* [OE-core][dunfell 00/14] Patch review
@ 2020-10-09 14:18 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2020-10-09 14:18 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1464
The following changes since commit 552739383321bd9b4780bd0026d6107ece530522:
perl: fix ptest test count (2020-10-05 04:29:40 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (4):
linux-yocto/5.4: fix kprobes build warning
linux-yocto/5.4: update to v5.4.67
linux-yocto/5.4: update to v5.4.68
linux-yocto/5.4: update to v5.4.69
Joshua Watt (1):
classes/sanity: Bump minimum python version to 3.5
Marek Vasut (4):
lttng-modules: update to 2.11.6
lttng-tools: update to 2.11.5
lttng-ust: update to 2.11.1
stress-ng: Upgrade 0.11.01 -> 0.11.17
Richard Purdie (2):
glibc: do_stash_locale must not delete files from ${D}
libtools-cross/shadow-sysroot: Use nopackages inherit
Steve Sakoman (1):
Revert "lttng-modules: backport writeback.h changes from 2.12.x to fix
kernel 5.4.62+"
Victor Kamensky (2):
qemu: add 34Kf-64tlb fictitious cpu type
qemumips: use 34Kf-64tlb CPU emulation
meta/classes/sanity.bbclass | 4 +-
meta/conf/machine/qemumips.conf | 2 +-
meta/recipes-core/glibc/glibc-package.inc | 1 -
.../libtool/libtool-cross_2.4.6.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
...tlb-fictitious-cpu-type-like-34Kf-bu.patch | 118 ++++++++++++++++
.../shadow/shadow-sysroot_4.6.bb | 2 +
...ownership-when-installing-example-jo.patch | 2 +-
...ess-ng_0.11.01.bb => stress-ng_0.11.17.bb} | 4 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +--
...ckport-writeback.h-changes-from-2.12.patch | 128 ------------------
...ules_2.11.2.bb => lttng-modules_2.11.6.bb} | 11 +-
...-tools_2.11.2.bb => lttng-tools_2.11.5.bb} | 4 +-
...ttng-ust_2.11.1.bb => lttng-ust_2.11.2.bb} | 4 +-
16 files changed, 156 insertions(+), 163 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-mips-add-34Kf-64tlb-fictitious-cpu-type-like-34Kf-bu.patch
rename meta/recipes-extended/stress-ng/{stress-ng_0.11.01.bb => stress-ng_0.11.17.bb} (83%)
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-lttng-modules-backport-writeback.h-changes-from-2.12.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.11.2.bb => lttng-modules_2.11.6.bb} (81%)
rename meta/recipes-kernel/lttng/{lttng-tools_2.11.2.bb => lttng-tools_2.11.5.bb} (98%)
rename meta/recipes-kernel/lttng/{lttng-ust_2.11.1.bb => lttng-ust_2.11.2.bb} (93%)
--
2.17.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2020-10-22 15:51 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2020-10-22 15:51 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1501
The following changes since commit 3ee9590f96cb50e93864db768b254773e2ff9465:
uninative: Fix typo in error message (2020-10-19 04:27:15 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
selftest/virgl: drop the custom 30 sec timeout
Changqing Li (1):
toolchain-shar-extract.sh: don't print useless info
Khem Raj (1):
packagegroup-core-tools-debug: Disable for rv32/glibc as well
Lee Chee Yang (3):
libproxy: fix CVE-2020-25219
python3: fix CVE-2020-26116
grub2: fix CVE-2020-10713
Martin Jansa (7):
arch-armv7a.inc: fix typo
arch-mips.inc: remove duplicated mips64el-o32 from
PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
tune-mips64r6.inc: fix typo in mipsisa64r6-nf
tune-ep9312.inc: add t suffix for thumb to
PACKAGE_EXTRA_ARCHS_tune-ep9312
tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
siteinfo: Recognize 32bit PPC LE
siteinfo: Recognize bigendian sh3be and sh4be
Victor Kamensky (1):
qemu: change TLBs number to 64 in 34Kf mips cpu model
meta-selftest/lib/oeqa/runtime/cases/virgl.py | 2 +-
meta/classes/siteinfo.bbclass | 5 +
meta/conf/machine/include/arm/arch-armv7a.inc | 2 +-
meta/conf/machine/include/mips/arch-mips.inc | 2 +-
.../conf/machine/include/riscv/tune-riscv.inc | 4 +-
meta/conf/machine/include/tune-ep9312.inc | 3 +-
meta/conf/machine/include/tune-mips64r6.inc | 2 +-
meta/files/toolchain-shar-extract.sh | 2 +-
.../grub/files/CVE-2020-10713.patch | 73 ++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
.../packagegroup-core-tools-debug.bb | 2 +-
.../python/python3/CVE-2020-26116.patch | 104 ++++++++++++++++++
meta/recipes-devtools/python/python3_3.8.2.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
...ease-number-of-TLB-entries-on-the-34.patch | 59 ++++++++++
.../libproxy/libproxy/CVE-2020-25219.patch | 61 ++++++++++
.../libproxy/libproxy_0.4.15.bb | 1 +
17 files changed, 315 insertions(+), 10 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-10713.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch
create mode 100644 meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
--
2.17.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2021-06-28 15:05 Steve Sakoman
2021-06-29 0:13 ` [dunfell " Minjae Kim
0 siblings, 1 reply; 30+ messages in thread
From: Steve Sakoman @ 2021-06-28 15:05 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2291
The following changes since commit ac8181d9b9ad8360f7dba03aba8b00f008c6ebb4:
Revert "python3: fix CVE-2021-23336" (2021-06-19 13:11:58 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Jasper Orschulko (3):
expat: fix CVE-2013-0340
libxml2: Fix CVE-2021-3518
libx11: Fix CVE-2021-31535
Michael Halstead (1):
uninative: Upgrade to 3.2 (gcc11 support)
Tim Orling (10):
python3: upgrade 3.8.2 -> 3.8.3
python3: upgrade 3.8.3 -> 3.8.4
python3: upgrade 3.8.4 -> 3.8.5
python3: upgrade 3.8.5 -> 3.8.6
python3: upgrade 3.8.6 -> 3.8.7
python3: upgrade 3.8.7 -> 3.8.8
powertop: fix aclocal error too many loops
python3: upgrade 3.8.8 -> 3.8.9
python3: upgrade 3.8.9 -> 3.8.10
python3-ptest: add newly discovered missing rdeps
meta/conf/distro/include/yocto-uninative.inc | 8 +-
.../expat/expat/CVE-2013-0340.patch | 1758 +++++++++++++++++
.../expat/expat/libtool-tag.patch | 41 +-
meta/recipes-core/expat/expat_2.2.9.bb | 12 +-
.../libxml/libxml2/CVE-2021-3518.patch | 112 ++
meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 +
...20-8492-Fix-AbstractBasicAuthHandler.patch | 248 ---
...le.py-correct-the-test-output-format.patch | 24 +-
.../python/python3/CVE-2019-20907.patch | 44 -
.../python/python3/CVE-2020-14422.patch | 77 -
.../python/python3/CVE-2020-26116.patch | 104 -
.../python/python3/CVE-2020-27619.patch | 70 -
.../python/python3/CVE-2021-3177.patch | 191 --
.../{python3_3.8.2.bb => python3_3.8.10.bb} | 19 +-
.../xorg-lib/libx11/CVE-2021-31535.patch | 333 ++++
.../recipes-graphics/xorg-lib/libx11_1.6.9.bb | 1 +
...2-configure.ac-ax_add_fortify_source.patch | 70 +
...003-configure-Use-AX_REQUIRE_DEFINED.patch | 29 +
meta/recipes-kernel/powertop/powertop_2.10.bb | 8 +-
19 files changed, 2357 insertions(+), 793 deletions(-)
create mode 100644 meta/recipes-core/expat/expat/CVE-2013-0340.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3518.patch
delete mode 100644 meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-20907.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-14422.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2021-3177.patch
rename meta/recipes-devtools/python/{python3_3.8.2.bb => python3_3.8.10.bb} (95%)
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2021-31535.patch
create mode 100644 meta/recipes-kernel/powertop/powertop/0002-configure.ac-ax_add_fortify_source.patch
create mode 100644 meta/recipes-kernel/powertop/powertop/0003-configure-Use-AX_REQUIRE_DEFINED.patch
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core] [dunfell 00/14] Patch review
2021-06-29 0:13 ` [dunfell " Minjae Kim
@ 2021-06-29 14:09 ` Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2021-06-29 14:09 UTC (permalink / raw)
To: Minjae Kim; +Cc: Patches and discussions about the oe-core layer
On Mon, Jun 28, 2021 at 2:13 PM Minjae Kim <flowergom@gmail.com> wrote:
> How about this patch? I already tested on qemux86-64.
> https://lists.openembedded.org/g/openembedded-core/message/153284
> Do I need more testing?
It will be in the next set of patches. I haven't seen any issues on
the autobuilder.
Steve
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2021-11-11 4:08 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2021-11-11 4:08 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Friday.
The following changes since commit 38fc0807eea14dc12610da4ba73c082d5a4b0744:
meta/scripts: Manual git url branch additions (2021-11-03 08:43:53 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Jose Quaresma (1):
sstate: another fix for touching files inside pseudo
Joshua Watt (1):
oeqa: reproducible: Fix test not producing diffs
Khem Raj (1):
webkitgtk: Fix reproducibility in minibrowser
Marek Vasut (1):
piglit: upgrade to latest revision
Mark Hatle (1):
reproducible_build: Remove BUILD_REPRODUCIBLE_BINARIES checking
Mingli Yu (1):
python3-magic: add the missing rdepends
Richard Purdie (6):
linunistring: Add missing gperf-native dependency
pseudo: Add in ability to flush database with shutdown request
pseudo: Add fcntl64 wrapper
mirrors: Add uninative mirror on kernel.org
sstate: Ensure SDE is accounted for in package task timestamps
sstate: Avoid deploy_source_date_epoch sstate when unneeded
Steve Sakoman (2):
python3-magic: add missing DEPENDS
selftest/reproducible: add webkitgtk back to exclusion list for
dunfell
meta/classes/mirrors.bbclass | 1 +
meta/classes/reproducible_build.bbclass | 53 ++++++++++++-------
meta/classes/sstate.bbclass | 34 +++++++++---
.../oeqa/selftest/cases/diffoscope/A/file.txt | 1 +
.../oeqa/selftest/cases/diffoscope/B/file.txt | 1 +
meta/lib/oeqa/selftest/cases/reproducible.py | 29 +++++++++-
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../python/python3-magic_0.4.15.bb | 7 ++-
...ssing-include-for-htobe32-definition.patch | 27 ++++++++++
...file.py-make-test-lists-reproducible.patch | 31 +++++++++++
...gen_tcs-tes_input_tests.py-do-not-ha.patch | 44 +++++++++++++++
...lizer.py-make-.gz-files-reproducible.patch | 30 +++++++++++
...sort-the-file-list-before-working-on.patch | 28 ++++++++++
...t-shader.c-do-not-hardcode-build-pat.patch | 30 +++++++++++
meta/recipes-graphics/piglit/piglit_git.bb | 12 ++++-
.../0001-MiniBrowser-Fix-reproduciblity.patch | 31 +++++++++++
meta/recipes-sato/webkit/webkitgtk_2.28.4.bb | 1 +
.../libunistring/libunistring_0.9.10.bb | 1 +
18 files changed, 333 insertions(+), 30 deletions(-)
create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt
create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt
create mode 100644 meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch
create mode 100644 meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch
create mode 100644 meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch
create mode 100644 meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch
create mode 100644 meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch
create mode 100644 meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core][dunfell 00/14] Patch review
[not found] <16B6626DB9B02798.14836@lists.openembedded.org>
@ 2021-11-11 14:16 ` Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2021-11-11 14:16 UTC (permalink / raw)
To: steve; +Cc: openembedded-core
On Wed, Nov 10, 2021 at 6:08 PM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> Please review this set of patches for dunfell and have comments back by end
> of day Friday.
