* [OE-core][kirkstone 01/22] epiphany: Security fix for CVE-2023-26081
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 02/22] glibc: Security fix for CVE-2023-0687 Steve Sakoman
` (20 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Siddharth Doshi <sdoshi@mvista.com>
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 +
.../epiphany/files/CVE-2023-26081.patch | 90 +++++++++++++++++++
2 files changed, 91 insertions(+)
create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
diff --git a/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/meta/recipes-gnome/epiphany/epiphany_42.4.bb
index 9efd2800da..98923a3bdc 100644
--- a/meta/recipes-gnome/epiphany/epiphany_42.4.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_42.4.bb
@@ -27,6 +27,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN
file://0002-help-meson.build-disable-the-use-of-yelp.patch \
file://migrator.patch \
file://distributor.patch \
+ file://CVE-2023-26081.patch \
"
SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860"
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
new file mode 100644
index 0000000000..af1e20bd8f
--- /dev/null
+++ b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
@@ -0,0 +1,90 @@
+From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 3 Feb 2023 13:07:15 -0600
+Subject: [PATCH] Don't autofill passwords in sandboxed contexts
+
+If using the sandbox CSP or iframe tag, the web content is supposed to
+be not trusted by the main resource origin. Therefore, we'd better
+disable the password manager entirely so the untrusted web content
+cannot exfiltrate passwords.
+
+https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
+CVE: CVE-2023-26081
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ .../resources/js/ephy.js | 26 +++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js
+index 38b806f..44d1792 100644
+--- a/embed/web-process-extension/resources/js/ephy.js
++++ b/embed/web-process-extension/resources/js/ephy.js
+@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function()
+ }
+ };
+
++Ephy.isSandboxedWebContent = function()
++{
++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
++ return self.origin === null || self.origin === 'null';
++};
++
+ Ephy.PasswordManager = class PasswordManager
+ {
+ constructor(pageID, frameID)
+@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ query(origin, targetOrigin, username, usernameField, passwordField)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`);
+
+ return new Promise((resolver, reject) => {
+@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ save(origin, targetOrigin, username, password, usernameField, passwordField, isNew)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerSave.postMessage({
+@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager
+ // FIXME: Why is pageID a parameter here?
+ requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
+@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ queryUsernames(origin)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Requesting usernames for origin=${origin}`);
+
+ return new Promise((resolver, reject) => {
+--
+2.35.5
+
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 02/22] glibc: Security fix for CVE-2023-0687
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 01/22] epiphany: Security fix for CVE-2023-26081 Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 03/22] gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code Steve Sakoman
` (19 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Shubham Kulkarni <skulkarni@mvista.com>
Backport from https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glibc/glibc/CVE-2023-0687.patch | 82 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 83 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch b/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch
new file mode 100644
index 0000000000..10c7e5666d
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch
@@ -0,0 +1,82 @@
+From 952aff5c00ad7c6b83c3f310f2643939538827f8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?=
+ =?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= <leo@yuriev.ru>
+Date: Sat, 4 Feb 2023 14:41:38 +0300
+Subject: [PATCH] gmon: Fix allocated buffer overflow (bug 29444)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The `__monstartup()` allocates a buffer used to store all the data
+accumulated by the monitor.
+
+The size of this buffer depends on the size of the internal structures
+used and the address range for which the monitor is activated, as well
+as on the maximum density of call instructions and/or callable functions
+that could be potentially on a segment of executable code.
+
+In particular a hash table of arcs is placed at the end of this buffer.
+The size of this hash table is calculated in bytes as
+ p->fromssize = p->textsize / HASHFRACTION;
+
+but actually should be
+ p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
+
+This results in writing beyond the end of the allocated buffer when an
+added arc corresponds to a call near from the end of the monitored
+address range, since `_mcount()` check the incoming caller address for
+monitored range but not the intermediate result hash-like index that
+uses to write into the table.
+
+It should be noted that when the results are output to `gmon.out`, the
+table is read to the last element calculated from the allocated size in
+bytes, so the arcs stored outside the buffer boundary did not fall into
+`gprof` for analysis. Thus this "feature" help me to found this bug
+during working with https://sourceware.org/bugzilla/show_bug.cgi?id=29438
+
+Just in case, I will explicitly note that the problem breaks the
+`make test t=gmon/tst-gmon-dso` added for Bug 29438.
+There, the arc of the `f3()` call disappears from the output, since in
+the DSO case, the call to `f3` is located close to the end of the
+monitored range.
+
+Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
+
+Another minor error seems a related typo in the calculation of
+`kcountsize`, but since kcounts are smaller than froms, this is
+actually to align the p->froms data.
+
+Co-authored-by: DJ Delorie <dj@redhat.com>
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc]
+CVE: CVE-2023-0687
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ gmon/gmon.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/gmon/gmon.c b/gmon/gmon.c
+index dee6480..bf76358 100644
+--- a/gmon/gmon.c
++++ b/gmon/gmon.c
+@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc)
+ p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER));
+ p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER));
+ p->textsize = p->highpc - p->lowpc;
++ /* This looks like a typo, but it's here to align the p->froms
++ section. */
+ p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms));
+ p->hashfraction = HASHFRACTION;
+ p->log_hashfraction = -1;
+@@ -142,7 +144,7 @@ __monstartup (u_long lowpc, u_long highpc)
+ instead of integer division. Precompute shift amount. */
+ p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1;
+ }
+- p->fromssize = p->textsize / HASHFRACTION;
++ p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
+ p->tolimit = p->textsize * ARCDENSITY / 100;
+ if (p->tolimit < MINARCS)
+ p->tolimit = MINARCS;
+--
+2.7.4
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index df847e76bf..29fcb1d627 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -50,6 +50,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
+ file://CVE-2023-0687.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 03/22] gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 01/22] epiphany: Security fix for CVE-2023-26081 Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 02/22] glibc: Security fix for CVE-2023-0687 Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 04/22] harfbuzz: Security fix for CVE-2023-25193 Steve Sakoman
` (18 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Vivek Kumbhar <vkumbhar@mvista.com>
Remove branching that depends on secret data.
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gnutls/gnutls/CVE-2023-0361.patch | 85 +++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.7.4.bb | 1 +
2 files changed, 86 insertions(+)
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch b/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
new file mode 100644
index 0000000000..943f4ca704
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
@@ -0,0 +1,85 @@
+From 80a6ce8ddb02477cd724cd5b2944791aaddb702a Mon Sep 17 00:00:00 2001
+From: Alexander Sosedkin <asosedkin@redhat.com>
+Date: Tue, 9 Aug 2022 16:05:53 +0200
+Subject: [PATCH] auth/rsa: side-step potential side-channel
+
+Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
+Signed-off-by: Hubert Kario <hkario@redhat.com>
+Tested-by: Hubert Kario <hkario@redhat.com>
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a
+ https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558]
+CVE: CVE-2023-0361
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ lib/auth/rsa.c | 30 +++---------------------------
+ 1 file changed, 3 insertions(+), 27 deletions(-)
+
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 8108ee8..858701f 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -155,13 +155,10 @@ static int
+ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
+ {
+- const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
+ gnutls_datum_t ciphertext;
+ int ret, dsize;
+ ssize_t data_size = _data_size;
+ volatile uint8_t ver_maj, ver_min;
+- volatile uint8_t check_ver_min;
+- volatile uint32_t ok;
+
+ #ifdef ENABLE_SSL3
+ if (get_num_version(session) == GNUTLS_SSL3) {
+@@ -187,7 +184,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+
+ ver_maj = _gnutls_get_adv_version_major(session);
+ ver_min = _gnutls_get_adv_version_minor(session);
+- check_ver_min = (session->internals.allow_wrong_pms == 0);
+
+ session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
+ if (session->key.key.data == NULL) {
+@@ -206,10 +202,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ return ret;
+ }
+
+- ret =
+- gnutls_privkey_decrypt_data2(session->internals.selected_key,
+- 0, &ciphertext, session->key.key.data,
+- session->key.key.size);
++ gnutls_privkey_decrypt_data2(session->internals.selected_key,
++ 0, &ciphertext, session->key.key.data,
++ session->key.key.size);
+ /* After this point, any conditional on failure that cause differences
+ * in execution may create a timing or cache access pattern side
+ * channel that can be used as an oracle, so treat very carefully */
+@@ -225,25 +220,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
+ */
+
+- /* ok is 0 in case of error and 1 in case of success. */
+-
+- /* if ret < 0 */
+- ok = CONSTCHECK_EQUAL(ret, 0);
+- /* session->key.key.data[0] must equal ver_maj */
+- ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj);
+- /* if check_ver_min then session->key.key.data[1] must equal ver_min */
+- ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
+- CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
+-
+- if (ok) {
+- /* call logging function unconditionally so all branches are
+- * indistinguishable for timing and cache access when debug
+- * logging is disabled */
+- _gnutls_no_log("%s", attack_error);
+- } else {
+- _gnutls_debug_log("%s", attack_error);
+- }
+-
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+--
+2.25.1
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb
index fb06337efb..fcd9af05dc 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb
@@ -22,6 +22,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
file://CVE-2022-2509.patch \
+ file://CVE-2023-0361.patch \
"
SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 04/22] harfbuzz: Security fix for CVE-2023-25193
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-03-15 14:00 ` [OE-core][kirkstone 03/22] gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 05/22] tiff: fix multiple CVEs Steve Sakoman
` (17 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Siddharth Doshi <sdoshi@mvista.com>
Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../harfbuzz/CVE-2023-25193-pre1.patch | 135 +++++++++++++
.../harfbuzz/harfbuzz/CVE-2023-25193.patch | 185 ++++++++++++++++++
.../harfbuzz/harfbuzz_4.0.1.bb | 4 +-
3 files changed, 323 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
new file mode 100644
index 0000000000..6721b1bd70
--- /dev/null
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
@@ -0,0 +1,135 @@
+From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 13:08:52 -0700
+Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match()
+
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324]
+Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP.
+Signed-off-by: Siddharth <sdoshi@mvista.com>
+---
+ src/hb-ot-layout-gsubgpos.hh | 94 +++++++++++++++++++++---------------
+ 1 file changed, 54 insertions(+), 40 deletions(-)
+
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index d9a068c..d17a4da 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -522,33 +522,52 @@ struct hb_ot_apply_context_t :
+ may_skip (const hb_glyph_info_t &info) const
+ { return matcher.may_skip (c, info); }
+
++ enum match_t {
++ MATCH,
++ NOT_MATCH,
++ SKIP
++ };
++
++ match_t match (hb_glyph_info_t &info)
++ {
++ matcher_t::may_skip_t skip = matcher.may_skip (c, info);
++ if (unlikely (skip == matcher_t::SKIP_YES))
++ return SKIP;
++
++ matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
++ if (match == matcher_t::MATCH_YES ||
++ (match == matcher_t::MATCH_MAYBE &&
++ skip == matcher_t::SKIP_NO))
++ return MATCH;
++
++ if (skip == matcher_t::SKIP_NO)
++ return NOT_MATCH;
++
++ return SKIP;
++ }
++
+ bool next (unsigned *unsafe_to = nullptr)
+ {
+ assert (num_items > 0);
+ while (idx + num_items < end)
+ {
+ idx++;
+- const hb_glyph_info_t &info = c->buffer->info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+- continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+- num_items--;
+- if (match_glyph_data) match_glyph_data++;
+- return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->info[idx]))
+ {
+- if (unsafe_to)
+- *unsafe_to = idx + 1;
+- return false;
++ case MATCH:
++ {
++ num_items--;
++ if (match_glyph_data) match_glyph_data++;
++ return true;
++ }
++ case NOT_MATCH:
++ {
++ if (unsafe_to)
++ *unsafe_to = idx + 1;
++ return false;
++ }
++ case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_to)
+@@ -561,27 +580,22 @@ struct hb_ot_apply_context_t :
+ while (idx > num_items - 1)
+ {
+ idx--;
+- const hb_glyph_info_t &info = c->buffer->out_info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+- continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+- num_items--;
+- if (match_glyph_data) match_glyph_data++;
+- return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->out_info[idx]))
+ {
+- if (unsafe_from)
+- *unsafe_from = hb_max (1u, idx) - 1u;
+- return false;
++ case MATCH:
++ {
++ num_items--;
++ if (match_glyph_data) match_glyph_data++;
++ return true;
++ }
++ case NOT_MATCH:
++ {
++ if (unsafe_from)
++ *unsafe_from = hb_max (1u, idx) - 1u;
++ return false;
++ }
++ case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_from)
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
new file mode 100644
index 0000000000..a1ec1422cc
--- /dev/null
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
@@ -0,0 +1,185 @@
+From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 14:51:25 -0700
+Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment
+
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
+Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc] causes regression and was reverted. This Patch completes the fix.
+Comment2: The Patch contained files MarkBasePosFormat1.hh and MarkLigPosFormat1.hh which were moved from hb-ot-layout-gpos-table.hh as per https://github.com/harfbuzz/harfbuzz/commit/197d9a5c994eb41c8c89b7b958b26b1eacfeeb00
+CVE: CVE-2023-25193
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ src/hb-ot-layout-gpos-table.hh | 98 ++++++++++++++++++++++------------
+ src/hb-ot-layout-gsubgpos.hh | 5 +-
+ 2 files changed, 68 insertions(+), 35 deletions(-)
+
+diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh
+index 2f9186a..46b09d0 100644
+--- a/src/hb-ot-layout-gpos-table.hh
++++ b/src/hb-ot-layout-gpos-table.hh
+@@ -2150,6 +2150,25 @@ struct MarkBasePosFormat1
+
+ const Coverage &get_coverage () const { return this+markCoverage; }
+
++ static inline bool accept (hb_buffer_t *buffer, unsigned idx)
++ {
++ /* We only want to attach to the first of a MultipleSubst sequence.
++ * https://github.com/harfbuzz/harfbuzz/issues/740
++ * Reject others...
++ * ...but stop if we find a mark in the MultipleSubst sequence:
++ * https://github.com/harfbuzz/harfbuzz/issues/1020 */
++ return !_hb_glyph_info_multiplied (&buffer->info[idx]) ||
++ 0 == _hb_glyph_info_get_lig_comp (&buffer->info[idx]) ||
++ (idx == 0 ||
++ _hb_glyph_info_is_mark (&buffer->info[idx - 1]) ||
++ !_hb_glyph_info_multiplied (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_id (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_id (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx - 1]) + 1
++ );
++ }
++
+ bool apply (hb_ot_apply_context_t *c) const
+ {
+ TRACE_APPLY (this);
+@@ -2157,47 +2176,46 @@ struct MarkBasePosFormat1
+ unsigned int mark_index = (this+markCoverage).get_coverage (buffer->cur().codepoint);
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+- /* Now we search backwards for a non-mark glyph */
++ /* Now we search backwards for a non-mark glyph.
++ * We don't use skippy_iter.prev() to avoid O(n^2) behavior. */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+- skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+- do {
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++ unsigned j;
++ for (j = buffer->idx; j > c->last_base_until; j--)
++ {
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1);
+- return_trace (false);
++ if (!accept (buffer, j - 1))
++ match = skippy_iter.SKIP;
+ }
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++ }
++ c->last_base_until = buffer->idx;
++ if (c->last_base == -1)
++ {
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
++ return_trace (false);
++ }
+
+- /* We only want to attach to the first of a MultipleSubst sequence.
+- * https://github.com/harfbuzz/harfbuzz/issues/740
+- * Reject others...
+- * ...but stop if we find a mark in the MultipleSubst sequence:
+- * https://github.com/harfbuzz/harfbuzz/issues/1020 */
+- if (!_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx]) ||
+- 0 == _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) ||
+- (skippy_iter.idx == 0 ||
+- _hb_glyph_info_is_mark (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx - 1]) + 1
+- ))
+- break;
+- skippy_iter.reject ();
+- } while (true);
++ unsigned idx = (unsigned) c->last_base;
+
+ /* Checking that matched glyph is actually a base glyph by GDEF is too strong; disabled */
+- //if (!_hb_glyph_info_is_base_glyph (&buffer->info[skippy_iter.idx])) { return_trace (false); }
++ //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); }
+
+- unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[skippy_iter.idx].codepoint);
++ unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[idx].codepoint);
+ if (base_index == NOT_COVERED)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (skippy_iter.idx, buffer->idx + 1);
++ buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1);
+ return_trace (false);
+ }
+
+- return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx));
++ return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, idx));
+ }
+
+ bool subset (hb_subset_context_t *c) const
+@@ -2423,20 +2441,32 @@ struct MarkLigPosFormat1
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+ /* Now we search backwards for a non-mark glyph */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+- skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++
++ unsigned j;
++ for (j = buffer->idx; j > c->last_base_until; j--)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1);
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++ }
++ c->last_base_until = buffer->idx;
++ if (c->last_base == -1)
++ {
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
+ return_trace (false);
+ }
+
++ j = (unsigned) c->last_base;
++
+ /* Checking that matched glyph is actually a ligature by GDEF is too strong; disabled */
+- //if (!_hb_glyph_info_is_ligature (&buffer->info[skippy_iter.idx])) { return_trace (false); }
++ //if (!_hb_glyph_info_is_ligature (&buffer->info[j])) { return_trace (false); }
+
+- unsigned int j = skippy_iter.idx;
+ unsigned int lig_index = (this+ligatureCoverage).get_coverage (buffer->info[j].codepoint);
+ if (lig_index == NOT_COVERED)
+ {
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index 65de131..d9a068c 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -641,6 +641,9 @@ struct hb_ot_apply_context_t :
+ uint32_t random_state;
+
+
++ signed last_base = -1; // GPOS uses
++ unsigned last_base_until = 0; // GPOS uses
++
+ hb_ot_apply_context_t (unsigned int table_index_,
+ hb_font_t *font_,
+ hb_buffer_t *buffer_) :
+@@ -673,7 +676,7 @@ struct hb_ot_apply_context_t :
+ iter_context.init (this, true);
+ }
+
+- void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; init_iters (); }
++ void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; last_base = -1; last_base_until = 0; init_iters (); }
+ void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); }
+ void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); }
+ void set_random (bool random_) { random = random_; }
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb b/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb
index bdbb322e42..f7dc61ebd5 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb
@@ -13,7 +13,9 @@ UPSTREAM_CHECK_REGEX = "harfbuzz-(?P<pver>\d+(\.\d+)+).tar"
SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.xz \
file://CVE-2022-33068.patch \
- file://0001-Fix-conditional.patch"
+ file://0001-Fix-conditional.patch \
+ file://CVE-2023-25193-pre1.patch \
+ file://CVE-2023-25193.patch"
SRC_URI[sha256sum] = "98f68777272db6cd7a3d5152bac75083cd52a26176d87bc04c8b3929d33bce49"
inherit meson pkgconfig lib_package gtk-doc gobject-introspection
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 05/22] tiff: fix multiple CVEs
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-03-15 14:00 ` [OE-core][kirkstone 04/22] harfbuzz: Security fix for CVE-2023-25193 Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 06/22] shadow: ignore CVE-2016-15024 Steve Sakoman
` (16 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
import patch from debian to fix
CVE-2022-48281
http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz
import patch from fedora to fix
CVE-2023-0800
CVE-2023-0801
CVE-2023-0802
CVE-2023-0803
CVE-2023-0804
https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d9ce9b37236f5c16ffba4572ad720aeb50edeee9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/tiff/CVE-2022-48281.patch | 26 ++++
.../CVE-2023-0800_0801_0802_0803_0804.patch | 128 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
3 files changed, 156 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-48281.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-0800_0801_0802_0803_0804.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-48281.patch
new file mode 100644
index 0000000000..4f8dc35251
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-48281.patch
@@ -0,0 +1,26 @@
+From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sat, 21 Jan 2023 15:58:10 +0000
+Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
+
+
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz]
+CVE: CVE-2022-48281
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: tiff-4.2.0/tools/tiffcrop.c
+===================================================================
+--- tiff-4.2.0.orig/tools/tiffcrop.c
++++ tiff-4.2.0/tools/tiffcrop.c
+@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data
+ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+- prev_cropsize = seg_buffs[0].size;
++ prev_cropsize = seg_buffs[1].size;
+ if (prev_cropsize < cropsize)
+ {
+ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0800_0801_0802_0803_0804.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0800_0801_0802_0803_0804.patch
new file mode 100644
index 0000000000..8372bc35f2
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0800_0801_0802_0803_0804.patch
@@ -0,0 +1,128 @@
+From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sun, 5 Feb 2023 15:53:15 +0000
+Subject: [PATCH] tiffcrop: added check for assumption on composite images
+ (fixes #496)
+
+tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action.
+
+Closes #496, #497, #498, #500, #501.
+
+Upstream-Status: Backport [import from fedora https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440 ]
+CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 66 insertions(+), 2 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 84e26ac6..480b927c 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -5329,18 +5329,39 @@
+
+ crop->regionlist[i].buffsize = buffsize;
+ crop->bufftotal += buffsize;
++ /* For composite images with more than one region, the
++ * combined_length or combined_width always needs to be equal,
++ * respectively.
++ * Otherwise, even the first section/region copy
++ * action might cause buffer overrun. */
+ if (crop->img_mode == COMPOSITE_IMAGES)
+ {
+ switch (crop->edge_ref)
+ {
+ case EDGE_LEFT:
+ case EDGE_RIGHT:
++ if (i > 0 && zlength != crop->combined_length)
++ {
++ TIFFError(
++ "computeInputPixelOffsets",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (-1);
++ }
+ crop->combined_length = zlength;
+ crop->combined_width += zwidth;
+ break;
+ case EDGE_BOTTOM:
+ case EDGE_TOP: /* width from left, length from top */
+ default:
++ if (i > 0 && zwidth != crop->combined_width)
++ {
++ TIFFError("computeInputPixelOffsets",
++ "Only equal width regions can be "
++ "combined for -E "
++ "top or bottom");
++ return (-1);
++ }
+ crop->combined_width = zwidth;
+ crop->combined_length += zlength;
+ break;
+@@ -6546,6 +6567,46 @@
+ crop->combined_width = 0;
+ crop->combined_length = 0;
+
++ /* If there is more than one region, check beforehand whether all the width
++ * and length values of the regions are the same, respectively. */
++ switch (crop->edge_ref)
++ {
++ default:
++ case EDGE_TOP:
++ case EDGE_BOTTOM:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_width0 =
++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1;
++ uint32_t crop_width1 =
++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++ if (crop_width0 != crop_width1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal width regions can be combined for -E "
++ "top or bottom");
++ return (1);
++ }
++ }
++ break;
++ case EDGE_LEFT:
++ case EDGE_RIGHT:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_length0 =
++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1;
++ uint32_t crop_length1 =
++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
++ if (crop_length0 != crop_length1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (1);
++ }
++ }
++ }
++
+ for (i = 0; i < crop->selections; i++)
+ {
+ /* rows, columns, width, length are expressed in pixels */
+@@ -6570,7 +6631,8 @@
+ default:
+ case EDGE_TOP:
+ case EDGE_BOTTOM:
+- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width))
++ if ((crop->selections > i + 1) &&
++ (crop_width != crop->regionlist[i + 1].width))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal width regions can be combined for -E top or bottom");
+@@ -6651,7 +6713,8 @@
+ break;
+ case EDGE_LEFT: /* splice the pieces of each row together, side by side */
+ case EDGE_RIGHT:
+- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length))
++ if ((crop->selections > i + 1) &&
++ (crop_length != crop->regionlist[i + 1].length))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal length regions can be combined for -E left or right");
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index ef4fa97585..4bd485a10a 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -32,6 +32,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://0001-tiffcrop-S-option-Make-decision-simpler.patch \
file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \
file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
+ file://CVE-2022-48281.patch \
+ file://CVE-2023-0800_0801_0802_0803_0804.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 06/22] shadow: ignore CVE-2016-15024
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-03-15 14:00 ` [OE-core][kirkstone 05/22] tiff: fix multiple CVEs Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 07/22] libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Steve Sakoman
` (15 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2331e98abb09cbcd56625d65c4e5d258dc29dd04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/shadow/shadow_4.11.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/shadow/shadow_4.11.1.bb b/meta/recipes-extended/shadow/shadow_4.11.1.bb
index 40b11345c9..d1a3fd5593 100644
--- a/meta/recipes-extended/shadow/shadow_4.11.1.bb
+++ b/meta/recipes-extended/shadow/shadow_4.11.1.bb
@@ -9,3 +9,6 @@ BBCLASSEXTEND = "native nativesdk"
# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
CVE_CHECK_IGNORE += "CVE-2013-4235"
+
+# This is an issue for a different shadow
+CVE_CHECK_IGNORE += "CVE-2016-15024"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 07/22] libmicrohttpd: upgrade 0.9.75 -> 0.9.76
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-03-15 14:00 ` [OE-core][kirkstone 06/22] shadow: ignore CVE-2016-15024 Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:00 ` [OE-core][kirkstone 08/22] sudo: update 1.9.12p2 -> 1.9.13p3 Steve Sakoman
` (14 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Narpat Mali <narpat.mali@windriver.com>
Changelog:
============
Fix potential DoS vector in MHD_PostProcessor.(CVE-2023-27371)
Releasing GNU libmicrohttpd 0.9.76 hotfix.
https://github.com/Karlson2k/libmicrohttpd/blob/v0.9.76/ChangeLog
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{libmicrohttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libmicrohttpd/{libmicrohttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} (91%)
diff --git a/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb b/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
similarity index 91%
rename from meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
rename to meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
index 9c99af7c91..ad3c34ab9e 100644
--- a/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
+++ b/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
@@ -7,7 +7,7 @@ SECTION = "net"
DEPENDS = "file"
SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb"
+SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c"
inherit autotools lib_package pkgconfig gettext
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 08/22] sudo: update 1.9.12p2 -> 1.9.13p3
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-03-15 14:00 ` [OE-core][kirkstone 07/22] libmicrohttpd: upgrade 0.9.75 -> 0.9.76 Steve Sakoman
@ 2023-03-15 14:00 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 09/22] linux-yocto/5.15: update to v5.15.94 Steve Sakoman
` (13 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:00 UTC (permalink / raw)
To: openembedded-core
From: Xiangyu Chen <xiangyu.chen@windriver.com>
License-update: copyright years, formatting.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...o.conf.in-fix-conflict-with-multilib.patch | 21 ++++++++++---------
meta/recipes-extended/sudo/sudo.inc | 2 +-
.../{sudo_1.9.12p2.bb => sudo_1.9.13p3.bb} | 2 +-
3 files changed, 13 insertions(+), 12 deletions(-)
rename meta/recipes-extended/sudo/{sudo_1.9.12p2.bb => sudo_1.9.13p3.bb} (96%)
diff --git a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
index f4fc376bb8..041c717e00 100644
--- a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
+++ b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
@@ -1,4 +1,7 @@
-sudo.conf.in: fix conflict with multilib
+From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Tue, 17 Nov 2020 11:13:40 +0800
+Subject: [PATCH] sudo.conf.in: fix conflict with multilib
When pass ${libdir} to --libexecdir of sudo, it fails to install sudo
and lib32-sudo at same time:
@@ -12,12 +15,13 @@ Update the comments in sudo.conf.in to avoid the conflict.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Upstream-Status: Inappropriate [OE configuration specific]
+
---
examples/sudo.conf.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
-index 6535d3a..50afc8f 100644
+index 2187457..0908d24 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -4,7 +4,7 @@
@@ -33,8 +37,8 @@ index 6535d3a..50afc8f 100644
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_intercept.so file.
#
--#Path intercept @plugindir@/sudo_intercept.so
-+#Path intercept $plugindir/sudo_intercept.so
+-#Path intercept @intercept_file@
++#Path intercept $intercept_file
#
# Sudo noexec:
@@ -42,8 +46,8 @@ index 6535d3a..50afc8f 100644
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_noexec.so file.
#
--#Path noexec @plugindir@/sudo_noexec.so
-+#Path noexec $plugindir/sudo_noexec.so
+-#Path noexec @noexec_file@
++#Path noexec $noexec_file
#
# Sudo plugin directory:
@@ -55,7 +59,4 @@ index 6535d3a..50afc8f 100644
+#Path plugin_dir $plugindir
#
- # Sudo developer mode:
---
-2.17.1
-
+ # Core dumps:
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index fd5bbf103d..f22b3eab99 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws"
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=7aacba499777b719416b293d16f29c8c \
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/meta/recipes-extended/sudo/sudo_1.9.12p2.bb b/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.12p2.bb
rename to meta/recipes-extended/sudo/sudo_1.9.13p3.bb
index ae7207c081..2e11739470 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.12p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
@@ -8,7 +8,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539"
+SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 09/22] linux-yocto/5.15: update to v5.15.94
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-03-15 14:00 ` [OE-core][kirkstone 08/22] sudo: update 1.9.12p2 -> 1.9.13p3 Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 10/22] linux-yocto/5.15: update to v5.15.96 Steve Sakoman
` (12 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
e2c1a934fd8e Linux 5.15.94
17170acdc7c8 Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
5122e0e44363 KVM: x86: Mitigate the cross-thread return address predictions bug
8f12dcab90e8 x86/speculation: Identify processors vulnerable to SMT RSB predictions
e63c434de8b6 drm/i915: Fix VBT DSI DVO port handling
fc88c6838183 drm/i915: Initialize the obj flags for shmem objects
2e557c8ca2c5 drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
3af734f3eac6 Fix page corruption caused by racy check in __free_pages
c94ce5ea68dc arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
b796c02df37e arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive
5d9b771f53c1 arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
ac39dce11912 rtmutex: Ensure that the top waiter is always woken up
86f7e4239336 powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch
2907cf3f2ec7 riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
beb1cefa3ccd ceph: flush cap releases when the session is flushed
86733ab23933 clk: ingenic: jz4760: Update M/N/OD calculation algorithm
239e927eb2ea usb: typec: altmodes/displayport: Fix probe pin assign check
48aecce116e4 usb: core: add quirk for Alcor Link AK9563 smartcard reader
a8178bb1c776 btrfs: free device in btrfs_close_devices for a single device filesystem
8d13f2c3e2ba mptcp: be careful on subflow status propagation on errors
25141fb41191 net: USB: Fix wrong-direction WARNING in plusb.c
d1fba1e096ff cifs: Fix use-after-free in rdata->read_into_pages()
1b83e7e174d8 pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
f5f025b703e2 spi: dw: Fix wrong FIFO level setting for long xfers
71668706fbe7 pinctrl: single: fix potential NULL dereference
a2a1065739e9 pinctrl: aspeed: Fix confusing types in return value
99450163bcf6 pinctrl: mediatek: Fix the drive register definition of some Pins
9f0d2c268488 ASoC: topology: Return -ENOMEM on memory allocation failure
1a52ef89e369 riscv: stacktrace: Fix missing the first frame
5fb815433450 ALSA: pci: lx6464es: fix a debug loop
105ea562f6cf selftests: forwarding: lib: quote the sysctl values
528e3f3a4b53 rds: rds_rm_zerocopy_callback() use list_first_entry()
48d6d8f2f609 igc: Add ndo_tx_timeout support
62ff7dd961ab net/mlx5: Serialize module cleanup with reload and remove
95d2394f84f1 net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
ab7f3f6a9d9b net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
193528646ed2 net/mlx5e: IPoIB, Show unknown speed instead of error
7c6e8eb617c1 net/mlx5: Bridge, fix ageing of peer FDB entries
49ece61a078f net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
31172267bab0 net/mlx5e: Introduce the mlx5e_flush_rq function
e4e4e93d31b3 net/mlx5e: Move repeating clear_bit in mlx5e_rx_reporter_err_rq_cqe_recover
3f18b9ed8c83 net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol 802.1Q"
6acb5d853b41 net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware
ca834a017851 ice: Do not use WQ_MEM_RECLAIM flag for workqueue
70d48c7992ca uapi: add missing ip/ipv6 header dependencies for linux/stddef.h
3cec44036f48 ionic: clean interrupt before enabling queue to avoid credit race
fad12afe877a net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
d23385a200e6 bonding: fix error checking in bond_debug_reregister()
11006d9d083f net: phylink: move phy_device_free() to correctly release phy device
fb022d7b1c79 xfrm: fix bug with DSCP copy to v6 from v4 tunnel
6fe1ad42afa8 RDMA/usnic: use iommu_map_atomic() under spin_lock()
8f5fe1cd8e6a RDMA/irdma: Fix potential NULL-ptr-dereference
1b4ef90cbcfa IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
5dc688fae6b7 xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
9bae58d58b6b IB/hfi1: Restore allocated resources on failed copyout
558b1fa01cdc xfrm: compat: change expression for switch in xfrm_xlate64
238b38e89fff can: j1939: do not wait 250 ms if the same addr was already claimed
d859184b60d4 of/address: Return an error when no valid dma-ranges are found
70f37b3118de tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw
df017495039a ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9
ca9d54220345 ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
706b6d86a6f8 ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
731fc29de6a2 ALSA: hda/realtek: Add Positivo N14KP6-TG
b93805980714 btrfs: zlib: zero-initialize zlib workspace
e65faa7e39a2 btrfs: limit device extents to the device size
2e4dd07fda7a migrate: hugetlb: check for hugetlb shared PMD in node migration
072e7412e857 mm/migration: return errno when isolate_huge_page failed
85d7786c66b6 Linux 5.15.93
6e2fac197de2 bpf: Skip invalid kfunc call in backtrack_insn
46c9088cabd4 gfs2: Always check inode size of inline inodes
8eb2e58a92e0 gfs2: Cosmetic gfs2_dinode_{in,out} cleanup
e4991910f150 wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
97ccfffcc061 f2fs: fix to do sanity check on i_extra_isize in is_alive()
64fa364ad324 fbdev: smscufx: fix error handling code in ufx_usb_probe
a77141a06367 ovl: Use "buf" flexible array for memcpy() destination
1692fedd0f66 fs/ntfs3: Validate attribute data and valid sizes
a5b9cb72769b powerpc/imc-pmu: Revert nest_init_lock to being a mutex
3691f43a0959 iio:adc:twl6030: Enable measurement of VAC
8c84f50390b2 bpf: Do not reject when the stack read size is different from the tracked scalar size
14b6198abbd5 bpf: Fix incorrect state pruning for <8B spill/fill
575a9f6fefd9 phy: qcom-qmp-combo: fix runtime suspend
e58df87394be phy: qcom-qmp-combo: fix broken power on
368ea32e0ad0 phy: qcom-qmp-usb: fix memleak on probe deferral
2f27d3811a41 phy: qcom-qmp-combo: fix memleak on probe deferral
0cb10ddab7df phy: qcom-qmp-combo: disable runtime PM on unbind
0ef5ffe11682 serial: 8250_dma: Fix DMA Rx rearm race
e30328f599b9 serial: 8250_dma: Fix DMA Rx completion race
a5a171f61a04 nvmem: core: fix cell removal on error
6d9fa3ff6548 nvmem: core: remove nvmem_config wp_gpio
adf80e072c95 nvmem: core: initialise nvmem->id early
e3ebc3e23bd9 drm/i915: Fix potential bit_17 double-free
997bed0f3cde Squashfs: fix handling and sanity checking of xattr_ids count
7a0cfaf9d457 highmem: round down the address passed to kunmap_flush_on_unmap()
5dbe1ebd5647 mm/swapfile: add cond_resched() in get_swap_pages()
daf82418045f fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
afd32b683154 x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses
066ecbf1a53e kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
481bf49f58bb usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
fdf40e582442 mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
6c300351c55d riscv: disable generation of unwind tables
a5c275add96b parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
a964decd1307 parisc: Fix return code of pdc_iodc_print()
488eaf0625d9 nvmem: qcom-spmi-sdam: fix module autoloading
8569beb66fe6 iio: imu: fxos8700: fix MAGN sensor scale and unit
8aa5cdcfaf6a iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
4112ba1ad5ca iio: imu: fxos8700: fix failed initialization ODR mode assignment
abf7b2ba51f5 iio: imu: fxos8700: fix incorrect ODR mode readback
412757741c22 iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
34909532b12e iio: imu: fxos8700: fix map label of channel type to MAGN sensor
8346eb4987e5 iio: imu: fxos8700: fix IMU data bits returned to user space
7567cdf3ce21 iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
6969852220af iio: imu: fxos8700: fix ACCEL measurement range selection
cdacfb220556 iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
9988063dcefd iio: adc: berlin2-adc: Add missing of_node_put() in error path
c691a5c0fd03 iio: hid: fix the retval in gyro_3d_capture_sample
ef80a34699cd iio: hid: fix the retval in accel_3d_capture_sample
c4eae85c73be efi: Accept version 2 of memory attributes table
710db8206351 ALSA: hda/realtek: Add Acer Predator PH315-54
3fbddf86d924 watchdog: diag288_wdt: fix __diag288() inline assembly
700dd5bc72d3 watchdog: diag288_wdt: do not use stack buffers for hardware data
21bc51e29e66 net: qrtr: free memory on error path in radix_tree_insert()
dccbd062d716 fbcon: Check font dimension limits
5d7500d99164 Input: i8042 - add Clevo PCX0DX to i8042 quirk table
fc9e27f3ba08 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
9ba1188a719a usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
fe86480e903f usb: dwc3: qcom: enable vbus override when in OTG dr-mode
a412fe7baf40 iio: adc: stm32-dfsdm: fill module aliases
994465939830 drm/amd/display: Fix timing not changning when freesync video is enabled
a3967128bc65 net/x25: Fix to not accept on connected socket
396ea318e7fa platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
1577524633c7 platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table
540cea9f9b6d i2c: rk3x: fix a bunch of kernel-doc warnings
0aaabdb900c7 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
17b738590b97 scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
8cd0499f9c33 perf/x86/intel: Add Emerald Rapids
709351537096 scsi: target: core: Fix warning on RT kernels
b7960f54362b i2c: mxs: suppress probe-deferral error message
b9b87fc34b7f i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
d8fc0b5fb3e8 efi: fix potential NULL deref in efi_mem_reserve_persistent
f423c2efd51d net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
798502864789 virtio-net: Keep stop() to follow mirror sequence of open()
5d884f9e80ff selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking
63aa63af3a1e selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
d41a3f9cc242 selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
5af98283e554 selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
89e0701e03c5 ata: libata: Fix sata_down_spd_limit() when no link speed is reported
9ab896775f98 can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
02d77d98e020 igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp()
04a735582095 riscv: kprobe: Fixup kernel panic when probing an illegal position
206c367b6a2e ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address
90178bc0f28f ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local address
dfe2f0ea3851 net: phy: meson-gxl: Add generic dummy stubs for MMD register access
b7398efe24a9 squashfs: harden sanity check in squashfs_read_xattr_id_table
89a69216f170 netfilter: br_netfilter: disable sabotage_in hook after first suppression
cdb444e73fdc drm/i915/adlp: Fix typo for reference clock
960f20d8582e drm/i915/guc: Fix locking when searching for a hung request
c27e0eac568a netrom: Fix use-after-free caused by accept on already connected socket
511c922c5bf6 block, bfq: fix uaf for bfqq in bic_set_bfqq()
a62c129dcbfa block, bfq: replace 0/1 with false/true in bic apis
37a744a068c9 block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"
2cd1e9c013ec net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
18c18c2110ea sfc: correctly advertise tunneled IPv6 segmentation
878b06f60a08 dpaa2-eth: execute xdp_do_flush() before napi_complete_done()
3b5774cd6b94 dpaa_eth: execute xdp_do_flush() before napi_complete_done()
5a7040a649c8 virtio-net: execute xdp_do_flush() before napi_complete_done()
94add5b27290 qede: execute xdp_do_flush() before napi_complete_done()
a273f8e3ab90 ice: Prevent set_channel from changing queues while RDMA active
b432e183c26e fix "direction" argument of iov_iter_kvec()
d8b8306e963e fix iov_iter_bvec() "direction" argument
389c7c0ef9cc READ is "data destination", not source...
7a3649bf5bef WRITE is "data source", not destination...
83cc6a7bb75c vhost/net: Clear the pending messages when the backend is removed
7c7d344bc386 scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT"
4b199dc09416 drm/vc4: hdmi: make CEC adapter name unique
dc1f8ab25a17 arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
c681d7a4ed3d bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
34ad5d8885f5 bpf: Fix to preserve reg parent/live fields when copying range info
7b86f9ab5692 bpf: Support <8-byte scalar spill and refill
1b9256c96220 ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
b7abeb691637 bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
cfcc2390dbc5 ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
b4b204565a45 ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
1f1e7635c54d ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
41d323c352ac ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
6a9990e1d92b ASoC: Intel: bytcht_es8316: move comment to the right place
ffcdf354555b ASoC: Intel: boards: fix spelling in comments
bd0b17ab1b76 bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
5f4543c9382a firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
e515b9902f5f Linux 5.15.92
c7caf669b89d net: mctp: purge receive queues on sk destruction
046de74f9af9 net: fix NULL pointer in skb_segment_list
7ab3376703ce selftests: Provide local define of __cpuid_count()
e92e311ced6f selftests/vm: remove ARRAY_SIZE define from individual tests
c9e52db90031 tools: fix ARRAY_SIZE defines in tools and selftests hdrs
c1aa0dd52db4 Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
02e61196c578 ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems
79dd676b445f extcon: usbc-tusb320: fix kernel-doc warning
c2bd60ef20de ext4: fix bad checksum after online resize
4cd1e18bc04a cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
43acd767bd90 dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
a54c5ad007ea HID: playstation: sanity check DualSense calibration data.
6d7686cc11b7 blk-cgroup: fix missing pd_online_fn() while activating policy
2144859229c1 erofs/zmap.c: Fix incorrect offset calculation
0dfef5031335 bpf: Skip task with pid=1 in send_signal_common()
e8bb772f745e firmware: arm_scmi: Clear stale xfer->hdr.status
80cb9f1a76aa arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI
162fad24d2e1 arm64: dts: freescale: Fix pca954x i2c-mux node names
82ad105e1a55 ARM: dts: vf610: Fix pca9548 i2c-mux node names
5aee5f33e03a ARM: dts: imx: Fix pca9547 i2c-mux node name
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f5deb914ba17c131c4880da8d9a1184c2d2a3ef6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 8d299ca059..62cf6c2023 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "0567deb52d2f2c3cd3046f56ca3fb97a151cf6ec"
-SRCREV_meta ?= "8df0d345ef202197eef82942933161213d4d1846"
+SRCREV_machine ?= "0e479ee9b51bb384ce793fe55b05e8c2c3d3041a"
+SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.91"
+LINUX_VERSION ?= "5.15.94"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 400ef75cc2..d91dc0bea8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.91"
+LINUX_VERSION ?= "5.15.94"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "01c387906b52214892aaea0664b3b4ead35fe484"
-SRCREV_meta ?= "8df0d345ef202197eef82942933161213d4d1846"
+SRCREV_machine ?= "8c906f7637d74bde62e074f6d8be8e6bd180cd47"
+SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 60c088b9fe..033e7b0e24 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "9c525056e4d5c3852fff6058bd7f6a648a3b645e"
-SRCREV_machine:qemuarm64 ?= "30e3bff02675a3d10bd04c51f52f4a6b17b94d01"
-SRCREV_machine:qemumips ?= "0dda96ab67034ee0f1db18c04fed33d2a4e2fec1"
-SRCREV_machine:qemuppc ?= "43c8d401cf8092c19e47935c5667dacf754885d4"
-SRCREV_machine:qemuriscv64 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemuriscv32 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemux86 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemux86-64 ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_machine:qemumips64 ?= "26e3543c62c04852896adc70584b1eaa59f15fad"
-SRCREV_machine ?= "531238ba91af58291b5f306c237e6bc1b8b6633a"
-SRCREV_meta ?= "8df0d345ef202197eef82942933161213d4d1846"
+SRCREV_machine:qemuarm ?= "56893626121030f0602bc416f300ca54e1135d8e"
+SRCREV_machine:qemuarm64 ?= "c5b37eefe0c4c0956d87d8469556ca295b55cab4"
+SRCREV_machine:qemumips ?= "1d8fd6769259a16d49aaf8d9c3eecd970343249e"
+SRCREV_machine:qemuppc ?= "6e2e7b94716f4547f6e5cfd47dc430f84f4b70a7"
+SRCREV_machine:qemuriscv64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemuriscv32 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemux86 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemux86-64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_machine:qemumips64 ?= "27458775da7568a4844f438c7f1cd9fbf20a55f6"
+SRCREV_machine ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
+SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "9cf4111cdf9420fa99792ae16c8de23242bb2e0b"
+SRCREV_machine:class-devupstream ?= "e2c1a934fd8e4288e7a32f4088ceaccf469eb74c"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.91"
+LINUX_VERSION ?= "5.15.94"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 10/22] linux-yocto/5.15: update to v5.15.96
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 09/22] linux-yocto/5.15: update to v5.15.94 Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 11/22] linux-yocto-rt/5.15: update to -rt59 Steve Sakoman
` (11 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
d383d0f28eca Linux 5.15.96
49ce63694cae bpf: add missing header file include
80569627ce46 Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs"
0c168d7f36d5 lib/Kconfig.debug: Allow BTF + DWARF5 with pahole 1.21+
6ba3de5a8a02 lib/Kconfig.debug: Use CONFIG_PAHOLE_VERSION
0f59e08070ba scripts/pahole-flags.sh: Use pahole-version.sh
3597fd5f9217 kbuild: Add CONFIG_PAHOLE_VERSION
c98077f7598a ext4: Fix function prototype mismatch for ext4_feat_ktype
43cb0369c84a audit: update the mailing list in MAINTAINERS
b5ef61edb1e5 wifi: mwifiex: Add missing compatible string for SD8787
a24eb3f99063 nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
d518ca02542f binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
367d0456c792 binder: Address corner cases in deferred copy and fixup
b345b2200288 binder: fix pointer cast warning
c194fc351fec binder: defer copies of pre-patched txn data
d107b4352284 binder: read pre-translated fds from sender buffer
41d8b591d70a uaccess: Add speculation barrier to copy_from_user()
0d3d5099a50b drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
d835f9c4ede2 powerpc/64s/radix: Fix RWX mapping with relocated kernel
87b3e4f845a2 powerpc/64s/radix: Fix crash with unaligned relocated kernel
0b0e9b5adc8e powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary
b6fff8fa4f5b powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
e7f5e3b60c30 powerpc: use generic version of arch_is_kernel_initmem_freed()
fc58616b198b powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
62302ac5777a can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
6b539a7dbb49 KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
78c1d35ed66c KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
676248836577 KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
5456f0d53b4a random: always mix cycle counter in add_latent_entropy()
d2edb20b003e clk: mxl: syscon_node_to_regmap() returns error pointers
04d31929df12 powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
8ae31d36516b clk: mxl: Fix a clk entry by adding relevant flags
a0583edea4fd clk: mxl: Add option to override gate clks
ef1219115128 clk: mxl: Remove redundant spinlocks
e5580a805472 clk: mxl: Switch from direct readl/writel based IO to regmap based IO
20ea32ad9c99 drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
28985cd17ac7 wifi: rtl8xxxu: gen2: Turn on the rate control
d04d19cf0ead drm/etnaviv: don't truncate physical page address
60b502b3ffea Linux 5.15.95
3f94c70333f6 platform/x86/amd: pmc: add CONFIG_SERIO dependency
1c202909c8b0 net: sched: sch: Fix off by one in htb_activate_prios()
180a1632b6c7 ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
68c2db8ef56d alarmtimer: Prevent starvation by small intervals and SIG_IGN
35351e3060d6 kvm: initialize all of the kvm_debugregs structure before sending it to userspace
1cbb51d83f56 net/sched: tcindex: search key must be 16 bits
cd9569062d8e i40e: Add checking for null for nlmsg_find_attr()
290e7084926c net/sched: act_ctinfo: use percpu stats
22d0cb47047a flow_offload: fill flags to action structure
d53360d443be drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
8174915c7bf3 drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
43dd56f7bfcb mm/filemap: fix page end in filemap_get_read_batch
a158782b56b0 nilfs2: fix underflow in second superblock position calculations
13bc7dd5b365 ipv6: Fix tcp socket connection with DSCP.
f3326fa5e480 ipv6: Fix datagram socket connection with DSCP.
9c35c81fd6f0 ixgbe: add double of VLAN header when computing the max MTU
59a74da8da75 net: mpls: fix stale pointer if allocation fails during device rename
bf8b820ea0ca net: stmmac: Restrict warning on disabling DMA store and fwd mode
269520bee744 bnxt_en: Fix mqprio and XDP ring checking logic
0428aabbcc15 net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
1563e998a938 net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
338f826d3afe net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
59e30d2bd309 dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
becf55394f6a net/sched: tcindex: update imperfect hash filters respecting rcu
3d5f95be49c5 sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
fa56f164455e net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk
2603a5ca6223 net: bgmac: fix BCM5358 support by setting correct flags
a5e4f2b284dc i40e: add double of VLAN header when computing the max MTU
1f23ca5dba6c ixgbe: allow to increase MTU to 3K with XDP enabled
65d07ae69bd3 revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
50267cf35ba0 net: Fix unwanted sign extension in netdev_stats_to_stats64()
3775c95ffbc6 Revert "mm: Always release pages to the buddy allocator in memblock_free_late()."
57081f83849c selftest/lkdtm: Skip stack-entropy test if lkdtm is not available
9197daee9eb6 of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem
8b29a1866f64 hugetlb: check for undefined shift on 32 bit architectures
cca2b3feb701 sched/psi: Fix use-after-free in ep_remove_wait_queue()
c5f2151afb2a ALSA: hda/realtek - fixed wrong gpio assigned
1a3f8c85cd2a ALSA: hda/conexant: add a new hda codec SN6180
ecad2fafd424 mmc: mmc_spi: fix error handling in mmc_spi_probe()
1e06cf04239e mmc: sdio: fix possible resource leaks in some error paths
732e3b293ca3 mmc: jz4740: Work around bug on JZ4760(B)
fdaf88531cfd tcp: Fix listen() regression in 5.15.88.
9a1d92cbeac3 netfilter: nft_tproxy: restrict to prerouting hook
3fc9dc0340e0 platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN
c2cb2c71da50 platform/x86: amd-pmc: Correct usage of SMU version
2dcf115681d4 platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled
32e3a6c4a756 platform/x86: amd-pmc: Export Idlemask values based on the APU
1723efa4c375 drm/amd/display: Fail atomic_check early on normalize_zpos error
178993157e8c aio: fix mremap after fork null-deref
3cfc5e84ac6f mptcp: do not wait for bare sockets' timeout
e0e93c8599c5 xfs: don't leak btree cursor when insrec fails after a split
294c022a070a xfs: purge dquots after inode walk fails during quotacheck
96f0651a264b xfs: assert in xfs_btree_del_cursor should take into account error
88ccad17784a xfs: don't assert fail on perag references on teardown
ddf1e0fd43b2 xfs: avoid unnecessary runtime sibling pointer endian conversions
5f0e21a4a885 xfs: validate v5 feature fields
ea0ce7c13610 xfs: set XFS_FEAT_NLINK correctly
0cc9f9cc8d91 xfs: detect self referencing btree sibling pointers
4e96f5ace9ac xfs: fix potential log item leak
8abef857eb91 xfs: zero inode fork buffer at allocation
63b8e4cc31fd nvmem: core: fix return value
eac1ad2f5e21 nvmem: core: fix registration vs use race
8f9c4b2a3b13 nvmem: core: fix cleanup after dev_set_name()
14eea6449473 nvmem: core: add error handling for dev_set_name
36a5ae5cf90a platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
f1cb549bcd0b drm/amd/display: Properly handle additional cases where DCN is not supported
5ca46a04a5c3 nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
9ed522143f95 s390/decompressor: specify __decompress() buf len to avoid overflow
99875ea9b5b4 net: sched: sch: Bounds check priority
5027084bc097 drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED
4fdc19e4fa23 net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
6769cd8a7488 net/rose: Fix to not accept on connected socket
2ddb9fa56665 tools/virtio: fix the vringh test for virtio ring changes
a35c241065ee ASoC: cs42l56: fix DT probe
f312367f5246 bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
e909f5f2aa55 ALSA: hda: Do not unset preset when cleaning up codec
5541d35f5d03 selftests/bpf: Verify copy_register_state() preserves parent/live fields
7814e28c4183 ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
d15ab7320892 ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
06f2a84d626a ACPI / x86: Add support for LPS0 callback handler
14a2de5c16f3 riscv: kprobe: Fixup misaligned load text
b5d5f1ad057e kprobes: treewide: Cleanup the error messages for kprobes
2a6853c0ea03 mptcp: fix locking for in-kernel listener creation
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 020944ef921ae2b6923b139bad5f7a79217dace1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 62cf6c2023..caa5e5197f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "0e479ee9b51bb384ce793fe55b05e8c2c3d3041a"
-SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
+SRCREV_machine ?= "c69881f9ba51496f0930cd39bd67f9dfb8d3a612"
+SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.94"
+LINUX_VERSION ?= "5.15.96"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index d91dc0bea8..34ffaa5132 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.94"
+LINUX_VERSION ?= "5.15.96"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "8c906f7637d74bde62e074f6d8be8e6bd180cd47"
-SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
+SRCREV_machine ?= "9c8ee16005f204f7f48d6699822dd5e89b01d4a5"
+SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 033e7b0e24..55580357d2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "56893626121030f0602bc416f300ca54e1135d8e"
-SRCREV_machine:qemuarm64 ?= "c5b37eefe0c4c0956d87d8469556ca295b55cab4"
-SRCREV_machine:qemumips ?= "1d8fd6769259a16d49aaf8d9c3eecd970343249e"
-SRCREV_machine:qemuppc ?= "6e2e7b94716f4547f6e5cfd47dc430f84f4b70a7"
-SRCREV_machine:qemuriscv64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemuriscv32 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemux86 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemux86-64 ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_machine:qemumips64 ?= "27458775da7568a4844f438c7f1cd9fbf20a55f6"
-SRCREV_machine ?= "abe44015db49980ca7a2e6125321c3e3666a0278"
-SRCREV_meta ?= "3dd458be964635c8e682a1fb6f9a3368a747f92b"
+SRCREV_machine:qemuarm ?= "5479084dba4fbe0e3db2a97b0ae00ff7651fb90b"
+SRCREV_machine:qemuarm64 ?= "91bfb4191c2f19b98b0c724676a69ca9d61bb696"
+SRCREV_machine:qemumips ?= "8be1d8e09c4b174ab4ef0fbd67263f9563967818"
+SRCREV_machine:qemuppc ?= "6de606ff8d3eeba9f003557ebb37c94a2d0e6bc1"
+SRCREV_machine:qemuriscv64 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemuriscv32 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemux86 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemux86-64 ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_machine:qemumips64 ?= "d2d2e93f5cea91969185ec1cc05d6833cd7e1412"
+SRCREV_machine ?= "001e2930e6997f58dd98cda33908111506f53eb7"
+SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "e2c1a934fd8e4288e7a32f4088ceaccf469eb74c"
+SRCREV_machine:class-devupstream ?= "d383d0f28ecac0f3375bdfb9a0c4bfac979f6f8f"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.94"
+LINUX_VERSION ?= "5.15.96"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 11/22] linux-yocto-rt/5.15: update to -rt59
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 10/22] linux-yocto/5.15: update to v5.15.96 Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 12/22] iso-codes: upgrade 4.12.0 -> 4.13.0 Steve Sakoman
` (10 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/5.15:
4d335265c101 'Linux 5.15.94-rt59'
c3b4464f5d2b 'Linux 5.15.93-rt58'
c67bd325f576 'Linux 5.15.92-rt57'
48e551ae0f55 'Linux 5.15.86-rt56'
977a63a270ad 'Linux 5.15.85-rt55'
adaa1d9e19a5 'Linux 5.15.79-rt54'
ff3c61c5ead1 'Linux 5.15.76-rt53'
e17260e8d340 'Linux 5.15.73-rt52'
c83f436b7981 'Linux 5.15.71-rt51'
e01c9e3ba82d 'Linux 5.15.70-rt50'
debedeb4264e mm/memcg: Only perform the debug checks on !PREEMPT_RT
1ef2cd0b8676 mm/memcg: Add a comment regarding the release `obj'.
f8d153e08d42 mm/memcg: Add missing counter index which are not update in interrupt.
11624404f67a mm/memcg: Disable migration instead of preemption in drain_all_stock().
0a1f4de6ed4f mm/memcg: Protect memcg_stock with a local_lock_t
3f15202f27da mm/memcg: Opencode the inner part of obj_cgroup_uncharge_pages() in drain_obj_stock()
40dbbd2f9773 mm/memcg: Protect per-CPU counter by disabling preemption on PREEMPT_RT where needed.
6269831106f5 mm/memcg: Disable threshold event handlers on PREEMPT_RT
8da0e71b7b7d mm/memcg: Revert ("mm/memcg: optimize user context object stock access")
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f318c27fdc4ac276743bd37c466e3fc7296bcfd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index caa5e5197f..0f557ba2c5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,7 +11,7 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "c69881f9ba51496f0930cd39bd67f9dfb8d3a612"
+SRCREV_machine ?= "4d335265c1010cdf45dc0169b1b79638323a5109"
SRCREV_meta ?= "509f4b9d68337f103633d48b621c1c9aa0dc975d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 12/22] iso-codes: upgrade 4.12.0 -> 4.13.0
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (10 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 11/22] linux-yocto-rt/5.15: update to -rt59 Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 13/22] binutils: Fix nativesdk ld.so search Steve Sakoman
` (9 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Added
=========
- ISO 3166-1: Add missing common names for Laos, Iran, and Syria.
Fixes #32
Changed
===========
- Translation updates for ISO 3166-1
- Kazakh from Debian BTS. Closes: #1025423
- Catalan from Debian BTS. Closes: #1026972
- Translation updates for ISO 3166-2
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 639-3
- Translation updates for ISO 639-5
- Translation updates for ISO 4217
- Translation updates for ISO 15924
Fixed
==========
- ISO 3166-3: Fix withdrawal dates of AN, CS and YU. Fixes #28
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f2c8b9c9a97ba5ec9c5da94da84ebe216650d6cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../iso-codes/{iso-codes_4.12.0.bb => iso-codes_4.13.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/iso-codes/{iso-codes_4.12.0.bb => iso-codes_4.13.0.bb} (94%)
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
similarity index 94%
rename from meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
rename to meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
index ea7c43cdae..f3ead5e8c1 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "5e4dddbd1f8902ab0252ccbb19b783cc0359505a"
+SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
# are inhibited by allarch
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 13/22] binutils: Fix nativesdk ld.so search
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (11 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 12/22] iso-codes: upgrade 4.12.0 -> 4.13.0 Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 14/22] python3-setuptools-rust-native: Add direct dependency of native python3 modules Steve Sakoman
` (8 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...3-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
index 59a97c13c7..8a5f4a8d79 100644
--- a/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
+++ b/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
@@ -65,7 +65,7 @@ index 121c25d948f..34cbc60e5e9 100644
info.path = NULL;
info.len = info.alloc = 0;
- tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf",
-+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf",
++ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
(const char *) NULL);
if (!ldelf_parse_ld_so_conf (&info, tmppath))
{
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 14/22] python3-setuptools-rust-native: Add direct dependency of native python3 modules
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (12 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 13/22] binutils: Fix nativesdk ld.so search Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 15/22] oeqa/selftest/prservice: Improve debug output for failure Steve Sakoman
` (7 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Poonam <Poonam.Jadhav@kpit.com>
Add direct dependency of below native python3 modules
to fix the compile issue
python3-semantic-version-native
python3-setuptools-native
python3-setuptools-scm-native
python3-toml-native
python3-typing-extensions-native
python3-wheel-native
This issue is not seen in the upstream yocto but in the project,
where the python modules are not built by any other dependency.
They have to be explicitly pulled.
This fixes below error:
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/setuptools/config.py", line 422, in _parse_attr
module = importlib.import_module(module_name)
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/recipe-sysroot-native/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 883, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/setuptools-rust-1.1.2/setuptools_rust/__init__.py", line 1, in <module>
from .build import build_rust
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/setuptools-rust-1.1.2/setuptools_rust/build.py", line 23, in <module>
from typing_extensions import Literal
ModuleNotFoundError: No module named 'typing_extensions'
Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
Signed-off-by: Poonam Jadhav <ppjadhav456@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3-setuptools-rust-native_1.1.2.bb | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb b/meta/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb
index 8ec9a86f00..c11116a1f4 100644
--- a/meta/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb
+++ b/meta/recipes-devtools/python/python3-setuptools-rust-native_1.1.2.bb
@@ -14,9 +14,7 @@ SRC_URI[sha256sum] = "a0adb9b503c0ffc4e8fe80b7c617898cefa78049983aaaea7f747e153a
inherit cargo pypi python_setuptools_build_meta native
-DEPENDS += "python3-setuptools-scm-native python3-wheel-native"
-
-RDEPENDS:${PN}:class-native += " \
+DEPENDS += " \
python3-semantic-version-native \
python3-setuptools-native \
python3-setuptools-scm-native \
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 15/22] oeqa/selftest/prservice: Improve debug output for failure
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (13 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 14/22] python3-setuptools-rust-native: Add direct dependency of native python3 modules Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 16/22] systemd: add group sgx to udev package Steve Sakoman
` (6 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We keep seeing this failure on the autobuilder but the output amounts
to "False is not True". Improve the debug message on the chance it may
make the issue clearer.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d03f4cf19c2cc96e9d942252a451521dfec42ebc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/prservice.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/prservice.py b/meta/lib/oeqa/selftest/cases/prservice.py
index 10158ca7c2..a41812148a 100644
--- a/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/meta/lib/oeqa/selftest/cases/prservice.py
@@ -75,7 +75,7 @@ class BitbakePrTests(OESelftestTestCase):
exported_db_path = os.path.join(self.builddir, 'export.inc')
export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True)
self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output)
- self.assertTrue(os.path.exists(exported_db_path))
+ self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output))
if replace_current_db:
current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3')
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 16/22] systemd: add group sgx to udev package
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (14 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 15/22] oeqa/selftest/prservice: Improve debug output for failure Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 17/22] vim: add missing pkgconfig inherit Steve Sakoman
` (5 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
>From NEWS for v250:
* Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
now also owned by the system group "sgx".
>From NEWS for v248:
* Intel SGX enclave device nodes (which expose a security feature of
newer Intel CPUs) will now be owned by a new system group "sgx".
Fixes following journal error entry during startup:
/lib/udev/rules.d/50-udev-default.rules:43 Unknown group 'sgx', ignoring
This is seen already on kirkstone.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bab455cd9b1b82e778f8523a767eb281edf6689e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta-selftest/files/static-group | 1 +
meta/recipes-core/systemd/systemd_250.5.bb | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
index b13dde3218..cbec6f1377 100644
--- a/meta-selftest/files/static-group
+++ b/meta-selftest/files/static-group
@@ -24,3 +24,4 @@ weston-launch:x:524:
weston:x:525:
wayland:x:526:
render:x:527:
+sgx:x:528:
diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb
index 7df7bca4cc..ef524e0e3d 100644
--- a/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/meta/recipes-core/systemd/systemd_250.5.bb
@@ -397,7 +397,7 @@ USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
"
GROUPADD_PARAM:${PN} = "-r systemd-journal;"
-GROUPADD_PARAM:udev = "-r render"
+GROUPADD_PARAM:udev = "-r render;-r sgx;"
GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 17/22] vim: add missing pkgconfig inherit
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (15 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 16/22] systemd: add group sgx to udev package Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 18/22] meson: Fix wrapper handling of implicit setup command Steve Sakoman
` (4 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Vim uses pkgconfig to find dependencies but it wasn't present, so it
silently doesn't enable features like GTK+ UI.
[ YOCTO #15044 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70900616298f5e70732a34e7406e585e323479ed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index fcb5cf6334..da586a5699 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -33,7 +33,7 @@ S = "${WORKDIR}/git"
VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}"
-inherit autotools-brokensep update-alternatives mime-xdg
+inherit autotools-brokensep update-alternatives mime-xdg pkgconfig
CLEANBROKEN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 18/22] meson: Fix wrapper handling of implicit setup command
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (16 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 17/22] vim: add missing pkgconfig inherit Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 19/22] oeqa/sdk: Improve Meson test Steve Sakoman
` (3 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
From an SDK, running a meson setup build without an explicit setup
command can result in a native build when a cross build is expected.
The problem is in meson-wrapper where it tries to detect whether a
setup command is being used. The logic looks through all arguments for
a command, and the first argument it finds that doesn't start with a -
is treated as the command. This doesn't work for an implicit setup
command if any option with a space-separated argument exists. In this
case, the argument is incorrectly selected as the command, causing the
setup command options for the cross build to be excluded from the
command line, and thus a native build.
Improve the logic by just looking at the first argument. If it is
a known comand, then record it. Otherwise just assume it is the
implicit setup command.
Note that this fix does not address the possibility of a new meson
command. Two new echo statements are included to help the user in case
of trouble:
```
~/git/weston-imx$ meson --warnlevel 3 --prefix=/usr -Ddoc=false -Dbackend-drm-screencast-vaapi=false -Dcolor-management-lcms=false -Dpipewire=false -Dbackend-x11=false -Dxwayland=true -Dsimple-clients=all -Dbackend-wayland=false -Dbackend-default=drm -Dbackend-rdp=false -Dtest-junit-xml=false -Dlauncher-libseat=false -Dimage-jpeg=false -Dimage-webp=false -Drenderer-g2d=true build
meson-wrapper: Implicit setup command assumed
meson-wrapper: Running meson with setup options: " --cross-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/aarch64-poky-linux-meson.cross --native-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/meson.native "
The Meson build system
Version: 0.63.3
```
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9338bd66a3c9ab5cb781f2ee588306c5b31a3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/meson/meson/meson-wrapper | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/meta/recipes-devtools/meson/meson/meson-wrapper b/meta/recipes-devtools/meson/meson/meson-wrapper
index b65ba8e803..71c61db84f 100755
--- a/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -13,20 +13,19 @@ fi
# config is already in meson.cross.
unset CC CXX CPP LD AR NM STRIP
-for arg in "$@"; do
- case "$arg" in
- -*) continue ;;
- *) SUBCMD="$arg"; break ;;
- esac
-done
+case "$1" in
+setup|configure|dist|install|introspect|init|test|wrap|subprojects|rewrite|compile|devenv|env2mfile|help) MESON_CMD="$1" ;;
+*) echo meson-wrapper: Implicit setup command assumed; MESON_CMD=setup ;;
+esac
-if [ "$SUBCMD" = "setup" ] || [ -d "$SUBCMD" ]; then
- MESON_SUB_OPTS=" \
+if [ "$MESON_CMD" = "setup" ]; then
+ MESON_SETUP_OPTS=" \
--cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \
--native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \
"
+ echo meson-wrapper: Running meson with setup options: \"$MESON_SETUP_OPTS\"
fi
exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
"$@" \
- $MESON_SUB_OPTS
+ $MESON_SETUP_OPTS
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 19/22] oeqa/sdk: Improve Meson test
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (17 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 18/22] meson: Fix wrapper handling of implicit setup command Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 20/22] linux: inherit pkgconfig in kernel.bbclass Steve Sakoman
` (2 subsequent siblings)
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
The meson wrapper setup command detection is broken in the case of an
implicit setup command with an option with a space-separated argument,
but the test was not detecting it since the case was not covered.
Add the option `--warnlevel 1` to the meson command line to cover this
case.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 54e9ee8a0c6c9fc89cbb743f0e4fc18607d503cf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/sdk/cases/buildepoxy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py
index f69f720cd6..1c41b04169 100644
--- a/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -32,7 +32,7 @@ class EpoxyTest(OESDKTestCase):
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
- log = self._run("meson -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
+ log = self._run("meson --warnlevel 1 -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
# Check that Meson thinks we're doing a cross build and not a native
self.assertIn("Build type: cross build", log)
self._run("ninja -C {build} -v".format(**dirs))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 20/22] linux: inherit pkgconfig in kernel.bbclass
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (18 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 19/22] oeqa/sdk: Improve Meson test Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 21/22] lua: Fix install conflict when enable multilib Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 22/22] vala: " Steve Sakoman
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Ming Liu <liu.ming50@gmail.com>
pkgconfig is being required to find dependencies for building kernel
native tools, move "inherit pkgconfig" to kernel.bbclass so BSP kernel
recipes can also benefit from it.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8a84bd98e3fbc16c782f83064801e469d086911e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel.bbclass | 2 +-
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 --
meta/recipes-kernel/linux/linux-yocto.inc | 1 -
3 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index df740af41d..b315737fd2 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -654,7 +654,7 @@ do_savedefconfig() {
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-inherit cml1
+inherit cml1 pkgconfig
# Need LD, HOSTLDFLAGS and more for config operations
KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index 403993486b..94800aeaca 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -10,8 +10,6 @@
inherit kernel
require recipes-kernel/linux/linux-yocto.inc
-# for ncurses tests
-inherit pkgconfig
# provide this .inc to set specific revisions
include recipes-kernel/linux/linux-yocto-dev-revisions.inc
diff --git a/meta/recipes-kernel/linux/linux-yocto.inc b/meta/recipes-kernel/linux/linux-yocto.inc
index 7ea661e138..1f8289b6b6 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -46,7 +46,6 @@ LINUX_VERSION_EXTENSION ??= "-yocto-${LINUX_KERNEL_TYPE}"
# Pick up shared functions
inherit kernel
inherit kernel-yocto
-inherit pkgconfig
B = "${WORKDIR}/linux-${PACKAGE_ARCH}-${LINUX_KERNEL_TYPE}-build"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 21/22] lua: Fix install conflict when enable multilib.
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (19 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 20/22] linux: inherit pkgconfig in kernel.bbclass Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
2023-03-15 14:01 ` [OE-core][kirkstone 22/22] vala: " Steve Sakoman
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Error: Transaction test error:
file /usr/include/luaconf.h conflicts between attempted installs of lua-dev-5.4.4-r0.aarch64 and lib32-lua-dev-5.4.4-r0.armv7ahf_neon
The differences between the two files are as follows:
@@ -219,7 +219,7 @@
#define LUA_ROOT "/usr/"
#define LUA_LDIR LUA_ROOT "share/lua/" LUA_VDIR "/"
-#define LUA_CDIR LUA_ROOT "lib64/lua/" LUA_VDIR "/"
+#define LUA_CDIR LUA_ROOT "lib/lua/" LUA_VDIR "/"
#if !defined(LUA_PATH_DEFAULT)
#define LUA_PATH_DEFAULT \
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b58d86f9902a7eb7a821a3e36ba298c082c0f1f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/lua/lua_5.4.4.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.4.bb
index 0b2e754b31..a39d888ec2 100644
--- a/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/meta/recipes-devtools/lua/lua_5.4.4.bb
@@ -57,3 +57,6 @@ do_install_ptest () {
}
BBCLASSEXTEND = "native nativesdk"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}-dev:${includedir}/luaconf.h"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 22/22] vala: Fix install conflict when enable multilib.
2023-03-15 14:00 [OE-core][kirkstone 00/22] Patch review Steve Sakoman
` (20 preceding siblings ...)
2023-03-15 14:01 ` [OE-core][kirkstone 21/22] lua: Fix install conflict when enable multilib Steve Sakoman
@ 2023-03-15 14:01 ` Steve Sakoman
21 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-03-15 14:01 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Error: Transaction test error:
file /usr/bin/vala-gen-introspect-0.56 conflicts between attempted installs of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
file /usr/bin/vapigen-wrapper conflicts between attempted installs
of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
The differences of vala-gen-introspect-0.56 are as follows:
@@ -2,7 +2,7 @@
prefix=/usr
exec_prefix=/usr
-libdir=/usr/lib64
+libdir=/usr/lib
pkglibdir=${libdir}/vala-0.56
if [ $# -ne 2 ]
The wrapper isn't used on target so we can simply delete it.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3cf894b8a9c4fa14fcc7c7445e85e9ae3192b398)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/vala/vala.inc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/vala/vala.inc b/meta/recipes-devtools/vala/vala.inc
index d3daee37dc..162e99bb03 100644
--- a/meta/recipes-devtools/vala/vala.inc
+++ b/meta/recipes-devtools/vala/vala.inc
@@ -50,6 +50,9 @@ do_install:append:class-target() {
# vapi files.
SYSROOT_DIRS += "${bindir_crossscripts}"
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}:${bindir}/vala-gen-introspect-0.56"
+
SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess"
vapigen_sysroot_preprocess() {
# Tweak the vapigen name in the vapigen pkgconfig file, so that it picks
@@ -64,5 +67,5 @@ SSTATE_SCAN_FILES += "vapigen-wrapper"
PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess"
vala_package_preprocess () {
- sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir_crossscripts}/vapigen-wrapper
+ rm -rf ${PKGD}${bindir_crossscripts}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread