREV_machine_qemuarm ?= "a80ea6be16b19c18855f831333c93d4f3b55e58a"
+SRCREV_machine ?= "405fce9e3f0314767e38b5e8295b34a24cd97a46"
+SRCREV_meta ?= "98ba88191b7c489bc0d83b6c87a31b2330fcd886"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 841c2ae811..fcf65149f0 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "88d3d4ec2c23ed165ee11dd9fc48ac77fee480ba"
-SRCREV_machine_qemuarm64 ?= "7cad0ac3beb6fc0a1f84dc079d0e6a68fedb3df4"
-SRCREV_machine_qemumips ?= "d8b1cb081cbfa6a7157561d61ce383bc661208d8"
-SRCREV_machine_qemuppc ?= "528a4de381c0a22e9eeebe899e159ed8d4fccff3"
-SRCREV_machine_qemuriscv64 ?= "90d297d951740cd13553072fb00afbf39045d38a"
-SRCREV_machine_qemux86 ?= "90d297d951740cd13553072fb00afbf39045d38a"
-SRCREV_machine_qemux86-64 ?= "90d297d951740cd13553072fb00afbf39045d38a"
-SRCREV_machine_qemumips64 ?= "29b36c7b1c51b5322cba165dd11b435ad9439adf"
-SRCREV_machine ?= "90d297d951740cd13553072fb00afbf39045d38a"
-SRCREV_meta ?= "cfd547115bc4d65c29f0f4313bd950976f41ebd8"
+SRCREV_machine_qemuarm ?= "3d243cfd29a57dfe6b04a6a6cf1b1088d107f1f6"
+SRCREV_machine_qemuarm64 ?= "dcac97a2b4469136189f86fe42703026693384be"
+SRCREV_machine_qemumips ?= "ee74231b68518107954078d03d0606910603cf7a"
+SRCREV_machine_qemuppc ?= "76c51679aa6b9c25fe2b5c2052e84197ff2e4e2d"
+SRCREV_machine_qemuriscv64 ?= "807b4668ff7fe3be031ace442a84d70821ef9571"
+SRCREV_machine_qemux86 ?= "807b4668ff7fe3be031ace442a84d70821ef9571"
+SRCREV_machine_qemux86-64 ?= "807b4668ff7fe3be031ace442a84d70821ef9571"
+SRCREV_machine_qemumips64 ?= "3396071f8ce8ca148231fee4d2130feeead41926"
+SRCREV_machine ?= "807b4668ff7fe3be031ace442a84d70821ef9571"
+SRCREV_meta ?= "98ba88191b7c489bc0d83b6c87a31b2330fcd886"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.137"
+LINUX_VERSION ?= "5.4.139"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 17/28] linux-yocto/5.10: update to v5.10.57
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (15 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 16/28] linux-yocto/5.4: update to v5.4.139 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 18/28] uninative: Improve glob to handle glibc 2.34 Anuj Mittal
` (10 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
1cd6e30b83d7 Linux 5.10.57
9c645a020bab spi: mediatek: Fix fifo transfer
7254e2d9eb41 selftest/bpf: Verifier tests for var-off access
30ea1c535291 bpf, selftests: Adjust few selftest outcomes wrt unreachable code
98bf2906d3be bpf: Update selftests to reflect new error states
360e5b7af653 bpf, selftests: Adjust few selftest result_unpriv outcomes
5abcd138cbd8 selftest/bpf: Adjust expected verifier errors
83bbf953f66c selftests/bpf: Add a test for ptr_to_map_value on stack for helper access
e2b7a4ccbf7c Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
1b1a00b13c34 firmware: arm_scmi: Add delayed response status check
93ef561406a7 firmware: arm_scmi: Ensure drivers provide a probe function
1812895f17e1 Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
cae3fa3d8165 ACPI: fix NULL pointer dereference
98b070694f45 drm/amd/display: Fix max vstartup calculation for modes with borders
f9d875c8c92f drm/amd/display: Fix comparison error in dcn21 DML
91865b458edd nvme: fix nvme_setup_command metadata trace event
06a9092f6647 efi/mokvar: Reserve the table only if it is in boot services data
27ff30c8b3f3 ASoC: ti: j721e-evm: Check for not initialized parent_clk_id
a00bcc5298be ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup
e8b287e78381 net: Fix zero-copy head len calculation.
c6bdf7d97d5f ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend
74b53ee4b89e qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
f6a2ff040b5c r8152: Fix potential PM refcount imbalance
c98a7916cd37 ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
03258515c9eb spi: stm32h7: fix full duplex irq handler handling
cfb8173a23cf regulator: rt5033: Fix n_voltages settings for BUCK and LDO
81dc9a4868a9 regulator: rtmv20: Fix wrong mask for strobe-polarity-high
9e55b9278c47 btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction
e2419c570986 btrfs: fix race causing unnecessary inode logging during link and rename
118b070bf415 Revert "drm/i915: Propagate errors on awaiting already signaled fences"
6976f3cf34a1 drm/i915: Revert "drm/i915/gem: Asynchronous cmdparser"
9746c25334cb Linux 5.10.56
55dd22c5d029 can: j1939: j1939_session_deactivate(): clarify lifetime of session object
75ebe1d355b5 i40e: Add additional info to PHY type error
2ca5ec188b20 Revert "perf map: Fix dso->nsinfo refcounting"
c14cee5bc466 powerpc/pseries: Fix regression while building external modules
bfc8e67c60b9 SMB3: fix readpage for large swap cache
be561c0154dc bpf: Fix pointer arithmetic mask tightening under state pruning
ffb9d5c48b4b bpf: verifier: Allocate idmap scratch in verifier env
a11ca29c65c1 bpf: Remove superfluous aux sanitation on subprog rejection
0e9280654aa4 bpf: Fix leakage due to insufficient speculative store bypass mitigation
bea9e2fd1808 bpf: Introduce BPF nospec instruction for mitigating Spectre v4
cd61e665a166 can: hi311x: fix a signedness bug in hi3110_cmd()
65dfa6cb2233 sis900: Fix missing pci_disable_device() in probe and remove
93e5bf4b2925 tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
58b8c812c764 sctp: fix return value check in __sctp_rcv_asconf_lookup
362e9d23cf70 net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
bd744f2a2755 net/mlx5: Fix flow table chaining
1b148bd72e50 skmsg: Make sk_psock_destroy() static
645a1d3bef5f drm/msm/dp: Initialize the INTF_CONFIG register
4a6841921cc8 drm/msm/dpu: Fix sm8250_mdp register length
e6097071a4ff net: llc: fix skb_over_panic
01f3581d4400 KVM: x86: Check the right feature bit for MSR_KVM_ASYNC_PF_ACK access
f5f78ae5f1be mlx4: Fix missing error code in mlx4_load_one()
51b751fc06b8 octeontx2-pf: Fix interface down flag on error
4951ffa3fac8 tipc: do not write skb_shinfo frags when doing decrytion
7eefa0b74f3e ionic: count csum_none when offload enabled
60decbe01d7d ionic: fix up dim accounting for tx and rx
a7c85a516cd0 ionic: remove intr coalesce update from napi
6961323eed46 net: qrtr: fix memory leaks
91350564ea8c net: Set true network header for ECN decapsulation
a41282e82a1d tipc: fix sleeping in tipc accept routine
10f585740cf0 tipc: fix implicit-connect for SYN+
bb6061616211 i40e: Fix log TC creation failure when max num of queues is exceeded
c1cc6bce1afd i40e: Fix queue-to-TC mapping on Tx
4382cca17915 i40e: Fix firmware LLDP agent related warning
e090ffdf0563 i40e: Fix logic of disabling queues
cbc8012902b3 netfilter: nft_nat: allow to specify layer 4 protocol NAT only
3dbda8483f42 netfilter: conntrack: adjust stop timestamp to real expiry value
ac038f4152ef mac80211: fix enabling 4-address mode on a sta vif after assoc
076bc6ebce48 bpf: Fix OOB read when printing XDP link fdinfo
e6a06a13ec6f RDMA/bnxt_re: Fix stats counters
c8667cb406fd cfg80211: Fix possible memory leak in function cfg80211_bss_update
9ab284bc3530 nfc: nfcsim: fix use after free during module unload
ea04a3b5727e blk-iocost: fix operation ordering in iocg_wake_fn()
fc2756cce06f drm/amdgpu: Fix resource leak on probe error path
ccc7a1bb322e drm/amdgpu: Avoid printing of stack contents on firmware load error
63570e578094 drm/amd/display: ensure dentist display clock update finished in DCN20
2eab387507fd NIU: fix incorrect error return, missed in previous revert
cb71730a6312 HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT
7bca5da00539 alpha: register early reserved memory in memblock
30e19d072ea0 can: esd_usb2: fix memory leak
88b40258162b can: ems_usb: fix memory leak
f58ac91ff87d can: usb_8dev: fix memory leak
a6ebfbdaca3d can: mcba_usb_start(): add missing urb->transfer_dma initialization
2fc2c2816cb7 can: peak_usb: pcan_usb_handle_bus_evt(): fix reading rxerr/txerr values
afe2ffd92061 can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
a9c02d0e1513 can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms
da4f4916dab2 ocfs2: issue zeroout to EOF blocks
943014593061 ocfs2: fix zero out valid data
52acb6c147b3 KVM: add missing compat KVM_CLEAR_DIRTY_LOG
7d67d4ab28e3 x86/kvm: fix vcpu-id indexed array sizes
2388c7674fbd ACPI: DPTF: Fix reading of attributes
0d6afa25975e Revert "ACPI: resources: Add checks for ACPI IRQ override"
0a421a2fc516 btrfs: mark compressed range uptodate only if all bio succeed
4e1a57d75264 btrfs: fix rw device counting in __btrfs_free_extra_devids
27aa7171fe2b pipe: make pipe writes always wake up readers
02210a5e1894 x86/asm: Ensure asm/proto.h can be included stand-alone
65b2658634fe io_uring: fix null-ptr-deref in io_sq_offload_start()
e44d22fdf756 selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6ab4c36223e62ad99efb76863a703c83fb6da324)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 6 ++---
.../linux/linux-yocto-tiny_5.10.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index a06b9f717f..351970c03a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "a40806f61a2749b78c03eb0e0c9394246e632a99"
-SRCREV_meta ?= "0c461183d295a8e45096b9af71e07e06da7da13c"
+SRCREV_machine ?= "9ad4f13ee44c39e890638d8a2157adcf830fc7bc"
+SRCREV_meta ?= "22257690910a1befc2ed8a98ef218bd0c5cfd844"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.55"
+LINUX_VERSION ?= "5.10.57"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 615c3b0f00..b035ed3d15 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.55"
+LINUX_VERSION ?= "5.10.57"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "ecb67002c7688875f76a424c87308eea5b2709f5"
-SRCREV_machine ?= "be59a3f77944fe82deaab2c3d61e76292cf04afb"
-SRCREV_meta ?= "0c461183d295a8e45096b9af71e07e06da7da13c"
+SRCREV_machine_qemuarm ?= "60d8a10a1e8acdabbd61f3705b67b2112e7866e0"
+SRCREV_machine ?= "df4ea731a9dc6e1076f3e2935d6689668d8f58ac"
+SRCREV_meta ?= "22257690910a1befc2ed8a98ef218bd0c5cfd844"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index c5b60e0242..05cfa54480 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base"
KBRANCH_qemux86-64 ?= "v5.10/standard/base"
KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "159ecaed431c9b022eaa42e164603a998f458831"
-SRCREV_machine_qemuarm64 ?= "374000778a234761cdf27d9c5822efdd97626e6f"
-SRCREV_machine_qemumips ?= "b0216d371845ea01c5b6255f4a9eb6518f26a2cb"
-SRCREV_machine_qemuppc ?= "007217c338a8e496c110f86004b8268d10e94cdd"
-SRCREV_machine_qemuriscv64 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
-SRCREV_machine_qemuriscv32 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
-SRCREV_machine_qemux86 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
-SRCREV_machine_qemux86-64 ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
-SRCREV_machine_qemumips64 ?= "a7f0d6ea0ddad123475e25725dadba0ed7888623"
-SRCREV_machine ?= "9d31ee7f08cb276fbc4473a2279cb614ec4735be"
-SRCREV_meta ?= "0c461183d295a8e45096b9af71e07e06da7da13c"
+SRCREV_machine_qemuarm ?= "21075c593dd7a09fc2e0fe4c1f751999fee1127a"
+SRCREV_machine_qemuarm64 ?= "e32f43fed15419c8461207c4d2b76879920d5928"
+SRCREV_machine_qemumips ?= "127501aba35af6e38f50ecd814da4416f361fd84"
+SRCREV_machine_qemuppc ?= "219057449c55acde1060af4b63c2d1ba5ec19978"
+SRCREV_machine_qemuriscv64 ?= "b1ff0bb0de7abc5039e0db14f66e01eb0a3c24bb"
+SRCREV_machine_qemuriscv32 ?= "b1ff0bb0de7abc5039e0db14f66e01eb0a3c24bb"
+SRCREV_machine_qemux86 ?= "b1ff0bb0de7abc5039e0db14f66e01eb0a3c24bb"
+SRCREV_machine_qemux86-64 ?= "b1ff0bb0de7abc5039e0db14f66e01eb0a3c24bb"
+SRCREV_machine_qemumips64 ?= "dd28c0cc8a79329b8b724821e7c09b210a2e2948"
+SRCREV_machine ?= "b1ff0bb0de7abc5039e0db14f66e01eb0a3c24bb"
+SRCREV_meta ?= "22257690910a1befc2ed8a98ef218bd0c5cfd844"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.55"
+LINUX_VERSION ?= "5.10.57"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 18/28] uninative: Improve glob to handle glibc 2.34
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (16 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 17/28] linux-yocto/5.10: update to v5.10.57 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 19/28] uninative: Upgrade to 3.3, support " Anuj Mittal
` (9 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
With glibc 2.34, the libraries were renamed. Tweak the glob to support both
as this is needed for newer uninative versions.
[RP: tweak commit message]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98248306e4b5f023e96375293b60524574ebb686)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/uninative.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 1e19917a97..3c7ccd66f4 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -100,7 +100,7 @@ ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \
${UNINATIVE_LOADER} \
${UNINATIVE_LOADER} \
${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative \
- ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
+ ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so*" % chksum)
subprocess.check_output(cmd, shell=True)
with open(loaderchksum, "w") as f:
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 19/28] uninative: Upgrade to 3.3, support glibc 2.34
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (17 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 18/28] uninative: Improve glob to handle glibc 2.34 Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 20/28] kernel-devsrc: 5.14+ updates Anuj Mittal
` (8 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4aa4dcd5f31657073f2207a9a4a43247322c7eb1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 740cca0ecf..76f4cff565 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,9 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.33"
+UNINATIVE_MAXGLIBCVERSION = "2.34"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.2/"
-UNINATIVE_CHECKSUM[aarch64] ?= "4f0872cdca2775b637a8a99815ca5c8dd42146abe903a24a50ee0448358c764b"
-UNINATIVE_CHECKSUM[i686] ?= "e2eeab92e67263db37d9bb6d4c58579abd1f47ff4cded3171bde572fece124b2"
-UNINATIVE_CHECKSUM[x86_64] ?= "3ee8c7d55e2d4c7ae3887cddb97219f97b94efddfeee2e24923c0cb0e8ce84c6"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.3/"
+UNINATIVE_CHECKSUM[aarch64] ?= "372d31264ea7ab8e08e0a9662f003b53e99b3813cc2d9f9a4cc5c2949a1de00b"
+UNINATIVE_CHECKSUM[i686] ?= "36436167eba8a5957a0bf9a32402dd1be8b69528c1ff25e711e6895b583b2b42"
+UNINATIVE_CHECKSUM[x86_64] ?= "92b5e465f74d7e195e0b60fe4146f0f1475fff87ab2649bf2d57a1526ef58aec"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 20/28] kernel-devsrc: 5.14+ updates
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (18 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 19/28] uninative: Upgrade to 3.3, support " Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 21/28] kernel-devsrc: fix 5.14+ objtool compilation Anuj Mittal
` (7 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
commit 6218d0f6b8dec [x86/syscalls: Switch to generic syscalltbl.sh]
means that x86 no longer has a syscall script to copy, which causes
a build error.
We already copy the generic syscall script (in scripts), so we just
catch errors for the copies to support older and 5.14+ kernels in
the same devsrc recipe.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5debc9bc25110b836b76927c61b2455e5e235a84)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/kernel-devsrc.bb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb
index 92076ac8b0..4897084aab 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -218,10 +218,10 @@ do_install() {
if [ "${ARCH}" = "x86" ]; then
# files for 'make prepare' to succeed with kernel-devel
- cp -a --parents $(find arch/x86 -type f -name "syscall_32.tbl") $kerneldir/build/
- cp -a --parents $(find arch/x86 -type f -name "syscalltbl.sh") $kerneldir/build/
- cp -a --parents $(find arch/x86 -type f -name "syscallhdr.sh") $kerneldir/build/
- cp -a --parents $(find arch/x86 -type f -name "syscall_64.tbl") $kerneldir/build/
+ cp -a --parents $(find arch/x86 -type f -name "syscall_32.tbl") $kerneldir/build/ 2>/dev/null || :
+ cp -a --parents $(find arch/x86 -type f -name "syscalltbl.sh") $kerneldir/build/ 2>/dev/null || :
+ cp -a --parents $(find arch/x86 -type f -name "syscallhdr.sh") $kerneldir/build/ 2>/dev/null || :
+ cp -a --parents $(find arch/x86 -type f -name "syscall_64.tbl") $kerneldir/build/ 2>/dev/null || :
cp -a --parents arch/x86/tools/relocs_32.c $kerneldir/build/
cp -a --parents arch/x86/tools/relocs_64.c $kerneldir/build/
cp -a --parents arch/x86/tools/relocs.c $kerneldir/build/
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 21/28] kernel-devsrc: fix 5.14+ objtool compilation
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (19 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 20/28] kernel-devsrc: 5.14+ updates Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 22/28] lzo: add CVE_PRODUCT Anuj Mittal
` (6 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
In v5.14+, x86 requires not just elfutils, but the elf headers
on the target to build objtool (required for 'scripts parepare'),
so we tweak our RDEPENDS to ensure that the right headers are
on the target.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03ccc234386f753e1b0129ec557e67bcd04cc69e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/kernel-devsrc.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb
index 4897084aab..a5eba7c03a 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -320,7 +320,7 @@ RDEPENDS_${PN} = "bc python3 flex bison ${TCLIBC}-utils"
# 4.15+ needs these next two RDEPENDS
RDEPENDS_${PN} += "openssl-dev util-linux"
# and x86 needs a bit more for 4.15+
-RDEPENDS_${PN} += "${@bb.utils.contains('ARCH', 'x86', 'elfutils', '', d)}"
+RDEPENDS_${PN} += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-dev', '', d)}"
# 5.8+ needs gcc-plugins libmpc-dev
RDEPENDS_${PN} += "gcc-plugins libmpc-dev"
# 5.13+ needs awk for arm64
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 22/28] lzo: add CVE_PRODUCT
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (20 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 21/28] kernel-devsrc: fix 5.14+ objtool compilation Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 23/28] utils: Reduce the number of calls to the "dirname" command Anuj Mittal
` (5 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
lzo was missing CVE_PRODUCT and related CVEs (at least CVE-2014-4607) were
not reported.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 366cf8201e36df1ac836e49de04ccda1f763ca9e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-support/lzo/lzo_2.10.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/lzo/lzo_2.10.bb b/meta/recipes-support/lzo/lzo_2.10.bb
index 85b14b3c5c..f0c8631aea 100644
--- a/meta/recipes-support/lzo/lzo_2.10.bb
+++ b/meta/recipes-support/lzo/lzo_2.10.bb
@@ -18,6 +18,8 @@ SRC_URI[sha256sum] = "c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b42
inherit autotools ptest
+CVE_PRODUCT = "lzo oberhumer:lzo2"
+
EXTRA_OECONF = "--enable-shared"
do_install_ptest() {
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 23/28] utils: Reduce the number of calls to the "dirname" command
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (21 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 22/28] lzo: add CVE_PRODUCT Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 24/28] e2fsprogs: ensure small images have 256-byte inodes Anuj Mittal
` (4 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Oleksandr Popovych <opopovyc@cisco.com>
utils.bbclass contains create_cmdline_wrapper() function that
creates wrapper script with additional arguments for any passed
"$cmd" command, and uses several calls to "dirname".
Because "dirname" is an external command, in cases of lots of
calls to wrapped "$cmd", each call of "dirname" will incur
significant overhead.
There are three same calls to "dirname": one for saving it`s
output to "realdir" variable, and other two in "exec" command.
So last two "dirname" calls can be replaced with cached value
from "realdir" variable.
Signed-off-by: Oleksandr Popovych <opopovyc@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b9cf2c80fd14386e0b88a2e6c40a9fa3f1ae0f7)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/utils.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/utils.bbclass b/meta/classes/utils.bbclass
index 120bcc64a6..072ea1f63c 100644
--- a/meta/classes/utils.bbclass
+++ b/meta/classes/utils.bbclass
@@ -214,7 +214,7 @@ create_cmdline_wrapper () {
#!/bin/bash
realpath=\`readlink -fn \$0\`
realdir=\`dirname \$realpath\`
-exec -a \`dirname \$realpath\`/$cmdname \`dirname \$realpath\`/$cmdname.real $cmdoptions "\$@"
+exec -a \$realdir/$cmdname \$realdir/$cmdname.real $cmdoptions "\$@"
END
chmod +x $cmd
}
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 24/28] e2fsprogs: ensure small images have 256-byte inodes
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (22 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 23/28] utils: Reduce the number of calls to the "dirname" command Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 25/28] wic: don't forcibly pass -T default Anuj Mittal
` (3 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
e2fsprogs calls filesystems larger than 3MB but smaller than 512MB
"small", which has some implications:
- blocksize 1024 instead of 4096
- inode_ratio 4096 instead of 16384
- inode_size 128 instead of 256
The outcome of the inode size dropping to 128 bytes is that they cannot
store 64-bit timestamps, so are not Y2038-safe.
A previous attempt to solve this problem[1] changed some of the canned
wic files to pass -T default to mkfs.ext4, but this only covered wic
images and not traditional images. Also, actually small filesystems,
for example a core-image-minimal, will happily be tens of megabytes and
with the "default" options will result in an image which runs out of
blocks before it runs out of space:
mkfs.ext4: Could not allocate block in ext2 filesystem while populating file system
Considering that many OpenEmbedded images are in fact "small", being
2038-safe is worth the marginal increase is disk usage. This patch
alters the small configuration in native builds so that it also has
256-byte inodes. Target is unchanged so that standard behaviour is
maintained outside of the build.
This is actually the same underlying patch that Mathieu Dubois-Briand
sent in April, but the wic change in [1] was accepted instead. I believe
that is the wrong approach and this approach covers more cases.
[ YOCTO #14478 ]
[1] openembedded-core eecbe62
[2] https://lists.openembedded.org/g/openembedded-core/message/150298
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9ab0ae83a24ee99e69f8ac54256b253a122aef8a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../e2fsprogs/big-inodes-for-small-fs.patch | 22 +++++++++++++++++++
.../e2fsprogs/e2fsprogs_1.46.1.bb | 1 +
2 files changed, 23 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch
new file mode 100644
index 0000000000..caeb560d32
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch
@@ -0,0 +1,22 @@
+Ensure "small" file systems also have the default inode size (256 bytes) so that
+can store 64-bit timestamps and work past 2038.
+
+The "small" type is any size >3MB and <512MB, which covers a lot of relatively
+small filesystems built by OE, especially when they're sized to fit the contents
+and expand to the storage on boot.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/misc/mke2fs.conf.in b/misc/mke2fs.conf.in
+index 01e35cf8..29f41dc0 100644
+--- a/misc/mke2fs.conf.in
++++ b/misc/mke2fs.conf.in
+@@ -16,7 +16,6 @@
+ }
+ small = {
+ blocksize = 1024
+- inode_size = 128
+ inode_ratio = 4096
+ }
+ floppy = {
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.1.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.1.bb
index be8b67c35d..ddc9bfec90 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.1.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.1.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
file://quiet-debugfs.patch \
+ file://big-inodes-for-small-fs.patch \
"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 25/28] wic: don't forcibly pass -T default
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (23 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 24/28] e2fsprogs: ensure small images have 256-byte inodes Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 26/28] sdk: fix relocate symlink failed Anuj Mittal
` (2 subsequent siblings)
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
This reverts part of oe-core eecbe62555, which was a previous attempt
to solve the Y2038 problem. This is now solved centrally in e2fsprogs,
so doesn't need to be dealt with in wic.
We don't revert the commit entirely, to retain the warning if a
filesystem has small inodes.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7e8017208bed98b6c90735cb641fc9d7aedf9140)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
scripts/lib/wic/canned-wks/common.wks.inc | 2 +-
scripts/lib/wic/canned-wks/directdisk-gpt.wks | 2 +-
scripts/lib/wic/canned-wks/mkefidisk.wks | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/lib/wic/canned-wks/common.wks.inc b/scripts/lib/wic/canned-wks/common.wks.inc
index 4fd29fa8c1..89880b417b 100644
--- a/scripts/lib/wic/canned-wks/common.wks.inc
+++ b/scripts/lib/wic/canned-wks/common.wks.inc
@@ -1,3 +1,3 @@
# This file is included into 3 canned wks files from this directory
part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 1024
-part / --source rootfs --use-uuid --fstype=ext4 --mkfs-extraopts "-T default" --label platform --align 1024
+part / --source rootfs --use-uuid --fstype=ext4 --label platform --align 1024
diff --git a/scripts/lib/wic/canned-wks/directdisk-gpt.wks b/scripts/lib/wic/canned-wks/directdisk-gpt.wks
index cf16c0c30b..8d7d8de6ea 100644
--- a/scripts/lib/wic/canned-wks/directdisk-gpt.wks
+++ b/scripts/lib/wic/canned-wks/directdisk-gpt.wks
@@ -4,7 +4,7 @@
part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 1024
-part / --source rootfs --ondisk sda --fstype=ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --use-uuid
+part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 1024 --use-uuid
bootloader --ptable gpt --timeout=0 --append="rootwait rootfstype=ext4 video=vesafb vga=0x318 console=tty0 console=ttyS0,115200n8"
diff --git a/scripts/lib/wic/canned-wks/mkefidisk.wks b/scripts/lib/wic/canned-wks/mkefidisk.wks
index d1878e23e5..9f534fe184 100644
--- a/scripts/lib/wic/canned-wks/mkefidisk.wks
+++ b/scripts/lib/wic/canned-wks/mkefidisk.wks
@@ -4,7 +4,7 @@
part /boot --source bootimg-efi --sourceparams="loader=grub-efi" --ondisk sda --label msdos --active --align 1024
-part / --source rootfs --ondisk sda --fstype=ext4 --mkfs-extraopts "-T default" --label platform --align 1024 --use-uuid
+part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 1024 --use-uuid
part swap --ondisk sda --size 44 --label swap1 --fstype=swap
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 26/28] sdk: fix relocate symlink failed
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (24 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 25/28] wic: don't forcibly pass -T default Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 27/28] sdk: Enable do_populate_sdk with multilibs Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 28/28] glibc: Fix CVE-2021-38604 Anuj Mittal
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: hongxu <hongxu.jia@windriver.com>
Install SDK to non-default dir, sysmlink mkfs.vfat is invalid
$ ./sdk.sh -y -d ./dnf-2 -S -D
$ ls sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat -al
lrwxrwxrwx 1 hjia users 99 Aug 10 20:38 sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat -> /opt/windriver/wrlinux-graphics/21.32/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat.dosfstools
Since commit [bc4ee54535 sdk: Decouple default install path from
built in path] applied, sdk relocates symlink failed, it should
replace $SDK_BUILD_PATH rather than $DEFAULT_INSTALL_DIR, just
like above commit did
Without this commit:
...
|+ for l in $($SUDO_EXEC find $native_sysroot -type l)
|++ readlink path-to/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat
|++ sed -e s:/usr/local/oecore-x86_64:path-to:
|+ ln -sfn /opt/windriver/wrlinux-graphics/21.32/sysroots/x86_64-wrlinuxsdk-linux/
usr/bin/mkfs.vfat.dosfstools path-to//sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat
...
After appling this commit:
...
|+ for l in $($SUDO_EXEC find $native_sysroot -type l)
|++ readlink path-to/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat
|++ sed -e s:/opt/windriver/wrlinux-graphics/21.31:path-to:
|+ ln -sfn path-to/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat.dosfstools
path-to/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/mkfs.vfat
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 942c06a7348070b92f722fa5c439c8c4404485b7)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/files/toolchain-shar-relocate.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh
index 5433741296..ba873373e2 100644
--- a/meta/files/toolchain-shar-relocate.sh
+++ b/meta/files/toolchain-shar-relocate.sh
@@ -72,7 +72,7 @@ fi
# change all symlinks pointing to @SDKPATH@
for l in $($SUDO_EXEC find $native_sysroot -type l); do
- $SUDO_EXEC ln -sfn $(readlink $l|$SUDO_EXEC sed -e "s:$DEFAULT_INSTALL_DIR:$target_sdk_dir:") $l
+ $SUDO_EXEC ln -sfn $(readlink $l|$SUDO_EXEC sed -e "s:$SDK_BUILD_PATH:$target_sdk_dir:") $l
if [ $? -ne 0 ]; then
echo "Failed to setup symlinks. Relocate script failed. Abort!"
exit 1
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 27/28] sdk: Enable do_populate_sdk with multilibs
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (25 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 26/28] sdk: fix relocate symlink failed Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
2021-08-24 16:25 ` [hardknott][PATCH 28/28] glibc: Fix CVE-2021-38604 Anuj Mittal
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
This patch enables building image based SDKs for multi-libbed images
e.g. lib32-core-image-minimal and so on. Change the path to nativesdk
tools to use recipe-sysroot since thats where the nativesdk components
are installed and it will need access to qemu wrappers during build for
processing intercepts
[YOCTO #14444]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6196a785eababb040ee1dee9f33cb6d6dad77eef)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/multilib.bbclass | 1 -
meta/classes/populate_sdk_base.bbclass | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/classes/multilib.bbclass b/meta/classes/multilib.bbclass
index 9f726e4537..2ef75c0d16 100644
--- a/meta/classes/multilib.bbclass
+++ b/meta/classes/multilib.bbclass
@@ -105,7 +105,6 @@ python __anonymous () {
d.setVar("LINGUAS_INSTALL", "")
# FIXME, we need to map this to something, not delete it!
d.setVar("PACKAGE_INSTALL_ATTEMPTONLY", "")
- bb.build.deltask('do_populate_sdk', d)
bb.build.deltask('do_populate_sdk_ext', d)
return
}
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass
index 33ba3fc3c1..f8072a9d37 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -66,7 +66,7 @@ python () {
SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}"
SDK_DEPENDS = "virtual/fakeroot-native ${SDK_ARCHIVE_DEPENDS} cross-localedef-native nativesdk-qemuwrapper-cross ${@' '.join(["%s-qemuwrapper-cross" % m for m in d.getVar("MULTILIB_VARIANTS").split()])} qemuwrapper-cross"
-PATH_prepend = "${STAGING_DIR_HOST}${SDKPATHNATIVE}${bindir}/crossscripts:${@":".join(all_multilib_tune_values(d, 'STAGING_BINDIR_CROSS').split())}:"
+PATH_prepend = "${WORKDIR}/recipe-sysroot/${SDKPATHNATIVE}${bindir}/crossscripts:${@":".join(all_multilib_tune_values(d, 'STAGING_BINDIR_CROSS').split())}:"
SDK_DEPENDS += "nativesdk-glibc-locale"
# We want the MULTIARCH_TARGET_SYS to point to the TUNE_PKGARCH, not PACKAGE_ARCH as it
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread* [hardknott][PATCH 28/28] glibc: Fix CVE-2021-38604
2021-08-24 16:25 [hardknott][PATCH 00/28] Review request Anuj Mittal
` (26 preceding siblings ...)
2021-08-24 16:25 ` [hardknott][PATCH 27/28] sdk: Enable do_populate_sdk with multilibs Anuj Mittal
@ 2021-08-24 16:25 ` Anuj Mittal
27 siblings, 0 replies; 30+ messages in thread
From: Anuj Mittal @ 2021-08-24 16:25 UTC (permalink / raw)
To: openembedded-core
From: Vinay Kumar <vinay.m.engg@gmail.com>
Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28213
Backported upstream commits b805aebd42364fe696e417808a700fdb9800c9e8 and 4cc79c217744743077bf7a0ec5e0a4318f1e6641
to glibc-2.33 source.
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8]
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641]
Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../glibc/glibc/0001-CVE-2021-38604.patch | 40 +++++
.../glibc/glibc/0002-CVE-2021-38604.patch | 147 ++++++++++++++++++
meta/recipes-core/glibc/glibc_2.33.bb | 2 +
3 files changed, 189 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch
create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch
new file mode 100644
index 0000000000..8a52ac957c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch
@@ -0,0 +1,40 @@
+From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001
+From: Nikita Popov <npv1310@gmail.com>
+Date: Mon, 9 Aug 2021 20:17:34 +0530
+Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213)
+
+Helper thread frees copied attribute on NOTIFY_REMOVED message
+received from the OS kernel. Unfortunately, it fails to check whether
+copied attribute actually exists (data.attr != NULL). This worked
+earlier because free() checks passed pointer before actually
+attempting to release corresponding memory. But
+__pthread_attr_destroy assumes pointer is not NULL.
+
+So passing NULL pointer to __pthread_attr_destroy will result in
+segmentation fault. This scenario is possible if
+notification->sigev_notify_attributes == NULL (which means default
+thread attributes should be used).
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8]
+CVE: CVE-2021-38604
+
+Signed-off-by: Nikita Popov <npv1310@gmail.com>
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ sysdeps/unix/sysv/linux/mq_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
+index 6f46d29d1d..1714e1cc5f 100644
+--- a/sysdeps/unix/sysv/linux/mq_notify.c
++++ b/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -132,7 +132,7 @@ helper_thread (void *arg)
+ to wait until it is done with it. */
+ (void) __pthread_barrier_wait (¬ify_barrier);
+ }
+- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL)
+ {
+ /* The only state we keep is the copy of the thread attributes. */
+ pthread_attr_destroy (data.attr);
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch
new file mode 100644
index 0000000000..b654cdfecb
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch
@@ -0,0 +1,147 @@
+From 4cc79c217744743077bf7a0ec5e0a4318f1e6641 Mon Sep 17 00:00:00 2001
+From: Nikita Popov <npv1310@gmail.com>
+Date: Thu, 12 Aug 2021 16:09:50 +0530
+Subject: [PATCH] librt: add test (bug 28213)
+
+This test implements following logic:
+1) Create POSIX message queue.
+ Register a notification with mq_notify (using NULL attributes).
+ Then immediately unregister the notification with mq_notify.
+ Helper thread in a vulnerable version of glibc
+ should cause NULL pointer dereference after these steps.
+2) Once again, register the same notification.
+ Try to send a dummy message.
+ Test is considered successfulif the dummy message
+ is successfully received by the callback function.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641]
+CVE: CVE-2021-38604
+
+Signed-off-by: Nikita Popov <npv1310@gmail.com>
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ rt/Makefile | 1 +
+ rt/tst-bz28213.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 102 insertions(+)
+ create mode 100644 rt/tst-bz28213.c
+
+diff --git a/rt/Makefile b/rt/Makefile
+index 7b374f2073..c87d95793a 100644
+--- a/rt/Makefile
++++ b/rt/Makefile
+@@ -44,6 +44,7 @@ tests := tst-shm tst-timer tst-timer2 \
+ tst-aio7 tst-aio8 tst-aio9 tst-aio10 \
+ tst-mqueue1 tst-mqueue2 tst-mqueue3 tst-mqueue4 \
+ tst-mqueue5 tst-mqueue6 tst-mqueue7 tst-mqueue8 tst-mqueue9 \
++ tst-bz28213 \
+ tst-timer3 tst-timer4 tst-timer5 \
+ tst-cpuclock2 tst-cputimer1 tst-cputimer2 tst-cputimer3 \
+ tst-shm-cancel
+diff --git a/rt/tst-bz28213.c b/rt/tst-bz28213.c
+new file mode 100644
+index 0000000000..0c096b5a0a
+--- /dev/null
++++ b/rt/tst-bz28213.c
+@@ -0,0 +1,101 @@
++/* Bug 28213: test for NULL pointer dereference in mq_notify.
++ Copyright (C) The GNU Toolchain Authors.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#include <unistd.h>
++#include <mqueue.h>
++#include <signal.h>
++#include <stdlib.h>
++#include <string.h>
++#include <support/check.h>
++
++static mqd_t m = -1;
++static const char msg[] = "hello";
++
++static void
++check_bz28213_cb (union sigval sv)
++{
++ char buf[sizeof (msg)];
++
++ (void) sv;
++
++ TEST_VERIFY_EXIT ((size_t) mq_receive (m, buf, sizeof (buf), NULL)
++ == sizeof (buf));
++ TEST_VERIFY_EXIT (memcmp (buf, msg, sizeof (buf)) == 0);
++
++ exit (0);
++}
++
++static void
++check_bz28213 (void)
++{
++ struct sigevent sev;
++
++ memset (&sev, '\0', sizeof (sev));
++ sev.sigev_notify = SIGEV_THREAD;
++ sev.sigev_notify_function = check_bz28213_cb;
++
++ /* Step 1: Register & unregister notifier.
++ Helper thread should receive NOTIFY_REMOVED notification.
++ In a vulnerable version of glibc, NULL pointer dereference follows. */
++ TEST_VERIFY_EXIT (mq_notify (m, &sev) == 0);
++ TEST_VERIFY_EXIT (mq_notify (m, NULL) == 0);
++
++ /* Step 2: Once again, register notification.
++ Try to send one message.
++ Test is considered successful, if the callback does exit (0). */
++ TEST_VERIFY_EXIT (mq_notify (m, &sev) == 0);
++ TEST_VERIFY_EXIT (mq_send (m, msg, sizeof (msg), 1) == 0);
++
++ /* Wait... */
++ pause ();
++}
++
++static int
++do_test (void)
++{
++ static const char m_name[] = "/bz28213_queue";
++ struct mq_attr m_attr;
++
++ memset (&m_attr, '\0', sizeof (m_attr));
++ m_attr.mq_maxmsg = 1;
++ m_attr.mq_msgsize = sizeof (msg);
++
++ m = mq_open (m_name,
++ O_RDWR | O_CREAT | O_EXCL,
++ 0600,
++ &m_attr);
++
++ if (m < 0)
++ {
++ if (errno == ENOSYS)
++ FAIL_UNSUPPORTED ("POSIX message queues are not implemented\n");
++ FAIL_EXIT1 ("Failed to create POSIX message queue: %m\n");
++ }
++
++ TEST_VERIFY_EXIT (mq_unlink (m_name) == 0);
++
++ check_bz28213 ();
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index 7f516d2bbe..57a60cb9d8 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -64,6 +64,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://CVE-2021-33574_1.patch \
file://CVE-2021-33574_2.patch \
file://CVE-2021-35942.patch \
+ file://0001-CVE-2021-38604.patch \
+ file://0002-CVE-2021-38604.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.31.1
^ permalink raw reply related [flat|nested] 30+ messages in thread