I forgot to add:
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2910
>
> The following changes since commit 38fc0807eea14dc12610da4ba73c082d5a4b0744:
>
> meta/scripts: Manual git url branch additions (2021-11-03 08:43:53 -1000)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
>
> Jose Quaresma (1):
> sstate: another fix for touching files inside pseudo
>
> Joshua Watt (1):
> oeqa: reproducible: Fix test not producing diffs
>
> Khem Raj (1):
> webkitgtk: Fix reproducibility in minibrowser
>
> Marek Vasut (1):
> piglit: upgrade to latest revision
>
> Mark Hatle (1):
> reproducible_build: Remove BUILD_REPRODUCIBLE_BINARIES checking
>
> Mingli Yu (1):
> python3-magic: add the missing rdepends
>
> Richard Purdie (6):
> linunistring: Add missing gperf-native dependency
> pseudo: Add in ability to flush database with shutdown request
> pseudo: Add fcntl64 wrapper
> mirrors: Add uninative mirror on kernel.org
> sstate: Ensure SDE is accounted for in package task timestamps
> sstate: Avoid deploy_source_date_epoch sstate when unneeded
>
> Steve Sakoman (2):
> python3-magic: add missing DEPENDS
> selftest/reproducible: add webkitgtk back to exclusion list for
> dunfell
>
> meta/classes/mirrors.bbclass | 1 +
> meta/classes/reproducible_build.bbclass | 53 ++++++++++++-------
> meta/classes/sstate.bbclass | 34 +++++++++---
> .../oeqa/selftest/cases/diffoscope/A/file.txt | 1 +
> .../oeqa/selftest/cases/diffoscope/B/file.txt | 1 +
> meta/lib/oeqa/selftest/cases/reproducible.py | 29 +++++++++-
> meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
> .../python/python3-magic_0.4.15.bb | 7 ++-
> ...ssing-include-for-htobe32-definition.patch | 27 ++++++++++
> ...file.py-make-test-lists-reproducible.patch | 31 +++++++++++
> ...gen_tcs-tes_input_tests.py-do-not-ha.patch | 44 +++++++++++++++
> ...lizer.py-make-.gz-files-reproducible.patch | 30 +++++++++++
> ...sort-the-file-list-before-working-on.patch | 28 ++++++++++
> ...t-shader.c-do-not-hardcode-build-pat.patch | 30 +++++++++++
> meta/recipes-graphics/piglit/piglit_git.bb | 12 ++++-
> .../0001-MiniBrowser-Fix-reproduciblity.patch | 31 +++++++++++
> meta/recipes-sato/webkit/webkitgtk_2.28.4.bb | 1 +
> .../libunistring/libunistring_0.9.10.bb | 1 +
> 18 files changed, 333 insertions(+), 30 deletions(-)
> create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt
> create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt
> create mode 100644 meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch
> create mode 100644 meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch
> create mode 100644 meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch
> create mode 100644 meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch
> create mode 100644 meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch
> create mode 100644 meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
> create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#158132): https://lists.openembedded.org/g/openembedded-core/message/158132
> Mute This Topic: https://lists.openembedded.org/mt/86975084/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2021-12-22 14:12 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2021-12-22 14:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3047
with the exception of a known intermittent autobuilder issue on oe-selftest-centos
which passed on subsequent retest:
https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2977
The following changes since commit 90a07178ea26be453d101c2e8b33d3a0f437635d:
build-appliance-image: Update to dunfell head revision (2021-12-14 22:49:32 +0000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Anuj Mittal (1):
gstreamer1.0: fix failing ptest
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.159
linux-yocto/5.4: update to v5.4.162
linux-yocto/5.4: update to v5.4.163
linux-yocto/5.4: update to v5.4.165
linux-yocto/5.4: update to v5.4.167
Ernst Sjöstrand (1):
dropbear: Fix CVE-2020-36254
Marta Rybczynska (1):
bluez: fix CVE-2021-0129
Mingli Yu (1):
bootchart2: remove wait_boot logic
Minjae Kim (2):
vim: fix CVE-2021-4069
inetutils: fix CVE-2021-40491
Steve Sakoman (1):
selftest: skip virgl test on fedora 34 entirely
sana kazi (2):
openssh: Fix CVE-2021-41617
openssh: Whitelist CVE-2016-20012
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
.../bluez5/bluez5/CVE-2021-0129.patch | 109 ++++++++++++++++++
.../inetutils/inetutils/CVE-2021-40491.patch | 67 +++++++++++
.../inetutils/inetutils_1.9.4.bb | 1 +
.../openssh/openssh/CVE-2021-41617.patch | 52 +++++++++
.../openssh/openssh_8.2p1.bb | 10 ++
meta/recipes-core/dropbear/dropbear.inc | 4 +-
.../dropbear/dropbear/CVE-2020-36254.patch | 29 +++++
...ake-sure-only-one-bootchartd-process.patch | 68 +++++++++++
.../bootchart2/bootchart2_0.14.9.bb | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 ++--
...-use-too-strict-timeout-for-validati.patch | 33 ++++++
.../gstreamer/gstreamer1.0_1.16.3.bb | 1 +
.../vim/files/CVE-2021-4069.patch | 43 +++++++
meta/recipes-support/vim/vim.inc | 1 +
18 files changed, 439 insertions(+), 19 deletions(-)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-0129.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch
create mode 100644 meta/recipes-devtools/bootchart2/bootchart2/0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0006-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2021-4069.patch
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2022-05-11 18:19 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-05-11 18:19 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3648
with the exception of the newly added meta-virt test (which has never
worked with dunfell)
The following changes since commit 7c0345ab1058a7e29d37f110923ecd368e102ed7:
uninative: Upgrade to 3.6 with gcc 12 support (2022-05-09 11:51:55 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (1):
linux-yocto/5.4: update to v5.4.192
Davide Gardenal (3):
cve-check: add JSON format to summary output
cve-check: fix symlinks where link and output path are equal
rootfs-postcommands: fix symlinks where link and output path are equal
Marta Rybczynska (2):
cve-update-db-native: update the CVE database once a day only
cve-update-db-native: let the user to drive the update interval
Pawan Badganchi (2):
fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
libinput: Add fix for CVE-2022-1215
Portia (1):
volatile-binds: Change DefaultDependencies from false to no
Richard Purdie (3):
base: Avoid circular references to our own scripts
scripts: Make git intercept global
scripts/git: Ensure we don't have circular references
Ross Burton (1):
cve-check: no need to depend on the fetch task
Steve Sakoman (1):
busybox: fix CVE-2022-28391
meta/classes/base.bbclass | 4 +
meta/classes/cve-check.bbclass | 72 ++--
meta/classes/rootfs-postcommands.bbclass | 14 +-
...tr-ensure-only-printable-characters-.patch | 38 ++
...e-all-printed-strings-with-printable.patch | 64 ++++
meta/recipes-core/busybox/busybox_1.31.1.bb | 2 +
.../recipes-core/meta/cve-update-db-native.bb | 13 +-
.../files/volatile-binds.service.in | 2 +-
.../wayland/libinput/CVE-2022-1215.patch | 360 ++++++++++++++++++
.../wayland/libinput_1.15.2.bb | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../fribidi/fribidi/CVE-2022-25308.patch | 50 +++
.../fribidi/fribidi/CVE-2022-25309.patch | 31 ++
.../fribidi/fribidi/CVE-2022-25310.patch | 30 ++
meta/recipes-support/fribidi/fribidi_1.0.9.bb | 3 +
scripts/{git-intercept => }/git | 9 +-
18 files changed, 674 insertions(+), 55 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
create mode 100644 meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
rename scripts/{git-intercept => }/git (52%)
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2022-06-08 14:46 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-06-08 14:46 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3760
The following changes since commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939:
openssl: Backport fix for ptest cert expiry (2022-06-07 11:33:46 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (1):
linux-yocto/5.4: update to v5.4.196
Hitendra Prajapati (2):
e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted
filesystem
pcre2: CVE-2022-1587 Out-of-bounds read
Marta Rybczynska (4):
cve-check: move update_symlinks to a library
cve-check: write empty fragment files in the text mode
cve-check: add coverage statistics on recipes with/without CVEs
cve-update-db-native: make it possible to disable database updates
Richard Purdie (1):
libxslt: Mark CVE-2022-29824 as not applying
Robert Joslyn (2):
curl: Backport CVE fixes
curl: Fix CVE_CHECK_WHITELIST typo
Steve Sakoman (3):
Revert "openssl: Backport fix for ptest cert expiry"
openssl: backport fix for ptest certificate expiration
openssl: update the epoch time for ct_test ptest
omkar patil (1):
libxslt: Fix CVE-2021-30560
meta/classes/cve-check.bbclass | 86 ++-
meta/lib/oe/cve_check.py | 10 +
...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 +++++
...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 --
...611887cfac633aacc052b2e71a7f195418b8.patch | 29 +
.../openssl/openssl_1.1.1o.bb | 3 +-
.../recipes-core/meta/cve-update-db-native.bb | 6 +-
.../e2fsprogs/e2fsprogs/CVE-2022-1304.patch | 42 ++
.../e2fsprogs/e2fsprogs_1.45.7.bb | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../curl/curl/CVE-2022-27774-1.patch | 45 ++
.../curl/curl/CVE-2022-27774-2.patch | 80 +++
.../curl/curl/CVE-2022-27774-3.patch | 83 +++
.../curl/curl/CVE-2022-27774-4.patch | 35 +
.../curl/curl/CVE-2022-27781.patch | 46 ++
.../curl/curl/CVE-2022-27782-1.patch | 363 ++++++++++
.../curl/curl/CVE-2022-27782-2.patch | 71 ++
meta/recipes-support/curl/curl_7.69.1.bb | 9 +-
.../libpcre/libpcre2/CVE-2022-1587.patch | 660 ++++++++++++++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
.../libxslt/libxslt/CVE-2021-30560.patch | 201 ++++++
.../recipes-support/libxslt/libxslt_1.1.34.bb | 5 +
24 files changed, 1949 insertions(+), 110 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2022-07-07 21:59 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-07 21:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3880
The following changes since commit b75caf4a985e3c20996531785125eaffdc832104:
insane.bbclass: host-user-contaminated: Correct per package home path (2022-06-29 05:15:49 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Anuj Mittal (1):
efivar: change branch name to main
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.199
linux-yocto/5.4: update to v5.4.203
Jate Sujjavanich (1):
IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation
Ranjitsinh Rathod (1):
openssl: Minor security upgrade 1.1.1o to 1.1.1p
Richard Purdie (5):
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
vim: 8.2.5083 -> 9.0.0005
oeqa/runtime/scp: Disable scp test for dropbear
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
oe-selftest-image: Ensure the image has sftp as well as dropbear
Ross Burton (1):
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
Steve Sakoman (3):
openssh: break dependency on base package for -dev package
dropbear: break dependency on base package for -dev package
qemu: add PACKAGECONFIG for capstone
.../recipes-test/images/oe-selftest-image.bb | 2 +-
meta/classes/cve-check.bbclass | 2 +-
meta/classes/image.bbclass | 5 +-
.../distro/include/cve-extra-exclusions.inc | 31 ++-
meta/lib/oe/package_manager.py | 13 +-
meta/lib/oeqa/runtime/cases/scp.py | 2 +-
meta/recipes-bsp/efivar/efivar_37.bb | 2 +-
.../openssh/openssh_8.2p1.bb | 5 +
...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 ------------------
...611887cfac633aacc052b2e71a7f195418b8.patch | 29 ---
.../{openssl_1.1.1o.bb => openssl_1.1.1p.bb} | 4 +-
meta/recipes-core/dropbear/dropbear.inc | 5 +
.../packagegroup-core-ssh-dropbear.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} | 0
meta/recipes-support/vim/vim.inc | 6 +-
.../vim/{vim_8.2.bb => vim_9.0.bb} | 0
20 files changed, 64 insertions(+), 272 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.1o.bb => openssl_1.1.1p.bb} (97%)
rename meta/recipes-support/vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} (100%)
rename meta/recipes-support/vim/{vim_8.2.bb => vim_9.0.bb} (100%)
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2022-08-29 21:02 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 01/14] libtiff: CVE-2022-34526 A stack overflow was discovered Steve Sakoman
` (13 more replies)
0 siblings, 14 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4151
The following changes since commit a3cba15142e98177119ef36c09f553d09acf35ef:
build-appliance-image: Update to dunfell head revision (2022-08-22 16:07:02 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (3):
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
tzdata: upgrade 2022a -> 2022b
wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
Anuj Mittal (1):
cryptodev-module: fix build with 5.11+ kernels
Bruce Ashfield (1):
linux-yocto/5.4: update to v5.4.210
Ernst Sjöstrand (1):
cve-check: Don't use f-strings
Hitendra Prajapati (5):
libtiff: CVE-2022-34526 A stack overflow was discovered
golang: fix CVE-2022-30629 and CVE-2022-30631
golang: fix CVE-2022-30632 and CVE-2022-30633
golang: fix CVE-2022-30635 and CVE-2022-32148
golang: CVE-2022-32189 a denial of service
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to
fail
Pawan Badganchi (1):
libxml2: Add fix for CVE-2016-3709
Richard Purdie (1):
vim: Upgrade 9.0.0115 -> 9.0.0242
meta/lib/oe/cve_check.py | 2 +-
.../mobile-broadband-provider-info_git.bb | 4 +-
.../libxml/libxml2/CVE-2016-3709.patch | 89 ++++++++++++
meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 +
meta/recipes-devtools/go/go-1.14.inc | 7 +
.../go/go-1.14/CVE-2022-30629.patch | 47 +++++++
.../go/go-1.14/CVE-2022-30631.patch | 116 ++++++++++++++++
.../go/go-1.14/CVE-2022-30632.patch | 71 ++++++++++
.../go/go-1.14/CVE-2022-30633.patch | 131 ++++++++++++++++++
.../go/go-1.14/CVE-2022-30635.patch | 120 ++++++++++++++++
.../go/go-1.14/CVE-2022-32148.patch | 49 +++++++
.../go/go-1.14/CVE-2022-32189.patch | 113 +++++++++++++++
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../cryptodev/cryptodev-module_1.10.bb | 1 +
.../files/fix-build-for-Linux-5.11-rc1.patch | 32 +++++
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +--
....06.06.bb => wireless-regdb_2022.08.12.bb} | 2 +-
.../libtiff/files/CVE-2022-34526.patch | 29 ++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
scripts/relocate_sdk.py | 10 +-
23 files changed, 842 insertions(+), 29 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2016-3709.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30635.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch
create mode 100644 meta/recipes-kernel/cryptodev/files/fix-build-for-Linux-5.11-rc1.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.06.06.bb => wireless-regdb_2022.08.12.bb} (94%)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 01/14] libtiff: CVE-2022-34526 A stack overflow was discovered
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 02/14] golang: fix CVE-2022-30629 and CVE-2022-30631 Steve Sakoman
` (12 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://gitlab.com/libtiff/libtiff
MR: 120545
Type: Security Fix
Disposition: Backport from https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387
Description:
CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/files/CVE-2022-34526.patch | 29 +++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch
new file mode 100644
index 0000000000..cf440ce55f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch
@@ -0,0 +1,29 @@
+From 06386cc9dff5dc162006abe11fd4d1a6fad616cc Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 18 Aug 2022 09:40:50 +0530
+Subject: [PATCH] CVE-2022-34526
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990]
+CVE: CVE-2022-34526
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_dirinfo.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 52d53d4..4a1ca00 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -983,6 +983,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
+ default:
+ return 1;
+ }
++ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
++ return 0;
++ }
+ /* Check if codec specific tags are allowed for the current
+ * compression scheme (codec) */
+ switch (tif->tif_dir.td_compression) {
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 4383f7af8e..c061d2aaac 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-0891.patch \
file://CVE-2022-0924.patch \
file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \
+ file://CVE-2022-34526.patch \
"
SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 02/14] golang: fix CVE-2022-30629 and CVE-2022-30631
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 01/14] libtiff: CVE-2022-34526 A stack overflow was discovered Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 03/14] golang: fix CVE-2022-30632 and CVE-2022-30633 Steve Sakoman
` (11 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/golang/go
MR: 120613, 120613
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c && https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3
ChangeID: 366db775dec045d7b312b8da0436af36ab322046
Description:
Fixed CVE:
1. CVE-2022-30629
2. CVE-2022-30631
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2022-30629.patch | 47 +++++++
.../go/go-1.14/CVE-2022-30631.patch | 116 ++++++++++++++++++
3 files changed, 165 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index b160222f76..6089fd501d 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -25,6 +25,8 @@ SRC_URI += "\
file://CVE-2021-44717.patch \
file://CVE-2022-24675.patch \
file://CVE-2021-31525.patch \
+ file://CVE-2022-30629.patch \
+ file://CVE-2022-30631.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
new file mode 100644
index 0000000000..47313a547f
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
@@ -0,0 +1,47 @@
+From 8d0bbb5a6280c2cf951241ec7f6579c90d38df57 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 25 Aug 2022 10:55:08 +0530
+Subject: [PATCH] CVE-2022-30629
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c]
+CVE: CVE-2022-30629
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/crypto/tls/handshake_server_tls13.go | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
+index 5432145..d91797e 100644
+--- a/src/crypto/tls/handshake_server_tls13.go
++++ b/src/crypto/tls/handshake_server_tls13.go
+@@ -9,6 +9,7 @@ import (
+ "crypto"
+ "crypto/hmac"
+ "crypto/rsa"
++ "encoding/binary"
+ "errors"
+ "hash"
+ "io"
+@@ -742,6 +743,19 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
+ }
+ m.lifetime = uint32(maxSessionTicketLifetime / time.Second)
+
++ // ticket_age_add is a random 32-bit value. See RFC 8446, section 4.6.1
++ // The value is not stored anywhere; we never need to check the ticket age
++ // because 0-RTT is not supported.
++ ageAdd := make([]byte, 4)
++ _, err = hs.c.config.rand().Read(ageAdd)
++ if err != nil {
++ return err
++ }
++ m.ageAdd = binary.LittleEndian.Uint32(ageAdd)
++
++ // ticket_nonce, which must be unique per connection, is always left at
++ // zero because we only ever send one ticket per connection.
++
+ if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
+ return err
+ }
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
new file mode 100644
index 0000000000..5dcfd27f16
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
@@ -0,0 +1,116 @@
+From d10fc3a84e3344f2421c1dd3046faa50709ab4d5 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 25 Aug 2022 11:01:21 +0530
+Subject: [PATCH] CVE-2022-30631
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3]
+CVE: CVE-2022-30631
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/compress/gzip/gunzip.go | 60 +++++++++++++++-----------------
+ src/compress/gzip/gunzip_test.go | 16 +++++++++
+ 2 files changed, 45 insertions(+), 31 deletions(-)
+
+diff --git a/src/compress/gzip/gunzip.go b/src/compress/gzip/gunzip.go
+index 924bce1..237b2b9 100644
+--- a/src/compress/gzip/gunzip.go
++++ b/src/compress/gzip/gunzip.go
+@@ -248,42 +248,40 @@ func (z *Reader) Read(p []byte) (n int, err error) {
+ return 0, z.err
+ }
+
+- n, z.err = z.decompressor.Read(p)
+- z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n])
+- z.size += uint32(n)
+- if z.err != io.EOF {
+- // In the normal case we return here.
+- return n, z.err
+- }
++ for n == 0 {
++ n, z.err = z.decompressor.Read(p)
++ z.digest = crc32.Update(z.digest, crc32.IEEETable, p[:n])
++ z.size += uint32(n)
++ if z.err != io.EOF {
++ // In the normal case we return here.
++ return n, z.err
++ }
+
+- // Finished file; check checksum and size.
+- if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil {
+- z.err = noEOF(err)
+- return n, z.err
+- }
+- digest := le.Uint32(z.buf[:4])
+- size := le.Uint32(z.buf[4:8])
+- if digest != z.digest || size != z.size {
+- z.err = ErrChecksum
+- return n, z.err
+- }
+- z.digest, z.size = 0, 0
++ // Finished file; check checksum and size.
++ if _, err := io.ReadFull(z.r, z.buf[:8]); err != nil {
++ z.err = noEOF(err)
++ return n, z.err
++ }
++ digest := le.Uint32(z.buf[:4])
++ size := le.Uint32(z.buf[4:8])
++ if digest != z.digest || size != z.size {
++ z.err = ErrChecksum
++ return n, z.err
++ }
++ z.digest, z.size = 0, 0
+
+- // File is ok; check if there is another.
+- if !z.multistream {
+- return n, io.EOF
+- }
+- z.err = nil // Remove io.EOF
++ // File is ok; check if there is another.
++ if !z.multistream {
++ return n, io.EOF
++ }
++ z.err = nil // Remove io.EOF
+
+- if _, z.err = z.readHeader(); z.err != nil {
+- return n, z.err
++ if _, z.err = z.readHeader(); z.err != nil {
++ return n, z.err
++ }
+ }
+
+- // Read from next file, if necessary.
+- if n > 0 {
+- return n, nil
+- }
+- return z.Read(p)
++ return n, nil
+ }
+
+ // Close closes the Reader. It does not close the underlying io.Reader.
+diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go
+index 1b01404..95220ae 100644
+--- a/src/compress/gzip/gunzip_test.go
++++ b/src/compress/gzip/gunzip_test.go
+@@ -516,3 +516,19 @@ func TestTruncatedStreams(t *testing.T) {
+ }
+ }
+ }
++
++func TestCVE202230631(t *testing.T) {
++ var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00,
++ 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
++ r := bytes.NewReader(bytes.Repeat(empty, 4e6))
++ z, err := NewReader(r)
++ if err != nil {
++ t.Fatalf("NewReader: got %v, want nil", err)
++ }
++ // Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due
++ // to stack exhaustion.
++ _, err = z.Read(make([]byte, 10))
++ if err != io.EOF {
++ t.Errorf("Reader.Read: got %v, want %v", err, io.EOF)
++ }
++}
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 03/14] golang: fix CVE-2022-30632 and CVE-2022-30633
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 01/14] libtiff: CVE-2022-34526 A stack overflow was discovered Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 02/14] golang: fix CVE-2022-30629 and CVE-2022-30631 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 04/14] golang: fix CVE-2022-30635 and CVE-2022-32148 Steve Sakoman
` (10 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/golang/go
MR: 120622, 120625
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df && https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827
ChangeID: aabb29a6dd6a89842f451c95af228aaf66e58bb5
Description:
Fixed CVE:
1. CVE-2022-30632
2. CVE-2022-30633
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2022-30632.patch | 71 ++++++++++
.../go/go-1.14/CVE-2022-30633.patch | 131 ++++++++++++++++++
3 files changed, 204 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 6089fd501d..84babc38cb 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -27,6 +27,8 @@ SRC_URI += "\
file://CVE-2021-31525.patch \
file://CVE-2022-30629.patch \
file://CVE-2022-30631.patch \
+ file://CVE-2022-30632.patch \
+ file://CVE-2022-30633.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch
new file mode 100644
index 0000000000..c54ef56a0e
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch
@@ -0,0 +1,71 @@
+From 35d1dfe9746029aea9027b405c75555d41ffd2f8 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 25 Aug 2022 13:12:40 +0530
+Subject: [PATCH] CVE-2022-30632
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df]
+CVE: CVE-2022-30632
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/path/filepath/match.go | 16 +++++++++++++++-
+ src/path/filepath/match_test.go | 10 ++++++++++
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/src/path/filepath/match.go b/src/path/filepath/match.go
+index 46badb5..ba68daa 100644
+--- a/src/path/filepath/match.go
++++ b/src/path/filepath/match.go
+@@ -232,6 +232,20 @@ func getEsc(chunk string) (r rune, nchunk string, err error) {
+ // The only possible returned error is ErrBadPattern, when pattern
+ // is malformed.
+ func Glob(pattern string) (matches []string, err error) {
++ return globWithLimit(pattern, 0)
++}
++
++func globWithLimit(pattern string, depth int) (matches []string, err error) {
++ // This limit is used prevent stack exhaustion issues. See CVE-2022-30632.
++ const pathSeparatorsLimit = 10000
++ if depth == pathSeparatorsLimit {
++ return nil, ErrBadPattern
++ }
++
++ // Check pattern is well-formed.
++ if _, err := Match(pattern, ""); err != nil {
++ return nil, err
++ }
+ if !hasMeta(pattern) {
+ if _, err = os.Lstat(pattern); err != nil {
+ return nil, nil
+@@ -257,7 +271,7 @@ func Glob(pattern string) (matches []string, err error) {
+ }
+
+ var m []string
+- m, err = Glob(dir)
++ m, err = globWithLimit(dir, depth+1)
+ if err != nil {
+ return
+ }
+diff --git a/src/path/filepath/match_test.go b/src/path/filepath/match_test.go
+index b865762..c37c812 100644
+--- a/src/path/filepath/match_test.go
++++ b/src/path/filepath/match_test.go
+@@ -154,6 +154,16 @@ func TestGlob(t *testing.T) {
+ }
+ }
+
++func TestCVE202230632(t *testing.T) {
++ // Prior to CVE-2022-30632, this would cause a stack exhaustion given a
++ // large number of separators (more than 4,000,000). There is now a limit
++ // of 10,000.
++ _, err := Glob("/*" + strings.Repeat("/", 10001))
++ if err != ErrBadPattern {
++ t.Fatalf("Glob returned err=%v, want ErrBadPattern", err)
++ }
++}
++
+ func TestGlobError(t *testing.T) {
+ _, err := Glob("[]")
+ if err == nil {
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
new file mode 100644
index 0000000000..c16cb5f50c
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
@@ -0,0 +1,131 @@
+From ab6e2ffdcab0501bcc2de4b196c1c18ae2301d4b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 25 Aug 2022 13:29:55 +0530
+Subject: [PATCH] CVE-2022-30633
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827]
+CVE: CVE-2022-30633
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/encoding/xml/read.go | 27 +++++++++++++++++++--------
+ src/encoding/xml/read_test.go | 14 ++++++++++++++
+ 2 files changed, 33 insertions(+), 8 deletions(-)
+
+diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
+index 10a60ee..4ffed80 100644
+--- a/src/encoding/xml/read.go
++++ b/src/encoding/xml/read.go
+@@ -148,7 +148,7 @@ func (d *Decoder) DecodeElement(v interface{}, start *StartElement) error {
+ if val.Kind() != reflect.Ptr {
+ return errors.New("non-pointer passed to Unmarshal")
+ }
+- return d.unmarshal(val.Elem(), start)
++ return d.unmarshal(val.Elem(), start, 0)
+ }
+
+ // An UnmarshalError represents an error in the unmarshaling process.
+@@ -304,8 +304,15 @@ var (
+ textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
+ )
+
++const maxUnmarshalDepth = 10000
++
++var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth")
++
+ // Unmarshal a single XML element into val.
+-func (d *Decoder) unmarshal(val reflect.Value, start *StartElement) error {
++func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, depth int) error {
++ if depth >= maxUnmarshalDepth {
++ return errExeceededMaxUnmarshalDepth
++ }
+ // Find start element if we need it.
+ if start == nil {
+ for {
+@@ -398,7 +405,7 @@ func (d *Decoder) unmarshal(val reflect.Value, start *StartElement) error {
+ v.Set(reflect.Append(val, reflect.Zero(v.Type().Elem())))
+
+ // Recur to read element into slice.
+- if err := d.unmarshal(v.Index(n), start); err != nil {
++ if err := d.unmarshal(v.Index(n), start, depth+1); err != nil {
+ v.SetLen(n)
+ return err
+ }
+@@ -521,13 +528,15 @@ Loop:
+ case StartElement:
+ consumed := false
+ if sv.IsValid() {
+- consumed, err = d.unmarshalPath(tinfo, sv, nil, &t)
++ // unmarshalPath can call unmarshal, so we need to pass the depth through so that
++ // we can continue to enforce the maximum recusion limit.
++ consumed, err = d.unmarshalPath(tinfo, sv, nil, &t, depth)
+ if err != nil {
+ return err
+ }
+ if !consumed && saveAny.IsValid() {
+ consumed = true
+- if err := d.unmarshal(saveAny, &t); err != nil {
++ if err := d.unmarshal(saveAny, &t, depth+1); err != nil {
+ return err
+ }
+ }
+@@ -672,7 +681,7 @@ func copyValue(dst reflect.Value, src []byte) (err error) {
+ // The consumed result tells whether XML elements have been consumed
+ // from the Decoder until start's matching end element, or if it's
+ // still untouched because start is uninteresting for sv's fields.
+-func (d *Decoder) unmarshalPath(tinfo *typeInfo, sv reflect.Value, parents []string, start *StartElement) (consumed bool, err error) {
++func (d *Decoder) unmarshalPath(tinfo *typeInfo, sv reflect.Value, parents []string, start *StartElement, depth int) (consumed bool, err error) {
+ recurse := false
+ Loop:
+ for i := range tinfo.fields {
+@@ -687,7 +696,7 @@ Loop:
+ }
+ if len(finfo.parents) == len(parents) && finfo.name == start.Name.Local {
+ // It's a perfect match, unmarshal the field.
+- return true, d.unmarshal(finfo.value(sv), start)
++ return true, d.unmarshal(finfo.value(sv), start, depth+1)
+ }
+ if len(finfo.parents) > len(parents) && finfo.parents[len(parents)] == start.Name.Local {
+ // It's a prefix for the field. Break and recurse
+@@ -716,7 +725,9 @@ Loop:
+ }
+ switch t := tok.(type) {
+ case StartElement:
+- consumed2, err := d.unmarshalPath(tinfo, sv, parents, &t)
++ // the recursion depth of unmarshalPath is limited to the path length specified
++ // by the struct field tag, so we don't increment the depth here.
++ consumed2, err := d.unmarshalPath(tinfo, sv, parents, &t, depth)
+ if err != nil {
+ return true, err
+ }
+diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
+index 8c2e70f..6a20b1a 100644
+--- a/src/encoding/xml/read_test.go
++++ b/src/encoding/xml/read_test.go
+@@ -5,6 +5,7 @@
+ package xml
+
+ import (
++ "errors"
+ "io"
+ "reflect"
+ "strings"
+@@ -1079,3 +1080,16 @@ func TestUnmarshalWhitespaceAttrs(t *testing.T) {
+ t.Fatalf("whitespace attrs: Unmarshal:\nhave: %#+v\nwant: %#+v", v, want)
+ }
+ }
++
++func TestCVE202228131(t *testing.T) {
++ type nested struct {
++ Parent *nested `xml:",any"`
++ }
++ var n nested
++ err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n)
++ if err == nil {
++ t.Fatal("Unmarshal did not fail")
++ } else if !errors.Is(err, errExeceededMaxUnmarshalDepth) {
++ t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
++ }
++}
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 04/14] golang: fix CVE-2022-30635 and CVE-2022-32148
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 03/14] golang: fix CVE-2022-30632 and CVE-2022-30633 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 05/14] golang: CVE-2022-32189 a denial of service Steve Sakoman
` (9 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/golang/go
MR: 120628, 120631
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e && https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e
ChangeID: fbd8d61bdc2e9cb0cdbe9879e02aed218ee93dbe
Description:
Fixed CVE:
1. CVE-2022-30635
2. CVE-2022-32148
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2022-30635.patch | 120 ++++++++++++++++++
.../go/go-1.14/CVE-2022-32148.patch | 49 +++++++
3 files changed, 171 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30635.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 84babc38cb..7c32246012 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -29,6 +29,8 @@ SRC_URI += "\
file://CVE-2022-30631.patch \
file://CVE-2022-30632.patch \
file://CVE-2022-30633.patch \
+ file://CVE-2022-30635.patch \
+ file://CVE-2022-32148.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30635.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30635.patch
new file mode 100644
index 0000000000..73959f70fa
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30635.patch
@@ -0,0 +1,120 @@
+From fdd4316737ed5681689a1f40802ffa0805e5b11c Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 26 Aug 2022 12:17:05 +0530
+Subject: [PATCH] CVE-2022-30635
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/cd54600b866db0ad068ab8df06c7f5f6cb55c9b3]
+CVE-2022-30635
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/encoding/gob/decode.go | 19 ++++++++++++-------
+ src/encoding/gob/gobencdec_test.go | 24 ++++++++++++++++++++++++
+ 2 files changed, 36 insertions(+), 7 deletions(-)
+
+diff --git a/src/encoding/gob/decode.go b/src/encoding/gob/decode.go
+index d2f6c74..0e0ec75 100644
+--- a/src/encoding/gob/decode.go
++++ b/src/encoding/gob/decode.go
+@@ -871,8 +871,13 @@ func (dec *Decoder) decOpFor(wireId typeId, rt reflect.Type, name string, inProg
+ return &op
+ }
+
++var maxIgnoreNestingDepth = 10000
++
+ // decIgnoreOpFor returns the decoding op for a field that has no destination.
+-func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp) *decOp {
++func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp, depth int) *decOp {
++ if depth > maxIgnoreNestingDepth {
++ error_(errors.New("invalid nesting depth"))
++ }
+ // If this type is already in progress, it's a recursive type (e.g. map[string]*T).
+ // Return the pointer to the op we're already building.
+ if opPtr := inProgress[wireId]; opPtr != nil {
+@@ -896,7 +901,7 @@ func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp)
+ errorf("bad data: undefined type %s", wireId.string())
+ case wire.ArrayT != nil:
+ elemId := wire.ArrayT.Elem
+- elemOp := dec.decIgnoreOpFor(elemId, inProgress)
++ elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1)
+ op = func(i *decInstr, state *decoderState, value reflect.Value) {
+ state.dec.ignoreArray(state, *elemOp, wire.ArrayT.Len)
+ }
+@@ -904,15 +909,15 @@ func (dec *Decoder) decIgnoreOpFor(wireId typeId, inProgress map[typeId]*decOp)
+ case wire.MapT != nil:
+ keyId := dec.wireType[wireId].MapT.Key
+ elemId := dec.wireType[wireId].MapT.Elem
+- keyOp := dec.decIgnoreOpFor(keyId, inProgress)
+- elemOp := dec.decIgnoreOpFor(elemId, inProgress)
++ keyOp := dec.decIgnoreOpFor(keyId, inProgress, depth+1)
++ elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1)
+ op = func(i *decInstr, state *decoderState, value reflect.Value) {
+ state.dec.ignoreMap(state, *keyOp, *elemOp)
+ }
+
+ case wire.SliceT != nil:
+ elemId := wire.SliceT.Elem
+- elemOp := dec.decIgnoreOpFor(elemId, inProgress)
++ elemOp := dec.decIgnoreOpFor(elemId, inProgress, depth+1)
+ op = func(i *decInstr, state *decoderState, value reflect.Value) {
+ state.dec.ignoreSlice(state, *elemOp)
+ }
+@@ -1073,7 +1078,7 @@ func (dec *Decoder) compileSingle(remoteId typeId, ut *userTypeInfo) (engine *de
+ func (dec *Decoder) compileIgnoreSingle(remoteId typeId) *decEngine {
+ engine := new(decEngine)
+ engine.instr = make([]decInstr, 1) // one item
+- op := dec.decIgnoreOpFor(remoteId, make(map[typeId]*decOp))
++ op := dec.decIgnoreOpFor(remoteId, make(map[typeId]*decOp), 0)
+ ovfl := overflow(dec.typeString(remoteId))
+ engine.instr[0] = decInstr{*op, 0, nil, ovfl}
+ engine.numInstr = 1
+@@ -1118,7 +1123,7 @@ func (dec *Decoder) compileDec(remoteId typeId, ut *userTypeInfo) (engine *decEn
+ localField, present := srt.FieldByName(wireField.Name)
+ // TODO(r): anonymous names
+ if !present || !isExported(wireField.Name) {
+- op := dec.decIgnoreOpFor(wireField.Id, make(map[typeId]*decOp))
++ op := dec.decIgnoreOpFor(wireField.Id, make(map[typeId]*decOp), 0)
+ engine.instr[fieldnum] = decInstr{*op, fieldnum, nil, ovfl}
+ continue
+ }
+diff --git a/src/encoding/gob/gobencdec_test.go b/src/encoding/gob/gobencdec_test.go
+index 6d2c8db..1b52ecc 100644
+--- a/src/encoding/gob/gobencdec_test.go
++++ b/src/encoding/gob/gobencdec_test.go
+@@ -12,6 +12,7 @@ import (
+ "fmt"
+ "io"
+ "net"
++ "reflect"
+ "strings"
+ "testing"
+ "time"
+@@ -796,3 +797,26 @@ func TestNetIP(t *testing.T) {
+ t.Errorf("decoded to %v, want 1.2.3.4", ip.String())
+ }
+ }
++
++func TestIngoreDepthLimit(t *testing.T) {
++ // We don't test the actual depth limit because it requires building an
++ // extremely large message, which takes quite a while.
++ oldNestingDepth := maxIgnoreNestingDepth
++ maxIgnoreNestingDepth = 100
++ defer func() { maxIgnoreNestingDepth = oldNestingDepth }()
++ b := new(bytes.Buffer)
++ enc := NewEncoder(b)
++ typ := reflect.TypeOf(int(0))
++ nested := reflect.ArrayOf(1, typ)
++ for i := 0; i < 100; i++ {
++ nested = reflect.ArrayOf(1, nested)
++ }
++ badStruct := reflect.New(reflect.StructOf([]reflect.StructField{{Name: "F", Type: nested}}))
++ enc.Encode(badStruct.Interface())
++ dec := NewDecoder(b)
++ var output struct{ Hello int }
++ expectedErr := "invalid nesting depth"
++ if err := dec.Decode(&output); err == nil || err.Error() != expectedErr {
++ t.Errorf("Decode didn't fail with depth limit of 100: want %q, got %q", expectedErr, err)
++ }
++}
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
new file mode 100644
index 0000000000..aab98e99fd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
@@ -0,0 +1,49 @@
+From 0fe3adec199e8cd2c101933f75d8cd617de70350 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 26 Aug 2022 12:48:13 +0530
+Subject: [PATCH] CVE-2022-32148
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e]
+CVE: CVE-2022-32148
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/net/http/header.go | 6 ++++++
+ src/net/http/header_test.go | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/src/net/http/header.go b/src/net/http/header.go
+index b9b5391..221f613 100644
+--- a/src/net/http/header.go
++++ b/src/net/http/header.go
+@@ -100,6 +100,12 @@ func (h Header) Clone() Header {
+ sv := make([]string, nv) // shared backing array for headers' values
+ h2 := make(Header, len(h))
+ for k, vv := range h {
++ if vv == nil {
++ // Preserve nil values. ReverseProxy distinguishes
++ // between nil and zero-length header values.
++ h2[k] = nil
++ continue
++ }
+ n := copy(sv, vv)
+ h2[k] = sv[:n:n]
+ sv = sv[n:]
+diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go
+index 4789362..80c0035 100644
+--- a/src/net/http/header_test.go
++++ b/src/net/http/header_test.go
+@@ -235,6 +235,11 @@ func TestCloneOrMakeHeader(t *testing.T) {
+ in: Header{"foo": {"bar"}},
+ want: Header{"foo": {"bar"}},
+ },
++ {
++ name: "nil value",
++ in: Header{"foo": nil},
++ want: Header{"foo": nil},
++ },
+ }
+
+ for _, tt := range tests {
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 05/14] golang: CVE-2022-32189 a denial of service
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 04/14] golang: fix CVE-2022-30635 and CVE-2022-32148 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 06/14] libxml2: Add fix for CVE-2016-3709 Steve Sakoman
` (8 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/golang/go
MR: 120634
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102
ChangeID: 3ade323dd52a6b654358f6738a0b3411ccc6d3f8
Description:
CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2022-32189.patch | 113 ++++++++++++++++++
2 files changed, 114 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 7c32246012..1458a11b3f 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -31,6 +31,7 @@ SRC_URI += "\
file://CVE-2022-30633.patch \
file://CVE-2022-30635.patch \
file://CVE-2022-32148.patch \
+ file://CVE-2022-32189.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch
new file mode 100644
index 0000000000..15fda7de1b
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch
@@ -0,0 +1,113 @@
+From 027e7e1578d3d7614f7586eff3894b83d9709e14 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 29 Aug 2022 10:08:34 +0530
+Subject: [PATCH] CVE-2022-32189
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102]
+CVE: CVE-2022-32189
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/math/big/floatmarsh.go | 7 +++++++
+ src/math/big/floatmarsh_test.go | 12 ++++++++++++
+ src/math/big/ratmarsh.go | 6 ++++++
+ src/math/big/ratmarsh_test.go | 12 ++++++++++++
+ 4 files changed, 37 insertions(+)
+
+diff --git a/src/math/big/floatmarsh.go b/src/math/big/floatmarsh.go
+index d1c1dab..990e085 100644
+--- a/src/math/big/floatmarsh.go
++++ b/src/math/big/floatmarsh.go
+@@ -8,6 +8,7 @@ package big
+
+ import (
+ "encoding/binary"
++ "errors"
+ "fmt"
+ )
+
+@@ -67,6 +68,9 @@ func (z *Float) GobDecode(buf []byte) error {
+ *z = Float{}
+ return nil
+ }
++ if len(buf) < 6 {
++ return errors.New("Float.GobDecode: buffer too small")
++ }
+
+ if buf[0] != floatGobVersion {
+ return fmt.Errorf("Float.GobDecode: encoding version %d not supported", buf[0])
+@@ -83,6 +87,9 @@ func (z *Float) GobDecode(buf []byte) error {
+ z.prec = binary.BigEndian.Uint32(buf[2:])
+
+ if z.form == finite {
++ if len(buf) < 10 {
++ return errors.New("Float.GobDecode: buffer too small for finite form float")
++ }
+ z.exp = int32(binary.BigEndian.Uint32(buf[6:]))
+ z.mant = z.mant.setBytes(buf[10:])
+ }
+diff --git a/src/math/big/floatmarsh_test.go b/src/math/big/floatmarsh_test.go
+index c056d78..401f45a 100644
+--- a/src/math/big/floatmarsh_test.go
++++ b/src/math/big/floatmarsh_test.go
+@@ -137,3 +137,15 @@ func TestFloatJSONEncoding(t *testing.T) {
+ }
+ }
+ }
++
++func TestFloatGobDecodeShortBuffer(t *testing.T) {
++ for _, tc := range [][]byte{
++ []byte{0x1, 0x0, 0x0, 0x0},
++ []byte{0x1, 0xfa, 0x0, 0x0, 0x0, 0x0},
++ } {
++ err := NewFloat(0).GobDecode(tc)
++ if err == nil {
++ t.Error("expected GobDecode to return error for malformed input")
++ }
++ }
++}
+diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go
+index fbc7b60..56102e8 100644
+--- a/src/math/big/ratmarsh.go
++++ b/src/math/big/ratmarsh.go
+@@ -45,12 +45,18 @@ func (z *Rat) GobDecode(buf []byte) error {
+ *z = Rat{}
+ return nil
+ }
++ if len(buf) < 5 {
++ return errors.New("Rat.GobDecode: buffer too small")
++ }
+ b := buf[0]
+ if b>>1 != ratGobVersion {
+ return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1)
+ }
+ const j = 1 + 4
+ i := j + binary.BigEndian.Uint32(buf[j-4:j])
++ if len(buf) < int(i) {
++ return errors.New("Rat.GobDecode: buffer too small")
++ }
+ z.a.neg = b&1 != 0
+ z.a.abs = z.a.abs.setBytes(buf[j:i])
+ z.b.abs = z.b.abs.setBytes(buf[i:])
+diff --git a/src/math/big/ratmarsh_test.go b/src/math/big/ratmarsh_test.go
+index 351d109..55a9878 100644
+--- a/src/math/big/ratmarsh_test.go
++++ b/src/math/big/ratmarsh_test.go
+@@ -123,3 +123,15 @@ func TestRatXMLEncoding(t *testing.T) {
+ }
+ }
+ }
++
++func TestRatGobDecodeShortBuffer(t *testing.T) {
++ for _, tc := range [][]byte{
++ []byte{0x2},
++ []byte{0x2, 0x0, 0x0, 0x0, 0xff},
++ } {
++ err := NewRat(1, 2).GobDecode(tc)
++ if err == nil {
++ t.Error("expected GobDecode to return error for malformed input")
++ }
++ }
++}
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 06/14] libxml2: Add fix for CVE-2016-3709
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 05/14] golang: CVE-2022-32189 a denial of service Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 07/14] cve-check: Don't use f-strings Steve Sakoman
` (7 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Pawan Badganchi <badganchipv@gmail.com>
Add below patch to fix CVE-2016-3709
CVE-2016-3709.patch
Link: https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f
Signed-off-by: Pawan Badganchi<pawan.badganchi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxml/libxml2/CVE-2016-3709.patch | 89 +++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 +
2 files changed, 90 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2016-3709.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-3709.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-3709.patch
new file mode 100644
index 0000000000..5301d05323
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-3709.patch
@@ -0,0 +1,89 @@
+From c1ba6f54d32b707ca6d91cb3257ce9de82876b6f Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 15 Aug 2020 18:32:29 +0200
+Subject: [PATCH] Revert "Do not URI escape in server side includes"
+
+This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
+
+This commit introduced
+
+- an infinite loop, found by OSS-Fuzz, which could be easily fixed.
+- an algorithm with quadratic runtime
+- a security issue, see
+ https://bugzilla.gnome.org/show_bug.cgi?id=769760
+
+A better approach is to add an option not to escape URLs at all
+which libxml2 should have possibly done in the first place.
+
+CVE: CVE-2016-3709
+Upstream-Status: Backport [https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
+---
+ HTMLtree.c | 49 +++++++++++--------------------------------------
+ 1 file changed, 11 insertions(+), 38 deletions(-)
+
+diff --git a/HTMLtree.c b/HTMLtree.c
+index 8d236bb35..cdb7f86a6 100644
+--- a/HTMLtree.c
++++ b/HTMLtree.c
+@@ -706,49 +706,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
+ (!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
+ ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
+ (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
++ xmlChar *escaped;
+ xmlChar *tmp = value;
+- /* xmlURIEscapeStr() escapes '"' so it can be safely used. */
+- xmlBufCCat(buf->buffer, "\"");
+
+ while (IS_BLANK_CH(*tmp)) tmp++;
+
+- /* URI Escape everything, except server side includes. */
+- for ( ; ; ) {
+- xmlChar *escaped;
+- xmlChar endChar;
+- xmlChar *end = NULL;
+- xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
+- if (start != NULL) {
+- end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
+- if (end != NULL) {
+- *start = '\0';
+- }
+- }
+-
+- /* Escape the whole string, or until start (set to '\0'). */
+- escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
+- if (escaped != NULL) {
+- xmlBufCat(buf->buffer, escaped);
+- xmlFree(escaped);
+- } else {
+- xmlBufCat(buf->buffer, tmp);
+- }
+-
+- if (end == NULL) { /* Everything has been written. */
+- break;
+- }
+-
+- /* Do not escape anything within server side includes. */
+- *start = '<'; /* Restore the first character of "<!--". */
+- end += 3; /* strlen("-->") */
+- endChar = *end;
+- *end = '\0';
+- xmlBufCat(buf->buffer, start);
+- *end = endChar;
+- tmp = end;
++ /*
++ * the < and > have already been escaped at the entity level
++ * And doing so here breaks server side includes
++ */
++ escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
++ if (escaped != NULL) {
++ xmlBufWriteQuotedString(buf->buffer, escaped);
++ xmlFree(escaped);
++ } else {
++ xmlBufWriteQuotedString(buf->buffer, value);
+ }
+-
+- xmlBufCCat(buf->buffer, "\"");
+ } else {
+ xmlBufWriteQuotedString(buf->buffer, value);
+ }
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index d1c1f0884f..dc62991739 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -33,6 +33,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://CVE-2022-29824-dependent.patch \
file://CVE-2022-29824.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
+ file://CVE-2016-3709.patch \
"
SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 07/14] cve-check: Don't use f-strings
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 06/14] libxml2: Add fix for CVE-2016-3709 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 08/14] vim: Upgrade 9.0.0115 -> 9.0.0242 Steve Sakoman
` (6 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Ernst Sjöstrand <ernstp@gmail.com>
Since we're keeping cve-check aligned between the active branches,
and dunfell is supported on Python 3.5, we can't use f-strings.
Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1821cf7464cbba521b55a9c128fe8812c0cc5eca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oe/cve_check.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 30fdc3e3dd..67f0644889 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -168,7 +168,7 @@ def get_cpe_ids(cve_product, version):
else:
vendor = "*"
- cpe_id = f'cpe:2.3:a:{vendor}:{product}:{version}:*:*:*:*:*:*:*'
+ cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
cpe_ids.append(cpe_id)
return cpe_ids
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 08/14] vim: Upgrade 9.0.0115 -> 9.0.0242
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 07/14] cve-check: Don't use f-strings Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 09/14] mobile-broadband-provider-info: upgrade 20220511 -> 20220725 Steve Sakoman
` (5 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for:
CVE-2022-2816
CVE-2022-2817
CVE-2022-2819
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2889
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 30883384f6..8f89699560 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0115"
-SRCREV = "6747cf1671bd41cddee77c65b3f9a70509f968db"
+PV .= ".0242"
+SRCREV = "171c683237149262665135c7d5841a89bb156f53"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 09/14] mobile-broadband-provider-info: upgrade 20220511 -> 20220725
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (7 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 08/14] vim: Upgrade 9.0.0115 -> 9.0.0242 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 10/14] tzdata: upgrade 2022a -> 2022b Steve Sakoman
` (4 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96185dac787e14fa9eb77d009653a2fd4d926e3f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../mobile-broadband-provider-info_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index e6f216e5cb..2cc92b7b47 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -5,8 +5,8 @@ SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "3d5c8d0f7e0264768a2c000d0fd4b4d4a991e041"
-PV = "20220511"
+SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5"
+PV = "20220725"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 10/14] tzdata: upgrade 2022a -> 2022b
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (8 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 09/14] mobile-broadband-provider-info: upgrade 20220511 -> 20220725 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 11/14] wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 Steve Sakoman
` (3 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b301d5203a4da0a0985670848126c5db762ddc86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index cdd1a2ac3c..2b956cf7c0 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2022a"
+PV = "2022b"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7"
-SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664"
+SRC_URI[tzcode.sha256sum] = "bab20d943e59a3218435f48d868a4e552f18d6d7f3dd128660c5660c80b8a05f"
+SRC_URI[tzdata.sha256sum] = "f590eaf04a395245426c2be4fae71c143aea5cebc11088b7a0a5704461df397d"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 11/14] wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (9 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 10/14] tzdata: upgrade 2022a -> 2022b Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 12/14] linux-yocto/5.4: update to v5.4.210 Steve Sakoman
` (2 subsequent siblings)
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 75386480abd1660a50c79d5987b77ccc43295511)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ireless-regdb_2022.06.06.bb => wireless-regdb_2022.08.12.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.06.06.bb => wireless-regdb_2022.08.12.bb} (94%)
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
index 91775bce5c..7165a9f9b3 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "ac00f97efecce5046ed069d1d93f3365fdf994c7c7854a8fc50831e959537230"
+SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84"
inherit bin_package allarch
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 12/14] linux-yocto/5.4: update to v5.4.210
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (10 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 11/14] wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 13/14] cryptodev-module: fix build with 5.11+ kernels Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 14/14] relocate_sdk.py: ensure interpreter size error causes relocation to fail Steve Sakoman
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
de0cd3ea700d Linux 5.4.210
b58882c69f66 x86/speculation: Add LFENCE to RSB fill sequence
f2f41ef0352d x86/speculation: Add RSB VM Exit protections
3a0ef79c6abe macintosh/adb: fix oob read in do_adb_query() function
54e1abbe8560 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
17c2356e467f selftests: KVM: Handle compiler optimizations in ucall
170465715a60 KVM: Don't null dereference ops->destroy
6098562ed9df selftests/bpf: Fix "dubious pointer arithmetic" test
6a9b3f0f3bad selftests/bpf: Fix test_align verifier log patterns
9d6f67365d9c bpf: Test_verifier, #70 error message updates for 32-bit right shift
751f05bc6f95 selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
7c1134c7da99 bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
a8ba72bbeda5 ACPI: APEI: Better fix to avoid spamming the console with old error logs
fa829bd4af43 ACPI: video: Shortening quirk list by identifying Clevo by board_name only
8ed6e5c5e23c ACPI: video: Force backlight native for some TongFang devices
828f4c31684d thermal: Fix NULL pointer dereferences in of_thermal_ functions
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 8e8fbb5b12..7f766090fb 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "f6c9d6db383201a730e8d638995eae82acd4d8e7"
-SRCREV_meta ?= "028688aaad2b64e353d771ba5505a8666cd01696"
+SRCREV_machine ?= "c3d41d0285529bdd90b4625dc5caaa9dcecf7c64"
+SRCREV_meta ?= "e1682f82a101d7b4561a9246010f1535fc6cf583"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.209"
+LINUX_VERSION ?= "5.4.210"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index cdccebeb1c..81e10b240c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.209"
+LINUX_VERSION ?= "5.4.210"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "8f087017ff03465fa8d318c06a7e4e072c533daf"
-SRCREV_machine ?= "a4b7263158de8713dc85c5171aed99e3424a9f7c"
-SRCREV_meta ?= "028688aaad2b64e353d771ba5505a8666cd01696"
+SRCREV_machine_qemuarm ?= "caaa7fd55f05c104ef33d0d01d8fb64c72de3f9b"
+SRCREV_machine ?= "d9ba497c67cb9905a8947d92c8b4a469309b354e"
+SRCREV_meta ?= "e1682f82a101d7b4561a9246010f1535fc6cf583"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 0f597fc3d6..876aa2f16d 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "4fefb5a57ecb9bc5c6aab38319f773b02c894e6b"
-SRCREV_machine_qemuarm64 ?= "407b5fa877ca8993a405542fa4c3d73584e8ea98"
-SRCREV_machine_qemumips ?= "1bfe5d39c9f954f0ac2480115f4750f39500d4f4"
-SRCREV_machine_qemuppc ?= "753def987b630ed41686223b5dc252436757e893"
-SRCREV_machine_qemuriscv64 ?= "90d5f03a7c79ccd5c02e0579049d22cf2686da9b"
-SRCREV_machine_qemux86 ?= "90d5f03a7c79ccd5c02e0579049d22cf2686da9b"
-SRCREV_machine_qemux86-64 ?= "90d5f03a7c79ccd5c02e0579049d22cf2686da9b"
-SRCREV_machine_qemumips64 ?= "b391bfc877fe8ae41e579ffd4bcd814b4ad438ea"
-SRCREV_machine ?= "90d5f03a7c79ccd5c02e0579049d22cf2686da9b"
-SRCREV_meta ?= "028688aaad2b64e353d771ba5505a8666cd01696"
+SRCREV_machine_qemuarm ?= "bccceefd95fc53e9b7c84f92401e5a660ded553c"
+SRCREV_machine_qemuarm64 ?= "4377f280ff917c050be6cf135fd3e371fdf5b2f2"
+SRCREV_machine_qemumips ?= "6ec4e71fdc85eab33422225750ad0eb3767e84a9"
+SRCREV_machine_qemuppc ?= "d03ef50c2e8d8508dc57369c7943bce6ddf1cfdf"
+SRCREV_machine_qemuriscv64 ?= "588ad034d1610fd31e575fff588e386cc672f972"
+SRCREV_machine_qemux86 ?= "588ad034d1610fd31e575fff588e386cc672f972"
+SRCREV_machine_qemux86-64 ?= "588ad034d1610fd31e575fff588e386cc672f972"
+SRCREV_machine_qemumips64 ?= "4a033c21edd6d4f5e1e9675cdde70e29f6346dbd"
+SRCREV_machine ?= "588ad034d1610fd31e575fff588e386cc672f972"
+SRCREV_meta ?= "e1682f82a101d7b4561a9246010f1535fc6cf583"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.209"
+LINUX_VERSION ?= "5.4.210"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 13/14] cryptodev-module: fix build with 5.11+ kernels
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (11 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 12/14] linux-yocto/5.4: update to v5.4.210 Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 14/14] relocate_sdk.py: ensure interpreter size error causes relocation to fail Steve Sakoman
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Anuj Mittal <anuj.mittal@intel.com>
Backport patch to fix:
| cryptodev-module/1.10-r0/git/ioctl.c:875:4: error: implicit declaration of function 'ksys_close'; did you mean 'ksys_chown'? [-Werror=implicit-function-declaration]
| 875 | ksys_close(fd);
| | ^~~~~~~~~~
| | ksys_chown
| cc1: some warnings being treated as errors
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../cryptodev/cryptodev-module_1.10.bb | 1 +
.../files/fix-build-for-Linux-5.11-rc1.patch | 32 +++++++++++++++++++
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-kernel/cryptodev/files/fix-build-for-Linux-5.11-rc1.patch
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
index e4f7d1e372..d7c7918515 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.10.bb
@@ -11,6 +11,7 @@ SRC_URI += " \
file://0001-Disable-installing-header-file-provided-by-another-p.patch \
file://0001-Fix-build-for-Linux-5.8-rc1.patch \
file://0001-Fix-build-for-Linux-5.9-rc1.patch \
+file://fix-build-for-Linux-5.11-rc1.patch \
"
EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/meta/recipes-kernel/cryptodev/files/fix-build-for-Linux-5.11-rc1.patch b/meta/recipes-kernel/cryptodev/files/fix-build-for-Linux-5.11-rc1.patch
new file mode 100644
index 0000000000..3ae77cb9d6
--- /dev/null
+++ b/meta/recipes-kernel/cryptodev/files/fix-build-for-Linux-5.11-rc1.patch
@@ -0,0 +1,32 @@
+From 55c6315058fc0dd189ffd116f2cc27ba4fa84cb6 Mon Sep 17 00:00:00 2001
+From: Joan Bruguera <joanbrugueram@gmail.com>
+Date: Mon, 28 Dec 2020 01:41:31 +0100
+Subject: [PATCH] Fix build for Linux 5.11-rc1
+
+ksys_close was removed, as far as I can tell, close_fd replaces it.
+
+See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8760c909f54a82aaa6e76da19afe798a0c77c3c3
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1572bfdf21d4d50e51941498ffe0b56c2289f783
+
+Upstream-Status: Backport [https://github.com/cryptodev-linux/cryptodev-linux/commit/55c6315058fc0dd189ffd116f2cc27ba4fa84cb6]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ ioctl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 3d332380..95481d4f 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -871,8 +871,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ if (unlikely(ret)) {
+ #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0))
+ sys_close(fd);
+-#else
++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0))
+ ksys_close(fd);
++#else
++ close_fd(fd);
+ #endif
+ return ret;
+ }
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 14/14] relocate_sdk.py: ensure interpreter size error causes relocation to fail
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
` (12 preceding siblings ...)
2022-08-29 21:02 ` [OE-core][dunfell 13/14] cryptodev-module: fix build with 5.11+ kernels Steve Sakoman
@ 2022-08-29 21:02 ` Steve Sakoman
13 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-29 21:02 UTC (permalink / raw)
To: openembedded-core
From: Paul Eggleton <paul.eggleton@microsoft.com>
If there is insufficent space to change the interpreter, we were
printing an error here but the overall script did not return an error
code, and thus the SDK installation appeared to succeed - but some of
the binaries will not be in a working state. Allow the relocation to
proceed (so we still get a full list of the failures) but error out at
the end so that the installation is halted.
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c5a9a448e462d3e5457e8403c5a1a54148ecd224)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/relocate_sdk.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/scripts/relocate_sdk.py b/scripts/relocate_sdk.py
index 8c0fdb986a..8079d13750 100755
--- a/scripts/relocate_sdk.py
+++ b/scripts/relocate_sdk.py
@@ -97,11 +97,12 @@ def change_interpreter(elf_file_name):
if (len(new_dl_path) >= p_filesz):
print("ERROR: could not relocate %s, interp size = %i and %i is needed." \
% (elf_file_name, p_memsz, len(new_dl_path) + 1))
- break
+ return False
dl_path = new_dl_path + b("\0") * (p_filesz - len(new_dl_path))
f.seek(p_offset)
f.write(dl_path)
break
+ return True
def change_dl_sysdirs(elf_file_name):
if arch == 32:
@@ -215,6 +216,7 @@ else:
executables_list = sys.argv[3:]
+errors = False
for e in executables_list:
perms = os.stat(e)[stat.ST_MODE]
if os.access(e, os.W_OK|os.R_OK):
@@ -240,7 +242,8 @@ for e in executables_list:
arch = get_arch()
if arch:
parse_elf_header()
- change_interpreter(e)
+ if not change_interpreter(e):
+ errors = True
change_dl_sysdirs(e)
""" change permissions back """
@@ -253,3 +256,6 @@ for e in executables_list:
print("New file size for %s is different. Looks like a relocation error!", e)
sys.exit(-1)
+if errors:
+ print("Relocation of one or more executables failed.")
+ sys.exit(-1)
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2023-03-21 14:20 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2023-03-21 14:20 UTC (permalink / raw)
To: openembedded-core
Please review these patches for dunfell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5073
The following changes since commit efb1a73a13907bed3acac8e06053aef3e2ef57f5:
build-appliance-image: Update to dunfell head revision (2023-03-15 23:09:39 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alban Bedel (1):
systemd: Fix systemd when used with busybox less
Andrej Valek (1):
libarchive: fix CVE-2022-26280
Chee Yang Lee (2):
ghostscript: add CVE tag for
check-stack-limits-after-function-evalution.patch
libksba: fix CVE-2022-3515
Hitendra Prajapati (1):
QEMU: CVE-2022-4144 QXL: qxl_phys2virt unsafe address translation can
lead to out-of-bounds read
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Richard Purdie (4):
staging: Separate out different multiconfig manifests
staging/multilib: Fix manifest corruption
glibc: Add missing binutils dependency
base-files: Drop localhost.localdomain from hosts file
Ross Burton (2):
vim: upgrade to 9.0.1403
vim: set modified-by to the recipe MAINTAINER
meta/classes/multilib.bbclass | 1 +
meta/classes/populate_sdk_ext.bbclass | 2 +-
meta/classes/staging.bbclass | 4 +
meta/classes/toolchain-scripts.bbclass | 2 +-
meta/recipes-core/base-files/base-files/hosts | 2 +-
meta/recipes-core/glibc/glibc.inc | 4 +-
meta/recipes-core/meta/buildtools-tarball.bb | 2 +-
.../systemd/systemd/systemd-pager.sh | 7 ++
meta/recipes-core/systemd/systemd_244.5.bb | 5 +
meta/recipes-devtools/qemu/qemu.inc | 9 +-
.../qemu/qemu/CVE-2022-4144.patch | 103 ++++++++++++++++++
...tack-limits-after-function-evalution.patch | 2 +-
.../libarchive/CVE-2022-26280.patch | 29 +++++
.../libarchive/libarchive_3.4.2.bb | 1 +
.../libksba/libksba/CVE-2022-3515.patch | 47 ++++++++
meta/recipes-support/libksba/libksba_1.3.5.bb | 1 +
meta/recipes-support/vim/vim.inc | 8 +-
17 files changed, 215 insertions(+), 14 deletions(-)
create mode 100644 meta/recipes-core/systemd/systemd/systemd-pager.sh
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2022-26280.patch
create mode 100644 meta/recipes-support/libksba/libksba/CVE-2022-3515.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2023-06-22 15:31 Steve Sakoman
2023-08-02 12:05 ` Marta Rybczynska
0 siblings, 1 reply; 30+ messages in thread
From: Steve Sakoman @ 2023-06-22 15:31 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5493
The following changes since commit 77f6fbfa18b4ad77c3756cfdc45d441a20210781:
build-appliance-image: Update to dunfell head revision (2023-06-17 09:47:49 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Abdellatif El Khlifi (1):
kernel-fitimage: adding support for Initramfs bundle and u-boot script
Andrej Valek (1):
kernel-fitimage: use correct kernel image
Hitendra Prajapati (1):
openssl: CVE-2023-2650 Possible DoS translating ASN.1 object
identifiers
Ian Ray (1):
systemd-systemctl: support instance expansion in WantedBy
Jan Vermaete (1):
cve-update-nvd2-native: added the missing http import
Marta Rybczynska (1):
cve-update-nvd2-native: new CVE database fetcher
Martin Siegumfeldt (1):
systemd-systemctl: fix instance template WantedBy symlink construction
Michael Halstead (4):
uninative: Upgrade to 3.8.1 to include libgcc
uninative: Upgrade to 3.9 to include glibc 2.37
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Richard Purdie (1):
uninative: Ensure uninative is enabled in all cases for BuildStarted
event
Sanjay Chitroda (1):
cups: Fix CVE-2023-32324
Steve Sakoman (1):
uninative.bbclass: handle read only files outside of patchelf
meta/classes/cve-check.bbclass | 4 +-
meta/classes/kernel-fitimage.bbclass | 142 ++++++--
meta/classes/uninative.bbclass | 4 +
meta/conf/distro/include/yocto-uninative.inc | 10 +-
.../openssl/openssl/CVE-2023-2650.patch | 122 +++++++
.../openssl/openssl_1.1.1t.bb | 1 +
.../meta/cve-update-nvd2-native.bb | 334 ++++++++++++++++++
.../systemd/systemd-systemctl/systemctl | 8 +-
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-32324.patch | 36 ++
10 files changed, 629 insertions(+), 33 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch
create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core][dunfell 00/14] Patch review
2023-06-22 15:31 Steve Sakoman
@ 2023-08-02 12:05 ` Marta Rybczynska
0 siblings, 0 replies; 30+ messages in thread
From: Marta Rybczynska @ 2023-08-02 12:05 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2867 bytes --]
On Thu, Jun 22, 2023 at 5:31 PM Steve Sakoman <steve@sakoman.com> wrote:
> Please review this set of changes for dunfell and have comments back by
> end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5493
>
> The following changes since commit
> 77f6fbfa18b4ad77c3756cfdc45d441a20210781:
>
> build-appliance-image: Update to dunfell head revision (2023-06-17
> 09:47:49 -1000)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib
> stable/dunfell-nut
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
>
> Abdellatif El Khlifi (1):
> kernel-fitimage: adding support for Initramfs bundle and u-boot script
>
> Andrej Valek (1):
> kernel-fitimage: use correct kernel image
>
> Hitendra Prajapati (1):
> openssl: CVE-2023-2650 Possible DoS translating ASN.1 object
> identifiers
>
> Ian Ray (1):
> systemd-systemctl: support instance expansion in WantedBy
>
> Jan Vermaete (1):
> cve-update-nvd2-native: added the missing http import
>
> Marta Rybczynska (1):
> cve-update-nvd2-native: new CVE database fetcher
>
> Martin Siegumfeldt (1):
> systemd-systemctl: fix instance template WantedBy symlink construction
>
> Michael Halstead (4):
> uninative: Upgrade to 3.8.1 to include libgcc
> uninative: Upgrade to 3.9 to include glibc 2.37
> uninative: Upgrade to 3.10 to support gcc 13
> uninative: Upgrade to 4.0 to include latest gcc 13.1.1
>
> Richard Purdie (1):
> uninative: Ensure uninative is enabled in all cases for BuildStarted
> event
>
> Sanjay Chitroda (1):
> cups: Fix CVE-2023-32324
>
> Steve Sakoman (1):
> uninative.bbclass: handle read only files outside of patchelf
>
> meta/classes/cve-check.bbclass | 4 +-
> meta/classes/kernel-fitimage.bbclass | 142 ++++++--
> meta/classes/uninative.bbclass | 4 +
> meta/conf/distro/include/yocto-uninative.inc | 10 +-
> .../openssl/openssl/CVE-2023-2650.patch | 122 +++++++
> .../openssl/openssl_1.1.1t.bb | 1 +
> .../meta/cve-update-nvd2-native.bb | 334 ++++++++++++++++++
> .../systemd/systemd-systemctl/systemctl | 8 +-
> meta/recipes-extended/cups/cups.inc | 1 +
> .../cups/cups/CVE-2023-32324.patch | 36 ++
> 10 files changed, 629 insertions(+), 33 deletions(-)
> create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch
> create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
> create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
>
>
Tested this version for the CVE fetcher backport to dunfell, no unexpected
issues seen.
Kind regards,
Marta
[-- Attachment #2: Type: text/html, Size: 4051 bytes --]
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2023-08-25 2:47 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2023-08-25 2:47 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Satuday, August 26.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5779
The following changes since commit b70a8333a7467162b9d148b99f5970c0af2a531f:
kernel: skip installing fitImage when using Initramfs bundles (2023-08-12 05:38:11 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Ashish Sharma (1):
curl: Backport fix CVE-2023-32001
BELOUARGA Mohamed (1):
linux-firmware : Add firmware of RTL8822 serie
Chee Yang Lee (1):
tiff: CVE-2022-3599.patch also fix CVE-2022-4645 CVE-2023-30774
Dmitry Baryshkov (2):
linux-firmware: package firmare for Dragonboard 410c
linux-firmware: split platform-specific Adreno shaders to separate
packages
Jasper Orschulko (1):
cve_check: Fix cpe_id generation
Kai Kang (1):
grub2.inc: remove '-O2' from CFLAGS
Michael Halstead (2):
yocto-uninative: Update hashes for uninative 4.1
yocto-uninative: Update to 4.2 for glibc 2.38
Ross Burton (1):
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
Trevor Gamblin (1):
linux-firmware: upgrade 20230515 -> 20230625
Vijay Anusuri (1):
elfutils: Backport fix for CVE-2021-33294
Wang Mingyu (1):
libnss-nis: upgrade 3.1 -> 3.2
Yoann Congal (1):
recipetool: Fix inherit in created -native* recipes
meta/conf/distro/include/yocto-uninative.inc | 10 +--
meta/lib/oe/cve_check.py | 2 +-
meta/lib/oeqa/runtime/cases/rpm.py | 4 +-
meta/recipes-bsp/grub/grub2.inc | 2 +
.../elfutils/elfutils_0.178.bb | 1 +
.../elfutils/files/CVE-2021-33294.patch | 72 +++++++++++++++++++
.../recipes-extended/libnss-nis/libnss-nis.bb | 4 +-
...20230515.bb => linux-firmware_20230625.bb} | 37 +++++++---
.../libtiff/files/CVE-2022-3599.patch | 2 +-
.../curl/curl/CVE-2023-32001.patch | 38 ++++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
scripts/lib/recipetool/create.py | 4 ++
12 files changed, 158 insertions(+), 19 deletions(-)
create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230515.bb => linux-firmware_20230625.bb} (96%)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][dunfell 00/14] Patch review
@ 2023-09-12 13:53 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2023-09-12 13:53 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 14.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5868
The following changes since commit c953ccba6c2a334cc58a97eee073bdb51a68f1d3:
linux/cve-exclusion: remove obsolete manual entries (2023-08-31 04:26:32 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Anuj Mittal (4):
glibc/check-test-wrapper: don't emit warnings from ssh
selftest/cases/glibc.py: increase the memory for testing
oeqa/utils/nfs: allow requesting non-udp ports
selftest/cases/glibc.py: switch to using NFS over TCP
Ashish Sharma (1):
qemu: Backport fix CVE-2023-3180
Michael Halstead (2):
yocto-uninative: Update to 4.3
resulttool/resultutils: allow index generation despite corrupt json
Priyal Doshi (1):
rootfs-post: remove traling blanks from tasks
Richard Purdie (2):
oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
oeqa/runtime/ltp: Increase ltp test output timeout
Shubham Kulkarni (1):
openssh: Securiry fix for CVE-2023-38408
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Vijay Anusuri (2):
bind: Backport fix for CVE-2023-2828
qemu: Backport fix for CVE-2023-0330
meta/classes/kernel.bbclass | 7 +-
meta/classes/rootfs-postcommands.bbclass | 6 +-
meta/classes/rootfsdebugfiles.bbclass | 2 +-
meta/conf/distro/include/yocto-uninative.inc | 8 +-
meta/lib/oeqa/core/target/ssh.py | 3 +
meta/lib/oeqa/runtime/cases/ltp.py | 2 +-
meta/lib/oeqa/selftest/cases/glibc.py | 6 +-
meta/lib/oeqa/utils/nfs.py | 4 +-
.../bind/bind/CVE-2023-2828.patch | 166 +++++
.../recipes-connectivity/bind/bind_9.11.37.bb | 1 +
.../openssh/openssh/CVE-2023-38408-01.patch | 189 ++++++
.../openssh/openssh/CVE-2023-38408-02.patch | 581 ++++++++++++++++++
.../openssh/openssh/CVE-2023-38408-03.patch | 171 ++++++
.../openssh/openssh/CVE-2023-38408-04.patch | 34 +
.../openssh/openssh/CVE-2023-38408-05.patch | 194 ++++++
.../openssh/openssh/CVE-2023-38408-06.patch | 73 +++
.../openssh/openssh/CVE-2023-38408-07.patch | 125 ++++
.../openssh/openssh/CVE-2023-38408-08.patch | 315 ++++++++++
.../openssh/openssh/CVE-2023-38408-09.patch | 38 ++
.../openssh/openssh/CVE-2023-38408-10.patch | 39 ++
.../openssh/openssh/CVE-2023-38408-11.patch | 307 +++++++++
.../openssh/openssh/CVE-2023-38408-12.patch | 120 ++++
.../openssh/openssh_8.2p1.bb | 12 +
.../glibc/glibc/check-test-wrapper | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 4 +-
...-2023-0330.patch => CVE-2023-0330_1.patch} | 0
.../qemu/qemu/CVE-2023-0330_2.patch | 135 ++++
.../qemu/qemu/CVE-2023-3180.patch | 49 ++
scripts/lib/resulttool/resultutils.py | 6 +-
29 files changed, 2579 insertions(+), 20 deletions(-)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2023-2828.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-01.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-02.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-03.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-04.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-05.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-07.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-08.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-09.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-11.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-12.patch
rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330.patch => CVE-2023-0330_1.patch} (100%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
end of thread, other threads:[~2023-09-12 13:53 UTC | newest]
Thread overview: 30+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-29 21:02 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 01/14] libtiff: CVE-2022-34526 A stack overflow was discovered Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 02/14] golang: fix CVE-2022-30629 and CVE-2022-30631 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 03/14] golang: fix CVE-2022-30632 and CVE-2022-30633 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 04/14] golang: fix CVE-2022-30635 and CVE-2022-32148 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 05/14] golang: CVE-2022-32189 a denial of service Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 06/14] libxml2: Add fix for CVE-2016-3709 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 07/14] cve-check: Don't use f-strings Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 08/14] vim: Upgrade 9.0.0115 -> 9.0.0242 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 09/14] mobile-broadband-provider-info: upgrade 20220511 -> 20220725 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 10/14] tzdata: upgrade 2022a -> 2022b Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 11/14] wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 12/14] linux-yocto/5.4: update to v5.4.210 Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 13/14] cryptodev-module: fix build with 5.11+ kernels Steve Sakoman
2022-08-29 21:02 ` [OE-core][dunfell 14/14] relocate_sdk.py: ensure interpreter size error causes relocation to fail Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-09-12 13:53 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2023-08-25 2:47 Steve Sakoman
2023-06-22 15:31 Steve Sakoman
2023-08-02 12:05 ` Marta Rybczynska
2023-03-21 14:20 Steve Sakoman
2022-07-07 21:59 Steve Sakoman
2022-06-08 14:46 Steve Sakoman
2022-05-11 18:19 Steve Sakoman
2021-12-22 14:12 Steve Sakoman
[not found] <16B6626DB9B02798.14836@lists.openembedded.org>
2021-11-11 14:16 ` Steve Sakoman
2021-11-11 4:08 Steve Sakoman
2021-06-28 15:05 Steve Sakoman
2021-06-29 0:13 ` [dunfell " Minjae Kim
2021-06-29 14:09 ` [OE-core] " Steve Sakoman
2020-10-22 15:51 [OE-core][dunfell " Steve Sakoman
2020-10-09 14:18 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox